@lobehub/lobehub 2.0.0-next.124 → 2.0.0-next.125

package/.cursor/rules/db-migrations.mdc

@@ -5,7 +5,22 @@ alwaysApply: false
 
 # Database Migrations Guide
 
-## Defensive Programming - Use Idempotent Clauses
+## Step1: Generate migrations:
+
+```bash
+bun run db:generate
+```
+
+this step will generate or update the following files:
+
+- packages/database/migrations/0046_xxx.sql
+- packages/database/migrations/meta/\_journal.json
+
+## Step2: optimize the migration sql fileName
+
+the migration sql file name is randomly generated, we need to optimize the file name to make it more readable and meaningful. For example, `0046_xxx.sql` -> `0046_better_auth.sql`
+
+## Step3: Defensive Programming - Use Idempotent Clauses
 
 Always use defensive clauses to make migrations idempotent:
 

package/.cursor/rules/project-introduce.mdc

@@ -16,7 +16,7 @@ logo emoji: 🤯
 
 ## Project Technologies Stack
 
-- Next.js 15
+- Next.js 16
 - react 19
 - TypeScript
 - `@lobehub/ui`, antd for component framework

package/.cursor/rules/project-structure.mdc

@@ -16,17 +16,28 @@ lobe-chat/
 ├── apps/
 │   └── desktop/
 ├── docs/
+│   ├── changelog/
+│   ├── development/
+│   ├── self-hosting/
+│   └── usage/
 ├── locales/
 │   ├── en-US/
 │   └── zh-CN/
 ├── packages/
+│   ├── agent-runtime/
 │   ├── const/
 │   ├── context-engine/
+│   ├── conversation-flow/
 │   ├── database/
 │   │   ├── src/
 │   │   │   ├── models/
 │   │   │   ├── schemas/
 │   │   │   └── repositories/
+│   ├── electron-client-ipc/
+│   ├── electron-server-ipc/
+│   ├── fetch-sse/
+│   ├── file-loaders/
+│   ├── memory-extract/
 │   ├── model-bank/
 │   │   └── src/
 │   │       └── aiModels/
@@ -34,11 +45,16 @@ lobe-chat/
 │   │   └── src/
 │   │       ├── core/
 │   │       └── providers/
+│   ├── obervability-otel/
+│   ├── prompts/
+│   ├── python-interpreter/
+│   ├── ssrf-safe-fetch/
 │   ├── types/
 │   │   └── src/
 │   │       ├── message/
 │   │       └── user/
-│   └── utils/
+│   ├── utils/
+│   └── web-crawler/
 ├── public/
 ├── scripts/
 ├── src/
@@ -68,7 +84,9 @@ lobe-chat/
 │   │   ├── AuthProvider/
 │   │   └── GlobalProvider/
 │   ├── libs/
-│   │   └── oidc-provider/
+│   │   ├── better-auth/
+│   │   ├── oidc-provider/
+│   │   └── trpc/
 │   ├── locales/
 │   │   └── default/
 │   ├── server/

package/.env.example

@@ -4,9 +4,9 @@
 # Specify your API Key selection method, currently supporting `random` and `turn`.
 # API_KEY_SELECT_MODE=random
 
-########################################
-########### Security Settings ###########
-########################################
+# #######################################
+# ########## Security Settings ###########
+# #######################################
 
 # Control Content Security Policy headers
 # Set to '1' to enable X-Frame-Options and Content-Security-Policy headers
@@ -24,11 +24,11 @@
 # Example: Allow specific internal servers while keeping SSRF protection
 # SSRF_ALLOW_IP_ADDRESS_LIST=192.168.1.100,10.0.0.50
 
-########################################
-########## AI Provider Service #########
-########################################
+# #######################################
+# ######### AI Provider Service #########
+# #######################################
 
-### OpenAI ###
+# ## OpenAI ###
 
 # you openai api key
 OPENAI_API_KEY=sk-xxxxxxxxx
@@ -40,7 +40,7 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # OPENAI_MODEL_LIST=gpt-3.5-turbo
 
 
-### Azure OpenAI ###
+# ## Azure OpenAI ###
 
 # you can learn azure OpenAI Service on https://learn.microsoft.com/en-us/azure/ai-services/openai/overview
 # use Azure OpenAI Service by uncomment the following line
@@ -55,7 +55,7 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # AZURE_API_VERSION=2024-10-21
 
 
-### Anthropic Service ####
+# ## Anthropic Service ####
 
 # ANTHROPIC_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
@@ -63,19 +63,19 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # ANTHROPIC_PROXY_URL=https://api.anthropic.com
 
 
-### Google AI  ####
+# ## Google AI  ####
 
 # GOOGLE_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
-### AWS Bedrock  ###
+# ## AWS Bedrock  ###
 
 # AWS_REGION=us-east-1
 # AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxx
 # AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
-### Ollama AI ####
+# ## Ollama AI ####
 
 # You can use ollama to get and run LLM locally, learn more about it via https://github.com/ollama/ollama
 
@@ -85,132 +85,132 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # OLLAMA_MODEL_LIST=your_ollama_model_names
 
 
-### OpenRouter Service ###
+# ## OpenRouter Service ###
 
 # OPENROUTER_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 # OPENROUTER_MODEL_LIST=model1,model2,model3
 
 
-### Mistral AI ###
+# ## Mistral AI ###
 
 # MISTRAL_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### Perplexity Service ###
+# ## Perplexity Service ###
 
 # PERPLEXITY_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### Groq Service ####
+# ## Groq Service ####
 
 # GROQ_API_KEY=gsk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-#### 01.AI Service ####
+# ### 01.AI Service ####
 
 # ZEROONE_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### TogetherAI Service ###
+# ## TogetherAI Service ###
 
 # TOGETHERAI_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### ZhiPu AI ###
+# ## ZhiPu AI ###
 
 # ZHIPU_API_KEY=xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxx
 
-### Moonshot AI  ####
+# ## Moonshot AI  ####
 
 # MOONSHOT_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### Minimax AI  ####
+# ## Minimax AI  ####
 
 # MINIMAX_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### DeepSeek AI  ####
+# ## DeepSeek AI  ####
 
 # DEEPSEEK_PROXY_URL=https://api.deepseek.com/v1
 # DEEPSEEK_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### Qiniu AI  ####
+# ## Qiniu AI  ####
 
 # QINIU_PROXY_URL=https://api.qnaigc.com/v1
 # QINIU_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### Qwen AI  ####
+# ## Qwen AI  ####
 
 # QWEN_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### Cloudflare Workers AI  ####
+# ## Cloudflare Workers AI  ####
 
 # CLOUDFLARE_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 # CLOUDFLARE_BASE_URL_OR_ACCOUNT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### SiliconCloud AI  ####
+# ## SiliconCloud AI  ####
 
 # SILICONCLOUD_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
-### TencentCloud AI  ####
+# ## TencentCloud AI  ####
 
 # TENCENT_CLOUD_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### PPIO ####
+# ## PPIO ####
 
 # PPIO_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### INFINI-AI ###
+# ## INFINI-AI ###
 
 # INFINIAI_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
-### 302.AI ###
+# ## 302.AI ###
 
 # AI302_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### ModelScope ###
+# ## ModelScope ###
 
 # MODELSCOPE_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### AiHubMix ###
+# ## AiHubMix ###
 
 # AIHUBMIX_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### BFL ###
+# ## BFL ###
 
 # BFL_API_KEY=bfl-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### FAL ###
+# ## FAL ###
 
 # FAL_API_KEY=fal-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-########################################
-######### AI Image Settings ############
-########################################
+# #######################################
+# ######## AI Image Settings ############
+# #######################################
 
 # Default image generation count (range: 1-20, default: 4)
 # AI_IMAGE_DEFAULT_IMAGE_NUM=4
 
-### Nebius ###
+# ## Nebius ###
 
 # NEBIUS_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-### NewAPI Service ###
+# ## NewAPI Service ###
 
 # NEWAPI_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 # NEWAPI_PROXY_URL=https://your-newapi-server.com
 
-### Vercel AI Gateway ###
+# ## Vercel AI Gateway ###
 
 # VERCELAIGATEWAY_API_KEY=your_vercel_ai_gateway_api_key
 
 
-########################################
-############ Market Service ############
-########################################
+# #######################################
+# ########### Market Service ############
+# #######################################
 
 # The LobeChat agents market index url
 # AGENTS_INDEX_URL=https://chat-agents.lobehub.com
 
-########################################
-############ Plugin Service ############
-########################################
+# #######################################
+# ########### Plugin Service ############
+# #######################################
 
 # The LobeChat plugins store index url
 # PLUGINS_INDEX_URL=https://chat-plugins.lobehub.com
@@ -219,9 +219,9 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # the format is `plugin-identifier:key1=value1;key2=value2`, multiple settings fields are separated by semicolons `;`, multiple plugin settings are separated by commas `,`.
 # PLUGIN_SETTINGS=search-engine:SERPAPI_API_KEY=xxxxx
 
-########################################
-####### Doc / Changelog Service ########
-########################################
+# #######################################
+# ###### Doc / Changelog Service ########
+# #######################################
 
 # Use in Changelog / Document service cdn url prefix
 # DOC_S3_PUBLIC_DOMAIN=https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@@ -231,9 +231,9 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # DOC_S3_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
-########################################
-##### S3 Object Storage Service ########
-########################################
+# #######################################
+# #### S3 Object Storage Service ########
+# #######################################
 
 # S3 keys
 # S3_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@@ -253,19 +253,19 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # S3_REGION=us-west-1
 
 
-########################################
-############ Auth Service ##############
-########################################
+# #######################################
+# ########### Auth Service ##############
+# #######################################
 
 
 # Clerk related configurations
 
 # Clerk public key and secret key
-#NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx
-#CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx
+# NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_live_xxxxxxxxxxx
+# CLERK_SECRET_KEY=sk_live_xxxxxxxxxxxxxxxxxxxxxx
 
 # you need to config the clerk webhook secret key if you want to use the clerk with database
-#CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx
+# CLERK_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxxxxx
 
 # Clear allow origin https://clerk.com/docs/guides/dashboard/dns-domains/satellite-domains
 # Authentication across different domains , use,to splite different origin
@@ -280,23 +280,106 @@ OPENAI_API_KEY=sk-xxxxxxxxx
 # AUTH_AUTH0_SECRET=
 # AUTH_AUTH0_ISSUER=https://your-domain.auth0.com
 
-########################################
-########## Server Database #############
-########################################
+# Better-Auth related configurations
+# NEXT_PUBLIC_ENABLE_BETTER_AUTH=1
+
+# Auth Secret (use `openssl rand -base64 32` to generate)
+# Shared between Better-Auth and Next-Auth
+# AUTH_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+# Auth URL (accessible from browser, optional if same domain)
+# NEXT_PUBLIC_AUTH_URL=http://localhost:3210
+
+# Require email verification before allowing users to sign in (default: false)
+# Set to '1' to force users to verify their email before signing in
+# NEXT_PUBLIC_AUTH_EMAIL_VERIFICATION=0
+
+# SSO Providers Configuration (for Better-Auth)
+# Comma-separated list of enabled OAuth providers
+# Supported providers: auth0, authelia, authentik, casdoor, cloudflare-zero-trust, cognito, generic-oidc, github, google, keycloak, logto, microsoft, microsoft-entra-id, okta, zitadel
+# Example: AUTH_SSO_PROVIDERS=google,github,auth0,microsoft-entra-id
+# AUTH_SSO_PROVIDERS=
+
+# Google OAuth Configuration (for Better-Auth)
+# Get credentials from: https://console.cloud.google.com/apis/credentials
+# Authorized redirect URIs:
+# - Development: http://localhost:3210/api/auth/callback/google
+# - Production: https://yourdomain.com/api/auth/callback/google
+# GOOGLE_CLIENT_ID=xxxxx.apps.googleusercontent.com
+# GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxxxxxxxxxx
+
+# GitHub OAuth Configuration (for Better-Auth)
+# Get credentials from: https://github.com/settings/developers
+# Create a new OAuth App with:
+# Authorized callback URL:
+# - Development: http://localhost:3210/api/auth/callback/github
+# - Production: https://yourdomain.com/api/auth/callback/github
+# GITHUB_CLIENT_ID=Ov23xxxxxxxxxxxxx
+# GITHUB_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+# AWS Cognito OAuth Configuration (for Better-Auth)
+# Get credentials from: https://console.aws.amazon.com/cognito
+# Setup steps:
+# 1. Create a User Pool with App Client
+# 2. Configure Hosted UI domain
+# 3. Enable "Authorization code grant" OAuth flow
+# 4. Set OAuth scopes: openid, profile, email
+# Authorized callback URL:
+# - Development: http://localhost:3210/api/auth/callback/cognito
+# - Production: https://yourdomain.com/api/auth/callback/cognito
+# COGNITO_CLIENT_ID=xxxxxxxxxxxxxxxxxxxxx
+# COGNITO_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+# COGNITO_DOMAIN=your-app.auth.us-east-1.amazoncognito.com
+# COGNITO_REGION=us-east-1
+# COGNITO_USERPOOL_ID=us-east-1_xxxxxxxxx
+
+# Microsoft OAuth Configuration (for Better-Auth)
+# Get credentials from: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
+# Create a new App Registration in Microsoft Entra ID (Azure AD)
+# Authorized redirect URL:
+# - Development: http://localhost:3210/api/auth/callback/microsoft
+# - Production: https://yourdomain.com/api/auth/callback/microsoft
+# MICROSOFT_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+# MICROSOFT_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+# #######################################
+# ########## Email Service ##############
+# #######################################
+
+# SMTP Server Configuration (required for email verification with Better-Auth)
+
+# SMTP server hostname (e.g., smtp.gmail.com, smtp.office365.com)
+# SMTP_HOST=smtp.example.com
+
+# SMTP server port (usually 587 for TLS, or 465 for SSL)
+# SMTP_PORT=587
+
+# Use secure connection (set to 'true' for port 465, 'false' for port 587)
+# SMTP_SECURE=false
+
+# SMTP authentication username (usually your email address)
+# SMTP_USER=your-email@example.com
+
+# SMTP authentication password (use app-specific password for Gmail)
+# SMTP_PASS=your-password-or-app-specific-password
+
+# #######################################
+# ######### Server Database #############
+# #######################################
 
 # Postgres database URL
 # DATABASE_URL=postgres://username:password@host:port/database
 
 # use `openssl rand -base64 32` to generate a key for the encryption of the database
 # we use this key to encrypt the user api key and proxy url
-#KEY_VAULTS_SECRET=xxxxx/xxxxxxxxxxxxxx=
+# KEY_VAULTS_SECRET=xxxxx/xxxxxxxxxxxxxx=
 
 # Specify the Embedding model and Reranker model(unImplemented)
 # DEFAULT_FILES_CONFIG="embedding_model=openai/embedding-text-3-small,reranker_model=cohere/rerank-english-v3.0,query_mode=full_text"
 
-########################################
-########## MCP Service Config ##########
-########################################
+# #######################################
+# ######### MCP Service Config ##########
+# #######################################
 
 # MCP tool call timeout (milliseconds)
 # MCP_TOOL_TIMEOUT=60000

package/.env.example.development

@@ -32,19 +32,17 @@ DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@localhost:5432/${LOBE_DB
 DATABASE_DRIVER=node
 
 # Authentication Configuration
-# Enable NextAuth authentication
-NEXT_PUBLIC_ENABLE_NEXT_AUTH=1
+# Enable Better Auth authentication
+NEXT_PUBLIC_ENABLE_BETTER_AUTH=1
 
-# NextAuth secret for JWT signing (generate with: openssl rand -base64 32)
-NEXT_AUTH_SECRET=${UNSAFE_SECRET}
-
-NEXTAUTH_URL=${APP_URL}
+# Better Auth secret for JWT signing (generate with: openssl rand -base64 32)
+AUTH_SECRET=${UNSAFE_SECRET}
 
 # Authentication URL
-AUTH_URL=${APP_URL}/api/auth
+NEXT_PUBLIC_AUTH_URL=${APP_URL}
 
 # SSO providers configuration - using Casdoor for development
-NEXT_AUTH_SSO_PROVIDERS=casdoor
+AUTH_SSO_PROVIDERS=casdoor
 
 # Casdoor Configuration
 # Casdoor service port

package/AGENTS.md

@@ -6,13 +6,12 @@ This document serves as a comprehensive guide for all team members when developi
 
 Built with modern technologies:
 
-- **Frontend**: Next.js 15, React 19, TypeScript
+- **Frontend**: Next.js 16, React 19, TypeScript
 - **UI Components**: Ant Design, @lobehub/ui, antd-style
 - **State Management**: Zustand, SWR
 - **Database**: PostgreSQL, PGLite, Drizzle ORM
 - **Testing**: Vitest, Testing Library
 - **Package Manager**: pnpm (monorepo structure)
-- **Build Tools**: Next.js (Turbopack in dev, Webpack in prod)
 
 ## Directory Structure
 
@@ -39,7 +38,6 @@ The project follows a well-organized monorepo structure:
 - Use `pnpm` as the primary package manager
 - Use `bun` to run npm scripts
 - Use `bunx` to run executable npm packages
-- Navigate to specific packages using `cd packages/<package-name>`
 
 ### Code Style Guidelines
 

package/CHANGELOG.md

@@ -2,6 +2,31 @@
 
 # Changelog
 
+## [Version 2.0.0-next.125](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.124...v2.0.0-next.125)
+
+<sup>Released on **2025-11-27**</sup>
+
+#### ✨ Features
+
+- **misc**: Support better-auth.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's improved
+
+- **misc**: Support better-auth, closes [#10215](https://github.com/lobehub/lobe-chat/issues/10215) ([dc62cc9](https://github.com/lobehub/lobe-chat/commit/dc62cc9))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ## [Version 2.0.0-next.124](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.123...v2.0.0-next.124)
 
 <sup>Released on **2025-11-27**</sup>

package/Dockerfile

@@ -37,7 +37,7 @@ FROM base AS builder
 
 ARG USE_CN_MIRROR
 ARG NEXT_PUBLIC_BASE_PATH
-ARG NEXT_PUBLIC_ENABLE_NEXT_AUTH
+ARG NEXT_PUBLIC_ENABLE_BETTER_AUTH
 ARG NEXT_PUBLIC_ENABLE_CLERK_AUTH
 ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
 ARG NEXT_PUBLIC_SENTRY_DSN
@@ -52,7 +52,7 @@ ARG FEATURE_FLAGS
 ENV NEXT_PUBLIC_BASE_PATH="${NEXT_PUBLIC_BASE_PATH}" \
     FEATURE_FLAGS="${FEATURE_FLAGS}"
 
-ENV NEXT_PUBLIC_ENABLE_NEXT_AUTH="${NEXT_PUBLIC_ENABLE_NEXT_AUTH:-1}" \
+ENV NEXT_PUBLIC_ENABLE_BETTER_AUTH="${NEXT_PUBLIC_ENABLE_BETTER_AUTH:-1}" \
     NEXT_PUBLIC_ENABLE_CLERK_AUTH="${NEXT_PUBLIC_ENABLE_CLERK_AUTH:-0}" \
     NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="${NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY}" \
     CLERK_WEBHOOK_SECRET="whsec_xxx" \
@@ -177,10 +177,10 @@ ENV KEY_VAULTS_SECRET="" \
     DATABASE_DRIVER="node" \
     DATABASE_URL=""
 
-# Next Auth
-ENV NEXT_AUTH_SECRET="" \
-    NEXT_AUTH_SSO_PROVIDERS="" \
-    NEXTAUTH_URL=""
+# Better Auth
+ENV AUTH_SECRET="" \
+    AUTH_SSO_PROVIDERS="" \
+    NEXT_PUBLIC_AUTH_URL=""
 
 # Clerk
 ENV CLERK_SECRET_KEY="" \

package/GEMINI.md

@@ -0,0 +1,63 @@
+# GEMINI.md
+
+This document serves as a shared guideline for all team members when using Gemini CLI in this repository.
+
+## Tech Stack
+
+read @.cursor/rules/project-introduce.mdc
+
+## Directory Structure
+
+read @.cursor/rules/project-structure.mdc
+
+## Development
+
+### Git Workflow
+
+- use rebase for git pull
+- git commit message should prefix with gitmoji
+- git branch name format example: tj/feat/feature-name
+- use .github/PULL_REQUEST_TEMPLATE.md to generate pull request description
+
+### Package Management
+
+This repository adopts a monorepo structure.
+
+- Use `pnpm` as the primary package manager for dependency management
+- Use `bun` to run npm scripts
+- Use `bunx` to run executable npm packages
+
+### TypeScript Code Style Guide
+
+see @.cursor/rules/typescript.mdc
+
+### Testing
+
+- **Required Rule**: read `@.cursor/rules/testing-guide/testing-guide.mdc` before writing tests
+- **Command**:
+  - web: `bunx vitest run --silent='passed-only' '[file-path-pattern]'`
+  - packages(eg: database): `cd packages/database && bunx vitest run --silent='passed-only' '[file-path-pattern]'`
+
+**Important**:
+
+- wrap the file path in single quotes to avoid shell expansion
+- Never run `bun run test` etc to run tests, this will run all tests and cost about 10mins
+- If trying to fix the same test twice, but still failed, stop and ask for help.
+
+### Typecheck
+
+- use `bun run type-check` to check type errors.
+
+### i18n
+
+- **Keys**: Add to `src/locales/default/namespace.ts`
+- **Dev**: Translate `locales/zh-CN/namespace.json` and `locales/en-US/namespace.json` locales file only for dev preview
+- DON'T run `pnpm i18n`, let CI auto handle it
+
+## 🚨 Quality Checks
+
+**MANDATORY**: After completing code changes, always run `mcp__vscode-mcp__get_diagnostics` on the modified files to identify any errors introduced by your changes and fix them.
+
+## Rules Index
+
+Some useful project rules are listed in @.cursor/rules/rules-index.mdc

package/changelog/v1.json

@@ -1,4 +1,13 @@
 [
+  {
+    "children": {
+      "features": [
+        "Support better-auth."
+      ]
+    },
+    "date": "2025-11-27",
+    "version": "2.0.0-next.125"
+  },
   {
     "children": {
       "fixes": [