@lobehub/lobehub 2.0.0-next.145 → 2.0.0-next.147

package/packages/database/migrations/meta/_journal.json

@@ -392,6 +392,13 @@
       "when": 1764583392443,
       "tag": "0055_rename_phone_number_to_phone",
       "breakpoints": true
+    },
+    {
+      "idx": 56,
+      "version": "7",
+      "when": 1764685643024,
+      "tag": "0056_update_agent_slug_index",
+      "breakpoints": true
     }
   ],
   "version": "6"

package/packages/database/src/core/migrations.json

@@ -884,12 +884,12 @@
       "\nCREATE INDEX IF NOT EXISTS \"account_userId_idx\" ON \"accounts\" USING btree (\"user_id\");\n",
       "\nCREATE INDEX IF NOT EXISTS \"auth_session_userId_idx\" ON \"auth_sessions\" USING btree (\"user_id\");\n",
       "\nCREATE INDEX IF NOT EXISTS \"verification_identifier_idx\" ON \"verifications\" USING btree (\"identifier\");\n",
-      "\nDO $$\nBEGIN\n  IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'users_email_unique') THEN\n    UPDATE \"users\" SET \"email\" = NULL WHERE \"email\" = '';\n    ALTER TABLE \"users\" ADD CONSTRAINT \"users_email_unique\" UNIQUE (\"email\");\n  END IF;\nEND $$;\n",
+      "\nDO $$\nBEGIN\n  IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'users_email_unique') THEN\n    -- Normalize empty emails so the unique constraint can be created safely\n    UPDATE \"users\" SET \"email\" = NULL WHERE \"email\" = '';\n    ALTER TABLE \"users\" ADD CONSTRAINT \"users_email_unique\" UNIQUE (\"email\");\n  END IF;\nEND $$;\n",
       "\nDO $$\nBEGIN\n  IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'users_phone_number_unique') THEN\n    ALTER TABLE \"users\" ADD CONSTRAINT \"users_phone_number_unique\" UNIQUE (\"phone_number\");\n  END IF;\nEND $$;\n"
     ],
     "bps": true,
     "folderMillis": 1764579351312,
-    "hash": "22fb7a65764b1f3e3c1ae2ce95d448685e6a01d1fb2f8c3f925c655f0824c161"
+    "hash": "1d2536a9471bb87686b35053f98ba7762259a07c819dc4489bb4f3c7f27a4d8d"
   },
   {
     "sql": [
@@ -901,5 +901,14 @@
     "bps": true,
     "folderMillis": 1764583392443,
     "hash": "6a43d90ee1d2e1e008d1b8206f227aa05b9a2e2a8fc8c31ec608a3716c716a6c"
+  },
+  {
+    "sql": [
+      "ALTER TABLE \"agents\" DROP CONSTRAINT \"agents_slug_unique\";",
+      "\nCREATE UNIQUE INDEX IF NOT EXISTS \"agents_slug_user_id_unique\" ON \"agents\" USING btree (\"slug\",\"user_id\");\n"
+    ],
+    "bps": true,
+    "folderMillis": 1764685643024,
+    "hash": "6e7ac7f964eb03efa3cb0d2fd35ded23e25c3abf955c4c2a51418f8daef54af9"
   }
 ]

package/packages/database/src/models/session.ts

@@ -656,7 +656,8 @@ export class SessionModel {
       const results = await this.db.query.agents.findMany({
         limit: pageSize,
         offset,
-        orderBy: [desc(agents.updatedAt)],
+        // Keep deterministic ordering for keyword search results
+        orderBy: [asc(agents.id)],
         where: and(
           eq(agents.userId, this.userId),
           or(

package/packages/database/src/schemas/agent.ts

@@ -28,9 +28,7 @@ export const agents = pgTable(
       .primaryKey()
       .$defaultFn(() => idGenerator('agents'))
       .notNull(),
-    slug: varchar('slug', { length: 100 })
-      .$defaultFn(() => randomSlug(4))
-      .unique(),
+    slug: varchar('slug', { length: 100 }).$defaultFn(() => randomSlug(3)),
     title: varchar('title', { length: 255 }),
     description: varchar('description', { length: 1000 }),
     tags: jsonb('tags').$type<string[]>().default([]),
@@ -65,6 +63,7 @@ export const agents = pgTable(
   },
   (t) => [
     uniqueIndex('client_id_user_id_unique').on(t.clientId, t.userId),
+    uniqueIndex('agents_slug_user_id_unique').on(t.slug, t.userId),
     index('agents_title_idx').on(t.title),
     index('agents_description_idx').on(t.description),
   ],

package/packages/electron-client-ipc/src/events/system.ts

@@ -1,6 +1,4 @@
-import { ThemeAppearance } from 'antd-style';
-
-import { ElectronAppState, ThemeMode } from '../types';
+import { ElectronAppState, ThemeAppearance, ThemeMode } from '../types';
 
 export interface SystemDispatchEvents {
   checkSystemAccessibility: () => boolean | undefined;

package/packages/electron-client-ipc/src/types/system.ts

@@ -25,3 +25,4 @@ export interface UserPathData {
 }
 
 export type ThemeMode = 'auto' | 'dark' | 'light';
+export type ThemeAppearance = 'dark' | 'light' | string;

package/src/auth.ts

@@ -19,6 +19,8 @@ import { EmailService } from '@/server/services/email';
 const VERIFICATION_LINK_EXPIRES_IN = 3600;
 const MAGIC_LINK_EXPIRES_IN = 900;
 const enableMagicLink = authEnv.NEXT_PUBLIC_ENABLE_MAGIC_LINK;
+const APPLE_TRUSTED_ORIGIN = 'https://appleid.apple.com';
+const enabledSSOProviders = parseSSOProviders(authEnv.AUTH_SSO_PROVIDERS);
 
 const { socialProviders, genericOAuthProviders } = initBetterAuthSSOProviders();
 
@@ -56,7 +58,14 @@ const getTrustedOrigins = () => {
     normalizeOrigin(process.env.VERCEL_URL),
   ].filter(Boolean) as string[];
 
-  return defaults.length > 0 ? Array.from(new Set(defaults)) : undefined;
+  const baseTrustedOrigins = defaults.length > 0 ? Array.from(new Set(defaults)) : undefined;
+
+  if (!enabledSSOProviders.includes('apple')) return baseTrustedOrigins;
+
+  const mergedOrigins = new Set(baseTrustedOrigins || []);
+  mergedOrigins.add(APPLE_TRUSTED_ORIGIN);
+
+  return Array.from(mergedOrigins);
 };
 
 export const auth = betterAuth({
@@ -64,7 +73,7 @@ export const auth = betterAuth({
     accountLinking: {
       allowDifferentEmails: true,
       enabled: true,
-      trustedProviders: parseSSOProviders(authEnv.AUTH_SSO_PROVIDERS),
+      trustedProviders: enabledSSOProviders,
     },
   },
 

package/src/envs/auth.ts

@@ -69,6 +69,10 @@ declare global {
       AUTH_GOOGLE_ID?: string;
       AUTH_GOOGLE_SECRET?: string;
 
+      AUTH_APPLE_CLIENT_ID?: string;
+      AUTH_APPLE_CLIENT_SECRET?: string;
+      AUTH_APPLE_APP_BUNDLE_IDENTIFIER?: string;
+
       AUTH_GITHUB_ID?: string;
       AUTH_GITHUB_SECRET?: string;
 
@@ -184,6 +188,10 @@ export const getAuthConfig = () => {
       AUTH_GOOGLE_ID: z.string().optional(),
       AUTH_GOOGLE_SECRET: z.string().optional(),
 
+      AUTH_APPLE_CLIENT_ID: z.string().optional(),
+      AUTH_APPLE_CLIENT_SECRET: z.string().optional(),
+      AUTH_APPLE_APP_BUNDLE_IDENTIFIER: z.string().optional(),
+
       AUTH_GITHUB_ID: z.string().optional(),
       AUTH_GITHUB_SECRET: z.string().optional(),
 
@@ -301,6 +309,10 @@ export const getAuthConfig = () => {
       AUTH_GOOGLE_ID: process.env.AUTH_GOOGLE_ID,
       AUTH_GOOGLE_SECRET: process.env.AUTH_GOOGLE_SECRET,
 
+      AUTH_APPLE_CLIENT_ID: process.env.AUTH_APPLE_CLIENT_ID,
+      AUTH_APPLE_CLIENT_SECRET: process.env.AUTH_APPLE_CLIENT_SECRET,
+      AUTH_APPLE_APP_BUNDLE_IDENTIFIER: process.env.AUTH_APPLE_APP_BUNDLE_IDENTIFIER,
+
       AUTH_GITHUB_ID: process.env.AUTH_GITHUB_ID,
       AUTH_GITHUB_SECRET: process.env.AUTH_GITHUB_SECRET,
 

package/src/libs/better-auth/constants.ts

@@ -2,7 +2,13 @@
  * Canonical IDs of Better-Auth built-in social providers.
  * Keep this list in sync with provider definitions in `src/libs/better-auth/sso/providers`.
  */
-export const BUILTIN_BETTER_AUTH_PROVIDERS = ['google', 'github', 'cognito', 'microsoft'] as const;
+export const BUILTIN_BETTER_AUTH_PROVIDERS = [
+  'apple',
+  'google',
+  'github',
+  'cognito',
+  'microsoft',
+] as const;
 
 /**
  * Provider alias → canonical ID mapping.

package/src/libs/better-auth/sso/index.ts

@@ -5,6 +5,7 @@ import { authEnv } from '@/envs/auth';
 import { BUILTIN_BETTER_AUTH_PROVIDERS } from '@/libs/better-auth/constants';
 import { parseSSOProviders } from '@/libs/better-auth/utils/server';
 
+import Apple from './providers/apple';
 import Auth0 from './providers/auth0';
 import Authelia from './providers/authelia';
 import Authentik from './providers/authentik';
@@ -23,6 +24,7 @@ import Wechat from './providers/wechat';
 import Zitadel from './providers/zitadel';
 
 const providerDefinitions = [
+  Apple,
   Google,
   Github,
   Cognito,

package/src/libs/better-auth/sso/providers/apple.ts

@@ -0,0 +1,33 @@
+import { authEnv } from '@/envs/auth';
+
+import type { BuiltinProviderDefinition } from '../types';
+
+const provider: BuiltinProviderDefinition<
+  {
+    AUTH_APPLE_APP_BUNDLE_IDENTIFIER?: string;
+    AUTH_APPLE_CLIENT_ID: string;
+    AUTH_APPLE_CLIENT_SECRET: string;
+  },
+  'apple'
+> = {
+  build: (env) => {
+    return {
+      appBundleIdentifier: env.AUTH_APPLE_APP_BUNDLE_IDENTIFIER,
+      clientId: env.AUTH_APPLE_CLIENT_ID,
+      clientSecret: env.AUTH_APPLE_CLIENT_SECRET,
+    };
+  },
+  checkEnvs: () => {
+    return !!(authEnv.AUTH_APPLE_CLIENT_ID && authEnv.AUTH_APPLE_CLIENT_SECRET)
+      ? {
+          AUTH_APPLE_APP_BUNDLE_IDENTIFIER: authEnv.AUTH_APPLE_APP_BUNDLE_IDENTIFIER,
+          AUTH_APPLE_CLIENT_ID: authEnv.AUTH_APPLE_CLIENT_ID,
+          AUTH_APPLE_CLIENT_SECRET: authEnv.AUTH_APPLE_CLIENT_SECRET,
+        }
+      : false;
+  },
+  id: 'apple',
+  type: 'builtin',
+};
+
+export default provider;

package/src/libs/mcp/__tests__/__snapshots__/index.test.ts.snap

@@ -4,6 +4,9 @@ exports[`MCPClient > Stdio Transport > should list tools via stdio 1`] = `
 [
   {
     "description": "Echoes back a message with 'Hello' prefix",
+    "execution": {
+      "taskSupport": "forbidden",
+    },
     "inputSchema": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "additionalProperties": false,
@@ -22,6 +25,9 @@ exports[`MCPClient > Stdio Transport > should list tools via stdio 1`] = `
   },
   {
     "description": "Lists all available tools and methods",
+    "execution": {
+      "taskSupport": "forbidden",
+    },
     "inputSchema": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "properties": {},
@@ -31,6 +37,9 @@ exports[`MCPClient > Stdio Transport > should list tools via stdio 1`] = `
   },
   {
     "description": "Adds two numbers",
+    "execution": {
+      "taskSupport": "forbidden",
+    },
     "inputSchema": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "additionalProperties": false,