chore: bump up @types/uuid version to v11 (#14364)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| @​types/uuid | [`^10.0.0` →
`^11.0.0`](https://renovatebot.com/diffs/npm/@types%2fuuid/10.0.0/11.0.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fuuid/11.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fuuid/10.0.0/11.0.0?slim=true)
|

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.cargo/config.toml

@@ -5,7 +5,14 @@ rustflags = ["-C", "target-feature=+crt-static"]
 [target.'cfg(target_os = "linux")']
 rustflags = ["-C", "link-args=-Wl,--warn-unresolved-symbols"]
 [target.'cfg(target_os = "macos")']
-rustflags = ["-C", "link-args=-Wl,-undefined,dynamic_lookup,-no_fixup_chains", "-C", "link-args=-all_load", "-C", "link-args=-weak_framework ScreenCaptureKit"]
+rustflags = [
+  "-C",
+  "link-args=-Wl,-undefined,dynamic_lookup,-no_fixup_chains",
+  "-C",
+  "link-args=-all_load",
+  "-C",
+  "link-args=-weak_framework ScreenCaptureKit",
+]
 # https://sourceware.org/bugzilla/show_bug.cgi?id=21032
 # https://sourceware.org/bugzilla/show_bug.cgi?id=21031
 # https://github.com/rust-lang/rust/issues/134820

.devcontainer/build.sh

@@ -6,7 +6,6 @@ yarn install
 
 # Build Server Dependencies
 yarn affine @affine/server-native build
-yarn affine @affine/reader build
 
 # Create database
 yarn affine @affine/server prisma migrate reset -f

.devcontainer/docker-compose.yml

@@ -2,6 +2,8 @@ version: '3.8'
 
 services:
   app:
+    security_opt:
+      - no-new-privileges:true
     image: mcr.microsoft.com/devcontainers/base:bookworm
     volumes:
       - ../..:/workspaces:cached
@@ -25,7 +27,7 @@ services:
     image: redis
 
   indexer:
-    image: manticoresearch/manticore:${MANTICORE_VERSION:-9.3.2}
+    image: manticoresearch/manticore:${MANTICORE_VERSION:-10.1.0}
     ulimits:
       nproc: 65535
       nofile:

.docker/dev/.env.example

@@ -12,4 +12,4 @@ DB_DATABASE_NAME=affine
 # ELASTIC_PLATFORM=linux/arm64
 
 # manticoresearch
-MANTICORE_VERSION=9.3.2
+MANTICORE_VERSION=10.1.0

.docker/dev/compose.yml.example

@@ -18,15 +18,23 @@ services:
     ports:
       - 6379:6379
 
-  mailhog:
-    image: mailhog/mailhog:latest
+  # https://mailpit.axllent.org/docs/install/docker/
+  mailpit:
+    image: axllent/mailpit:latest
     ports:
       - 1025:1025
       - 8025:8025
+    environment:
+      MP_MAX_MESSAGES: 5000
+      MP_DATABASE: /data/mailpit.db
+      MP_SMTP_AUTH_ACCEPT_ANY: 1
+      MP_SMTP_AUTH_ALLOW_INSECURE: 1
+    volumes:
+      - mailpit_data:/data
 
   # https://manual.manticoresearch.com/Starting_the_server/Docker
   manticoresearch:
-    image: manticoresearch/manticore:${MANTICORE_VERSION:-9.3.2}
+    image: manticoresearch/manticore:${MANTICORE_VERSION:-10.1.0}
     ports:
       - 9308:9308
     ulimits:
@@ -87,4 +95,5 @@ networks:
 volumes:
   postgres_data:
   manticoresearch_data:
+  mailpit_data:
   elasticsearch_data:

.docker/selfhost/schema.json

@@ -148,6 +148,11 @@
           "description": "Whether allow new registrations.\n@default true",
           "default": true
         },
+        "allowSignupForOauth": {
+          "type": "boolean",
+          "description": "Whether allow new registrations via configured oauth.\n@default true",
+          "default": true
+        },
         "requireEmailDomainVerification": {
           "type": "boolean",
           "description": "Whether require email domain record verification before accessing restricted resources.\n@default false",
@@ -190,6 +195,11 @@
       "type": "object",
       "description": "Configuration for mailer module",
       "properties": {
+        "SMTP.name": {
+          "type": "string",
+          "description": "Name of the email server (e.g. your domain name)\n@default \"AFFiNE Server\"\n@environment `MAILER_SERVERNAME`",
+          "default": "AFFiNE Server"
+        },
         "SMTP.host": {
           "type": "string",
           "description": "Host of the email server (e.g. smtp.gmail.com)\n@default \"\"\n@environment `MAILER_HOST`",
@@ -212,12 +222,52 @@
         },
         "SMTP.sender": {
           "type": "string",
-          "description": "Sender of all the emails (e.g. \"AFFiNE Team <noreply@affine.pro>\")\n@default \"\"\n@environment `MAILER_SENDER`",
-          "default": ""
+          "description": "Sender of all the emails (e.g. \"AFFiNE Self Hosted <noreply@example.com>\")\n@default \"AFFiNE Self Hosted <noreply@example.com>\"\n@environment `MAILER_SENDER`",
+          "default": "AFFiNE Self Hosted <noreply@example.com>"
         },
         "SMTP.ignoreTLS": {
           "type": "boolean",
-          "description": "Whether ignore email server's TSL certification verification. Enable it for self-signed certificates.\n@default false\n@environment `MAILER_IGNORE_TLS`",
+          "description": "Whether ignore email server's TLS certificate verification. Enable it for self-signed certificates.\n@default false\n@environment `MAILER_IGNORE_TLS`",
+          "default": false
+        },
+        "fallbackDomains": {
+          "type": "array",
+          "description": "The emails from these domains are always sent using the fallback SMTP server.\n@default []",
+          "default": []
+        },
+        "fallbackSMTP.name": {
+          "type": "string",
+          "description": "Name of the fallback email server (e.g. your domain name)\n@default \"AFFiNE Server\"",
+          "default": "AFFiNE Server"
+        },
+        "fallbackSMTP.host": {
+          "type": "string",
+          "description": "Host of the email server (e.g. smtp.gmail.com)\n@default \"\"",
+          "default": ""
+        },
+        "fallbackSMTP.port": {
+          "type": "number",
+          "description": "Port of the email server (they commonly are 25, 465 or 587)\n@default 465",
+          "default": 465
+        },
+        "fallbackSMTP.username": {
+          "type": "string",
+          "description": "Username used to authenticate the email server\n@default \"\"",
+          "default": ""
+        },
+        "fallbackSMTP.password": {
+          "type": "string",
+          "description": "Password used to authenticate the email server\n@default \"\"",
+          "default": ""
+        },
+        "fallbackSMTP.sender": {
+          "type": "string",
+          "description": "Sender of all the emails (e.g. \"AFFiNE Self Hosted <noreply@example.com>\")\n@default \"\"",
+          "default": ""
+        },
+        "fallbackSMTP.ignoreTLS": {
+          "type": "boolean",
+          "description": "Whether ignore email server's TLS certificate verification. Enable it for self-signed certificates.\n@default false",
           "default": false
         }
       }
@@ -287,8 +337,42 @@
                 },
                 "config": {
                   "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
+                  "description": "The config for the S3 compatible storage provider.",
                   "properties": {
+                    "endpoint": {
+                      "type": "string",
+                      "description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
+                    },
+                    "forcePathStyle": {
+                      "type": "boolean",
+                      "description": "Whether to use path-style bucket addressing."
+                    },
+                    "requestTimeoutMs": {
+                      "type": "number",
+                      "description": "Request timeout in milliseconds."
+                    },
+                    "minPartSize": {
+                      "type": "number",
+                      "description": "Minimum multipart part size in bytes."
+                    },
+                    "presign": {
+                      "type": "object",
+                      "description": "Presigned URL behavior configuration.",
+                      "properties": {
+                        "expiresInSeconds": {
+                          "type": "number",
+                          "description": "Expiration time in seconds for presigned URLs."
+                        },
+                        "signContentTypeForPut": {
+                          "type": "boolean",
+                          "description": "Whether to sign Content-Type for presigned PUT."
+                        }
+                      }
+                    },
                     "credentials": {
                       "type": "object",
                       "description": "The credentials for the s3 compatible storage provider.",
@@ -298,6 +382,9 @@
                         },
                         "secretAccessKey": {
                           "type": "string"
+                        },
+                        "sessionToken": {
+                          "type": "string"
                         }
                       }
                     }
@@ -319,8 +406,42 @@
                 },
                 "config": {
                   "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
+                  "description": "The config for the S3 compatible storage provider.",
                   "properties": {
+                    "endpoint": {
+                      "type": "string",
+                      "description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
+                    },
+                    "forcePathStyle": {
+                      "type": "boolean",
+                      "description": "Whether to use path-style bucket addressing."
+                    },
+                    "requestTimeoutMs": {
+                      "type": "number",
+                      "description": "Request timeout in milliseconds."
+                    },
+                    "minPartSize": {
+                      "type": "number",
+                      "description": "Minimum multipart part size in bytes."
+                    },
+                    "presign": {
+                      "type": "object",
+                      "description": "Presigned URL behavior configuration.",
+                      "properties": {
+                        "expiresInSeconds": {
+                          "type": "number",
+                          "description": "Expiration time in seconds for presigned URLs."
+                        },
+                        "signContentTypeForPut": {
+                          "type": "boolean",
+                          "description": "Whether to sign Content-Type for presigned PUT."
+                        }
+                      }
+                    },
                     "credentials": {
                       "type": "object",
                       "description": "The credentials for the s3 compatible storage provider.",
@@ -330,6 +451,9 @@
                         },
                         "secretAccessKey": {
                           "type": "string"
+                        },
+                        "sessionToken": {
+                          "type": "string"
                         }
                       }
                     },
@@ -347,7 +471,7 @@
                         },
                         "urlPrefix": {
                           "type": "string",
-                          "description": "The presigned url prefix for the cloudflare r2 storage provider.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
+                          "description": "The custom domain URL prefix for the cloudflare r2 storage provider.\nWhen `enabled=true` and `urlPrefix` + `signKey` are provided, the server will:\n- Redirect GET requests to this custom domain with an HMAC token.\n- Return upload URLs under `/api/storage/*` for uploads.\nPresigned/upload proxy TTL is 1 hour.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
                         },
                         "signKey": {
                           "type": "string",
@@ -408,8 +532,42 @@
                 },
                 "config": {
                   "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
+                  "description": "The config for the S3 compatible storage provider.",
                   "properties": {
+                    "endpoint": {
+                      "type": "string",
+                      "description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
+                    },
+                    "forcePathStyle": {
+                      "type": "boolean",
+                      "description": "Whether to use path-style bucket addressing."
+                    },
+                    "requestTimeoutMs": {
+                      "type": "number",
+                      "description": "Request timeout in milliseconds."
+                    },
+                    "minPartSize": {
+                      "type": "number",
+                      "description": "Minimum multipart part size in bytes."
+                    },
+                    "presign": {
+                      "type": "object",
+                      "description": "Presigned URL behavior configuration.",
+                      "properties": {
+                        "expiresInSeconds": {
+                          "type": "number",
+                          "description": "Expiration time in seconds for presigned URLs."
+                        },
+                        "signContentTypeForPut": {
+                          "type": "boolean",
+                          "description": "Whether to sign Content-Type for presigned PUT."
+                        }
+                      }
+                    },
                     "credentials": {
                       "type": "object",
                       "description": "The credentials for the s3 compatible storage provider.",
@@ -419,6 +577,9 @@
                         },
                         "secretAccessKey": {
                           "type": "string"
+                        },
+                        "sessionToken": {
+                          "type": "string"
                         }
                       }
                     }
@@ -440,8 +601,42 @@
                 },
                 "config": {
                   "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
+                  "description": "The config for the S3 compatible storage provider.",
                   "properties": {
+                    "endpoint": {
+                      "type": "string",
+                      "description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
+                    },
+                    "forcePathStyle": {
+                      "type": "boolean",
+                      "description": "Whether to use path-style bucket addressing."
+                    },
+                    "requestTimeoutMs": {
+                      "type": "number",
+                      "description": "Request timeout in milliseconds."
+                    },
+                    "minPartSize": {
+                      "type": "number",
+                      "description": "Minimum multipart part size in bytes."
+                    },
+                    "presign": {
+                      "type": "object",
+                      "description": "Presigned URL behavior configuration.",
+                      "properties": {
+                        "expiresInSeconds": {
+                          "type": "number",
+                          "description": "Expiration time in seconds for presigned URLs."
+                        },
+                        "signContentTypeForPut": {
+                          "type": "boolean",
+                          "description": "Whether to sign Content-Type for presigned PUT."
+                        }
+                      }
+                    },
                     "credentials": {
                       "type": "object",
                       "description": "The credentials for the s3 compatible storage provider.",
@@ -451,6 +646,9 @@
                         },
                         "secretAccessKey": {
                           "type": "string"
+                        },
+                        "sessionToken": {
+                          "type": "string"
                         }
                       }
                     },
@@ -468,7 +666,7 @@
                         },
                         "urlPrefix": {
                           "type": "string",
-                          "description": "The presigned url prefix for the cloudflare r2 storage provider.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
+                          "description": "The custom domain URL prefix for the cloudflare r2 storage provider.\nWhen `enabled=true` and `urlPrefix` + `signKey` are provided, the server will:\n- Redirect GET requests to this custom domain with an HMAC token.\n- Return upload URLs under `/api/storage/*` for uploads.\nPresigned/upload proxy TTL is 1 hour.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
                         },
                         "signKey": {
                           "type": "string",
@@ -545,6 +743,11 @@
           "description": "Multiple hosts the server will accept requests from.\n@default []",
           "default": []
         },
+        "listenAddr": {
+          "type": "string",
+          "description": "The address to listen on (e.g., 0.0.0.0 for IPv4, :: for IPv6).\n@default \"0.0.0.0\"\n@environment `LISTEN_ADDR`",
+          "default": "0.0.0.0"
+        },
         "port": {
           "type": "number",
           "description": "Which port the server will listen on.\n@default 3010\n@environment `AFFINE_SERVER_PORT`",
@@ -561,11 +764,6 @@
       "type": "object",
       "description": "Configuration for flags module",
       "properties": {
-        "earlyAccessControl": {
-          "type": "boolean",
-          "description": "Only allow users with early access features to access the app\n@default false",
-          "default": false
-        },
         "allowGuestDemoWorkspace": {
           "type": "boolean",
           "description": "Whether allow guest users to create demo workspaces.\n@default true",
@@ -584,6 +782,45 @@
         }
       }
     },
+    "telemetry": {
+      "type": "object",
+      "description": "Configuration for telemetry module",
+      "properties": {
+        "allowedOrigin": {
+          "type": "array",
+          "description": "Allowed origins for telemetry collection.\n@default [\"localhost\",\"127.0.0.1\"]",
+          "default": [
+            "localhost",
+            "127.0.0.1"
+          ]
+        },
+        "ga4.measurementId": {
+          "type": "string",
+          "description": "GA4 Measurement ID for Measurement Protocol.\n@default \"\"\n@environment `GA4_MEASUREMENT_ID`",
+          "default": ""
+        },
+        "ga4.apiSecret": {
+          "type": "string",
+          "description": "GA4 API secret for Measurement Protocol.\n@default \"\"\n@environment `GA4_API_SECRET`",
+          "default": ""
+        },
+        "dedupe.ttlHours": {
+          "type": "number",
+          "description": "Telemetry dedupe TTL in hours.\n@default 24",
+          "default": 24
+        },
+        "dedupe.maxEntries": {
+          "type": "number",
+          "description": "Telemetry dedupe max entries.\n@default 100000",
+          "default": 100000
+        },
+        "batch.maxEvents": {
+          "type": "number",
+          "description": "Max events per telemetry batch.\n@default 25",
+          "default": 25
+        }
+      }
+    },
     "client": {
       "type": "object",
       "description": "Configuration for client module",
@@ -600,6 +837,40 @@
         }
       }
     },
+    "calendar": {
+      "type": "object",
+      "description": "Configuration for calendar module",
+      "properties": {
+        "google": {
+          "type": "object",
+          "description": "Google Calendar integration config\n@default {\"enabled\":false,\"clientId\":\"\",\"clientSecret\":\"\",\"externalWebhookUrl\":\"\",\"webhookVerificationToken\":\"\"}\n@link https://developers.google.com/calendar/api/guides/push",
+          "properties": {
+            "enabled": {
+              "type": "boolean"
+            },
+            "clientId": {
+              "type": "string"
+            },
+            "clientSecret": {
+              "type": "string"
+            },
+            "externalWebhookUrl": {
+              "type": "string"
+            },
+            "webhookVerificationToken": {
+              "type": "string"
+            }
+          },
+          "default": {
+            "enabled": false,
+            "clientId": "",
+            "clientSecret": "",
+            "externalWebhookUrl": "",
+            "webhookVerificationToken": ""
+          }
+        }
+      }
+    },
     "captcha": {
       "type": "object",
       "description": "Configuration for captcha module",
@@ -629,14 +900,34 @@
       "properties": {
         "enabled": {
           "type": "boolean",
-          "description": "Whether to enable the copilot plugin.\n@default false",
+          "description": "Whether to enable the copilot plugin. <br> Document: <a href=\"https://docs.affine.pro/self-host-affine/administer/ai\" target=\"_blank\">https://docs.affine.pro/self-host-affine/administer/ai</a>\n@default false",
           "default": false
         },
+        "scenarios": {
+          "type": "object",
+          "description": "Use custom models in scenarios and override default settings.\n@default {\"override_enabled\":false,\"scenarios\":{\"audio_transcribing\":\"gemini-2.5-flash\",\"chat\":\"gemini-2.5-flash\",\"embedding\":\"gemini-embedding-001\",\"image\":\"gpt-image-1\",\"rerank\":\"gpt-4.1\",\"coding\":\"claude-sonnet-4-5@20250929\",\"complex_text_generation\":\"gpt-4o-2024-08-06\",\"quick_decision_making\":\"gpt-5-mini\",\"quick_text_generation\":\"gemini-2.5-flash\",\"polish_and_summarize\":\"gemini-2.5-flash\"}}",
+          "default": {
+            "override_enabled": false,
+            "scenarios": {
+              "audio_transcribing": "gemini-2.5-flash",
+              "chat": "gemini-2.5-flash",
+              "embedding": "gemini-embedding-001",
+              "image": "gpt-image-1",
+              "rerank": "gpt-4.1",
+              "coding": "claude-sonnet-4-5@20250929",
+              "complex_text_generation": "gpt-4o-2024-08-06",
+              "quick_decision_making": "gpt-5-mini",
+              "quick_text_generation": "gemini-2.5-flash",
+              "polish_and_summarize": "gemini-2.5-flash"
+            }
+          }
+        },
         "providers.openai": {
           "type": "object",
-          "description": "The config for the openai provider.\n@default {\"apiKey\":\"\"}\n@link https://github.com/openai/openai-node",
+          "description": "The config for the openai provider.\n@default {\"apiKey\":\"\",\"baseURL\":\"https://api.openai.com/v1\"}\n@link https://github.com/openai/openai-node",
           "default": {
-            "apiKey": ""
+            "apiKey": "",
+            "baseURL": "https://api.openai.com/v1"
           }
         },
         "providers.fal": {
@@ -648,9 +939,10 @@
         },
         "providers.gemini": {
           "type": "object",
-          "description": "The config for the gemini provider.\n@default {\"apiKey\":\"\"}",
+          "description": "The config for the gemini provider.\n@default {\"apiKey\":\"\",\"baseURL\":\"https://generativelanguage.googleapis.com/v1beta\"}",
           "default": {
-            "apiKey": ""
+            "apiKey": "",
+            "baseURL": "https://generativelanguage.googleapis.com/v1beta"
           }
         },
         "providers.geminiVertex": {
@@ -697,9 +989,10 @@
         },
         "providers.anthropic": {
           "type": "object",
-          "description": "The config for the anthropic provider.\n@default {\"apiKey\":\"\"}",
+          "description": "The config for the anthropic provider.\n@default {\"apiKey\":\"\",\"baseURL\":\"https://api.anthropic.com/v1\"}",
           "default": {
-            "apiKey": ""
+            "apiKey": "",
+            "baseURL": "https://api.anthropic.com/v1"
           }
         },
         "providers.anthropicVertex": {
@@ -796,8 +1089,42 @@
                 },
                 "config": {
                   "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
+                  "description": "The config for the S3 compatible storage provider.",
                   "properties": {
+                    "endpoint": {
+                      "type": "string",
+                      "description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
+                    },
+                    "forcePathStyle": {
+                      "type": "boolean",
+                      "description": "Whether to use path-style bucket addressing."
+                    },
+                    "requestTimeoutMs": {
+                      "type": "number",
+                      "description": "Request timeout in milliseconds."
+                    },
+                    "minPartSize": {
+                      "type": "number",
+                      "description": "Minimum multipart part size in bytes."
+                    },
+                    "presign": {
+                      "type": "object",
+                      "description": "Presigned URL behavior configuration.",
+                      "properties": {
+                        "expiresInSeconds": {
+                          "type": "number",
+                          "description": "Expiration time in seconds for presigned URLs."
+                        },
+                        "signContentTypeForPut": {
+                          "type": "boolean",
+                          "description": "Whether to sign Content-Type for presigned PUT."
+                        }
+                      }
+                    },
                     "credentials": {
                       "type": "object",
                       "description": "The credentials for the s3 compatible storage provider.",
@@ -807,6 +1134,9 @@
                         },
                         "secretAccessKey": {
                           "type": "string"
+                        },
+                        "sessionToken": {
+                          "type": "string"
                         }
                       }
                     }
@@ -828,8 +1158,42 @@
                 },
                 "config": {
                   "type": "object",
-                  "description": "The config for the s3 compatible storage provider. directly passed to aws-sdk client.\n@link https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html",
+                  "description": "The config for the S3 compatible storage provider.",
                   "properties": {
+                    "endpoint": {
+                      "type": "string",
+                      "description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
+                    },
+                    "forcePathStyle": {
+                      "type": "boolean",
+                      "description": "Whether to use path-style bucket addressing."
+                    },
+                    "requestTimeoutMs": {
+                      "type": "number",
+                      "description": "Request timeout in milliseconds."
+                    },
+                    "minPartSize": {
+                      "type": "number",
+                      "description": "Minimum multipart part size in bytes."
+                    },
+                    "presign": {
+                      "type": "object",
+                      "description": "Presigned URL behavior configuration.",
+                      "properties": {
+                        "expiresInSeconds": {
+                          "type": "number",
+                          "description": "Expiration time in seconds for presigned URLs."
+                        },
+                        "signContentTypeForPut": {
+                          "type": "boolean",
+                          "description": "Whether to sign Content-Type for presigned PUT."
+                        }
+                      }
+                    },
                     "credentials": {
                       "type": "object",
                       "description": "The credentials for the s3 compatible storage provider.",
@@ -839,6 +1203,9 @@
                         },
                         "secretAccessKey": {
                           "type": "string"
+                        },
+                        "sessionToken": {
+                          "type": "string"
                         }
                       }
                     },
@@ -856,7 +1223,7 @@
                         },
                         "urlPrefix": {
                           "type": "string",
-                          "description": "The presigned url prefix for the cloudflare r2 storage provider.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
+                          "description": "The custom domain URL prefix for the cloudflare r2 storage provider.\nWhen `enabled=true` and `urlPrefix` + `signKey` are provided, the server will:\n- Redirect GET requests to this custom domain with an HMAC token.\n- Return upload URLs under `/api/storage/*` for uploads.\nPresigned/upload proxy TTL is 1 hour.\nsee https://developers.cloudflare.com/waf/custom-rules/use-cases/configure-token-authentication/ to configure it.\nExample value: \"https://storage.example.com\"\nExample rule: is_timed_hmac_valid_v0(\"your_secret\", http.request.uri, 10800, http.request.timestamp.sec, 6)"
                         },
                         "signKey": {
                           "type": "string",
@@ -1036,18 +1403,33 @@
         },
         "apiKey": {
           "type": "string",
-          "description": "Stripe API key to enable payment service.\n@default \"\"\n@environment `STRIPE_API_KEY`",
+          "description": "[Deprecated] Stripe API key. Use payment.stripe.apiKey instead.\n@default \"\"\n@environment `STRIPE_API_KEY`",
           "default": ""
         },
         "webhookKey": {
           "type": "string",
-          "description": "Stripe webhook key to enable payment service.\n@default \"\"\n@environment `STRIPE_WEBHOOK_KEY`",
+          "description": "[Deprecated] Stripe webhook key. Use payment.stripe.webhookKey instead.\n@default \"\"\n@environment `STRIPE_WEBHOOK_KEY`",
           "default": ""
         },
         "stripe": {
           "type": "object",
-          "description": "Stripe sdk options\n@default {}\n@link https://docs.stripe.com/api",
-          "default": {}
+          "description": "Stripe sdk options and credentials\n@default {\"apiKey\":\"\",\"webhookKey\":\"\"}\n@link https://docs.stripe.com/api",
+          "default": {
+            "apiKey": "",
+            "webhookKey": ""
+          }
+        },
+        "revenuecat": {
+          "type": "object",
+          "description": "RevenueCat integration configs\n@default {\"enabled\":false,\"apiKey\":\"\",\"projectId\":\"\",\"webhookAuth\":\"\",\"environment\":\"production\",\"productMap\":{}}\n@link https://www.revenuecat.com/docs/",
+          "default": {
+            "enabled": false,
+            "apiKey": "",
+            "projectId": "",
+            "webhookAuth": "",
+            "environment": "production",
+            "productMap": {}
+          }
         }
       }
     },

.editorconfig

@@ -1,6 +1,8 @@
 # Editor configuration, see http://editorconfig.org
 root = true
 
+[*.rs]
+max_line_length = 120
 [*]
 charset = utf-8
 indent_style = space

.github/ISSUE_TEMPLATE/BUG-REPORT.yml

@@ -74,3 +74,11 @@ body:
       description: |
         Links? References? Anything that will give us more context about the issue you are encountering!
         Tip: You can attach images here
+  - type: checkboxes
+    attributes:
+      label: Is your content generated by AI?
+      description: >
+        (Required) Please confirm that the content you submit was not generated by AI or only minimally edited by AI.
+        If an administrator believes the post contains a large amount of AI-generated content, they may directly close the question.
+      options:
+        - label: I confirm that the content I submitted was **not** generated by AI / **merely contained minimal** AI edits.

.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml

@@ -35,3 +35,11 @@ body:
         See the AFFiNE [Contributing Guide](https://github.com/toeverything/affine/blob/canary/CONTRIBUTING.md) to get started.
       options:
         - label: Yes I'd like to help by submitting a PR!
+  - type: checkboxes
+    attributes:
+      label: Is your content generated by AI?
+      description: >
+        (Required) Please confirm that the content you submit was not generated by AI or only minimally edited by AI.
+        If an administrator believes the post contains a large amount of AI-generated content, they may directly close the question.
+      options:
+        - label: I confirm that the content I submitted was **not** generated by AI / **merely contained minimal** AI edits.

.github/actions/build-rust/action.yml

@@ -75,7 +75,11 @@ runs:
       shell: bash
       if: ${{ runner.os != 'Windows' && inputs.no-build != 'true' }}
       run: |
-        yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
+        if [[ "${{ inputs.target }}" == "x86_64-unknown-linux-gnu" ]]; then
+          yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }}
+        else
+          yarn workspace ${{ inputs.package }} build --target ${{ inputs.target }} --use-napi-cross
+        fi
       env:
         DEBUG: 'napi:*'
 

.github/actions/deploy/deploy.mjs

@@ -29,25 +29,25 @@ const isInternal = buildType === 'internal';
 
 const replicaConfig = {
   stable: {
-    web: 3,
-    graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 3,
-    sync: Number(process.env.PRODUCTION_SYNC_REPLICA) || 3,
-    renderer: Number(process.env.PRODUCTION_RENDERER_REPLICA) || 3,
-    doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 3,
+    web: 2,
+    graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 2,
+    sync: Number(process.env.PRODUCTION_SYNC_REPLICA) || 2,
+    renderer: Number(process.env.PRODUCTION_RENDERER_REPLICA) || 2,
+    doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 2,
   },
   beta: {
-    web: 2,
-    graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 2,
-    sync: Number(process.env.BETA_SYNC_REPLICA) || 2,
-    renderer: Number(process.env.BETA_RENDERER_REPLICA) || 2,
-    doc: Number(process.env.BETA_DOC_REPLICA) || 2,
+    web: 1,
+    graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 1,
+    sync: Number(process.env.BETA_SYNC_REPLICA) || 1,
+    renderer: Number(process.env.BETA_RENDERER_REPLICA) || 1,
+    doc: Number(process.env.BETA_DOC_REPLICA) || 1,
   },
   canary: {
-    web: 2,
-    graphql: 2,
-    sync: 2,
-    renderer: 2,
-    doc: 2,
+    web: 1,
+    graphql: 1,
+    sync: 1,
+    renderer: 1,
+    doc: 1,
   },
 };
 

.github/actions/server-test-env/action.yml

@@ -4,11 +4,6 @@ description: 'Prepare Server Test Environment'
 runs:
   using: 'composite'
   steps:
-    - name: Bundle @affine/reader
-      shell: bash
-      run: |
-        yarn affine @affine/reader build
-
     - name: Initialize database
       shell: bash
       run: |

.github/actions/setup-version/action.yml

@@ -4,9 +4,15 @@ inputs:
   app-version:
     description: 'App Version'
     required: true
+  ios-app-version:
+    description: 'iOS App Store Version (Optional, use App version if empty)'
+    required: false
+    type: string
 runs:
   using: 'composite'
   steps:
     - name: 'Write Version'
       shell: bash
+      env:
+        IOS_APP_VERSION: ${{ inputs.ios-app-version }}
       run: ./scripts/set-version.sh ${{ inputs.app-version }}

.github/deployment/node/Dockerfile

@@ -13,4 +13,6 @@ RUN apt-get update && \
 # Enable jemalloc by preloading the library
 ENV LD_PRELOAD=libjemalloc.so.2
 
+EXPOSE 3010
+
 CMD ["node", "./dist/main.js"]

.github/helm/affine/Chart.yaml

@@ -3,4 +3,4 @@ name: affine
 description: AFFiNE cloud chart
 type: application
 version: 0.0.0
-appVersion: "0.22.4"
+appVersion: "0.26.0"

.github/helm/affine/charts/doc/Chart.yaml

@@ -3,7 +3,7 @@ name: doc
 description: AFFiNE doc server
 type: application
 version: 0.0.0
-appVersion: "0.22.4"
+appVersion: "0.26.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/gcloud-sql-proxy/values.yaml

@@ -1,4 +1,4 @@
-replicaCount: 3
+replicaCount: 2
 enabled: false
 database: 
   connectionName: ""
@@ -33,8 +33,11 @@ service:
 
 resources:
   limits:
-    memory: "4Gi"
-    cpu: "2"
+    memory: "1Gi"
+    cpu: "1"
+  requests:
+    memory: "512Mi"
+    cpu: "100m"
 
 volumes: []
 volumeMounts: []

.github/helm/affine/charts/graphql/Chart.yaml

@@ -3,7 +3,7 @@ name: graphql
 description: AFFiNE GraphQL server
 type: application
 version: 0.0.0
-appVersion: "0.22.4"
+appVersion: "0.26.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/renderer/Chart.yaml

@@ -3,7 +3,7 @@ name: renderer
 description: AFFiNE renderer server
 type: application
 version: 0.0.0
-appVersion: "0.22.4"
+appVersion: "0.26.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/sync/Chart.yaml

@@ -3,7 +3,7 @@ name: sync
 description: AFFiNE Sync Server
 type: application
 version: 0.0.0
-appVersion: "0.22.4"
+appVersion: "0.26.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/workflows/build-images.yml

@@ -46,6 +46,7 @@ jobs:
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
           MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+          GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
       - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
@@ -79,6 +80,7 @@ jobs:
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
           MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+          GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
       - name: Upload admin artifact
         uses: actions/upload-artifact@v4
         with:
@@ -112,6 +114,7 @@ jobs:
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
           MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+          GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
       - name: Upload mobile artifact
         uses: actions/upload-artifact@v4
         with:
@@ -187,8 +190,6 @@ jobs:
           path: ./packages/backend/native
       - name: List server-native files
         run: ls -alh ./packages/backend/native
-      - name: Build @affine/reader
-        run: yarn workspace @affine/reader build
       - name: Build Server
         run: yarn workspace @affine/server build
       - name: Upload server dist

.github/workflows/build-test.yml

@@ -19,7 +19,7 @@ env:
   APP_NAME: affine
   AFFINE_ENV: dev
   COVERAGE: true
-  MACOSX_DEPLOYMENT_TARGET: '10.13'
+  MACOSX_DEPLOYMENT_TARGET: '11.6'
   DEPLOYMENT_TYPE: affine
   AFFINE_INDEXER_ENABLED: true
 
@@ -152,11 +152,6 @@ jobs:
           name: server-native.node
           path: ./packages/backend/native
 
-      - name: Bundle @affine/reader
-        shell: bash
-        run: |
-          yarn workspace @affine/reader build
-
       - name: Run Check
         run: |
           yarn affine init
@@ -187,7 +182,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
+        shard: [1, 2]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -218,7 +213,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2]
+        shard: [1]
         browser: ['chromium', 'firefox', 'webkit']
     steps:
       - uses: actions/checkout@v4
@@ -256,7 +251,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
+        shard: [1, 2, 3, 4, 5]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -287,7 +282,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2, 3, 4, 5]
+        shard: [1, 2]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -318,7 +313,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shard: [1, 2, 3, 4, 5]
+        shard: [1, 2, 3]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Node.js
@@ -512,8 +507,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node_index: [0, 1, 2, 3, 4, 5, 6, 7]
-        total_nodes: [8]
+        node_index: [0, 1, 2, 3]
+        total_nodes: [4]
     env:
       NODE_ENV: test
       DATABASE_URL: postgresql://affine:affine@localhost:5432/affine
@@ -803,49 +798,6 @@ jobs:
           name: fuzz-artifact
           path: packages/common/y-octo/utils/fuzz/artifacts/**/*
 
-  y-octo-binding-test:
-    name: y-octo binding test on ${{ matrix.settings.target }}
-    runs-on: ${{ matrix.settings.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        settings:
-          - { target: 'x86_64-unknown-linux-gnu', os: 'ubuntu-latest' }
-          - { target: 'aarch64-unknown-linux-gnu', os: 'ubuntu-24.04-arm' }
-          - { target: 'x86_64-apple-darwin', os: 'macos-13' }
-          - { target: 'aarch64-apple-darwin', os: 'macos-latest' }
-          - { target: 'x86_64-pc-windows-msvc', os: 'windows-latest' }
-          - { target: 'aarch64-pc-windows-msvc', os: 'windows-11-arm' }
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Node.js
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: workspaces focus @affine-tools/cli @affine/monorepo @y-octo/node
-          electron-install: false
-      - name: Install rustup (Windows 11 ARM)
-        if: matrix.settings.os == 'windows-11-arm'
-        shell: pwsh
-        run: |
-          Invoke-WebRequest -Uri "https://static.rust-lang.org/rustup/dist/aarch64-pc-windows-msvc/rustup-init.exe" -OutFile rustup-init.exe
-          .\rustup-init.exe --default-toolchain none -y
-          "$env:USERPROFILE\.cargo\bin" | Out-File -Append -Encoding ascii $env:GITHUB_PATH
-          "CARGO_HOME=$env:USERPROFILE\.cargo" | Out-File -Append -Encoding ascii $env:GITHUB_ENV
-      - name: Install Rust (Windows 11 ARM)
-        if: matrix.settings.os == 'windows-11-arm'
-        shell: pwsh
-        run: |
-          rustup install stable
-          rustup target add ${{ matrix.settings.target }}
-          cargo --version
-      - name: Build Rust
-        uses: ./.github/actions/build-rust
-        with:
-          target: ${{ matrix.settings.target }}
-          package: '@y-octo/node'
-      - name: Run tests
-        run: yarn affine @y-octo/node test
-
   rust-test:
     name: Run native tests
     runs-on: ubuntu-latest
@@ -972,8 +924,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8]
-        shardTotal: [8]
+        shardIndex: [1, 2, 3, 4, 5]
+        shardTotal: [5]
     needs:
       - build-server-native
     services:
@@ -1064,24 +1016,21 @@ jobs:
       fail-fast: false
       matrix:
         tests:
-          - name: 'Cloud E2E Test 1/6'
+          - name: 'Cloud E2E Test 1/10'
             shard: 1
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=1/6
-          - name: 'Cloud E2E Test 2/6'
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=1/10
+          - name: 'Cloud E2E Test 2/10'
             shard: 2
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=2/6
-          - name: 'Cloud E2E Test 3/6'
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=2/10
+          - name: 'Cloud E2E Test 3/10'
             shard: 3
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=3/6
-          - name: 'Cloud E2E Test 4/6'
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=3/10
+          - name: 'Cloud E2E Test 4/10'
             shard: 4
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=4/6
-          - name: 'Cloud E2E Test 5/6'
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=4/10
+          - name: 'Cloud E2E Test 5/10'
             shard: 5
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=5/6
-          - name: 'Cloud E2E Test 6/6'
-            shard: 6
-            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=6/6
+            script: yarn affine @affine-test/affine-cloud e2e --forbid-only --shard=5/10
           - name: 'Cloud Desktop E2E Test'
             shard: desktop
             script: |
@@ -1344,7 +1293,7 @@ jobs:
         run: |
           sudo add-apt-repository universe
           sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
-          flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+          flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
           flatpak update
           # some flatpak deps need git protocol.file.allow
           git config --global protocol.file.allow always
@@ -1380,7 +1329,6 @@ jobs:
       - miri
       - loom
       - fuzzing
-      - y-octo-binding-test
       - server-test
       - server-e2e-test
       - rust-test

.github/workflows/copilot-test.yml

@@ -109,8 +109,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8]
-        shardTotal: [8]
+        shardIndex: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
+        shardTotal: [10]
     needs:
       - build-server-native
     services:

.github/workflows/release-desktop-platform.yml

@@ -0,0 +1,227 @@
+name: Release Desktop Platform
+
+on:
+  workflow_call:
+    inputs:
+      build_type:
+        required: true
+        type: string
+      app_version:
+        required: true
+        type: string
+      git_short_hash:
+        required: true
+        type: string
+      runner:
+        required: true
+        type: string
+      platform:
+        required: true
+        type: string
+      arch:
+        required: true
+        type: string
+      target:
+        required: true
+        type: string
+      apple_codesign:
+        required: false
+        default: false
+        type: boolean
+      install_linux_deps:
+        required: false
+        default: false
+        type: boolean
+      enable_scripts:
+        required: false
+        default: false
+        type: boolean
+    outputs:
+      files_to_be_signed:
+        description: Files to be signed (Windows only)
+        value: ${{ jobs.build.outputs.files_to_be_signed }}
+
+permissions:
+  actions: write
+  contents: write
+  security-events: write
+  id-token: write
+  attestations: write
+
+jobs:
+  build:
+    runs-on: ${{ inputs.runner }}
+    outputs:
+      files_to_be_signed: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED }}
+    env:
+      BUILD_TYPE: ${{ inputs.build_type }}
+      RELEASE_VERSION: ${{ inputs.app_version }}
+      DEBUG: 'affine:*,napi:*'
+      APP_NAME: affine
+      MACOSX_DEPLOYMENT_TARGET: '12.0'
+      SKIP_GENERATE_ASSETS: 1
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+      SENTRY_PROJECT: 'affine'
+      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+      SENTRY_RELEASE: ${{ inputs.app_version }}
+      MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+      GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Version
+        uses: ./.github/actions/setup-version
+        with:
+          app-version: ${{ inputs.app_version }}
+
+      - name: Setup Node.js
+        timeout-minutes: 10
+        uses: ./.github/actions/setup-node
+        with:
+          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine/nbstore @toeverything/infra
+          hard-link-nm: false
+          nmHoistingLimits: workspaces
+          enableScripts: ${{ inputs.enable_scripts }}
+
+      - name: Build AFFiNE native
+        uses: ./.github/actions/build-rust
+        with:
+          target: ${{ inputs.target }}
+          package: '@affine/native'
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: desktop-web
+          path: packages/frontend/apps/electron/resources/web-static
+
+      - name: Build Desktop Layers
+        run: yarn affine @affine/electron build
+
+      - name: Signing By Apple Developer ID
+        if: ${{ inputs.platform == 'darwin' && inputs.apple_codesign }}
+        uses: apple-actions/import-codesign-certs@v5
+        with:
+          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
+          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
+
+      - name: Install additional dependencies on Linux
+        if: ${{ inputs.platform == 'linux' && inputs.install_linux_deps }}
+        run: |
+          df -h
+          sudo add-apt-repository universe
+          sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
+          flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+          flatpak update
+          # some flatpak deps need git protocol.file.allow
+          git config --global protocol.file.allow always
+          # clean up apt cache to save disk space
+          sudo -E apt-get -y purge azure-cli* zulu* hhvm* llvm* firefox* google* dotnet* aspnetcore* powershell* adoptopenjdk* mysql* php* mongodb* moby* snap* || true
+          sudo -E apt-get -qq autoremove --purge
+          sudo rm -rf /usr/share/dotnet /opt/ghc /opt/hostedtoolcache/CodeQL /usr/local/lib/android
+          sudo apt-get clean
+          rm -rf ~/.cache/yarn ~/.npm
+          df -h
+
+      - name: Remove nbstore node_modules (darwin/linux)
+        if: ${{ inputs.platform != 'win32' }}
+        shell: bash
+        # node_modules of nbstore is not needed for building, and it will make the build process out of memory
+        run: |
+          cargo clean
+          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite
+          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
+
+      - name: Remove nbstore node_modules (windows)
+        if: ${{ inputs.platform == 'win32' }}
+        shell: bash
+        run: |
+          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite/affine/node_modules
+          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
+
+      - name: make
+        if: ${{ inputs.platform != 'win32' }}
+        run: yarn affine @affine/electron make --platform=${{ inputs.platform }} --arch=${{ inputs.arch }}
+        env:
+          SKIP_WEB_BUILD: 1
+          HOIST_NODE_MODULES: 1
+          NODE_OPTIONS: --max-old-space-size=14384
+
+      - name: package
+        if: ${{ inputs.platform == 'win32' }}
+        run: |
+          yarn affine @affine/electron package --platform=${{ inputs.platform }} --arch=${{ inputs.arch }}
+        env:
+          SKIP_WEB_BUILD: 1
+          HOIST_NODE_MODULES: 1
+          NODE_OPTIONS: --max-old-space-size=14384
+
+      - name: signing DMG
+        if: ${{ inputs.platform == 'darwin' && inputs.apple_codesign }}
+        run: |
+          codesign --force --sign "Developer ID Application: TOEVERYTHING PTE. LTD." packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make/AFFiNE.dmg
+
+      - name: Save artifacts (mac)
+        if: ${{ inputs.platform == 'darwin' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/apps/electron/out/*/make/*.dmg ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.dmg
+          mv packages/frontend/apps/electron/out/*/make/zip/darwin/${{ inputs.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.zip
+
+      - name: Save artifacts (linux)
+        if: ${{ inputs.platform == 'linux' }}
+        run: |
+          mkdir -p builds
+          mv packages/frontend/apps/electron/out/*/make/zip/linux/${{ inputs.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.zip
+          mv packages/frontend/apps/electron/out/*/make/*.AppImage ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.appimage
+          mv packages/frontend/apps/electron/out/*/make/deb/${{ inputs.arch }}/*.deb ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.deb
+          mv packages/frontend/apps/electron/out/*/make/flatpak/*/*.flatpak ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.flatpak
+
+      - uses: actions/attest-build-provenance@v2
+        if: ${{ inputs.platform == 'darwin' }}
+        with:
+          subject-path: |
+            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.zip
+            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.dmg
+
+      - uses: actions/attest-build-provenance@v2
+        if: ${{ inputs.platform == 'linux' }}
+        with:
+          subject-path: |
+            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.zip
+            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.appimage
+            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.deb
+            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.flatpak
+
+      - name: Upload Artifact
+        if: ${{ inputs.platform == 'darwin' || inputs.platform == 'linux' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: affine-${{ inputs.platform }}-${{ inputs.arch }}-builds
+          path: builds
+
+      - name: get all files to be signed
+        id: get_files_to_be_signed
+        if: ${{ inputs.platform == 'win32' }}
+        shell: pwsh
+        run: |
+          Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/apps/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\apps\electron\out\', '') + '"' }) -join ' ')
+          "FILES_TO_BE_SIGNED=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
+          echo $FILES_TO_BE_SIGNED
+
+      - name: Zip artifacts for faster upload
+        if: ${{ inputs.platform == 'win32' }}
+        shell: pwsh
+        run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/apps/electron/out/* -DestinationPath archive.zip
+
+      - name: Save packaged artifacts for signing
+        if: ${{ inputs.platform == 'win32' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: packaged-${{ inputs.platform }}-${{ inputs.arch }}
+          path: |
+            archive.zip
+            !**/*.map

.github/workflows/release-desktop.yml

@@ -12,6 +12,21 @@ on:
       git-short-hash:
         required: true
         type: string
+      desktop_macos:
+        description: 'Desktop - macOS'
+        required: false
+        default: true
+        type: boolean
+      desktop_windows:
+        description: 'Desktop - Windows'
+        required: false
+        default: true
+        type: boolean
+      desktop_linux:
+        description: 'Desktop - Linux'
+        required: false
+        default: true
+        type: boolean
 
 permissions:
   actions: write
@@ -25,10 +40,11 @@ env:
   RELEASE_VERSION: ${{ inputs.app-version }}
   DEBUG: 'affine:*,napi:*'
   APP_NAME: affine
-  MACOSX_DEPLOYMENT_TARGET: '10.13'
+  MACOSX_DEPLOYMENT_TARGET: '11.6'
 
 jobs:
   before-make:
+    if: ${{ inputs.desktop_macos || inputs.desktop_windows || inputs.desktop_linux }}
     runs-on: ubuntu-latest
     environment: ${{ inputs.build-type }}
     steps:
@@ -51,6 +67,7 @@ jobs:
           SENTRY_RELEASE: ${{ inputs.app-version }}
           RELEASE_VERSION: ${{ inputs.app-version }}
           MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+          GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
 
       - name: Upload web artifact
         uses: actions/upload-artifact@v4
@@ -58,7 +75,8 @@ jobs:
           name: desktop-web
           path: packages/frontend/apps/electron/resources/web-static
 
-  make-distribution:
+  make-distribution-macos:
+    if: ${{ inputs.desktop_macos }}
     strategy:
       fail-fast: false
       matrix:
@@ -71,223 +89,90 @@ jobs:
             platform: darwin
             arch: arm64
             target: aarch64-apple-darwin
-          - runner: ubuntu-latest
-            platform: linux
-            arch: x64
-            target: x86_64-unknown-linux-gnu
-    runs-on: ${{ matrix.spec.runner }}
     needs: before-make
-    environment: ${{ inputs.build-type }}
-    env:
-      APPLE_ID: ${{ secrets.APPLE_ID }}
-      APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-      SKIP_GENERATE_ASSETS: 1
-      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-      SENTRY_PROJECT: 'affine'
-      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-      SENTRY_RELEASE: ${{ inputs.app-version }}
-      MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
-      - name: Setup Node.js
-        timeout-minutes: 10
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine/nbstore @toeverything/infra
-          hard-link-nm: false
-          nmHoistingLimits: workspaces
-          enableScripts: false
-      - name: Build AFFiNE native
-        uses: ./.github/actions/build-rust
-        with:
-          target: ${{ matrix.spec.target }}
-          package: '@affine/native'
-      - uses: actions/download-artifact@v4
-        with:
-          name: desktop-web
-          path: packages/frontend/apps/electron/resources/web-static
+    uses: ./.github/workflows/release-desktop-platform.yml
+    secrets: inherit
+    with:
+      build_type: ${{ inputs.build-type }}
+      app_version: ${{ inputs.app-version }}
+      git_short_hash: ${{ inputs.git-short-hash }}
+      runner: ${{ matrix.spec.runner }}
+      platform: ${{ matrix.spec.platform }}
+      arch: ${{ matrix.spec.arch }}
+      target: ${{ matrix.spec.target }}
+      apple_codesign: true
 
-      - name: Build Desktop Layers
-        run: yarn affine @affine/electron build
-
-      - name: Signing By Apple Developer ID
-        if: ${{ matrix.spec.platform == 'darwin' }}
-        uses: apple-actions/import-codesign-certs@v5
-        with:
-          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
-          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
-
-      - name: Install additional dependencies on Linux
-        if: ${{ matrix.spec.platform == 'linux' }}
-        run: |
-          sudo add-apt-repository universe
-          sudo apt install -y libfuse2 elfutils flatpak flatpak-builder
-          flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
-          flatpak update
-          # some flatpak deps need git protocol.file.allow
-          git config --global protocol.file.allow always
-
-      - name: Remove nbstore node_modules
-        shell: bash
-        # node_modules of nbstore is not needed for building, and it will make the build process out of memory
-        run: |
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
-
-      - name: make
-        run: yarn affine @affine/electron make --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
-        env:
-          SKIP_WEB_BUILD: 1
-          HOIST_NODE_MODULES: 1
-          NODE_OPTIONS: --max-old-space-size=14384
-
-      - name: signing DMG
-        if: ${{ matrix.spec.platform == 'darwin' }}
-        run: |
-          codesign --force --sign "Developer ID Application: TOEVERYTHING PTE. LTD." packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make/AFFiNE.dmg
-
-      - name: Save artifacts (mac)
-        if: ${{ matrix.spec.platform == 'darwin' }}
-        run: |
-          mkdir -p builds
-          mv packages/frontend/apps/electron/out/*/make/*.dmg ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
-          mv packages/frontend/apps/electron/out/*/make/zip/darwin/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
-      - name: Save artifacts (linux)
-        if: ${{ matrix.spec.platform == 'linux' }}
-        run: |
-          mkdir -p builds
-          mv packages/frontend/apps/electron/out/*/make/zip/linux/${{ matrix.spec.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.zip
-          mv packages/frontend/apps/electron/out/*/make/*.AppImage ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.appimage
-          mv packages/frontend/apps/electron/out/*/make/deb/${{ matrix.spec.arch }}/*.deb ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.deb
-          mv packages/frontend/apps/electron/out/*/make/flatpak/*/*.flatpak ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ matrix.spec.arch }}.flatpak
-
-      - uses: actions/attest-build-provenance@v2
-        if: ${{ matrix.spec.platform == 'darwin' }}
-        with:
-          subject-path: |
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.zip
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ matrix.spec.arch }}.dmg
-
-      - uses: actions/attest-build-provenance@v2
-        if: ${{ matrix.spec.platform == 'linux' }}
-        with:
-          subject-path: |
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.zip
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.appimage
-            ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-x64.deb
-      - name: Upload Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
-          path: builds
-
-  package-distribution-windows:
-    environment: ${{ inputs.build-type }}
+  make-distribution-linux:
+    if: ${{ inputs.desktop_linux }}
     strategy:
       fail-fast: false
       matrix:
         spec:
-          - runner: windows-latest
-            platform: win32
+          - runner: ubuntu-latest
+            platform: linux
             arch: x64
-            target: x86_64-pc-windows-msvc
-          - runner: windows-latest
-            platform: win32
-            arch: arm64
-            target: aarch64-pc-windows-msvc
-    runs-on: ${{ matrix.spec.runner }}
+            target: x86_64-unknown-linux-gnu
     needs: before-make
-    outputs:
-      FILES_TO_BE_SIGNED_x64: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED_x64 }}
-      FILES_TO_BE_SIGNED_arm64: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED_arm64 }}
-    env:
-      SKIP_GENERATE_ASSETS: 1
-      SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-      SENTRY_PROJECT: 'affine'
-      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-      SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-      SENTRY_RELEASE: ${{ inputs.app-version }}
-      MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Version
-        uses: ./.github/actions/setup-version
-        with:
-          app-version: ${{ inputs.app-version }}
-      - name: Setup Node.js
-        timeout-minutes: 10
-        uses: ./.github/actions/setup-node
-        with:
-          extra-flags: workspaces focus @affine/electron @affine/monorepo @affine/nbstore @toeverything/infra
-          hard-link-nm: false
-          nmHoistingLimits: workspaces
-      - name: Build AFFiNE native
-        uses: ./.github/actions/build-rust
-        with:
-          target: ${{ matrix.spec.target }}
-          package: '@affine/native'
-      - uses: actions/download-artifact@v4
-        with:
-          name: desktop-web
-          path: packages/frontend/apps/electron/resources/web-static
+    uses: ./.github/workflows/release-desktop-platform.yml
+    secrets: inherit
+    with:
+      build_type: ${{ inputs.build-type }}
+      app_version: ${{ inputs.app-version }}
+      git_short_hash: ${{ inputs.git-short-hash }}
+      runner: ${{ matrix.spec.runner }}
+      platform: ${{ matrix.spec.platform }}
+      arch: ${{ matrix.spec.arch }}
+      target: ${{ matrix.spec.target }}
+      install_linux_deps: true
 
-      - name: Build Desktop Layers
-        run: yarn affine @affine/electron build
+  package-distribution-windows-x64:
+    if: ${{ inputs.desktop_windows }}
+    needs: before-make
+    uses: ./.github/workflows/release-desktop-platform.yml
+    secrets: inherit
+    with:
+      build_type: ${{ inputs.build-type }}
+      app_version: ${{ inputs.app-version }}
+      git_short_hash: ${{ inputs.git-short-hash }}
+      runner: windows-latest
+      platform: win32
+      arch: x64
+      target: x86_64-pc-windows-msvc
+      enable_scripts: true
 
-      - name: Remove nbstore node_modules
-        shell: bash
-        # node_modules of nbstore is not needed for building, and it will make the build process out of memory
-        run: |
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/nbstore/node_modules/@blocksuite/affine/node_modules
-          rm -rf packages/frontend/apps/electron/node_modules/@affine/native/node_modules
-
-      - name: package
-        run: |
-          yarn affine @affine/electron package --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
-        env:
-          SKIP_WEB_BUILD: 1
-          HOIST_NODE_MODULES: 1
-          NODE_OPTIONS: --max-old-space-size=14384
-
-      - name: get all files to be signed
-        id: get_files_to_be_signed
-        run: |
-          Set-Variable -Name FILES_TO_BE_SIGNED -Value ((Get-ChildItem -Path packages/frontend/apps/electron/out -Recurse -File | Where-Object { $_.Extension -in @(".exe", ".node", ".dll", ".msi") } | ForEach-Object { '"' + $_.FullName.Replace((Get-Location).Path + '\packages\frontend\apps\electron\out\', '') + '"' }) -join ' ')
-          "FILES_TO_BE_SIGNED_${{ matrix.spec.arch }}=$FILES_TO_BE_SIGNED" >> $env:GITHUB_OUTPUT
-          echo $FILES_TO_BE_SIGNED
-
-      - name: Zip artifacts for faster upload
-        run: Compress-Archive -CompressionLevel Fastest -Path packages/frontend/apps/electron/out/* -DestinationPath archive.zip
-
-      - name: Save packaged artifacts for signing
-        uses: actions/upload-artifact@v4
-        with:
-          name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
-          path: |
-            archive.zip
-            !**/*.map
+  package-distribution-windows-arm64:
+    if: ${{ inputs.desktop_windows }}
+    needs: before-make
+    uses: ./.github/workflows/release-desktop-platform.yml
+    secrets: inherit
+    with:
+      build_type: ${{ inputs.build-type }}
+      app_version: ${{ inputs.app-version }}
+      git_short_hash: ${{ inputs.git-short-hash }}
+      runner: windows-latest
+      platform: win32
+      arch: arm64
+      target: aarch64-pc-windows-msvc
+      enable_scripts: true
 
   sign-packaged-artifacts-windows_x64:
-    needs: package-distribution-windows
+    if: ${{ inputs.desktop_windows }}
+    needs: package-distribution-windows-x64
     uses: ./.github/workflows/windows-signer.yml
     with:
-      files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED_x64 }}
+      files: ${{ needs.package-distribution-windows-x64.outputs.files_to_be_signed }}
       artifact-name: packaged-win32-x64
 
   sign-packaged-artifacts-windows_arm64:
-    needs: package-distribution-windows
+    if: ${{ inputs.desktop_windows }}
+    needs: package-distribution-windows-arm64
     uses: ./.github/workflows/windows-signer.yml
     with:
-      files: ${{ needs.package-distribution-windows.outputs.FILES_TO_BE_SIGNED_arm64 }}
+      files: ${{ needs.package-distribution-windows-arm64.outputs.files_to_be_signed }}
       artifact-name: packaged-win32-arm64
 
   make-windows-installer:
+    if: ${{ inputs.desktop_windows }}
     needs:
       - sign-packaged-artifacts-windows_x64
       - sign-packaged-artifacts-windows_arm64
@@ -349,6 +234,7 @@ jobs:
           path: archive.zip
 
   sign-installer-artifacts-windows-x64:
+    if: ${{ inputs.desktop_windows }}
     needs: make-windows-installer
     uses: ./.github/workflows/windows-signer.yml
     with:
@@ -356,6 +242,7 @@ jobs:
       artifact-name: installer-win32-x64
 
   sign-installer-artifacts-windows-arm64:
+    if: ${{ inputs.desktop_windows }}
     needs: make-windows-installer
     uses: ./.github/workflows/windows-signer.yml
     with:
@@ -363,6 +250,7 @@ jobs:
       artifact-name: installer-win32-arm64
 
   finalize-installer-windows:
+    if: ${{ inputs.desktop_windows }}
     needs:
       [
         sign-installer-artifacts-windows-x64,
@@ -410,17 +298,18 @@ jobs:
           path: builds
 
   release:
-    needs: [before-make, make-distribution, finalize-installer-windows]
+    if: ${{ inputs.desktop_macos && inputs.desktop_linux && inputs.desktop_windows }}
+    needs:
+      [
+        before-make,
+        make-distribution-macos,
+        make-distribution-linux,
+        finalize-installer-windows,
+      ]
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: desktop-web
-          path: web-static
-      - name: Zip web-static
-        run: zip -r web-static.zip web-static
       - name: Download Artifacts (macos-x64)
         uses: actions/download-artifact@v4
         with:
@@ -465,7 +354,5 @@ jobs:
           name: ${{ env.RELEASE_VERSION }}
           draft: ${{ inputs.build-type == 'stable' }}
           prerelease: ${{ inputs.build-type != 'stable' }}
-          tag_name: ${{ env.RELEASE_VERSION}}
-          files: |
-            ./release/*
-            ./release/.env.example
+          tag_name: v${{ env.RELEASE_VERSION}}
+          files: ./release/*

.github/workflows/release-mobile.yml

@@ -12,6 +12,9 @@ on:
       build-type:
         type: string
         required: true
+      ios-app-version:
+        type: string
+        required: false
 
 env:
   BUILD_TYPE: ${{ inputs.build-type }}
@@ -37,6 +40,7 @@ jobs:
         env:
           PUBLIC_PATH: '/'
           MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+          GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
@@ -66,6 +70,7 @@ jobs:
         env:
           PUBLIC_PATH: '/'
           MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
+          GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: 'affine'
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
@@ -78,7 +83,7 @@ jobs:
           path: packages/frontend/apps/android/dist
 
   ios:
-    runs-on: ${{ github.ref_name == 'canary' && 'macos-latest' || 'blaze/macos-14' }}
+    runs-on: 'macos-15'
     needs:
       - build-ios-web
     steps:
@@ -87,6 +92,7 @@ jobs:
         uses: ./.github/actions/setup-version
         with:
           app-version: ${{ inputs.app-version }}
+          ios-app-version: ${{ inputs.ios-app-version }}
       - name: 'Update Code Sign Identity'
         shell: bash
         run: ./packages/frontend/apps/ios/update_code_sign_identity.sh
@@ -106,7 +112,7 @@ jobs:
           enableScripts: false
       - uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: 16.2
+          xcode-version: 26.2
       - name: Install Swiftformat
         run: brew install swiftformat
       - name: Cap sync

.github/workflows/release.yml

@@ -11,8 +11,18 @@ on:
         required: true
         type: boolean
         default: false
-      desktop:
-        description: 'Release Desktop?'
+      desktop_macos:
+        description: 'Desktop - macOS'
+        required: true
+        type: boolean
+        default: false
+      desktop_windows:
+        description: 'Desktop - Windows'
+        required: true
+        type: boolean
+        default: false
+      desktop_linux:
+        description: 'Desktop - Linux'
         required: true
         type: boolean
         default: false
@@ -21,6 +31,10 @@ on:
         required: true
         type: boolean
         default: false
+      ios-app-version:
+        description: 'iOS App Store Version (Optional, use tag version if empty)'
+        required: false
+        type: string
 
 permissions:
   contents: write
@@ -30,6 +44,7 @@ permissions:
   packages: write
   security-events: write
   attestations: write
+  issues: write
 
 jobs:
   prepare:
@@ -45,6 +60,68 @@ jobs:
         id: prepare
         uses: ./.github/actions/prepare-release
 
+  canary-gate:
+    name: Canary Gate
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    outputs:
+      SHOULD_RELEASE: ${{ steps.decide.outputs.SHOULD_RELEASE }}
+      LAST_CANARY_TAG: ${{ steps.decide.outputs.LAST_CANARY_TAG }}
+      LAST_CANARY_SHA: ${{ steps.decide.outputs.LAST_CANARY_SHA }}
+    steps:
+      - name: Decide whether to release
+        id: decide
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const buildType = '${{ needs.prepare.outputs.BUILD_TYPE }}'
+            if (buildType !== 'canary') {
+              core.setOutput('SHOULD_RELEASE', 'true')
+              return
+            }
+
+            const owner = context.repo.owner
+            const repo = context.repo.repo
+            const currentSha = context.sha
+            const canaryTagRe = /^v\d+\.\d+\.\d+-canary\.[0-9a-f]+$/i
+
+            let page = 1
+            const perPage = 100
+            let lastCanary = null
+
+            while (!lastCanary && page <= 10) {
+              const { data } = await github.rest.repos.listTags({
+                owner,
+                repo,
+                per_page: perPage,
+                page,
+              })
+
+              for (const tag of data) {
+                if (canaryTagRe.test(tag.name)) {
+                  lastCanary = tag
+                  break
+                }
+              }
+
+              if (data.length < perPage) break
+              page++
+            }
+
+            if (!lastCanary) {
+              core.warning('No canary tags found; proceeding with canary release.')
+              core.setOutput('SHOULD_RELEASE', 'true')
+              return
+            }
+
+            core.setOutput('LAST_CANARY_TAG', lastCanary.name)
+            core.setOutput('LAST_CANARY_SHA', lastCanary.commit.sha)
+
+            const shouldRelease = lastCanary.commit.sha !== currentSha
+            core.info(`Latest canary tag ${lastCanary.name} -> ${lastCanary.commit.sha}; current ${currentSha}; should_release=${shouldRelease}`)
+            core.setOutput('SHOULD_RELEASE', shouldRelease ? 'true' : 'false')
+
   cloud:
     name: Release Cloud
     if: ${{ inputs.web || github.event_name != 'workflow_dispatch' }}
@@ -59,9 +136,11 @@ jobs:
 
   image:
     name: Release Docker Image
+    if: ${{ needs.canary-gate.outputs.SHOULD_RELEASE == 'true' }}
     runs-on: ubuntu-latest
     needs:
       - prepare
+      - canary-gate
       - cloud
     steps:
       - uses: trstringer/manual-approval@v1
@@ -69,7 +148,8 @@ jobs:
         name: Wait for approval
         with:
           secret: ${{ secrets.GITHUB_TOKEN }}
-          approvers: forehalo,fengmk2
+          approvers: darkskygit,pengx17,L-Sun,EYHN
+          minimum-approvals: 1
           fail-on-denial: true
           issue-title: Please confirm to release docker image
           issue-body: |
@@ -78,7 +158,7 @@ jobs:
             Tag: ghcr.io/toeverything/affine:${{ needs.prepare.outputs.BUILD_TYPE }}
 
             > comment with "approve", "approved", "lgtm", "yes" to approve
-            > comment with "deny", "deny", "no" to deny
+            > comment with "deny", "denied", "no" to deny
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -96,15 +176,25 @@ jobs:
 
   desktop:
     name: Release Desktop
-    if: ${{ inputs.desktop || github.event_name != 'workflow_dispatch' }}
+    if: >-
+      ${{
+        (github.event_name != 'workflow_dispatch' && needs.canary-gate.outputs.SHOULD_RELEASE == 'true') ||
+        inputs.desktop_macos ||
+        inputs.desktop_windows ||
+        inputs.desktop_linux
+      }}
     needs:
       - prepare
+      - canary-gate
     uses: ./.github/workflows/release-desktop.yml
     secrets: inherit
     with:
       build-type: ${{ needs.prepare.outputs.BUILD_TYPE }}
       app-version: ${{ needs.prepare.outputs.APP_VERSION }}
       git-short-hash: ${{ needs.prepare.outputs.GIT_SHORT_HASH }}
+      desktop_macos: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_macos }}
+      desktop_windows: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_windows }}
+      desktop_linux: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_linux }}
 
   mobile:
     name: Release Mobile
@@ -117,3 +207,4 @@ jobs:
       build-type: ${{ needs.prepare.outputs.BUILD_TYPE }}
       app-version: ${{ needs.prepare.outputs.APP_VERSION }}
       git-short-hash: ${{ needs.prepare.outputs.GIT_SHORT_HASH }}
+      ios-app-version: ${{ inputs.ios-app-version }}

.github/workflows/windows-signer.yml

@@ -29,7 +29,7 @@ jobs:
         shell: cmd
         run: |
           cd ${{ env.ARCHIVE_DIR }}/out
-          signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /a ${{ inputs.files }}
+          signtool sign /tr http://timestamp.globalsign.com/tsa/r6advanced1 /td sha256 /fd sha256 /a ${{ inputs.files }}
       - name: zip file
         shell: cmd
         run: |

.gitignore

@@ -33,6 +33,9 @@ node_modules
 !.vscode/launch.template.json
 !.vscode/extensions.json
 
+# Kiro
+.kiro
+
 # misc
 /.sass-cache
 /connect.lock
@@ -44,6 +47,7 @@ testem.log
 .pnpm-debug.log
 /typings
 tsconfig.tsbuildinfo
+.context
 
 # System Files
 .DS_Store

.nvmrc

@@ -1 +1 @@
-22.16.0
+22.22.0

.prettierignore

@@ -2,6 +2,7 @@
 **/node_modules
 .yarn
 .github/helm
+.git
 .vscode
 .yarnrc.yml
 .docker

.taplo.toml

@@ -1,7 +1,11 @@
-include = ["./*.toml", "./packages/**/*.toml"]
+exclude = [
+  "node_modules/**/*.toml",
+  "target/**/*.toml",
+  "packages/frontend/apps/ios/App/Packages/AffineGraphQL/**/*.toml",
+]
 
+# https://taplo.tamasfe.dev/configuration/formatter-options.html
 [formatting]
-align_entries  = true
-column_width   = 180
-reorder_arrays = true
-reorder_keys   = true
+align_entries = true
+indent_tables = true
+reorder_keys  = true

.yarnrc.yml

@@ -12,4 +12,4 @@ npmPublishAccess: public
 
 npmRegistryServer: "https://registry.npmjs.org"
 
-yarnPath: .yarn/releases/yarn-4.9.1.cjs
+yarnPath: .yarn/releases/yarn-4.12.0.cjs

Cargo.toml

@@ -3,7 +3,6 @@ members = [
   "./packages/backend/native",
   "./packages/common/native",
   "./packages/common/y-octo/core",
-  "./packages/common/y-octo/node",
   "./packages/common/y-octo/utils",
   "./packages/frontend/mobile-native",
   "./packages/frontend/native",
@@ -13,108 +12,124 @@ members = [
 ]
 resolver = "3"
 
-[workspace.package]
-edition = "2024"
+  [workspace.package]
+  edition = "2024"
 
-[workspace.dependencies]
-affine_common          = { path = "./packages/common/native" }
-affine_nbstore         = { path = "./packages/frontend/native/nbstore" }
-ahash                  = "0.8"
-anyhow                 = "1"
-arbitrary              = { version = "1.3", features = ["derive"] }
-assert-json-diff       = "2.0"
-async-lock             = { version = "3.4.0", features = ["loom"] }
-base64-simd            = "0.8"
-bitvec                 = "1.0"
-block2                 = "0.6"
-byteorder              = "1.5"
-cpal                   = "0.15"
-chrono                 = "0.4"
-clap                   = { version = "4.4", features = ["derive"] }
-core-foundation        = "0.10"
-coreaudio-rs           = "0.12"
-criterion              = { version = "0.5", features = ["html_reports"] }
-criterion2             = { version = "3", default-features = false }
-crossbeam-channel      = "0.5"
-dispatch2              = "0.3"
-docx-parser            = { git = "https://github.com/toeverything/docx-parser" }
-dotenvy                = "0.15"
-file-format            = { version = "0.26", features = ["reader"] }
-homedir                = "0.3"
-infer                  = { version = "0.19.0" }
-lasso                  = { version = "0.7", features = ["multi-threaded"] }
-lib0                   = { version = "0.16", features = ["lib0-serde"] }
-libc                   = "0.2"
-log                    = "0.4"
-loom                   = { version = "0.7", features = ["checkpoint"] }
-mimalloc               = "0.1"
-nanoid                 = "0.4"
-napi                   = { version = "3.0.0-beta.3", features = ["async", "chrono_date", "error_anyhow", "napi9", "serde"] }
-napi-build             = { version = "2" }
-napi-derive            = { version = "3.0.0-beta.3" }
-nom                    = "8"
-notify                 = { version = "8", features = ["serde"] }
-objc2                  = "0.6"
-objc2-foundation       = "0.3"
-once_cell              = "1"
-ordered-float          = "5"
-parking_lot            = "0.12"
-path-ext               = "0.1.2"
-pdf-extract            = { git = "https://github.com/toeverything/pdf-extract", branch = "darksky/improve-font-decoding" }
-phf                    = { version = "0.11", features = ["macros"] }
-proptest               = "1.3"
-proptest-derive        = "0.5"
-rand                   = "0.9"
-rand_chacha            = "0.9"
-rand_distr             = "0.5"
-rayon                  = "1.10"
-readability            = { version = "0.3.0", default-features = false }
-regex                  = "1.10"
-rubato                 = "0.16"
-screencapturekit       = "0.3"
-serde                  = "1"
-serde_json             = "1"
-sha3                   = "0.10"
-smol_str               = "0.3"
-sqlx                   = { version = "0.8", default-features = false, features = ["chrono", "macros", "migrate", "runtime-tokio", "sqlite", "tls-rustls"] }
-strum_macros           = "0.27.0"
-symphonia              = { version = "0.5", features = ["all", "opt-simd"] }
-text-splitter          = "0.27"
-thiserror              = "2"
-tiktoken-rs            = "0.7"
-tokio                  = "1.45"
-tree-sitter            = { version = "0.25" }
-tree-sitter-c          = { version = "0.24" }
-tree-sitter-c-sharp    = { version = "0.23" }
-tree-sitter-cpp        = { version = "0.23" }
-tree-sitter-go         = { version = "0.23" }
-tree-sitter-java       = { version = "0.23" }
-tree-sitter-javascript = { version = "0.23" }
-tree-sitter-kotlin-ng  = { version = "1.1" }
-tree-sitter-python     = { version = "0.23" }
-tree-sitter-rust       = { version = "0.24" }
-tree-sitter-scala      = { version = "0.23" }
-tree-sitter-typescript = { version = "0.23" }
-uniffi                 = "0.29"
-url                    = { version = "2.5" }
-uuid                   = "1.8"
-v_htmlescape           = "0.15"
-windows                = { version = "0.61", features = [
-  "Win32_Devices_FunctionDiscovery",
-  "Win32_UI_Shell_PropertiesSystem",
-  "Win32_Media_Audio",
-  "Win32_System_Variant",
-  "Win32_System_Com_StructuredStorage",
-  "Win32_System_Threading",
-  "Win32_System_ProcessStatus",
-  "Win32_Foundation",
-  "Win32_System_Com",
-  "Win32_System_Diagnostics_ToolHelp",
-] }
-windows-core = { version = "0.61" }
-y-octo                 = { path = "./packages/common/y-octo/core" }
-y-sync                 = { version = "0.4" }
-yrs                    = "0.23.0"
+  [workspace.dependencies]
+  affine_common = { path = "./packages/common/native" }
+  affine_nbstore = { path = "./packages/frontend/native/nbstore" }
+  ahash = "0.8"
+  anyhow = "1"
+  arbitrary = { version = "1.3", features = ["derive"] }
+  assert-json-diff = "2.0"
+  async-lock = { version = "3.4.0", features = ["loom"] }
+  base64-simd = "0.8"
+  bitvec = "1.0"
+  block2 = "0.6"
+  byteorder = "1.5"
+  chrono = "0.4"
+  clap = { version = "4.4", features = ["derive"] }
+  core-foundation = "0.10"
+  coreaudio-rs = "0.12"
+  cpal = "0.15"
+  criterion = { version = "0.5", features = ["html_reports"] }
+  criterion2 = { version = "3", default-features = false }
+  crossbeam-channel = "0.5"
+  dispatch2 = "0.3"
+  docx-parser = { git = "https://github.com/toeverything/docx-parser" }
+  dotenvy = "0.15"
+  file-format = { version = "0.28", features = ["reader"] }
+  homedir = "0.3"
+  infer = { version = "0.19.0" }
+  lasso = { version = "0.7", features = ["multi-threaded"] }
+  lib0 = { version = "0.16", features = ["lib0-serde"] }
+  libc = "0.2"
+  log = "0.4"
+  loom = { version = "0.7", features = ["checkpoint"] }
+  memory-indexer = "0.3.0"
+  mimalloc = "0.1"
+  mp4parse = "0.17"
+  nanoid = "0.4"
+  napi = { version = "3.7.0", features = [
+    "async",
+    "chrono_date",
+    "error_anyhow",
+    "napi9",
+    "serde",
+  ] }
+  napi-build = { version = "2" }
+  napi-derive = { version = "3.4" }
+  nom = "8"
+  notify = { version = "8", features = ["serde"] }
+  objc2 = "0.6"
+  objc2-foundation = "0.3"
+  once_cell = "1"
+  ordered-float = "5"
+  parking_lot = "0.12"
+  path-ext = "0.1.2"
+  pdf-extract = { git = "https://github.com/toeverything/pdf-extract", branch = "darksky/improve-font-decoding" }
+  phf = { version = "0.11", features = ["macros"] }
+  proptest = "1.3"
+  proptest-derive = "0.5"
+  pulldown-cmark = "0.13"
+  rand = "0.9"
+  rand_chacha = "0.9"
+  rand_distr = "0.5"
+  rayon = "1.10"
+  readability = { version = "0.3.0", default-features = false }
+  regex = "1.10"
+  rubato = "0.16"
+  screencapturekit = "0.3"
+  serde = "1"
+  serde_json = "1"
+  sha3 = "0.10"
+  smol_str = "0.3"
+  sqlx = { version = "0.8", default-features = false, features = [
+    "chrono",
+    "macros",
+    "migrate",
+    "runtime-tokio",
+    "sqlite",
+    "tls-rustls",
+  ] }
+  strum_macros = "0.27.0"
+  symphonia = { version = "0.5", features = ["all", "opt-simd"] }
+  text-splitter = "0.27"
+  thiserror = "2"
+  tiktoken-rs = "0.7"
+  tokio = "1.45"
+  tree-sitter = { version = "0.25" }
+  tree-sitter-c = { version = "0.24" }
+  tree-sitter-c-sharp = { version = "0.23" }
+  tree-sitter-cpp = { version = "0.23" }
+  tree-sitter-go = { version = "0.23" }
+  tree-sitter-java = { version = "0.23" }
+  tree-sitter-javascript = { version = "0.23" }
+  tree-sitter-kotlin-ng = { version = "1.1" }
+  tree-sitter-python = { version = "0.23" }
+  tree-sitter-rust = { version = "0.24" }
+  tree-sitter-scala = { version = "0.24" }
+  tree-sitter-typescript = { version = "0.23" }
+  uniffi = "0.29"
+  url = { version = "2.5" }
+  uuid = "1.8"
+  v_htmlescape = "0.15"
+  windows = { version = "0.61", features = [
+    "Win32_Devices_FunctionDiscovery",
+    "Win32_Foundation",
+    "Win32_Media_Audio",
+    "Win32_System_Com",
+    "Win32_System_Com_StructuredStorage",
+    "Win32_System_Diagnostics_ToolHelp",
+    "Win32_System_ProcessStatus",
+    "Win32_System_Threading",
+    "Win32_System_Variant",
+    "Win32_UI_Shell_PropertiesSystem",
+  ] }
+  windows-core = { version = "0.61" }
+  y-octo = { path = "./packages/common/y-octo/core" }
+  y-sync = { version = "0.4" }
+  yrs = "0.23.0"
 
 [profile.dev.package.sqlx-macros]
 opt-level = 3
@@ -125,6 +140,6 @@ lto           = true
 opt-level     = 3
 strip         = "symbols"
 
-# android uniffi bindgen requires symbols
-[profile.release.package.affine_mobile_native]
-strip         = "none"
+  # android uniffi bindgen requires symbols
+  [profile.release.package.affine_mobile_native]
+  strip = "none"

LICENSE

@@ -2,7 +2,7 @@ Copyright (c) 2022-present TOEVERYTHING PTE. LTD. and its affiliates.
 
 Portions of this software are licensed as follows:
 
-- All content that resides under the "packages/backend/server" directory of this repository, if that directory exists, is licensed under the license defined in "packages/backend/server/LICENSE".
+- All content that resides under the "packages/backend" and "packages/common/native" directory of this repository, if that directory exists, is licensed under the license defined in "packages/backend/server/LICENSE".
 - All third party components incorporated into the AFFiNE Software are licensed under the original license provided by the owner of the applicable component.
 - Content outside of the above mentioned directories or restrictions above is available under the "MIT" license as defined in "LICENSE-MIT".
 

README.md

@@ -6,7 +6,7 @@
     <br>
 </h1>
 <a href="https://affine.pro/download">
-    <img alt="affine logo" src="https://cdn.affine.pro/Github_hero_image1.png" style="width: 100%">
+    <img alt="affine logo" src="https://cdn.affine.pro/Github_hero_image2.png" style="width: 100%">
 </a>
 <br/>
 <p align="center">
@@ -81,7 +81,7 @@ Star us, and you will receive all release notifications from GitHub without any
 
 **Multimodal AI partner ready to kick in any work**
 
-- Write up professional work report? Turn an outline into expressive and presentable slides? Summary an article into a well-structured mindmap? Sorting your job plan and backlog for tasks? Or... draw and code prototype apps and web pages directly all with one prompt? With you, [AFFiNE AI](https://affine.pro/ai) pushes your creativity to the edge of your imagination,just like [Canvas AI](https://affine.pro/blog/best-canvas-ai) to generate mind map for brainstorming.
+- Write up professional work report? Turn an outline into expressive and presentable slides? Summary an article into a well-structured mindmap? Sorting your job plan and backlog for tasks? Or... draw and code prototype apps and web pages directly all with one prompt? With you, [AFFiNE AI](https://affine.pro/ai) pushes your creativity to the edge of your imagination, just like [Canvas AI](https://affine.pro/blog/best-canvas-ai) to generate mind map for brainstorming.
 
 **Local-first & Real-time collaborative**
 
@@ -193,6 +193,8 @@ We would like to express our gratitude to all the individuals who have already c
 
 Begin with Docker to deploy your own feature-rich, unrestricted version of AFFiNE. Our team is diligently updating to the latest version. For more information on how to self-host AFFiNE, please refer to our [documentation](https://docs.affine.pro/self-host-affine).
 
+[![Run on Sealos](https://sealos.io/Deploy-on-Sealos.svg)](https://sealos.io/products/app-store/affine)
+
 [![Run on ClawCloud](https://raw.githubusercontent.com/ClawCloud/Run-Template/refs/heads/main/Run-on-ClawCloud.svg)](https://template.run.claw.cloud/?openapp=system-fastdeploy%3FtemplateName%3Daffine)
 
 ## Hiring

SECURITY.md

@@ -6,15 +6,14 @@ We recommend users to always use the latest major version. Security updates will
 
 | Version         | Supported          |
 | --------------- | ------------------ |
-| 0.17.x (stable) | :white_check_mark: |
-| < 0.17.x        | :x:                |
+| 0.25.x (stable) | :white_check_mark: |
+| < 0.25.x        | :x:                |
 
 ## Reporting a Vulnerability
 
-We welcome you to provide us with bug reports via and email at [security@toeverything.info](mailto:security@toeverything.info). We expect your report to contain at least the following for us to evaluate and reproduce:
+We welcome you to provide us with bug reports via and email at [security@toeverything.info](mailto:security@toeverything.info) or submit directly on [GitHub](https://github.com/toeverything/AFFiNE/security), **we encourage you to submit the relevant information directly via GitHub**. We expect your report to contain at least the following for us to evaluate and reproduce:
 
 1. Using platform and version, for example:
-
    - macos arm64 0.12.0-canary-202402220729-0868ac6
    - app.affine.pro 0.12.0-canary-202402220729-0868ac6
 
@@ -22,8 +21,6 @@ We welcome you to provide us with bug reports via and email at [security@toevery
 
 3. Your classification or analysis of the vulnerability (optional)
 
-Since we are an open source project, we also welcome you to provide corresponding fix PRs.
-
-We will provide bounties for vulnerabilities involving user information leakage, permission leakage, and unauthorized code execution. For other types of vulnerabilities, we will determine specific rewards based on the evaluation results.
+Since we are an open source project, we also welcome you to provide corresponding fix PRs, we will determine specific rewards based on the evaluation results.
 
 If the vulnerability is caused by a library we depend on, we encourage you to submit a security report to the corresponding dependent library at the same time to benefit more users.

blocksuite/affine/all/package.json

@@ -79,7 +79,7 @@
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@blocksuite/sync": "workspace:*",
-    "rxjs": "^7.8.1"
+    "rxjs": "^7.8.2"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -266,6 +266,7 @@
     "./components/toggle-button": "./src/components/toggle-button.ts",
     "./components/toggle-switch": "./src/components/toggle-switch.ts",
     "./components/toolbar": "./src/components/toolbar.ts",
+    "./components/tooltip": "./src/components/tooltip.ts",
     "./components/view-dropdown-menu": "./src/components/view-dropdown-menu.ts",
     "./components/tooltip-content-with-shortcut": "./src/components/tooltip-content-with-shortcut.ts",
     "./components/resource": "./src/components/resource.ts",
@@ -295,10 +296,10 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4",
+  "version": "0.26.0",
   "devDependencies": {
     "@vanilla-extract/vite-plugin": "^5.0.0",
-    "msw": "^2.8.4",
-    "vitest": "3.1.3"
+    "msw": "^2.12.4",
+    "vitest": "^3.2.4"
   }
 }

blocksuite/affine/all/src/__tests__/adapters/html.unit.spec.ts

@@ -2214,7 +2214,7 @@ describe('html to snapshot', () => {
 
   test('iframe', async () => {
     const html = template(
-      `<iframe width="560" height="315" src="https://www.youtube.com/embed/QDsd0nyzwz0?start=&amp;end=" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>`
+      `<iframe width="560" height="315" src="https://www.youtube.com/embed/QDsd0nyzwz0?start=&amp;end=" title="YouTube video player" frameborder="0" allow="fullscreen; autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin"></iframe>`
     );
 
     const blockSnapshot: BlockSnapshot = {

blocksuite/affine/all/src/__tests__/adapters/markdown.unit.spec.ts

@@ -1,3 +1,4 @@
+import { MarkdownTransformer } from '@blocksuite/affine/widgets/linked-doc';
 import {
   DefaultTheme,
   NoteDisplayMode,
@@ -16,12 +17,15 @@ import type {
   SliceSnapshot,
   TransformerMiddleware,
 } from '@blocksuite/store';
-import { AssetsManager, MemoryBlobCRUD } from '@blocksuite/store';
+import { AssetsManager, MemoryBlobCRUD, Schema } from '@blocksuite/store';
+import { TestWorkspace } from '@blocksuite/store/test';
 import { describe, expect, test } from 'vitest';
 
+import { AffineSchemas } from '../../schemas.js';
 import { createJob } from '../utils/create-job.js';
 import { getProvider } from '../utils/get-provider.js';
 import { nanoidReplacement } from '../utils/nanoid-replacement.js';
+import { testStoreExtensions } from '../utils/store.js';
 
 const provider = getProvider();
 
@@ -90,6 +94,39 @@ describe('snapshot to markdown', () => {
     expect(target.file).toBe(markdown);
   });
 
+  test('imports frontmatter metadata into doc meta', async () => {
+    const schema = new Schema().register(AffineSchemas);
+    const collection = new TestWorkspace();
+    collection.storeExtensions = testStoreExtensions;
+    collection.meta.initialize();
+
+    const markdown = `---
+title: Web developer
+created: 2018-04-12T09:51:00
+updated: 2018-04-12T10:00:00
+tags: [a, b]
+favorite: true
+---
+Hello world
+`;
+
+    const docId = await MarkdownTransformer.importMarkdownToDoc({
+      collection,
+      schema,
+      markdown,
+      fileName: 'fallback-title',
+      extensions: testStoreExtensions,
+    });
+
+    expect(docId).toBeTruthy();
+    const meta = collection.meta.getDocMeta(docId!);
+    expect(meta?.title).toBe('Web developer');
+    expect(meta?.createDate).toBe(Date.parse('2018-04-12T09:51:00'));
+    expect(meta?.updatedDate).toBe(Date.parse('2018-04-12T10:00:00'));
+    expect(meta?.favorite).toBe(true);
+    expect(meta?.tags).toEqual(['a', 'b']);
+  });
+
   test('paragraph', async () => {
     const blockSnapshot: BlockSnapshot = {
       type: 'block',
@@ -2996,6 +3033,50 @@ describe('markdown to snapshot', () => {
     });
   });
 
+  test('html inline color span imports to nearest supported text color', async () => {
+    const markdown = `<span style="color: #00afde;">Hello</span>`;
+    const blockSnapshot: BlockSnapshot = {
+      type: 'block',
+      id: 'matchesReplaceMap[0]',
+      flavour: 'affine:note',
+      props: {
+        xywh: '[0,0,800,95]',
+        background: DefaultTheme.noteBackgrounColor,
+        index: 'a0',
+        hidden: false,
+        displayMode: NoteDisplayMode.DocAndEdgeless,
+      },
+      children: [
+        {
+          type: 'block',
+          id: 'matchesReplaceMap[1]',
+          flavour: 'affine:paragraph',
+          props: {
+            type: 'text',
+            text: {
+              '$blocksuite:internal:text$': true,
+              delta: [
+                {
+                  insert: 'Hello',
+                  attributes: {
+                    color: 'var(--affine-v2-text-highlight-fg-blue)',
+                  },
+                },
+              ],
+            },
+          },
+          children: [],
+        },
+      ],
+    };
+
+    const mdAdapter = new MarkdownAdapter(createJob(), provider);
+    const rawBlockSnapshot = await mdAdapter.toBlockSnapshot({
+      file: markdown,
+    });
+    expect(nanoidReplacement(rawBlockSnapshot)).toEqual(blockSnapshot);
+  });
+
   test('paragraph', async () => {
     const markdown = `aaa
 

blocksuite/affine/all/src/components/tooltip.ts

@@ -0,0 +1 @@
+export * from '@blocksuite/affine-components/tooltip';

blocksuite/affine/blocks/attachment/package.json

@@ -17,18 +17,18 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "file-type": "^21.0.0",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -41,5 +41,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/attachment/src/attachment-block.ts

@@ -17,7 +17,7 @@ import {
   AttachmentBlockStyles,
 } from '@blocksuite/affine-model';
 import {
-  BlockCommentManager,
+  BlockElementCommentManager,
   CitationProvider,
   DocModeProvider,
   FileSizeLimitProvider,
@@ -96,7 +96,7 @@ export class AttachmentBlockComponent extends CaptionedBlockComponent<Attachment
   get isCommentHighlighted() {
     return (
       this.std
-        .getOptional(BlockCommentManager)
+        .getOptional(BlockElementCommentManager)
         ?.isBlockCommentHighlighted(this.model) ?? false
     );
   }

blocksuite/affine/blocks/attachment/src/configs/toolbar.ts

@@ -10,7 +10,6 @@ import {
 } from '@blocksuite/affine-shared/consts';
 import {
   ActionPlacement,
-  blockCommentToolbarButton,
   type ToolbarAction,
   type ToolbarActionGroup,
   type ToolbarModuleConfig,
@@ -241,10 +240,6 @@ const builtinToolbarConfig = {
     replaceAction,
     downloadAction,
     captionAction,
-    {
-      id: 'f.comment',
-      ...blockCommentToolbarButton,
-    },
     {
       placement: ActionPlacement.More,
       id: 'a.clipboard',

blocksuite/affine/blocks/bookmark/package.json

@@ -19,20 +19,20 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "yjs": "^13.6.23",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "yjs": "^13.6.27",
+    "zod": "^3.25.76"
   },
   "devDependencies": {
-    "vitest": "3.1.3"
+    "vitest": "^3.2.4"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -45,5 +45,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/bookmark/src/bookmark-block.ts

@@ -8,7 +8,7 @@ import type {
 } from '@blocksuite/affine-model';
 import { ImageProxyService } from '@blocksuite/affine-shared/adapters';
 import {
-  BlockCommentManager,
+  BlockElementCommentManager,
   CitationProvider,
   DocModeProvider,
   LinkPreviewServiceIdentifier,
@@ -132,7 +132,7 @@ export class BookmarkBlockComponent extends CaptionedBlockComponent<BookmarkBloc
   get isCommentHighlighted() {
     return (
       this.std
-        .getOptional(BlockCommentManager)
+        .getOptional(BlockElementCommentManager)
         ?.isBlockCommentHighlighted(this.model) ?? false
     );
   }

blocksuite/affine/blocks/bookmark/src/configs/toolbar.ts

@@ -17,7 +17,6 @@ import {
 } from '@blocksuite/affine-shared/consts';
 import {
   ActionPlacement,
-  blockCommentToolbarButton,
   EmbedIframeService,
   EmbedOptionProvider,
   type LinkEventType,
@@ -289,10 +288,6 @@ const builtinToolbarConfig = {
       },
     } satisfies ToolbarActionGroup<ToolbarAction>,
     captionAction,
-    {
-      id: 'e.comment',
-      ...blockCommentToolbarButton,
-    },
     {
       placement: ActionPlacement.More,
       id: 'a.clipboard',

blocksuite/affine/blocks/bookmark/src/styles.ts

@@ -17,9 +17,9 @@ export const styles = css`
     width: 100%;
 
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
 
-    background: var(--affine-background-primary-color);
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
   }
 

blocksuite/affine/blocks/callout/package.json

@@ -18,20 +18,21 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@emoji-mart/data": "^1.2.1",
+    "@emotion/css": "^11.13.5",
     "@floating-ui/dom": "^1.6.10",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/mdast": "^4.0.4",
     "emoji-mart": "^5.6.0",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -44,5 +45,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/callout/src/callout-block-styles.ts

@@ -0,0 +1,56 @@
+import { css } from '@emotion/css';
+
+export const calloutHostStyles = css({
+  display: 'block',
+  margin: '8px 0',
+});
+
+export const calloutBlockContainerStyles = css({
+  display: 'flex',
+  alignItems: 'flex-start',
+  padding: '5px 10px',
+  borderRadius: '8px',
+});
+
+export const calloutEmojiContainerStyles = css({
+  userSelect: 'none',
+  fontSize: '1.2em',
+  width: '24px',
+  height: '24px',
+  display: 'flex',
+  alignItems: 'center',
+  justifyContent: 'center',
+  // marginTop is dynamically set by JavaScript based on first child's height
+  marginBottom: '10px',
+  flexShrink: 0,
+  position: 'relative',
+});
+
+export const calloutEmojiStyles = css({
+  display: 'flex',
+  alignItems: 'center',
+  justifyContent: 'center',
+  ':hover': {
+    cursor: 'pointer',
+    opacity: 0.7,
+  },
+});
+
+export const calloutChildrenStyles = css({
+  flex: 1,
+  minWidth: 0,
+  paddingLeft: '10px',
+});
+
+export const iconPickerContainerStyles = css({
+  position: 'absolute',
+  top: '100%',
+  left: 0,
+  zIndex: 1000,
+  background: 'white',
+  border: '1px solid #ccc',
+  borderRadius: '8px',
+  boxShadow: '0 4px 12px rgba(0, 0, 0, 0.15)',
+  width: '390px',
+  height: '400px',
+});

blocksuite/affine/blocks/callout/src/callout-block.ts

@@ -1,84 +1,191 @@
 import { CaptionedBlockComponent } from '@blocksuite/affine-components/caption';
-import { createLitPortal } from '@blocksuite/affine-components/portal';
+import {
+  createPopup,
+  popupTargetFromElement,
+} from '@blocksuite/affine-components/context-menu';
 import { DefaultInlineManagerExtension } from '@blocksuite/affine-inline-preset';
-import { type CalloutBlockModel } from '@blocksuite/affine-model';
+import {
+  type CalloutBlockModel,
+  type ParagraphBlockModel,
+} from '@blocksuite/affine-model';
+import { focusTextModel } from '@blocksuite/affine-rich-text';
 import { EDGELESS_TOP_CONTENTEDITABLE_SELECTOR } from '@blocksuite/affine-shared/consts';
 import {
   DocModeProvider,
-  ThemeProvider,
+  type IconData,
+  IconPickerServiceIdentifier,
+  IconType,
 } from '@blocksuite/affine-shared/services';
-import { unsafeCSSVarV2 } from '@blocksuite/affine-shared/theme';
+import type { UniComponent } from '@blocksuite/affine-shared/types';
+import * as icons from '@blocksuite/icons/lit';
 import type { BlockComponent } from '@blocksuite/std';
-import { flip, offset } from '@floating-ui/dom';
-import { css, html } from 'lit';
-import { query } from 'lit/decorators.js';
-import { styleMap } from 'lit/directives/style-map.js';
+import { type Signal } from '@preact/signals-core';
+import { cssVarV2 } from '@toeverything/theme/v2';
+import type { TemplateResult } from 'lit';
+import { html } from 'lit';
+import { type StyleInfo, styleMap } from 'lit/directives/style-map.js';
+
+import {
+  calloutBlockContainerStyles,
+  calloutChildrenStyles,
+  calloutEmojiContainerStyles,
+  calloutEmojiStyles,
+  calloutHostStyles,
+} from './callout-block-styles.js';
+import { IconPickerWrapper } from './icon-picker-wrapper.js';
+// Copy of renderUniLit and UniLit from affine-data-view
+export const renderUniLit = <Props, Expose extends NonNullable<unknown>>(
+  uni: UniComponent<Props, Expose> | undefined,
+  props?: Props,
+  options?: {
+    ref?: Signal<Expose | undefined>;
+    style?: Readonly<StyleInfo>;
+    class?: string;
+  }
+): TemplateResult => {
+  return html` <uni-lit
+    .uni="${uni}"
+    .props="${props}"
+    .ref="${options?.ref}"
+    style=${options?.style ? styleMap(options?.style) : ''}
+  ></uni-lit>`;
+};
+const getIcon = (icon?: IconData) => {
+  if (!icon) {
+    return null;
+  }
+  if (icon.type === IconType.Emoji) {
+    return icon.unicode;
+  }
+  if (icon.type === IconType.AffineIcon) {
+    return (
+      icons as Record<string, (props: { style: string }) => TemplateResult>
+    )[`${icon.name}Icon`]?.({ style: `color:${icon.color}` });
+  }
+  return null;
+};
 export class CalloutBlockComponent extends CaptionedBlockComponent<CalloutBlockModel> {
-  static override styles = css`
-    :host {
-      display: block;
-      margin: 8px 0;
+  private _popupCloseHandler: (() => void) | null = null;
+
+  override connectedCallback() {
+    super.connectedCallback();
+    this.classList.add(calloutHostStyles);
+  }
+
+  private _getEmojiMarginTop(): string {
+    if (this.model.children.length === 0) {
+      return '10px';
     }
 
-    .affine-callout-block-container {
-      display: flex;
-      padding: 5px 10px;
-      border-radius: 8px;
-      background-color: ${unsafeCSSVarV2('block/callout/background/grey')};
+    const firstChild = this.model.children[0];
+    const flavour = firstChild.flavour;
+
+    const marginTopMap: Record<string, string> = {
+      'affine:paragraph:h1': '23px',
+      'affine:paragraph:h2': '20px',
+      'affine:paragraph:h3': '16px',
+      'affine:paragraph:h4': '15px',
+      'affine:paragraph:h5': '14px',
+      'affine:paragraph:h6': '13px',
+    };
+
+    // For heading blocks, use the type to determine margin
+    if (flavour === 'affine:paragraph') {
+      const paragraph = firstChild as ParagraphBlockModel;
+      const type = paragraph.props.type$.value;
+      const key = `${flavour}:${type}`;
+      return marginTopMap[key] || '10px';
     }
 
-    .affine-callout-emoji-container {
-      margin-right: 10px;
-      margin-top: 14px;
-      user-select: none;
-      font-size: 1.2em;
-      width: 24px;
-      height: 24px;
-      display: flex;
-      align-items: center;
-      justify-content: center;
+    // Default for all other block types
+    return '10px';
+  }
+
+  private _closeIconPicker() {
+    if (this._popupCloseHandler) {
+      this._popupCloseHandler();
+      this._popupCloseHandler = null;
     }
-    .affine-callout-emoji:hover {
-      cursor: pointer;
-      opacity: 0.7;
+  }
+
+  private _toggleIconPicker(event: MouseEvent) {
+    // If popup is already open, close it
+    if (this._popupCloseHandler) {
+      this._closeIconPicker();
+      return;
     }
 
-    .affine-callout-children {
-      flex: 1;
-      min-width: 0;
-      padding-left: 10px;
+    // Get IconPickerService from the framework
+    const iconPickerService = this.std.getOptional(IconPickerServiceIdentifier);
+    if (!iconPickerService) {
+      console.warn('IconPickerService not found');
+      return;
     }
-  `;
 
-  private _emojiMenuAbortController: AbortController | null = null;
-  private readonly _toggleEmojiMenu = () => {
-    if (this._emojiMenuAbortController) {
-      this._emojiMenuAbortController.abort();
-    }
-    this._emojiMenuAbortController = new AbortController();
+    // Get the uni-component from the service
+    const iconPickerComponent = iconPickerService.iconPickerComponent;
 
-    const theme = this.std.get(ThemeProvider).theme$.value;
-
-    createLitPortal({
-      template: html`<affine-emoji-menu
-        .theme=${theme}
-        .onEmojiSelect=${(data: any) => {
-          this.model.props.emoji = data.native;
-        }}
-      ></affine-emoji-menu>`,
-      portalStyles: {
-        zIndex: 'var(--affine-z-index-popover)',
+    // Create props for the icon picker
+    const props = {
+      onSelect: (iconData?: IconData) => {
+        this.model.props.icon$.value = iconData;
+        this._closeIconPicker(); // Close the picker after selection
       },
-      container: this.host,
-      computePosition: {
-        referenceElement: this._emojiButton,
-        placement: 'bottom-start',
-        middleware: [flip(), offset(4)],
-        autoUpdate: { animationFrame: true },
+      onClose: () => {
+        this._closeIconPicker();
+      },
+    };
+
+    // Create IconPickerWrapper instance
+    const wrapper = new IconPickerWrapper();
+    wrapper.iconPickerComponent = iconPickerComponent;
+    wrapper.props = props;
+    wrapper.style.position = 'absolute';
+    wrapper.style.backgroundColor = cssVarV2.layer.background.overlayPanel;
+    wrapper.style.boxShadow = 'var(--affine-menu-shadow)';
+    wrapper.style.borderRadius = '8px';
+
+    // Create popup target from the clicked element
+    const target = popupTargetFromElement(event.currentTarget as HTMLElement);
+
+    // Create popup
+    this._popupCloseHandler = createPopup(target, wrapper, {
+      onClose: () => {
+        this._popupCloseHandler = null;
       },
-      abortController: this._emojiMenuAbortController,
-      closeOnClickAway: true,
     });
+  }
+
+  private readonly _handleBlockClick = (event: MouseEvent) => {
+    // Check if the click target is emoji related element
+    const target = event.target as HTMLElement;
+    if (
+      target.closest('.affine-callout-emoji-container') ||
+      target.classList.contains('affine-callout-emoji')
+    ) {
+      return;
+    }
+
+    // If there's no icon, open icon picker on click
+    const icon = this.model.props.icon$.value;
+    if (!icon) {
+      this._toggleIconPicker(event);
+      return;
+    }
+
+    // Only handle clicks when there are no children
+    if (this.model.children.length > 0) {
+      return;
+    }
+
+    // Prevent event bubbling
+    event.stopPropagation();
+
+    // Create a new paragraph block
+    const paragraphId = this.store.addBlock('affine:paragraph', {}, this.model);
+
+    // Focus the new paragraph
+    focusTextModel(this.std, paragraphId);
   };
 
   get attributeRenderer() {
@@ -97,9 +204,6 @@ export class CalloutBlockComponent extends CaptionedBlockComponent<CalloutBlockM
     return this.std.get(DefaultInlineManagerExtension.identifier);
   }
 
-  @query('.affine-callout-emoji')
-  private accessor _emojiButton!: HTMLElement;
-
   override get topContenteditableElement() {
     if (this.std.get(DocModeProvider).getEditorMode() === 'edgeless') {
       return this.closest<BlockComponent>(
@@ -110,20 +214,39 @@ export class CalloutBlockComponent extends CaptionedBlockComponent<CalloutBlockM
   }
 
   override renderBlock() {
-    const emoji = this.model.props.emoji$.value;
+    const icon = this.model.props.icon$.value;
+    const backgroundColorName = this.model.props.backgroundColorName$.value;
+    const backgroundColor = (
+      cssVarV2.block.callout.background as Record<string, string>
+    )[backgroundColorName ?? ''];
+
+    const iconContent = getIcon(icon);
+
     return html`
-      <div class="affine-callout-block-container">
-        <div
-          @click=${this._toggleEmojiMenu}
-          contenteditable="false"
-          class="affine-callout-emoji-container"
-          style=${styleMap({
-            display: emoji.length === 0 ? 'none' : undefined,
-          })}
-        >
-          <span class="affine-callout-emoji">${emoji}</span>
-        </div>
-        <div class="affine-callout-children">
+      <div
+        class="${calloutBlockContainerStyles}"
+        @click=${this._handleBlockClick}
+        style=${styleMap({
+          backgroundColor: backgroundColor ?? 'transparent',
+        })}
+      >
+        ${iconContent
+          ? html`
+              <div
+                @click=${this._toggleIconPicker}
+                contenteditable="false"
+                class="${calloutEmojiContainerStyles}"
+                style=${styleMap({
+                  marginTop: this._getEmojiMarginTop(),
+                })}
+              >
+                <span class="${calloutEmojiStyles}" data-testid="callout-emoji"
+                  >${iconContent}</span
+                >
+              </div>
+            `
+          : ''}
+        <div class="${calloutChildrenStyles}">
           ${this.renderChildren(this.model)}
         </div>
       </div>

blocksuite/affine/blocks/callout/src/callout-keymap.ts

@@ -1,4 +1,7 @@
-import { CalloutBlockModel } from '@blocksuite/affine-model';
+import {
+  CalloutBlockModel,
+  ParagraphBlockModel,
+} from '@blocksuite/affine-model';
 import { matchModels } from '@blocksuite/affine-shared/utils';
 import {
   BlockSelection,
@@ -6,13 +9,46 @@ import {
   TextSelection,
 } from '@blocksuite/std';
 
+import { calloutToParagraphCommand } from './commands/callout-to-paragraph.js';
+import { splitCalloutCommand } from './commands/split-callout.js';
+
 export const CalloutKeymapExtension = KeymapExtension(std => {
   return {
+    Enter: ctx => {
+      const text = std.selection.find(TextSelection);
+      if (!text) return false;
+
+      const currentBlock = std.store.getBlock(text.from.blockId);
+      if (!currentBlock) return false;
+
+      // Check if current block is a callout block
+      let calloutBlock = currentBlock;
+      if (!matchModels(currentBlock.model, [CalloutBlockModel])) {
+        // If not, check if the parent is a callout block
+        const parent = std.store.getParent(currentBlock.model);
+        if (!parent || !matchModels(parent, [CalloutBlockModel])) {
+          return false;
+        }
+        const parentBlock = std.store.getBlock(parent.id);
+        if (!parentBlock) return false;
+        calloutBlock = parentBlock;
+      }
+
+      ctx.get('keyboardState').raw.preventDefault();
+      std.command
+        .chain()
+        .pipe(splitCalloutCommand, {
+          blockId: calloutBlock.model.id,
+          inlineIndex: text.from.index,
+          currentBlockId: text.from.blockId,
+        })
+        .run();
+      return true;
+    },
     Backspace: ctx => {
       const text = std.selection.find(TextSelection);
       if (text && text.isCollapsed() && text.from.index === 0) {
         const event = ctx.get('defaultState').event;
-        event.preventDefault();
 
         const block = std.store.getBlock(text.from.blockId);
         if (!block) return false;
@@ -20,6 +56,22 @@ export const CalloutKeymapExtension = KeymapExtension(std => {
         if (!parent) return false;
         if (!matchModels(parent, [CalloutBlockModel])) return false;
 
+        // Check if current block is a paragraph inside callout
+        if (matchModels(block.model, [ParagraphBlockModel])) {
+          event.preventDefault();
+
+          std.command
+            .chain()
+            .pipe(calloutToParagraphCommand, {
+              id: block.model.id,
+            })
+            .run();
+
+          return true;
+        }
+
+        // Fallback to selecting the callout block
+        event.preventDefault();
         std.selection.setGroup('note', [
           std.selection.create(BlockSelection, {
             blockId: parent.id,

blocksuite/affine/blocks/callout/src/commands/callout-to-paragraph.ts

@@ -0,0 +1,86 @@
+import {
+  CalloutBlockModel,
+  ParagraphBlockModel,
+} from '@blocksuite/affine-model';
+import { focusTextModel } from '@blocksuite/affine-rich-text';
+import { matchModels } from '@blocksuite/affine-shared/utils';
+import type { Command } from '@blocksuite/std';
+import { BlockSelection } from '@blocksuite/std';
+import { Text } from '@blocksuite/store';
+
+export const calloutToParagraphCommand: Command<
+  {
+    id: string;
+    stopCapturing?: boolean;
+  },
+  {
+    success: boolean;
+  }
+> = (ctx, next) => {
+  const { id, stopCapturing = true } = ctx;
+  const std = ctx.std;
+  const doc = std.store;
+  const model = doc.getBlock(id)?.model;
+
+  if (!model || !matchModels(model, [ParagraphBlockModel])) return false;
+
+  const parent = doc.getParent(model);
+  if (!parent || !matchModels(parent, [CalloutBlockModel])) return false;
+
+  if (stopCapturing) std.store.captureSync();
+
+  // Get current block index in callout
+  const currentIndex = parent.children.indexOf(model);
+  const hasText = model.text && model.text.length > 0;
+
+  // Find previous paragraph block in callout
+  let previousBlock = null;
+  for (let i = currentIndex - 1; i >= 0; i--) {
+    const sibling = parent.children[i];
+    if (matchModels(sibling, [ParagraphBlockModel])) {
+      previousBlock = sibling;
+      break;
+    }
+  }
+
+  if (previousBlock && hasText) {
+    // Clone current text content before any operations to prevent data loss
+    const currentText = model.text || new Text();
+
+    // Get previous block text and merge index
+    const previousText = previousBlock.text || new Text();
+    const mergeIndex = previousText.length;
+
+    // Apply each delta from cloned current text to previous block to preserve formatting
+    previousText.join(currentText);
+
+    // Remove current block after text has been merged
+    doc.deleteBlock(model, {
+      deleteChildren: false,
+    });
+
+    // Focus at merge point in previous block
+    focusTextModel(std, previousBlock.id, mergeIndex);
+  } else if (previousBlock && !hasText) {
+    // Move cursor to end of previous block
+    doc.deleteBlock(model, {
+      deleteChildren: false,
+    });
+
+    const previousText = previousBlock.text || new Text();
+    focusTextModel(std, previousBlock.id, previousText.length);
+  } else {
+    // No previous block, select the entire callout
+    doc.deleteBlock(model, {
+      deleteChildren: false,
+    });
+
+    std.selection.setGroup('note', [
+      std.selection.create(BlockSelection, {
+        blockId: parent.id,
+      }),
+    ]);
+  }
+
+  return next({ success: true });
+};

blocksuite/affine/blocks/callout/src/commands/split-callout.ts

@@ -0,0 +1,85 @@
+import {
+  CalloutBlockModel,
+  ParagraphBlockModel,
+} from '@blocksuite/affine-model';
+import { focusTextModel } from '@blocksuite/affine-rich-text';
+import { matchModels } from '@blocksuite/affine-shared/utils';
+import type { Command, EditorHost } from '@blocksuite/std';
+
+export const splitCalloutCommand: Command<{
+  blockId: string;
+  inlineIndex: number;
+  currentBlockId: string;
+}> = (ctx, next) => {
+  const { blockId, inlineIndex, currentBlockId, std } = ctx;
+  const host = std.host as EditorHost;
+  const doc = host.store;
+
+  const calloutModel = doc.getBlock(blockId)?.model;
+  if (!calloutModel || !matchModels(calloutModel, [CalloutBlockModel])) {
+    console.error(`block ${blockId} is not a callout block`);
+    return;
+  }
+
+  const currentModel = doc.getBlock(currentBlockId)?.model;
+  if (!currentModel) {
+    console.error(`current block ${currentBlockId} not found`);
+    return;
+  }
+
+  doc.captureSync();
+
+  if (matchModels(currentModel, [ParagraphBlockModel])) {
+    // User is in a paragraph within the callout's children
+    const afterText = currentModel.props.text.split(inlineIndex);
+
+    // Update the current paragraph's text to keep only the part before cursor
+    doc.transact(() => {
+      currentModel.props.text.delete(
+        inlineIndex,
+        currentModel.props.text.length - inlineIndex
+      );
+    });
+
+    // Create a new paragraph block after the current one
+    const parent = doc.getParent(currentModel);
+    if (parent) {
+      const currentIndex = parent.children.indexOf(currentModel);
+      const newParagraphId = doc.addBlock(
+        'affine:paragraph',
+        {
+          text: afterText,
+        },
+        parent,
+        currentIndex + 1
+      );
+
+      if (newParagraphId) {
+        host.updateComplete
+          .then(() => {
+            focusTextModel(std, newParagraphId);
+          })
+          .catch(console.error);
+      }
+    }
+  } else {
+    // If current block is not a paragraph, create a new paragraph in callout
+    const newParagraphId = doc.addBlock(
+      'affine:paragraph',
+      {
+        text: new Text(),
+      },
+      calloutModel
+    );
+
+    if (newParagraphId) {
+      host.updateComplete
+        .then(() => {
+          focusTextModel(std, newParagraphId);
+        })
+        .catch(console.error);
+    }
+  }
+
+  next();
+};

blocksuite/affine/blocks/callout/src/configs/slash-menu.ts

@@ -1,24 +1,11 @@
-import { CalloutBlockModel } from '@blocksuite/affine-model';
 import { focusBlockEnd } from '@blocksuite/affine-shared/commands';
-import { FeatureFlagService } from '@blocksuite/affine-shared/services';
-import {
-  findAncestorModel,
-  isInsideBlockByFlavour,
-  matchModels,
-} from '@blocksuite/affine-shared/utils';
+import { isInsideBlockByFlavour } from '@blocksuite/affine-shared/utils';
 import { type SlashMenuConfig } from '@blocksuite/affine-widget-slash-menu';
 import { FontIcon } from '@blocksuite/icons/lit';
 
 import { calloutTooltip } from './tooltips';
 
 export const calloutSlashMenuConfig: SlashMenuConfig = {
-  disableWhen: ({ model }) => {
-    return (
-      findAncestorModel(model, ancestor =>
-        matchModels(ancestor, [CalloutBlockModel])
-      ) !== null
-    );
-  },
   items: [
     {
       name: 'Callout',
@@ -30,10 +17,11 @@ export const calloutSlashMenuConfig: SlashMenuConfig = {
       },
       searchAlias: ['callout'],
       group: '0_Basic@9',
-      when: ({ std, model }) => {
-        return (
-          std.get(FeatureFlagService).getFlag('enable_callout') &&
-          !isInsideBlockByFlavour(model.store, model, 'affine:edgeless-text')
+      when: ({ model }) => {
+        return !isInsideBlockByFlavour(
+          model.store,
+          model,
+          'affine:edgeless-text'
         );
       },
       action: ({ model, std }) => {

blocksuite/affine/blocks/callout/src/configs/toolbar.ts

@@ -0,0 +1,204 @@
+import {
+  createPopup,
+  popupTargetFromElement,
+} from '@blocksuite/affine-components/context-menu';
+import { EditorChevronDown } from '@blocksuite/affine-components/toolbar';
+import { CalloutBlockModel } from '@blocksuite/affine-model';
+import {
+  ActionPlacement,
+  type IconData,
+  IconPickerServiceIdentifier,
+  type ToolbarAction,
+  type ToolbarActionGroup,
+  type ToolbarModuleConfig,
+  ToolbarModuleExtension,
+} from '@blocksuite/affine-shared/services';
+import { DeleteIcon, PaletteIcon, SmileIcon } from '@blocksuite/icons/lit';
+import { BlockFlavourIdentifier } from '@blocksuite/std';
+import type { ExtensionType } from '@blocksuite/store';
+import { cssVarV2 } from '@toeverything/theme/v2';
+import { html } from 'lit';
+import { repeat } from 'lit/directives/repeat.js';
+import { styleMap } from 'lit/directives/style-map.js';
+
+import { IconPickerWrapper } from '../icon-picker-wrapper.js';
+
+const colors = [
+  'default',
+  'red',
+  'orange',
+  'yellow',
+  'green',
+  'teal',
+  'blue',
+  'purple',
+  'grey',
+] as const;
+
+const backgroundColorAction = {
+  id: 'background-color',
+  label: 'Background Color',
+  tooltip: 'Change background color',
+  icon: PaletteIcon(),
+  run() {
+    // This will be handled by the content function
+  },
+  content(ctx) {
+    const model = ctx.getCurrentModelByType(CalloutBlockModel);
+    if (!model) return null;
+
+    const updateBackground = (color: string) => {
+      ctx.store.updateBlock(model, { backgroundColorName: color });
+    };
+
+    return html`
+      <editor-menu-button
+        .contentPadding=${'8px'}
+        .button=${html`
+          <editor-icon-button
+            aria-label="background"
+            .tooltip=${'Background Color'}
+          >
+            ${PaletteIcon()} ${EditorChevronDown}
+          </editor-icon-button>
+        `}
+      >
+        <div data-size="large" data-orientation="vertical">
+          <div class="highlight-heading">Background</div>
+          ${repeat(colors, color => {
+            const isDefault = color === 'default';
+            const value = isDefault
+              ? null
+              : `var(--affine-text-highlight-${color})`;
+            const displayName = `${color} Background`;
+
+            return html`
+              <editor-menu-action
+                data-testid="background-${color}"
+                @click=${() => updateBackground(color)}
+              >
+                <affine-text-duotone-icon
+                  style=${styleMap({
+                    '--color': 'var(--affine-text-primary-color)',
+                    '--background': value ?? 'transparent',
+                  })}
+                ></affine-text-duotone-icon>
+                <span class="label capitalize">${displayName}</span>
+              </editor-menu-action>
+            `;
+          })}
+        </div>
+      </editor-menu-button>
+    `;
+  },
+} satisfies ToolbarAction;
+
+const iconPickerAction = {
+  id: 'icon-picker',
+  label: 'Icon Picker',
+  tooltip: 'Change icon',
+  icon: SmileIcon(),
+  run() {
+    // This will be handled by the content function
+  },
+  content(ctx) {
+    const model = ctx.getCurrentModelByType(CalloutBlockModel);
+    if (!model) return null;
+
+    const handleIconPickerClick = (event: MouseEvent) => {
+      // Get IconPickerService from the framework
+      const iconPickerService = ctx.std.getOptional(
+        IconPickerServiceIdentifier
+      );
+      if (!iconPickerService) {
+        console.warn('IconPickerService not found');
+        return;
+      }
+
+      // Get the uni-component from the service
+      const iconPickerComponent = iconPickerService.iconPickerComponent;
+
+      // Create props for the icon picker
+      const props = {
+        onSelect: (iconData?: IconData) => {
+          // When iconData is undefined (delete icon), set icon to undefined
+          ctx.store.updateBlock(model, { icon: iconData });
+          closeHandler(); // Close the picker after selection
+        },
+        onClose: () => {
+          closeHandler();
+        },
+      };
+
+      // Create IconPickerWrapper instance
+      const wrapper = new IconPickerWrapper();
+      wrapper.iconPickerComponent = iconPickerComponent;
+      wrapper.props = props;
+      wrapper.style.position = 'absolute';
+      wrapper.style.backgroundColor = cssVarV2.layer.background.overlayPanel;
+      wrapper.style.boxShadow = 'var(--affine-menu-shadow)';
+      wrapper.style.borderRadius = '8px';
+
+      // Create popup target from the clicked element
+      const target = popupTargetFromElement(event.currentTarget as HTMLElement);
+
+      // Create popup
+      const closeHandler = createPopup(target, wrapper, {
+        onClose: () => {
+          // Cleanup if needed
+        },
+      });
+    };
+
+    return html`
+      <editor-icon-button
+        aria-label="icon-picker"
+        .tooltip=${'Change Icon'}
+        @click=${handleIconPickerClick}
+      >
+        ${SmileIcon()} ${EditorChevronDown}
+      </editor-icon-button>
+    `;
+  },
+} satisfies ToolbarAction;
+
+const builtinToolbarConfig = {
+  actions: [
+    {
+      id: 'style',
+      actions: [backgroundColorAction],
+    } satisfies ToolbarActionGroup<ToolbarAction>,
+    {
+      id: 'icon',
+      actions: [iconPickerAction],
+    } satisfies ToolbarActionGroup<ToolbarAction>,
+    {
+      placement: ActionPlacement.More,
+      id: 'c.delete',
+      label: 'Delete',
+      icon: DeleteIcon(),
+      variant: 'destructive',
+      run(ctx) {
+        const model = ctx.getCurrentModelByType(CalloutBlockModel);
+        if (!model) return;
+
+        ctx.store.deleteBlock(model);
+
+        // Clears
+        ctx.select('note');
+        ctx.reset();
+      },
+    } satisfies ToolbarAction,
+  ],
+} as const satisfies ToolbarModuleConfig;
+
+export const createBuiltinToolbarConfigExtension = (
+  flavour: string
+): ExtensionType[] => {
+  return [
+    ToolbarModuleExtension({
+      id: BlockFlavourIdentifier(flavour),
+      config: builtinToolbarConfig,
+    }),
+  ];
+};

blocksuite/affine/blocks/callout/src/effects.ts

@@ -1,14 +1,14 @@
 import { CalloutBlockComponent } from './callout-block';
-import { EmojiMenu } from './emoji-menu';
+import { IconPickerWrapper } from './icon-picker-wrapper';
 
 export function effects() {
   customElements.define('affine-callout', CalloutBlockComponent);
-  customElements.define('affine-emoji-menu', EmojiMenu);
+  customElements.define('icon-picker-wrapper', IconPickerWrapper);
 }
 
 declare global {
   interface HTMLElementTagNameMap {
     'affine-callout': CalloutBlockComponent;
-    'affine-emoji-menu': EmojiMenu;
+    'icon-picker-wrapper': IconPickerWrapper;
   }
 }

blocksuite/affine/blocks/callout/src/emoji-menu.ts

@@ -1,34 +0,0 @@
-import { WithDisposable } from '@blocksuite/global/lit';
-import data from '@emoji-mart/data';
-import { Picker } from 'emoji-mart';
-import { html, LitElement, type PropertyValues } from 'lit';
-import { property, query } from 'lit/decorators.js';
-
-export class EmojiMenu extends WithDisposable(LitElement) {
-  override firstUpdated(props: PropertyValues) {
-    const result = super.firstUpdated(props);
-
-    const picker = new Picker({
-      data,
-      onEmojiSelect: this.onEmojiSelect,
-      autoFocus: true,
-      theme: this.theme,
-    });
-    this.emojiMenu.append(picker as unknown as Node);
-
-    return result;
-  }
-
-  @property({ attribute: false })
-  accessor onEmojiSelect: (data: any) => void = () => {};
-
-  @property({ attribute: false })
-  accessor theme: 'light' | 'dark' = 'light';
-
-  @query('.affine-emoji-menu')
-  accessor emojiMenu!: HTMLElement;
-
-  override render() {
-    return html`<div class="affine-emoji-menu"></div>`;
-  }
-}

blocksuite/affine/blocks/callout/src/icon-picker-wrapper.ts

@@ -0,0 +1,52 @@
+import type { IconData } from '@blocksuite/affine-shared/services';
+import type { UniComponent } from '@blocksuite/affine-shared/types';
+import { ShadowlessElement } from '@blocksuite/std';
+import { type Signal } from '@preact/signals-core';
+import { html, type TemplateResult } from 'lit';
+import { type StyleInfo, styleMap } from 'lit/directives/style-map.js';
+
+// Copy of renderUniLit from callout-block.ts
+const renderUniLit = <Props, Expose extends NonNullable<unknown>>(
+  uni: UniComponent<Props, Expose> | undefined,
+  props?: Props,
+  options?: {
+    ref?: Signal<Expose | undefined>;
+    style?: Readonly<StyleInfo>;
+    class?: string;
+  }
+): TemplateResult => {
+  return html` <uni-lit
+    .uni="${uni}"
+    .props="${props}"
+    .ref="${options?.ref}"
+    style=${options?.style ? styleMap(options?.style) : ''}
+  ></uni-lit>`;
+};
+
+export interface IconPickerWrapperProps {
+  onSelect?: (iconData?: IconData) => void;
+  onClose?: () => void;
+}
+
+export class IconPickerWrapper extends ShadowlessElement {
+  iconPickerComponent?: UniComponent<IconPickerWrapperProps, any>;
+  props?: IconPickerWrapperProps;
+
+  constructor() {
+    super();
+  }
+
+  override render() {
+    if (!this.iconPickerComponent) {
+      return html``;
+    }
+
+    return renderUniLit(this.iconPickerComponent, this.props);
+  }
+}
+
+declare global {
+  interface HTMLElementTagNameMap {
+    'icon-picker-wrapper': IconPickerWrapper;
+  }
+}

blocksuite/affine/blocks/callout/src/view.ts

@@ -8,6 +8,7 @@ import { literal } from 'lit/static-html.js';
 
 import { CalloutKeymapExtension } from './callout-keymap';
 import { calloutSlashMenuConfig } from './configs/slash-menu';
+import { createBuiltinToolbarConfigExtension } from './configs/toolbar';
 import { effects } from './effects';
 
 export class CalloutViewExtension extends ViewExtensionProvider {
@@ -25,6 +26,7 @@ export class CalloutViewExtension extends ViewExtensionProvider {
       BlockViewExtension('affine:callout', literal`affine-callout`),
       CalloutKeymapExtension,
       SlashMenuConfigExtension('affine:callout', calloutSlashMenuConfig),
+      ...createBuiltinToolbarConfigExtension('affine:callout'),
     ]);
   }
 }

blocksuite/affine/blocks/code/package.json

@@ -22,19 +22,19 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/mdast": "^4.0.4",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "shiki": "^3.0.0",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "shiki": "^3.19.0",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -48,5 +48,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/code/src/code-block-service.ts

@@ -19,8 +19,12 @@ import {
 export class CodeBlockHighlighter extends LifeCycleWatcher {
   static override key = 'code-block-highlighter';
 
-  private _darkThemeKey: string | undefined;
+  // Singleton highlighter instance
+  private static _sharedHighlighter: HighlighterCore | null = null;
+  private static _highlighterPromise: Promise<HighlighterCore> | null = null;
+  private static _refCount = 0;
 
+  private _darkThemeKey: string | undefined;
   private _lightThemeKey: string | undefined;
 
   highlighter$: Signal<HighlighterCore | null> = signal(null);
@@ -35,6 +39,13 @@ export class CodeBlockHighlighter extends LifeCycleWatcher {
   private readonly _loadTheme = async (
     highlighter: HighlighterCore
   ): Promise<void> => {
+    // It is possible that by the time the highlighter is ready all instances
+    // have already been unmounted. In that case there is no need to load
+    // themes or update state.
+    if (CodeBlockHighlighter._refCount === 0) {
+      return;
+    }
+
     const config = this.std.getOptional(CodeBlockConfigExtension.identifier);
     const darkTheme = config?.theme?.dark ?? CODE_BLOCK_DEFAULT_DARK_THEME;
     const lightTheme = config?.theme?.light ?? CODE_BLOCK_DEFAULT_LIGHT_THEME;
@@ -44,18 +55,58 @@ export class CodeBlockHighlighter extends LifeCycleWatcher {
     this.highlighter$.value = highlighter;
   };
 
+  private static async _getOrCreateHighlighter(): Promise<HighlighterCore> {
+    if (CodeBlockHighlighter._sharedHighlighter) {
+      return CodeBlockHighlighter._sharedHighlighter;
+    }
+
+    if (!CodeBlockHighlighter._highlighterPromise) {
+      CodeBlockHighlighter._highlighterPromise = createHighlighterCore({
+        engine: createOnigurumaEngine(() => getWasm),
+      }).then(highlighter => {
+        CodeBlockHighlighter._sharedHighlighter = highlighter;
+        return highlighter;
+      });
+    }
+
+    return CodeBlockHighlighter._highlighterPromise;
+  }
+
   override mounted(): void {
     super.mounted();
 
-    createHighlighterCore({
-      engine: createOnigurumaEngine(() => getWasm),
-    })
+    CodeBlockHighlighter._refCount++;
+
+    CodeBlockHighlighter._getOrCreateHighlighter()
       .then(this._loadTheme)
       .catch(console.error);
   }
 
   override unmounted(): void {
-    this.highlighter$.value?.dispose();
+    CodeBlockHighlighter._refCount--;
+
+    // Dispose the shared highlighter **after** any in-flight creation finishes.
+    if (CodeBlockHighlighter._refCount !== 0) {
+      return;
+    }
+
+    const doDispose = (highlighter: HighlighterCore | null) => {
+      if (highlighter) {
+        highlighter.dispose();
+      }
+      CodeBlockHighlighter._sharedHighlighter = null;
+      CodeBlockHighlighter._highlighterPromise = null;
+    };
+
+    if (CodeBlockHighlighter._sharedHighlighter) {
+      // Highlighter already created – dispose immediately.
+      doDispose(CodeBlockHighlighter._sharedHighlighter);
+    } else if (CodeBlockHighlighter._highlighterPromise) {
+      // Highlighter still being created – wait for it, then dispose.
+      CodeBlockHighlighter._highlighterPromise
+        .then(doDispose)
+        .catch(console.error);
+    }
   }
 }
 

blocksuite/affine/blocks/code/src/code-block.ts

@@ -6,7 +6,7 @@ import {
   EDGELESS_TOP_CONTENTEDITABLE_SELECTOR,
 } from '@blocksuite/affine-shared/consts';
 import {
-  BlockCommentManager,
+  BlockElementCommentManager,
   DocModeProvider,
   NotificationProvider,
 } from '@blocksuite/affine-shared/services';
@@ -394,7 +394,7 @@ export class CodeBlockComponent extends CaptionedBlockComponent<CodeBlockModel>
   get isCommentHighlighted() {
     return (
       this.std
-        .getOptional(BlockCommentManager)
+        .getOptional(BlockElementCommentManager)
         ?.isBlockCommentHighlighted(this.model) ?? false
     );
   }

blocksuite/affine/blocks/code/src/highlight/const.ts

@@ -1,6 +1,4 @@
-export const CODE_BLOCK_DEFAULT_DARK_THEME = import(
-  'shiki/themes/dark-plus.mjs'
-);
-export const CODE_BLOCK_DEFAULT_LIGHT_THEME = import(
-  'shiki/themes/light-plus.mjs'
-);
+export const CODE_BLOCK_DEFAULT_DARK_THEME =
+  import('shiki/themes/dark-plus.mjs');
+export const CODE_BLOCK_DEFAULT_LIGHT_THEME =
+  import('shiki/themes/light-plus.mjs');

blocksuite/affine/blocks/data-view/package.json

@@ -18,18 +18,18 @@
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/data-view": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/mdast": "^4.0.4",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -42,5 +42,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/data-view/src/data-view-block.ts

@@ -40,6 +40,7 @@ import { RANGE_SYNC_EXCLUDE_ATTR } from '@blocksuite/std/inline';
 import { Slice } from '@blocksuite/store';
 import { computed, signal } from '@preact/signals-core';
 import { css, nothing, unsafeCSS } from 'lit';
+import { repeat } from 'lit/directives/repeat.js';
 import { html } from 'lit/static-html.js';
 
 import { BlockQueryDataSource } from './data-source.js';
@@ -303,9 +304,15 @@ export class DataViewBlockComponent extends CaptionedBlockComponent<DataViewBloc
     },
   });
   override renderBlock() {
+    const widgets = html`${repeat(
+      Object.entries(this.widgets),
+      ([id]) => id,
+      ([_, widget]) => widget
+    )}`;
+
     return html`
       <div contenteditable="false" style="position: relative">
-        ${this.dataViewRootLogic.render()}
+        ${this.dataViewRootLogic.render()} ${widgets}
       </div>
     `;
   }

blocksuite/affine/blocks/database/package.json

@@ -21,21 +21,21 @@
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/data-view": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@emotion/css": "^11.13.5",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/mdast": "^4.0.4",
     "date-fns": "^4.0.0",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "yjs": "^13.6.21",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "yjs": "^13.6.27",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -48,5 +48,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/database/src/adapters/notion-html.ts

@@ -15,6 +15,7 @@ const ColumnClassMap: Record<string, string> = {
   typesCheckbox: 'checkbox',
   typesText: 'rich-text',
   typesTitle: 'title',
+  typesDate: 'date',
 };
 
 const NotionDatabaseToken = '.collection-content';
@@ -165,7 +166,36 @@ export const databaseBlockNotionHtmlAdapterMatcher: BlockNotionHtmlAdapterMatche
                 if (!column) {
                   return;
                 }
-                if (HastUtils.querySelector(child, '.selected-value')) {
+
+                // Check for <time> element to find date field from Notion.
+                if (HastUtils.querySelector(child, 'time')) {
+                  const timeElement = HastUtils.querySelector(child, 'time');
+                  let rawColumnData =
+                    HastUtils.getTextContent(timeElement).trim();
+
+                  if (rawColumnData.startsWith('@')) {
+                    rawColumnData = rawColumnData.slice(1);
+                  }
+
+                  const columnDate = new Date(rawColumnData);
+                  const timestamp = columnDate.getTime();
+
+                  if (!Number.isNaN(timestamp)) {
+                    column.data = {};
+                    if (column.type !== 'date') {
+                      column.type = 'date';
+                    }
+                    row[column.id] = {
+                      columnId: column.id,
+                      value: timestamp,
+                    };
+                  } else {
+                    row[column.id] = {
+                      columnId: column.id,
+                      value: HastUtils.getTextContent(child),
+                    };
+                  }
+                } else if (HastUtils.querySelector(child, '.selected-value')) {
                   if (!('options' in column.data)) {
                     column.data.options = [];
                   }

blocksuite/affine/blocks/database/src/components/title/index.ts

@@ -176,7 +176,7 @@ export class DatabaseTitle extends SignalWatcher(
   private readonly isFocus$ = signal(false);
 
   private onPressEnterKey() {
-    this.dataViewLogic.addRow?.('start');
+    this.input.blur();
   }
 
   get readonly$() {

blocksuite/affine/blocks/database/src/data-source.ts

@@ -164,8 +164,10 @@ export class DatabaseBlockDataSource extends DataSourceBase {
   readonly$: ReadonlySignal<boolean> = computed(() => {
     return (
       this._model.store.readonly ||
-      // TODO(@L-Sun): use block level readonly
-      IS_MOBILE
+      (IS_MOBILE &&
+        !this._model.store.provider
+          .get(FeatureFlagService)
+          .getFlag('enable_mobile_database_editing'))
     );
   });
 

blocksuite/affine/blocks/database/src/database-block.ts

@@ -10,9 +10,10 @@ import { toast } from '@blocksuite/affine-components/toast';
 import type { DatabaseBlockModel } from '@blocksuite/affine-model';
 import { EDGELESS_TOP_CONTENTEDITABLE_SELECTOR } from '@blocksuite/affine-shared/consts';
 import {
-  BlockCommentManager,
+  BlockElementCommentManager,
   CommentProviderIdentifier,
   DocModeProvider,
+  FeatureFlagService,
   NotificationProvider,
   type TelemetryEventMap,
   TelemetryProvider,
@@ -34,6 +35,7 @@ import {
   uniMap,
 } from '@blocksuite/data-view';
 import { widgetPresets } from '@blocksuite/data-view/widget-presets';
+import { IS_MOBILE } from '@blocksuite/global/env';
 import { Rect } from '@blocksuite/global/gfx';
 import {
   CommentIcon,
@@ -47,6 +49,8 @@ import { Slice } from '@blocksuite/store';
 import { autoUpdate } from '@floating-ui/dom';
 import { computed, signal } from '@preact/signals-core';
 import { html, nothing } from 'lit';
+import { repeat } from 'lit/directives/repeat.js';
+import { styleMap } from 'lit/directives/style-map.js';
 
 import { popSideDetail } from './components/layout.js';
 import { DatabaseConfigExtension } from './config.js';
@@ -315,7 +319,7 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
   get isCommentHighlighted() {
     return (
       this.std
-        .getOptional(BlockCommentManager)
+        .getOptional(BlockElementCommentManager)
         ?.isBlockCommentHighlighted(this.model) ?? false
     );
   }
@@ -348,6 +352,7 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
     this.setAttribute(RANGE_SYNC_EXCLUDE_ATTR, 'true');
     this.classList.add(databaseBlockStyles);
     this.listenFullWidthChange();
+    this.handleMobileEditing();
   }
 
   listenFullWidthChange() {
@@ -363,6 +368,41 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
       })
     );
   }
+
+  handleMobileEditing() {
+    if (!IS_MOBILE) return;
+
+    let notifyClosed = true;
+    const handler = () => {
+      if (
+        !this.std
+          .get(FeatureFlagService)
+          .getFlag('enable_mobile_database_editing')
+      ) {
+        const notification = this.std.getOptional(NotificationProvider);
+        if (notification && notifyClosed) {
+          notifyClosed = false;
+          notification.notify({
+            title: html`<div
+              style=${styleMap({
+                whiteSpace: 'wrap',
+              })}
+            >
+              Mobile database editing is not supported yet. You can open it in
+              experimental features, or edit it in desktop mode.
+            </div>`,
+            accent: 'warning',
+            onClose: () => {
+              notifyClosed = true;
+            },
+          });
+        }
+      }
+    };
+
+    this.disposables.addFromEvent(this, 'click', handler);
+  }
+
   private readonly dataViewRootLogic = lazy(
     () =>
       new DataViewRootUILogic({
@@ -451,9 +491,15 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
       })
   );
   override renderBlock() {
+    const widgets = html`${repeat(
+      Object.entries(this.widgets),
+      ([id]) => id,
+      ([_, widget]) => widget
+    )}`;
+
     return html`
       <div contenteditable="false" class="${databaseContentStyles}">
-        ${this.dataViewRootLogic.value.render()}
+        ${this.dataViewRootLogic.value.render()} ${widgets}
       </div>
     `;
   }

blocksuite/affine/blocks/divider/package.json

@@ -21,12 +21,12 @@
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/mdast": "^4.0.4",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -39,5 +39,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/edgeless-text/package.json

@@ -20,17 +20,17 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-edgeless-toolbar": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -43,5 +43,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/embed-doc/package.json

@@ -20,23 +20,23 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/lodash-es": "^4.17.12",
     "lit": "^3.2.0",
     "lodash-es": "^4.17.21",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "yjs": "^13.6.21",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "yjs": "^13.6.27",
+    "zod": "^3.25.76"
   },
   "devDependencies": {
-    "vitest": "3.1.3"
+    "vitest": "^3.2.4"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -49,5 +49,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/embed-doc/src/embed-linked-doc-block/configs/toolbar.ts

@@ -11,7 +11,6 @@ import {
 } from '@blocksuite/affine-shared/consts';
 import {
   ActionPlacement,
-  blockCommentToolbarButton,
   DocDisplayMetaProvider,
   EditorSettingProvider,
   type LinkEventType,
@@ -306,10 +305,6 @@ const builtinToolbarConfig = {
       },
     } satisfies ToolbarActionGroup<ToolbarAction>,
     captionAction,
-    {
-      id: 'e.comment',
-      ...blockCommentToolbarButton,
-    },
     {
       placement: ActionPlacement.More,
       id: 'a.clipboard',

blocksuite/affine/blocks/embed-doc/src/embed-linked-doc-block/embed-linked-doc-block.ts

@@ -323,7 +323,8 @@ export class EmbedLinkedDocBlockComponent extends EmbedBlockComponent<EmbedLinke
 
   private readonly _renderEmbedView = () => {
     const linkedDoc = this.linkedDoc;
-    const isDeleted = !linkedDoc;
+    const trash = linkedDoc?.meta?.trash;
+    const isDeleted = trash || !linkedDoc;
     const isLoading = this._loading;
     const isError = this.isError;
     const isEmpty = this._isDocEmpty() && this.isBannerEmpty;
@@ -521,11 +522,6 @@ export class EmbedLinkedDocBlockComponent extends EmbedBlockComponent<EmbedLinke
       );
 
       this._setDocUpdatedAt();
-      this.disposables.add(
-        this.store.workspace.slots.docListUpdated.subscribe(() => {
-          this._setDocUpdatedAt();
-        })
-      );
 
       if (this._referenceToNode) {
         this._linkedDocMode = this.model.props.params?.mode ?? 'page';
@@ -554,6 +550,13 @@ export class EmbedLinkedDocBlockComponent extends EmbedBlockComponent<EmbedLinke
       })
     );
 
+    this.disposables.add(
+      this.store.workspace.slots.docListUpdated.subscribe(() => {
+        this._setDocUpdatedAt();
+        this.refreshData();
+      })
+    );
+
     this._trackCitationDeleteEvent();
   }
 

blocksuite/affine/blocks/embed-doc/src/embed-linked-doc-block/styles.ts

@@ -9,7 +9,7 @@ export const styles = css`
     width: 100%;
     height: 100%;
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
     background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
     position: relative;

blocksuite/affine/blocks/embed-doc/src/embed-synced-doc-block/configs/toolbar.ts

@@ -16,7 +16,6 @@ import {
 import { REFERENCE_NODE } from '@blocksuite/affine-shared/consts';
 import {
   ActionPlacement,
-  blockCommentToolbarButton,
   EditorSettingProvider,
   type LinkEventType,
   type OpenDocMode,
@@ -226,10 +225,6 @@ const builtinToolbarConfig = {
     openDocActionGroup,
     conversionsActionGroup,
     captionAction,
-    {
-      id: 'e.comment',
-      ...blockCommentToolbarButton,
-    },
     {
       placement: ActionPlacement.More,
       id: 'a.clipboard',

blocksuite/affine/blocks/embed-doc/src/embed-synced-doc-block/embed-synced-doc-block.ts

@@ -56,6 +56,9 @@ export class EmbedSyncedDocBlockComponent extends EmbedBlockComponent<EmbedSynce
   // Caches total bounds, includes all blocks and elements.
   private _cachedBounds: Bound | null = null;
 
+  private _hasRenderedSyncedView = false;
+  private _hasInitedFitEffect = false;
+
   private readonly _initEdgelessFitEffect = () => {
     const fitToContent = () => {
       if (this.isPageMode) return;
@@ -357,10 +360,14 @@ export class EmbedSyncedDocBlockComponent extends EmbedBlockComponent<EmbedSynce
   };
 
   refreshData = () => {
-    this._load().catch(e => {
-      console.error(e);
-      this._error = true;
-    });
+    this._load()
+      .then(() => {
+        this._isEmptySyncedDoc = isEmptyDoc(this.syncedDoc, this.editorMode);
+      })
+      .catch(e => {
+        console.error(e);
+        this._error = true;
+      });
   };
 
   title$ = computed(() => {
@@ -445,7 +452,8 @@ export class EmbedSyncedDocBlockComponent extends EmbedBlockComponent<EmbedSynce
     this._cycle = false;
 
     const syncedDoc = this.syncedDoc;
-    if (!syncedDoc) {
+    const trash = syncedDoc?.meta?.trash;
+    if (trash || !syncedDoc) {
       this._deleted = true;
       this._loading = false;
       return;
@@ -521,6 +529,7 @@ export class EmbedSyncedDocBlockComponent extends EmbedBlockComponent<EmbedSynce
     this.disposables.add(
       this.store.workspace.slots.docListUpdated.subscribe(() => {
         this._setDocUpdatedAt();
+        this.refreshData();
       })
     );
 
@@ -552,8 +561,6 @@ export class EmbedSyncedDocBlockComponent extends EmbedBlockComponent<EmbedSynce
         this._selectBlock();
       }
     });
-
-    this._initEdgelessFitEffect();
   }
 
   override renderBlock() {
@@ -581,12 +588,21 @@ export class EmbedSyncedDocBlockComponent extends EmbedBlockComponent<EmbedSynce
       );
     }
 
+    !this._hasRenderedSyncedView && (this._hasRenderedSyncedView = true);
+
     return this._renderSyncedView();
   }
 
   override updated(changedProperties: PropertyValues) {
     super.updated(changedProperties);
     this.syncedDocCard?.requestUpdate();
+
+    if (!this._hasInitedFitEffect && this._hasRenderedSyncedView) {
+      /* Register the resizeObserver AFTER syncdView viewport's own resizeObserver
+       * so that viewport.onResize() use up-to-date boundingClientRect values */
+      this._hasInitedFitEffect = true;
+      this._initEdgelessFitEffect();
+    }
   }
 
   @state()

blocksuite/affine/blocks/embed-doc/src/embed-synced-doc-block/styles.ts

@@ -197,8 +197,8 @@ export const cardStyles = css`
     width: 100%;
     height: ${EMBED_CARD_HEIGHT.horizontal}px;
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
-    background: var(--affine-background-primary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
   }
 

blocksuite/affine/blocks/embed/package.json

@@ -20,23 +20,23 @@
     "@blocksuite/affine-shared": "workspace:*",
     "@blocksuite/affine-widget-slash-menu": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/lodash-es": "^4.17.12",
     "lit": "^3.2.0",
     "lodash-es": "^4.17.21",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "yjs": "^13.6.21",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "yjs": "^13.6.27",
+    "zod": "^3.25.76"
   },
   "devDependencies": {
-    "vitest": "3.1.3"
+    "vitest": "^3.2.4"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -49,5 +49,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }

blocksuite/affine/blocks/embed/src/common/embed-block-element.ts

@@ -9,7 +9,7 @@ import {
   EMBED_CARD_WIDTH,
 } from '@blocksuite/affine-shared/consts';
 import {
-  BlockCommentManager,
+  BlockElementCommentManager,
   DocModeProvider,
 } from '@blocksuite/affine-shared/services';
 import { unsafeCSSVarV2 } from '@blocksuite/affine-shared/theme';
@@ -65,7 +65,7 @@ export class EmbedBlockComponent<
   get isCommentHighlighted() {
     return (
       this.std
-        .getOptional(BlockCommentManager)
+        .getOptional(BlockElementCommentManager)
         ?.isBlockCommentHighlighted(this.model) ?? false
     );
   }

blocksuite/affine/blocks/embed/src/configs/toolbar.ts

@@ -13,7 +13,6 @@ import {
 } from '@blocksuite/affine-shared/consts';
 import {
   ActionPlacement,
-  blockCommentToolbarButton,
   EmbedOptionProvider,
   type LinkEventType,
   type ToolbarAction,
@@ -349,10 +348,6 @@ function createBuiltinToolbarConfigForExternal(
           });
         },
       },
-      {
-        id: 'e.comment',
-        ...blockCommentToolbarButton,
-      },
       {
         placement: ActionPlacement.More,
         id: 'a.clipboard',

blocksuite/affine/blocks/embed/src/embed-figma-block/embed-figma-block.ts

@@ -82,7 +82,8 @@ export class EmbedFigmaBlockComponent extends EmbedBlockComponent<EmbedFigmaMode
             <div class="affine-embed-figma-iframe-container">
               <iframe
                 src=${`https://www.figma.com/embed?embed_host=blocksuite&url=${url}`}
-                allowfullscreen
+                sandbox="allow-same-origin allow-scripts allow-presentation"
+                allow="fullscreen"
                 loading="lazy"
                 credentialless
               ></iframe>

blocksuite/affine/blocks/embed/src/embed-figma-block/styles.ts

@@ -11,9 +11,9 @@ export const styles = css`
     height: 100%;
 
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
 
-    background: var(--affine-background-primary-color);
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
   }
 

blocksuite/affine/blocks/embed/src/embed-github-block/styles.ts

@@ -1,3 +1,4 @@
+import { unsafeCSSVarV2 } from '@blocksuite/affine-shared/theme';
 import { css, html } from 'lit';
 
 export const styles = css`
@@ -9,9 +10,9 @@ export const styles = css`
     height: 100%;
 
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
 
-    background: var(--affine-background-primary-color);
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
     overflow: hidden;
   }

blocksuite/affine/blocks/embed/src/embed-html-block/styles.ts

@@ -1,3 +1,4 @@
+import { unsafeCSSVarV2 } from '@blocksuite/affine-shared/theme';
 import { css, html } from 'lit';
 
 export const EMBED_HTML_MIN_WIDTH = 370;
@@ -15,9 +16,9 @@ export const styles = css`
     gap: 20px;
 
     border-radius: 12px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
 
-    background: var(--affine-background-primary-color);
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
   }
 

blocksuite/affine/blocks/embed/src/embed-iframe-block/configs/providers/bilibili.ts

@@ -0,0 +1,79 @@
+import { EmbedIframeConfigExtension } from '@blocksuite/affine-shared/services';
+
+import {
+  type EmbedIframeUrlValidationOptions,
+  validateEmbedIframeUrl,
+} from '../../utils';
+
+const BILIBILI_DEFAULT_WIDTH_IN_SURFACE = 800;
+const BILIBILI_DEFAULT_HEIGHT_IN_SURFACE = 450;
+const BILIBILI_DEFAULT_HEIGHT_IN_NOTE = 450;
+const BILIBILI_DEFAULT_WIDTH_PERCENT = 100;
+
+const bilibiliValidationOptions: EmbedIframeUrlValidationOptions = {
+  protocols: ['https:'],
+  hostnames: ['player.bilibili.com', 'www.bilibili.com', 'bilibili.com'],
+};
+
+const biliPlayerValidationOptions: EmbedIframeUrlValidationOptions = {
+  protocols: ['https:'],
+  hostnames: ['player.bilibili.com'],
+};
+
+const AV_REGEX = /av([0-9]+)/i;
+const BV_REGEX = /(BV[0-9A-Za-z]{10})/;
+
+const extractAvid = (url: string) => {
+  const match = url.match(AV_REGEX);
+  return match ? match[1] : undefined;
+};
+
+const extractBvid = (url: string) => {
+  const match = url.match(BV_REGEX);
+  return match ? match[1] : undefined;
+};
+
+const buildBiliPlayerEmbedUrl = (url: string) => {
+  // If the user pasted the embed URL directly, keep it
+  if (validateEmbedIframeUrl(url, biliPlayerValidationOptions)) {
+    return url;
+  }
+  const avid = extractAvid(url);
+  if (avid) {
+    const params = new URLSearchParams({
+      aid: avid,
+      autoplay: '0',
+    });
+    return `https://player.bilibili.com/player.html?${params.toString()}`;
+  }
+  const bvid = extractBvid(url);
+  if (bvid) {
+    const params = new URLSearchParams({
+      bvid,
+      autoplay: '0',
+    });
+    return `https://player.bilibili.com/player.html?${params.toString()}`;
+  }
+  return undefined;
+};
+
+const bilibiliConfig = {
+  name: 'bilibili',
+  match: (url: string) =>
+    validateEmbedIframeUrl(url, bilibiliValidationOptions) &&
+    (!!extractAvid(url) || !!extractBvid(url)),
+  buildOEmbedUrl: buildBiliPlayerEmbedUrl,
+  useOEmbedUrlDirectly: true,
+  options: {
+    widthInSurface: BILIBILI_DEFAULT_WIDTH_IN_SURFACE,
+    heightInSurface: BILIBILI_DEFAULT_HEIGHT_IN_SURFACE,
+    heightInNote: BILIBILI_DEFAULT_HEIGHT_IN_NOTE,
+    widthPercent: BILIBILI_DEFAULT_WIDTH_PERCENT,
+    allow: 'clipboard-write; encrypted-media; picture-in-picture',
+    sandbox: 'allow-same-origin allow-scripts',
+    style: 'border: none; border-radius: 8px;',
+    allowFullscreen: true,
+  },
+};
+
+export const BilibiliEmbedConfig = EmbedIframeConfigExtension(bilibiliConfig);

blocksuite/affine/blocks/embed/src/embed-iframe-block/configs/providers/generic.ts

@@ -10,7 +10,6 @@ const GENERIC_DEFAULT_HEIGHT_IN_NOTE = 400;
  * These are based on the centralized cloud constants and known AFFiNE domains
  */
 const AFFINE_DOMAINS = [
-  'affine.pro', // Main AFFiNE domain
   'app.affine.pro', // Stable cloud domain
   'insider.affine.pro', // Beta/internal cloud domain
   'affine.fail', // Canary cloud domain
@@ -67,8 +66,9 @@ const genericConfig = {
     heightInNote: GENERIC_DEFAULT_HEIGHT_IN_NOTE,
     allowFullscreen: true,
     style: 'border: none; border-radius: 8px;',
-    allow: 'clipboard-read; clipboard-write; picture-in-picture;',
+    allow: '',
     referrerpolicy: 'no-referrer-when-downgrade',
+    sandbox: 'allow-scripts',
   },
 };
 

blocksuite/affine/blocks/embed/src/embed-iframe-block/configs/providers/index.ts

@@ -1,3 +1,4 @@
+import { BilibiliEmbedConfig } from './bilibili';
 import { ExcalidrawEmbedConfig } from './excalidraw';
 import { GenericEmbedConfig } from './generic';
 import { GoogleDocsEmbedConfig } from './google-docs';
@@ -11,5 +12,6 @@ export const EmbedIframeConfigExtensions = [
   MiroEmbedConfig,
   ExcalidrawEmbedConfig,
   GoogleDocsEmbedConfig,
+  BilibiliEmbedConfig,
   GenericEmbedConfig,
 ];

blocksuite/affine/blocks/embed/src/embed-iframe-block/embed-iframe-block.ts

@@ -11,6 +11,7 @@ import {
   type IframeOptions,
   LinkPreviewServiceIdentifier,
   NotificationProvider,
+  VirtualKeyboardProvider,
 } from '@blocksuite/affine-shared/services';
 import { matchModels } from '@blocksuite/affine-shared/utils';
 import { BlockSuiteError, ErrorCode } from '@blocksuite/global/exceptions';
@@ -22,7 +23,7 @@ import {
   type ReadonlySignal,
   signal,
 } from '@preact/signals-core';
-import { html } from 'lit';
+import { html, nothing } from 'lit';
 import { query } from 'lit/decorators.js';
 import { type ClassInfo, classMap } from 'lit/directives/class-map.js';
 import { ifDefined } from 'lit/directives/if-defined.js';
@@ -44,6 +45,10 @@ import { safeGetIframeSrc } from './utils.js';
 
 export type EmbedIframeStatus = 'idle' | 'loading' | 'success' | 'error';
 
+const TRUSTED_SANDBOX =
+  'allow-same-origin allow-scripts allow-forms allow-presentation';
+const UNTRUSTED_SANDBOX = 'allow-scripts';
+
 export class EmbedIframeBlockComponent extends CaptionedBlockComponent<EmbedIframeBlockModel> {
   selectedStyle$: ReadonlySignal<ClassInfo> | null = computed<ClassInfo>(
     () => ({
@@ -88,6 +93,7 @@ export class EmbedIframeBlockComponent extends CaptionedBlockComponent<EmbedIfra
   });
 
   protected iframeOptions: IframeOptions | undefined = undefined;
+  private currentConfigName: string | undefined;
 
   get embedIframeService() {
     return this.std.get(EmbedIframeService);
@@ -213,9 +219,33 @@ export class EmbedIframeBlockComponent extends CaptionedBlockComponent<EmbedIfra
       this._linkInputAbortController.abort();
     }
 
+    const keyboard = this.host.std.getOptional(VirtualKeyboardProvider);
+    const computePosition = keyboard
+      ? {
+          referenceElement: document.body,
+          placement: 'top' as const,
+          middleware: [
+            offset(({ rects }) => ({
+              mainAxis:
+                -rects.floating.height -
+                (window.innerHeight -
+                  rects.floating.height -
+                  keyboard.height$.value) /
+                  2,
+            })),
+          ],
+          autoUpdate: { animationFrame: true },
+        }
+      : {
+          referenceElement: this._blockContainer,
+          placement: 'bottom' as const,
+          middleware: [flip(), offset(LINK_CREATE_POPUP_OFFSET), shift()],
+          autoUpdate: { animationFrame: true },
+        };
+
     this._linkInputAbortController = new AbortController();
 
-    createLitPortal({
+    const { update } = createLitPortal({
       template: html`<embed-iframe-link-input-popup
         .model=${this.model}
         .abortController=${this._linkInputAbortController}
@@ -224,15 +254,19 @@ export class EmbedIframeBlockComponent extends CaptionedBlockComponent<EmbedIfra
         .options=${options}
       ></embed-iframe-link-input-popup>`,
       container: document.body,
-      computePosition: {
-        referenceElement: this._blockContainer,
-        placement: 'bottom',
-        middleware: [flip(), offset(LINK_CREATE_POPUP_OFFSET), shift()],
-        autoUpdate: { animationFrame: true },
-      },
+      computePosition,
       abortController: this._linkInputAbortController,
       closeOnClickAway: true,
     });
+
+    if (keyboard) {
+      this._linkInputAbortController.signal.addEventListener(
+        'abort',
+        keyboard.height$.subscribe(() => {
+          update();
+        })
+      );
+    }
   };
 
   /**
@@ -250,6 +284,10 @@ export class EmbedIframeBlockComponent extends CaptionedBlockComponent<EmbedIfra
     const config = this.embedIframeService?.getConfig(url);
     if (config) {
       this.iframeOptions = config.options;
+      this.currentConfigName = config.name;
+    } else {
+      this.iframeOptions = undefined;
+      this.currentConfigName = undefined;
     }
   };
 
@@ -299,26 +337,46 @@ export class EmbedIframeBlockComponent extends CaptionedBlockComponent<EmbedIfra
       referrerpolicy,
       scrolling,
       allowFullscreen,
+      sandbox,
     } = this.iframeOptions ?? {};
     const width = `${widthPercent}%`;
     // if the block is in the surface, use 100% as the height
     // otherwise, use the heightInNote
     const height = this.inSurface ? '100%' : heightInNote;
-    return html`
-      <iframe
+    const sandboxValue =
+      sandbox ??
+      (this.currentConfigName === 'generic'
+        ? UNTRUSTED_SANDBOX
+        : TRUSTED_SANDBOX);
+    const sourceHost = this._getSourceHost();
+    return html`<iframe
         width=${width ?? DEFAULT_IFRAME_WIDTH}
         height=${height ?? DEFAULT_IFRAME_HEIGHT}
         ?allowfullscreen=${allowFullscreen}
         loading="lazy"
         frameborder="0"
         credentialless
+        sandbox=${sandboxValue}
         src=${ifDefined(iframeUrl)}
         allow=${ifDefined(allow)}
         referrerpolicy=${ifDefined(referrerpolicy)}
         scrolling=${ifDefined(scrolling)}
         style=${ifDefined(style)}
       ></iframe>
-    `;
+      ${sourceHost
+        ? html`<div class="affine-embed-iframe-source">${sourceHost}</div>`
+        : nothing}`;
+  };
+
+  private readonly _getSourceHost = () => {
+    const url = this.model.props.url ?? this.model.props.iframeUrl;
+    if (!url) return null;
+    try {
+      const parsed = new URL(url);
+      return parsed.hostname;
+    } catch {
+      return null;
+    }
   };
 
   private readonly _renderContent = () => {

blocksuite/affine/blocks/embed/src/embed-iframe-block/style.ts

@@ -23,6 +23,19 @@ export const embedIframeBlockStyles = css`
     height: 100%;
     display: none;
   }
+
+  .affine-embed-iframe-source {
+    position: absolute;
+    left: 8px;
+    bottom: 8px;
+    padding: 2px 6px;
+    background: rgba(0, 0, 0, 0.7);
+    color: #fff;
+    border-radius: 4px;
+    font-size: 12px;
+    line-height: 16px;
+    pointer-events: none;
+  }
   .affine-embed-iframe-block-overlay.show {
     display: block;
   }

blocksuite/affine/blocks/embed/src/embed-loom-block/embed-loom-block.ts

@@ -124,7 +124,8 @@ export class EmbedLoomBlockComponent extends EmbedBlockComponent<
                     <iframe
                       src=${`https://www.loom.com/embed/${videoId}?hide_title=true`}
                       frameborder="0"
-                      allow="fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+                      allow="fullscreen; autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"
+                      sandbox="allow-scripts allow-same-origin allow-presentation"
                       loading="lazy"
                       credentialless
                     ></iframe>

blocksuite/affine/blocks/embed/src/embed-loom-block/styles.ts

@@ -1,3 +1,4 @@
+import { unsafeCSSVarV2 } from '@blocksuite/affine-shared/theme';
 import { css, html } from 'lit';
 
 export const styles = css`
@@ -12,9 +13,9 @@ export const styles = css`
     height: 100%;
 
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
 
-    background: var(--affine-background-primary-color);
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
   }
 

blocksuite/affine/blocks/embed/src/embed-youtube-block/embed-youtube-block.ts

@@ -148,8 +148,8 @@ export class EmbedYoutubeBlockComponent extends EmbedBlockComponent<
                       type="text/html"
                       src=${`https://www.youtube.com/embed/${videoId}`}
                       frameborder="0"
-                      allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
-                      allowfullscreen
+                      allow="fullscreen; autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"
+                      sandbox="allow-scripts allow-same-origin allow-presentation"
                       loading="lazy"
                       credentialless
                     ></iframe>

blocksuite/affine/blocks/embed/src/embed-youtube-block/styles.ts

@@ -13,9 +13,9 @@ export const styles = css`
     padding: 12px;
 
     border-radius: 8px;
-    border: 1px solid var(--affine-background-tertiary-color);
+    border: 1px solid ${unsafeCSSVarV2('layer/background/tertiary')};
 
-    background: var(--affine-background-primary-color);
+    background: ${unsafeCSSVarV2('layer/background/primary')};
     user-select: none;
   }
 

blocksuite/affine/blocks/frame/package.json

@@ -19,19 +19,19 @@
     "@blocksuite/affine-widget-edgeless-toolbar": "workspace:*",
     "@blocksuite/affine-widget-frame-title": "workspace:*",
     "@blocksuite/global": "workspace:*",
-    "@blocksuite/icons": "^2.2.12",
+    "@blocksuite/icons": "^2.2.17",
     "@blocksuite/std": "workspace:*",
     "@blocksuite/store": "workspace:*",
     "@floating-ui/dom": "^1.6.13",
     "@lit/context": "^1.1.2",
     "@preact/signals-core": "^1.8.0",
-    "@toeverything/theme": "^1.1.15",
+    "@toeverything/theme": "^1.1.23",
     "@types/mdast": "^4.0.4",
     "lit": "^3.2.0",
-    "minimatch": "^10.0.1",
-    "rxjs": "^7.8.1",
-    "yjs": "^13.6.21",
-    "zod": "^3.23.8"
+    "minimatch": "^10.1.1",
+    "rxjs": "^7.8.2",
+    "yjs": "^13.6.27",
+    "zod": "^3.25.76"
   },
   "exports": {
     ".": "./src/index.ts",
@@ -44,5 +44,5 @@
     "!src/__tests__",
     "!dist/__tests__"
   ],
-  "version": "0.22.4"
+  "version": "0.26.0"
 }