@lobehub/lobehub 2.0.0-next.344 → 2.0.0-next.346

package/scripts/_shared/checkDeprecatedClerkEnv.js

@@ -0,0 +1,42 @@
+/**
+ * Shared utility to check for deprecated Clerk environment variables.
+ * Used by both prebuild.mts (build time) and startServer.js (Docker runtime).
+ *
+ * IMPORTANT: Keep this file as CommonJS (.js) for compatibility with startServer.js
+ */
+
+const CLERK_MIGRATION_DOC_URL =
+  'https://lobehub.com/docs/self-hosting/advanced/auth/clerk-to-betterauth';
+
+const CLERK_ENV_VARS = [
+  'NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY',
+  'CLERK_SECRET_KEY',
+  'CLERK_WEBHOOK_SECRET',
+];
+
+/**
+ * Check for deprecated Clerk environment variables and exit if found
+ * @param {object} options
+ * @param {string} [options.action='redeploy'] - Action hint in error message ('redeploy' or 'restart')
+ */
+function checkDeprecatedClerkEnv(options = {}) {
+  const { action = 'redeploy' } = options;
+  const foundClerkEnvVars = CLERK_ENV_VARS.filter((envVar) => process.env[envVar]);
+
+  if (foundClerkEnvVars.length > 0) {
+    console.error('\n' + '═'.repeat(70));
+    console.error('❌ ERROR: Clerk authentication is no longer supported!');
+    console.error('═'.repeat(70));
+    console.error('\nDetected deprecated Clerk environment variables:');
+    for (const envVar of foundClerkEnvVars) {
+      console.error(`  • ${envVar}`);
+    }
+    console.error('\nClerk has been removed from LobeChat. Please migrate to Better Auth.');
+    console.error(`\n📖 Migration guide: ${CLERK_MIGRATION_DOC_URL}`);
+    console.error(`\nAfter migration, remove the Clerk environment variables and ${action}.`);
+    console.error('═'.repeat(70) + '\n');
+    process.exit(1);
+  }
+}
+
+module.exports = { checkDeprecatedClerkEnv };

package/scripts/changelogWorkflow/buildStaticChangelog.ts

@@ -1,10 +1,11 @@
 import { consola } from 'consola';
 import { readJsonSync, writeJSONSync } from 'fs-extra';
-import { markdownToTxt } from 'markdown-to-txt';
 import { existsSync, readFileSync } from 'node:fs';
 import { resolve } from 'node:path';
 import semver from 'semver';
 
+import { markdownToTxt } from '@/utils/markdownToTxt';
+
 import { CHANGELOG_DIR, CHANGELOG_FILE } from './const';
 
 export interface ChangelogStaticItem {

package/scripts/clerk-to-betterauth/_internal/types.ts

@@ -1,5 +1,3 @@
-import type { ExternalAccountJSON, UserJSON } from '@clerk/backend';
-
 export type ClerkToBetterAuthMode = 'test' | 'prod';
 export type DatabaseDriver = 'neon' | 'node';
 
@@ -19,27 +17,62 @@ export type CSVUserRow = {
   verified_phone_numbers: string;
 };
 
-export type ClerkExternalAccount = Pick<
-  ExternalAccountJSON,
-  'id' | 'provider' | 'provider_user_id' | 'approved_scopes'
-> & {
+// Clerk API response types (no SDK dependency)
+export interface ClerkApiExternalAccount {
+  approved_scopes: string;
+  created_at?: number;
+  id: string;
+  provider: string;
+  provider_user_id: string;
+  updated_at?: number;
+  verification?: { status: string };
+}
+
+export interface ClerkApiEmailAddress {
+  email_address: string;
+  id: string;
+}
+
+export interface ClerkApiUser {
+  banned: boolean;
+  created_at: number;
+  email_addresses?: ClerkApiEmailAddress[];
+  external_accounts?: ClerkApiExternalAccount[];
+  id: string;
+  image_url: string;
+  lockout_expires_in_seconds: number | null;
+  password_enabled: boolean;
+  password_last_updated_at: number | null;
+  primary_email_address_id: string | null;
+  two_factor_enabled: boolean;
+  updated_at: number;
+}
+
+export interface ClerkApiUserListResponse {
+  data: ClerkApiUser[];
+  total_count: number;
+}
+
+export interface ClerkExternalAccount {
+  approved_scopes: string;
   created_at?: number;
+  id: string;
+  provider: string;
+  provider_user_id: string;
   updated_at?: number;
   verificationStatus?: boolean;
-};
+}
 
-export type ClerkUser = Pick<
-  UserJSON,
-  | 'id'
-  | 'image_url'
-  | 'created_at'
-  | 'updated_at'
-  | 'password_last_updated_at'
-  | 'password_enabled'
-  | 'banned'
-  | 'two_factor_enabled'
-  | 'lockout_expires_in_seconds'
-> & {
+export interface ClerkUser {
+  banned: boolean;
+  created_at: number;
   external_accounts: ClerkExternalAccount[];
+  id: string;
+  image_url: string;
+  lockout_expires_in_seconds: number | null;
+  password_enabled: boolean;
+  password_last_updated_at: number | null;
   primaryEmail?: string;
-};
+  two_factor_enabled: boolean;
+  updated_at: number;
+}

package/scripts/clerk-to-betterauth/export-clerk-users-with-api.ts

@@ -1,10 +1,9 @@
 /* eslint-disable unicorn/prefer-top-level-await, unicorn/no-process-exit */
-import { type User, createClerkClient } from '@clerk/backend';
 import { writeFile } from 'node:fs/promises';
 
 import { getClerkSecret, getMigrationMode, resolveDataPaths } from './_internal/config';
 import './_internal/env';
-import { ClerkUser } from './_internal/types';
+import { ClerkApiUser, ClerkUser } from './_internal/types';
 
 /**
  * Fetch all Clerk users via REST API and persist them into a local JSON file.
@@ -24,50 +23,58 @@ const ORDER_BY = '+created_at';
 const DEFAULT_OUTPUT_PATH = resolveDataPaths().clerkUsersPath;
 const formatDuration = (ms: number) => `${(ms / 1000).toFixed(1)}s`;
 
+const CLERK_API_BASE = 'https://api.clerk.com/v1';
+
 const sleep = (ms: number) =>
   new Promise<void>((resolve) => {
     setTimeout(resolve, ms);
   });
 
-function getClerkClient(secretKey: string) {
-  return createClerkClient({
-    secretKey,
+async function fetchClerkApi<T>(secretKey: string, endpoint: string): Promise<T> {
+  const response = await fetch(`${CLERK_API_BASE}${endpoint}`, {
+    headers: {
+      Authorization: `Bearer ${secretKey}`,
+    },
   });
-}
 
-function mapClerkUser(user: User): ClerkUser {
-  const raw = user.raw!;
+  if (!response.ok) {
+    throw new Error(`Clerk API error: ${response.status} ${response.statusText}`);
+  }
+
+  return response.json() as Promise<T>;
+}
 
-  const primaryEmail = raw.email_addresses?.find(
-    (email) => email.id === raw.primary_email_address_id,
+function mapClerkUser(user: ClerkApiUser): ClerkUser {
+  const primaryEmail = user.email_addresses?.find(
+    (email) => email.id === user.primary_email_address_id,
   )?.email_address;
 
   return {
-    banned: raw.banned,
-    created_at: raw.created_at,
-    external_accounts: (raw.external_accounts ?? []).map((acc) => ({
+    banned: user.banned,
+    created_at: user.created_at,
+    external_accounts: (user.external_accounts ?? []).map((acc) => ({
       approved_scopes: acc.approved_scopes,
-      created_at: (acc as any).created_at,
+      created_at: acc.created_at,
       id: acc.id,
       provider: acc.provider,
       provider_user_id: acc.provider_user_id,
-      updated_at: (acc as any).updated_at,
+      updated_at: acc.updated_at,
       verificationStatus: acc.verification?.status === 'verified',
     })),
-    id: raw.id,
-    image_url: raw.image_url,
-    lockout_expires_in_seconds: raw.lockout_expires_in_seconds,
-    password_enabled: raw.password_enabled,
-    password_last_updated_at: raw.password_last_updated_at,
+    id: user.id,
+    image_url: user.image_url,
+    lockout_expires_in_seconds: user.lockout_expires_in_seconds,
+    password_enabled: user.password_enabled,
+    password_last_updated_at: user.password_last_updated_at,
     primaryEmail,
-    two_factor_enabled: raw.two_factor_enabled,
-    updated_at: raw.updated_at,
+    two_factor_enabled: user.two_factor_enabled,
+    updated_at: user.updated_at,
   } satisfies ClerkUser;
 }
 
 async function fetchClerkUserPage(
   offset: number,
-  clerkClient: ReturnType<typeof getClerkClient>,
+  secretKey: string,
   pageIndex: number,
 ): Promise<ClerkUser[]> {
   for (let attempt = 1; attempt <= MAX_RETRIES; attempt += 1) {
@@ -76,12 +83,14 @@ async function fetchClerkUserPage(
         `🚚 [clerk-export] Fetching page #${pageIndex + 1} offset=${offset} limit=${PAGE_SIZE} (attempt ${attempt}/${MAX_RETRIES})`,
       );
 
-      const { data } = await clerkClient.users.getUserList({
-        limit: PAGE_SIZE,
-        offset,
-        orderBy: ORDER_BY,
+      const params = new URLSearchParams({
+        limit: String(PAGE_SIZE),
+        offset: String(offset),
+        order_by: ORDER_BY,
       });
 
+      const data = await fetchClerkApi<ClerkApiUser[]>(secretKey, `/users?${params}`);
+
       console.log(
         `📥 [clerk-export] Received page #${pageIndex + 1} (${data.length} users) offset=${offset}`,
       );
@@ -138,16 +147,14 @@ async function runWithConcurrency<T>(
 }
 
 async function fetchAllClerkUsers(secretKey: string): Promise<ClerkUser[]> {
-  const clerkClient = getClerkClient(secretKey);
   const userMap = new Map<string, ClerkUser>();
 
-  const firstPageResponse = await clerkClient.users.getUserList({
-    limit: PAGE_SIZE,
-    offset: 0,
-    orderBy: ORDER_BY,
-  });
-
-  const totalCount = firstPageResponse.totalCount ?? firstPageResponse.data.length;
+  // Get total count first
+  const countResponse = await fetchClerkApi<{ total_count: number }>(
+    secretKey,
+    '/users/count',
+  );
+  const totalCount = countResponse.total_count;
   const totalPages = Math.ceil(totalCount / PAGE_SIZE);
   const offsets = Array.from({ length: totalPages }, (_, pageIndex) => pageIndex * PAGE_SIZE);
 
@@ -156,7 +163,7 @@ async function fetchAllClerkUsers(secretKey: string): Promise<ClerkUser[]> {
   );
 
   await runWithConcurrency(offsets, CONCURRENCY, async (offset, index) => {
-    const page = await fetchClerkUserPage(offset, clerkClient, index);
+    const page = await fetchClerkUserPage(offset, secretKey, index);
 
     for (const user of page) {
       userMap.set(user.id, user);

package/scripts/countEnWord.ts

@@ -4,7 +4,7 @@ import path from 'node:path';
 // 配置项
 const config: Config = {
   dirPath: './locales/en-US', // 替换为你的目录路径
-  ignoredFiles: ['clerk', 'models', 'providers', 'auth'], // 需要忽略的文件名
+  ignoredFiles: ['models', 'providers', 'auth'], // 需要忽略的文件名
 };
 
 interface FileCount {

package/scripts/electronWorkflow/modifiers/appCode.mts

@@ -138,124 +138,6 @@ const assertSpeedInsightsAndAnalyticsRemoved = (code: string) =>
   !/import\s+\{\s*SpeedInsights\s*\}\s+from\b/.test(code) &&
   !/import\s+Analytics\s+from\b/.test(code);
 
-const removeClerkLogic = (code: string) => {
-  const ast = parse(Lang.Tsx, code);
-  const root = ast.root();
-  const edits: Array<{ start: number; end: number; text: string }> = [];
-
-  // Remove Clerk import - try multiple patterns
-  const clerkImportPatterns = [
-    { pattern: 'import Clerk from $SOURCE' },
-    { pattern: "import Clerk from './Clerk'" },
-    { pattern: "import Clerk from './Clerk/index'" },
-  ];
-
-  for (const pattern of clerkImportPatterns) {
-    const clerkImport = root.find({
-      rule: pattern,
-    });
-    if (clerkImport) {
-      const range = clerkImport.range();
-      edits.push({ start: range.start.index, end: range.end.index, text: '' });
-      break;
-    }
-  }
-
-  const findClerkIfStatement = () => {
-    const directMatch = root.find({
-      rule: {
-        pattern: 'if (authEnv.NEXT_PUBLIC_ENABLE_CLERK_AUTH) { $$$ }',
-      },
-    });
-
-    if (directMatch) return directMatch;
-
-    const allIfStatements = root.findAll({
-      rule: {
-        kind: 'if_statement',
-      },
-    });
-
-    for (const ifStmt of allIfStatements) {
-      const condition = ifStmt.find({
-        rule: {
-          pattern: 'authEnv.NEXT_PUBLIC_ENABLE_CLERK_AUTH',
-        },
-      });
-
-      if (condition) return ifStmt;
-    }
-
-    return null;
-  };
-
-  const clerkIfStatement = findClerkIfStatement();
-
-  if (clerkIfStatement) {
-    const ifRange = clerkIfStatement.range();
-    const elseClause = clerkIfStatement.find({
-      rule: {
-        kind: 'else_clause',
-      },
-    });
-
-    if (elseClause) {
-      const elseIfStmt = elseClause.find({
-        rule: {
-          kind: 'if_statement',
-        },
-      });
-
-      if (elseIfStmt) {
-        // Promote the first else-if to a top-level if and keep the rest of the chain
-        const elseRange = elseClause.range();
-        const replacement = code
-          .slice(elseRange.start.index, elseRange.end.index)
-          .replace(/^\s*else\s+/, '');
-
-        edits.push({
-          start: ifRange.start.index,
-          end: ifRange.end.index,
-          text: replacement,
-        });
-      } else {
-        const elseBlock = elseClause.find({
-          rule: {
-            kind: 'statement_block',
-          },
-        });
-
-        if (elseBlock) {
-          edits.push({
-            start: ifRange.start.index,
-            end: ifRange.end.index,
-            text: code.slice(elseBlock.range().start.index, elseBlock.range().end.index),
-          });
-        } else {
-          edits.push({ start: ifRange.start.index, end: ifRange.end.index, text: '' });
-        }
-      }
-    } else {
-      edits.push({ start: ifRange.start.index, end: ifRange.end.index, text: '' });
-    }
-  }
-
-  // Apply edits
-  if (edits.length === 0) return code;
-
-  edits.sort((a, b) => b.start - a.start);
-  let result = code;
-  for (const edit of edits) {
-    result = result.slice(0, edit.start) + edit.text + result.slice(edit.end);
-  }
-
-  return result;
-};
-
-const assertClerkLogicRemoved = (code: string) =>
-  !/\bNEXT_PUBLIC_ENABLE_CLERK_AUTH\b/.test(code) &&
-  !/\bauthEnv\.NEXT_PUBLIC_ENABLE_CLERK_AUTH\b/.test(code);
-
 const removeManifestFromMetadata = (code: string) => {
   const ast = parse(Lang.Tsx, code);
   const root = ast.root();
@@ -387,17 +269,7 @@ export const modifyAppCode = async (TEMP_DIR: string) => {
     assertAfter: assertSpeedInsightsAndAnalyticsRemoved,
   });
 
-  // 6. Remove Clerk logic from src/layout/AuthProvider/index.tsx
-  const authProviderPath = path.join(TEMP_DIR, 'src/layout/AuthProvider/index.tsx');
-  console.log('  Processing src/layout/AuthProvider/index.tsx...');
-  await updateFile({
-    filePath: authProviderPath,
-    name: 'modifyAppCode:removeClerkLogic',
-    transformer: removeClerkLogic,
-    assertAfter: assertClerkLogicRemoved,
-  });
-
-  // 7. Replace mdx Image component with next/image export
+  // 6. Replace mdx Image component with next/image export
   const mdxImagePath = path.join(TEMP_DIR, 'src/components/mdx/Image.tsx');
   console.log('  Processing src/components/mdx/Image.tsx...');
   await writeFileEnsuring({
@@ -407,7 +279,7 @@ export const modifyAppCode = async (TEMP_DIR: string) => {
     assertAfter: (code) => normalizeEol(code).trim() === "export { default } from 'next/image';",
   });
 
-  // 8. Remove manifest from metadata
+  // 7. Remove manifest from metadata
   const metadataPath = path.join(TEMP_DIR, 'src/app/[variants]/metadata.ts');
   console.log('  Processing src/app/[variants]/metadata.ts...');
   await updateFile({
@@ -424,7 +296,6 @@ if (isDirectRun(import.meta.url)) {
     { lang: Lang.Tsx, path: 'src/layout/GlobalProvider/index.tsx' },
     { lang: Lang.Tsx, path: 'src/app/[variants]/(main)/settings/features/SettingsContent.tsx' },
     { lang: Lang.Tsx, path: 'src/app/[variants]/layout.tsx' },
-    { lang: Lang.Tsx, path: 'src/layout/AuthProvider/index.tsx' },
     { lang: Lang.Tsx, path: 'src/components/mdx/Image.tsx' },
     { lang: Lang.Tsx, path: 'src/app/[variants]/metadata.ts' },
   ]);

package/scripts/i18nWorkflow/protectedPatterns.ts

@@ -11,7 +11,6 @@
  * Files to ignore at file level (won't be scanned at all)
  */
 export const IGNORED_FILES = [
-  'clerk.ts', // Clerk third-party library translations
   'providers.ts', // Dynamically generated from DEFAULT_MODEL_PROVIDER_LIST
   'models.ts', // Dynamically generated from LOBE_DEFAULT_MODEL_LIST
   'auth.ts', // Auth-related dynamic keys
@@ -77,7 +76,7 @@ export const PROTECTED_KEY_PATTERNS = [
  * How to use:
  *
  * 1. IGNORED_FILES - Files to completely skip during analysis:
- *    Add filename with .ts extension (e.g., 'clerk.ts')
+ *    Add filename with .ts extension (e.g., 'auth.ts')
  *    These files won't be scanned at all
  *
  * 2. PROTECTED_KEY_PATTERNS - Namespace/patterns to protect:

package/scripts/prebuild.mts

@@ -1,4 +1,5 @@
 import { execSync } from 'node:child_process';
+import { createRequire } from 'node:module';
 import * as dotenv from 'dotenv';
 import dotenvExpand from 'dotenv-expand';
 import { existsSync } from 'node:fs';
@@ -6,6 +7,10 @@ import { rm } from 'node:fs/promises';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 
+// Use createRequire for CommonJS module compatibility
+const require = createRequire(import.meta.url);
+const { checkDeprecatedClerkEnv } = require('./_shared/checkDeprecatedClerkEnv.js');
+
 const isDesktop = process.env.NEXT_PUBLIC_IS_DESKTOP_APP === '1';
 const isBundleAnalyzer = process.env.ANALYZE === 'true' && process.env.CI === 'true';
 
@@ -17,13 +22,9 @@ if (isDesktop) {
 }
 
 // Auth flags - use process.env directly for build-time dead code elimination
-const enableClerk =
-  process.env.NEXT_PUBLIC_ENABLE_CLERK_AUTH === '1'
-    ? true
-    : !!process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY;
-const enableBetterAuth = process.env.NEXT_PUBLIC_ENABLE_BETTER_AUTH === '1';
+// Better Auth is the default auth solution when NextAuth is not explicitly enabled
 const enableNextAuth = process.env.NEXT_PUBLIC_ENABLE_NEXT_AUTH === '1';
-const enableAuth = enableClerk || enableBetterAuth || enableNextAuth || false;
+const enableBetterAuth = !enableNextAuth;
 
 const getCommandVersion = (command: string): string | null => {
   try {
@@ -62,10 +63,8 @@ const printEnvInfo = () => {
 
   // Auth flags
   console.log('\n  Auth Flags:');
-  console.log(`    enableClerk: ${enableClerk}`);
   console.log(`    enableBetterAuth: ${enableBetterAuth}`);
   console.log(`    enableNextAuth: ${enableNextAuth}`);
-  console.log(`    enableAuth: ${enableAuth}`);
 
   console.log('─'.repeat(50));
 };
@@ -161,6 +160,9 @@ export const runPrebuild = async (targetDir: string = 'src') => {
 const isMainModule = process.argv[1] === fileURLToPath(import.meta.url);
 
 if (isMainModule) {
+  // Check for deprecated Clerk env vars first - fail fast if found
+  checkDeprecatedClerkEnv();
+
   printEnvInfo();
   // 执行删除操作
   console.log('\nStarting prebuild cleanup...');

package/scripts/serverLauncher/startServer.js

@@ -1,6 +1,17 @@
 const dns = require('node:dns').promises;
 const fs = require('node:fs').promises;
+const path = require('node:path');
 const { spawn } = require('node:child_process');
+const { existsSync } = require('node:fs');
+
+// Resolve shared module path for both local dev and Docker environments
+// Local: scripts/serverLauncher/startServer.js -> scripts/_shared/...
+// Docker: /app/startServer.js -> /app/scripts/_shared/...
+const localPath = path.join(__dirname, '..', '_shared', 'checkDeprecatedClerkEnv.js');
+const dockerPath = '/app/scripts/_shared/checkDeprecatedClerkEnv.js';
+const sharedModulePath = existsSync(localPath) ? localPath : dockerPath;
+
+const { checkDeprecatedClerkEnv } = require(sharedModulePath);
 
 // Set file paths
 const DB_MIGRATION_SCRIPT_PATH = '/app/docker.cjs';
@@ -9,8 +20,7 @@ const PROXYCHAINS_CONF_PATH = '/etc/proxychains4.conf';
 
 // Function to check if a string is a valid IP address
 const isValidIP = (ip, version = 4) => {
-  const ipv4Regex =
-    /^(25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3}$/;
+  const ipv4Regex = /^(25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3}$/;
   const ipv6Regex =
     /^(([\da-f]{1,4}:){7}[\da-f]{1,4}|([\da-f]{1,4}:){1,7}:|([\da-f]{1,4}:){1,6}:[\da-f]{1,4}|([\da-f]{1,4}:){1,5}(:[\da-f]{1,4}){1,2}|([\da-f]{1,4}:){1,4}(:[\da-f]{1,4}){1,3}|([\da-f]{1,4}:){1,3}(:[\da-f]{1,4}){1,4}|([\da-f]{1,4}:){1,2}(:[\da-f]{1,4}){1,5}|[\da-f]{1,4}:((:[\da-f]{1,4}){1,6})|:((:[\da-f]{1,4}){1,7}|:)|fe80:(:[\da-f]{0,4}){0,4}%[\da-z]+|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}\d){0,1}\d)\.){3}(25[0-5]|(2[0-4]|1{0,1}\d){0,1}\d)|([\da-f]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}\d){0,1}\d)\.){3}(25[0-5]|(2[0-4]|1{0,1}\d){0,1}\d))$/;
 
@@ -74,10 +84,13 @@ const runProxyChainsConfGenerator = async (url) => {
 
   let ip = isValidIP(host, 4) ? host : await resolveHostIP(host, 4);
 
-  const proxyDNSConfig = process.env.ENABLE_PROXY_DNS === '1' ? `
+  const proxyDNSConfig =
+    process.env.ENABLE_PROXY_DNS === '1'
+      ? `
 proxy_dns
 remote_dns_subnet 224
-`.trim() : '';
+`.trim()
+      : '';
 
   const configContent = `
 localnet 127.0.0.0/8
@@ -91,7 +104,9 @@ tcp_connect_time_out 8000
 tcp_read_time_out 15000
 [ProxyList]
 ${protocol} ${ip} ${port} ${user} ${pass}
-`.replace(/\n{2,}/g, '\n').trim();
+`
+    .replaceAll(/\n{2,}/g, '\n')
+    .trim();
 
   await fs.writeFile(PROXYCHAINS_CONF_PATH, configContent);
   console.log(`✅ ProxyChains: All outgoing traffic routed via ${url}.`);
@@ -124,6 +139,9 @@ const runServer = async () => {
 
 // Main execution block
 (async () => {
+  // Check for deprecated Clerk env vars first - fail fast if found
+  checkDeprecatedClerkEnv({ action: 'restart' });
+
   console.log('🌐 DNS Server:', dns.getServers());
   console.log('-------------------------------------');
 

package/src/app/(backend)/middleware/auth/index.test.ts

@@ -8,10 +8,6 @@ import { createErrorResponse } from '@/utils/errorResponse';
 import { RequestHandler, checkAuth } from './index';
 import { checkAuthMethod } from './utils';
 
-vi.mock('@clerk/nextjs/server', () => ({
-  getAuth: vi.fn(),
-}));
-
 vi.mock('@/utils/errorResponse', () => ({
   createErrorResponse: vi.fn(),
 }));
@@ -24,6 +20,14 @@ vi.mock('@lobechat/utils/server', () => ({
   getXorPayload: vi.fn(),
 }));
 
+vi.mock('@/envs/auth', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('@/envs/auth')>();
+  return {
+    ...actual,
+    enableBetterAuth: false,
+  };
+});
+
 describe('checkAuth', () => {
   const mockHandler: RequestHandler = vi.fn();
   const mockRequest = new Request('https://example.com');

package/src/app/(backend)/middleware/auth/index.ts

@@ -1,4 +1,3 @@
-import { type AuthObject } from '@clerk/backend';
 import {
   AgentRuntimeError,
   type ChatCompletionErrorPayload,
@@ -6,7 +5,6 @@ import {
 } from '@lobechat/model-runtime';
 import { ChatErrorType, type ClientSecretPayload } from '@lobechat/types';
 import { getXorPayload } from '@lobechat/utils/server';
-import { type NextRequest } from 'next/server';
 
 import { getServerDB } from '@/database/core/db-adaptor';
 import { type LobeChatDatabase } from '@/database/type';
@@ -15,9 +13,7 @@ import {
   LOBE_CHAT_OIDC_AUTH_HEADER,
   OAUTH_AUTHORIZED,
   enableBetterAuth,
-  enableClerk,
 } from '@/envs/auth';
-import { ClerkAuth } from '@/libs/clerk-auth';
 import { validateOIDCJWT } from '@/libs/oidc-provider/jwt';
 import { createErrorResponse } from '@/utils/errorResponse';
 
@@ -77,16 +73,6 @@ export const checkAuth =
 
       if (!authorization) throw AgentRuntimeError.createError(ChatErrorType.Unauthorized);
 
-      // check the Auth With payload and clerk auth
-      let clerkAuth = {} as AuthObject;
-
-      // TODO: V2 完整移除 client 模式下的 clerk 集成代码
-      if (enableClerk) {
-        const auth = new ClerkAuth();
-        const data = auth.getAuthFromRequest(req as NextRequest);
-        clerkAuth = data.clerkAuth;
-      }
-
       jwtPayload = getXorPayload(authorization);
 
       const oidcAuthorization = req.headers.get(LOBE_CHAT_OIDC_AUTH_HEADER);
@@ -106,7 +92,6 @@ export const checkAuth =
         checkAuthMethod({
           apiKey: jwtPayload.apiKey,
           betterAuthAuthorized,
-          clerkAuth,
           nextAuthAuthorized: oauthAuthorized,
         });
     } catch (e) {