This pull request introduces several improvements and refactors to the
iOS frontend, with a focus on the paywall system, configuration, and
developer experience. The most significant changes include dynamic
pricing updates for subscription packages, the introduction of a
centralized pricing configuration, and enhanced developer documentation
and settings for Claude Code. There are also minor fixes and
improvements to restore purchase flows, App Store syncing, and protocol
usage guidance.
**Paywall System Improvements**
* Subscription package pricing and display is now dynamically updated
based on App Store data, ensuring users see accurate, localized pricing
and descriptions. This includes new logic for calculating monthly prices
and updating package button text. (`ViewModel.swift`,
`ViewModel+Action.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`)
[[1]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0R83-R160)
[[2]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0L102-R199)
[[3]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73)
[[4]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL74-R94)
[[5]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35)
[[6]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22)
* Introduced a new `PricingConfiguration.swift` file to centralize
product identifiers, default selections, and display strings for
subscription products, improving maintainability and consistency.
(`PricingConfiguration.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`)
[[1]](diffhunk://#diff-de4566ecd5bd29f36737ae5e5904345bd1a5c8f0a73140c3ebba41856bae3e86R1-R54)
[[2]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35)
[[3]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22)
**Developer Experience and Documentation**
* Added `AGENTS.md` to provide comprehensive guidance for Claude Code
and developers, including project overview, build commands,
architecture, native bridge APIs, Swift code style, and dependencies.
(`AGENTS.md`)
* Added a local settings file (`settings.local.json`) to configure
permissions for Claude Code, allowing specific Bash commands for iOS
builds. (`settings.local.json`)
* Updated Swift architecture guidelines to discourage protocol-oriented
design unless necessary, favoring dependency injection and composition.
(`AGENTS.md`)
**User Experience Improvements**
* The purchase footer now includes an underline for "Restore Purchase"
and a clear message about subscription auto-renewal and cancellation
flexibility. (`PurchaseFooterView.swift`)
* Improved restore purchase and App Store sync logic to better handle
user sign-in prompts and error handling. (`ViewModel+Action.swift`,
`Store.swift`)
[[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL45-R49)
[[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73)
[[3]](diffhunk://#diff-9f18fbbf15591c56380ce46358089c663ce4440f596db8577de76dc6cd306b54R26-R28)
**Minor Fixes and Refactoring**
* Made `docId` in `DeleteSessionInput` optional to match GraphQL schema
expectations. (`DeleteSessionInput.graphql.swift`)
[[1]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL14-R14)
[[2]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL25-R25)
* Minor formatting and dependency list updates in `Package.swift`.
(`Package.swift`)
* Fixed concurrency usage in event streaming for chat manager.
(`ChatManager+Stream.swift`)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* New Features
* Paywall options now dynamically reflect product data with clearer
labels and monthly price calculations.
* Added an auto‑renewal note (“cancel anytime”) and underlined “Restore
Purchase” for better clarity.
* Refactor
* Improved purchase/restore flow reliability and UI updates for a
smoother experience.
* Documentation
* Added a comprehensive development guide and updated architecture/style
guidance for iOS.
* Chores
* Introduced local build permissions configuration for iOS development.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Style
- Updated icon picker to use the primary icon color, improving visual
consistency (including SVG icons).
- Improved emoji rendering in the document icon picker by applying an
emoji-specific font for elements marked as emoji, matching existing size
and line-height.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="411" height="205" alt="截屏2025-09-26 10 58 39"
src="https://github.com/user-attachments/assets/c3bce144-7847-4794-b766-5a3777cbc00d"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Delete icon added to AI session history with tooltip and confirmation
prompt; deleting current session opens a new session.
- Session deletion wired end-to-end (toolbar → provider → backend) and
shows notifications.
- Improvements
- Cleanup now supports deleting sessions with or without a document ID
(document-specific or workspace-wide).
- UI tweaks for cleaner session item layout and safer click handling
(delete won’t trigger item click).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Access Tokens screen now shows revealed access tokens, including the
token value where available.
- Chores
- Updated iOS Paywall package to use Swift tools version 5.9.
- Removed an unused internal iOS package to streamline the app.
- Aligned access token data model to the latest backend schema for
improved consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fix#13649
#### PR Dependency Tree
* **PR #13653** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Streamlined internal async handling to depend only on specified
inputs, reducing unnecessary updates and improving responsiveness.
* Preserved existing error handling for async operations.
* **Chores**
* Adjusted lint configuration/comments to align with the updated
dependency strategy, reducing false-positive warnings.
No user-facing UI changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
https://github.com/toeverything/AFFiNE/issues/13509
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded Mermaid dependency to v11.1.0 in the frontend core package.
* **Impact**
* Improved diagram rendering and compatibility with newer Mermaid
syntax.
* Potential performance and security improvements from upstream updates.
* No UI changes expected; existing diagrams should continue to work.
* Please verify critical diagram views for any rendering differences.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: L-Sun <zover.v@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
for paragraph blocks, image blocks, list blocks, and table blocks
Should fix#8617 and #11254.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added text alignment options (left, center, right) for paragraph,
list, image, note, and table blocks.
- Introduced alignment controls in toolbars and slash menus for easier
formatting.
- Enabled keyboard shortcuts for quick text alignment changes (supports
Mac and Windows).
- **Localization**
- Added English, Simplified Chinese, and Traditional Chinese
translations for new alignment commands and shortcuts.
- **Style**
- Blocks now visually reflect selected text alignment in their layout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: L-Sun <zover.v@gmail.com>
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
|
[@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client)
| [`^28.0.0` ->
`^31.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>googleapis/google-api-nodejs-client
(@​googleapis/androidpublisher)</summary>
###
[`v31.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13100-2024-01-05)
[Compare
Source](https://redirect.github.com/googleapis/google-api-nodejs-client/compare/v30.0.0...v31.0.0)
##### ⚠ BREAKING CHANGES
- **serviceconsumermanagement:** This release has breaking changes.
- **playintegrity:** This release has breaking changes.
##### Features
- **chromepolicy:** update the API
([8429e3c](8429e3c9d6))
- **chromeuxreport:** update the API
([6d52abb](6d52abb902))
- **customsearch:** update the API
([1169e4c](1169e4c607))
- **dialogflow:** update the API
([4b1e073](4b1e0734d9))
- **displayvideo:** update the API
([45b61b5](45b61b5d20))
- **oslogin:** update the API
([cfc90e7](cfc90e7c9c))
- **playintegrity:** update the API
([767af5f](767af5f12e))
- regenerate index files
([4246fd1](4246fd1c64))
- **serviceconsumermanagement:** update the API
([a68206a](a68206a211))
##### Bug Fixes
- **accesscontextmanager:** update the API
([845c716](845c7168e9))
- **admin:** update the API
([4664d6b](4664d6bb4c))
- **backupdr:** update the API
([19b0192](19b019219b))
- **calendar:** update the API
([0ca9bbc](0ca9bbc4e4))
- **cloudbuild:** update the API
([31158a2](31158a226c))
- **cloudidentity:** update the API
([22610b3](22610b3d15))
- **cloudprofiler:** update the API
([2c5cbc4](2c5cbc4299))
- **cloudtrace:** update the API
([2a811d5](2a811d5fe8))
- **iap:** update the API
([ec596c1](ec596c1b87))
- **playdeveloperreporting:** update the API
([7181840](7181840daf))
- **servicenetworking:** update the API
([50c7dbd](50c7dbd323))
- **spanner:** update the API
([0e40d67](0e40d67436))
###
[`v30.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13000-2024-01-03)
##### ⚠ BREAKING CHANGES
- **networksecurity:** This release has breaking changes.
- **metastore:** This release has breaking changes.
- **gmail:** This release has breaking changes.
- **gkehub:** This release has breaking changes.
- **drivelabels:** This release has breaking changes.
- **dialogflow:** This release has breaking changes.
- **datacatalog:** This release has breaking changes.
- **content:** This release has breaking changes.
- **connectors:** This release has breaking changes.
- **cloudbuild:** This release has breaking changes.
- **chat:** This release has breaking changes.
- **batch:** This release has breaking changes.
- **artifactregistry:** This release has breaking changes.
- **aiplatform:** This release has breaking changes.
- **advisorynotifications:** This release has breaking changes.
##### Features
- **accesscontextmanager:** update the API
([26d496e](26d496e416))
- **adexchangebuyer2:** update the API
([31c0066](31c006606f))
- **admin:** update the API
([79ce913](79ce9133d7))
- **advisorynotifications:** update the API
([0f44091](0f440919dd))
- **aiplatform:** update the API
([66739ce](66739ce624))
- **alloydb:** update the API
([590f835](590f835773))
- **analyticsdata:** update the API
([25d0b67](25d0b6763e))
- **analyticshub:** update the API
([8279edf](8279edf154))
- **androidpublisher:** update the API
([c6d69a0](c6d69a049d))
- **artifactregistry:** update the API
([6fda22c](6fda22c487))
- **assuredworkloads:** update the API
([41debeb](41debeba59))
- **backupdr:** update the API
([1018945](1018945770))
- **batch:** update the API
([9ef21e0](9ef21e0459))
- **bigquery:** update the API
([f1deeab](f1deeabbb0))
- **blockchainnodeengine:** update the API
([07ac2e7](07ac2e721d))
- **chat:** update the API
([88428f0](88428f0d91))
- **checks:** update the API
([2d78a72](2d78a72c71))
- **cloudbilling:** update the API
([857a51e](857a51e47b))
- **cloudbuild:** update the API
([ddf4c10](ddf4c10cf4))
- **cloudchannel:** update the API
([aecac6b](aecac6be45))
- **clouddeploy:** update the API
([62d7fd6](62d7fd6070))
- **cloudfunctions:** update the API
([c5aae9a](c5aae9a7cf))
- **cloudprofiler:** update the API
([2933bff](2933bff415))
- **cloudsupport:** update the API
([feb88b5](feb88b5521))
- **composer:** update the API
([53b83d6](53b83d65b1))
- **compute:** update the API
([ffbf00b](ffbf00b1c1))
- **connectors:** update the API
([f433bd6](f433bd6284))
- **container:** update the API
([cac432f](cac432f882))
- **content:** update the API
([c0dd4c0](c0dd4c0bc2))
- **datacatalog:** update the API
([a939d7e](a939d7eaf2))
- **dataflow:** update the API
([9721cda](9721cda955))
- **dataform:** update the API
([d2bfeab](d2bfeabcbe))
- **datafusion:** update the API
([413c94e](413c94e5db))
- **dataplex:** update the API
([8da4b12](8da4b128b1))
- **dataproc:** update the API
([5a60626](5a606262b3))
- **dialogflow:** update the API
([8829da4](8829da4a7e))
- **discoveryengine:** update the API
([567c02d](567c02d288))
- **dlp:** update the API
([7cbdc6a](7cbdc6aaf4))
- **dns:** update the API
([f783244](f7832440a5))
- **documentai:** update the API
([01cc7b5](01cc7b5994))
- **drivelabels:** update the API
([50a1b75](50a1b75751))
- **drive:** update the API
([c07f193](c07f193c33))
- **file:** update the API
([324d0f6](324d0f69b3))
- **firebaseappcheck:** update the API
([c8fb050](c8fb050246))
- **firebaserules:** update the API
([2a44570](2a445705f0))
- **gkehub:** update the API
([044e086](044e0861ed))
- **gkeonprem:** update the API
([6c9398e](6c9398e54e))
- **gmail:** update the API
([c7698bd](c7698bda1d))
- **healthcare:** update the API
([d34ee61](d34ee618f9))
- **metastore:** update the API
([6887f67](6887f67506))
- **migrationcenter:** update the API
([e890439](e890439ac6))
- **monitoring:** update the API
([738848d](738848dcb6))
- **networkmanagement:** update the API
([d8a3556](d8a35563fc))
- **networksecurity:** update the API
([166232f](166232fe14))
- **networkservices:** update the API
([076de17](076de17ce5))
- **notebooks:** update the API
([a08d104](a08d104800))
- **orgpolicy:** update the API
([5c8f8c7](5c8f8c727c))
- **oslogin:** update the API
([f1475c5](f1475c544f))
- **paymentsresellersubscription:** update the API
([d79cf5a](d79cf5a6cf))
- **playdeveloperreporting:** update the API
([6ef5718](6ef5718e6e))
- **policysimulator:** update the API
([58e6545](58e654547c))
- **prod\_tt\_sasportal:** update the API
([99b92fe](99b92fe5d9))
- **pubsub:** update the API
([f17fac3](f17fac34c0))
- **recaptchaenterprise:** update the API
([7952baa](7952baabbe))
- **recommender:** update the API
([76b9501](76b9501327))
- **redis:** update the API
([fd4636b](fd4636b1c9))
- regenerate index files
([33f2d78](33f2d78b2c))
- **retail:** update the API
([0aa095b](0aa095b51a))
- **run:** update the API
([48a19bf](48a19bf416))
- **sasportal:** update the API
([2459cce](2459cce1e4))
- **script:** update the API
([0520e5e](0520e5efd5))
- **securitycenter:** update the API
([74c634a](74c634a34a))
- **serviceconsumermanagement:** update the API
([0552119](05521190fe))
- **servicemanagement:** update the API
([429940b](429940b1b4))
- **servicenetworking:** update the API
([42a1422](42a142249e))
- **serviceusage:** update the API
([c2ad070](c2ad070ce4))
- **storage:** update the API
([c0609c9](c0609c901b))
- **translate:** update the API
([77a0522](77a05229d2))
- **vault:** update the API
([db163fd](db163fd3b3))
- **vision:** update the API
([77a0a91](77a0a9136e))
- **vpcaccess:** update the API
([8db5275](8db52757e6))
- **workloadmanager:** update the API
([4c49597](4c4959752e))
- **workstations:** update the API
([174cd20](174cd20129))
##### Bug Fixes
- **accessapproval:** update the API
([227915d](227915d92f))
- **analyticsadmin:** update the API
([b858170](b858170642))
- **androidmanagement:** update the API
([35f8862](35f886254c))
- **apphub:** update the API
([e5a7c92](e5a7c92a2a))
- **binaryauthorization:** update the API
([7f20317](7f20317264))
- **calendar:** update the API
([e6ba462](e6ba462408))
- **chromepolicy:** update the API
([a5a5351](a5a5351998))
- **classroom:** update the API
([9d2ed12](9d2ed12202))
- **cloudasset:** update the API
([20a91d5](20a91d5cb6))
- **cloudidentity:** update the API
([5155e11](5155e11cd2))
- **cloudkms:** update the API
([90bab2c](90bab2c738))
- **cloudscheduler:** update the API
([2c7b902](2c7b90229a))
- **cloudtasks:** update the API
([a8d66db](a8d66db055))
- **contactcenterinsights:** update the API
([828c5d3](828c5d3e08))
- **datamigration:** update the API
([56a65a8](56a65a8590))
- **deploymentmanager:** update the API
([b48abef](b48abef098))
- **displayvideo:** update the API
([299cf97](299cf97f91))
- **firebaseappdistribution:** update the API
([b102fcc](b102fccab5))
- **gkebackup:** update the API
([30ca612](30ca612728))
- **iam:** update the API
([4e12124](4e121245a3))
- **iap:** update the API
([65c644e](65c644e9de))
- **language:** update the API
([77252e1](77252e1b9c))
- **logging:** update the API
([1b4dc67](1b4dc6732c))
- **mybusinessbusinessinformation:** update the API
([5e4c0fe](5e4c0fe093))
- **places:** update the API
([6bbdf72](6bbdf72e3e))
- **policytroubleshooter:** update the API
([ad18f3b](ad18f3b0f6))
- **privateca:** update the API
([b230959](b23095912e))
- **runtimeconfig:** update the API
([0dfe961](0dfe9610eb))
- **secretmanager:** update the API
([a202268](a202268db9))
- **servicedirectory:** update the API
([ddc06a2](ddc06a219b))
- **sourcerepo:** update the API
([1965102](19651026ae))
- **spanner:** update the API
([ce99980](ce99980e71))
- **sqladmin:** update the API
([de59e8d](de59e8dd22))
- **storagetransfer:** update the API
([d6081de](d6081dea7d))
- **videointelligence:** update the API
([9d377f5](9d377f5e3e))
- **vmmigration:** update the API
([68a1d5f](68a1d5fede))
- **walletobjects:** update the API
([920ddc7](920ddc780c))
- **workflowexecutions:** update the API
([6553987](6553987f65))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Unified icon picker with consistent rendering across the app.
- Picker can auto-close after selection.
- “Remove” now clears the icon selection.
- Refactor
- Icon handling consolidated across editors, navigation, and document
titles for consistent behavior.
- Picker now opens on the Emoji panel by default.
- Style
- Adjusted line-height and selectors for icon picker visuals.
- Chores
- Removed unused emoji-mart dependencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Ensures deleted sessions and their messages are consistently cleaned
up, preventing lingering pinned or partially removed items.
* **Refactor**
* Streamlined session cleanup into a single bulk operation for improved
reliability and performance during deletions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added a Subscription section in Mobile Settings (for signed-in users)
with plan info and an Upgrade button that opens the native paywall.
- Supports showing “Pro” and “AI” paywalls.
- Integrated native paywall provider on iOS.
- Style
- Introduced new styling for the subscription card, content, and button.
- Localization
- Added English strings for subscription title, description, and button.
- Chores
- Minor iOS project cleanup and internal wiring to enable the paywall
module.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Subscriptions now include an explicit "trial" flag so trialing users
are identified and treated correctly.
- Bug Fixes
- More robust handling when webhook fields are missing or null.
- Improved family-sharing detection to avoid incorrect async processing.
- Refactor
- Status determination and store resolution simplified to rely on
subscription data rather than event payloads.
- Tests
- Test fixtures updated to include trial and store details for accuracy.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- In-app purchases fully integrated for Pro and AI plans with restore,
live product loading, and StoreKit test configuration.
- Improvements
- Refreshed paywall: intro animation, delayed close button, smoother
horizontal paging, page dots interaction, per-item reveal animations,
and purchase-state UI (disabled/checked when owned).
- Changes
- "Believer" plan and related screens removed; Pro simplified to Monthly
and Annual offerings.
- Chores
- iOS project and build settings updated for newer toolchain and
StoreKit support.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
#### PR Dependency Tree
* **PR #13641** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Insert HTML content directly into the document as a code block with
preview enabled.
* Default view changed from Code to Preview for faster content
inspection.
* New “Insert” action replaces the previous “Download” action to add
content into the document.
* Added a dedicated “Download HTML” button with an icon to save the HTML
file.
* Toast notifications confirm successful insertions; errors are reported
if insertion fails.
* Updated button labeling to reflect the new workflow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* MCP Server integration available in cloud workspaces with a dedicated
settings panel.
* Manage personal access tokens: generate/revoke tokens and view
revealed token.
* One-click copy of a prefilled server configuration JSON.
* New query to fetch revealed access tokens.
* **Improvements**
* Integration list adapts to workspace type (cloud vs. local).
* More reliable token refresh with clearer loading, error and
revalidation states.
* **Localization**
* Added “Copied to clipboard” message and MCP Server name/description
translations.
* **Chores**
* Updated icon dependency across many packages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Icon Picker added with Emoji and Icon panels, search/filtering, recent
selections, color selection, skin tone options, and smooth group
navigation.
- **Documentation**
- Storybook example added to preview and test the Icon Picker.
- **Chores**
- Bumped icon library dependency to a newer minor version.
- Added emoji data dependency to support the Emoji Picker.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive API documentation available at /api/docs when running in
development.
* **Chores**
* Added a development dependency to enable generation of the API
documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* RevenueCat support: public webhook endpoint, webhook handler/service,
nightly reconciliation and per-user sync; subscriptions now expose
provider and iapStore; new user-facing error for App Store/Play-managed
subscriptions.
* **Chores**
* Multi-provider subscription schema (Provider, IapStore); Stripe
credentials moved into payment.stripe (top-level apiKey/webhookKey
deprecated); new payment.revenuecat config and defaults added.
* **Tests**
* Comprehensive RevenueCat integration test suite and snapshots.
* **Documentation**
* Admin config descriptions updated with deprecation guidance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Fetch copilot model options per prompt (default, optional, pro) with
generated GraphQL query and schema types.
* **Chores**
* Upgraded iOS deps: Apollo iOS 1.23.0, EventSource 0.1.5, Swift
Collections 1.2.1.
* Switched Intelligents to static linking and updated project
integration.
* Parameterized and standardized GraphQL codegen tooling; setup
automation now syncs versions and safely backs up/restores custom
scalars.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="757" height="447" alt="截屏2025-09-22 17 49 34"
src="https://github.com/user-attachments/assets/bab96f45-112e-4d74-bc38-54429d8a54ab"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Subscription-aware AI model picker in chat: browse models with version
and category, see active selection, switch models, and receive
notifications when choosing pro models without a subscription.
Selections persist across sessions.
- Central AI model service wired into chat UI for consistent model
selection and availability.
- Changes
- Streamlined AI model availability: reduced to a curated set for a more
focused experience.
- Context menu buttons can display supplemental info next to labels.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
fix#13627
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added configurable display names for primary and fallback SMTP
servers, improving email sender identification.
* Defaults to “AFFiNE Server,” with support for MAILER_SERVERNAME
environment variable for the primary SMTP.
* Exposed in admin settings for easy setup alongside existing SMTP
options.
* Names are now passed through to mail transport options for consistent
use across emails.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Press Enter inside a callout splits the paragraph at the cursor into a
new focused paragraph.
- Clicking an empty callout inserts and focuses a new paragraph; emoji
menu behavior unchanged.
- New command to convert a callout paragraph to callout/selection flow
for Backspace handling.
- New native API: ShareableContent.isUsingMicrophone(processId).
- Bug Fixes
- Backspace inside callout paragraphs now merges or deletes text
predictably and selects the callout when appropriate.
- Style
- Callout layout refined: top-aligned content and adjusted emoji
spacing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Rename dialog now edits per-item explorer icons (emoji or custom) and
can skip name-change callbacks. Doc icon picker added to the editor with
localized "Add icon" placeholder and readonly rendering. Icon editor
supports fallbacks, trigger variants, and improved input/test-id wiring.
- **Style**
- Updated icon picker and trigger sizing and placeholder visuals;
title/icon layout adjustments.
- **Chores**
- Explorer icon storage and module added to persist and serve icons
across the app.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to
3.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases">dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.7</h2>
<ul>
<li>Added new attributes and elements to default allow-list, thanks <a
href="https://github.com/elrion018"><code>@elrion018</code></a></li>
<li>Added <code>tagName</code> parameter to custom element
<code>attributeNameCheck</code>, thanks <a
href="https://github.com/nelstrom"><code>@nelstrom</code></a></li>
<li>Added better check for animated <code>href</code> attributes, thanks
<a href="https://github.com/llamakko"><code>@llamakko</code></a></li>
<li>Updated and improved the bundled types, thanks <a
href="https://github.com/ssi02014"><code>@ssi02014</code></a></li>
<li>Updated several tests to better align with new browser encoding
behaviors</li>
<li>Improved the handling of potentially risky content inside CDATA
elements, thanks <a
href="https://github.com/securityMB"><code>@securityMB</code></a> &
<a href="https://github.com/terjanq"><code>@terjanq</code></a></li>
<li>Improved the regular expression for raw-text elements to cover
textareas, thanks <a
href="https://github.com/securityMB"><code>@securityMB</code></a> &
<a href="https://github.com/terjanq"><code>@terjanq</code></a></li>
</ul>
<h2>DOMPurify 3.2.6</h2>
<ul>
<li>Fixed several typos and removed clutter from our documentation,
thanks <a
href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li>
<li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a
href="https://github.com/kleinesfilmroellchen"><code>@kleinesfilmroellchen</code></a></li>
<li>Added better config hardening against prototype pollution, thanks <a
href="https://github.com/EffectRenan"><code>@EffectRenan</code></a></li>
<li>Added better handling of attribute removal, thanks <a
href="https://github.com/michalnieruchalski-tiugo"><code>@michalnieruchalski-tiugo</code></a></li>
<li>Added better configuration for aggressive mXSS scrubbing behavior,
thanks <a
href="https://github.com/BryanValverdeU"><code>@BryanValverdeU</code></a></li>
<li>Removed the script that caused the fake entry <a
href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060">CVE-2025-48050</a></li>
</ul>
<h2>DOMPurify 3.2.5</h2>
<ul>
<li>Added a check to the mXSS detection regex to be more strict, thanks
<a
href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li>
<li>Added ESM type imports in source, removes patch function, thanks <a
href="https://github.com/donmccurdy"><code>@donmccurdy</code></a></li>
<li>Added script to verify various TypeScript configurations, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Added more modern browsers to the Karma launchers list</li>
<li>Added Node 23.x to tested runtimes, removed Node 17.x</li>
<li>Fixed the generation of source maps, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code>
using the 'g' flag, thanks <a
href="https://github.com/hhk-png"><code>@hhk-png</code></a></li>
<li>Fixed a few typos in the README file</li>
</ul>
<h2>DOMPurify 3.2.4</h2>
<ul>
<li>Fixed a conditional and config dependent mXSS-style <a
href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a>
reported by <a
href="https://github.com/nsysean"><code>@nsysean</code></a></li>
<li>Added a new feature to allow specific hook removal, thanks <a
href="https://github.com/davecardwell"><code>@davecardwell</code></a></li>
<li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports,
thanks <a
href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li>
<li>Added better logic in case no window object is president, thanks <a
href="https://github.com/yehuya"><code>@yehuya</code></a></li>
<li>Updated some dependencies called out by dependabot</li>
<li>Updated license files etc to show the correct year</li>
</ul>
<h2>DOMPurify 3.2.3</h2>
<ul>
<li>Fixed two conditional sanitizer bypasses discovered by <a
href="https://github.com/parrot409"><code>@parrot409</code></a> and <a
href="https://x.com/slonser_"><code>@Slonser</code></a></li>
<li>Updated the attribute clobbering checks to prevent future bypasses,
thanks <a
href="https://github.com/parrot409"><code>@parrot409</code></a></li>
</ul>
<h2>DOMPurify 3.2.2</h2>
<ul>
<li>Fixed a possible bypass in case a rather specific config for custom
elements is set, thanks <a
href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li>
<li>Fixed several minor issues with the type definitions, thanks again
<a href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed a minor issue with the types reference for trusted types,
thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed a minor problem with the template detection regex on some
systems, thanks <a
href="https://github.com/svdb99"><code>@svdb99</code></a></li>
</ul>
<h2>DOMPurify 3.2.1</h2>
<ul>
<li>Fixed several minor issues with the type definitions, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a> <a
href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a
href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a
href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li>
<li>Fixed an issue with non-minified dist files and order of imports,
thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eaa0bdb26a"><code>eaa0bdb</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1144">#1144</a>
from cure53/main</li>
<li><a
href="f712593118"><code>f712593</code></a>
fix: removed a possibly dossy regex</li>
<li><a
href="eb9b3b6874"><code>eb9b3b6</code></a>
Merge branch 'main' of github.com:cure53/DOMPurify</li>
<li><a
href="ce006f705c"><code>ce006f7</code></a>
chore: Preparing 3.2.7 release</li>
<li><a
href="ef0e0cb6eb"><code>ef0e0cb</code></a>
chore: Preparing 3.2.6 release</li>
<li><a
href="2f09cd3c8e"><code>2f09cd3</code></a>
Update README.md</li>
<li><a
href="6a795bcf3e"><code>6a795bc</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1142">#1142</a>
from cure53/dependabot/github_actions/actions/setup-...</li>
<li><a
href="2458bbdfca"><code>2458bbd</code></a>
build(deps): bump actions/setup-node from 4 to 5</li>
<li><a
href="e43d3f3548"><code>e43d3f3</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1136">#1136</a>
from cure53/dependabot/github_actions/actions/checko...</li>
<li><a
href="6f5be37ee0"><code>6f5be37</code></a>
build(deps): bump actions/checkout from 4 to 5</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
|
[apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios)
| minor | `from: "1.22.0"` -> `from: "1.23.0"` |
|
[apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios)
| minor | `1.22.0` -> `1.23.0` |
---
### Release Notes
<details>
<summary>apollographql/apollo-ios (apollographql/apollo-ios)</summary>
###
[`v1.23.0`](https://redirect.github.com/apollographql/apollo-ios/blob/HEAD/CHANGELOG.md#v1230)
[Compare
Source](https://redirect.github.com/apollographql/apollo-ios/compare/1.22.0...1.23.0)
##### New
- **Added `requireNonOptionalMockFields` flag to
`ApolloCodegenConfiguration.OutputOptions`.
([#​669](https://redirect.github.com/apollographql/apollo-ios-dev/pull/669)):**
Added new flag to codegen output options to allow having non-optional
fields in the test mocks if desired. *Thank you to
[@​dwroth](https://redirect.github.com/dwroth) for the
contribution.*
##### Improvement
- **Added public initializer to `DatabaseRow`.
([#​664](https://redirect.github.com/apollographql/apollo-ios-dev/pull/664)):**
Not having a public initializer on `DatabasRow` was hindering the
ability to create custom `SQLiteDatabase` implementations. This solves
that by adding a public initializer to `DatabaseRow`.*Thank you to
[@​ChrisLaganiere](https://redirect.github.com/ChrisLaganiere) for
the contribution.*
##### Fixed
- **Unncessary deprecation warning in codegen options initializer.
([#​3563](https://redirect.github.com/apollographql/apollo-ios/issues/3563)):**
Added `@_disfavoredOverload` to the deprecated initialized in
`ApolloCodegenConfiguration` to prevent possible warnings caused by the
compiler selecting a deprecated initializer versus the new/current
initializer. See PR
[#​682](https://redirect.github.com/apollographql/apollo-ios-dev/pull/682).
*Thank you to
[@​CraigSiemens](https://redirect.github.com/CraigSiemens) for
raising the issue.*
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* The GraphQL interactive UI is now available only in development
environments and will not be accessible in production. This change
affects only the availability of the interactive interface; public
exports and API context types remain unchanged. Users in development can
continue to use the tool as before, while production deployments will no
longer expose the interactive UI.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Currently, it is only possible to disable all registrations. However, it
would be helpful if you could disable normal registration but enable
OAuth registration.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a setting to enable/disable new user signups via OAuth (default:
enabled).
* Admin Settings (Authentication) now includes a toggle for OAuth
signups.
* OAuth signup flow now respects this setting, preventing new
registrations via OAuth when disabled.
* Self-hosted configuration schema updated to include the new option.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Hudint Finn Weigand <dev@hudint.de>
Co-authored-by: DarkSky <darksky2048@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Add missing themed icon support for android app icon.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Android app icon now supports a monochrome variant for adaptive icons,
enabling themed icons on compatible launchers.
* Improved icon consistency and visibility across system themes
(including dark mode).
* Applied to both standard and round launcher icons.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixed spacing issue in AI partner description.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Improved readability by fixing a minor punctuation/spacing issue in
the project’s introductory text (added a space after a comma).
* Polished wording to better reflect professional tone without altering
meaning.
* No changes to functionality, configuration, or user workflows.
* No impact on APIs, interfaces, or compatibility.
* No additional steps required for users; purely a documentation
refinement.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Simplified the AI chat composer tip: removed the dynamic
embedding-status tooltip so only a single static caution remains — “AI
outputs can be misleading or wrong.”
* **Tests**
* One end-to-end test related to embedding status was commented out and
is no longer executed.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Requires https://github.com/toeverything/AFFiNE/pull/13606 to be merged.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Introduced an in-app Paywall with Pro, AI, and Believer plans, feature
previews, paging dots, and selectable pricing options.
- Added purchase and restore actions, plus a unified, polished UI using
new color/icon resources.
- Documentation
- Added Swift Code Style Guidelines.
- Chores
- Updated dependencies (including MarkdownView 3.4.2), added new
resource packages, and removed an unused dependency.
- Raised iOS deployment target to 16.5 and refreshed project settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Built-in Then-style DSL for fluent configuration.
- Centralized theming via a new resources library exposing standardized
colors and icons for SwiftUI and UIKit.
- Refactor
- Migrated color and icon accessors to the new resources provider.
- Removed redundant imports and streamlined UI configuration.
- Dependencies
- Updated MarkdownView to 3.4.2.
- Removed the Then third-party dependency; updated package sources;
added resources package and assets.
- Documentation
- Added iOS Swift code style and architecture guidelines.
- Chores
- Updated Xcode project format and repository ignore rules.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
fix AI-419
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- New API to fetch available models for a prompt, returning default,
optional, and pro models with human‑readable names.
- Added temperature and topP settings to prompt configuration for finer
control.
- Refactor
- When no model is chosen, the default model is used instead of
auto-picking a pro model.
- Model metadata across providers now includes readable names, improving
listings and selection UX.
- Tests
- Updated test snapshots and descriptions to reflect the new
default-model behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Introduced a new iOS Paywall plugin with a simple API to display a
paywall and receive a success response.
- Added JavaScript wrapper and type definitions for easy integration.
- Refactor
- Reorganized the iOS project structure for plugins.
- Chores
- Removed unused legacy iOS plugins to streamline the app and reduce
build complexity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Close
[BS-3610](https://linear.app/affine-design/issue/BS-3610/bug-每次按空格会出现重复单词-,特定输入法,比如swiftkey)
#### PR Dependency Tree
* **PR #13591**
* **PR #13590** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Android: More reliable Backspace/delete handling, preventing missed
inputs and double-deletions.
- Android: Cursor/selection is correctly restored after merging a
paragraph with the previous block.
- Android: Smoother IME composition input; captures correct composition
range.
- Deletion across lines and around embeds/empty lines is more
consistent.
- Chores
- Internal event handling updated to improve Android compatibility and
stability (no user-facing changes).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13591**
* **PR #13590** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
#### PR Dependency Tree
* **PR #13591** 👈
* **PR #13590**
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Improved drag-and-drop stability: draggables, drop targets, and
monitors now respond when option sources or external data change.
- Improved async actions and permission checks to always use the latest
callbacks and error handlers.
- Chores
- Lint/Prettier configs updated to ignore the Git directory.
- Upgraded oxlint dev dependency.
- Tests
- Updated several end-to-end tests for more reliable text selection,
focus handling, and timing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.3.5` ->
`6.3.6`](https://renovatebot.com/diffs/npm/vite/6.3.5/6.3.6) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[CVE-2025-58751](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c)
### Summary
Files starting with the same name with the public directory were served
bypassing the `server.fs` settings.
### Impact
Only apps that match the following conditions are affected:
- explicitly exposes the Vite dev server to the network (using --host or
[`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host))
- uses [the public directory
feature](https://vite.dev/guide/assets.html#the-public-directory)
(enabled by default)
- a symlink exists in the public directory
### Details
The
[servePublicMiddleware](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L79))
function is in charge of serving public files from the server. It
returns the
[viteServePublicMiddleware](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L106))
function which runs the needed tests and serves the page. The
viteServePublicMiddleware function [checks if the publicFiles variable
is
defined](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L111)),
and then uses it to determine if the requested page is public. In the
case that the publicFiles is undefined, the code will treat the
requested page as a public page, and go on with the serving function.
[publicFiles may be undefined if there is a symbolic link anywhere
inside the public
directory](9719497ade/packages/vite/src/node/publicDir.ts (L21)).
In that case, every requested page will be passed to the public serving
function. The serving function is based on the
[sirv](https://redirect.github.com/lukeed/sirv) library. Vite patches
the library to add the possibility to test loading access to pages, but
when the public page middleware [disables this
functionality](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L89))
since public pages are meant to be available always, regardless of
whether they are in the allow or deny list.
In the case of public pages, the serving function is [provided with the
path to the public
directory](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L85))
as a root directory. The code of the sirv library [uses the join
function to get the full path to the requested
file](d061616827/packages/sirv/index.mjs (L42)).
For example, if the public directory is "/www/public", and the requested
file is "myfile", the code will join them to the string
"/www/public/myfile". The code will then pass this string to the
normalize function. Afterwards, the code will [use the string's
startsWith
function](d061616827/packages/sirv/index.mjs (L43))
to determine whether the created path is within the given directory or
not. Only if it is, it will be served.
Since [sirv trims the trailing slash of the public
directory](d061616827/packages/sirv/index.mjs (L119)),
the string's startsWith function may return true even if the created
path is not within the public directory. For example, if the server's
root is at "/www", and the public directory is at "/www/p", if the
created path will be "/www/private.txt", the startsWith function will
still return true, because the string "/www/private.txt" starts with
"/www/p". To achieve this, the attacker will use ".." to ask for the
file "../private.txt". The code will then join it to the "/www/p"
string, and will receive "/www/p/../private.txt". Then, the normalize
function will return "/www/private.txt", which will then be passed to
the startsWith function, which will return true, and the processing of
the page will continue without checking the deny list (since this is the
public directory middleware which doesn't check that).
### PoC
Execute the following shell commands:
```
npm create vite@latest
cd vite-project/
mkdir p
cd p
ln -s a b
cd ..
echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({publicDir: path.resolve(__dirname, "p/"), server: {fs: {deny: [path.resolve(__dirname, "private.txt")]}}})' > vite.config.js
echo "secret" > private.txt
npm install
npm run dev
```
Then, in a different shell, run the following command:
`curl -v --path-as-is 'http://localhost:5173/private.txt'`
You will receive a 403 HTTP Response, because private.txt is denied.
Now in the same shell run the following command:
`curl -v --path-as-is 'http://localhost:5173/../private.txt'`
You will receive the contents of private.txt.
### Related links
-
f0113f3f82
####
[CVE-2025-58752](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3)
### Summary
Any HTML files on the machine were served regardless of the `server.fs`
settings.
### Impact
Only apps that match the following conditions are affected:
- explicitly exposes the Vite dev server to the network (using --host or
[server.host config
option](https://vitejs.dev/config/server-options.html#server-host))
- `appType: 'spa'` (default) or `appType: 'mpa'` is used
This vulnerability also affects the preview server. The preview server
allowed HTML files not under the output directory to be served.
### Details
The
[serveStaticMiddleware](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L123))
function is in charge of serving static files from the server. It
returns the
[viteServeStaticMiddleware](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L136))
function which runs the needed tests and serves the page. The
viteServeStaticMiddleware function [checks if the extension of the
requested file is
".html"](9719497ade/packages/vite/src/node/server/middlewares/static.ts (L144)).
If so, it doesn't serve the page. Instead, the server will go on to the
next middlewares, in this case
[htmlFallbackMiddleware](9719497ade/packages/vite/src/node/server/middlewares/htmlFallback.ts (L14)),
and then to
[indexHtmlMiddleware](9719497ade/packages/vite/src/node/server/middlewares/indexHtml.ts (L438)).
These middlewares don't perform any test against allow or deny rules,
and they don't make sure that the accessed file is in the root directory
of the server. They just find the file and send back its contents to the
client.
### PoC
Execute the following shell commands:
```
npm create vite@latest
cd vite-project/
echo "secret" > /tmp/secret.html
npm install
npm run dev
```
Then, in a different shell, run the following command:
`curl -v --path-as-is
'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'`
The contents of /tmp/secret.html will be returned.
This will also work for HTML files that are in the root directory of the
project, but are in the deny list (or not in the allow list). Test that
by stopping the running server (CTRL+C), and running the following
commands in the server's shell:
```
echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, "secret_files/*")]}}})' > [vite.config.js](http://vite.config.js)
mkdir secret_files
echo "secret txt" > secret_files/secret.txt
echo "secret html" > secret_files/secret.html
npm run dev
```
Then, in a different shell, run the following command:
`curl -v --path-as-is 'http://localhost:5173/secret_files/secret.txt'`
You will receive a 403 HTTP Response, because everything in the
secret_files directory is denied.
Now in the same shell run the following command:
`curl -v --path-as-is 'http://localhost:5173/secret_files/secret.html'`
You will receive the contents of secret_files/secret.html.
---
### Release Notes
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v6.3.6`](https://redirect.github.com/vitejs/vite/releases/tag/v6.3.6)
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v6.3.5...v6.3.6)
Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md)
for details.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11
to 2.4.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/browserify/sha.js/blob/master/CHANGELOG.md">sha.js's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/browserify/sha.js/compare/v2.4.11...v2.4.12">v2.4.12</a>
- 2025-07-01</h2>
<h3>Commits</h3>
<ul>
<li>[eslint] switch to eslint <a
href="7acadfbd3a"><code>7acadfb</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a
href="b46e7116eb"><code>b46e711</code></a></li>
<li>[eslint] fix package.json indentation <a
href="df9d521e16"><code>df9d521</code></a></li>
<li>[Tests] migrate from travis to GHA <a
href="c43c64adc6"><code>c43c64a</code></a></li>
<li>[Fix] support multi-byte wide typed arrays <a
href="f2a258e9f2"><code>f2a258e</code></a></li>
<li>[meta] reorder package.json <a
href="d8d77c0a72"><code>d8d77c0</code></a></li>
<li>[meta] add <code>npmignore</code> <a
href="35aec35c66"><code>35aec35</code></a></li>
<li>[Tests] avoid console logs <a
href="73e33ae0ca"><code>73e33ae</code></a></li>
<li>[Tests] fix tests run in batch <a
href="262913006e"><code>2629130</code></a></li>
<li>[Tests] drop node requirement to 0.10 <a
href="00c7f234aa"><code>00c7f23</code></a></li>
<li>[Dev Deps] update <code>buffer</code>,
<code>hash-test-vectors</code>, <code>standard</code>,
<code>tape</code>, <code>typedarray</code> <a
href="92b5de5f67"><code>92b5de5</code></a></li>
<li>[Tests] drop node requirement to v3 <a
href="9b5eca80fd"><code>9b5eca8</code></a></li>
<li>[meta] set engines to <code>&gt;= 4</code> <a
href="807084c5c0"><code>807084c</code></a></li>
<li>Only apps should have lockfiles <a
href="c72789c7a1"><code>c72789c</code></a></li>
<li>[Deps] update <code>inherits</code>, <code>safe-buffer</code> <a
href="5428cfc6f7"><code>5428cfc</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a
href="2dbe0aab41"><code>2dbe0aa</code></a></li>
<li>update README to reflect LICENSE <a
href="8938256dbb"><code>8938256</code></a></li>
<li>[Dev Deps] add missing peer dep <a
href="d52889688c"><code>d528896</code></a></li>
<li>[Dev Deps] remove unused <code>buffer</code> dep <a
href="94ca7247f4"><code>94ca724</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eb4ea2fd3d"><code>eb4ea2f</code></a>
v2.4.12</li>
<li><a
href="d8d77c0a72"><code>d8d77c0</code></a>
[meta] reorder package.json</li>
<li><a
href="df9d521e16"><code>df9d521</code></a>
[eslint] fix package.json indentation</li>
<li><a
href="35aec35c66"><code>35aec35</code></a>
[meta] add <code>npmignore</code></li>
<li><a
href="d52889688c"><code>d528896</code></a>
[Dev Deps] add missing peer dep</li>
<li><a
href="b46e7116eb"><code>b46e711</code></a>
[meta] add <code>auto-changelog</code></li>
<li><a
href="94ca7247f4"><code>94ca724</code></a>
[Dev Deps] remove unused <code>buffer</code> dep</li>
<li><a
href="2dbe0aab41"><code>2dbe0aa</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="73e33ae0ca"><code>73e33ae</code></a>
[Tests] avoid console logs</li>
<li><a
href="f2a258e9f2"><code>f2a258e</code></a>
[Fix] support multi-byte wide typed arrays</li>
<li>Additional commits viewable in <a
href="https://github.com/crypto-browserify/sha.js/compare/v2.4.11...v2.4.12">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for
sha.js since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Close
[BS-3625](https://linear.app/affine-design/issue/BS-3625/移动端database-table-view无法横向滚动)
#### PR Dependency Tree
* **PR #13494** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved iOS mobile table view scrolling: horizontal overflow is no
longer forcibly hidden, preventing clipped content and enabling smoother
horizontal navigation.
* Users can now access columns that previously appeared truncated on
narrow screens.
* Vertical scrolling behavior remains unchanged.
* No impact on non‑iOS devices.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Close
[AF-2789](https://linear.app/affine-design/issue/AF-2789/安卓客户端日期没了)
#### PR Dependency Tree
* **PR #13493** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved editing mode stability in mobile Kanban cells by preventing
redundant enter/exit transitions, resulting in smoother interactions and
reduced flicker.
* Enhanced mobile Table cells to avoid duplicate editing state changes,
minimizing unnecessary updates and improving responsiveness.
* Overall, editing transitions are now idempotent across affected mobile
views, reducing visual jitter and improving performance during edit
operations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
fix AI-417
#### PR Dependency Tree
* **PR #13492** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Copying code snippets now uses a rich format for improved paste
fidelity in compatible editors.
* Preserves code block formatting and language when pasted, reducing
manual cleanup.
* Continues to support plain text and HTML paste for broad
compatibility.
* Works more reliably when moving content within the app.
* Existing copy confirmation remains unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Close
[AI-415](https://linear.app/affine-design/issue/AI-415/code-artifact-复制更好的支持code-block和插入正文)
#### PR Dependency Tree
* **PR #13490** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Editor now deactivates when text selection moves outside the app,
preventing unintended interactions.
* Better handling when selection changes to external content, reducing
cases where the editor stayed active incorrectly.
* **Stability**
* Improved reliability around selection, focus, and visibility changes
to avoid accidental edits or actions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13490** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
#### PR Dependency Tree
* **PR #13464**
* **PR #13465**
* **PR #13471** 👈
* **PR #13472**
* **PR #13473**
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* DOM rendering added for groups, mind maps and connectors so group
titles/outlines and mindmap connectors are visible on canvas.
* Shapes now support right-to-left text with proper vertical alignment.
* **Improvements**
* Connector labels scale with viewport zoom for crisper display.
* Group-related selections (including nested groups) now update visuals
consistently.
* **Performance**
* Reduced DOM churn and fewer redraws during rendering and selection
changes.
* **Refactor**
* Renderer import/export surfaces consolidated with no user-facing
behavior changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
fix AI-415
#### PR Dependency Tree
* **PR #13489** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved code block stability to prevent layout shifts and overlapping
during syntax highlighting.
* Ensured consistent height and alignment for code snippets.
* **Style**
* Refined code block appearance for clearer, more polished presentation.
* **Chores**
* Internal adjustments to support more reliable rendering of highlighted
code.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13485** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Improved mobile toast notification layout for better responsiveness
across screen sizes.
* Replaced fixed left alignment with dynamic edge offsets, ensuring
consistent spacing near screen edges.
* Removed forced centering and rigid width constraints to reduce
clipping and overlap on narrow viewports.
* Visual behavior only; no changes to interaction or functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
> CLOSE PD-2697
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Removing an attachment chip now also removes duplicate attachments
with the same source, preventing duplicate attachments in the AI chat
chip list.
* Removing a selected context chip now also removes duplicate selected
contexts with the same identifier, preventing duplicate context chips.
* Attachments from different sources and chips of other types (document,
file, tag, collection) remain unaffected.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13464**
* **PR #13465** 👈
* **PR #13471**
* **PR #13472**
* **PR #13473**
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved stacking order across canvas elements (shapes, connectors,
brush, highlighter), reducing unexpected overlap.
* Corrected z-index application for placeholders and fully rendered
elements to ensure consistent layering during edits.
* **Refactor**
* Centralized z-index handling for canvas elements to provide
predictable, uniform layering behavior across the app.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13464** 👈
* **PR #13465**
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* DOM-based SVG rendering for Brush and Highlighter with zoom, rotation,
layering and improved visualization.
* **Refactor**
* Consolidated renderer exports into a single entry point for simpler
integration.
* **Chores**
* Updated view registrations to include the new DOM renderer extensions.
* Improved highlighter sizing consistency based on serialized bounds.
* **Revert**
* Removed highlighter renderer registration from the shape module.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13464** 👈
* **PR #13465**
* **PR #13471**
* **PR #13472**
* **PR #13473**
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
Close [AI-413](https://linear.app/affine-design/issue/AI-413)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Chat messages now scroll vertically, preventing content from being cut
off.
* Chat actions are no longer displayed or fetched, reducing unnecessary
loading.
* Peek view chat composer behavior is aligned with the main chat,
ensuring consistent feature availability across views.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Enforced a consistent step limit for AI responses across providers,
preventing excessively long generations in both text and streaming modes
for more predictable results.
- Refactor
- Centralized step limit configuration into a shared provider, ensuring
uniform behavior across providers and simplifying future maintenance.
- Standardized application of step limits in text generation and
streaming flows to align provider behavior and improve overall
reliability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
In recent versions of Android (or maybe webview), the
`KeyboardEvent.key` for the backspace key now has the correct value.
This PR remove the patch since it will trigger two delete actions when
press backspace at the first character of paragraph"
Related PR https://github.com/toeverything/AFFiNE/issues/10523
#### PR Dependency Tree
* **PR #13483** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Streamlined keyboard shortcut handling for greater consistency across
platforms.
* Reduced overhead by consolidating event bindings; no change to
expected shortcut behavior for end-users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13484** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Reduced repeated mobile editing notifications; the notice now appears
once and only reappears after you dismiss it.
- More consistent notification behavior on mobile for a less disruptive
editing experience.
- Refactor
- Streamlined internal event handling to improve reliability and reduce
potential listener leaks, resulting in smoother interactions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13481** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- The “Update payment method” prompt now appears only when your
subscription is past due.
- Payment Method section now shows whenever a paid plan record exists
(loading placeholders unchanged).
- Action button styling adjusts for past-due subscriptions (uses the
alternate/secondary style).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added GPT-5 family and made GPT-5/-mini the new defaults for Copilot
scenarios and prompts.
- Bug Fixes
- Improved streaming chunk formats and reasoning/text semantics,
consistent attachment mediaType handling, and more reliable reranking
via log-prob handling.
- Refactor
- Unified maxOutputTokens usage; removed per-call step caps and migrated
several tools to a unified inputSchema shape.
- Chores
- Upgraded AI SDK dependencies and bumped an internal dependency
version.
- Tests
- Updated mocks and tests to reference GPT-5 variants and new stream
formats.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
fix CLOUD-238, CLOUD-239
#### PR Dependency Tree
* **PR #13477** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Payment method management is now always available directly within AI
and Pro plan cards.
* **Bug Fixes**
* Past-due subscriptions are now included in subscription status
results, ensuring they appear in billing views.
* **Style**
* Plan actions are moved inline within each plan’s description for a
cleaner, more compact layout.
* Actions are grouped horizontally with improved spacing.
* Minor class name and spacing tweaks for consistent styling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="971" height="681" alt="iShot_2025-08-10_14 29 01"
src="https://github.com/user-attachments/assets/eff3e6d5-3129-42ac-aceb-994c18f675ab"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Mermaid diagram previews for code blocks with interactive zoom, pan,
and reset controls.
* Improved rendering feedback with loading, error states, retry
behavior, and fallback messaging.
* **Chores**
* Added Mermaid as a frontend dependency to enable diagram rendering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: L-Sun <zover.v@gmail.com>
fix#12721
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved handling of non‑ASCII filenames when unzipping archives: the
extractor now tries alternative encodings and validates results so
filenames are preserved and displayed correctly after extraction. This
change reduces corrupt or garbled names while keeping existing
extraction behavior otherwise unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Smarter embedding pipeline skips re-embedding when content hasn’t
changed; added content sanitization for embeddings and workspace content
retrieval.
- Bug Fixes
- Re-embedding now requires both a document update and the last
embedding being older than 10 minutes, reducing unnecessary work.
- Refactor
- Consolidated embedding preprocessing and moved sanitization utilities
into shared models; upserts now refresh stored content.
- Tests
- Expanded snapshot-based tests covering multiple time/age scenarios for
embedding decision logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Prevents accidental deletion of placeholder documents during embedding
cleanup.
* Improves accuracy when identifying documents to remove, using multiple
data sources.
* Skips unnecessary cleanup when no embeddings or snapshots exist,
reducing noise and overhead.
* **Chores**
* Streamlined and centralized document filtering logic to ensure
consistent cleanup behavior.
* Parallelized data checks to make cleanup more efficient without
changing user workflows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Close [AI-410](https://linear.app/affine-design/issue/AI-410)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- None
- Bug Fixes
- Middle-click panning now reliably returns to the previously active
tool, including after using Copilot or frame navigation.
- Smoother, more responsive transition into panning to reduce accidental
selections.
- Refactor
- Simplified AI panel click-outside handling with no change to
user-visible behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
> CLOSE PD-2698
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Optimized context chip handling in the AI chat composer to process
additions concurrently.
- Improves responsiveness when adding multiple documents or attachments
as context, reducing wait times and making the composing experience
smoother.
- No changes to visible functionality; users should notice faster
updates when selecting several items at once.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-11 09:42:18 +00:00
495 changed files with 47537 additions and 1823 deletions
"description":"Whether allow new registrations.\n@default true",
"default":true
},
"allowSignupForOauth":{
"type":"boolean",
"description":"Whether allow new registrations via configured oauth.\n@default true",
"default":true
},
"requireEmailDomainVerification":{
"type":"boolean",
"description":"Whether require email domain record verification before accessing restricted resources.\n@default false",
@@ -190,6 +195,11 @@
"type":"object",
"description":"Configuration for mailer module",
"properties":{
"SMTP.name":{
"type":"string",
"description":"Name of the email server (e.g. your domain name)\n@default \"AFFiNE Server\"\n@environment `MAILER_SERVERNAME`",
"default":"AFFiNE Server"
},
"SMTP.host":{
"type":"string",
"description":"Host of the email server (e.g. smtp.gmail.com)\n@default \"\"\n@environment `MAILER_HOST`",
@@ -225,6 +235,11 @@
"description":"The emails from these domains are always sent using the fallback SMTP server.\n@default []",
"default":[]
},
"fallbackSMTP.name":{
"type":"string",
"description":"Name of the fallback email server (e.g. your domain name)\n@default \"AFFiNE Server\"",
"default":"AFFiNE Server"
},
"fallbackSMTP.host":{
"type":"string",
"description":"Host of the email server (e.g. smtp.gmail.com)\n@default \"\"",
@@ -669,18 +684,18 @@
},
"scenarios":{
"type":"object",
"description":"Use custom models in scenarios and override default settings.\n@default {\"override_enabled\":false,\"scenarios\":{\"audio_transcribing\":\"gemini-2.5-flash\",\"chat\":\"claude-sonnet-4@20250514\",\"embedding\":\"gemini-embedding-001\",\"image\":\"gpt-image-1\",\"rerank\":\"gpt-4.1\",\"coding\":\"claude-sonnet-4@20250514\",\"complex_text_generation\":\"gpt-4o-2024-08-06\",\"quick_decision_making\":\"gpt-4.1-mini\",\"quick_text_generation\":\"gemini-2.5-flash\",\"polish_and_summarize\":\"gemini-2.5-flash\"}}",
"description":"Use custom models in scenarios and override default settings.\n@default {\"override_enabled\":false,\"scenarios\":{\"audio_transcribing\":\"gemini-2.5-flash\",\"chat\":\"gemini-2.5-flash\",\"embedding\":\"gemini-embedding-001\",\"image\":\"gpt-image-1\",\"rerank\":\"gpt-4.1\",\"coding\":\"claude-sonnet-4@20250514\",\"complex_text_generation\":\"gpt-4o-2024-08-06\",\"quick_decision_making\":\"gpt-5-mini\",\"quick_text_generation\":\"gemini-2.5-flash\",\"polish_and_summarize\":\"gemini-2.5-flash\"}}",
"default":{
"override_enabled":false,
"scenarios":{
"audio_transcribing":"gemini-2.5-flash",
"chat":"claude-sonnet-4@20250514",
"chat":"gemini-2.5-flash",
"embedding":"gemini-embedding-001",
"image":"gpt-image-1",
"rerank":"gpt-4.1",
"coding":"claude-sonnet-4@20250514",
"complex_text_generation":"gpt-4o-2024-08-06",
"quick_decision_making":"gpt-4.1-mini",
"quick_decision_making":"gpt-5-mini",
"quick_text_generation":"gemini-2.5-flash",
"polish_and_summarize":"gemini-2.5-flash"
}
@@ -1093,18 +1108,33 @@
},
"apiKey":{
"type":"string",
"description":"Stripe API key to enable payment service.\n@default \"\"\n@environment `STRIPE_API_KEY`",
"description":"[Deprecated] Stripe API key. Use payment.stripe.apiKey instead.\n@default \"\"\n@environment `STRIPE_API_KEY`",
"default":""
},
"webhookKey":{
"type":"string",
"description":"Stripe webhook key to enable payment service.\n@default \"\"\n@environment `STRIPE_WEBHOOK_KEY`",
"description":"[Deprecated] Stripe webhook key. Use payment.stripe.webhookKey instead.\n@default \"\"\n@environment `STRIPE_WEBHOOK_KEY`",
@@ -81,7 +81,7 @@ Star us, and you will receive all release notifications from GitHub without any
**Multimodal AI partner ready to kick in any work**
- Write up professional work report? Turn an outline into expressive and presentable slides? Summary an article into a well-structured mindmap? Sorting your job plan and backlog for tasks? Or... draw and code prototype apps and web pages directly all with one prompt? With you, [AFFiNE AI](https://affine.pro/ai) pushes your creativity to the edge of your imagination,just like [Canvas AI](https://affine.pro/blog/best-canvas-ai) to generate mind map for brainstorming.
- Write up professional work report? Turn an outline into expressive and presentable slides? Summary an article into a well-structured mindmap? Sorting your job plan and backlog for tasks? Or... draw and code prototype apps and web pages directly all with one prompt? With you, [AFFiNE AI](https://affine.pro/ai) pushes your creativity to the edge of your imagination,just like [Canvas AI](https://affine.pro/blog/best-canvas-ai) to generate mind map for brainstorming.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
