From ca2186189ea64336c446a7ca5cb6ae0298171031 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Thu, 11 Jul 2024 14:43:50 +0800
Subject: [PATCH 001/135] refactor: fix experience branding fallback

---
 .../src/Providers/AppBoundary/AppMeta.tsx     |   3 +-
 .../src/tests/experience/overrides.test.ts    | 199 +++++++++++-------
 .../src/ui-helpers/expect-experience.ts       |  12 ++
 3 files changed, 141 insertions(+), 73 deletions(-)

diff --git a/packages/experience/src/Providers/AppBoundary/AppMeta.tsx b/packages/experience/src/Providers/AppBoundary/AppMeta.tsx
index 20da833774e7..10aca13e0c0a 100644
--- a/packages/experience/src/Providers/AppBoundary/AppMeta.tsx
+++ b/packages/experience/src/Providers/AppBoundary/AppMeta.tsx
@@ -33,7 +33,8 @@ const themeToFavicon = Object.freeze({
 
 const AppMeta = () => {
   const { experienceSettings, theme, platform, isPreview } = useContext(PageContext);
-  const favicon = experienceSettings?.branding[themeToFavicon[theme]];
+  const favicon =
+    experienceSettings?.branding[themeToFavicon[theme]] ?? experienceSettings?.branding.favicon;
 
   return (
     <Helmet>
diff --git a/packages/integration-tests/src/tests/experience/overrides.test.ts b/packages/integration-tests/src/tests/experience/overrides.test.ts
index 16d62c69ae4e..67d4790b465f 100644
--- a/packages/integration-tests/src/tests/experience/overrides.test.ts
+++ b/packages/integration-tests/src/tests/experience/overrides.test.ts
@@ -3,7 +3,8 @@
  */
 
 import { ConnectorType } from '@logto/connector-kit';
-import { ApplicationType, SignInIdentifier } from '@logto/schemas';
+import { ApplicationType, type Branding, type Color, SignInIdentifier } from '@logto/schemas';
+import { pick } from '@silverhand/essentials';
 
 import { setApplicationSignInExperience } from '#src/api/application-sign-in-experience.js';
 import { createApplication, deleteApplication } from '#src/api/application.js';
@@ -13,14 +14,37 @@ import { clearConnectorsByTypes } from '#src/helpers/connector.js';
 import { OrganizationApiTest } from '#src/helpers/organization.js';
 import ExpectExperience from '#src/ui-helpers/expect-experience.js';
 
-describe('override', () => {
+describe('overrides', () => {
   const organizationApi = new OrganizationApiTest();
-  const logoUrl = 'mock://fake-url-for-omni/logo.png';
-  const darkLogoUrl = 'mock://fake-url-for-omni/dark-logo.png';
-  const primaryColor = '#000';
-  const darkPrimaryColor = '#fff';
-  const favicon = 'mock://fake-url-for-omni/favicon.ico';
-  const darkFavicon = 'mock://fake-url-for-omni/dark-favicon.ico';
+
+  const omniColor = Object.freeze({
+    primaryColor: '#f00',
+    darkPrimaryColor: '#0f0',
+    isDarkModeEnabled: true,
+  } satisfies Color);
+  const omniBranding = Object.freeze({
+    logoUrl: 'mock://fake-url-for-omni/logo.png',
+    darkLogoUrl: 'mock://fake-url-for-omni/dark-logo.png',
+    favicon: 'mock://fake-url-for-omni/favicon.ico',
+    darkFavicon: 'mock://fake-url-for-omni/dark-favicon.ico',
+  } satisfies Branding);
+
+  const appColor = Object.freeze({
+    primaryColor: '#00f',
+    darkPrimaryColor: '#f0f',
+    isDarkModeEnabled: true,
+  } satisfies Color);
+  const appBranding = Object.freeze({
+    logoUrl: 'mock://fake-url-for-app/logo.png',
+    darkLogoUrl: 'mock://fake-url-for-app/dark-logo.png',
+    favicon: 'mock://fake-url-for-app/favicon.ico',
+    darkFavicon: 'mock://fake-url-for-app/dark-favicon.ico',
+  } satisfies Branding);
+
+  const organizationBranding = Object.freeze({
+    logoUrl: 'mock://fake-url-for-org/logo.png',
+    darkLogoUrl: 'mock://fake-url-for-org/dark-logo.png',
+  } satisfies Branding);
 
   afterEach(async () => {
     await organizationApi.cleanUp();
@@ -31,8 +55,8 @@ describe('override', () => {
     await updateSignInExperience({
       termsOfUseUrl: null,
       privacyPolicyUrl: null,
-      color: { primaryColor, darkPrimaryColor, isDarkModeEnabled: true },
-      branding: { logoUrl, darkLogoUrl, favicon, darkFavicon },
+      color: omniColor,
+      branding: omniBranding,
       signUp: { identifiers: [], password: true, verify: false },
       signIn: {
         methods: [
@@ -52,57 +76,39 @@ describe('override', () => {
     await experience.page.emulateMediaFeatures([{ name: 'prefers-color-scheme', value: 'dark' }]);
     await experience.navigateTo(demoAppUrl.href);
     await experience.toMatchElement('body[class$="dark"]');
-    await experience.toMatchElement(`img[src="${darkLogoUrl}"]`);
+    await experience.toMatchElement(`img[src="${omniBranding.darkLogoUrl}"]`);
 
     const button = await experience.toMatchElement('button[name="submit"]');
     expect(
       await button.evaluate((element) => window.getComputedStyle(element).backgroundColor)
-    ).toBe('rgb(255, 255, 255)');
+    ).toBe('rgb(0, 255, 0)');
 
-    const foundFavicon = await experience.page.evaluate(() => {
-      return document.querySelector('link[rel="shortcut icon"]')?.getAttribute('href');
-    });
-    expect(foundFavicon).toBe(darkFavicon);
+    const { favicon: faviconElement, appleFavicon } = await experience.findFaviconUrls();
+    expect(faviconElement).toBe(omniBranding.darkFavicon);
+    expect(appleFavicon).toBe(omniBranding.darkFavicon);
 
-    const faviconAppleTouch = await experience.page.evaluate(() => {
-      return document.querySelector('link[rel="apple-touch-icon"]')?.getAttribute('href');
-    });
-    expect(faviconAppleTouch).toBe(darkFavicon);
     await experience.page.close();
   });
 
-  it('should show the overridden organization logos and favicons', async () => {
-    const logoUrl = 'mock://fake-url-for-organization/logo.png';
-    const darkLogoUrl = 'mock://fake-url-for-organization/dark-logo.png';
-
+  it('should show the overridden organization logos', async () => {
     const organization = await organizationApi.create({
       name: 'Sign-in experience override',
-      branding: {
-        logoUrl,
-        darkLogoUrl,
-      },
+      branding: organizationBranding,
     });
 
     const experience = new ExpectExperience(await browser.newPage());
     await experience.page.emulateMediaFeatures([{ name: 'prefers-color-scheme', value: 'light' }]);
     await experience.navigateTo(demoAppUrl.href + `?organization_id=${organization.id}`);
-    await experience.toMatchElement(`img[src="${logoUrl}"]`);
+    await experience.toMatchElement(`img[src="${organizationBranding.logoUrl}"]`);
 
     await experience.page.emulateMediaFeatures([{ name: 'prefers-color-scheme', value: 'dark' }]);
     await experience.navigateTo(demoAppUrl.href + `?organization_id=${organization.id}`);
-    await experience.toMatchElement(`img[src="${darkLogoUrl}"]`);
+    await experience.toMatchElement(`img[src="${organizationBranding.darkLogoUrl}"]`);
 
     await experience.page.close();
   });
 
   it('should show app-level logo, favicon, and color', async () => {
-    const logoUrl = 'mock://fake-url-for-app/logo.png';
-    const darkLogoUrl = 'mock://fake-url-for-app/dark-logo.png';
-    const primaryColor = '#f00';
-    const darkPrimaryColor = '#0f0';
-    const favicon = 'mock://fake-url-for-organization/favicon.ico';
-    const darkFavicon = 'mock://fake-url-for-organization/dark-favicon.ico';
-
     const application = await createApplication(
       'Sign-in experience override',
       ApplicationType.SPA,
@@ -115,8 +121,8 @@ describe('override', () => {
     );
 
     await setApplicationSignInExperience(application.id, {
-      color: { primaryColor, darkPrimaryColor },
-      branding: { logoUrl, darkLogoUrl, favicon, darkFavicon },
+      color: appColor,
+      branding: appBranding,
     });
 
     const experience = new ExpectExperience(await browser.newPage());
@@ -134,39 +140,27 @@ describe('override', () => {
         await button.evaluate((element) => window.getComputedStyle(element).backgroundColor)
       ).toBe(primaryColor);
 
-      const foundFavicon = await experience.page.evaluate(() => {
-        return document.querySelector('link[rel="shortcut icon"]')?.getAttribute('href');
-      });
-      expect(foundFavicon).toBe(favicon);
-
-      const faviconAppleTouch = await experience.page.evaluate(() => {
-        return document.querySelector('link[rel="apple-touch-icon"]')?.getAttribute('href');
-      });
-      expect(faviconAppleTouch).toBe(favicon);
+      const { favicon: faviconElement, appleFavicon } = await experience.findFaviconUrls();
+      expect(faviconElement).toBe(favicon);
+      expect(appleFavicon).toBe(favicon);
     };
 
-    await expectMatchBranding('light', logoUrl, 'rgb(255, 0, 0)', favicon);
-    await expectMatchBranding('dark', darkLogoUrl, 'rgb(0, 255, 0)', darkFavicon);
+    await expectMatchBranding('light', appBranding.logoUrl, 'rgb(0, 0, 255)', appBranding.favicon);
+    await expectMatchBranding(
+      'dark',
+      appBranding.darkLogoUrl,
+      'rgb(255, 0, 255)',
+      appBranding.darkFavicon
+    );
 
     await deleteApplication(application.id);
     await experience.page.close();
   });
 
   it('should combine app-level and organization-level branding', async () => {
-    const organizationLogoUrl = 'mock://fake-url-for-organization/logo.png';
-    const organizationDarkLogoUrl = 'mock://fake-url-for-organization/dark-logo.png';
-
-    const appLogoUrl = 'mock://fake-url-for-app/logo.png';
-    const appDarkLogoUrl = 'mock://fake-url-for-app/dark-logo.png';
-    const appPrimaryColor = '#00f';
-    const appDarkPrimaryColor = '#f0f';
-
     const organization = await organizationApi.create({
       name: 'Sign-in experience override',
-      branding: {
-        logoUrl: organizationLogoUrl,
-        darkLogoUrl: organizationDarkLogoUrl,
-      },
+      branding: organizationBranding,
     });
 
     const application = await createApplication(
@@ -181,14 +175,8 @@ describe('override', () => {
     );
 
     await setApplicationSignInExperience(application.id, {
-      color: {
-        primaryColor: appPrimaryColor,
-        darkPrimaryColor: appDarkPrimaryColor,
-      },
-      branding: {
-        logoUrl: appLogoUrl,
-        darkLogoUrl: appDarkLogoUrl,
-      },
+      color: appColor,
+      branding: appBranding,
     });
 
     const experience = new ExpectExperience(await browser.newPage());
@@ -204,8 +192,75 @@ describe('override', () => {
       ).toBe(primaryColor);
     };
 
-    await expectMatchBranding('light', organizationLogoUrl, 'rgb(0, 0, 255)');
-    await expectMatchBranding('dark', organizationDarkLogoUrl, 'rgb(255, 0, 255)');
+    await expectMatchBranding('light', organizationBranding.logoUrl, 'rgb(0, 0, 255)');
+    await expectMatchBranding('dark', organizationBranding.darkLogoUrl, 'rgb(255, 0, 255)');
+    await experience.page.close();
+  });
+
+  describe('override fallback', () => {
+    beforeAll(async () => {
+      await updateSignInExperience({
+        color: omniColor,
+        branding: pick(omniBranding, 'logoUrl', 'favicon'),
+      });
+    });
+
+    it('should fall back to light mode branding elements when dark mode is enabled but no dark mode branding elements are provided (omni)', async () => {
+      const experience = new ExpectExperience(await browser.newPage());
+      await experience.page.emulateMediaFeatures([{ name: 'prefers-color-scheme', value: 'dark' }]);
+      await experience.navigateTo(demoAppUrl.href);
+      await experience.toMatchElement('body[class$="dark"]');
+      await experience.toMatchElement(`img[src="${omniBranding.logoUrl}"]`);
+
+      const { favicon: faviconElement, appleFavicon } = await experience.findFaviconUrls();
+      expect(faviconElement).toBe(omniBranding.favicon);
+      expect(appleFavicon).toBe(omniBranding.favicon);
+      await experience.page.close();
+    });
+  });
+
+  it('should fall back to light mode branding elements when dark mode is enabled but no dark mode branding elements are provided (organization)', async () => {
+    const organization = await organizationApi.create({
+      name: 'Sign-in experience override',
+      branding: pick(organizationBranding, 'logoUrl'),
+    });
+
+    const experience = new ExpectExperience(await browser.newPage());
+    await experience.page.emulateMediaFeatures([{ name: 'prefers-color-scheme', value: 'dark' }]);
+    await experience.navigateTo(demoAppUrl.href + `?organization_id=${organization.id}`);
+    await experience.toMatchElement('body[class$="dark"]');
+    await experience.toMatchElement(`img[src="${organizationBranding.logoUrl}"]`);
+
+    await experience.page.close();
+  });
+
+  it('should fall back to light mode branding elements when dark mode is enabled but no dark mode branding elements are provided (app)', async () => {
+    const application = await createApplication(
+      'Sign-in experience override',
+      ApplicationType.SPA,
+      {
+        oidcClientMetadata: {
+          redirectUris: [demoAppRedirectUri],
+          postLogoutRedirectUris: [demoAppRedirectUri],
+        },
+      }
+    );
+
+    await setApplicationSignInExperience(application.id, {
+      color: appColor,
+      branding: pick(appBranding, 'logoUrl', 'favicon'),
+    });
+
+    const experience = new ExpectExperience(await browser.newPage());
+    await experience.page.emulateMediaFeatures([{ name: 'prefers-color-scheme', value: 'dark' }]);
+    await experience.navigateTo(demoAppUrl.href + `?app_id=${application.id}`);
+    await experience.toMatchElement('body[class$="dark"]');
+    await experience.toMatchElement(`img[src="${appBranding.logoUrl}"]`);
+
+    const { favicon: faviconElement, appleFavicon } = await experience.findFaviconUrls();
+    expect(faviconElement).toBe(appBranding.favicon);
+    expect(appleFavicon).toBe(appBranding.favicon);
+
     await experience.page.close();
   });
 });
diff --git a/packages/integration-tests/src/ui-helpers/expect-experience.ts b/packages/integration-tests/src/ui-helpers/expect-experience.ts
index c6588b4bda85..14c08fdd3cea 100644
--- a/packages/integration-tests/src/ui-helpers/expect-experience.ts
+++ b/packages/integration-tests/src/ui-helpers/expect-experience.ts
@@ -300,6 +300,18 @@ export default class ExpectExperience extends ExpectPage {
     return (await userIdSpan.evaluate((element) => element.textContent)) ?? '';
   }
 
+  async findFaviconUrls() {
+    const [favicon, appleFavicon] = await Promise.all([
+      this.page.evaluate(() => {
+        return document.querySelector('link[rel="shortcut icon"]')?.getAttribute('href');
+      }),
+      this.page.evaluate(() => {
+        return document.querySelector('link[rel="apple-touch-icon"]')?.getAttribute('href');
+      }),
+    ]);
+    return { favicon, appleFavicon };
+  }
+
   /** Build a full experience URL from a pathname. */
   protected buildExperienceUrl(pathname = '') {
     return appendPath(this.options.endpoint, pathname);

From cee1c54dc04428f8bf9101e8123a22dfbc6c5bd6 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Thu, 11 Jul 2024 17:06:21 +0800
Subject: [PATCH 002/135] refactor(console): improve branding experience

---
 .../ConnectorForm/BasicForm/index.tsx         |  6 +--
 .../components/ImageInputs/LogoAndFavicon.tsx |  2 +-
 .../components/ImageInputs/index.module.scss  | 15 +-----
 .../src/ds-components/Tip/TipBubble/utils.ts  |  4 +-
 .../Uploader/FileUploader/index.module.scss   |  3 +-
 .../Branding/index.module.scss                |  8 +++
 .../Branding/index.tsx                        | 50 ++++++++++++++++---
 .../ApplicationDetailsContent/index.tsx       | 14 +++---
 .../Settings/JitSettings.tsx                  |  7 +--
 .../Settings/index.module.scss                |  6 +--
 .../OrganizationDetails/Settings/index.tsx    |  4 +-
 .../PlanComparisonTable/index.tsx             |  2 +-
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/sign-in-exp/index.ts        |  7 +++
 .../admin-console/subscription/quota-table.ts |  2 +-
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../admin-console/subscription/quota-table.ts |  1 -
 .../schemas/src/seeds/sign-in-experience.ts   |  2 +-
 29 files changed, 86 insertions(+), 60 deletions(-)

diff --git a/packages/console/src/components/ConnectorForm/BasicForm/index.tsx b/packages/console/src/components/ConnectorForm/BasicForm/index.tsx
index 6fe7331827fb..fb872a83e6de 100644
--- a/packages/console/src/components/ConnectorForm/BasicForm/index.tsx
+++ b/packages/console/src/components/ConnectorForm/BasicForm/index.tsx
@@ -3,7 +3,7 @@ import { Controller, useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
 
 import Error from '@/assets/icons/toast-error.svg';
-import LogoInputs from '@/components/ImageInputs';
+import ImageInputs from '@/components/ImageInputs';
 import UnnamedTrans from '@/components/UnnamedTrans';
 import FormField from '@/ds-components/FormField';
 import Select from '@/ds-components/Select';
@@ -57,7 +57,7 @@ function BasicForm({ isAllowEditTarget, isStandard, conflictConnectorName }: Pro
               {...register('name', { required: true })}
             />
           </FormField>
-          <LogoInputs
+          <ImageInputs
             uploadTitle="connectors.guide.connector_logo"
             tip={t('connectors.guide.connector_logo_tip')}
             control={control}
@@ -65,7 +65,7 @@ function BasicForm({ isAllowEditTarget, isStandard, conflictConnectorName }: Pro
             fields={Object.values(Theme).map((theme) => ({
               name: themeToField[theme],
               error: errors[themeToField[theme]],
-              type: 'app_logo',
+              type: 'connector_logo',
               theme,
             }))}
           />
diff --git a/packages/console/src/components/ImageInputs/LogoAndFavicon.tsx b/packages/console/src/components/ImageInputs/LogoAndFavicon.tsx
index fc070aec1524..b60af048eb68 100644
--- a/packages/console/src/components/ImageInputs/LogoAndFavicon.tsx
+++ b/packages/console/src/components/ImageInputs/LogoAndFavicon.tsx
@@ -45,7 +45,7 @@ function LogoAndFavicon<FormContext extends FieldValues>({
       uploadTitle={
         <>
           {t(`sign_in_exp.branding.with_${theme}`, {
-            value: t('sign_in_exp.branding.app_logo_and_favicon'),
+            value: t(`sign_in_exp.branding.${type}_and_favicon`),
           })}
         </>
       }
diff --git a/packages/console/src/components/ImageInputs/index.module.scss b/packages/console/src/components/ImageInputs/index.module.scss
index b931a3b5c692..4e24be27ac43 100644
--- a/packages/console/src/components/ImageInputs/index.module.scss
+++ b/packages/console/src/components/ImageInputs/index.module.scss
@@ -2,24 +2,11 @@
 
 .container {
   display: flex;
+  gap: _.unit(2);
 
   > * {
     flex: 1;
 
-    &:first-child {
-      border-top-right-radius: 0;
-      border-bottom-right-radius: 0;
-    }
-
-    &:last-child {
-      border-top-left-radius: 0;
-      border-bottom-left-radius: 0;
-    }
-
-    &:not(:first-child):not(:last-child) {
-      border-radius: 0;
-    }
-
     &.dark {
       background-color: #111;
     }
diff --git a/packages/console/src/ds-components/Tip/TipBubble/utils.ts b/packages/console/src/ds-components/Tip/TipBubble/utils.ts
index 1dace20b11df..20071e5399d1 100644
--- a/packages/console/src/ds-components/Tip/TipBubble/utils.ts
+++ b/packages/console/src/ds-components/Tip/TipBubble/utils.ts
@@ -5,11 +5,11 @@ import type { TipBubblePlacement } from '.';
 export const getVerticalOffset = (placement: TipBubblePlacement) => {
   switch (placement) {
     case 'top': {
-      return -16;
+      return -8;
     }
 
     case 'bottom': {
-      return 16;
+      return 8;
     }
 
     default: {
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
index 0e15e5bbed67..77569e8821c2 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
@@ -28,7 +28,7 @@
 
     .actionDescription {
       margin-top: _.unit(1);
-      font: var(--font-body-2); // With font height to be 20px.
+      font: var(--font-body-3);
       user-select: none;
     }
   }
@@ -60,4 +60,3 @@
     border-color: var(--color-error);
   }
 }
-
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.module.scss b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.module.scss
index f99c87282003..57e7fffb7141 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.module.scss
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.module.scss
@@ -3,3 +3,11 @@
 .colors {
   margin-top: _.unit(6);
 }
+
+.darkModeTip {
+  display: flex;
+  align-items: baseline;
+  font: var(--font-body-2);
+  color: var(--color-text-secondary);
+  margin-top: _.unit(1);
+}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
index d048756849fe..7ff5d422e9d6 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
@@ -1,16 +1,23 @@
-import { Theme, type Application, type ApplicationSignInExperience } from '@logto/schemas';
-import { useCallback, useEffect } from 'react';
+import { generateDarkColor } from '@logto/core-kit';
+import {
+  Theme,
+  defaultPrimaryColor,
+  type Application,
+  type ApplicationSignInExperience,
+} from '@logto/schemas';
+import { useCallback, useEffect, useMemo } from 'react';
 import { useForm, FormProvider, Controller } from 'react-hook-form';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 
 import DetailsForm from '@/components/DetailsForm';
 import FormCard, { FormCardSkeleton } from '@/components/FormCard';
-import LogoInputs, { themeToLogoName } from '@/components/ImageInputs';
+import ImageInputs, { themeToLogoName } from '@/components/ImageInputs';
 import LogoAndFavicon from '@/components/ImageInputs/LogoAndFavicon';
 import RequestDataError from '@/components/RequestDataError';
 import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
 import { appSpecificBrandingLink, logtoThirdPartyAppBrandingLink } from '@/consts';
+import Button from '@/ds-components/Button';
 import ColorPicker from '@/ds-components/ColorPicker';
 import FormField from '@/ds-components/FormField';
 import Switch from '@/ds-components/Switch';
@@ -105,10 +112,22 @@ function Branding({ application, isActive }: Props) {
   // is valid; otherwise, directly save the form will be a no-op.
   useEffect(() => {
     if (isBrandingEnabled && Object.values(color).filter(Boolean).length === 0) {
-      setValue('color', { primaryColor: '#000000', darkPrimaryColor: '#000000' });
+      setValue('color', {
+        primaryColor: defaultPrimaryColor,
+        darkPrimaryColor: generateDarkColor(defaultPrimaryColor),
+      });
     }
   }, [color, isBrandingEnabled, setValue]);
 
+  const [primaryColor, darkPrimaryColor] = watch(['color.primaryColor', 'color.darkPrimaryColor']);
+  const calculatedDarkPrimaryColor = useMemo(() => {
+    return primaryColor && generateDarkColor(primaryColor);
+  }, [primaryColor]);
+
+  const handleResetColor = useCallback(() => {
+    setValue('color.darkPrimaryColor', calculatedDarkPrimaryColor);
+  }, [calculatedDarkPrimaryColor, setValue]);
+
   const NonThirdPartyBrandingForm = useCallback(
     () => (
       <>
@@ -153,10 +172,29 @@ function Branding({ application, isActive }: Props) {
               </FormField>
             )}
           />
+          {calculatedDarkPrimaryColor !== darkPrimaryColor && (
+            <div className={styles.darkModeTip}>
+              {t('sign_in_exp.color.dark_mode_reset_tip')}
+              <Button
+                type="text"
+                size="small"
+                title="sign_in_exp.color.reset"
+                onClick={handleResetColor}
+              />
+            </div>
+          )}
         </div>
       </>
     ),
-    [control, errors.branding, register]
+    [
+      control,
+      errors.branding,
+      register,
+      calculatedDarkPrimaryColor,
+      darkPrimaryColor,
+      handleResetColor,
+      t,
+    ]
   );
 
   if (isLoading) {
@@ -193,7 +231,7 @@ function Branding({ application, isActive }: Props) {
                 <FormField title="application_details.branding.display_name">
                   <TextInput {...register('displayName')} placeholder={application.name} />
                 </FormField>
-                <LogoInputs
+                <ImageInputs
                   uploadTitle="application_details.branding.app_logo"
                   control={control}
                   register={register}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
index ec4edd57a52a..45a8ef8eb343 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
@@ -70,6 +70,12 @@ function ApplicationDetailsContent({ data, oidcConfig, onApplicationUpdated }: P
   const [isDeleting, setIsDeleting] = useState(false);
   const [isDeleted, setIsDeleted] = useState(false);
   const api = useApi();
+  const hasBranding = [
+    ApplicationType.Native,
+    ApplicationType.SPA,
+    ApplicationType.Traditional,
+    ApplicationType.Protected,
+  ].includes(data.type);
 
   const onSubmit = handleSubmit(
     trySubmitSafe(async (formData) => {
@@ -189,9 +195,7 @@ function ApplicationDetailsContent({ data, oidcConfig, onApplicationUpdated }: P
             {t('application_details.permissions.name')}
           </TabNavItem>
         )}
-        {[ApplicationType.Native, ApplicationType.SPA, ApplicationType.Traditional].includes(
-          data.type
-        ) && (
+        {hasBranding && (
           <TabNavItem href={`/applications/${data.id}/${ApplicationDetailsTabs.Branding}`}>
             {t('application_details.branding.name')}
           </TabNavItem>
@@ -266,9 +270,7 @@ function ApplicationDetailsContent({ data, oidcConfig, onApplicationUpdated }: P
           <Permissions application={data} />
         </TabWrapper>
       )}
-      {[ApplicationType.Native, ApplicationType.SPA, ApplicationType.Traditional].includes(
-        data.type
-      ) && (
+      {hasBranding && (
         <TabWrapper
           isActive={tab === ApplicationDetailsTabs.Branding}
           className={styles.tabContainer}
diff --git a/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx b/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx
index d27f87d79ce4..777ac6932509 100644
--- a/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx
@@ -1,4 +1,5 @@
 import { RoleType, type SsoConnectorWithProviderConfig } from '@logto/schemas';
+import classNames from 'classnames';
 import { useCallback, useMemo, useState } from 'react';
 import { Controller, type UseFormReturn } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
@@ -69,7 +70,6 @@ function JitSettings({ form }: Props) {
       description="organization_details.jit.description"
     >
       <FormField
-        className={styles.jitFormField}
         title="organization_details.jit.enterprise_sso"
         description={
           <Trans
@@ -87,7 +87,7 @@ function JitSettings({ form }: Props) {
         descriptionPosition="top"
       >
         {!allSsoConnectors?.length && (
-          <InlineNotification>
+          <InlineNotification className={styles.ssoJitContent}>
             <Trans
               i18nKey="admin_console.organization_details.jit.no_enterprise_connector_set"
               components={{ a: <TextLink to={'/' + enterpriseSso.path} /> }}
@@ -100,7 +100,7 @@ function JitSettings({ form }: Props) {
           render={({ field: { onChange, value } }) => (
             <>
               {value.length > 0 && (
-                <div className={styles.ssoConnectorList}>
+                <div className={classNames(styles.ssoJitContent, styles.ssoConnectorList)}>
                   {value.map((id) => {
                     const connector = allSsoConnectors?.find(
                       ({ id: connectorId }) => id === connectorId
@@ -130,6 +130,7 @@ function JitSettings({ form }: Props) {
               {Boolean(filteredSsoConnectors?.length) && (
                 <ActionMenu
                   buttonProps={{
+                    className: styles.ssoJitContent,
                     type: 'default',
                     size: 'medium',
                     title: 'organization_details.jit.add_enterprise_connector',
diff --git a/packages/console/src/pages/OrganizationDetails/Settings/index.module.scss b/packages/console/src/pages/OrganizationDetails/Settings/index.module.scss
index e3064f255ee1..9a820bd31518 100644
--- a/packages/console/src/pages/OrganizationDetails/Settings/index.module.scss
+++ b/packages/console/src/pages/OrganizationDetails/Settings/index.module.scss
@@ -16,10 +16,8 @@
   }
 }
 
-.jitFormField {
-  display: flex;
-  flex-direction: column;
-  gap: _.unit(3);
+.ssoJitContent {
+  margin-top: _.unit(2);
 }
 
 .mfaWarning {
diff --git a/packages/console/src/pages/OrganizationDetails/Settings/index.tsx b/packages/console/src/pages/OrganizationDetails/Settings/index.tsx
index b3911aa1535d..56f672653b1e 100644
--- a/packages/console/src/pages/OrganizationDetails/Settings/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Settings/index.tsx
@@ -7,7 +7,7 @@ import useSWR from 'swr';
 
 import DetailsForm from '@/components/DetailsForm';
 import FormCard from '@/components/FormCard';
-import LogoInputs, { themeToLogoName } from '@/components/ImageInputs';
+import ImageInputs, { themeToLogoName } from '@/components/ImageInputs';
 import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
 import { organizationLogosForExperienceLink } from '@/consts';
 import CodeEditor from '@/ds-components/CodeEditor';
@@ -107,7 +107,7 @@ function Settings() {
             {...register('description')}
           />
         </FormField>
-        <LogoInputs
+        <ImageInputs
           uploadTitle="organization_details.branding.logo"
           tip={
             <Trans
diff --git a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
index 5781fea0c4bf..ca95510b7457 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
@@ -85,7 +85,7 @@ function PlanComparisonTable() {
     // UI and branding
     const customDomain = t('branding.custom_domain');
     const customCss = t('branding.custom_css');
-    const appLogoAndFavicon = t('branding.app_logo_and_favicon');
+    const appLogoAndFavicon = t('branding.logo_and_favicon');
     const darkMode = t('branding.dark_mode');
     const i18n = t('branding.i18n');
 
diff --git a/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts
index 6c32bd2f5eaa..020c226c33ee 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Benutzeroberfläche und Branding',
     custom_domain: 'Benutzerdefinierte Domain',
     custom_css: 'Benutzerdefiniertes CSS',
-    app_logo_and_favicon: 'App-Logo und Favicon',
     dark_mode: 'Dunkler Modus',
     i18n: 'Internationalisierung',
   },
diff --git a/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
index f8dab6be714b..e2b468febecf 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
@@ -36,6 +36,7 @@ const sign_in_exp = {
     with_light: '{{value}}',
     with_dark: '{{value}} (dark)',
     app_logo_and_favicon: 'App logo and favicon',
+    company_logo_and_favicon: 'Company logo and favicon',
   },
   branding_uploads: {
     app_logo: {
@@ -56,6 +57,12 @@ const sign_in_exp = {
       url_placeholder: 'https://your.cdn.domain/logo.png',
       error: 'Organization logo: {{error}}',
     },
+    connector_logo: {
+      title: 'Upload image',
+      url: 'Connector logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Connector logo: {{error}}',
+    },
     favicon: {
       title: 'Favicon',
       url: 'Favicon URL',
diff --git a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
index 7b37a4cd1b28..035bcf4d6b47 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,7 @@ const quota_table = {
     title: 'UI and branding',
     custom_domain: 'Custom domain',
     custom_css: 'Custom CSS',
-    app_logo_and_favicon: 'App logo and favicon',
+    logo_and_favicon: 'Logo and favicon',
     dark_mode: 'Dark mode',
     i18n: 'Internationalization',
   },
diff --git a/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts
index 6dfe19df5fa5..622b98464eed 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Interfaz de usuario y branding',
     custom_domain: 'Dominio personalizado',
     custom_css: 'CSS personalizado',
-    app_logo_and_favicon: 'Logo de la aplicación y favicon',
     dark_mode: 'Modo oscuro',
     i18n: 'Internacionalización',
   },
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts
index f5bcd84cd01f..f113d1f812ef 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Interface utilisateur et branding',
     custom_domain: 'Domaine personnalisé',
     custom_css: 'CSS personnalisé',
-    app_logo_and_favicon: "Logo et favicon de l'application",
     dark_mode: 'Mode sombre',
     i18n: 'Internationalisation',
   },
diff --git a/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts
index 7e65c1410c12..de806d884e04 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'UI e branding',
     custom_domain: 'Dominio personalizzato',
     custom_css: 'CSS personalizzato',
-    app_logo_and_favicon: "Logo e favicon dell'applicazione",
     dark_mode: 'Modalità scura',
     i18n: 'Internazionalizzazione',
   },
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts
index 77435f288271..0f4489942605 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'UIとブランディング',
     custom_domain: 'カスタムドメイン',
     custom_css: 'カスタムCSS',
-    app_logo_and_favicon: 'アプリロゴとFavicon',
     dark_mode: 'ダークモード',
     i18n: '国際化',
   },
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts
index 267b38db1c44..b851fff7f52a 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'UI 및 브랜딩',
     custom_domain: '사용자 정의 도메인',
     custom_css: '사용자 정의 CSS',
-    app_logo_and_favicon: '앱 로고와 파비콘',
     dark_mode: '다크 모드',
     i18n: '국제화',
   },
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts
index 3201c458d2e0..4892904c2ee9 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Interfejs użytkownika i branding',
     custom_domain: 'Domena niestandardowa',
     custom_css: 'Niestandardowy CSS',
-    app_logo_and_favicon: 'Logo aplikacji i ikona',
     dark_mode: 'Tryb ciemny',
     i18n: 'Internacjonalizacja',
   },
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts
index 2443da100211..3d71aacdb35c 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Interface de usuário e branding',
     custom_domain: 'Domínio personalizado',
     custom_css: 'CSS personalizado',
-    app_logo_and_favicon: 'Logotipo da aplicação e favicon',
     dark_mode: 'Modo escuro',
     i18n: 'Internacionalização',
   },
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts
index d4495134e4ee..c17b65046b1c 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'UI e branding',
     custom_domain: 'Domínio personalizado',
     custom_css: 'CSS personalizado',
-    app_logo_and_favicon: 'Logótipo da aplicação e favicon',
     dark_mode: 'Modo escuro',
     i18n: 'Internacionalização',
   },
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts
index 34ae40cdfffa..1b487eba597e 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Интерфейс и брендинг',
     custom_domain: 'Пользовательский домен',
     custom_css: 'Пользовательский CSS',
-    app_logo_and_favicon: 'Логотип и фавикон приложения',
     dark_mode: 'Темный режим',
     i18n: 'Интернационализация',
   },
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts
index 3dcbba029926..1f78ccd30298 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: 'Kullanıcı Arayüzü ve Markalama',
     custom_domain: 'Özel alan adı',
     custom_css: 'Özel CSS',
-    app_logo_and_favicon: 'Uygulama logoları ve favicon',
     dark_mode: 'Karanlık mod',
     i18n: 'Uluslararasılaştırma',
   },
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts
index a5425d9b7f61..0e7364ef4bb0 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: '界面与品牌',
     custom_domain: '自定义域名',
     custom_css: '自定义 CSS',
-    app_logo_and_favicon: '应用图标与网站图标',
     dark_mode: '深色模式',
     i18n: '国际化',
   },
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts
index d72e2ddd8f2c..985dfe212c82 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: '用戶界面與品牌',
     custom_domain: '自訂網域',
     custom_css: '自訂 CSS',
-    app_logo_and_favicon: '應用程式徽標和網站圖示',
     dark_mode: '深色模式',
     i18n: '國際化',
   },
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts
index 5c2ab0b915f6..73dadd7b2181 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts
@@ -20,7 +20,6 @@ const quota_table = {
     title: '使用者介面和品牌塑造',
     custom_domain: '自訂網域',
     custom_css: '自訂 CSS',
-    app_logo_and_favicon: '應用程式標誌和網站圖示',
     dark_mode: '深色模式',
     i18n: '國際化',
   },
diff --git a/packages/schemas/src/seeds/sign-in-experience.ts b/packages/schemas/src/seeds/sign-in-experience.ts
index d7217af52ab3..866fe317b2f3 100644
--- a/packages/schemas/src/seeds/sign-in-experience.ts
+++ b/packages/schemas/src/seeds/sign-in-experience.ts
@@ -6,7 +6,7 @@ import { MfaPolicy, SignInIdentifier } from '../foundations/index.js';
 
 import { adminTenantId, defaultTenantId } from './tenant.js';
 
-const defaultPrimaryColor = '#6139F6';
+export const defaultPrimaryColor = '#6139F6';
 
 export const createDefaultSignInExperience = (
   forTenantId: string,

From f9d613704821a417b8896623d472c955e7ffa6ed Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 12 Jul 2024 14:03:21 +0800
Subject: [PATCH 003/135] feat(core): handle dpop and client certificate for
 token exchange (#6199)

---
 .../src/oidc/grants/client-credentials.ts     | 27 ++-----
 .../core/src/oidc/grants/refresh-token.ts     | 57 ++-----------
 .../src/oidc/grants/token-exchange/index.ts   |  5 +-
 packages/core/src/oidc/grants/utils.ts        | 81 +++++++++++++++++++
 4 files changed, 95 insertions(+), 75 deletions(-)
 create mode 100644 packages/core/src/oidc/grants/utils.ts

diff --git a/packages/core/src/oidc/grants/client-credentials.ts b/packages/core/src/oidc/grants/client-credentials.ts
index 5bf06f889acb..8aafdeec2edb 100644
--- a/packages/core/src/oidc/grants/client-credentials.ts
+++ b/packages/core/src/oidc/grants/client-credentials.ts
@@ -23,8 +23,6 @@ import { buildOrganizationUrn } from '@logto/core-kit';
 import { cond } from '@silverhand/essentials';
 import type Provider from 'oidc-provider';
 import { errors } from 'oidc-provider';
-import epochTime from 'oidc-provider/lib/helpers/epoch_time.js';
-import dpopValidate from 'oidc-provider/lib/helpers/validate_dpop.js';
 import instance from 'oidc-provider/lib/helpers/weak_cache.js';
 import checkResource from 'oidc-provider/lib/shared/check_resource.js';
 
@@ -34,6 +32,8 @@ import assertThat from '#src/utils/assert-that.js';
 
 import { getSharedResourceServerData, reversedResourceAccessTokenTtl } from '../resource.js';
 
+import { handleClientCertificate, handleDPoP } from './utils.js';
+
 const { AccessDenied, InvalidClient, InvalidGrant, InvalidScope, InvalidTarget } = errors;
 
 /**
@@ -51,7 +51,7 @@ export const buildHandler: (
   // eslint-disable-next-line complexity
 ) => Parameters<Provider['registerGrantType']>[1] = (envSet, queries) => async (ctx, next) => {
   const { client, params } = ctx.oidc;
-  const { ClientCredentials, ReplayDetection } = ctx.oidc.provider;
+  const { ClientCredentials } = ctx.oidc.provider;
 
   assertThat(client, new InvalidClient('client must be available'));
 
@@ -62,8 +62,6 @@ export const buildHandler: (
     scopes: statics,
   } = instance(ctx.oidc.provider).configuration();
 
-  const dPoP = await dpopValidate(ctx);
-
   /* === RFC 0006 === */
   // The value type is `unknown`, which will swallow other type inferences. So we have to cast it
   // to `Boolean` first.
@@ -166,23 +164,8 @@ export const buildHandler: (
     token.setThumbprint('x5t', cert);
   }
 
-  if (dPoP) {
-    // @ts-expect-error -- code from oidc-provider
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
-    const unique: unknown = await ReplayDetection.unique(
-      client.clientId,
-      dPoP.jti,
-      epochTime() + 300
-    );
-
-    assertThat(unique, new InvalidGrant('DPoP proof JWT Replay detected'));
-
-    // @ts-expect-error -- code from oidc-provider
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
-    token.setThumbprint('jkt', dPoP.thumbprint);
-  } else if (ctx.oidc.client?.dpopBoundAccessTokens) {
-    throw new InvalidGrant('DPoP proof JWT not provided');
-  }
+  await handleDPoP(ctx, token);
+  await handleClientCertificate(ctx, token);
 
   ctx.oidc.entity('ClientCredentials', token);
   const value = await token.save();
diff --git a/packages/core/src/oidc/grants/refresh-token.ts b/packages/core/src/oidc/grants/refresh-token.ts
index 87677f4f0345..f3fa05fff5b5 100644
--- a/packages/core/src/oidc/grants/refresh-token.ts
+++ b/packages/core/src/oidc/grants/refresh-token.ts
@@ -19,19 +19,14 @@
  * The commit hash of the original file is `cf2069cbb31a6a855876e95157372d25dde2511c`.
  */
 
-import { type X509Certificate } from 'node:crypto';
-
 import { UserScope, buildOrganizationUrn } from '@logto/core-kit';
-import { type Optional, isKeyInObject, cond } from '@silverhand/essentials';
+import { isKeyInObject, cond } from '@silverhand/essentials';
 import type Provider from 'oidc-provider';
 import { errors } from 'oidc-provider';
 import difference from 'oidc-provider/lib/helpers/_/difference.js';
-import certificateThumbprint from 'oidc-provider/lib/helpers/certificate_thumbprint.js';
-import epochTime from 'oidc-provider/lib/helpers/epoch_time.js';
 import filterClaims from 'oidc-provider/lib/helpers/filter_claims.js';
 import resolveResource from 'oidc-provider/lib/helpers/resolve_resource.js';
 import revoke from 'oidc-provider/lib/helpers/revoke.js';
-import dpopValidate from 'oidc-provider/lib/helpers/validate_dpop.js';
 import validatePresence from 'oidc-provider/lib/helpers/validate_presence.js';
 import instance from 'oidc-provider/lib/helpers/weak_cache.js';
 
@@ -46,6 +41,8 @@ import {
   isOrganizationConsentedToApplication,
 } from '../resource.js';
 
+import { handleClientCertificate, handleDPoP } from './utils.js';
+
 const { InvalidClient, InvalidGrant, InvalidScope, InsufficientScope, AccessDenied } = errors;
 
 /** The grant type name. `gty` follows the name in oidc-provider. */
@@ -93,8 +90,6 @@ export const buildHandler: (
     },
   } = providerInstance.configuration();
 
-  const dPoP = await dpopValidate(ctx);
-
   // @gao: I believe the presence of the param is validated by required parameters of this grant.
   // Add `String` to make TS happy.
   let refreshTokenValue = String(params.refresh_token);
@@ -112,23 +107,6 @@ export const buildHandler: (
     throw new InvalidGrant('refresh token is expired');
   }
 
-  let cert: Optional<string | X509Certificate>;
-  // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- the original code uses `||`
-  if (client.tlsClientCertificateBoundAccessTokens || refreshToken['x5t#S256']) {
-    cert = getCertificate(ctx);
-    if (!cert) {
-      throw new InvalidGrant('mutual TLS client certificate not provided');
-    }
-  }
-
-  if (!dPoP && client.dpopBoundAccessTokens) {
-    throw new InvalidGrant('DPoP proof JWT not provided');
-  }
-
-  if (refreshToken['x5t#S256'] && refreshToken['x5t#S256'] !== certificateThumbprint(cert!)) {
-    throw new InvalidGrant('failed x5t#S256 verification');
-  }
-
   /* === RFC 0001 === */
   // The value type is `unknown`, which will swallow other type inferences. So we have to cast it
   // to `Boolean` first.
@@ -177,22 +155,6 @@ export const buildHandler: (
     }
   }
 
-  if (dPoP) {
-    // @ts-expect-error -- code from oidc-provider
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
-    const unique: unknown = await ReplayDetection.unique(
-      client.clientId,
-      dPoP.jti,
-      epochTime() + 300
-    );
-
-    assertThat(unique, new errors.InvalidGrant('DPoP proof JWT Replay detected'));
-  }
-
-  if (refreshToken.jkt && (!dPoP || refreshToken.jkt !== dPoP.thumbprint)) {
-    throw new InvalidGrant('failed jkt verification');
-  }
-
   ctx.oidc.entity('RefreshToken', refreshToken);
   ctx.oidc.entity('Grant', grant);
 
@@ -304,17 +266,8 @@ export const buildHandler: (
     scope: undefined!,
   });
 
-  if (client.tlsClientCertificateBoundAccessTokens) {
-    // @ts-expect-error -- code from oidc-provider
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
-    at.setThumbprint('x5t', cert);
-  }
-
-  if (dPoP) {
-    // @ts-expect-error -- code from oidc-provider
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
-    at.setThumbprint('jkt', dPoP.thumbprint);
-  }
+  await handleDPoP(ctx, at, refreshToken);
+  await handleClientCertificate(ctx, at, refreshToken);
 
   if (at.gty && !at.gty.endsWith(gty)) {
     at.gty = `${at.gty} ${gty}`;
diff --git a/packages/core/src/oidc/grants/token-exchange/index.ts b/packages/core/src/oidc/grants/token-exchange/index.ts
index f672bad78e6e..b4758e7537eb 100644
--- a/packages/core/src/oidc/grants/token-exchange/index.ts
+++ b/packages/core/src/oidc/grants/token-exchange/index.ts
@@ -22,6 +22,7 @@ import {
   getSharedResourceServerData,
   reversedResourceAccessTokenTtl,
 } from '../../resource.js';
+import { handleClientCertificate, handleDPoP } from '../utils.js';
 
 import { handleActorToken } from './actor-token.js';
 import { TokenExchangeTokenType, type TokenExchangeAct } from './types.js';
@@ -93,7 +94,6 @@ export const buildHandler: (
     throw new InvalidGrant('refresh token invalid (referenced account not found)');
   }
 
-  // TODO: (LOG-9501) Implement general security checks like dPop
   ctx.oidc.entity('Account', account);
 
   /* === RFC 0001 === */
@@ -137,6 +137,9 @@ export const buildHandler: (
     scope: undefined!,
   });
 
+  await handleDPoP(ctx, accessToken);
+  await handleClientCertificate(ctx, accessToken);
+
   /** The scopes requested by the client. If not provided, use the scopes from the refresh token. */
   const scope = requestParamScopes;
   const resource = await resolveResource(
diff --git a/packages/core/src/oidc/grants/utils.ts b/packages/core/src/oidc/grants/utils.ts
new file mode 100644
index 000000000000..7720c67ef934
--- /dev/null
+++ b/packages/core/src/oidc/grants/utils.ts
@@ -0,0 +1,81 @@
+import type Provider from 'oidc-provider';
+import { errors, type KoaContextWithOIDC } from 'oidc-provider';
+import certificateThumbprint from 'oidc-provider/lib/helpers/certificate_thumbprint.js';
+import epochTime from 'oidc-provider/lib/helpers/epoch_time.js';
+import dpopValidate from 'oidc-provider/lib/helpers/validate_dpop.js';
+import instance from 'oidc-provider/lib/helpers/weak_cache.js';
+
+import assertThat from '#src/utils/assert-that.js';
+
+const { InvalidGrant, InvalidClient } = errors;
+
+/**
+ * Handle DPoP bound access tokens.
+ */
+export const handleDPoP = async (
+  ctx: KoaContextWithOIDC,
+  token: InstanceType<Provider['AccessToken']> | InstanceType<Provider['ClientCredentials']>,
+  originalToken?: InstanceType<Provider['RefreshToken']>
+) => {
+  const { client } = ctx.oidc;
+  assertThat(client, new InvalidClient('client must be available'));
+
+  const dPoP = await dpopValidate(ctx);
+
+  if (dPoP) {
+    // @ts-expect-error -- code from oidc-provider
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
+    const unique: unknown = await ReplayDetection.unique(
+      client.clientId,
+      dPoP.jti,
+      epochTime() + 300
+    );
+
+    assertThat(unique, new InvalidGrant('DPoP proof JWT Replay detected'));
+
+    // @ts-expect-error -- code from oidc-provider
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
+    token.setThumbprint('jkt', dPoP.thumbprint);
+  } else if (client.dpopBoundAccessTokens) {
+    throw new InvalidGrant('DPoP proof JWT not provided');
+  }
+
+  if (originalToken?.jkt && (!dPoP || originalToken.jkt !== dPoP.thumbprint)) {
+    throw new InvalidGrant('failed jkt verification');
+  }
+};
+
+/**
+ * Handle client certificate bound access tokens.
+ */
+export const handleClientCertificate = async (
+  ctx: KoaContextWithOIDC,
+  token: InstanceType<Provider['AccessToken']> | InstanceType<Provider['ClientCredentials']>,
+  originalToken?: InstanceType<Provider['RefreshToken']>
+) => {
+  const { client, provider } = ctx.oidc;
+  assertThat(client, new InvalidClient('client must be available'));
+
+  const providerInstance = instance(provider);
+  const {
+    features: {
+      mTLS: { getCertificate },
+    },
+  } = providerInstance.configuration();
+
+  // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+  if (client.tlsClientCertificateBoundAccessTokens || originalToken?.['x5t#S256']) {
+    const cert = getCertificate(ctx);
+
+    if (!cert) {
+      throw new InvalidGrant('mutual TLS client certificate not provided');
+    }
+    // @ts-expect-error -- code from oidc-provider
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
+    token.setThumbprint('x5t', cert);
+
+    if (originalToken?.['x5t#S256'] && originalToken['x5t#S256'] !== certificateThumbprint(cert)) {
+      throw new InvalidGrant('failed x5t#S256 verification');
+    }
+  }
+};

From ba875b417c20fa22214a060dc7600a9e2d11e52a Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 12 Jul 2024 14:04:43 +0800
Subject: [PATCH 004/135] refactor: fix third-party app experience branding
 (#6223)

---
 .../src/components/ImageInputs/index.tsx      |  5 +-
 .../src/libraries/sign-in-experience/index.ts | 12 ++++-
 .../queries/application-sign-in-experience.ts | 26 +++++++++--
 .../src/tests/experience/overrides.test.ts    | 46 +++++++++++++++++--
 4 files changed, 77 insertions(+), 12 deletions(-)

diff --git a/packages/console/src/components/ImageInputs/index.tsx b/packages/console/src/components/ImageInputs/index.tsx
index bce230e7c2bf..a9f8d6f5e908 100644
--- a/packages/console/src/components/ImageInputs/index.tsx
+++ b/packages/console/src/components/ImageInputs/index.tsx
@@ -45,7 +45,10 @@ export type ImageField<FormContext extends FieldValues> = {
 type Props<FormContext extends FieldValues> = {
   /** The condensed title when user assets service is available. */
   readonly uploadTitle: React.ComponentProps<typeof FormField>['title'];
-  /** The tooltip to show for all the fields. */
+  /**
+   * When user assets service is available, the tip will be displayed for the `uploadTitle`;
+   * otherwise, it will be displayed for each text input.
+   */
   readonly tip?: React.ComponentProps<typeof FormField>['tip'];
   readonly control: Control<FormContext>;
   readonly register: UseFormRegister<FormContext>;
diff --git a/packages/core/src/libraries/sign-in-experience/index.ts b/packages/core/src/libraries/sign-in-experience/index.ts
index 5c7672f3b8fb..a98f80c63053 100644
--- a/packages/core/src/libraries/sign-in-experience/index.ts
+++ b/packages/core/src/libraries/sign-in-experience/index.ts
@@ -147,7 +147,7 @@ export const createSignInExperienceLibrary = (
       return;
     }
 
-    return pick(found, 'branding', 'color');
+    return pick(found, 'branding', 'color', 'type', 'isThirdParty');
   };
 
   const getFullSignInExperience = async ({
@@ -223,9 +223,17 @@ export const createSignInExperienceLibrary = (
       };
     };
 
+    /** Get the branding and color from the app sign-in experience if it is not a third-party app. */
+    const getAppSignInExperience = () => {
+      if (!appSignInExperience || appSignInExperience.isThirdParty) {
+        return {};
+      }
+      return pick(appSignInExperience, 'branding', 'color');
+    };
+
     return {
       ...deepmerge(
-        deepmerge(signInExperience, appSignInExperience ?? {}),
+        deepmerge(signInExperience, getAppSignInExperience()),
         organizationOverride ?? {}
       ),
       socialConnectors,
diff --git a/packages/core/src/queries/application-sign-in-experience.ts b/packages/core/src/queries/application-sign-in-experience.ts
index 3a9e0f157aee..84a891085c9f 100644
--- a/packages/core/src/queries/application-sign-in-experience.ts
+++ b/packages/core/src/queries/application-sign-in-experience.ts
@@ -1,4 +1,10 @@
-import { ApplicationSignInExperiences, type ApplicationSignInExperience } from '@logto/schemas';
+import {
+  type Application,
+  ApplicationSignInExperiences,
+  Applications,
+  type ApplicationSignInExperience,
+} from '@logto/schemas';
+import { type Nullable } from '@silverhand/essentials';
 import { sql, type CommonQueryMethods } from '@silverhand/slonik';
 
 import { buildInsertIntoWithPool } from '#src/database/insert-into.js';
@@ -10,12 +16,22 @@ const createApplicationSignInExperienceQueries = (pool: CommonQueryMethods) => {
     returning: true,
   });
 
-  const safeFindSignInExperienceByApplicationId = async (applicationId: string) => {
-    const { table, fields } = convertToIdentifiers(ApplicationSignInExperiences);
+  type ApplicationSignInExperienceReturn = ApplicationSignInExperience &
+    Pick<Application, 'type' | 'isThirdParty'>;
 
-    return pool.maybeOne<ApplicationSignInExperience>(sql`
-      select ${sql.join(Object.values(fields), sql`, `)}
+  const safeFindSignInExperienceByApplicationId = async (
+    applicationId: string
+  ): Promise<Nullable<ApplicationSignInExperienceReturn>> => {
+    const applications = convertToIdentifiers(Applications, true);
+    const { table, fields } = convertToIdentifiers(ApplicationSignInExperiences, true);
+
+    return pool.maybeOne<ApplicationSignInExperienceReturn>(sql`
+      select
+        ${sql.join(Object.values(fields), sql`, `)},
+        ${applications.fields.type},
+        ${applications.fields.isThirdParty}
       from ${table}
+      join ${applications.table} on ${fields.applicationId}=${applications.fields.id}
       where ${fields.applicationId}=${applicationId}
     `);
   };
diff --git a/packages/integration-tests/src/tests/experience/overrides.test.ts b/packages/integration-tests/src/tests/experience/overrides.test.ts
index 67d4790b465f..1ad22b0bd96c 100644
--- a/packages/integration-tests/src/tests/experience/overrides.test.ts
+++ b/packages/integration-tests/src/tests/experience/overrides.test.ts
@@ -3,13 +3,20 @@
  */
 
 import { ConnectorType } from '@logto/connector-kit';
-import { ApplicationType, type Branding, type Color, SignInIdentifier } from '@logto/schemas';
-import { pick } from '@silverhand/essentials';
-
+import {
+  ApplicationType,
+  type Branding,
+  type Color,
+  SignInIdentifier,
+  type FullSignInExperience,
+} from '@logto/schemas';
+import { appendPath, pick } from '@silverhand/essentials';
+
+import api from '#src/api/api.js';
 import { setApplicationSignInExperience } from '#src/api/application-sign-in-experience.js';
 import { createApplication, deleteApplication } from '#src/api/application.js';
 import { updateSignInExperience } from '#src/api/sign-in-experience.js';
-import { demoAppRedirectUri, demoAppUrl } from '#src/constants.js';
+import { demoAppRedirectUri, demoAppUrl, logtoUrl } from '#src/constants.js';
 import { clearConnectorsByTypes } from '#src/helpers/connector.js';
 import { OrganizationApiTest } from '#src/helpers/organization.js';
 import ExpectExperience from '#src/ui-helpers/expect-experience.js';
@@ -194,9 +201,39 @@ describe('overrides', () => {
 
     await expectMatchBranding('light', organizationBranding.logoUrl, 'rgb(0, 0, 255)');
     await expectMatchBranding('dark', organizationBranding.darkLogoUrl, 'rgb(255, 0, 255)');
+    await deleteApplication(application.id);
     await experience.page.close();
   });
 
+  it('should not use app-level branding when the app is an third-party app', async () => {
+    const application = await createApplication(
+      'Sign-in experience override',
+      ApplicationType.Traditional,
+      {
+        isThirdParty: true,
+        oidcClientMetadata: {
+          redirectUris: [demoAppRedirectUri],
+          postLogoutRedirectUris: [demoAppRedirectUri],
+        },
+      }
+    );
+
+    await setApplicationSignInExperience(application.id, {
+      color: appColor,
+      branding: appBranding,
+    });
+
+    // It's hard to simulate third-party apps because their type is "Traditional" while our demo
+    // app is an SPA. Only test the API response here.
+    const experience = await api
+      .get(appendPath(new URL(logtoUrl), 'api/.well-known/sign-in-exp'))
+      .json<FullSignInExperience>();
+
+    expect(experience.branding).toEqual(omniBranding);
+
+    await deleteApplication(application.id);
+  });
+
   describe('override fallback', () => {
     beforeAll(async () => {
       await updateSignInExperience({
@@ -261,6 +298,7 @@ describe('overrides', () => {
     expect(faviconElement).toBe(appBranding.favicon);
     expect(appleFavicon).toBe(appBranding.favicon);
 
+    await deleteApplication(application.id);
     await experience.page.close();
   });
 });

From 608349e8eafc99d76ac08c0e6f06fd58b7b218db Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 12 Jul 2024 14:19:38 +0800
Subject: [PATCH 005/135] refactor(core): refactor organizations in grants
 (#6208)

---
 .../src/oidc/grants/client-credentials.ts     |  28 ++---
 .../src/oidc/grants/refresh-token.test.ts     |  40 ++++--
 .../core/src/oidc/grants/refresh-token.ts     | 105 ++++------------
 .../src/oidc/grants/token-exchange/index.ts   |  35 +-----
 packages/core/src/oidc/grants/utils.ts        | 114 +++++++++++++++++-
 .../api/oidc/refresh-token-grant.test.ts      |  18 +--
 6 files changed, 187 insertions(+), 153 deletions(-)

diff --git a/packages/core/src/oidc/grants/client-credentials.ts b/packages/core/src/oidc/grants/client-credentials.ts
index 8aafdeec2edb..7dffd2be47ab 100644
--- a/packages/core/src/oidc/grants/client-credentials.ts
+++ b/packages/core/src/oidc/grants/client-credentials.ts
@@ -19,7 +19,6 @@
  * The commit hash of the original file is `0c52469f08b0a4a1854d90a96546a3f7aa090e5e`.
  */
 
-import { buildOrganizationUrn } from '@logto/core-kit';
 import { cond } from '@silverhand/essentials';
 import type Provider from 'oidc-provider';
 import { errors } from 'oidc-provider';
@@ -30,9 +29,7 @@ import { type EnvSet } from '#src/env-set/index.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { getSharedResourceServerData, reversedResourceAccessTokenTtl } from '../resource.js';
-
-import { handleClientCertificate, handleDPoP } from './utils.js';
+import { handleClientCertificate, handleDPoP, handleOrganizationToken } from './utils.js';
 
 const { AccessDenied, InvalidClient, InvalidGrant, InvalidScope, InvalidTarget } = errors;
 
@@ -130,26 +127,17 @@ export const buildHandler: (
   // If it's present, the flow falls into the `checkResource` and `if (resourceServer)` block above.
   if (organizationId && !resourceServer) {
     /* === RFC 0006 === */
-    const audience = buildOrganizationUrn(organizationId);
     const availableScopes = await queries.organizations.relations.appsRoles
       .getApplicationScopes(organizationId, client.clientId)
       .then((scope) => scope.map(({ name }) => name));
 
-    /** The intersection of the available scopes and the requested scopes. */
-    const issuedScopes = availableScopes.filter((scope) => scopes.includes(scope)).join(' ');
-
-    token.aud = audience;
-    // Note: the original implementation uses `new provider.ResourceServer` to create the resource
-    // server. But it's not available in the typings. The class is actually very simple and holds
-    // no provider-specific context. So we just create the object manually.
-    // See https://github.com/panva/node-oidc-provider/blob/cf2069cbb31a6a855876e95157372d25dde2511c/lib/helpers/resource_server.js
-    token.resourceServer = {
-      ...getSharedResourceServerData(envSet),
-      accessTokenTTL: reversedResourceAccessTokenTtl,
-      audience,
-      scope: availableScopes.join(' '),
-    };
-    token.scope = issuedScopes;
+    await handleOrganizationToken({
+      envSet,
+      availableScopes,
+      accessToken: token,
+      organizationId,
+      scope: new Set(scopes),
+    });
     /* === End RFC 0006 === */
   }
 
diff --git a/packages/core/src/oidc/grants/refresh-token.test.ts b/packages/core/src/oidc/grants/refresh-token.test.ts
index 69d8e21b77f2..8ec1f459f928 100644
--- a/packages/core/src/oidc/grants/refresh-token.test.ts
+++ b/packages/core/src/oidc/grants/refresh-token.test.ts
@@ -191,16 +191,6 @@ describe('refresh token grant', () => {
     );
   });
 
-  it('should throw when refresh token has no organization scope', async () => {
-    const ctx = createOidcContext(validOidcContext);
-    stubRefreshToken(ctx, {
-      scopes: new Set(),
-    });
-    await expect(mockHandler()(ctx, noop)).rejects.toMatchError(
-      new errors.InsufficientScope('refresh token missing required scope', UserScope.Organizations)
-    );
-  });
-
   it('should throw when refresh token has no grant id or the grant cannot be found', async () => {
     const ctx = createOidcContext(validOidcContext);
     const findRefreshToken = stubRefreshToken(ctx, {
@@ -311,6 +301,36 @@ describe('refresh token grant', () => {
     );
   });
 
+  it('should throw when refresh token has no organization scope', async () => {
+    const ctx = createOidcContext({
+      ...validOidcContext,
+      params: {
+        ...validOidcContext.params,
+        scope: '',
+      },
+    });
+    const tenant = new MockTenant();
+    stubRefreshToken(ctx, {
+      scopes: new Set(),
+    });
+    stubGrant(ctx);
+    Sinon.stub(tenant.queries.organizations.relations.users, 'exists').resolves(true);
+    Sinon.stub(tenant.queries.applications, 'findApplicationById').resolves(mockApplication);
+    Sinon.stub(tenant.queries.organizations.relations.usersRoles, 'getUserScopes').resolves([
+      { tenantId: 'default', id: 'foo', name: 'foo', description: 'foo' },
+      { tenantId: 'default', id: 'bar', name: 'bar', description: 'bar' },
+      { tenantId: 'default', id: 'baz', name: 'baz', description: 'baz' },
+    ]);
+    Sinon.stub(tenant.queries.organizations, 'getMfaStatus').resolves({
+      isMfaRequired: false,
+      hasMfaConfigured: false,
+    });
+
+    await expect(mockHandler(tenant)(ctx, noop)).rejects.toMatchError(
+      new errors.InsufficientScope('refresh token missing required scope', UserScope.Organizations)
+    );
+  });
+
   it('should not explode when everything looks fine', async () => {
     const ctx = createPreparedContext();
     const tenant = new MockTenant();
diff --git a/packages/core/src/oidc/grants/refresh-token.ts b/packages/core/src/oidc/grants/refresh-token.ts
index f3fa05fff5b5..9d885d58fcad 100644
--- a/packages/core/src/oidc/grants/refresh-token.ts
+++ b/packages/core/src/oidc/grants/refresh-token.ts
@@ -19,8 +19,8 @@
  * The commit hash of the original file is `cf2069cbb31a6a855876e95157372d25dde2511c`.
  */
 
-import { UserScope, buildOrganizationUrn } from '@logto/core-kit';
-import { isKeyInObject, cond } from '@silverhand/essentials';
+import { UserScope } from '@logto/core-kit';
+import { isKeyInObject } from '@silverhand/essentials';
 import type Provider from 'oidc-provider';
 import { errors } from 'oidc-provider';
 import difference from 'oidc-provider/lib/helpers/_/difference.js';
@@ -35,13 +35,11 @@ import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
 import {
-  getSharedResourceServerData,
-  isThirdPartyApplication,
-  reversedResourceAccessTokenTtl,
-  isOrganizationConsentedToApplication,
-} from '../resource.js';
-
-import { handleClientCertificate, handleDPoP } from './utils.js';
+  handleClientCertificate,
+  handleDPoP,
+  handleOrganizationToken,
+  checkOrganizationAccess,
+} from './utils.js';
 
 const { InvalidClient, InvalidGrant, InvalidScope, InsufficientScope, AccessDenied } = errors;
 
@@ -72,7 +70,7 @@ export const buildHandler: (
   // eslint-disable-next-line complexity
 ) => Parameters<Provider['registerGrantType']>[1] = (envSet, queries) => async (ctx, next) => {
   const { client, params, requestParamScopes, provider } = ctx.oidc;
-  const { RefreshToken, Account, AccessToken, Grant, ReplayDetection, IdToken } = provider;
+  const { RefreshToken, Account, AccessToken, Grant, IdToken } = provider;
 
   assertThat(params, new InvalidGrant('parameters must be available'));
   assertThat(client, new InvalidClient('client must be available'));
@@ -83,11 +81,7 @@ export const buildHandler: (
   const {
     rotateRefreshToken,
     conformIdTokenClaims,
-    features: {
-      mTLS: { getCertificate },
-      userinfo,
-      resourceIndicators,
-    },
+    features: { userinfo, resourceIndicators },
   } = providerInstance.configuration();
 
   // @gao: I believe the presence of the param is validated by required parameters of this grant.
@@ -107,18 +101,6 @@ export const buildHandler: (
     throw new InvalidGrant('refresh token is expired');
   }
 
-  /* === RFC 0001 === */
-  // The value type is `unknown`, which will swallow other type inferences. So we have to cast it
-  // to `Boolean` first.
-  const organizationId = cond(Boolean(params.organization_id) && String(params.organization_id));
-  if (
-    organizationId && // Validate if the refresh token has the required scope from RFC 0001.
-    !refreshToken.scopes.has(UserScope.Organizations)
-  ) {
-    throw new InsufficientScope('refresh token missing required scope', UserScope.Organizations);
-  }
-  /* === End RFC 0001 === */
-
   if (!refreshToken.grantId) {
     throw new InvalidGrant('grantId not found');
   }
@@ -177,45 +159,14 @@ export const buildHandler: (
     throw new InvalidGrant('refresh token already used');
   }
 
-  /* === RFC 0001 === */
-  if (organizationId) {
-    // Check membership
-    if (
-      !(await queries.organizations.relations.users.exists({
-        organizationId,
-        userId: account.accountId,
-      }))
-    ) {
-      const error = new AccessDenied('user is not a member of the organization');
-      error.statusCode = 403;
-      throw error;
-    }
-
-    // Check if the organization is granted (third-party application only) by the user
-    if (
-      (await isThirdPartyApplication(queries, client.clientId)) &&
-      !(await isOrganizationConsentedToApplication(
-        queries,
-        client.clientId,
-        account.accountId,
-        organizationId
-      ))
-    ) {
-      const error = new AccessDenied('organization access is not granted to the application');
-      error.statusCode = 403;
-      throw error;
-    }
+  const { organizationId } = await checkOrganizationAccess(ctx, queries, account);
 
-    // Check if the organization requires MFA and the user has MFA enabled
-    const { isMfaRequired, hasMfaConfigured } = await queries.organizations.getMfaStatus(
-      organizationId,
-      account.accountId
-    );
-    if (isMfaRequired && !hasMfaConfigured) {
-      const error = new AccessDenied('organization requires MFA but user has no MFA configured');
-      error.statusCode = 403;
-      throw error;
-    }
+  /* === RFC 0001 === */
+  if (
+    organizationId && // Validate if the refresh token has the required scope from RFC 0001.
+    !refreshToken.scopes.has(UserScope.Organizations)
+  ) {
+    throw new InsufficientScope('refresh token missing required scope', UserScope.Organizations);
   }
   /* === End RFC 0001 === */
 
@@ -281,27 +232,17 @@ export const buildHandler: (
   // the logic is handled in `getResourceServerInfo` and `extraTokenClaims`, see the init file of oidc-provider.
   if (organizationId && !params.resource) {
     /* === RFC 0001 === */
-    const audience = buildOrganizationUrn(organizationId);
     /** All available scopes for the user in the organization. */
     const availableScopes = await queries.organizations.relations.usersRoles
       .getUserScopes(organizationId, account.accountId)
       .then((scopes) => scopes.map(({ name }) => name));
-
-    /** The intersection of the available scopes and the requested scopes. */
-    const issuedScopes = availableScopes.filter((name) => scope.has(name)).join(' ');
-
-    at.aud = audience;
-    // Note: the original implementation uses `new provider.ResourceServer` to create the resource
-    // server. But it's not available in the typings. The class is actually very simple and holds
-    // no provider-specific context. So we just create the object manually.
-    // See https://github.com/panva/node-oidc-provider/blob/cf2069cbb31a6a855876e95157372d25dde2511c/lib/helpers/resource_server.js
-    at.resourceServer = {
-      ...getSharedResourceServerData(envSet),
-      accessTokenTTL: reversedResourceAccessTokenTtl,
-      audience,
-      scope: availableScopes.join(' '),
-    };
-    at.scope = issuedScopes;
+    await handleOrganizationToken({
+      envSet,
+      availableScopes,
+      accessToken: at,
+      organizationId,
+      scope,
+    });
     /* === End RFC 0001 === */
   } else {
     const resource = await resolveResource(
diff --git a/packages/core/src/oidc/grants/token-exchange/index.ts b/packages/core/src/oidc/grants/token-exchange/index.ts
index b4758e7537eb..669e1ee49d69 100644
--- a/packages/core/src/oidc/grants/token-exchange/index.ts
+++ b/packages/core/src/oidc/grants/token-exchange/index.ts
@@ -6,7 +6,7 @@
 
 import { buildOrganizationUrn } from '@logto/core-kit';
 import { GrantType } from '@logto/schemas';
-import { cond, trySafe } from '@silverhand/essentials';
+import { trySafe } from '@silverhand/essentials';
 import type Provider from 'oidc-provider';
 import { errors } from 'oidc-provider';
 import resolveResource from 'oidc-provider/lib/helpers/resolve_resource.js';
@@ -22,7 +22,7 @@ import {
   getSharedResourceServerData,
   reversedResourceAccessTokenTtl,
 } from '../../resource.js';
-import { handleClientCertificate, handleDPoP } from '../utils.js';
+import { handleClientCertificate, handleDPoP, checkOrganizationAccess } from '../utils.js';
 
 import { handleActorToken } from './actor-token.js';
 import { TokenExchangeTokenType, type TokenExchangeAct } from './types.js';
@@ -96,36 +96,7 @@ export const buildHandler: (
 
   ctx.oidc.entity('Account', account);
 
-  /* === RFC 0001 === */
-  // The value type is `unknown`, which will swallow other type inferences. So we have to cast it
-  // to `Boolean` first.
-  const organizationId = cond(Boolean(params.organization_id) && String(params.organization_id));
-
-  if (organizationId) {
-    // Check membership
-    if (
-      !(await queries.organizations.relations.users.exists({
-        organizationId,
-        userId: account.accountId,
-      }))
-    ) {
-      const error = new AccessDenied('user is not a member of the organization');
-      error.statusCode = 403;
-      throw error;
-    }
-
-    // Check if the organization requires MFA and the user has MFA enabled
-    const { isMfaRequired, hasMfaConfigured } = await queries.organizations.getMfaStatus(
-      organizationId,
-      account.accountId
-    );
-    if (isMfaRequired && !hasMfaConfigured) {
-      const error = new AccessDenied('organization requires MFA but user has no MFA configured');
-      error.statusCode = 403;
-      throw error;
-    }
-  }
-  /* === End RFC 0001 === */
+  const { organizationId } = await checkOrganizationAccess(ctx, queries, account);
 
   const accessToken = new AccessToken({
     accountId: account.accountId,
diff --git a/packages/core/src/oidc/grants/utils.ts b/packages/core/src/oidc/grants/utils.ts
index 7720c67ef934..1242cd1b275f 100644
--- a/packages/core/src/oidc/grants/utils.ts
+++ b/packages/core/src/oidc/grants/utils.ts
@@ -1,13 +1,24 @@
+import { buildOrganizationUrn } from '@logto/core-kit';
+import { cond } from '@silverhand/essentials';
 import type Provider from 'oidc-provider';
-import { errors, type KoaContextWithOIDC } from 'oidc-provider';
+import { type Account, errors, type KoaContextWithOIDC } from 'oidc-provider';
 import certificateThumbprint from 'oidc-provider/lib/helpers/certificate_thumbprint.js';
 import epochTime from 'oidc-provider/lib/helpers/epoch_time.js';
 import dpopValidate from 'oidc-provider/lib/helpers/validate_dpop.js';
 import instance from 'oidc-provider/lib/helpers/weak_cache.js';
 
+import { type EnvSet } from '#src/env-set/index.js';
+import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-const { InvalidGrant, InvalidClient } = errors;
+import {
+  getSharedResourceServerData,
+  isOrganizationConsentedToApplication,
+  isThirdPartyApplication,
+  reversedResourceAccessTokenTtl,
+} from '../resource.js';
+
+const { InvalidGrant, InvalidClient, AccessDenied } = errors;
 
 /**
  * Handle DPoP bound access tokens.
@@ -79,3 +90,102 @@ export const handleClientCertificate = async (
     }
   }
 };
+
+/**
+ * Implement access check for RFC 0001
+ */
+export const checkOrganizationAccess = async (
+  ctx: KoaContextWithOIDC,
+  queries: Queries,
+  account: Account
+): Promise<{ organizationId?: string }> => {
+  const { client, params } = ctx.oidc;
+
+  assertThat(params, new InvalidGrant('parameters must be available'));
+  assertThat(client, new InvalidClient('client must be available'));
+
+  const organizationId = cond(Boolean(params.organization_id) && String(params.organization_id));
+
+  if (organizationId) {
+    // Check membership
+    if (
+      !(await queries.organizations.relations.users.exists({
+        organizationId,
+        userId: account.accountId,
+      }))
+    ) {
+      const error = new AccessDenied('user is not a member of the organization');
+      // eslint-disable-next-line @silverhand/fp/no-mutation
+      error.statusCode = 403;
+      throw error;
+    }
+
+    // Check if the organization is granted (third-party application only) by the user
+    if (
+      (await isThirdPartyApplication(queries, client.clientId)) &&
+      !(await isOrganizationConsentedToApplication(
+        queries,
+        client.clientId,
+        account.accountId,
+        organizationId
+      ))
+    ) {
+      const error = new AccessDenied('organization access is not granted to the application');
+      // eslint-disable-next-line @silverhand/fp/no-mutation
+      error.statusCode = 403;
+      throw error;
+    }
+
+    // Check if the organization requires MFA and the user has MFA enabled
+    const { isMfaRequired, hasMfaConfigured } = await queries.organizations.getMfaStatus(
+      organizationId,
+      account.accountId
+    );
+    if (isMfaRequired && !hasMfaConfigured) {
+      const error = new AccessDenied('organization requires MFA but user has no MFA configured');
+      // eslint-disable-next-line @silverhand/fp/no-mutation
+      error.statusCode = 403;
+      throw error;
+    }
+  }
+
+  return { organizationId };
+};
+
+/**
+ * Implement organization token for RFC 0001
+ */
+export const handleOrganizationToken = async ({
+  envSet,
+  availableScopes,
+  accessToken: at,
+  organizationId,
+  scope,
+}: {
+  envSet: EnvSet;
+  availableScopes: string[];
+  accessToken: InstanceType<Provider['AccessToken']> | InstanceType<Provider['ClientCredentials']>;
+  organizationId: string;
+  scope: Set<string>;
+}): Promise<void> => {
+  /* eslint-disable @silverhand/fp/no-mutation */
+  const audience = buildOrganizationUrn(organizationId);
+
+  /** The intersection of the available scopes and the requested scopes. */
+  const issuedScopes = availableScopes.filter((name) => scope.has(name)).join(' ');
+
+  at.aud = audience;
+  // Note: the original implementation uses `new provider.ResourceServer` to create the resource
+  // server. But it's not available in the typings. The class is actually very simple and holds
+  // no provider-specific context. So we just create the object manually.
+  // See https://github.com/panva/node-oidc-provider/blob/cf2069cbb31a6a855876e95157372d25dde2511c/lib/helpers/resource_server.js
+  at.resourceServer = {
+    ...getSharedResourceServerData(envSet),
+    accessTokenTTL: reversedResourceAccessTokenTtl,
+    audience,
+    scope: availableScopes.join(' '),
+  };
+  at.scope = issuedScopes;
+
+  /* eslint-enable @silverhand/fp/no-mutation */
+};
diff --git a/packages/integration-tests/src/tests/api/oidc/refresh-token-grant.test.ts b/packages/integration-tests/src/tests/api/oidc/refresh-token-grant.test.ts
index 0577f4d3d1d4..c0cbdfc0a06e 100644
--- a/packages/integration-tests/src/tests/api/oidc/refresh-token-grant.test.ts
+++ b/packages/integration-tests/src/tests/api/oidc/refresh-token-grant.test.ts
@@ -242,13 +242,6 @@ describe('`refresh_token` grant (for organization tokens)', () => {
       expect(response.access_token).not.toContain('.');
     });
 
-    it('should return error when organizations scope is not requested', async () => {
-      const client = await initClient({ scopes: [] });
-      await expect(client.fetchOrganizationToken('1')).rejects.toMatchError(
-        grantErrorContaining('oidc.insufficient_scope', 'refresh token missing required scope', 403)
-      );
-    });
-
     it('should return access denied when organization id is invalid', async () => {
       const client = await initClient();
       await expect(client.fetchOrganizationToken('1')).rejects.toMatchError(accessDeniedError);
@@ -273,6 +266,17 @@ describe('`refresh_token` grant (for organization tokens)', () => {
       await expect(client.fetchOrganizationToken(org.id)).rejects.toMatchError(accessDeniedError);
     });
 
+    it('should return error when organizations scope is not requested', async () => {
+      const org = await organizationApi.create({ name: 'org' });
+      await organizationApi.addUsers(org.id, [userId]);
+
+      const client = await initClient({ scopes: [] });
+      await expect(client.fetchOrganizationToken(org.id)).rejects.toMatchError(
+        grantErrorContaining('oidc.insufficient_scope', 'refresh token missing required scope', 403)
+      );
+      await organizationApi.deleteUser(org.id, userId);
+    });
+
     it('should issue organization scopes even organization resource is not requested (handled by SDK)', async () => {
       const { orgs } = await initOrganizations();
 

From 485b0a69152bee433e9aa27aa1b85544d5518f59 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 12 Jul 2024 14:56:11 +0800
Subject: [PATCH 006/135] test: add resource test cases for token exchange
 (#6216)

* feat(core): handle dpop and client certificate for token exchange

* refactor(core): refactor organizations in grants

* test: add resource test cases for token exchange
---
 .../src/tests/api/oidc/token-exchange.test.ts | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts b/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts
index 92aefa80a634..a6ec845f421d 100644
--- a/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts
+++ b/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts
@@ -207,6 +207,47 @@ describe('Token Exchange', () => {
     });
   });
 
+  describe('get access token for resource', () => {
+    it('should exchange an access token with resource as `aud`', async () => {
+      const { subjectToken } = await createSubjectToken(testUserId);
+
+      const { access_token } = await oidcApi
+        .post('token', {
+          headers: formUrlEncodedHeaders,
+          body: new URLSearchParams({
+            client_id: testApplicationId,
+            grant_type: GrantType.TokenExchange,
+            subject_token: subjectToken,
+            subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
+            resource: testApiResourceInfo.indicator,
+          }),
+        })
+        .json<{ access_token: string }>();
+
+      expect(getAccessTokenPayload(access_token)).toHaveProperty(
+        'aud',
+        testApiResourceInfo.indicator
+      );
+    });
+
+    it('should fail with invalid resource', async () => {
+      const { subjectToken } = await createSubjectToken(testUserId);
+
+      await expect(
+        oidcApi.post('token', {
+          headers: formUrlEncodedHeaders,
+          body: new URLSearchParams({
+            client_id: testApplicationId,
+            grant_type: GrantType.TokenExchange,
+            subject_token: subjectToken,
+            subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
+            resource: 'invalid_resource',
+          }),
+        })
+      ).rejects.toThrow();
+    });
+  });
+
   describe('get access token for organization', () => {
     const scopeName = `read:${randomString()}`;
 

From dcb62d69d453e8edd46409e3150f294ae7c71ef9 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 12 Jul 2024 18:16:43 +0800
Subject: [PATCH 007/135] feat(core,schemas): introduce new PUT experience API
 (#6212)

* feat(core,schemas): introduce new PUT experience API

introduce new PUT experience API

* fix(core): fix some comments

fix some comments
---
 .../classes/experience-interaction.ts         | 50 ++++++++-------
 packages/core/src/routes/experience/index.ts  | 64 +++++++++++++++++--
 .../middleware/koa-experience-interaction.ts  |  5 +-
 .../src/client/experience/index.ts            | 19 ++++++
 .../src/helpers/experience/index.ts           | 10 ++-
 .../api/experience-api/interaction.test.ts    | 34 ++++++++++
 packages/schemas/src/types/interactions.ts    | 11 +++-
 7 files changed, 160 insertions(+), 33 deletions(-)
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/interaction.test.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index b3e1c4857628..ec37d2590b6b 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -38,31 +38,32 @@ const interactionStorageGuard = z.object({
  * @see {@link https://github.com/logto-io/rfcs | Logto RFCs} for more information about RFC 0004.
  */
 export default class ExperienceInteraction {
-  /**
-   * Factory method to create a new `ExperienceInteraction` using the current context.
-   */
-  static async create(ctx: WithLogContext, tenant: TenantContext) {
-    const { provider } = tenant;
-    const interactionDetails = await provider.interactionDetails(ctx.req, ctx.res);
-    return new ExperienceInteraction(ctx, tenant, interactionDetails);
-  }
-
-  /** The interaction event for the current interaction. */
-  private interactionEvent?: InteractionEvent;
   /** The user verification record list for the current interaction. */
-  private readonly verificationRecords: Map<VerificationType, VerificationRecord>;
+  private readonly verificationRecords = new Map<VerificationType, VerificationRecord>();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
   /** The user provided profile data in the current interaction that needs to be stored to database. */
   private readonly profile?: Record<string, unknown>; // TODO: Fix the type
+  /** The interaction event for the current interaction. */
+  #interactionEvent?: InteractionEvent;
 
+  /**
+   * Create a new `ExperienceInteraction` instance.
+   *
+   * If the `interactionDetails` is provided, the instance will be initialized with the data from the `interactionDetails` storage.
+   * Otherwise, a brand new instance will be created.
+   */
   constructor(
     private readonly ctx: WithLogContext,
     private readonly tenant: TenantContext,
-    public interactionDetails: Interaction
+    public interactionDetails?: Interaction
   ) {
     const { libraries, queries } = tenant;
 
+    if (!interactionDetails) {
+      return;
+    }
+
     const result = interactionStorageGuard.safeParse(interactionDetails.result ?? {});
 
     assertThat(
@@ -72,12 +73,10 @@ export default class ExperienceInteraction {
 
     const { verificationRecords = [], profile, userId, interactionEvent } = result.data;
 
-    this.interactionEvent = interactionEvent;
+    this.#interactionEvent = interactionEvent;
     this.userId = userId;
     this.profile = profile;
 
-    this.verificationRecords = new Map();
-
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
       this.verificationRecords.set(instance.type, instance);
@@ -88,10 +87,14 @@ export default class ExperienceInteraction {
     return this.userId;
   }
 
+  get interactionEvent() {
+    return this.#interactionEvent;
+  }
+
   /** Set the interaction event for the current interaction */
   public setInteractionEvent(interactionEvent: InteractionEvent) {
     // TODO: conflict event check (e.g. reset password session can't be used for sign in)
-    this.interactionEvent = interactionEvent;
+    this.#interactionEvent = interactionEvent;
   }
 
   /**
@@ -172,19 +175,22 @@ export default class ExperienceInteraction {
 
   /** Save the current interaction result. */
   public async save() {
-    // `mergeWithLastSubmission` will only merge current request's interaction results.
-    // Manually merge with previous interaction results here.
-    // @see {@link https://github.com/panva/node-oidc-provider/blob/c243bf6b6663c41ff3e75c09b95fb978eba87381/lib/actions/authorization/interactions.js#L106}
-
     const { provider } = this.tenant;
     const details = await provider.interactionDetails(this.ctx.req, this.ctx.res);
+    const interactionData = this.toJson();
 
+    // `mergeWithLastSubmission` will only merge current request's interaction results.
+    // Manually merge with previous interaction results here.
+    // @see {@link https://github.com/panva/node-oidc-provider/blob/c243bf6b6663c41ff3e75c09b95fb978eba87381/lib/actions/authorization/interactions.js#L106}
     await provider.interactionResult(
       this.ctx.req,
       this.ctx.res,
-      { ...details.result, ...this.toJson() },
+      { ...details.result, ...interactionData },
       { mergeWithLastSubmission: true }
     );
+
+    // Prepend the interaction data to all log entries
+    this.ctx.prependAllLogEntries({ interaction: interactionData });
   }
 
   /** Submit the current interaction result to the OIDC provider and clear the interaction data */
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index 3b5616ed5aee..5cbe17513e44 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -10,7 +10,7 @@
  * The experience APIs can be used by developers to build custom user interaction experiences.
  */
 
-import { identificationApiPayloadGuard } from '@logto/schemas';
+import { identificationApiPayloadGuard, InteractionEvent } from '@logto/schemas';
 import type Router from 'koa-router';
 import { z } from 'zod';
 
@@ -19,6 +19,7 @@ import koaGuard from '#src/middleware/koa-guard.js';
 
 import { type AnonymousRouter, type RouterInitArgs } from '../types.js';
 
+import ExperienceInteraction from './classes/experience-interaction.js';
 import { experienceRoutes } from './const.js';
 import koaExperienceInteraction, {
   type WithExperienceInteractionContext,
@@ -45,6 +46,62 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       koaExperienceInteraction(tenant)
     );
 
+  router.put(
+    experienceRoutes.prefix,
+    koaGuard({
+      body: z.object({
+        interactionEvent: z.nativeEnum(InteractionEvent),
+      }),
+      status: [204],
+    }),
+    async (ctx, next) => {
+      const { interactionEvent } = ctx.guard.body;
+      const { createLog } = ctx;
+
+      createLog(`Interaction.${interactionEvent}.Update`);
+
+      const experienceInteraction = new ExperienceInteraction(ctx, tenant);
+      experienceInteraction.setInteractionEvent(interactionEvent);
+
+      await experienceInteraction.save();
+
+      ctx.experienceInteraction = experienceInteraction;
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+
+  router.put(
+    `${experienceRoutes.prefix}/interaction-event`,
+    koaGuard({
+      body: z.object({
+        interactionEvent: z.nativeEnum(InteractionEvent),
+      }),
+      status: [204],
+    }),
+    async (ctx, next) => {
+      const { interactionEvent } = ctx.guard.body;
+      const { createLog, experienceInteraction } = ctx;
+
+      const eventLog = createLog(
+        `Interaction.${experienceInteraction.interactionEvent ?? interactionEvent}.Update`
+      );
+
+      experienceInteraction.setInteractionEvent(interactionEvent);
+
+      eventLog.append({
+        interactionEvent,
+      });
+
+      await experienceInteraction.save();
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+
   router.post(
     experienceRoutes.identification,
     koaGuard({
@@ -52,10 +109,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       status: [204, 400, 401, 404],
     }),
     async (ctx, next) => {
-      const { interactionEvent, verificationId } = ctx.guard.body;
-
-      // TODO: implement a separate POST interaction route to handle the initiation of the interaction event
-      ctx.experienceInteraction.setInteractionEvent(interactionEvent);
+      const { verificationId } = ctx.guard.body;
 
       await ctx.experienceInteraction.identifyUser(verificationId);
 
diff --git a/packages/core/src/routes/experience/middleware/koa-experience-interaction.ts b/packages/core/src/routes/experience/middleware/koa-experience-interaction.ts
index 19ec4af51da4..2cbcb6fd6ac5 100644
--- a/packages/core/src/routes/experience/middleware/koa-experience-interaction.ts
+++ b/packages/core/src/routes/experience/middleware/koa-experience-interaction.ts
@@ -25,7 +25,10 @@ export default function koaExperienceInteraction<
   tenant: TenantContext
 ): MiddlewareType<StateT, WithExperienceInteractionContext<ContextT>, ResponseT> {
   return async (ctx, next) => {
-    ctx.experienceInteraction = await ExperienceInteraction.create(ctx, tenant);
+    const { provider } = tenant;
+    const interactionDetails = await provider.interactionDetails(ctx.req, ctx.res);
+
+    ctx.experienceInteraction = new ExperienceInteraction(ctx, tenant, interactionDetails);
 
     return next();
   };
diff --git a/packages/integration-tests/src/client/experience/index.ts b/packages/integration-tests/src/client/experience/index.ts
index 8a6d74d56257..2bacb75b6ccb 100644
--- a/packages/integration-tests/src/client/experience/index.ts
+++ b/packages/integration-tests/src/client/experience/index.ts
@@ -1,4 +1,5 @@
 import {
+  type CreateExperienceApiPayload,
   type IdentificationApiPayload,
   type InteractionEvent,
   type PasswordVerificationPayload,
@@ -33,6 +34,24 @@ export class ExperienceClient extends MockClient {
       .json();
   }
 
+  public async updateInteractionEvent(payload: { interactionEvent: InteractionEvent }) {
+    return api
+      .put(`${experienceRoutes.prefix}/interaction-event`, {
+        headers: { cookie: this.interactionCookie },
+        json: payload,
+      })
+      .json();
+  }
+
+  public async initInteraction(payload: CreateExperienceApiPayload) {
+    return api
+      .put(experienceRoutes.prefix, {
+        headers: { cookie: this.interactionCookie },
+        json: payload,
+      })
+      .json();
+  }
+
   public override async submitInteraction(): Promise<RedirectResponse> {
     return api
       .post(`${experienceRoutes.prefix}/submit`, { headers: { cookie: this.interactionCookie } })
diff --git a/packages/integration-tests/src/helpers/experience/index.ts b/packages/integration-tests/src/helpers/experience/index.ts
index 803e034a5a83..af3ebe3e660a 100644
--- a/packages/integration-tests/src/helpers/experience/index.ts
+++ b/packages/integration-tests/src/helpers/experience/index.ts
@@ -27,13 +27,14 @@ export const signInWithPassword = async ({
 }) => {
   const client = await initExperienceClient();
 
+  await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
   const { verificationId } = await client.verifyPassword({
     identifier,
     password,
   });
 
   await client.identifyUser({
-    interactionEvent: InteractionEvent.SignIn,
     verificationId,
   });
 
@@ -46,6 +47,8 @@ export const signInWithPassword = async ({
 export const signInWithVerificationCode = async (identifier: VerificationCodeIdentifier) => {
   const client = await initExperienceClient();
 
+  await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
   const { verificationId, code } = await successfullySendVerificationCode(client, {
     identifier,
     interactionEvent: InteractionEvent.SignIn,
@@ -58,7 +61,6 @@ export const signInWithVerificationCode = async (identifier: VerificationCodeIde
   });
 
   await client.identifyUser({
-    interactionEvent: InteractionEvent.SignIn,
     verificationId: verifiedVerificationId,
   });
 
@@ -80,6 +82,8 @@ export const identifyUserWithUsernamePassword = async (
   username: string,
   password: string
 ) => {
+  await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
   const { verificationId } = await client.verifyPassword({
     identifier: {
       type: InteractionIdentifierType.Username,
@@ -88,7 +92,7 @@ export const identifyUserWithUsernamePassword = async (
     password,
   });
 
-  await client.identifyUser({ interactionEvent: InteractionEvent.SignIn, verificationId });
+  await client.identifyUser({ verificationId });
 
   return { verificationId };
 };
diff --git a/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts b/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts
new file mode 100644
index 000000000000..37be24186772
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts
@@ -0,0 +1,34 @@
+import { InteractionEvent, InteractionIdentifierType } from '@logto/schemas';
+
+import { initExperienceClient } from '#src/helpers/client.js';
+import { expectRejects } from '#src/helpers/index.js';
+import { generateNewUserProfile, UserApiTest } from '#src/helpers/user.js';
+import { devFeatureTest } from '#src/utils.js';
+
+devFeatureTest.describe('PUT /experience API', () => {
+  const userApi = new UserApiTest();
+
+  afterAll(async () => {
+    await userApi.cleanUp();
+  });
+
+  it('PUT new experience API should reset all existing verification records', async () => {
+    const { username, password } = generateNewUserProfile({ username: true, password: true });
+    const user = await userApi.create({ username, password });
+
+    const client = await initExperienceClient();
+    await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+    const { verificationId } = await client.verifyPassword({
+      identifier: { type: InteractionIdentifierType.Username, value: username },
+      password,
+    });
+
+    // PUT /experience
+    await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+    await expectRejects(client.identifyUser({ verificationId }), {
+      code: 'session.verification_session_not_found',
+      status: 404,
+    });
+  });
+});
diff --git a/packages/schemas/src/types/interactions.ts b/packages/schemas/src/types/interactions.ts
index 38079bd4d791..877974224726 100644
--- a/packages/schemas/src/types/interactions.ts
+++ b/packages/schemas/src/types/interactions.ts
@@ -117,14 +117,21 @@ export const backupCodeVerificationVerifyPayloadGuard = z.object({
 
 /** Payload type for `POST /api/experience/identification`. */
 export type IdentificationApiPayload = {
-  interactionEvent: InteractionEvent;
+  /** The ID of the verification record that is used to identify the user. */
   verificationId: string;
 };
 export const identificationApiPayloadGuard = z.object({
-  interactionEvent: z.nativeEnum(InteractionEvent),
   verificationId: z.string(),
 }) satisfies ToZodObject<IdentificationApiPayload>;
 
+/** Payload type for `POST /api/experience`. */
+export type CreateExperienceApiPayload = {
+  interactionEvent: InteractionEvent;
+};
+export const CreateExperienceApiPayloadGuard = z.object({
+  interactionEvent: z.nativeEnum(InteractionEvent),
+}) satisfies ToZodObject<CreateExperienceApiPayload>;
+
 // ====== Experience API payload guard and types definitions end ======
 
 /**

From d203c8d2ff2ddc323a7442bd52f9adf470f0fb33 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 12 Jul 2024 19:00:36 +0800
Subject: [PATCH 008/135] refactor: experience ssr (#6229)

* refactor: experience ssr

* refactor: fix parameter issue
---
 .changeset/shy-baboons-occur.md               |  13 ++
 .../src/middleware/koa-experience-ssr.test.ts |  81 +++++++++
 .../core/src/middleware/koa-experience-ssr.ts |  67 ++++++++
 .../core/src/middleware/koa-serve-static.ts   |  30 ++--
 packages/core/src/oidc/init.ts                |  17 +-
 packages/core/src/oidc/utils.ts               |  10 +-
 packages/core/src/routes/well-known.ts        |  23 +--
 packages/core/src/tenants/Tenant.ts           |   4 +-
 packages/core/src/utils/i18n.ts               |  31 ++++
 packages/experience/src/i18n/utils.ts         |  41 +++--
 packages/experience/src/include.d/global.d.ts |  14 +-
 packages/experience/src/index.html            |  16 +-
 packages/experience/src/jest.setup.ts         |   4 +
 .../experience/src/utils/search-parameters.ts |   6 +-
 .../src/utils/sign-in-experience.ts           |  17 +-
 .../src/include.d/global.d.ts                 |   4 +
 .../experience/server-side-rendering.test.ts  | 162 ++++++++++++++++++
 packages/schemas/src/types/cookie.ts          |  11 +-
 packages/schemas/src/types/index.ts           |   1 +
 .../schemas/src/types/sign-in-experience.ts   |   2 +-
 packages/schemas/src/types/ssr.ts             |  28 +++
 21 files changed, 500 insertions(+), 82 deletions(-)
 create mode 100644 .changeset/shy-baboons-occur.md
 create mode 100644 packages/core/src/middleware/koa-experience-ssr.test.ts
 create mode 100644 packages/core/src/middleware/koa-experience-ssr.ts
 create mode 100644 packages/integration-tests/src/include.d/global.d.ts
 create mode 100644 packages/integration-tests/src/tests/experience/server-side-rendering.test.ts
 create mode 100644 packages/schemas/src/types/ssr.ts

diff --git a/.changeset/shy-baboons-occur.md b/.changeset/shy-baboons-occur.md
new file mode 100644
index 000000000000..2ce015d70acc
--- /dev/null
+++ b/.changeset/shy-baboons-occur.md
@@ -0,0 +1,13 @@
+---
+"@logto/experience": minor
+"@logto/schemas": minor
+"@logto/core": minor
+"@logto/integration-tests": patch
+---
+
+support experience data server-side rendering
+
+Logto now injects the sign-in experience settings and phrases into the `index.html` file for better first-screen performance. The experience app will still fetch the settings and phrases from the server if:
+
+- The server didn't inject the settings and phrases.
+- The parameters in the URL are different from server-rendered data.
diff --git a/packages/core/src/middleware/koa-experience-ssr.test.ts b/packages/core/src/middleware/koa-experience-ssr.test.ts
new file mode 100644
index 000000000000..44c17227fcf2
--- /dev/null
+++ b/packages/core/src/middleware/koa-experience-ssr.test.ts
@@ -0,0 +1,81 @@
+import { ssrPlaceholder } from '@logto/schemas';
+
+import { mockSignInExperience } from '#src/__mocks__/sign-in-experience.js';
+import { MockTenant } from '#src/test-utils/tenant.js';
+import { createContextWithRouteParameters } from '#src/utils/test-utils.js';
+
+import koaExperienceSsr from './koa-experience-ssr.js';
+
+const { jest } = import.meta;
+
+describe('koaExperienceSsr()', () => {
+  const phrases = { foo: 'bar' };
+  const baseCtx = Object.freeze({
+    ...createContextWithRouteParameters({}),
+    locale: 'en',
+    query: {},
+    set: jest.fn(),
+  });
+  const tenant = new MockTenant(
+    undefined,
+    {
+      customPhrases: {
+        findAllCustomLanguageTags: jest.fn().mockResolvedValue([]),
+      },
+    },
+    undefined,
+    {
+      signInExperiences: {
+        getFullSignInExperience: jest.fn().mockResolvedValue(mockSignInExperience),
+      },
+      phrases: { getPhrases: jest.fn().mockResolvedValue(phrases) },
+    }
+  );
+
+  const next = jest.fn().mockReturnValue(Promise.resolve());
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should call next() and do nothing if the response body is not a string', async () => {
+    const symbol = Symbol('nothing');
+    const ctx = { ...baseCtx, body: symbol };
+    await koaExperienceSsr(tenant.libraries, tenant.queries)(ctx, next);
+    expect(next).toHaveBeenCalledTimes(1);
+    expect(ctx.body).toBe(symbol);
+  });
+
+  it('should call next() and do nothing if the request path is not an index path', async () => {
+    const ctx = { ...baseCtx, path: '/foo', body: '...' };
+    await koaExperienceSsr(tenant.libraries, tenant.queries)(ctx, next);
+    expect(next).toHaveBeenCalledTimes(1);
+    expect(ctx.body).toBe('...');
+  });
+
+  it('should call next() and do nothing if the required placeholders are not present', async () => {
+    const ctx = { ...baseCtx, path: '/', body: '...' };
+    await koaExperienceSsr(tenant.libraries, tenant.queries)(ctx, next);
+    expect(next).toHaveBeenCalledTimes(1);
+    expect(ctx.body).toBe('...');
+  });
+
+  it('should prefetch the experience data and inject it into the HTML response', async () => {
+    const ctx = {
+      ...baseCtx,
+      path: '/',
+      body: `<script>
+        const logtoSsr=${ssrPlaceholder};
+      </script>`,
+    };
+    await koaExperienceSsr(tenant.libraries, tenant.queries)(ctx, next);
+    expect(next).toHaveBeenCalledTimes(1);
+    expect(ctx.body).not.toContain(ssrPlaceholder);
+    expect(ctx.body).toContain(
+      `const logtoSsr=Object.freeze(${JSON.stringify({
+        signInExperience: { data: mockSignInExperience },
+        phrases: { lng: 'en', data: phrases },
+      })});`
+    );
+  });
+});
diff --git a/packages/core/src/middleware/koa-experience-ssr.ts b/packages/core/src/middleware/koa-experience-ssr.ts
new file mode 100644
index 000000000000..1ddab180399a
--- /dev/null
+++ b/packages/core/src/middleware/koa-experience-ssr.ts
@@ -0,0 +1,67 @@
+import { type SsrData, logtoCookieKey, logtoUiCookieGuard, ssrPlaceholder } from '@logto/schemas';
+import { pick, trySafe } from '@silverhand/essentials';
+import type { MiddlewareType } from 'koa';
+
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+import { getExperienceLanguage } from '#src/utils/i18n.js';
+
+import { type WithI18nContext } from './koa-i18next.js';
+import { isIndexPath } from './koa-serve-static.js';
+
+/**
+ * Create a middleware to prefetch the experience data and inject it into the HTML response. Some
+ * conditions must be met:
+ *
+ * - The response body should be a string after the middleware chain (calling `next()`).
+ * - The request path should be an index path.
+ * - The SSR placeholder string ({@link ssrPlaceholder}) should be present in the response body.
+ *
+ * Otherwise, the middleware will do nothing.
+ */
+export default function koaExperienceSsr<StateT, ContextT extends WithI18nContext>(
+  libraries: Libraries,
+  queries: Queries
+): MiddlewareType<StateT, ContextT> {
+  return async (ctx, next) => {
+    await next();
+
+    if (
+      !(typeof ctx.body === 'string' && isIndexPath(ctx.path)) ||
+      !ctx.body.includes(ssrPlaceholder)
+    ) {
+      return;
+    }
+
+    const logtoUiCookie =
+      trySafe(() =>
+        logtoUiCookieGuard.parse(JSON.parse(ctx.cookies.get(logtoCookieKey) ?? '{}'))
+      ) ?? {};
+
+    const [signInExperience, customLanguages] = await Promise.all([
+      libraries.signInExperiences.getFullSignInExperience({
+        locale: ctx.locale,
+        ...logtoUiCookie,
+      }),
+      queries.customPhrases.findAllCustomLanguageTags(),
+    ]);
+    const language = getExperienceLanguage({
+      ctx,
+      languageInfo: signInExperience.languageInfo,
+      customLanguages,
+    });
+    const phrases = await libraries.phrases.getPhrases(language);
+
+    ctx.set('Content-Language', language);
+    ctx.body = ctx.body.replace(
+      ssrPlaceholder,
+      `Object.freeze(${JSON.stringify({
+        signInExperience: {
+          ...pick(logtoUiCookie, 'appId', 'organizationId'),
+          data: signInExperience,
+        },
+        phrases: { lng: language, data: phrases },
+      } satisfies SsrData)})`
+    );
+  };
+}
diff --git a/packages/core/src/middleware/koa-serve-static.ts b/packages/core/src/middleware/koa-serve-static.ts
index b6e6b9a95c13..0ce53b25c823 100644
--- a/packages/core/src/middleware/koa-serve-static.ts
+++ b/packages/core/src/middleware/koa-serve-static.ts
@@ -1,5 +1,6 @@
 // Modified from https://github.com/koajs/static/blob/7f0ed88c8902e441da4e30b42f108617d8dff9ec/index.js
 
+import fs from 'node:fs/promises';
 import path from 'node:path';
 
 import type { MiddlewareType } from 'koa';
@@ -8,8 +9,11 @@ import send from 'koa-send';
 import assertThat from '#src/utils/assert-that.js';
 
 const index = 'index.html';
+const indexContentType = 'text/html; charset=utf-8';
+export const isIndexPath = (path: string) =>
+  ['/', `/${index}`].some((value) => path.endsWith(value));
 
-export default function serve(root: string) {
+export default function koaServeStatic(root: string) {
   assertThat(root, new Error('Root directory is required to serve files.'));
 
   const options: send.SendOptions = {
@@ -19,19 +23,19 @@ export default function serve(root: string) {
 
   const serve: MiddlewareType = async (ctx, next) => {
     if (ctx.method === 'HEAD' || ctx.method === 'GET') {
-      const filePath = await send(ctx, ctx.path, {
-        ...options,
-        // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
-        ...(!['/', `/${options.index || ''}`].some((path) => ctx.path.endsWith(path)) && {
-          maxage: 604_800_000 /* 7 days */,
-        }),
-      });
-
-      const filename = path.basename(filePath);
-
-      // No cache for the index file
-      if (filename === index || filename.startsWith(index + '.')) {
+      // Directly read and set the content of the index file since we need to replace the
+      // placeholders in the file with the actual values. It should be OK as the index file is
+      // small.
+      if (isIndexPath(ctx.path)) {
+        const content = await fs.readFile(path.join(root, index), 'utf8');
+        ctx.type = indexContentType;
+        ctx.body = content;
         ctx.set('Cache-Control', 'no-cache, no-store, must-revalidate');
+      } else {
+        await send(ctx, ctx.path, {
+          ...options,
+          maxage: 604_800_000 /* 7 days */,
+        });
       }
     }
 
diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts
index 590f6488d765..5ec7474ab56f 100644
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@@ -15,7 +15,7 @@ import {
   type LogtoUiCookie,
   ExtraParamsKey,
 } from '@logto/schemas';
-import { conditional, trySafe, tryThat } from '@silverhand/essentials';
+import { removeUndefinedKeys, trySafe, tryThat } from '@silverhand/essentials';
 import i18next from 'i18next';
 import { koaBody } from 'koa-body';
 import Provider, { errors } from 'oidc-provider';
@@ -198,17 +198,20 @@ export default function initOidc(
     },
     interactions: {
       url: (ctx, { params: { client_id: appId }, prompt }) => {
-        // @deprecated use search params instead
+        const params = trySafe(() => extraParamsObjectGuard.parse(ctx.oidc.params ?? {})) ?? {};
+
+        // Cookies are required to apply the correct server-side rendering
         ctx.cookies.set(
           logtoCookieKey,
-          JSON.stringify({
-            appId: conditional(Boolean(appId) && String(appId)),
-          } satisfies LogtoUiCookie),
+          JSON.stringify(
+            removeUndefinedKeys({
+              appId: typeof appId === 'string' ? appId : undefined,
+              organizationId: params.organization_id,
+            }) satisfies LogtoUiCookie
+          ),
           { sameSite: 'lax', overwrite: true, httpOnly: false }
         );
 
-        const params = trySafe(() => extraParamsObjectGuard.parse(ctx.oidc.params ?? {})) ?? {};
-
         switch (prompt.name) {
           case 'login': {
             return '/' + buildLoginPromptUrl(params, appId);
diff --git a/packages/core/src/oidc/utils.ts b/packages/core/src/oidc/utils.ts
index 276b56bb134d..f25a4c323f6f 100644
--- a/packages/core/src/oidc/utils.ts
+++ b/packages/core/src/oidc/utils.ts
@@ -94,17 +94,15 @@ export const buildLoginPromptUrl = (params: ExtraParamsObject, appId?: unknown):
     searchParams.append('app_id', String(appId));
   }
 
+  if (params[ExtraParamsKey.OrganizationId]) {
+    searchParams.append(ExtraParamsKey.OrganizationId, params[ExtraParamsKey.OrganizationId]);
+  }
+
   if (directSignIn) {
     searchParams.append('fallback', firstScreen);
     const [method, target] = directSignIn.split(':');
     return path.join('direct', method ?? '', target ?? '') + getSearchParamString();
   }
 
-  // Append other valid params as-is
-  const { first_screen: _, interaction_mode: __, direct_sign_in: ___, ...rest } = params;
-  for (const [key, value] of Object.entries(rest)) {
-    searchParams.append(key, value);
-  }
-
   return firstScreen + getSearchParamString();
 };
diff --git a/packages/core/src/routes/well-known.ts b/packages/core/src/routes/well-known.ts
index 3738c0f742b0..416d4b451a34 100644
--- a/packages/core/src/routes/well-known.ts
+++ b/packages/core/src/routes/well-known.ts
@@ -1,11 +1,9 @@
-import { isBuiltInLanguageTag } from '@logto/phrases-experience';
-import { adminTenantId, guardFullSignInExperience } from '@logto/schemas';
-import { conditionalArray } from '@silverhand/essentials';
+import { adminTenantId, fullSignInExperienceGuard } from '@logto/schemas';
 import { z } from 'zod';
 
 import { EnvSet, getTenantEndpoint } from '#src/env-set/index.js';
-import detectLanguage from '#src/i18n/detect-language.js';
 import koaGuard from '#src/middleware/koa-guard.js';
+import { getExperienceLanguage } from '#src/utils/i18n.js';
 
 import type { AnonymousRouter, RouterInitArgs } from './types.js';
 
@@ -43,7 +41,7 @@ export default function wellKnownRoutes<T extends AnonymousRouter>(
     '/.well-known/sign-in-exp',
     koaGuard({
       query: z.object({ organizationId: z.string(), appId: z.string() }).partial(),
-      response: guardFullSignInExperience,
+      response: fullSignInExperienceGuard,
       status: 200,
     }),
     async (ctx, next) => {
@@ -68,20 +66,9 @@ export default function wellKnownRoutes<T extends AnonymousRouter>(
         query: { lng },
       } = ctx.guard;
 
-      const {
-        languageInfo: { autoDetect, fallbackLanguage },
-      } = await findDefaultSignInExperience();
-
-      const acceptableLanguages = conditionalArray<string | string[]>(
-        lng,
-        autoDetect && detectLanguage(ctx),
-        fallbackLanguage
-      );
+      const { languageInfo } = await findDefaultSignInExperience();
       const customLanguages = await findAllCustomLanguageTags();
-      const language =
-        acceptableLanguages.find(
-          (tag) => isBuiltInLanguageTag(tag) || customLanguages.includes(tag)
-        ) ?? 'en';
+      const language = getExperienceLanguage({ ctx, languageInfo, customLanguages, lng });
 
       ctx.set('Content-Language', language);
       ctx.body = await getPhrases(language);
diff --git a/packages/core/src/tenants/Tenant.ts b/packages/core/src/tenants/Tenant.ts
index 8d082f7fca04..092cfdeb77ba 100644
--- a/packages/core/src/tenants/Tenant.ts
+++ b/packages/core/src/tenants/Tenant.ts
@@ -17,6 +17,7 @@ import koaAutoConsent from '#src/middleware/koa-auto-consent.js';
 import koaConnectorErrorHandler from '#src/middleware/koa-connector-error-handler.js';
 import koaConsoleRedirectProxy from '#src/middleware/koa-console-redirect-proxy.js';
 import koaErrorHandler from '#src/middleware/koa-error-handler.js';
+import koaExperienceSsr from '#src/middleware/koa-experience-ssr.js';
 import koaI18next from '#src/middleware/koa-i18next.js';
 import koaOidcErrorHandler from '#src/middleware/koa-oidc-error-handler.js';
 import koaSecurityHeaders from '#src/middleware/koa-security-headers.js';
@@ -166,9 +167,10 @@ export default class Tenant implements TenantContext {
       );
     }
 
-    // Mount UI
+    // Mount experience app
     app.use(
       compose([
+        koaExperienceSsr(libraries, queries),
         koaSpaSessionGuard(provider, queries),
         mount(`/${experience.routes.consent}`, koaAutoConsent(provider, queries)),
         koaSpaProxy(mountedApps),
diff --git a/packages/core/src/utils/i18n.ts b/packages/core/src/utils/i18n.ts
index b240ece70961..a900635db252 100644
--- a/packages/core/src/utils/i18n.ts
+++ b/packages/core/src/utils/i18n.ts
@@ -1,7 +1,38 @@
+import { isBuiltInLanguageTag } from '@logto/phrases-experience';
+import { type SignInExperience } from '@logto/schemas';
+import { conditionalArray } from '@silverhand/essentials';
 import type { i18n } from 'i18next';
 import _i18next from 'i18next';
+import { type ParameterizedContext } from 'koa';
+import { type IRouterParamContext } from 'koa-router';
+
+import detectLanguage from '#src/i18n/detect-language.js';
 
 // This may be fixed by a cjs require wrapper. TBD.
 // See https://github.com/microsoft/TypeScript/issues/49189
 // eslint-disable-next-line no-restricted-syntax
 export const i18next = _i18next as unknown as i18n;
+
+type GetExperienceLanguage = {
+  ctx: ParameterizedContext<unknown, IRouterParamContext>;
+  languageInfo: SignInExperience['languageInfo'];
+  customLanguages: readonly string[];
+  lng?: string;
+};
+
+export const getExperienceLanguage = ({
+  ctx,
+  languageInfo: { autoDetect, fallbackLanguage },
+  customLanguages,
+  lng,
+}: GetExperienceLanguage) => {
+  const acceptableLanguages = conditionalArray<string | string[]>(
+    lng,
+    autoDetect && detectLanguage(ctx),
+    fallbackLanguage
+  );
+  const language =
+    acceptableLanguages.find((tag) => isBuiltInLanguageTag(tag) || customLanguages.includes(tag)) ??
+    'en';
+  return language;
+};
diff --git a/packages/experience/src/i18n/utils.ts b/packages/experience/src/i18n/utils.ts
index de12fb7b9f35..82bbc432f06b 100644
--- a/packages/experience/src/i18n/utils.ts
+++ b/packages/experience/src/i18n/utils.ts
@@ -1,31 +1,40 @@
 import type { LocalePhrase } from '@logto/phrases-experience';
 import resource from '@logto/phrases-experience';
 import type { LanguageInfo } from '@logto/schemas';
+import { isObject } from '@silverhand/essentials';
 import type { Resource } from 'i18next';
 import i18next from 'i18next';
 import LanguageDetector from 'i18next-browser-languagedetector';
 
-import { getPhrases } from '@/apis/settings';
+import { getPhrases as getPhrasesApi } from '@/apis/settings';
+
+const getPhrases = async (language?: string) => {
+  // Directly use the server-side phrases if it's already fetched
+  if (isObject(logtoSsr) && (!language || logtoSsr.phrases.lng === language)) {
+    return { phrases: logtoSsr.phrases.data, lng: logtoSsr.phrases.lng };
+  }
 
-export const getI18nResource = async (
-  language?: string
-): Promise<{ resources: Resource; lng: string }> => {
   const detectedLanguage = detectLanguage();
+  const response = await getPhrasesApi({
+    localLanguage: Array.isArray(detectedLanguage) ? detectedLanguage.join(' ') : detectedLanguage,
+    language,
+  });
 
-  try {
-    const response = await getPhrases({
-      localLanguage: Array.isArray(detectedLanguage)
-        ? detectedLanguage.join(' ')
-        : detectedLanguage,
-      language,
-    });
+  const remotePhrases = await response.json<LocalePhrase>();
+  const lng = response.headers.get('Content-Language');
+
+  if (!lng) {
+    throw new Error('lng not found');
+  }
 
-    const phrases = await response.json<LocalePhrase>();
-    const lng = response.headers.get('Content-Language');
+  return { phrases: remotePhrases, lng };
+};
 
-    if (!lng) {
-      throw new Error('lng not found');
-    }
+export const getI18nResource = async (
+  language?: string
+): Promise<{ resources: Resource; lng: string }> => {
+  try {
+    const { phrases, lng } = await getPhrases(language);
 
     return {
       resources: { [lng]: phrases },
diff --git a/packages/experience/src/include.d/global.d.ts b/packages/experience/src/include.d/global.d.ts
index ce00e0c80abd..48994b57693e 100644
--- a/packages/experience/src/include.d/global.d.ts
+++ b/packages/experience/src/include.d/global.d.ts
@@ -1,4 +1,4 @@
-// Logto Native SDK
+import { type SsrData } from '@logto/schemas';
 
 type LogtoNativeSdkInfo = {
   platform: 'ios' | 'android';
@@ -10,4 +10,14 @@ type LogtoNativeSdkInfo = {
   };
 };
 
-declare const logtoNativeSdk: LogtoNativeSdkInfo | undefined;
+type LogtoSsr = string | Readonly<SsrData> | undefined;
+
+declare global {
+  const logtoNativeSdk: LogtoNativeSdkInfo | undefined;
+  const logtoSsr: LogtoSsr;
+
+  interface Window {
+    logtoNativeSdk: LogtoNativeSdkInfo | undefined;
+    logtoSsr: LogtoSsr;
+  }
+}
diff --git a/packages/experience/src/index.html b/packages/experience/src/index.html
index e317d14155a1..8b5cb68dc513 100644
--- a/packages/experience/src/index.html
+++ b/packages/experience/src/index.html
@@ -5,21 +5,9 @@
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
   <title></title>
-  <!-- Preload well-known APIs -->
   <script>
-    const searchParams = new URLSearchParams(window.location.search);
-    const isPreview = searchParams.has('preview');
-    // Preview mode does not query phrases
-    const preLoadLinks = isPreview ? [] : ['/api/.well-known/phrases'];
-
-    preLoadLinks.forEach((linkUrl) => {
-      const link = document.createElement('link');
-      link.rel = 'preload';
-      link.href = linkUrl;
-      link.as = 'fetch';
-      link.crossOrigin = 'anonymous';
-      document.head.appendChild(link);
-    });
+    /* See {@link packages/schemas/src/types/ssr.ts} */
+    window.logtoSsr = "__LOGTO_SSR__";
   </script>
 </head>
 
diff --git a/packages/experience/src/jest.setup.ts b/packages/experience/src/jest.setup.ts
index bc92589ba52c..3206801a8a2f 100644
--- a/packages/experience/src/jest.setup.ts
+++ b/packages/experience/src/jest.setup.ts
@@ -1,4 +1,5 @@
 import { type LocalePhrase } from '@logto/phrases-experience';
+import { ssrPlaceholder } from '@logto/schemas';
 import { type DeepPartial } from '@silverhand/essentials';
 import i18next from 'i18next';
 import { initReactI18next } from 'react-i18next';
@@ -18,3 +19,6 @@ export const setupI18nForTesting = async (
   });
 
 void setupI18nForTesting();
+
+// eslint-disable-next-line @silverhand/fp/no-mutating-methods
+Object.defineProperty(global, 'logtoSsr', { value: ssrPlaceholder });
diff --git a/packages/experience/src/utils/search-parameters.ts b/packages/experience/src/utils/search-parameters.ts
index 4c1328cfbf2e..07b779cf0073 100644
--- a/packages/experience/src/utils/search-parameters.ts
+++ b/packages/experience/src/utils/search-parameters.ts
@@ -1,5 +1,9 @@
 import { condString } from '@silverhand/essentials';
 
+export const searchKeysCamelCase = Object.freeze(['organizationId', 'appId'] as const);
+
+type SearchKeysCamelCase = (typeof searchKeysCamelCase)[number];
+
 export const searchKeys = Object.freeze({
   /**
    * The key for specifying the organization ID that may be used to override the default settings.
@@ -7,7 +11,7 @@ export const searchKeys = Object.freeze({
   organizationId: 'organization_id',
   /** The current application ID. */
   appId: 'app_id',
-});
+} satisfies Record<SearchKeysCamelCase, string>);
 
 export const handleSearchParametersData = () => {
   const { search } = window.location;
diff --git a/packages/experience/src/utils/sign-in-experience.ts b/packages/experience/src/utils/sign-in-experience.ts
index 3175202ee610..6540c54fafde 100644
--- a/packages/experience/src/utils/sign-in-experience.ts
+++ b/packages/experience/src/utils/sign-in-experience.ts
@@ -4,12 +4,15 @@
  */
 
 import { SignInIdentifier } from '@logto/schemas';
+import { isObject } from '@silverhand/essentials';
 import i18next from 'i18next';
 
 import { getSignInExperience } from '@/apis/settings';
 import type { SignInExperienceResponse } from '@/types';
 import { filterSocialConnectors } from '@/utils/social-connectors';
 
+import { searchKeys, searchKeysCamelCase } from './search-parameters';
+
 const parseSignInExperienceResponse = (
   response: SignInExperienceResponse
 ): SignInExperienceResponse => {
@@ -22,8 +25,20 @@ const parseSignInExperienceResponse = (
 };
 
 export const getSignInExperienceSettings = async (): Promise<SignInExperienceResponse> => {
-  const response = await getSignInExperience<SignInExperienceResponse>();
+  if (isObject(logtoSsr)) {
+    const { data, ...rest } = logtoSsr.signInExperience;
 
+    if (
+      searchKeysCamelCase.every((key) => {
+        const ssrValue = rest[key];
+        const storageValue = sessionStorage.getItem(searchKeys[key]) ?? undefined;
+        return (!ssrValue && !storageValue) || ssrValue === storageValue;
+      })
+    ) {
+      return data;
+    }
+  }
+  const response = await getSignInExperience<SignInExperienceResponse>();
   return parseSignInExperienceResponse(response);
 };
 
diff --git a/packages/integration-tests/src/include.d/global.d.ts b/packages/integration-tests/src/include.d/global.d.ts
new file mode 100644
index 000000000000..27e85338e694
--- /dev/null
+++ b/packages/integration-tests/src/include.d/global.d.ts
@@ -0,0 +1,4 @@
+interface Window {
+  /** The SSR object for **experience**. */
+  logtoSsr: unknown;
+}
diff --git a/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts b/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts
new file mode 100644
index 000000000000..265c76713ebc
--- /dev/null
+++ b/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts
@@ -0,0 +1,162 @@
+import fs from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+
+import { demoAppApplicationId, fullSignInExperienceGuard } from '@logto/schemas';
+import { type Page } from 'puppeteer';
+import { z } from 'zod';
+
+import { demoAppUrl } from '#src/constants.js';
+import { OrganizationApiTest } from '#src/helpers/organization.js';
+import ExpectExperience from '#src/ui-helpers/expect-experience.js';
+
+const ssrDataGuard = z.object({
+  signInExperience: z.object({
+    appId: z.string().optional(),
+    organizationId: z.string().optional(),
+    data: fullSignInExperienceGuard,
+  }),
+  phrases: z.object({
+    lng: z.string(),
+    data: z.record(z.unknown()),
+  }),
+});
+
+class Trace {
+  protected tracePath?: string;
+
+  constructor(protected page?: Page) {}
+
+  async start() {
+    if (this.tracePath) {
+      throw new Error('Trace already started');
+    }
+
+    if (!this.page) {
+      throw new Error('Page not set');
+    }
+
+    const traceDirectory = await fs.mkdtemp(path.join(os.tmpdir(), 'trace-'));
+    this.tracePath = path.join(traceDirectory, 'trace.json');
+    await this.page.tracing.start({ path: this.tracePath, categories: ['devtools.timeline'] });
+  }
+
+  async stop() {
+    if (!this.page) {
+      throw new Error('Page not set');
+    }
+
+    return this.page.tracing.stop();
+  }
+
+  async read() {
+    if (!this.tracePath) {
+      throw new Error('Trace not started');
+    }
+
+    return JSON.parse(await fs.readFile(this.tracePath, 'utf8'));
+  }
+
+  reset(page: Page) {
+    this.page = page;
+    this.tracePath = undefined;
+  }
+
+  async cleanup() {
+    if (this.tracePath) {
+      await fs.unlink(this.tracePath);
+    }
+  }
+}
+
+describe('server-side rendering', () => {
+  const trace = new Trace();
+  const expectTraceNotToHaveWellKnownEndpoints = async () => {
+    /* eslint-disable @typescript-eslint/no-unsafe-assignment */
+    const traceData: { traceEvents: unknown[] } = await trace.read();
+    expect(traceData.traceEvents).not.toContainEqual(
+      expect.objectContaining({
+        args: expect.objectContaining({
+          data: expect.objectContaining({ url: expect.stringContaining('api/.well-known/') }),
+        }),
+      })
+    );
+    /* eslint-enable @typescript-eslint/no-unsafe-assignment */
+  };
+
+  afterEach(async () => {
+    await trace.cleanup();
+  });
+
+  it('should render the page with data from the server and not request the well-known endpoints', async () => {
+    const experience = new ExpectExperience(await browser.newPage());
+
+    trace.reset(experience.page);
+    await trace.start();
+    await experience.navigateTo(demoAppUrl.href);
+    await trace.stop();
+
+    // Check page variables
+    const data = await experience.page.evaluate(() => {
+      return window.logtoSsr;
+    });
+
+    const parsed = ssrDataGuard.parse(data);
+
+    expect(parsed.signInExperience.appId).toBe(demoAppApplicationId);
+    expect(parsed.signInExperience.organizationId).toBeUndefined();
+
+    // Check network requests
+    await expectTraceNotToHaveWellKnownEndpoints();
+  });
+
+  it('should render the page with data from the server with invalid organization ID', async () => {
+    const experience = new ExpectExperience(await browser.newPage());
+
+    trace.reset(experience.page);
+    await trace.start();
+    // Although the organization ID is invalid, the server should still render the page with the
+    // ID provided which indicates the result under the given parameters.
+    await experience.navigateTo(`${demoAppUrl.href}?organization_id=org-id`);
+    await trace.stop();
+
+    // Check page variables
+    const data = await experience.page.evaluate(() => {
+      return window.logtoSsr;
+    });
+
+    const parsed = ssrDataGuard.parse(data);
+
+    expect(parsed.signInExperience.appId).toBe(demoAppApplicationId);
+    expect(parsed.signInExperience.organizationId).toBe('org-id');
+
+    // Check network requests
+    await expectTraceNotToHaveWellKnownEndpoints();
+  });
+
+  it('should render the page with data from the server with valid organization ID', async () => {
+    const logoUrl = 'mock://fake-url-for-ssr/logo.png';
+    const organizationApi = new OrganizationApiTest();
+    const organization = await organizationApi.create({ name: 'foo', branding: { logoUrl } });
+    const experience = new ExpectExperience(await browser.newPage());
+
+    trace.reset(experience.page);
+    await trace.start();
+    await experience.navigateTo(`${demoAppUrl.href}?organization_id=${organization.id}`);
+    await trace.stop();
+
+    // Check page variables
+    const data = await experience.page.evaluate(() => {
+      return window.logtoSsr;
+    });
+
+    const parsed = ssrDataGuard.parse(data);
+
+    expect(parsed.signInExperience.appId).toBe(demoAppApplicationId);
+    expect(parsed.signInExperience.organizationId).toBe(organization.id);
+    expect(parsed.signInExperience.data.branding.logoUrl).toBe(logoUrl);
+
+    // Check network requests
+    await expectTraceNotToHaveWellKnownEndpoints();
+  });
+});
diff --git a/packages/schemas/src/types/cookie.ts b/packages/schemas/src/types/cookie.ts
index 4e76f7bb01bb..a155067f1367 100644
--- a/packages/schemas/src/types/cookie.ts
+++ b/packages/schemas/src/types/cookie.ts
@@ -1,5 +1,12 @@
 import { z } from 'zod';
 
-export const logtoUiCookieGuard = z.object({ appId: z.string() }).partial();
+import { type ToZodObject } from '../utils/zod.js';
 
-export type LogtoUiCookie = z.infer<typeof logtoUiCookieGuard>;
+export type LogtoUiCookie = Partial<{
+  appId: string;
+  organizationId: string;
+}>;
+
+export const logtoUiCookieGuard = z
+  .object({ appId: z.string(), organizationId: z.string() })
+  .partial() satisfies ToZodObject<LogtoUiCookie>;
diff --git a/packages/schemas/src/types/index.ts b/packages/schemas/src/types/index.ts
index d6bfbac974ae..6806a3ca3381 100644
--- a/packages/schemas/src/types/index.ts
+++ b/packages/schemas/src/types/index.ts
@@ -29,3 +29,4 @@ export * from './consent.js';
 export * from './onboarding.js';
 export * from './sign-in-experience.js';
 export * from './subject-token.js';
+export * from './ssr.js';
diff --git a/packages/schemas/src/types/sign-in-experience.ts b/packages/schemas/src/types/sign-in-experience.ts
index 9f6bf95ebb1e..57bb8d2d96de 100644
--- a/packages/schemas/src/types/sign-in-experience.ts
+++ b/packages/schemas/src/types/sign-in-experience.ts
@@ -41,7 +41,7 @@ export type FullSignInExperience = SignInExperience & {
   googleOneTap?: GoogleOneTapConfig & { clientId: string; connectorId: string };
 };
 
-export const guardFullSignInExperience = SignInExperiences.guard.extend({
+export const fullSignInExperienceGuard = SignInExperiences.guard.extend({
   socialConnectors: connectorMetadataGuard
     .omit({
       description: true,
diff --git a/packages/schemas/src/types/ssr.ts b/packages/schemas/src/types/ssr.ts
new file mode 100644
index 000000000000..64f1a67c11b8
--- /dev/null
+++ b/packages/schemas/src/types/ssr.ts
@@ -0,0 +1,28 @@
+import { type LocalePhrase } from '@logto/phrases-experience';
+
+import { type FullSignInExperience } from './sign-in-experience.js';
+
+/**
+ * The server-side rendering data type for **experience**.
+ */
+export type SsrData = {
+  signInExperience: {
+    appId?: string;
+    organizationId?: string;
+    data: FullSignInExperience;
+  };
+  phrases: {
+    lng: string;
+    data: LocalePhrase;
+  };
+};
+
+/**
+ * Variable placeholder for **experience** server-side rendering. The value should be replaced by
+ * the server.
+ *
+ * CAUTION: The value should be kept in sync with {@link file://./../../../experience/src/index.html}.
+ *
+ * @see {@link SsrData} for the data structure to replace the placeholders.
+ */
+export const ssrPlaceholder = '"__LOGTO_SSR__"';

From dbf9b2b04bedc010ad302922c2c3eeadceacfb5a Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 12 Jul 2024 20:53:42 +0800
Subject: [PATCH 009/135] chore(deps): upgrade packages

---
 packages/cli/package.json                     |   4 +-
 .../connector-alipay-native/package.json      |   2 +-
 .../connector-alipay-web/package.json         |   2 +-
 .../connector-aliyun-dm/package.json          |   2 +-
 .../connector-aliyun-sms/package.json         |   2 +-
 .../connectors/connector-apple/package.json   |   4 +-
 .../connectors/connector-aws-ses/package.json |   2 +-
 .../connectors/connector-azuread/package.json |   2 +-
 .../connector-dingtalk-web/package.json       |   2 +-
 .../connectors/connector-discord/package.json |   2 +-
 .../connector-facebook/package.json           |   2 +-
 .../connector-feishu-web/package.json         |   2 +-
 .../connectors/connector-github/package.json  |   2 +-
 .../connectors/connector-google/package.json  |   4 +-
 .../connectors/connector-kakao/package.json   |   2 +-
 .../connector-logto-email/package.json        |   2 +-
 .../connector-logto-sms/package.json          |   2 +-
 .../connector-logto-social-demo/package.json  |   2 +-
 .../connectors/connector-mailgun/package.json |   2 +-
 .../package.json                              |   2 +-
 .../connector-mock-email/package.json         |   2 +-
 .../connector-mock-sms/package.json           |   2 +-
 .../connector-mock-social/package.json        |   2 +-
 .../connectors/connector-naver/package.json   |   2 +-
 .../connectors/connector-oauth2/package.json  |   4 +-
 .../connectors/connector-oidc/package.json    |   4 +-
 .../connectors/connector-saml/package.json    |   2 +-
 .../connector-sendgrid-email/package.json     |   2 +-
 .../connectors/connector-smsaero/package.json |   2 +-
 .../connectors/connector-smtp/package.json    |   2 +-
 .../connector-tencent-sms/package.json        |   2 +-
 .../connector-twilio-sms/package.json         |   2 +-
 .../connector-wechat-native/package.json      |   2 +-
 .../connector-wechat-web/package.json         |   2 +-
 .../connectors/connector-wecom/package.json   |   2 +-
 packages/core/package.json                    |  22 +-
 packages/demo-app/package.json                |   2 +-
 packages/experience/package.json              |   2 +-
 packages/integration-tests/package.json       |   4 +-
 packages/schemas/package.json                 |   2 +-
 packages/shared/package.json                  |   2 +-
 pnpm-lock.yaml                                | 505 ++++++++----------
 42 files changed, 267 insertions(+), 352 deletions(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index b8578a3eb0fa..572b0f8f5426 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -51,9 +51,9 @@
     "@logto/shared": "workspace:^3.1.1",
     "@silverhand/essentials": "^2.9.1",
     "@silverhand/slonik": "31.0.0-beta.2",
-    "chalk": "^5.0.0",
+    "chalk": "^5.3.0",
     "decamelize": "^6.0.0",
-    "dotenv": "^16.0.0",
+    "dotenv": "^16.4.5",
     "got": "^14.0.0",
     "hpagent": "^1.2.0",
     "inquirer": "^9.0.0",
diff --git a/packages/connectors/connector-alipay-native/package.json b/packages/connectors/connector-alipay-native/package.json
index 7099bda0ce0b..c7b3a562b37f 100644
--- a/packages/connectors/connector-alipay-native/package.json
+++ b/packages/connectors/connector-alipay-native/package.json
@@ -9,7 +9,7 @@
     "dayjs": "^1.10.5",
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {
diff --git a/packages/connectors/connector-alipay-web/package.json b/packages/connectors/connector-alipay-web/package.json
index 10b5095b6b48..076666999a0c 100644
--- a/packages/connectors/connector-alipay-web/package.json
+++ b/packages/connectors/connector-alipay-web/package.json
@@ -8,7 +8,7 @@
     "dayjs": "^1.10.5",
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {
diff --git a/packages/connectors/connector-aliyun-dm/package.json b/packages/connectors/connector-aliyun-dm/package.json
index 59e41ddd8e81..1304c1ecd0df 100644
--- a/packages/connectors/connector-aliyun-dm/package.json
+++ b/packages/connectors/connector-aliyun-dm/package.json
@@ -6,7 +6,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-aliyun-sms/package.json b/packages/connectors/connector-aliyun-sms/package.json
index 9739f43eb75e..408917679e9f 100644
--- a/packages/connectors/connector-aliyun-sms/package.json
+++ b/packages/connectors/connector-aliyun-sms/package.json
@@ -6,7 +6,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-apple/package.json b/packages/connectors/connector-apple/package.json
index 2c11467106bb..4a71c704f13d 100644
--- a/packages/connectors/connector-apple/package.json
+++ b/packages/connectors/connector-apple/package.json
@@ -7,8 +7,8 @@
     "@logto/shared": "workspace:^3.1.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "jose": "^5.0.0",
-    "snakecase-keys": "^8.0.0",
+    "jose": "^5.6.3",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-aws-ses/package.json b/packages/connectors/connector-aws-ses/package.json
index 99f6582e3020..ee69073596a3 100644
--- a/packages/connectors/connector-aws-ses/package.json
+++ b/packages/connectors/connector-aws-ses/package.json
@@ -9,7 +9,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-azuread/package.json b/packages/connectors/connector-azuread/package.json
index 773b2da57be4..cbb02ed66d76 100644
--- a/packages/connectors/connector-azuread/package.json
+++ b/packages/connectors/connector-azuread/package.json
@@ -8,7 +8,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-dingtalk-web/package.json b/packages/connectors/connector-dingtalk-web/package.json
index d2815d24c294..4b0724e4055e 100644
--- a/packages/connectors/connector-dingtalk-web/package.json
+++ b/packages/connectors/connector-dingtalk-web/package.json
@@ -8,7 +8,7 @@
     "dayjs": "^1.10.5",
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {
diff --git a/packages/connectors/connector-discord/package.json b/packages/connectors/connector-discord/package.json
index eef708ea75b5..31f71d801d26 100644
--- a/packages/connectors/connector-discord/package.json
+++ b/packages/connectors/connector-discord/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-facebook/package.json b/packages/connectors/connector-facebook/package.json
index 787adb612c6e..6cced17415bc 100644
--- a/packages/connectors/connector-facebook/package.json
+++ b/packages/connectors/connector-facebook/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-feishu-web/package.json b/packages/connectors/connector-feishu-web/package.json
index b6db69458b6f..29439aacbb43 100644
--- a/packages/connectors/connector-feishu-web/package.json
+++ b/packages/connectors/connector-feishu-web/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-github/package.json b/packages/connectors/connector-github/package.json
index 1e9eeb2a4e95..e16618dde5fa 100644
--- a/packages/connectors/connector-github/package.json
+++ b/packages/connectors/connector-github/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "ky": "^1.2.3",
     "query-string": "^9.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-google/package.json b/packages/connectors/connector-google/package.json
index 6f5c8da1591c..0e1ef23eb64b 100644
--- a/packages/connectors/connector-google/package.json
+++ b/packages/connectors/connector-google/package.json
@@ -7,8 +7,8 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "jose": "^5.0.0",
-    "snakecase-keys": "^8.0.0",
+    "jose": "^5.6.3",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-kakao/package.json b/packages/connectors/connector-kakao/package.json
index 900f095e6c51..5a30d189702b 100644
--- a/packages/connectors/connector-kakao/package.json
+++ b/packages/connectors/connector-kakao/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index d209481cfcce..925df9aa414f 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-logto-sms/package.json b/packages/connectors/connector-logto-sms/package.json
index 00fa94c4f508..bcec96f2bed5 100644
--- a/packages/connectors/connector-logto-sms/package.json
+++ b/packages/connectors/connector-logto-sms/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-logto-social-demo/package.json b/packages/connectors/connector-logto-social-demo/package.json
index 0e765182fbf8..05764d0dfae4 100644
--- a/packages/connectors/connector-logto-social-demo/package.json
+++ b/packages/connectors/connector-logto-social-demo/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-mailgun/package.json b/packages/connectors/connector-mailgun/package.json
index 07cacc5bdb80..d4d9cd80fe7c 100644
--- a/packages/connectors/connector-mailgun/package.json
+++ b/packages/connectors/connector-mailgun/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-mock-email-alternative/package.json b/packages/connectors/connector-mock-email-alternative/package.json
index 9132e8f85300..8eb74883a516 100644
--- a/packages/connectors/connector-mock-email-alternative/package.json
+++ b/packages/connectors/connector-mock-email-alternative/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "scripts": {
diff --git a/packages/connectors/connector-mock-email/package.json b/packages/connectors/connector-mock-email/package.json
index f1b4024346a6..6320c05c110c 100644
--- a/packages/connectors/connector-mock-email/package.json
+++ b/packages/connectors/connector-mock-email/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "scripts": {
diff --git a/packages/connectors/connector-mock-sms/package.json b/packages/connectors/connector-mock-sms/package.json
index 1ae46035a40d..d1ca73d047f2 100644
--- a/packages/connectors/connector-mock-sms/package.json
+++ b/packages/connectors/connector-mock-sms/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "scripts": {
diff --git a/packages/connectors/connector-mock-social/package.json b/packages/connectors/connector-mock-social/package.json
index 902cecb18f76..205147858a52 100644
--- a/packages/connectors/connector-mock-social/package.json
+++ b/packages/connectors/connector-mock-social/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "scripts": {
diff --git a/packages/connectors/connector-naver/package.json b/packages/connectors/connector-naver/package.json
index 22a3e4228165..565e5140aae3 100644
--- a/packages/connectors/connector-naver/package.json
+++ b/packages/connectors/connector-naver/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-oauth2/package.json b/packages/connectors/connector-oauth2/package.json
index 9fb22112f820..db885246476a 100644
--- a/packages/connectors/connector-oauth2/package.json
+++ b/packages/connectors/connector-oauth2/package.json
@@ -7,10 +7,10 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@logto/shared": "workspace:^3.1.1",
     "@silverhand/essentials": "^2.9.1",
-    "jose": "^5.0.0",
+    "jose": "^5.6.3",
     "ky": "^1.2.3",
     "query-string": "^9.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-oidc/package.json b/packages/connectors/connector-oidc/package.json
index bffa1bbc5091..85c97e3f23e6 100644
--- a/packages/connectors/connector-oidc/package.json
+++ b/packages/connectors/connector-oidc/package.json
@@ -7,10 +7,10 @@
     "@logto/connector-oauth": "workspace:^1.3.1",
     "@logto/shared": "workspace:^3.1.1",
     "@silverhand/essentials": "^2.9.1",
-    "jose": "^5.0.0",
+    "jose": "^5.6.3",
     "ky": "^1.2.3",
     "nanoid": "^5.0.1",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-saml/package.json b/packages/connectors/connector-saml/package.json
index 7e84b900cf4a..ffd5649c899c 100644
--- a/packages/connectors/connector-saml/package.json
+++ b/packages/connectors/connector-saml/package.json
@@ -9,7 +9,7 @@
     "fast-xml-parser": "^4.3.6",
     "got": "^14.0.0",
     "samlify": "2.8.11",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-sendgrid-email/package.json b/packages/connectors/connector-sendgrid-email/package.json
index 58231c9eb008..9aa6191625d3 100644
--- a/packages/connectors/connector-sendgrid-email/package.json
+++ b/packages/connectors/connector-sendgrid-email/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-smsaero/package.json b/packages/connectors/connector-smsaero/package.json
index 306eb38dbb3e..5756aa8836af 100644
--- a/packages/connectors/connector-smsaero/package.json
+++ b/packages/connectors/connector-smsaero/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-smtp/package.json b/packages/connectors/connector-smtp/package.json
index 8fbd5f468691..b626bf815bbd 100644
--- a/packages/connectors/connector-smtp/package.json
+++ b/packages/connectors/connector-smtp/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "nodemailer": "^6.9.9",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {
diff --git a/packages/connectors/connector-tencent-sms/package.json b/packages/connectors/connector-tencent-sms/package.json
index a0da5a6bcae9..49678b1a59fb 100644
--- a/packages/connectors/connector-tencent-sms/package.json
+++ b/packages/connectors/connector-tencent-sms/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-twilio-sms/package.json b/packages/connectors/connector-twilio-sms/package.json
index 976f30702497..3964f6ac8630 100644
--- a/packages/connectors/connector-twilio-sms/package.json
+++ b/packages/connectors/connector-twilio-sms/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-wechat-native/package.json b/packages/connectors/connector-wechat-native/package.json
index 9a68f2dc4626..77b0e1f98323 100644
--- a/packages/connectors/connector-wechat-native/package.json
+++ b/packages/connectors/connector-wechat-native/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-wechat-web/package.json b/packages/connectors/connector-wechat-web/package.json
index 07d99ad9280d..6a7908efa566 100644
--- a/packages/connectors/connector-wechat-web/package.json
+++ b/packages/connectors/connector-wechat-web/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-wecom/package.json b/packages/connectors/connector-wecom/package.json
index b06794e294c2..ba26fbc621e9 100644
--- a/packages/connectors/connector-wecom/package.json
+++ b/packages/connectors/connector-wecom/package.json
@@ -7,7 +7,7 @@
     "@logto/connector-kit": "workspace:^4.0.0",
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "main": "./lib/index.js",
diff --git a/packages/core/package.json b/packages/core/package.json
index ad3556771195..05cbc87fffa4 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -48,30 +48,30 @@
     "@simplewebauthn/server": "^10.0.0",
     "@withtyped/client": "^0.8.7",
     "camelcase": "^8.0.0",
-    "camelcase-keys": "^9.0.0",
-    "chalk": "^5.0.0",
+    "camelcase-keys": "^9.1.3",
+    "chalk": "^5.3.0",
     "clean-deep": "^3.4.0",
     "date-fns": "^2.29.3",
     "decamelize": "^6.0.0",
     "deepmerge": "^4.2.2",
-    "dotenv": "^16.0.0",
+    "dotenv": "^16.4.5",
     "etag": "^1.8.1",
     "fast-xml-parser": "^4.3.6",
     "find-up": "^7.0.0",
     "got": "^14.0.0",
-    "hash-wasm": "^4.9.0",
-    "helmet": "^7.0.0",
+    "hash-wasm": "^4.11.0",
+    "helmet": "^7.1.0",
     "i18next": "^22.4.15",
     "iconv-lite": "0.6.3",
-    "jose": "^5.0.0",
-    "koa": "^2.13.1",
+    "jose": "^5.6.3",
+    "koa": "^2.15.3",
     "koa-body": "^6.0.1",
     "koa-compose": "^4.1.0",
-    "koa-compress": "^5.1.0",
+    "koa-compress": "^5.1.1",
     "koa-logger": "^3.2.1",
     "koa-mount": "^4.0.0",
     "koa-proxies": "^0.12.4",
-    "koa-router": "^12.0.0",
+    "koa-router": "^12.0.1",
     "koa-send": "^5.0.1",
     "ky": "^1.2.3",
     "lru-cache": "^11.0.0",
@@ -89,7 +89,7 @@
     "samlify": "2.8.11",
     "semver": "^7.3.8",
     "snake-case": "^4.0.0",
-    "snakecase-keys": "^8.0.0",
+    "snakecase-keys": "^8.0.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {
@@ -99,7 +99,7 @@
     "@types/debug": "^4.1.7",
     "@types/etag": "^1.8.1",
     "@types/jest": "^29.4.0",
-    "@types/koa": "^2.13.3",
+    "@types/koa": "^2.15.0",
     "@types/koa-compose": "^3.2.5",
     "@types/koa-compress": "^4.0.3",
     "@types/koa-logger": "^3.1.1",
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index d5478a1dbdb6..7f989910854e 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -37,7 +37,7 @@
     "eslint": "^8.56.0",
     "i18next": "^22.4.15",
     "i18next-browser-languagedetector": "^8.0.0",
-    "jose": "^5.0.0",
+    "jose": "^5.6.3",
     "lint-staged": "^15.0.0",
     "parcel": "2.9.3",
     "postcss": "^8.4.31",
diff --git a/packages/experience/package.json b/packages/experience/package.json
index 0265214d98aa..72481759defb 100644
--- a/packages/experience/package.json
+++ b/packages/experience/package.json
@@ -52,7 +52,7 @@
     "@types/react-helmet": "^6.1.6",
     "@types/react-modal": "^3.13.1",
     "@types/react-router-dom": "^5.3.2",
-    "camelcase-keys": "^9.0.0",
+    "camelcase-keys": "^9.1.3",
     "classnames": "^2.3.1",
     "color": "^4.2.3",
     "core-js": "^3.34.0",
diff --git a/packages/integration-tests/package.json b/packages/integration-tests/package.json
index d238a5de8cf3..984fb7eed068 100644
--- a/packages/integration-tests/package.json
+++ b/packages/integration-tests/package.json
@@ -35,13 +35,13 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/jest": "^29.4.0",
     "@types/node": "^20.9.5",
-    "dotenv": "^16.0.0",
+    "dotenv": "^16.4.5",
     "eslint": "^8.56.0",
     "expect-puppeteer": "^10.0.0",
     "jest": "^29.7.0",
     "jest-matcher-specific-error": "^1.0.0",
     "jest-puppeteer": "^10.0.1",
-    "jose": "^5.0.0",
+    "jose": "^5.6.3",
     "ky": "^1.2.3",
     "openapi-schema-validator": "^12.1.3",
     "openapi-types": "^12.1.3",
diff --git a/packages/schemas/package.json b/packages/schemas/package.json
index e7da8c566f34..173a793f88e4 100644
--- a/packages/schemas/package.json
+++ b/packages/schemas/package.json
@@ -48,7 +48,7 @@
     "@types/pluralize": "^0.0.33",
     "@vitest/coverage-v8": "^1.4.0",
     "camelcase": "^8.0.0",
-    "chalk": "^5.0.0",
+    "chalk": "^5.3.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "pluralize": "^8.0.0",
diff --git a/packages/shared/package.json b/packages/shared/package.json
index 5f80353075c2..98fec1fb9351 100644
--- a/packages/shared/package.json
+++ b/packages/shared/package.json
@@ -60,7 +60,7 @@
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
     "@silverhand/essentials": "^2.9.1",
-    "chalk": "^5.0.0",
+    "chalk": "^5.3.0",
     "find-up": "^7.0.0",
     "libphonenumber-js": "^1.9.49",
     "nanoid": "^5.0.1"
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 095450077188..9de320e453e5 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -110,14 +110,14 @@ importers:
         specifier: 31.0.0-beta.2
         version: 31.0.0-beta.2
       chalk:
-        specifier: ^5.0.0
-        version: 5.1.2
+        specifier: ^5.3.0
+        version: 5.3.0
       decamelize:
         specifier: ^6.0.0
         version: 6.0.0
       dotenv:
-        specifier: ^16.0.0
-        version: 16.0.0
+        specifier: ^16.4.5
+        version: 16.4.5
       got:
         specifier: ^14.0.0
         version: 14.0.0
@@ -228,8 +228,8 @@ importers:
         specifier: ^0.6.3
         version: 0.6.3
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -310,8 +310,8 @@ importers:
         specifier: ^0.6.3
         version: 0.6.3
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -386,8 +386,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -459,8 +459,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -535,11 +535,11 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       jose:
-        specifier: ^5.0.0
-        version: 5.0.1
+        specifier: ^5.6.3
+        version: 5.6.3
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -617,8 +617,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -693,8 +693,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -772,8 +772,8 @@ importers:
         specifier: ^0.6.3
         version: 0.6.3
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -848,8 +848,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -921,8 +921,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -994,8 +994,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1070,8 +1070,8 @@ importers:
         specifier: ^9.0.0
         version: 9.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1143,11 +1143,11 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       jose:
-        specifier: ^5.0.0
-        version: 5.2.4
+        specifier: ^5.6.3
+        version: 5.6.3
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1292,8 +1292,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1365,8 +1365,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1441,8 +1441,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1514,8 +1514,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1587,8 +1587,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1660,8 +1660,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1733,8 +1733,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1806,8 +1806,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1879,8 +1879,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -1952,8 +1952,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2025,8 +2025,8 @@ importers:
         specifier: ^2.9.1
         version: 2.9.1
       jose:
-        specifier: ^5.0.0
-        version: 5.2.2
+        specifier: ^5.6.3
+        version: 5.6.3
       ky:
         specifier: ^1.2.3
         version: 1.2.3
@@ -2034,8 +2034,8 @@ importers:
         specifier: ^9.0.0
         version: 9.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2110,8 +2110,8 @@ importers:
         specifier: ^2.9.1
         version: 2.9.1
       jose:
-        specifier: ^5.0.0
-        version: 5.0.1
+        specifier: ^5.6.3
+        version: 5.6.3
       ky:
         specifier: ^1.2.3
         version: 1.2.3
@@ -2119,8 +2119,8 @@ importers:
         specifier: ^5.0.1
         version: 5.0.1
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2198,8 +2198,8 @@ importers:
         specifier: 2.8.11
         version: 2.8.11
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2271,8 +2271,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2344,8 +2344,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2420,8 +2420,8 @@ importers:
         specifier: ^6.9.9
         version: 6.9.9
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2496,8 +2496,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2569,8 +2569,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2642,8 +2642,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2715,8 +2715,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -2788,8 +2788,8 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -3227,11 +3227,11 @@ importers:
         specifier: ^8.0.0
         version: 8.0.0
       camelcase-keys:
-        specifier: ^9.0.0
-        version: 9.0.0
+        specifier: ^9.1.3
+        version: 9.1.3
       chalk:
-        specifier: ^5.0.0
-        version: 5.1.2
+        specifier: ^5.3.0
+        version: 5.3.0
       clean-deep:
         specifier: ^3.4.0
         version: 3.4.0
@@ -3245,8 +3245,8 @@ importers:
         specifier: ^4.2.2
         version: 4.2.2
       dotenv:
-        specifier: ^16.0.0
-        version: 16.0.0
+        specifier: ^16.4.5
+        version: 16.4.5
       etag:
         specifier: ^1.8.1
         version: 1.8.1
@@ -3260,11 +3260,11 @@ importers:
         specifier: ^14.0.0
         version: 14.0.0
       hash-wasm:
-        specifier: ^4.9.0
-        version: 4.9.0
+        specifier: ^4.11.0
+        version: 4.11.0
       helmet:
-        specifier: ^7.0.0
-        version: 7.0.0
+        specifier: ^7.1.0
+        version: 7.1.0
       i18next:
         specifier: ^22.4.15
         version: 22.4.15
@@ -3272,11 +3272,11 @@ importers:
         specifier: 0.6.3
         version: 0.6.3
       jose:
-        specifier: ^5.0.0
-        version: 5.0.1
+        specifier: ^5.6.3
+        version: 5.6.3
       koa:
-        specifier: ^2.13.1
-        version: 2.13.4
+        specifier: ^2.15.3
+        version: 2.15.3
       koa-body:
         specifier: ^6.0.1
         version: 6.0.1
@@ -3284,8 +3284,8 @@ importers:
         specifier: ^4.1.0
         version: 4.1.0
       koa-compress:
-        specifier: ^5.1.0
-        version: 5.1.0
+        specifier: ^5.1.1
+        version: 5.1.1
       koa-logger:
         specifier: ^3.2.1
         version: 3.2.1
@@ -3294,10 +3294,10 @@ importers:
         version: 4.0.0
       koa-proxies:
         specifier: ^0.12.4
-        version: 0.12.4(koa@2.13.4)
+        version: 0.12.4(koa@2.15.3)
       koa-router:
-        specifier: ^12.0.0
-        version: 12.0.0
+        specifier: ^12.0.1
+        version: 12.0.1
       koa-send:
         specifier: ^5.0.1
         version: 5.0.1
@@ -3350,8 +3350,8 @@ importers:
         specifier: ^4.0.0
         version: 4.0.0
       snakecase-keys:
-        specifier: ^8.0.0
-        version: 8.0.0
+        specifier: ^8.0.1
+        version: 8.0.1
       zod:
         specifier: ^3.22.4
         version: 3.22.4
@@ -3375,8 +3375,8 @@ importers:
         specifier: ^29.4.0
         version: 29.4.0
       '@types/koa':
-        specifier: ^2.13.3
-        version: 2.13.4
+        specifier: ^2.15.0
+        version: 2.15.0
       '@types/koa-compose':
         specifier: ^3.2.5
         version: 3.2.5
@@ -3421,7 +3421,7 @@ importers:
         version: 8.57.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.10.4)
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -3516,8 +3516,8 @@ importers:
         specifier: ^8.0.0
         version: 8.0.0
       jose:
-        specifier: ^5.0.0
-        version: 5.2.4
+        specifier: ^5.6.3
+        version: 5.6.3
       lint-staged:
         specifier: ^15.0.0
         version: 15.0.2
@@ -3648,8 +3648,8 @@ importers:
         specifier: ^5.3.2
         version: 5.3.2
       camelcase-keys:
-        specifier: ^9.0.0
-        version: 9.0.0
+        specifier: ^9.1.3
+        version: 9.1.3
       classnames:
         specifier: ^2.3.1
         version: 2.3.1
@@ -3676,7 +3676,7 @@ importers:
         version: 3.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.12.7)
       jest-environment-jsdom:
         specifier: ^29.7.0
         version: 29.7.0
@@ -3685,7 +3685,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)))(react@18.2.0)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0)
       js-base64:
         specifier: ^3.7.5
         version: 3.7.5
@@ -3814,8 +3814,8 @@ importers:
         specifier: ^20.9.5
         version: 20.10.4
       dotenv:
-        specifier: ^16.0.0
-        version: 16.0.0
+        specifier: ^16.4.5
+        version: 16.4.5
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -3824,7 +3824,7 @@ importers:
         version: 10.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.10.4)
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -3832,8 +3832,8 @@ importers:
         specifier: ^10.0.1
         version: 10.0.1(puppeteer@22.6.5(typescript@5.3.3))(typescript@5.3.3)
       jose:
-        specifier: ^5.0.0
-        version: 5.0.1
+        specifier: ^5.6.3
+        version: 5.6.3
       ky:
         specifier: ^1.2.3
         version: 1.2.3
@@ -3982,8 +3982,8 @@ importers:
         specifier: ^8.0.0
         version: 8.0.0
       chalk:
-        specifier: ^5.0.0
-        version: 5.1.2
+        specifier: ^5.3.0
+        version: 5.3.0
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4012,8 +4012,8 @@ importers:
         specifier: ^2.9.1
         version: 2.9.1
       chalk:
-        specifier: ^5.0.0
-        version: 5.1.2
+        specifier: ^5.3.0
+        version: 5.3.0
       find-up:
         specifier: ^7.0.0
         version: 7.0.0
@@ -6570,9 +6570,6 @@ packages:
   '@types/koa-send@4.1.3':
     resolution: {integrity: sha512-daaTqPZlgjIJycSTNjKpHYuKhXYP30atFc1pBcy6HHqB9+vcymDgYTguPdx9tO4HMOqNyz6bz/zqpxt5eLR+VA==}
 
-  '@types/koa@2.13.4':
-    resolution: {integrity: sha512-dfHYMfU+z/vKtQB7NUrthdAEiSvnLebvBjwHtfFmpZmB7em2N3WVQdHgnFq+xvyVgxW5jKDmjWfLD3lw4g4uTw==}
-
   '@types/koa@2.15.0':
     resolution: {integrity: sha512-7QFsywoE5URbuVnG3loe03QXuGajrnotr3gQkXcEBShORai23MePfFYdhz90FEtBBpkyIYQbVD+evKtloCgX3g==}
 
@@ -7285,8 +7282,8 @@ packages:
     resolution: {integrity: sha512-Rjs1H+A9R+Ig+4E/9oyB66UC5Mj9Xq3N//vcLf2WzgdTi/3gUu3Z9KoqmlrEG4VuuLK8wJHofxzdQXz/knhiYg==}
     engines: {node: '>=12'}
 
-  camelcase-keys@9.0.0:
-    resolution: {integrity: sha512-GdZ92DNXdcfFB/5Kq4O82EL6UW5neiRBhfNP5M3mGw7CX2sPDbVA04ZPLsqbp7oMi2l3m2I0AZ/kFP5Nk5kopA==}
+  camelcase-keys@9.1.3:
+    resolution: {integrity: sha512-Rircqi9ch8AnZscQcsA1C47NFdaO3wukpmIRzYcDOrmvgt78hM/sj5pZhZNec2NM12uk5vTwRHZ4anGcrC4ZTg==}
     engines: {node: '>=16'}
 
   camelcase@5.3.1:
@@ -7319,10 +7316,6 @@ packages:
     resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
     engines: {node: '>=10'}
 
-  chalk@5.1.2:
-    resolution: {integrity: sha512-E5CkT4jWURs1Vy5qGJye+XwCkNj7Od3Af7CP6SujMetSMkLs8Do2RWJK5yx1wamHV/op8Rz+9rltjaTQWDnEFQ==}
-    engines: {node: ^12.17.0 || ^14.13 || >=16.0.0}
-
   chalk@5.3.0:
     resolution: {integrity: sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==}
     engines: {node: ^12.17.0 || ^14.13 || >=16.0.0}
@@ -8124,8 +8117,8 @@ packages:
   dotenv-expand@5.1.0:
     resolution: {integrity: sha512-YXQl1DSa4/PQyRfgrv6aoNjhasp/p4qs9FjJ4q4cQk+8m4r6k4ZSiEyytKG8f8W9gi8WsQtIObNmKd+tMzNTmA==}
 
-  dotenv@16.0.0:
-    resolution: {integrity: sha512-qD9WU0MPM4SWLPJy/r2Be+2WgQj8plChsyrCNQzW/0WjvcJQiKQJ9mH3ZgB3fxbUUxgc/11ZJ0Fi5KiimWGz2Q==}
+  dotenv@16.4.5:
+    resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==}
     engines: {node: '>=12'}
 
   dotenv@7.0.0:
@@ -9035,8 +9028,8 @@ packages:
     resolution: {integrity: sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==}
     engines: {node: '>= 0.4.0'}
 
-  hash-wasm@4.9.0:
-    resolution: {integrity: sha512-7SW7ejyfnRxuOc7ptQHSf4LDoZaWOivfzqw+5rpcQku0nHfmicPKE51ra9BiRLAmT8+gGLestr1XroUkqdjL6w==}
+  hash-wasm@4.11.0:
+    resolution: {integrity: sha512-HVusNXlVqHe0fzIzdQOGolnFN6mX/fqcrSAOcTBXdvzrXVHwTz11vXeKRmkR5gTuwVpvHZEIyKoePDvuAR+XwQ==}
 
   hasown@2.0.2:
     resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
@@ -9060,8 +9053,8 @@ packages:
   hastscript@6.0.0:
     resolution: {integrity: sha512-nDM6bvd7lIqDUiYEiu5Sl/+6ReP0BMk/2f4U/Rooccxkj0P5nm+acM5PrGJ/t5I8qPGiqZSE6hVAwZEdZIvP4w==}
 
-  helmet@7.0.0:
-    resolution: {integrity: sha512-MsIgYmdBh460ZZ8cJC81q4XJknjG567wzEmv46WOBblDb6TUd3z8/GhgmsM9pn8g2B80tAJ4m5/d3Bi1KrSUBQ==}
+  helmet@7.1.0:
+    resolution: {integrity: sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==}
     engines: {node: '>=16.0.0'}
 
   hexoid@1.0.0:
@@ -9818,14 +9811,8 @@ packages:
   joi@17.12.2:
     resolution: {integrity: sha512-RonXAIzCiHLc8ss3Ibuz45u28GOsWE1UpfDXLbN/9NKbL4tCJf8TWYVKsoYuuh+sAUt7fsSNpA+r2+TBA6Wjmw==}
 
-  jose@5.0.1:
-    resolution: {integrity: sha512-gRVzy7s3RRdGbXmcTdlOswJOjhwPLx1ijIgAqLY6ktzFpOJxxYn4l0fC2vHaHHi4YBX/5FOL3aY+6W0cvQgpug==}
-
-  jose@5.2.2:
-    resolution: {integrity: sha512-/WByRr4jDcsKlvMd1dRJnPfS1GVO3WuKyaurJ/vvXcOaUQO8rnNObCQMlv/5uCceVQIq5Q4WLF44ohsdiTohdg==}
-
-  jose@5.2.4:
-    resolution: {integrity: sha512-6ScbIk2WWCeXkmzF6bRPmEuaqy1m8SbsRFMa/FLrSCkGIhj8OLVG/IH+XHVmNMx/KUo8cVWEE6oKR4dJ+S0Rkg==}
+  jose@5.6.3:
+    resolution: {integrity: sha512-1Jh//hEEwMhNYPDDLwXHa2ePWgWiFNNUadVmguAAw2IJ6sj9mNxV5tGXJNqlMkJAybF6Lgw1mISDxTePP/187g==}
 
   js-base64@3.7.5:
     resolution: {integrity: sha512-3MEt5DTINKqfScXKfJFrRbxkrnk2AxPWGBL/ycjz4dK8iqiSJ06UxD8jh8xuh6p10TX4t2+7FsBYVxxQbMg+qA==}
@@ -9976,9 +9963,9 @@ packages:
   koa-compose@4.1.0:
     resolution: {integrity: sha512-8ODW8TrDuMYvXRwra/Kh7/rJo9BtOfPc6qO8eAfC80CnCvSjSl0bkRM24X6/XBBEyj0v1nRUQ1LyOy3dbqOWXw==}
 
-  koa-compress@5.1.0:
-    resolution: {integrity: sha512-G3Ppo9jrUwlchp6qdoRgQNMiGZtM0TAHkxRZQ7EoVvIG8E47J4nAsMJxXHAUQ+0oc7t0MDxSdONWTFcbzX7/Bg==}
-    engines: {node: '>= 8.0.0'}
+  koa-compress@5.1.1:
+    resolution: {integrity: sha512-UgMIN7ZoEP2DuoSQmD6CYvFSLt0NReGlc2qSY4bO4Oq0L56OiD9pDG41Kj/zFmVY/A3Wvmn4BqKcfq5H30LGIg==}
+    engines: {node: '>= 12'}
 
   koa-convert@2.0.0:
     resolution: {integrity: sha512-asOvN6bFlSnxewce2e/DK3p4tltyfC4VM7ZwuTuepI7dEQVcvpyFuBcEARu1+Hxg8DIwytce2n7jrZtRlPrARA==}
@@ -10000,10 +9987,9 @@ packages:
     peerDependencies:
       koa: '>=2'
 
-  koa-router@12.0.0:
-    resolution: {integrity: sha512-zGrdiXygGYW8WvrzeGsHZvKnHs4DzyGoqJ9a8iHlRkiwuEAOAPyI27//OlhoWdgFAEIM3qbUgr0KCuRaP/TCag==}
+  koa-router@12.0.1:
+    resolution: {integrity: sha512-gaDdj3GtzoLoeosacd50kBBTnnh3B9AYxDThQUo4sfUyXdOhY6ku1qyZKW88tQCRgc3Sw6ChXYXWZwwgjOxE0w==}
     engines: {node: '>= 12'}
-    deprecated: '**IMPORTANT 10x+ PERFORMANCE UPGRADE**: Please upgrade to v12.0.1+ as we have fixed an issue with debuglog causing 10x slower router benchmark performance, see https://github.com/koajs/router/pull/173'
 
   koa-send@5.0.1:
     resolution: {integrity: sha512-tmcyQ/wXXuxpDxyNXv5yNNkdAMdFRqwtegBXUaowiQzUKqJehttS0x2j0eOZDQAyloAth5w6wwBImnFzkUz3pQ==}
@@ -12159,8 +12145,8 @@ packages:
     resolution: {integrity: sha512-slvG6efKZ3GYUUZdhPOq/lLIqutwQ4TdPViD1VKqsbf0u76U/aPRswPKjOaAS9T7fAPmRmXuN6C/nM0xsMaFLQ==}
     deprecated: Use `change-case`
 
-  snakecase-keys@8.0.0:
-    resolution: {integrity: sha512-qS7XvESuFxskrmD8/O9tOMdLdV9YTuPfNLdRJIvNJKNEZtH9XVPwmZioROwl4TsVDbOFqlQ/o7pURuF8MnjYsg==}
+  snakecase-keys@8.0.1:
+    resolution: {integrity: sha512-Sj51kE1zC7zh6TDlNNz0/Jn1n5HiHdoQErxO8jLtnyrkJW/M5PrI7x05uDgY3BO7OUQYKCvmeMurW6BPUdwEOw==}
     engines: {node: '>=18'}
 
   socks-proxy-agent@8.0.2:
@@ -12707,10 +12693,6 @@ packages:
     resolution: {integrity: sha512-tB9lu0pQpX5KJq54g+oHOLumOx+pMep4RaM6liXh2PKmVRFF+/vAtUP0ZaJ0kOySfVNjF6doBWPHhBhISKdlIA==}
     engines: {node: '>=16'}
 
-  type-fest@4.2.0:
-    resolution: {integrity: sha512-5zknd7Dss75pMSED270A1RQS3KloqRJA9XbXLe0eCxyw7xXFb3rd+9B0UQ/0E+LQT6lnrLviEolYORlRWamn4w==}
-    engines: {node: '>=16'}
-
   type-is@1.6.18:
     resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==}
     engines: {node: '>= 0.6'}
@@ -14641,41 +14623,6 @@ snapshots:
       - supports-color
       - ts-node
 
-  '@jest/core@29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))':
-    dependencies:
-      '@jest/console': 29.7.0
-      '@jest/reporters': 29.7.0
-      '@jest/test-result': 29.7.0
-      '@jest/transform': 29.7.0
-      '@jest/types': 29.6.3
-      '@types/node': 20.12.7
-      ansi-escapes: 4.3.2
-      chalk: 4.1.2
-      ci-info: 3.8.0
-      exit: 0.1.2
-      graceful-fs: 4.2.11
-      jest-changed-files: 29.7.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
-      jest-haste-map: 29.7.0
-      jest-message-util: 29.7.0
-      jest-regex-util: 29.6.3
-      jest-resolve: 29.7.0
-      jest-resolve-dependencies: 29.7.0
-      jest-runner: 29.7.0
-      jest-runtime: 29.7.0
-      jest-snapshot: 29.7.0
-      jest-util: 29.7.0
-      jest-validate: 29.7.0
-      jest-watcher: 29.7.0
-      micromatch: 4.0.5
-      pretty-format: 29.7.0
-      slash: 3.0.0
-      strip-ansi: 6.0.1
-    transitivePeerDependencies:
-      - babel-plugin-macros
-      - supports-color
-      - ts-node
-
   '@jest/create-cache-key-function@27.5.1':
     dependencies:
       '@jest/types': 27.5.1
@@ -14933,7 +14880,7 @@ snapshots:
       '@logto/js': 4.1.4
       '@silverhand/essentials': 2.9.1
       camelcase-keys: 7.0.2
-      jose: 5.2.4
+      jose: 5.6.3
 
   '@logto/cloud@0.2.5-3046fa6(zod@3.22.4)':
     dependencies:
@@ -16004,10 +15951,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -16781,35 +16728,24 @@ snapshots:
 
   '@types/koa-compose@3.2.5':
     dependencies:
-      '@types/koa': 2.13.4
+      '@types/koa': 2.15.0
 
   '@types/koa-compress@4.0.3':
     dependencies:
-      '@types/koa': 2.13.4
+      '@types/koa': 2.15.0
       '@types/node': 20.12.7
 
   '@types/koa-logger@3.1.2':
     dependencies:
-      '@types/koa': 2.13.4
+      '@types/koa': 2.15.0
 
   '@types/koa-mount@4.0.1':
     dependencies:
-      '@types/koa': 2.13.4
+      '@types/koa': 2.15.0
 
   '@types/koa-send@4.1.3':
     dependencies:
-      '@types/koa': 2.13.4
-
-  '@types/koa@2.13.4':
-    dependencies:
-      '@types/accepts': 1.3.5
-      '@types/content-disposition': 0.5.4
-      '@types/cookies': 0.7.7
-      '@types/http-assert': 1.5.3
-      '@types/http-errors': 1.8.2
-      '@types/keygrip': 1.0.2
-      '@types/koa-compose': 3.2.5
-      '@types/node': 20.12.7
+      '@types/koa': 2.15.0
 
   '@types/koa@2.15.0':
     dependencies:
@@ -16824,7 +16760,7 @@ snapshots:
 
   '@types/koa__cors@5.0.0':
     dependencies:
-      '@types/koa': 2.13.4
+      '@types/koa': 2.15.0
 
   '@types/mdast@3.0.15':
     dependencies:
@@ -16871,7 +16807,7 @@ snapshots:
 
   '@types/oidc-provider@8.4.4':
     dependencies:
-      '@types/koa': 2.13.4
+      '@types/koa': 2.15.0
       '@types/node': 20.12.7
 
   '@types/parse-json@4.0.0': {}
@@ -17722,12 +17658,12 @@ snapshots:
       quick-lru: 5.1.1
       type-fest: 1.4.0
 
-  camelcase-keys@9.0.0:
+  camelcase-keys@9.1.3:
     dependencies:
       camelcase: 8.0.0
       map-obj: 5.0.0
       quick-lru: 6.1.1
-      type-fest: 4.2.0
+      type-fest: 4.15.0
 
   camelcase@5.3.1: {}
 
@@ -17760,8 +17696,6 @@ snapshots:
       ansi-styles: 4.3.0
       supports-color: 7.2.0
 
-  chalk@5.1.2: {}
-
   chalk@5.3.0: {}
 
   char-regex@1.0.2: {}
@@ -18036,13 +17970,13 @@ snapshots:
     dependencies:
       lodash.get: 4.4.2
 
-  create-jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  create-jest@29.7.0(@types/node@20.10.4):
     dependencies:
       '@jest/types': 29.6.3
       chalk: 4.1.2
       exit: 0.1.2
       graceful-fs: 4.2.11
-      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.10.4)
       jest-util: 29.7.0
       prompts: 2.4.2
     transitivePeerDependencies:
@@ -18567,7 +18501,7 @@ snapshots:
 
   dotenv-expand@5.1.0: {}
 
-  dotenv@16.0.0: {}
+  dotenv@16.4.5: {}
 
   dotenv@7.0.0: {}
 
@@ -18848,13 +18782,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18865,14 +18799,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18894,7 +18828,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18904,7 +18838,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -19729,7 +19663,7 @@ snapshots:
     dependencies:
       function-bind: 1.1.1
 
-  hash-wasm@4.9.0: {}
+  hash-wasm@4.11.0: {}
 
   hasown@2.0.2:
     dependencies:
@@ -19795,7 +19729,7 @@ snapshots:
       property-information: 5.6.0
       space-separated-tokens: 1.1.5
 
-  helmet@7.0.0: {}
+  helmet@7.1.0: {}
 
   hexoid@1.0.0: {}
 
@@ -20026,7 +19960,7 @@ snapshots:
   inquirer@9.1.4:
     dependencies:
       ansi-escapes: 6.0.0
-      chalk: 5.1.2
+      chalk: 5.3.0
       cli-cursor: 4.0.0
       cli-width: 4.0.0
       external-editor: 3.1.0
@@ -20379,16 +20313,16 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-cli@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.10.4):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      create-jest: 29.7.0(@types/node@20.10.4)
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.10.4)
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -20398,7 +20332,7 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.12.7):
     dependencies:
       '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/test-result': 29.7.0
@@ -20417,38 +20351,26 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-config@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
     dependencies:
-      '@babel/core': 7.24.4
-      '@jest/test-sequencer': 29.7.0
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
-      babel-jest: 29.7.0(@babel/core@7.24.4)
       chalk: 4.1.2
-      ci-info: 3.8.0
-      deepmerge: 4.3.1
-      glob: 7.2.3
-      graceful-fs: 4.2.11
-      jest-circus: 29.7.0
-      jest-environment-node: 29.7.0
-      jest-get-type: 29.6.3
-      jest-regex-util: 29.6.3
-      jest-resolve: 29.7.0
-      jest-runner: 29.7.0
+      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      exit: 0.1.2
+      import-local: 3.1.0
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
-      micromatch: 4.0.5
-      parse-json: 5.2.0
-      pretty-format: 29.7.0
-      slash: 3.0.0
-      strip-json-comments: 3.1.1
-    optionalDependencies:
-      '@types/node': 20.10.4
-      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.3.3)
+      yargs: 17.7.2
     transitivePeerDependencies:
+      - '@types/node'
       - babel-plugin-macros
       - supports-color
+      - ts-node
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.10.4):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20473,13 +20395,12 @@ snapshots:
       slash: 3.0.0
       strip-json-comments: 3.1.1
     optionalDependencies:
-      '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+      '@types/node': 20.10.4
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20505,7 +20426,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20766,6 +20687,11 @@ snapshots:
       jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       react: 18.2.0
 
+  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0):
+    dependencies:
+      jest: 29.7.0(@types/node@20.12.7)
+      react: 18.2.0
+
   jest-util@29.5.0:
     dependencies:
       '@jest/types': 29.6.3
@@ -20818,12 +20744,24 @@ snapshots:
       merge-stream: 2.0.0
       supports-color: 8.1.1
 
-  jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest@29.7.0(@types/node@20.10.4):
+    dependencies:
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/types': 29.6.3
+      import-local: 3.1.0
+      jest-cli: 29.7.0(@types/node@20.10.4)
+    transitivePeerDependencies:
+      - '@types/node'
+      - babel-plugin-macros
+      - supports-color
+      - ts-node
+
+  jest@29.7.0(@types/node@20.12.7):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-cli: 29.7.0(@types/node@20.12.7)
     transitivePeerDependencies:
       - '@types/node'
       - babel-plugin-macros
@@ -20852,11 +20790,7 @@ snapshots:
       '@sideway/formula': 3.0.1
       '@sideway/pinpoint': 2.0.0
 
-  jose@5.0.1: {}
-
-  jose@5.2.2: {}
-
-  jose@5.2.4: {}
+  jose@5.6.3: {}
 
   js-base64@3.7.5: {}
 
@@ -21030,13 +20964,12 @@ snapshots:
 
   koa-compose@4.1.0: {}
 
-  koa-compress@5.1.0:
+  koa-compress@5.1.1:
     dependencies:
       bytes: 3.1.2
       compressible: 2.0.18
       http-errors: 1.8.1
       koa-is-json: 1.0.0
-      statuses: 2.0.1
 
   koa-convert@2.0.0:
     dependencies:
@@ -21059,21 +20992,24 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  koa-proxies@0.12.4(koa@2.13.4):
+  koa-proxies@0.12.4(koa@2.15.3):
     dependencies:
       http-proxy: 1.18.1
-      koa: 2.13.4
+      koa: 2.15.3
       path-match: 1.2.4
       uuid: 8.3.2
     transitivePeerDependencies:
       - debug
 
-  koa-router@12.0.0:
+  koa-router@12.0.1:
     dependencies:
+      debug: 4.3.4
       http-errors: 2.0.0
       koa-compose: 4.1.0
       methods: 1.1.2
       path-to-regexp: 6.2.1
+    transitivePeerDependencies:
+      - supports-color
 
   koa-send@5.0.1:
     dependencies:
@@ -22364,7 +22300,7 @@ snapshots:
       debug: 4.3.4
       eta: 3.4.0
       got: 13.0.0
-      jose: 5.2.4
+      jose: 5.6.3
       jsesc: 3.0.2
       koa: 2.15.3
       nanoid: 5.0.7
@@ -23796,7 +23732,7 @@ snapshots:
     dependencies:
       no-case: 4.0.0
 
-  snakecase-keys@8.0.0:
+  snakecase-keys@8.0.1:
     dependencies:
       map-obj: 4.3.0
       snake-case: 3.0.4
@@ -24334,25 +24270,6 @@ snapshots:
     optionalDependencies:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
 
-  ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3):
-    dependencies:
-      '@cspotcode/source-map-support': 0.8.1
-      '@tsconfig/node10': 1.0.9
-      '@tsconfig/node12': 1.0.11
-      '@tsconfig/node14': 1.0.3
-      '@tsconfig/node16': 1.0.4
-      '@types/node': 20.10.4
-      acorn: 8.10.0
-      acorn-walk: 8.2.0
-      arg: 4.1.3
-      create-require: 1.1.1
-      diff: 4.0.2
-      make-error: 1.3.6
-      typescript: 5.3.3
-      v8-compile-cache-lib: 3.0.1
-      yn: 3.1.1
-    optional: true
-
   tsconfig-paths@3.15.0:
     dependencies:
       '@types/json5': 0.0.29
@@ -24408,8 +24325,6 @@ snapshots:
 
   type-fest@4.15.0: {}
 
-  type-fest@4.2.0: {}
-
   type-is@1.6.18:
     dependencies:
       media-typer: 0.3.0

From e3109af0264b5f08f128f2837db6dcefa405734a Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 12 Jul 2024 20:56:01 +0800
Subject: [PATCH 010/135] chore(deps): upgrade zod

---
 packages/cli/package.json                     |   2 +-
 .../connector-alipay-native/package.json      |   2 +-
 .../connector-alipay-web/package.json         |   2 +-
 .../connector-aliyun-dm/package.json          |   2 +-
 .../connector-aliyun-sms/package.json         |   2 +-
 .../connectors/connector-apple/package.json   |   2 +-
 .../connectors/connector-aws-ses/package.json |   2 +-
 .../connectors/connector-azuread/package.json |   2 +-
 .../connector-dingtalk-web/package.json       |   2 +-
 .../connectors/connector-discord/package.json |   2 +-
 .../connector-facebook/package.json           |   2 +-
 .../connector-feishu-web/package.json         |   2 +-
 .../connectors/connector-github/package.json  |   2 +-
 .../connectors/connector-google/package.json  |   2 +-
 .../connector-huggingface/package.json        |   2 +-
 .../connectors/connector-kakao/package.json   |   2 +-
 .../connector-logto-email/package.json        |   2 +-
 .../connector-logto-sms/package.json          |   2 +-
 .../connector-logto-social-demo/package.json  |   2 +-
 .../connectors/connector-mailgun/package.json |   2 +-
 .../package.json                              |   2 +-
 .../connector-mock-email/package.json         |   2 +-
 .../connector-mock-sms/package.json           |   2 +-
 .../connector-mock-social/package.json        |   2 +-
 .../connectors/connector-naver/package.json   |   2 +-
 .../connectors/connector-oauth2/package.json  |   2 +-
 .../connectors/connector-oidc/package.json    |   2 +-
 .../connectors/connector-saml/package.json    |   2 +-
 .../connector-sendgrid-email/package.json     |   2 +-
 .../connectors/connector-smsaero/package.json |   2 +-
 .../connectors/connector-smtp/package.json    |   2 +-
 .../connector-tencent-sms/package.json        |   2 +-
 .../connector-twilio-sms/package.json         |   2 +-
 .../connector-wechat-native/package.json      |   2 +-
 .../connector-wechat-web/package.json         |   2 +-
 .../connectors/connector-wecom/package.json   |   2 +-
 packages/console/package.json                 |   2 +-
 packages/core/package.json                    |   2 +-
 packages/demo-app/package.json                |   2 +-
 packages/experience/package.json              |   2 +-
 packages/integration-tests/package.json       |   2 +-
 packages/phrases-experience/package.json      |   2 +-
 packages/phrases/package.json                 |   2 +-
 packages/schemas/package.json                 |   2 +-
 packages/toolkit/connector-kit/package.json   |   2 +-
 packages/toolkit/core-kit/package.json        |   2 +-
 packages/toolkit/language-kit/package.json    |   2 +-
 pnpm-lock.yaml                                | 253 +++++++++---------
 48 files changed, 176 insertions(+), 171 deletions(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index 572b0f8f5426..23ce094254ab 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -68,7 +68,7 @@
     "tar": "^7.0.0",
     "typescript": "^5.3.3",
     "yargs": "^17.6.0",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
diff --git a/packages/connectors/connector-alipay-native/package.json b/packages/connectors/connector-alipay-native/package.json
index c7b3a562b37f..b988d62f72b7 100644
--- a/packages/connectors/connector-alipay-native/package.json
+++ b/packages/connectors/connector-alipay-native/package.json
@@ -10,7 +10,7 @@
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^26.0.0",
diff --git a/packages/connectors/connector-alipay-web/package.json b/packages/connectors/connector-alipay-web/package.json
index 076666999a0c..5e563347dda1 100644
--- a/packages/connectors/connector-alipay-web/package.json
+++ b/packages/connectors/connector-alipay-web/package.json
@@ -9,7 +9,7 @@
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^26.0.0",
diff --git a/packages/connectors/connector-aliyun-dm/package.json b/packages/connectors/connector-aliyun-dm/package.json
index 1304c1ecd0df..2c99f154cf02 100644
--- a/packages/connectors/connector-aliyun-dm/package.json
+++ b/packages/connectors/connector-aliyun-dm/package.json
@@ -7,7 +7,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-aliyun-sms/package.json b/packages/connectors/connector-aliyun-sms/package.json
index 408917679e9f..eafcec10a69f 100644
--- a/packages/connectors/connector-aliyun-sms/package.json
+++ b/packages/connectors/connector-aliyun-sms/package.json
@@ -7,7 +7,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-apple/package.json b/packages/connectors/connector-apple/package.json
index 4a71c704f13d..3a14101d7be2 100644
--- a/packages/connectors/connector-apple/package.json
+++ b/packages/connectors/connector-apple/package.json
@@ -9,7 +9,7 @@
     "got": "^14.0.0",
     "jose": "^5.6.3",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-aws-ses/package.json b/packages/connectors/connector-aws-ses/package.json
index ee69073596a3..cf9af03a2ab6 100644
--- a/packages/connectors/connector-aws-ses/package.json
+++ b/packages/connectors/connector-aws-ses/package.json
@@ -10,7 +10,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-azuread/package.json b/packages/connectors/connector-azuread/package.json
index cbb02ed66d76..473ecb02f606 100644
--- a/packages/connectors/connector-azuread/package.json
+++ b/packages/connectors/connector-azuread/package.json
@@ -9,7 +9,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-dingtalk-web/package.json b/packages/connectors/connector-dingtalk-web/package.json
index 4b0724e4055e..18649dcf635d 100644
--- a/packages/connectors/connector-dingtalk-web/package.json
+++ b/packages/connectors/connector-dingtalk-web/package.json
@@ -9,7 +9,7 @@
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^26.0.0",
diff --git a/packages/connectors/connector-discord/package.json b/packages/connectors/connector-discord/package.json
index 31f71d801d26..86db3fc3486a 100644
--- a/packages/connectors/connector-discord/package.json
+++ b/packages/connectors/connector-discord/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-facebook/package.json b/packages/connectors/connector-facebook/package.json
index 6cced17415bc..ce27ef1646c6 100644
--- a/packages/connectors/connector-facebook/package.json
+++ b/packages/connectors/connector-facebook/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-feishu-web/package.json b/packages/connectors/connector-feishu-web/package.json
index 29439aacbb43..0bde995cbdc8 100644
--- a/packages/connectors/connector-feishu-web/package.json
+++ b/packages/connectors/connector-feishu-web/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-github/package.json b/packages/connectors/connector-github/package.json
index e16618dde5fa..c5693f5f83b6 100644
--- a/packages/connectors/connector-github/package.json
+++ b/packages/connectors/connector-github/package.json
@@ -9,7 +9,7 @@
     "ky": "^1.2.3",
     "query-string": "^9.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-google/package.json b/packages/connectors/connector-google/package.json
index 0e1ef23eb64b..014771a3c7b4 100644
--- a/packages/connectors/connector-google/package.json
+++ b/packages/connectors/connector-google/package.json
@@ -9,7 +9,7 @@
     "got": "^14.0.0",
     "jose": "^5.6.3",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-huggingface/package.json b/packages/connectors/connector-huggingface/package.json
index b87196f02f6b..2abcbe5ff5bb 100644
--- a/packages/connectors/connector-huggingface/package.json
+++ b/packages/connectors/connector-huggingface/package.json
@@ -8,7 +8,7 @@
     "@logto/connector-oauth": "workspace:^1.3.1",
     "@silverhand/essentials": "^2.9.1",
     "ky": "^1.2.3",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-kakao/package.json b/packages/connectors/connector-kakao/package.json
index 5a30d189702b..117f9f957826 100644
--- a/packages/connectors/connector-kakao/package.json
+++ b/packages/connectors/connector-kakao/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index 925df9aa414f..880eacea9483 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-logto-sms/package.json b/packages/connectors/connector-logto-sms/package.json
index bcec96f2bed5..bc84b6c8ebcf 100644
--- a/packages/connectors/connector-logto-sms/package.json
+++ b/packages/connectors/connector-logto-sms/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-logto-social-demo/package.json b/packages/connectors/connector-logto-social-demo/package.json
index 05764d0dfae4..b730cbe7eca2 100644
--- a/packages/connectors/connector-logto-social-demo/package.json
+++ b/packages/connectors/connector-logto-social-demo/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-mailgun/package.json b/packages/connectors/connector-mailgun/package.json
index d4d9cd80fe7c..405a50119934 100644
--- a/packages/connectors/connector-mailgun/package.json
+++ b/packages/connectors/connector-mailgun/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-mock-email-alternative/package.json b/packages/connectors/connector-mock-email-alternative/package.json
index 8eb74883a516..ac83e91b0435 100644
--- a/packages/connectors/connector-mock-email-alternative/package.json
+++ b/packages/connectors/connector-mock-email-alternative/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "scripts": {
     "precommit": "lint-staged",
diff --git a/packages/connectors/connector-mock-email/package.json b/packages/connectors/connector-mock-email/package.json
index 6320c05c110c..3780931281b0 100644
--- a/packages/connectors/connector-mock-email/package.json
+++ b/packages/connectors/connector-mock-email/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "scripts": {
     "precommit": "lint-staged",
diff --git a/packages/connectors/connector-mock-sms/package.json b/packages/connectors/connector-mock-sms/package.json
index d1ca73d047f2..0601596e0e5f 100644
--- a/packages/connectors/connector-mock-sms/package.json
+++ b/packages/connectors/connector-mock-sms/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "scripts": {
     "precommit": "lint-staged",
diff --git a/packages/connectors/connector-mock-social/package.json b/packages/connectors/connector-mock-social/package.json
index 205147858a52..a74df4b407a2 100644
--- a/packages/connectors/connector-mock-social/package.json
+++ b/packages/connectors/connector-mock-social/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "scripts": {
     "precommit": "lint-staged",
diff --git a/packages/connectors/connector-naver/package.json b/packages/connectors/connector-naver/package.json
index 565e5140aae3..e3abd3f5ae30 100644
--- a/packages/connectors/connector-naver/package.json
+++ b/packages/connectors/connector-naver/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-oauth2/package.json b/packages/connectors/connector-oauth2/package.json
index db885246476a..c55cc1b6be9c 100644
--- a/packages/connectors/connector-oauth2/package.json
+++ b/packages/connectors/connector-oauth2/package.json
@@ -11,7 +11,7 @@
     "ky": "^1.2.3",
     "query-string": "^9.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-oidc/package.json b/packages/connectors/connector-oidc/package.json
index 85c97e3f23e6..5a78b4c73c97 100644
--- a/packages/connectors/connector-oidc/package.json
+++ b/packages/connectors/connector-oidc/package.json
@@ -11,7 +11,7 @@
     "ky": "^1.2.3",
     "nanoid": "^5.0.1",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-saml/package.json b/packages/connectors/connector-saml/package.json
index ffd5649c899c..81229f661dcb 100644
--- a/packages/connectors/connector-saml/package.json
+++ b/packages/connectors/connector-saml/package.json
@@ -10,7 +10,7 @@
     "got": "^14.0.0",
     "samlify": "2.8.11",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-sendgrid-email/package.json b/packages/connectors/connector-sendgrid-email/package.json
index 9aa6191625d3..fd484dbb9744 100644
--- a/packages/connectors/connector-sendgrid-email/package.json
+++ b/packages/connectors/connector-sendgrid-email/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-smsaero/package.json b/packages/connectors/connector-smsaero/package.json
index 5756aa8836af..ff86413d4cb4 100644
--- a/packages/connectors/connector-smsaero/package.json
+++ b/packages/connectors/connector-smsaero/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-smtp/package.json b/packages/connectors/connector-smtp/package.json
index b626bf815bbd..63e5289f2aac 100644
--- a/packages/connectors/connector-smtp/package.json
+++ b/packages/connectors/connector-smtp/package.json
@@ -9,7 +9,7 @@
     "got": "^14.0.0",
     "nodemailer": "^6.9.9",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^26.0.0",
diff --git a/packages/connectors/connector-tencent-sms/package.json b/packages/connectors/connector-tencent-sms/package.json
index 49678b1a59fb..3a838cb2662d 100644
--- a/packages/connectors/connector-tencent-sms/package.json
+++ b/packages/connectors/connector-tencent-sms/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-twilio-sms/package.json b/packages/connectors/connector-twilio-sms/package.json
index 3964f6ac8630..91baf1c68eb8 100644
--- a/packages/connectors/connector-twilio-sms/package.json
+++ b/packages/connectors/connector-twilio-sms/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-wechat-native/package.json b/packages/connectors/connector-wechat-native/package.json
index 77b0e1f98323..b4722f44e959 100644
--- a/packages/connectors/connector-wechat-native/package.json
+++ b/packages/connectors/connector-wechat-native/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-wechat-web/package.json b/packages/connectors/connector-wechat-web/package.json
index 6a7908efa566..5c47c436e1e6 100644
--- a/packages/connectors/connector-wechat-web/package.json
+++ b/packages/connectors/connector-wechat-web/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-wecom/package.json b/packages/connectors/connector-wecom/package.json
index ba26fbc621e9..f25b6d2b39af 100644
--- a/packages/connectors/connector-wecom/package.json
+++ b/packages/connectors/connector-wecom/package.json
@@ -8,7 +8,7 @@
     "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/console/package.json b/packages/console/package.json
index 1049dc20d665..83eed75a5be5 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -124,7 +124,7 @@
     "ts-node": "^10.9.2",
     "tslib": "^2.4.1",
     "typescript": "^5.3.3",
-    "zod": "^3.22.4",
+    "zod": "^3.23.8",
     "zod-to-ts": "^1.2.0"
   },
   "engines": {
diff --git a/packages/core/package.json b/packages/core/package.json
index 05cbc87fffa4..e6eecbcd404e 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -90,7 +90,7 @@
     "semver": "^7.3.8",
     "snake-case": "^4.0.0",
     "snakecase-keys": "^8.0.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@logto/cloud": "0.2.5-3046fa6",
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index 7f989910854e..0546f88f802a 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -47,7 +47,7 @@
     "react-i18next": "^12.3.1",
     "stylelint": "^15.0.0",
     "typescript": "^5.3.3",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/experience/package.json b/packages/experience/package.json
index 72481759defb..46146440b16d 100644
--- a/packages/experience/package.json
+++ b/packages/experience/package.json
@@ -90,7 +90,7 @@
     "tiny-cookie": "^2.4.1",
     "typescript": "^5.3.3",
     "use-debounced-loader": "^0.1.1",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/integration-tests/package.json b/packages/integration-tests/package.json
index 984fb7eed068..649d8264d7e6 100644
--- a/packages/integration-tests/package.json
+++ b/packages/integration-tests/package.json
@@ -48,7 +48,7 @@
     "prettier": "^3.0.0",
     "puppeteer": "^22.6.5",
     "typescript": "^5.3.3",
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/phrases-experience/package.json b/packages/phrases-experience/package.json
index 9bf7ce13a4ed..2d3355421a84 100644
--- a/packages/phrases-experience/package.json
+++ b/packages/phrases-experience/package.json
@@ -38,7 +38,7 @@
     "@silverhand/essentials": "^2.9.1"
   },
   "peerDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
diff --git a/packages/phrases/package.json b/packages/phrases/package.json
index 8d4963278dfd..dad5dab76b19 100644
--- a/packages/phrases/package.json
+++ b/packages/phrases/package.json
@@ -37,7 +37,7 @@
     "@silverhand/essentials": "^2.9.1"
   },
   "peerDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
diff --git a/packages/schemas/package.json b/packages/schemas/package.json
index 173a793f88e4..457d271dc0a0 100644
--- a/packages/schemas/package.json
+++ b/packages/schemas/package.json
@@ -88,6 +88,6 @@
     "nanoid": "^5.0.1"
   },
   "peerDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   }
 }
diff --git a/packages/toolkit/connector-kit/package.json b/packages/toolkit/connector-kit/package.json
index 08deba5cb1be..39c61e1b0aec 100644
--- a/packages/toolkit/connector-kit/package.json
+++ b/packages/toolkit/connector-kit/package.json
@@ -40,7 +40,7 @@
     "@withtyped/server": "^0.13.6"
   },
   "optionalDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
diff --git a/packages/toolkit/core-kit/package.json b/packages/toolkit/core-kit/package.json
index cf8118822aa0..38b0b78f11a6 100644
--- a/packages/toolkit/core-kit/package.json
+++ b/packages/toolkit/core-kit/package.json
@@ -51,7 +51,7 @@
     "color": "^4.2.3"
   },
   "optionalDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
diff --git a/packages/toolkit/language-kit/package.json b/packages/toolkit/language-kit/package.json
index 631d95327352..d218eeefb73d 100644
--- a/packages/toolkit/language-kit/package.json
+++ b/packages/toolkit/language-kit/package.json
@@ -33,7 +33,7 @@
     "node": "^20.9.0"
   },
   "optionalDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 9de320e453e5..81178076f66b 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -161,8 +161,8 @@ importers:
         specifier: ^17.6.0
         version: 17.6.0
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -193,7 +193,7 @@ importers:
         version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       '@withtyped/server':
         specifier: ^0.13.6
-        version: 0.13.6(zod@3.22.4)
+        version: 0.13.6(zod@3.23.8)
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -231,8 +231,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -313,8 +313,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -389,8 +389,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -462,8 +462,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -541,8 +541,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -620,8 +620,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -696,8 +696,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -775,8 +775,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -851,8 +851,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -924,8 +924,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -997,8 +997,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1073,8 +1073,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1149,8 +1149,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1222,8 +1222,8 @@ importers:
         specifier: ^1.2.3
         version: 1.2.3
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1295,8 +1295,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1368,12 +1368,12 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@logto/cloud':
         specifier: 0.2.5-a7eedce
-        version: 0.2.5-a7eedce(zod@3.22.4)
+        version: 0.2.5-a7eedce(zod@3.23.8)
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
         version: 26.0.1(rollup@4.12.0)
@@ -1444,8 +1444,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1517,8 +1517,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1590,8 +1590,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1663,8 +1663,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1736,8 +1736,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1809,8 +1809,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1882,8 +1882,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -1955,8 +1955,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2037,8 +2037,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2122,8 +2122,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2201,8 +2201,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2274,8 +2274,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2347,8 +2347,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2423,8 +2423,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2499,8 +2499,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2572,8 +2572,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2645,8 +2645,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2718,8 +2718,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2791,8 +2791,8 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
@@ -2859,7 +2859,7 @@ importers:
         version: 29.5.0
       '@logto/cloud':
         specifier: 0.2.5-a7eedce
-        version: 0.2.5-a7eedce(zod@3.22.4)
+        version: 0.2.5-a7eedce(zod@3.23.8)
       '@logto/connector-kit':
         specifier: workspace:^4.0.0
         version: link:../toolkit/connector-kit
@@ -2964,7 +2964,7 @@ importers:
         version: 15.5.1
       '@withtyped/client':
         specifier: ^0.8.7
-        version: 0.8.7(zod@3.22.4)
+        version: 0.8.7(zod@3.23.8)
       buffer:
         specifier: ^6.0.0
         version: 6.0.3
@@ -3149,11 +3149,11 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
       zod-to-ts:
         specifier: ^1.2.0
-        version: 1.2.0(typescript@5.3.3)(zod@3.22.4)
+        version: 1.2.0(typescript@5.3.3)(zod@3.23.8)
 
   packages/core:
     dependencies:
@@ -3222,7 +3222,7 @@ importers:
         version: 10.0.0
       '@withtyped/client':
         specifier: ^0.8.7
-        version: 0.8.7(zod@3.22.4)
+        version: 0.8.7(zod@3.23.8)
       camelcase:
         specifier: ^8.0.0
         version: 8.0.0
@@ -3353,12 +3353,12 @@ importers:
         specifier: ^8.0.1
         version: 8.0.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@logto/cloud':
         specifier: 0.2.5-3046fa6
-        version: 0.2.5-3046fa6(zod@3.22.4)
+        version: 0.2.5-3046fa6(zod@3.23.8)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
@@ -3546,8 +3546,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
 
   packages/experience:
     devDependencies:
@@ -3762,8 +3762,8 @@ importers:
         specifier: ^0.1.1
         version: 0.1.1(react@18.2.0)
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
 
   packages/integration-tests:
     dependencies:
@@ -3853,8 +3853,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
 
   packages/phrases:
     dependencies:
@@ -3865,8 +3865,8 @@ importers:
         specifier: ^2.9.1
         version: 2.9.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -3899,8 +3899,8 @@ importers:
         specifier: ^2.9.1
         version: 2.9.1
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -3946,13 +3946,13 @@ importers:
         version: link:../shared
       '@withtyped/server':
         specifier: ^0.13.6
-        version: 0.13.6(zod@3.22.4)
+        version: 0.13.6(zod@3.23.8)
       nanoid:
         specifier: ^5.0.1
         version: 5.0.7
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -4065,14 +4065,14 @@ importers:
         version: 2.9.1
       '@withtyped/client':
         specifier: ^0.8.7
-        version: 0.8.7(zod@3.22.4)
+        version: 0.8.7(zod@3.23.8)
       '@withtyped/server':
         specifier: ^0.13.6
-        version: 0.13.6(zod@3.22.4)
+        version: 0.13.6(zod@3.23.8)
     optionalDependencies:
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -4118,8 +4118,8 @@ importers:
         version: 4.2.3
     optionalDependencies:
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -4170,8 +4170,8 @@ importers:
   packages/toolkit/language-kit:
     optionalDependencies:
       zod:
-        specifier: ^3.22.4
-        version: 3.22.4
+        specifier: ^3.23.8
+        version: 3.23.8
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
@@ -13165,6 +13165,9 @@ packages:
   zod@3.22.4:
     resolution: {integrity: sha512-iC+8Io04lddc+mVqQ9AZ7OQ2MrUKGN+oIQyq1vemgt46jwCwLfhq7/pwnBnNXXXZb8VTVLKwp9EDkx+ryxIWmg==}
 
+  zod@3.23.8:
+    resolution: {integrity: sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==}
+
   zwitch@2.0.2:
     resolution: {integrity: sha512-JZxotl7SxAJH0j7dN4pxsTV6ZLXoLdGME+PsjkL/DaBrVryK9kTGq06GfKrwcSOqypP+fdXGoCHE36b99fWVoA==}
 
@@ -14882,17 +14885,17 @@ snapshots:
       camelcase-keys: 7.0.2
       jose: 5.6.3
 
-  '@logto/cloud@0.2.5-3046fa6(zod@3.22.4)':
+  '@logto/cloud@0.2.5-3046fa6(zod@3.23.8)':
     dependencies:
       '@silverhand/essentials': 2.9.1
-      '@withtyped/server': 0.13.6(zod@3.22.4)
+      '@withtyped/server': 0.13.6(zod@3.23.8)
     transitivePeerDependencies:
       - zod
 
-  '@logto/cloud@0.2.5-a7eedce(zod@3.22.4)':
+  '@logto/cloud@0.2.5-a7eedce(zod@3.23.8)':
     dependencies:
       '@silverhand/essentials': 2.9.1
-      '@withtyped/server': 0.13.6(zod@3.22.4)
+      '@withtyped/server': 0.13.6(zod@3.23.8)
     transitivePeerDependencies:
       - zod
 
@@ -15951,10 +15954,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -17134,19 +17137,19 @@ snapshots:
       loupe: 2.3.7
       pretty-format: 29.7.0
 
-  '@withtyped/client@0.8.7(zod@3.22.4)':
+  '@withtyped/client@0.8.7(zod@3.23.8)':
     dependencies:
-      '@withtyped/server': 0.13.6(zod@3.22.4)
+      '@withtyped/server': 0.13.6(zod@3.23.8)
       '@withtyped/shared': 0.2.2
     transitivePeerDependencies:
       - zod
 
-  '@withtyped/server@0.13.6(zod@3.22.4)':
+  '@withtyped/server@0.13.6(zod@3.23.8)':
     dependencies:
       '@silverhand/essentials': 2.9.1
       '@withtyped/shared': 0.2.2
       nanoid: 4.0.2
-      zod: 3.22.4
+      zod: 3.23.8
 
   '@withtyped/shared@0.2.2': {}
 
@@ -18782,13 +18785,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18799,14 +18802,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18828,7 +18831,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18838,7 +18841,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -20960,7 +20963,7 @@ snapshots:
       '@types/koa': 2.15.0
       co-body: 6.1.0
       formidable: 3.5.1
-      zod: 3.22.4
+      zod: 3.23.8
 
   koa-compose@4.1.0: {}
 
@@ -24954,11 +24957,13 @@ snapshots:
 
   yocto-queue@1.1.1: {}
 
-  zod-to-ts@1.2.0(typescript@5.3.3)(zod@3.22.4):
+  zod-to-ts@1.2.0(typescript@5.3.3)(zod@3.23.8):
     dependencies:
       typescript: 5.3.3
-      zod: 3.22.4
+      zod: 3.23.8
 
   zod@3.22.4: {}
 
+  zod@3.23.8: {}
+
   zwitch@2.0.2: {}

From 6bf3bebb4066e47a939c65b7e95476cc08e2075d Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 12 Jul 2024 21:51:10 +0800
Subject: [PATCH 011/135] feat(experience): support loading state for buttons
 (#6232)

---
 .../src/assets/icons/loading-ring.svg         |  3 ++
 .../Button/RotatingRingIcon.module.scss       | 14 ++++++++
 .../components/Button/RotatingRingIcon.tsx    |  7 ++++
 .../Button/SocialLinkButton.module.scss       |  9 +++++
 .../components/Button/SocialLinkButton.tsx    | 24 +++++++++++--
 .../src/components/Button/index.module.scss   | 34 +++++++++++++++----
 .../src/components/Button/index.tsx           | 22 +++++++++---
 packages/experience/src/scss/_colors.scss     |  1 +
 8 files changed, 101 insertions(+), 13 deletions(-)
 create mode 100644 packages/experience/src/assets/icons/loading-ring.svg
 create mode 100644 packages/experience/src/components/Button/RotatingRingIcon.module.scss
 create mode 100644 packages/experience/src/components/Button/RotatingRingIcon.tsx

diff --git a/packages/experience/src/assets/icons/loading-ring.svg b/packages/experience/src/assets/icons/loading-ring.svg
new file mode 100644
index 000000000000..6e05dc9be5b0
--- /dev/null
+++ b/packages/experience/src/assets/icons/loading-ring.svg
@@ -0,0 +1,3 @@
+<svg width="21" height="20" viewBox="0 0 21 20" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M11.8357 16.8714C11.941 17.4135 11.5865 17.9451 11.0355 17.9821C9.9048 18.0579 8.7669 17.8929 7.69834 17.4934C6.31639 16.9767 5.10425 16.0879 4.19591 14.9253C3.28758 13.7627 2.71844 12.3715 2.55143 10.9056C2.38441 9.43973 2.62602 7.9562 3.24954 6.61905C3.87306 5.28191 4.85421 4.14323 6.0845 3.32891C7.3148 2.5146 8.74632 2.05636 10.2208 2.00487C11.6953 1.95338 13.1553 2.31064 14.4394 3.03715C15.4323 3.59891 16.2901 4.36452 16.9588 5.27942C17.2847 5.72531 17.1054 6.33858 16.6223 6.60633C16.1393 6.87408 15.5366 6.69278 15.1924 6.26086C14.7154 5.66218 14.1262 5.15785 13.4545 4.77787C12.4915 4.23298 11.3965 3.96504 10.2906 4.00366C9.18474 4.04227 8.1111 4.38595 7.18838 4.99669C6.26565 5.60742 5.52979 6.46143 5.06215 7.46429C4.59451 8.46715 4.41331 9.5798 4.53857 10.6792C4.66383 11.7786 5.09069 12.822 5.77194 13.694C6.45319 14.5659 7.3623 15.2325 8.39876 15.62C9.12154 15.8903 9.88663 16.0175 10.6519 15.9981C11.204 15.9841 11.7303 16.3293 11.8357 16.8714Z" fill="currentColor"/>
+</svg>
diff --git a/packages/experience/src/components/Button/RotatingRingIcon.module.scss b/packages/experience/src/components/Button/RotatingRingIcon.module.scss
new file mode 100644
index 000000000000..a2af2a979953
--- /dev/null
+++ b/packages/experience/src/components/Button/RotatingRingIcon.module.scss
@@ -0,0 +1,14 @@
+.icon {
+  animation: rotating 1s linear infinite;
+}
+
+
+@keyframes rotating {
+  from {
+    transform: rotate(0deg);
+  }
+
+  to {
+    transform: rotate(360deg);
+  }
+}
diff --git a/packages/experience/src/components/Button/RotatingRingIcon.tsx b/packages/experience/src/components/Button/RotatingRingIcon.tsx
new file mode 100644
index 000000000000..ef29529fedad
--- /dev/null
+++ b/packages/experience/src/components/Button/RotatingRingIcon.tsx
@@ -0,0 +1,7 @@
+import Ring from '@/assets/icons/loading-ring.svg';
+
+import * as RotatingRingIconStyles from './RotatingRingIcon.module.scss';
+
+const RotatingRingIcon = () => <Ring className={RotatingRingIconStyles.icon} />;
+
+export default RotatingRingIcon;
diff --git a/packages/experience/src/components/Button/SocialLinkButton.module.scss b/packages/experience/src/components/Button/SocialLinkButton.module.scss
index aeb4c59da541..8ae94cfe7581 100644
--- a/packages/experience/src/components/Button/SocialLinkButton.module.scss
+++ b/packages/experience/src/components/Button/SocialLinkButton.module.scss
@@ -12,6 +12,15 @@
   overflow: hidden;
 }
 
+.loadingIcon {
+  display: block;
+  // To avoid the layout shift, add padding manually (keep the same size as the icon)
+  padding: 0 1.5px;
+  color: var(--color-brand-70);
+  font-size: 0;
+  line-height: normal;
+}
+
 .name {
   flex: 1;
   overflow: hidden;
diff --git a/packages/experience/src/components/Button/SocialLinkButton.tsx b/packages/experience/src/components/Button/SocialLinkButton.tsx
index 0b732ed8ed37..ddfec56613be 100644
--- a/packages/experience/src/components/Button/SocialLinkButton.tsx
+++ b/packages/experience/src/components/Button/SocialLinkButton.tsx
@@ -1,11 +1,14 @@
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
+import { useDebouncedLoader } from 'use-debounced-loader';
 
+import RotatingRingIcon from './RotatingRingIcon';
 import * as socialLinkButtonStyles from './SocialLinkButton.module.scss';
 import * as styles from './index.module.scss';
 
 export type Props = {
   readonly isDisabled?: boolean;
+  readonly isLoading?: boolean;
   readonly className?: string;
   readonly target: string;
   readonly logo: string;
@@ -13,7 +16,15 @@ export type Props = {
   readonly onClick?: () => void;
 };
 
-const SocialLinkButton = ({ isDisabled, className, target, name, logo, onClick }: Props) => {
+const SocialLinkButton = ({
+  isDisabled,
+  isLoading = false,
+  className,
+  target,
+  name,
+  logo,
+  onClick,
+}: Props) => {
   const {
     t,
     i18n: { language },
@@ -21,6 +32,8 @@ const SocialLinkButton = ({ isDisabled, className, target, name, logo, onClick }
 
   const localName = name[language] ?? name.en;
 
+  const isLoadingActive = useDebouncedLoader(isLoading, 300);
+
   return (
     <button
       disabled={isDisabled}
@@ -29,13 +42,13 @@ const SocialLinkButton = ({ isDisabled, className, target, name, logo, onClick }
         styles.secondary,
         styles.large,
         socialLinkButtonStyles.socialButton,
-        isDisabled && styles.disabled,
+        (isDisabled ?? isLoadingActive) && styles.disabled,
         className
       )}
       type="button"
       onClick={onClick}
     >
-      {logo && (
+      {logo && !isLoadingActive && (
         <img
           src={logo}
           alt={target}
@@ -43,6 +56,11 @@ const SocialLinkButton = ({ isDisabled, className, target, name, logo, onClick }
           crossOrigin="anonymous"
         />
       )}
+      {isLoadingActive && (
+        <span className={socialLinkButtonStyles.loadingIcon}>
+          <RotatingRingIcon />
+        </span>
+      )}
       <div className={socialLinkButtonStyles.name}>
         <div className={socialLinkButtonStyles.placeHolder} />
         <span>{t('action.sign_in_with', { name: localName })}</span>
diff --git a/packages/experience/src/components/Button/index.module.scss b/packages/experience/src/components/Button/index.module.scss
index 67993f96cca8..ed47d52953d3 100644
--- a/packages/experience/src/components/Button/index.module.scss
+++ b/packages/experience/src/components/Button/index.module.scss
@@ -16,10 +16,28 @@
   user-select: none;
   overflow: hidden;
 
-  .icon {
-    font-size: 0;
-    line-height: normal;
-    margin-right: _.unit(2);
+  .content {
+    position: relative;
+    transition: padding-left 0.2s ease;
+
+    .icon {
+      font-size: 0;
+      line-height: normal;
+      position: absolute;
+      pointer-events: none;
+      left: 0;
+      opacity: 0%;
+      transition: opacity 0.2s ease;
+    }
+
+    &.iconVisible {
+      padding-left: _.unit(7);
+
+      .icon {
+        left: 0;
+        opacity: 100%;
+      }
+    }
   }
 }
 
@@ -45,6 +63,10 @@
   &:active {
     background: var(--color-brand-pressed);
   }
+
+  &.loading {
+    background-color: var(--color-brand-70);
+  }
 }
 
 .secondary {
@@ -74,7 +96,7 @@
       outline: 3px solid var(--color-overlay-brand-focused);
     }
 
-    &:not(:disabled):not(:active):hover {
+    &:not(:disabled):not(:active):not(.loading):hover {
       background: var(--color-brand-hover);
     }
   }
@@ -84,7 +106,7 @@
       outline: 3px solid var(--color-overlay-neutral-focused);
     }
 
-    &:not(:disabled):not(:active):hover {
+    &:not(:disabled):not(:active):not(.loading):hover {
       background: var(--color-overlay-neutral-hover);
     }
   }
diff --git a/packages/experience/src/components/Button/index.tsx b/packages/experience/src/components/Button/index.tsx
index 54419897575d..2166df5c7452 100644
--- a/packages/experience/src/components/Button/index.tsx
+++ b/packages/experience/src/components/Button/index.tsx
@@ -1,9 +1,11 @@
 import classNames from 'classnames';
 import type { TFuncKey } from 'i18next';
-import type { HTMLProps } from 'react';
+import { type HTMLProps } from 'react';
+import { useDebouncedLoader } from 'use-debounced-loader';
 
 import DynamicT from '../DynamicT';
 
+import RotatingRingIcon from './RotatingRingIcon';
 import * as styles from './index.module.scss';
 
 export type ButtonType = 'primary' | 'secondary';
@@ -13,6 +15,7 @@ type BaseProps = Omit<HTMLProps<HTMLButtonElement>, 'type' | 'size' | 'title'> &
   readonly type?: ButtonType;
   readonly size?: 'small' | 'large';
   readonly isDisabled?: boolean;
+  readonly isLoading?: boolean;
   readonly className?: string;
   readonly onClick?: React.MouseEventHandler;
 };
@@ -31,10 +34,13 @@ const Button = ({
   i18nProps,
   className,
   isDisabled = false,
+  isLoading = false,
   icon,
   onClick,
   ...rest
 }: Props) => {
+  const isLoadingActive = useDebouncedLoader(isLoading, 300);
+
   return (
     <button
       disabled={isDisabled}
@@ -42,15 +48,23 @@ const Button = ({
         styles.button,
         styles[type],
         styles[size],
-        isDisabled && styles.isDisabled,
+        isDisabled && styles.disabled,
+        isLoadingActive && styles.loading,
         className
       )}
       type={htmlType}
       onClick={onClick}
       {...rest}
     >
-      {icon && <span className={styles.icon}>{icon}</span>}
-      <DynamicT forKey={title} interpolation={i18nProps} />
+      <span
+        className={classNames(
+          styles.content,
+          (isLoadingActive || Boolean(icon)) && styles.iconVisible
+        )}
+      >
+        <span className={styles.icon}>{isLoadingActive ? <RotatingRingIcon /> : icon}</span>
+        <DynamicT forKey={title} interpolation={i18nProps} />
+      </span>
     </button>
   );
 };
diff --git a/packages/experience/src/scss/_colors.scss b/packages/experience/src/scss/_colors.scss
index b1d1e4b0080e..2952cb3918fa 100644
--- a/packages/experience/src/scss/_colors.scss
+++ b/packages/experience/src/scss/_colors.scss
@@ -38,6 +38,7 @@
   --color-brand-30: #4300da;
   --color-brand-40: #5d34f2;
   --color-brand-50: #7958ff;
+  --color-brand-70: #af9eff;
 
   --color-alert-60: #ca8000;
   --color-alert-70: #eb9918;

From f96277b41088769a492b540b419ed8fb90f8579a Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sat, 13 Jul 2024 21:30:35 +0800
Subject: [PATCH 012/135] refactor: patch type issues

---
 packages/core/src/oidc/utils.ts                   | 15 +++++++++++----
 .../src/routes/logto-config/jwt-customizer.ts     |  3 ++-
 packages/core/src/utils/SchemaRouter.ts           |  5 ++++-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/packages/core/src/oidc/utils.ts b/packages/core/src/oidc/utils.ts
index f25a4c323f6f..83c4e5f01b17 100644
--- a/packages/core/src/oidc/utils.ts
+++ b/packages/core/src/oidc/utils.ts
@@ -55,12 +55,19 @@ export const buildOidcClientMetadata = (metadata?: OidcClientMetadata): OidcClie
   ...metadata,
 });
 
-export const validateCustomClientMetadata = (key: string, value: unknown) => {
-  const result = customClientMetadataGuard.pick({ [key]: true }).safeParse({ [key]: value });
+// eslint-disable-next-line @typescript-eslint/ban-types
+const isKeyOf = <T extends object>(object: T, key: string | number | symbol): key is keyof T =>
+  key in object;
 
-  if (!result.success) {
-    throw new errors.InvalidClientMetadata(key);
+export const validateCustomClientMetadata = (key: string, value: unknown) => {
+  if (isKeyOf(customClientMetadataGuard.shape, key)) {
+    const result = customClientMetadataGuard.shape[key].safeParse(value);
+    if (result.success) {
+      return;
+    }
   }
+
+  throw new errors.InvalidClientMetadata(key);
 };
 
 export const isOriginAllowed = (
diff --git a/packages/core/src/routes/logto-config/jwt-customizer.ts b/packages/core/src/routes/logto-config/jwt-customizer.ts
index 43ae020e530e..437601a0af40 100644
--- a/packages/core/src/routes/logto-config/jwt-customizer.ts
+++ b/packages/core/src/routes/logto-config/jwt-customizer.ts
@@ -8,6 +8,7 @@ import {
   jwtCustomizerConfigsGuard,
   jwtCustomizerTestRequestBodyGuard,
 } from '@logto/schemas';
+import { removeUndefinedKeys } from '@silverhand/essentials';
 import { ResponseError } from '@withtyped/client';
 import { ZodError, z } from 'zod';
 
@@ -236,7 +237,7 @@ export default function logtoConfigJwtCustomizerRoutes<T extends ManagementApiRo
             search: { isTest: 'true' },
           });
         } else {
-          ctx.body = await JwtCustomizerLibrary.runScriptInLocalVm(body);
+          ctx.body = removeUndefinedKeys(await JwtCustomizerLibrary.runScriptInLocalVm(body));
         }
       } catch (error: unknown) {
         /**
diff --git a/packages/core/src/utils/SchemaRouter.ts b/packages/core/src/utils/SchemaRouter.ts
index 8bee8fd839ea..520758c93079 100644
--- a/packages/core/src/utils/SchemaRouter.ts
+++ b/packages/core/src/utils/SchemaRouter.ts
@@ -286,7 +286,9 @@ export default class SchemaRouter<
     this.delete(
       `/:id/${pathname}/:${camelCaseSchemaId(relationSchema)}`,
       koaGuard({
-        params: z.object({ id: z.string().min(1), [relationSchemaId]: z.string().min(1) }),
+        params: z
+          .object({ id: z.string().min(1) })
+          .extend({ [relationSchemaId]: z.string().min(1) }),
         status: [204, 422],
       }),
       async (ctx, next) => {
@@ -337,6 +339,7 @@ export default class SchemaRouter<
       this.post(
         '/',
         koaGuard({
+          // @ts-expect-error -- `.omit()` doesn't play well with generics
           body: schema.createGuard.omit({ id: true }),
           response: entityGuard ?? schema.guard,
           status: [201], // TODO: 409/422 for conflict?

From 62f5e5e0caef590acd49d243875f9937817ecbbb Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 14 Jul 2024 17:42:55 +0800
Subject: [PATCH 013/135] chore: add changesets (#6239)

---
 .changeset/polite-plums-tease.md  | 12 ++++++++++++
 .changeset/swift-stingrays-tap.md |  9 +++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 .changeset/polite-plums-tease.md
 create mode 100644 .changeset/swift-stingrays-tap.md

diff --git a/.changeset/polite-plums-tease.md b/.changeset/polite-plums-tease.md
new file mode 100644
index 000000000000..540584ea057a
--- /dev/null
+++ b/.changeset/polite-plums-tease.md
@@ -0,0 +1,12 @@
+---
+"@logto/console": minor
+"@logto/core": minor
+"@logto/experience": minor
+"@logto/integration-tests": patch
+---
+
+support app-level branding
+
+You can now set logos, favicons, and colors for your app. These settings will be used in the sign-in experience when the app initiates the authentication flow. For apps that have no branding settings, the omni sign-in experience branding will be used.
+
+If `organization_id` is provided in the authentication request, the app-level branding settings will be overridden by the organization's branding settings, if available.
diff --git a/.changeset/swift-stingrays-tap.md b/.changeset/swift-stingrays-tap.md
new file mode 100644
index 000000000000..55803974cf45
--- /dev/null
+++ b/.changeset/swift-stingrays-tap.md
@@ -0,0 +1,9 @@
+---
+"@logto/console": minor
+"@logto/experience": minor
+"@logto/schemas": minor
+---
+
+support dark favicon
+
+The favicon for the dark theme now can be set in the sign-in experience branding settings.

From f6901f591c20399e0d48edecaa2d6f439753cb98 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 14 Jul 2024 14:58:09 +0000
Subject: [PATCH 014/135] chore(deps): update vitest monorepo to v2 (major)
 (#6202)

* chore(deps): update vitest monorepo to v2

* refactor: remove unused lint ignorings

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gao Sun <gao@silverhand.io>
---
 packages/app-insights/package.json            |   4 +-
 packages/cli/package.json                     |   4 +-
 .../connector-alipay-native/package.json      |   4 +-
 .../connector-alipay-web/package.json         |   4 +-
 .../connector-aliyun-dm/package.json          |   4 +-
 .../src/single-send-mail.test.ts              |   1 -
 .../connector-aliyun-dm/src/utils.test.ts     |   1 -
 .../connector-aliyun-sms/package.json         |   4 +-
 .../src/single-send-text.test.ts              |   1 -
 .../connector-aliyun-sms/src/utils.test.ts    |   1 -
 .../connectors/connector-apple/package.json   |   4 +-
 .../connectors/connector-aws-ses/package.json |   4 +-
 .../connectors/connector-azuread/package.json |   4 +-
 .../connector-dingtalk-web/package.json       |   4 +-
 .../connectors/connector-discord/package.json |   4 +-
 .../connector-facebook/package.json           |   4 +-
 .../connector-feishu-web/package.json         |   4 +-
 .../connectors/connector-github/package.json  |   4 +-
 .../connectors/connector-google/package.json  |   4 +-
 .../connector-huggingface/package.json        |   4 +-
 .../connectors/connector-kakao/package.json   |   4 +-
 .../connector-logto-email/package.json        |   4 +-
 .../connector-logto-sms/package.json          |   4 +-
 .../connector-logto-social-demo/package.json  |   4 +-
 .../connectors/connector-mailgun/package.json |   4 +-
 .../package.json                              |   4 +-
 .../connector-mock-email/package.json         |   4 +-
 .../connector-mock-sms/package.json           |   4 +-
 .../connector-mock-social/package.json        |   4 +-
 .../connectors/connector-naver/package.json   |   4 +-
 .../connectors/connector-oauth2/package.json  |   4 +-
 .../connectors/connector-oidc/package.json    |   4 +-
 .../connectors/connector-saml/package.json    |   4 +-
 .../connector-sendgrid-email/package.json     |   4 +-
 .../connectors/connector-smsaero/package.json |   4 +-
 .../connectors/connector-smtp/package.json    |   4 +-
 .../connector-tencent-sms/package.json        |   4 +-
 .../connector-twilio-sms/package.json         |   4 +-
 .../connector-wechat-native/package.json      |   4 +-
 .../connector-wechat-web/package.json         |   4 +-
 .../connectors/connector-wecom/package.json   |   4 +-
 packages/schemas/package.json                 |   4 +-
 packages/shared/package.json                  |   4 +-
 packages/toolkit/connector-kit/package.json   |   4 +-
 packages/toolkit/core-kit/package.json        |   4 +-
 packages/toolkit/language-kit/package.json    |   4 +-
 pnpm-lock.yaml                                | 833 ++++++++----------
 47 files changed, 453 insertions(+), 552 deletions(-)

diff --git a/packages/app-insights/package.json b/packages/app-insights/package.json
index 8016dc027944..aaaf49c98095 100644
--- a/packages/app-insights/package.json
+++ b/packages/app-insights/package.json
@@ -32,12 +32,12 @@
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.9.5",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/cli/package.json b/packages/cli/package.json
index b8578a3eb0fa..3d66337fda66 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -79,13 +79,13 @@
     "@types/sinon": "^17.0.0",
     "@types/tar": "^6.1.12",
     "@types/yargs": "^17.0.13",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "@withtyped/server": "^0.13.6",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "sinon": "^18.0.0",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand",
diff --git a/packages/connectors/connector-alipay-native/package.json b/packages/connectors/connector-alipay-native/package.json
index 7099bda0ce0b..86412243f315 100644
--- a/packages/connectors/connector-alipay-native/package.json
+++ b/packages/connectors/connector-alipay-native/package.json
@@ -22,7 +22,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -31,7 +31,7 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-alipay-web/package.json b/packages/connectors/connector-alipay-web/package.json
index 10b5095b6b48..9d7b13b70cba 100644
--- a/packages/connectors/connector-alipay-web/package.json
+++ b/packages/connectors/connector-alipay-web/package.json
@@ -21,7 +21,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -30,7 +30,7 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-aliyun-dm/package.json b/packages/connectors/connector-aliyun-dm/package.json
index 59e41ddd8e81..9a76d6849528 100644
--- a/packages/connectors/connector-aliyun-dm/package.json
+++ b/packages/connectors/connector-aliyun-dm/package.json
@@ -59,7 +59,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -68,6 +68,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-aliyun-dm/src/single-send-mail.test.ts b/packages/connectors/connector-aliyun-dm/src/single-send-mail.test.ts
index 1162b5d32104..cf4f13e33db3 100644
--- a/packages/connectors/connector-aliyun-dm/src/single-send-mail.test.ts
+++ b/packages/connectors/connector-aliyun-dm/src/single-send-mail.test.ts
@@ -21,7 +21,6 @@ describe('singleSendMail', () => {
       },
       '<access-key-secret>'
     );
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
     const calledData = request.mock.calls[0];
     expect(calledData).not.toBeUndefined();
     // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
diff --git a/packages/connectors/connector-aliyun-dm/src/utils.test.ts b/packages/connectors/connector-aliyun-dm/src/utils.test.ts
index 24da02e7a882..ac40456fe085 100644
--- a/packages/connectors/connector-aliyun-dm/src/utils.test.ts
+++ b/packages/connectors/connector-aliyun-dm/src/utils.test.ts
@@ -24,7 +24,6 @@ describe('request', () => {
   it('should call got.post with extended params', async () => {
     const parameters = mockedParameters;
     await request('http://test.endpoint.com', parameters, 'testsecret');
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
     const calledData = post.mock.calls[0];
     expect(calledData).not.toBeUndefined();
     const payload = calledData?.[0].form as Record<string, unknown>;
diff --git a/packages/connectors/connector-aliyun-sms/package.json b/packages/connectors/connector-aliyun-sms/package.json
index 9739f43eb75e..a52cce3ac608 100644
--- a/packages/connectors/connector-aliyun-sms/package.json
+++ b/packages/connectors/connector-aliyun-sms/package.json
@@ -59,7 +59,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -68,6 +68,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-aliyun-sms/src/single-send-text.test.ts b/packages/connectors/connector-aliyun-sms/src/single-send-text.test.ts
index ec7da9219648..142628c87c64 100644
--- a/packages/connectors/connector-aliyun-sms/src/single-send-text.test.ts
+++ b/packages/connectors/connector-aliyun-sms/src/single-send-text.test.ts
@@ -20,7 +20,6 @@ describe('sendSms', () => {
       },
       '<access-key-secret>'
     );
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
     const calledData = request.mock.calls[0];
     expect(calledData).not.toBeUndefined();
     // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
diff --git a/packages/connectors/connector-aliyun-sms/src/utils.test.ts b/packages/connectors/connector-aliyun-sms/src/utils.test.ts
index 24da02e7a882..ac40456fe085 100644
--- a/packages/connectors/connector-aliyun-sms/src/utils.test.ts
+++ b/packages/connectors/connector-aliyun-sms/src/utils.test.ts
@@ -24,7 +24,6 @@ describe('request', () => {
   it('should call got.post with extended params', async () => {
     const parameters = mockedParameters;
     await request('http://test.endpoint.com', parameters, 'testsecret');
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
     const calledData = post.mock.calls[0];
     expect(calledData).not.toBeUndefined();
     const payload = calledData?.[0].form as Record<string, unknown>;
diff --git a/packages/connectors/connector-apple/package.json b/packages/connectors/connector-apple/package.json
index 2c11467106bb..43cf7a443cec 100644
--- a/packages/connectors/connector-apple/package.json
+++ b/packages/connectors/connector-apple/package.json
@@ -61,7 +61,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -70,6 +70,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-aws-ses/package.json b/packages/connectors/connector-aws-ses/package.json
index 99f6582e3020..4bf0dce98d14 100644
--- a/packages/connectors/connector-aws-ses/package.json
+++ b/packages/connectors/connector-aws-ses/package.json
@@ -62,7 +62,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -71,6 +71,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-azuread/package.json b/packages/connectors/connector-azuread/package.json
index 773b2da57be4..e4036cd2d881 100644
--- a/packages/connectors/connector-azuread/package.json
+++ b/packages/connectors/connector-azuread/package.json
@@ -61,7 +61,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -70,6 +70,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-dingtalk-web/package.json b/packages/connectors/connector-dingtalk-web/package.json
index d2815d24c294..7b503defa415 100644
--- a/packages/connectors/connector-dingtalk-web/package.json
+++ b/packages/connectors/connector-dingtalk-web/package.json
@@ -21,7 +21,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -30,7 +30,7 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-discord/package.json b/packages/connectors/connector-discord/package.json
index eef708ea75b5..d6e851d07d90 100644
--- a/packages/connectors/connector-discord/package.json
+++ b/packages/connectors/connector-discord/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-facebook/package.json b/packages/connectors/connector-facebook/package.json
index 787adb612c6e..d3ddc5e7b73d 100644
--- a/packages/connectors/connector-facebook/package.json
+++ b/packages/connectors/connector-facebook/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-feishu-web/package.json b/packages/connectors/connector-feishu-web/package.json
index b6db69458b6f..dd1b65e5f3ff 100644
--- a/packages/connectors/connector-feishu-web/package.json
+++ b/packages/connectors/connector-feishu-web/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-github/package.json b/packages/connectors/connector-github/package.json
index 1e9eeb2a4e95..78bb96d22a20 100644
--- a/packages/connectors/connector-github/package.json
+++ b/packages/connectors/connector-github/package.json
@@ -61,7 +61,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
@@ -70,6 +70,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-google/package.json b/packages/connectors/connector-google/package.json
index 6f5c8da1591c..c193dd1774ea 100644
--- a/packages/connectors/connector-google/package.json
+++ b/packages/connectors/connector-google/package.json
@@ -61,7 +61,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -70,6 +70,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-huggingface/package.json b/packages/connectors/connector-huggingface/package.json
index b87196f02f6b..ac34b6f3d3af 100644
--- a/packages/connectors/connector-huggingface/package.json
+++ b/packages/connectors/connector-huggingface/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-kakao/package.json b/packages/connectors/connector-kakao/package.json
index 900f095e6c51..3d2b24b12d8c 100644
--- a/packages/connectors/connector-kakao/package.json
+++ b/packages/connectors/connector-kakao/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index d209481cfcce..ec8c8f2ba9c1 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -61,7 +61,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -70,6 +70,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-logto-sms/package.json b/packages/connectors/connector-logto-sms/package.json
index 00fa94c4f508..a9d0e0b35520 100644
--- a/packages/connectors/connector-logto-sms/package.json
+++ b/packages/connectors/connector-logto-sms/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-logto-social-demo/package.json b/packages/connectors/connector-logto-social-demo/package.json
index 0e765182fbf8..5ba4d835f7a8 100644
--- a/packages/connectors/connector-logto-social-demo/package.json
+++ b/packages/connectors/connector-logto-social-demo/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mailgun/package.json b/packages/connectors/connector-mailgun/package.json
index 07cacc5bdb80..afc15dbaecf6 100644
--- a/packages/connectors/connector-mailgun/package.json
+++ b/packages/connectors/connector-mailgun/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-email-alternative/package.json b/packages/connectors/connector-mock-email-alternative/package.json
index 9132e8f85300..31f3192dfd6d 100644
--- a/packages/connectors/connector-mock-email-alternative/package.json
+++ b/packages/connectors/connector-mock-email-alternative/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-email/package.json b/packages/connectors/connector-mock-email/package.json
index f1b4024346a6..77b394b53ddc 100644
--- a/packages/connectors/connector-mock-email/package.json
+++ b/packages/connectors/connector-mock-email/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-sms/package.json b/packages/connectors/connector-mock-sms/package.json
index 1ae46035a40d..e0a6d0e1957f 100644
--- a/packages/connectors/connector-mock-sms/package.json
+++ b/packages/connectors/connector-mock-sms/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-social/package.json b/packages/connectors/connector-mock-social/package.json
index 902cecb18f76..e0e275c8c724 100644
--- a/packages/connectors/connector-mock-social/package.json
+++ b/packages/connectors/connector-mock-social/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-naver/package.json b/packages/connectors/connector-naver/package.json
index 22a3e4228165..dfb29b99fd5e 100644
--- a/packages/connectors/connector-naver/package.json
+++ b/packages/connectors/connector-naver/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-oauth2/package.json b/packages/connectors/connector-oauth2/package.json
index 9fb22112f820..856448d78cbf 100644
--- a/packages/connectors/connector-oauth2/package.json
+++ b/packages/connectors/connector-oauth2/package.json
@@ -64,7 +64,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
@@ -73,6 +73,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-oidc/package.json b/packages/connectors/connector-oidc/package.json
index bffa1bbc5091..378b9b6eadb1 100644
--- a/packages/connectors/connector-oidc/package.json
+++ b/packages/connectors/connector-oidc/package.json
@@ -63,7 +63,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
@@ -72,6 +72,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-saml/package.json b/packages/connectors/connector-saml/package.json
index 7e84b900cf4a..ddae5bff9c23 100644
--- a/packages/connectors/connector-saml/package.json
+++ b/packages/connectors/connector-saml/package.json
@@ -62,7 +62,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -71,6 +71,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-sendgrid-email/package.json b/packages/connectors/connector-sendgrid-email/package.json
index 58231c9eb008..9df84c3610e3 100644
--- a/packages/connectors/connector-sendgrid-email/package.json
+++ b/packages/connectors/connector-sendgrid-email/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-smsaero/package.json b/packages/connectors/connector-smsaero/package.json
index 306eb38dbb3e..6a10c2aa7556 100644
--- a/packages/connectors/connector-smsaero/package.json
+++ b/packages/connectors/connector-smsaero/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-smtp/package.json b/packages/connectors/connector-smtp/package.json
index 8fbd5f468691..5a15d69c331d 100644
--- a/packages/connectors/connector-smtp/package.json
+++ b/packages/connectors/connector-smtp/package.json
@@ -21,7 +21,7 @@
     "@types/node": "^20.11.20",
     "@types/nodemailer": "^6.4.7",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -30,7 +30,7 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
   "module": "./lib/index.js",
diff --git a/packages/connectors/connector-tencent-sms/package.json b/packages/connectors/connector-tencent-sms/package.json
index a0da5a6bcae9..6573974599f6 100644
--- a/packages/connectors/connector-tencent-sms/package.json
+++ b/packages/connectors/connector-tencent-sms/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-twilio-sms/package.json b/packages/connectors/connector-twilio-sms/package.json
index 976f30702497..704299ec2d82 100644
--- a/packages/connectors/connector-twilio-sms/package.json
+++ b/packages/connectors/connector-twilio-sms/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-wechat-native/package.json b/packages/connectors/connector-wechat-native/package.json
index 9a68f2dc4626..6b342f8f7262 100644
--- a/packages/connectors/connector-wechat-native/package.json
+++ b/packages/connectors/connector-wechat-native/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-wechat-web/package.json b/packages/connectors/connector-wechat-web/package.json
index 07d99ad9280d..03e7405a10be 100644
--- a/packages/connectors/connector-wechat-web/package.json
+++ b/packages/connectors/connector-wechat-web/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-wecom/package.json b/packages/connectors/connector-wecom/package.json
index b06794e294c2..b6dba9424ed7 100644
--- a/packages/connectors/connector-wecom/package.json
+++ b/packages/connectors/connector-wecom/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.10.4",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
@@ -69,6 +69,6 @@
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   }
 }
diff --git a/packages/schemas/package.json b/packages/schemas/package.json
index e7da8c566f34..4aa2e66ed924 100644
--- a/packages/schemas/package.json
+++ b/packages/schemas/package.json
@@ -46,7 +46,7 @@
     "@types/inquirer": "^9.0.0",
     "@types/node": "^20.9.5",
     "@types/pluralize": "^0.0.33",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "camelcase": "^8.0.0",
     "chalk": "^5.0.0",
     "eslint": "^8.56.0",
@@ -55,7 +55,7 @@
     "prettier": "^3.0.0",
     "roarr": "^7.11.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand",
diff --git a/packages/shared/package.json b/packages/shared/package.json
index 5f80353075c2..db6b44d90f2b 100644
--- a/packages/shared/package.json
+++ b/packages/shared/package.json
@@ -41,12 +41,12 @@
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.9.5",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/toolkit/connector-kit/package.json b/packages/toolkit/connector-kit/package.json
index 08deba5cb1be..60e1a9db155b 100644
--- a/packages/toolkit/connector-kit/package.json
+++ b/packages/toolkit/connector-kit/package.json
@@ -46,12 +46,12 @@
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.9.5",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/toolkit/core-kit/package.json b/packages/toolkit/core-kit/package.json
index cf8118822aa0..51835938803c 100644
--- a/packages/toolkit/core-kit/package.json
+++ b/packages/toolkit/core-kit/package.json
@@ -61,14 +61,14 @@
     "@types/color": "^3.0.3",
     "@types/node": "^20.9.5",
     "@types/react": "^18.0.31",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "postcss": "^8.4.31",
     "prettier": "^3.0.0",
     "stylelint": "^15.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"
diff --git a/packages/toolkit/language-kit/package.json b/packages/toolkit/language-kit/package.json
index 631d95327352..7af348836131 100644
--- a/packages/toolkit/language-kit/package.json
+++ b/packages/toolkit/language-kit/package.json
@@ -39,12 +39,12 @@
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.9.5",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 095450077188..e78201f4f945 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -62,8 +62,8 @@ importers:
         specifier: ^20.9.5
         version: 20.10.4
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -77,8 +77,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/cli:
     dependencies:
@@ -189,8 +189,8 @@ importers:
         specifier: ^17.0.13
         version: 17.0.13
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       '@withtyped/server':
         specifier: ^0.13.6
         version: 0.13.6(zod@3.22.4)
@@ -207,8 +207,8 @@ importers:
         specifier: ^18.0.0
         version: 18.0.0
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-alipay-native:
     dependencies:
@@ -262,8 +262,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -289,8 +289,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-alipay-web:
     dependencies:
@@ -344,8 +344,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -371,8 +371,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-aliyun-dm:
     dependencies:
@@ -417,8 +417,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -444,8 +444,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-aliyun-sms:
     dependencies:
@@ -490,8 +490,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -517,8 +517,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-apple:
     dependencies:
@@ -569,8 +569,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -596,8 +596,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-aws-ses:
     dependencies:
@@ -648,8 +648,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -675,8 +675,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-azuread:
     dependencies:
@@ -724,8 +724,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -751,8 +751,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-dingtalk-web:
     dependencies:
@@ -806,8 +806,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -833,8 +833,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-discord:
     dependencies:
@@ -879,8 +879,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -906,8 +906,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-facebook:
     dependencies:
@@ -952,8 +952,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -979,8 +979,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-feishu-web:
     dependencies:
@@ -1025,8 +1025,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1052,8 +1052,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-github:
     dependencies:
@@ -1101,8 +1101,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1128,8 +1128,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-google:
     dependencies:
@@ -1177,8 +1177,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1204,8 +1204,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-huggingface:
     dependencies:
@@ -1250,8 +1250,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1277,8 +1277,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-kakao:
     dependencies:
@@ -1323,8 +1323,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1350,8 +1350,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-logto-email:
     dependencies:
@@ -1399,8 +1399,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1426,8 +1426,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-logto-sms:
     dependencies:
@@ -1472,8 +1472,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1499,8 +1499,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-logto-social-demo:
     dependencies:
@@ -1545,8 +1545,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1572,8 +1572,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-mailgun:
     dependencies:
@@ -1618,8 +1618,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1645,8 +1645,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-mock-email:
     dependencies:
@@ -1691,8 +1691,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1718,8 +1718,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-mock-email-alternative:
     dependencies:
@@ -1764,8 +1764,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1791,8 +1791,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-mock-sms:
     dependencies:
@@ -1837,8 +1837,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1864,8 +1864,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-mock-social:
     dependencies:
@@ -1910,8 +1910,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1937,8 +1937,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-naver:
     dependencies:
@@ -1983,8 +1983,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2010,8 +2010,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-oauth2:
     dependencies:
@@ -2065,8 +2065,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2092,8 +2092,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-oidc:
     dependencies:
@@ -2150,8 +2150,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2177,8 +2177,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-saml:
     dependencies:
@@ -2229,8 +2229,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2256,8 +2256,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-sendgrid-email:
     dependencies:
@@ -2302,8 +2302,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2329,8 +2329,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-smsaero:
     dependencies:
@@ -2375,8 +2375,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2402,8 +2402,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-smtp:
     dependencies:
@@ -2454,8 +2454,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2481,8 +2481,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-tencent-sms:
     dependencies:
@@ -2527,8 +2527,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2554,8 +2554,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-twilio-sms:
     dependencies:
@@ -2600,8 +2600,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2627,8 +2627,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-wechat-native:
     dependencies:
@@ -2673,8 +2673,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2700,8 +2700,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-wechat-web:
     dependencies:
@@ -2746,8 +2746,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2773,8 +2773,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/connectors/connector-wecom:
     dependencies:
@@ -2819,8 +2819,8 @@ importers:
         specifier: ^6.0.2
         version: 6.0.2
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2846,8 +2846,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/console:
     devDependencies:
@@ -3976,8 +3976,8 @@ importers:
         specifier: ^0.0.33
         version: 0.0.33
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       camelcase:
         specifier: ^8.0.0
         version: 8.0.0
@@ -4003,8 +4003,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/shared:
     dependencies:
@@ -4037,8 +4037,8 @@ importers:
         specifier: ^20.9.5
         version: 20.10.4
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4052,8 +4052,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/toolkit/connector-kit:
     dependencies:
@@ -4084,8 +4084,8 @@ importers:
         specifier: ^20.9.5
         version: 20.10.4
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4099,8 +4099,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/toolkit/core-kit:
     dependencies:
@@ -4143,8 +4143,8 @@ importers:
         specifier: ^18.0.31
         version: 18.0.31
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4164,8 +4164,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
   packages/toolkit/language-kit:
     optionalDependencies:
@@ -4183,8 +4183,8 @@ importers:
         specifier: ^20.9.5
         version: 20.10.4
       '@vitest/coverage-v8':
-        specifier: ^1.4.0
-        version: 1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        specifier: ^2.0.0
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4198,8 +4198,8 @@ importers:
         specifier: ^5.3.3
         version: 5.3.3
       vitest:
-        specifier: ^1.4.0
-        version: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        specifier: ^2.0.0
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
 
 packages:
 
@@ -4528,10 +4528,6 @@ packages:
     resolution: {integrity: sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==}
     engines: {node: '>=6.9.0'}
 
-  '@babel/helper-string-parser@7.19.4':
-    resolution: {integrity: sha512-nHtDoQcuqFmwYNYPz3Rah5ph2p8PFeFCsZk9A/48dPc/rGocJ5J3hAAZ7pb76VWX3fZKu+uEr/FhH5jLx7umrw==}
-    engines: {node: '>=6.9.0'}
-
   '@babel/helper-string-parser@7.23.4':
     resolution: {integrity: sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==}
     engines: {node: '>=6.9.0'}
@@ -4540,10 +4536,6 @@ packages:
     resolution: {integrity: sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==}
     engines: {node: '>=6.9.0'}
 
-  '@babel/helper-validator-identifier@7.22.5':
-    resolution: {integrity: sha512-aJXu+6lErq8ltp+JhkJUfk1MTGyuA4v7f3pA+BJ5HLfNC6nAQ0Cpi9uOquUj8Hehg0aUiHzWQbOVJGao6ztBAQ==}
-    engines: {node: '>=6.9.0'}
-
   '@babel/helper-validator-option@7.23.5':
     resolution: {integrity: sha512-85ttAOMLsr53VgXkTbkx8oA6YTfT4q7/HzXSLEYmjcSTJPMPQtvq1BD79Byep5xMUYbGRzEpDsjUf3dyp54IKw==}
     engines: {node: '>=6.9.0'}
@@ -4560,11 +4552,6 @@ packages:
     resolution: {integrity: sha512-Yac1ao4flkTxTteCDZLEvdxg2fZfz1v8M4QpaGypq/WPDqg3ijHYbDfs+LG5hvzSoqaSZ9/Z9lKSP3CjZjv+pA==}
     engines: {node: '>=6.9.0'}
 
-  '@babel/parser@7.24.0':
-    resolution: {integrity: sha512-QuP/FxEAzMSjXygs8v4N9dvdXzEHN4W1oF3PxuWAtPo08UdM17u89RDMgjLn/mlc56iM0HlLmVkO/wgR+rDgHg==}
-    engines: {node: '>=6.0.0'}
-    hasBin: true
-
   '@babel/parser@7.24.4':
     resolution: {integrity: sha512-zTvEBcghmeBma9QIGunWevvBAp4/Qu9Bdq+2k0Ot4fVMD6v3dsC9WOcRSKk7tRRyBM/53yKMJko9xOatGQAwSg==}
     engines: {node: '>=6.0.0'}
@@ -4671,10 +4658,6 @@ packages:
     resolution: {integrity: sha512-xuU6o9m68KeqZbQuDt2TcKSxUw/mrsvavlEqQ1leZ/B+C9tk6E4sRWy97WaXgvq5E+nU3cXMxv3WKOCanVMCmQ==}
     engines: {node: '>=6.9.0'}
 
-  '@babel/types@7.20.2':
-    resolution: {integrity: sha512-FnnvsNWgZCr232sqtXggapvlkk/tuwR/qhGzcmxI0GXLCjmPYQPzio2FbdlWuY6y1sHFfQKk+rRbUZ9VStQMog==}
-    engines: {node: '>=6.9.0'}
-
   '@babel/types@7.24.0':
     resolution: {integrity: sha512-+j7a5c253RfKh8iABBhywc8NSfP5LURe7Uh4qpsh6jc+aLJguvmIUBdjSdEMQv2bENrCR5MfRdjGo7vzS/ob7w==}
     engines: {node: '>=6.9.0'}
@@ -5165,15 +5148,9 @@ packages:
     resolution: {integrity: sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==}
     engines: {node: '>=6.0.0'}
 
-  '@jridgewell/sourcemap-codec@1.4.14':
-    resolution: {integrity: sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==}
-
   '@jridgewell/sourcemap-codec@1.4.15':
     resolution: {integrity: sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==}
 
-  '@jridgewell/trace-mapping@0.3.18':
-    resolution: {integrity: sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA==}
-
   '@jridgewell/trace-mapping@0.3.25':
     resolution: {integrity: sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==}
 
@@ -6808,25 +6785,25 @@ packages:
   '@ungap/structured-clone@1.2.0':
     resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
 
-  '@vitest/coverage-v8@1.4.0':
-    resolution: {integrity: sha512-4hDGyH1SvKpgZnIByr9LhGgCEuF9DKM34IBLCC/fVfy24Z3+PZ+Ii9hsVBsHvY1umM1aGPEjceRkzxCfcQ10wg==}
+  '@vitest/coverage-v8@2.0.0':
+    resolution: {integrity: sha512-k2OgMH8e4AyUVsmLk2P3vT++VVaUQbvVaP5NJQDgXgv1q4lG56Z4nb26QNcxgk4ZLypmOrfultAShMo+okIOYw==}
     peerDependencies:
-      vitest: 1.4.0
+      vitest: 2.0.0
 
-  '@vitest/expect@1.4.0':
-    resolution: {integrity: sha512-Jths0sWCJZ8BxjKe+p+eKsoqev1/T8lYcrjavEaz8auEJ4jAVY0GwW3JKmdVU4mmNPLPHixh4GNXP7GFtAiDHA==}
+  '@vitest/expect@2.0.0':
+    resolution: {integrity: sha512-5BSfZ0+dAVmC6uPF7s+TcKx0i7oyYHb1WQQL5gg6G2c+Qkaa5BNrdRM74sxDfUIZUgYCr6bfCqmJp+X5bfcNxQ==}
 
-  '@vitest/runner@1.4.0':
-    resolution: {integrity: sha512-EDYVSmesqlQ4RD2VvWo3hQgTJ7ZrFQ2VSJdfiJiArkCerDAGeyF1i6dHkmySqk573jLp6d/cfqCN+7wUB5tLgg==}
+  '@vitest/runner@2.0.0':
+    resolution: {integrity: sha512-OovFmlkfRmdhevbWImBUtn9IEM+CKac8O+m9p6W9jTATGVBnDJQ6/jb1gpHyWxsu0ALi5f+TLi+Uyst7AAimMw==}
 
-  '@vitest/snapshot@1.4.0':
-    resolution: {integrity: sha512-saAFnt5pPIA5qDGxOHxJ/XxhMFKkUSBJmVt5VgDsAqPTX6JP326r5C/c9UuCMPoXNzuudTPsYDZCoJ5ilpqG2A==}
+  '@vitest/snapshot@2.0.0':
+    resolution: {integrity: sha512-B520cSAQwtWgocPpARadnNLslHCxFs5tf7SG2TT96qz+SZgsXqcB1xI3w3/S9kUzdqykEKrMLvW+sIIpMcuUdw==}
 
-  '@vitest/spy@1.4.0':
-    resolution: {integrity: sha512-Ywau/Qs1DzM/8Uc+yA77CwSegizMlcgTJuYGAi0jujOteJOUf1ujunHThYo243KG9nAyWT3L9ifPYZ5+As/+6Q==}
+  '@vitest/spy@2.0.0':
+    resolution: {integrity: sha512-0g7ho4wBK09wq8iNZFtUcQZcUcbPmbLWFotL0GXel0fvk5yPi4nTEKpIvZ+wA5eRyqPUCIfIUl10AWzLr67cmA==}
 
-  '@vitest/utils@1.4.0':
-    resolution: {integrity: sha512-mx3Yd1/6e2Vt/PUC98DcqTirtfxUyAZ32uK82r8rZzbtBeBo+nqgnjx/LvqQdWsrvNtm14VmurNgcf4nqY5gJg==}
+  '@vitest/utils@2.0.0':
+    resolution: {integrity: sha512-t0jbx8VugWEP6A29NbyfQKVU68Vo6oUw0iX3a8BwO3nrZuivfHcFO4Y5UsqXlplX+83P9UaqEvC2YQhspC0JSA==}
 
   '@withtyped/client@0.8.7':
     resolution: {integrity: sha512-qK+Tsczvko8mBRACtHGYj0CdMZFaBmosMGUahTAr544Jb183INPZPn/NpUFtTEpl5g3e4lUjMc5jPH0V78D0+g==}
@@ -7058,8 +7035,9 @@ packages:
     resolution: {integrity: sha512-FVnvrKJwpt9LP2lAMl8qZswRNm3T4q9CON+bxldk2iwk3FFpuwhx2FfinyitizWHsVYyaY+y5JzDR0rCMV5yTQ==}
     engines: {node: '>=12.0.0'}
 
-  assertion-error@1.1.0:
-    resolution: {integrity: sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==}
+  assertion-error@2.0.1:
+    resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
+    engines: {node: '>=12'}
 
   ast-types-flow@0.0.8:
     resolution: {integrity: sha512-OH/2E5Fg20h2aPrbe+QL8JZQFko0YZaF+j4mnQ7BGhfavO7OpSLa8a0y9sBwomHdSbkhTS8TQNayBfnW5DwbvQ==}
@@ -7307,9 +7285,9 @@ packages:
   ccount@2.0.1:
     resolution: {integrity: sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==}
 
-  chai@4.4.1:
-    resolution: {integrity: sha512-13sOfMv2+DWduEU+/xbun3LScLoqN17nBeTLUsmDfKdoiC1fr0n9PU4guu4AhRcOVFk/sW8LyZWHuhWtQZiF+g==}
-    engines: {node: '>=4'}
+  chai@5.1.1:
+    resolution: {integrity: sha512-pT1ZgP8rPNqUgieVaEY+ryQr6Q4HXNg8Ei9UnLUrjN4IA7dvQC5JB+/kxVcPNDHyBcc/26CXPkbNzq3qwrOEKA==}
+    engines: {node: '>=12'}
 
   chalk@2.4.2:
     resolution: {integrity: sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==}
@@ -7355,8 +7333,9 @@ packages:
   chardet@0.7.0:
     resolution: {integrity: sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==}
 
-  check-error@1.0.3:
-    resolution: {integrity: sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==}
+  check-error@2.1.1:
+    resolution: {integrity: sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw==}
+    engines: {node: '>= 16'}
 
   chokidar@3.5.3:
     resolution: {integrity: sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==}
@@ -7913,6 +7892,15 @@ packages:
       supports-color:
         optional: true
 
+  debug@4.3.5:
+    resolution: {integrity: sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg==}
+    engines: {node: '>=6.0'}
+    peerDependencies:
+      supports-color: '*'
+    peerDependenciesMeta:
+      supports-color:
+        optional: true
+
   decamelize-keys@1.1.1:
     resolution: {integrity: sha512-WiPxgEirIV0/eIOMcnFBA3/IJZAZqKnwAwWyvvdi4lsr1WCN22nhdf/3db3DoZcUjTV2SqfzIwNyp6y2xs3nmg==}
     engines: {node: '>=0.10.0'}
@@ -7954,8 +7942,8 @@ packages:
       babel-plugin-macros:
         optional: true
 
-  deep-eql@4.1.3:
-    resolution: {integrity: sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==}
+  deep-eql@5.0.2:
+    resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==}
     engines: {node: '>=6'}
 
   deep-equal@1.0.1:
@@ -8886,11 +8874,6 @@ packages:
     resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
     engines: {node: '>=10.13.0'}
 
-  glob@10.3.12:
-    resolution: {integrity: sha512-TCNv8vJ+xz4QiqTpfOJA7HvYv+tNIRHKfUWw/q+v2jdgN4ebz+KY9tGx5J4rHP0o84mNP+ApH66HRX8us3Khqg==}
-    engines: {node: '>=16 || 14 >=14.17'}
-    hasBin: true
-
   glob@10.4.2:
     resolution: {integrity: sha512-GwMlUF6PkPo3Gk21UxkCohOv0PLcIXVtKyLlpEI28R/cO/4eNOdmLk3CMW1wROV/WR/EsZOWAfBbBOqYvs88/w==}
     engines: {node: '>=16 || 14 >=14.18'}
@@ -9612,8 +9595,8 @@ packages:
     resolution: {integrity: sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==}
     engines: {node: '>=10'}
 
-  istanbul-lib-source-maps@5.0.4:
-    resolution: {integrity: sha512-wHOoEsNJTVltaJp8eVkm8w+GVkVNHT2YDYo53YdzQEL2gWm1hBX5cGFR9hQJtuGLebidVX7et3+dmDZrmclduw==}
+  istanbul-lib-source-maps@5.0.6:
+    resolution: {integrity: sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==}
     engines: {node: '>=10'}
 
   istanbul-reports@3.1.7:
@@ -9623,10 +9606,6 @@ packages:
   iterator.prototype@1.1.2:
     resolution: {integrity: sha512-DR33HMMr8EzwuRL8Y9D3u2BMj8+RqSE850jfGu59kS7tbmPLzGkZmVSfyCFSDxuZiEY6Rzt3T2NA/qU+NwVj1w==}
 
-  jackspeak@2.3.6:
-    resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==}
-    engines: {node: '>=14'}
-
   jackspeak@3.4.0:
     resolution: {integrity: sha512-JVYhQnN59LVPFCEcVa2C3CrEKYacvjRfqIQl+h8oi91aLYQVWRYbxjPcv1bUiUy/kLmQaANrYfNMCO3kuEDHfw==}
     engines: {node: '>=14'}
@@ -9833,8 +9812,8 @@ packages:
   js-tokens@4.0.0:
     resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
 
-  js-tokens@8.0.3:
-    resolution: {integrity: sha512-UfJMcSJc+SEXEl9lH/VLHSZbThQyLpw1vLO1Lb+j4RWDvG3N2f7yj3PVQA3cmkTBNldJ9eFnM+xEXxHIXrYiJw==}
+  js-tokens@9.0.0:
+    resolution: {integrity: sha512-WriZw1luRMlmV3LGJaR6QOJjWwgLUTf89OwT2lUOyjX2dJGBwgmIkbcz+7WFZjrZM635JOIR517++e/67CP9dQ==}
 
   js-types@1.0.0:
     resolution: {integrity: sha512-bfwqBW9cC/Lp7xcRpug7YrXm0IVw+T9e3g4mCYnv0Pjr3zIzU9PCQElYU9oSGAWzXlbdl9X5SAMPejO9sxkeUw==}
@@ -10122,10 +10101,6 @@ packages:
     resolution: {integrity: sha512-HVl9ZqccQihZ7JM85dco1MvO9G+ONvxoGa9rkhzFsneGLKSUg1gJf9bWzhRhcvm2qChhWpebQhP44qxjKIUCaQ==}
     engines: {node: '>= 12.13.0'}
 
-  local-pkg@0.5.0:
-    resolution: {integrity: sha512-ok6z3qlYyCDS4ZEU27HaU6x/xZa9Whf8jD4ptH5UZTQYZVYeb9bnZ3ojVhiJNLiXK1Hfc0GNbLXcmZ5plLDDBg==}
-    engines: {node: '>=14'}
-
   locate-path@5.0.0:
     resolution: {integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==}
     engines: {node: '>=8'}
@@ -10226,8 +10201,8 @@ packages:
     resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==}
     hasBin: true
 
-  loupe@2.3.7:
-    resolution: {integrity: sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==}
+  loupe@3.1.1:
+    resolution: {integrity: sha512-edNu/8D5MKVfGVFRhFf8aAxiTM6Wumfz5XsaatSxlD3w4R1d/WEKUTydCdPGbl9K7QG/Ca3GnDV2sIKIpXRQcw==}
 
   lower-case@2.0.2:
     resolution: {integrity: sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==}
@@ -10269,12 +10244,15 @@ packages:
     resolution: {integrity: sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==}
     hasBin: true
 
+  magic-string@0.30.10:
+    resolution: {integrity: sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==}
+
   magic-string@0.30.7:
     resolution: {integrity: sha512-8vBuFF/I/+OSLRmdf2wwFCJCz+nSn0m6DPvGH1fS/KiQoSaR+sETbov0eIk9KhEKy8CYqIkIAnbohxT/4H0kuA==}
     engines: {node: '>=12'}
 
-  magicast@0.3.3:
-    resolution: {integrity: sha512-ZbrP1Qxnpoes8sz47AM0z08U+jW6TyRgZzcWy3Ma3vDhJttwMwAFDMMQFobwdBxByBD46JYmxRzeF7w2+wJEuw==}
+  magicast@0.3.4:
+    resolution: {integrity: sha512-TyDF/Pn36bBji9rWKHlZe+PZb6Mx5V8IHCSxk7X4aljM4e/vyDvZZYwHewdVaqiA0nb3ghfHU/6AUpDxWoER2Q==}
 
   make-dir@4.0.0:
     resolution: {integrity: sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==}
@@ -10665,9 +10643,6 @@ packages:
     engines: {node: '>=10'}
     hasBin: true
 
-  mlly@1.6.1:
-    resolution: {integrity: sha512-vLgaHvaeunuOXHSmEbZ9izxPx3USsk8KCQ8iC+aTlp5sKRSoZvwhHh5L9VbKSaVC6sJDqbyohIS76E2VmHIPAA==}
-
   module-details-from-path@1.0.3:
     resolution: {integrity: sha512-ySViT69/76t8VhE1xXHK6Ch4NcDd26gx0MzKXLO+F7NOtnqH68d9zF94nT8ZWSxXh8ELOERsnJO/sWt1xZYw5A==}
 
@@ -11000,10 +10975,6 @@ packages:
     resolution: {integrity: sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ==}
     engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
 
-  p-limit@5.0.0:
-    resolution: {integrity: sha512-/Eaoq+QyLSiXQ4lyYV23f14mZRQcXnxfHrN0vCai+ak9G0pp9iEQukIIZq5NccEvwRB8PUnZT0KsOoDCINS1qQ==}
-    engines: {node: '>=18'}
-
   p-limit@6.0.0:
     resolution: {integrity: sha512-Dx+NzOuILWwjJE9OYtEKuQRy0i3c5QVAmDsVrvvRSgyNnPuB27D2DyEjl6QTNyeePaAHjaPk+ya0yA0Frld8RA==}
     engines: {node: '>=18'}
@@ -11126,10 +11097,6 @@ packages:
   path-parse@1.0.7:
     resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==}
 
-  path-scurry@1.10.2:
-    resolution: {integrity: sha512-7xTavNy5RQXnsjANvVvMkEjvloOinkAjv/Z6Ildz9v2RinZ4SBKTWFOVRbaF8p0vpHnyjV/UwNDdKuUv6M5qcA==}
-    engines: {node: '>=16 || 14 >=14.17'}
-
   path-scurry@1.11.1:
     resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
     engines: {node: '>=16 || 14 >=14.18'}
@@ -11147,8 +11114,9 @@ packages:
   pathe@1.1.2:
     resolution: {integrity: sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==}
 
-  pathval@1.1.1:
-    resolution: {integrity: sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==}
+  pathval@2.0.0:
+    resolution: {integrity: sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA==}
+    engines: {node: '>= 14.16'}
 
   pend@1.2.0:
     resolution: {integrity: sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==}
@@ -11228,6 +11196,9 @@ packages:
   picocolors@1.0.0:
     resolution: {integrity: sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==}
 
+  picocolors@1.0.1:
+    resolution: {integrity: sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==}
+
   picomatch@2.3.1:
     resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==}
     engines: {node: '>=8.6'}
@@ -11253,9 +11224,6 @@ packages:
     resolution: {integrity: sha512-NPE8TDbzl/3YQYY7CSS228s3g2ollTFnc+Qi3tqmqJp9Vg2ovUpixcJEo2HJScN2Ez+kEaal6y70c0ehqJBJeA==}
     engines: {node: '>=10'}
 
-  pkg-types@1.0.3:
-    resolution: {integrity: sha512-nN7pYi0AQqJnoLPC9eHFQ8AcyaixBUOwvqc5TDnIKCMEE6I0y8P7OKA7fPexsXGCGxQDl/cmrLAp26LhcwxZ4A==}
-
   pluralize@8.0.0:
     resolution: {integrity: sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==}
     engines: {node: '>=4'}
@@ -12379,8 +12347,8 @@ packages:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
 
-  strip-literal@2.0.0:
-    resolution: {integrity: sha512-f9vHgsCWBq2ugHAkGMiiYY+AYG0D/cbloKKg0nhaaaSNsujdGIpVXCNsrJpCKr5M0f4aI31mr13UjY6GAuXCKA==}
+  strip-literal@2.1.0:
+    resolution: {integrity: sha512-Op+UycaUt/8FbN/Z2TWPBLge3jWrP3xj10f3fnYxf052bKuS3EKs1ZQcVGjnEMdsNVAM+plXRdmjrZ/KgG3Skw==}
 
   strnum@1.0.5:
     resolution: {integrity: sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==}
@@ -12516,6 +12484,10 @@ packages:
     resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==}
     engines: {node: '>=8'}
 
+  test-exclude@7.0.1:
+    resolution: {integrity: sha512-pFYqmTw68LXVjeWJMST4+borgQP2AyMNbg1BpZh9LbyhUeNkeaPF9gzfPGUAnSMV3qPYdWUwDIjjCLiSDOl7vg==}
+    engines: {node: '>=18'}
+
   text-extensions@2.4.0:
     resolution: {integrity: sha512-te/NtwBwfiNRLf9Ijqx3T0nlqZiQ2XrrtBvu+cLL8ZRrGkO0NHTug8MYFKyoSrv/sHTaSKfilUkizV6XhxMJ3g==}
     engines: {node: '>=8'}
@@ -12539,18 +12511,18 @@ packages:
   tiny-cookie@2.4.1:
     resolution: {integrity: sha512-h8ueaMyvUd/9ZfRqCfa1t+0tXqfVFhdK8WpLHz8VXMqsiaj3Sqg64AOCH/xevLQGZk0ZV+/75ouITdkvp3taVA==}
 
-  tinybench@2.6.0:
-    resolution: {integrity: sha512-N8hW3PG/3aOoZAN5V/NSAEDz0ZixDSSt5b/a05iqtpgfLWMSVuCo7w0k2vVvEjdrIoeGqZzweX2WlyioNIHchA==}
+  tinybench@2.8.0:
+    resolution: {integrity: sha512-1/eK7zUnIklz4JUUlL+658n58XO2hHLQfSk1Zf2LKieUjxidN16eKFEoDEfjHc3ohofSSqK3X5yO6VGb6iW8Lw==}
 
   tinycolor2@1.6.0:
     resolution: {integrity: sha512-XPaBkWQJdsf3pLKJV9p4qN/S+fm2Oj8AIPo1BTUhg5oxkvm9+SVEGFdhyOz7tTdUTfvxMiAs4sp6/eZO2Ew+pw==}
 
-  tinypool@0.8.2:
-    resolution: {integrity: sha512-SUszKYe5wgsxnNOVlBYO6IC+8VGWdVGZWAqUxp3UErNBtptZvWbwyUOyzNL59zigz2rCA92QiL3wvG+JDSdJdQ==}
-    engines: {node: '>=14.0.0'}
+  tinypool@1.0.0:
+    resolution: {integrity: sha512-KIKExllK7jp3uvrNtvRBYBWBOAXSX8ZvoaD8T+7KB/QHIuoJW3Pmr60zucywjAlMb5TeXUkcs/MWeWLu0qvuAQ==}
+    engines: {node: ^18.0.0 || >=20.0.0}
 
-  tinyspy@2.2.1:
-    resolution: {integrity: sha512-KYad6Vy5VDWV4GH3fjpseMQ/XU2BhIYP7Vzd0LG44qRWm/Yt2WCOTicFdvmgo6gWaqooMQCawTtILVQJupKu7A==}
+  tinyspy@3.0.0:
+    resolution: {integrity: sha512-q5nmENpTHgiPVd1cJDDc9cVoYN5x4vCvwT3FMilvKPKneCBZAxn2YWQjDF0UMcE9k0Cay1gBiDfTMU0g+mPMQA==}
     engines: {node: '>=14.0.0'}
 
   tmp@0.0.33:
@@ -12744,9 +12716,6 @@ packages:
   ua-parser-js@1.0.37:
     resolution: {integrity: sha512-bhTyI94tZofjo+Dn8SN6Zv8nBDvyXTymAdM3LDI/0IboIUwTu1rEhW7v2TfiVsoYWgkQ4kOVqnI8APUFbIQIFQ==}
 
-  ufo@1.5.2:
-    resolution: {integrity: sha512-eiutMaL0J2MKdhcOM1tUy13pIrYnyR87fEd8STJQFrrAwImwvlXkxlZEjaKah8r2viPohld08lt73QfLG1NxMg==}
-
   unbox-primitive@1.0.2:
     resolution: {integrity: sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==}
 
@@ -12874,8 +12843,8 @@ packages:
   vfile@6.0.1:
     resolution: {integrity: sha512-1bYqc7pt6NIADBJ98UiG0Bn/CHIVOoZ/IyEkqIruLg0mE1BKzkOXY2D6CSqQIcKqgadppE5lrxgWXJmXd7zZJw==}
 
-  vite-node@1.4.0:
-    resolution: {integrity: sha512-VZDAseqjrHgNd4Kh8icYHWzTKSCZMhia7GyHfhtzLW33fZlG9SwsB6CEhgyVOWkJfJ2pFLrp/Gj1FSfAiqH9Lw==}
+  vite-node@2.0.0:
+    resolution: {integrity: sha512-jZtezmjcgZTkMisIi68TdY8w/PqPTxK2pbfTU9/4Gqus1K3AVZqkwH0z7Vshe3CD6mq9rJq8SpqmuefDMIqkfQ==}
     engines: {node: ^18.0.0 || >=20.0.0}
     hasBin: true
 
@@ -12907,15 +12876,15 @@ packages:
       terser:
         optional: true
 
-  vitest@1.4.0:
-    resolution: {integrity: sha512-gujzn0g7fmwf83/WzrDTnncZt2UiXP41mHuFYFrdwaLRVQ6JYQEiME2IfEjU3vcFL3VKa75XhI3lFgn+hfVsQw==}
+  vitest@2.0.0:
+    resolution: {integrity: sha512-NvccE2tZhIoPSq3o3AoTBmItwhHNjzIxvOgfdzILIscyzSGOtw2+A1d/JJbS86HDVbc6TS5HnckQuCgTfp0HDQ==}
     engines: {node: ^18.0.0 || >=20.0.0}
     hasBin: true
     peerDependencies:
       '@edge-runtime/vm': '*'
       '@types/node': ^18.0.0 || >=20.0.0
-      '@vitest/browser': 1.4.0
-      '@vitest/ui': 1.4.0
+      '@vitest/browser': 2.0.0
+      '@vitest/ui': 2.0.0
       happy-dom: '*'
       jsdom: '*'
     peerDependenciesMeta:
@@ -13971,14 +13940,10 @@ snapshots:
     dependencies:
       '@babel/types': 7.24.0
 
-  '@babel/helper-string-parser@7.19.4': {}
-
   '@babel/helper-string-parser@7.23.4': {}
 
   '@babel/helper-validator-identifier@7.22.20': {}
 
-  '@babel/helper-validator-identifier@7.22.5': {}
-
   '@babel/helper-validator-option@7.23.5': {}
 
   '@babel/helpers@7.24.4':
@@ -13991,7 +13956,7 @@ snapshots:
 
   '@babel/highlight@7.22.5':
     dependencies:
-      '@babel/helper-validator-identifier': 7.22.5
+      '@babel/helper-validator-identifier': 7.22.20
       chalk: 2.4.2
       js-tokens: 4.0.0
 
@@ -14002,10 +13967,6 @@ snapshots:
       js-tokens: 4.0.0
       picocolors: 1.0.0
 
-  '@babel/parser@7.24.0':
-    dependencies:
-      '@babel/types': 7.24.0
-
   '@babel/parser@7.24.4':
     dependencies:
       '@babel/types': 7.24.0
@@ -14123,12 +14084,6 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@babel/types@7.20.2':
-    dependencies:
-      '@babel/helper-string-parser': 7.19.4
-      '@babel/helper-validator-identifier': 7.22.5
-      to-fast-properties: 2.0.0
-
   '@babel/types@7.24.0':
     dependencies:
       '@babel/helper-string-parser': 7.23.4
@@ -14723,7 +14678,7 @@ snapshots:
       '@jest/test-result': 29.7.0
       '@jest/transform': 29.7.0
       '@jest/types': 29.6.3
-      '@jridgewell/trace-mapping': 0.3.18
+      '@jridgewell/trace-mapping': 0.3.25
       '@types/node': 20.12.7
       chalk: 4.1.2
       collect-v8-coverage: 1.0.1
@@ -14856,15 +14811,8 @@ snapshots:
 
   '@jridgewell/set-array@1.2.1': {}
 
-  '@jridgewell/sourcemap-codec@1.4.14': {}
-
   '@jridgewell/sourcemap-codec@1.4.15': {}
 
-  '@jridgewell/trace-mapping@0.3.18':
-    dependencies:
-      '@jridgewell/resolve-uri': 3.1.0
-      '@jridgewell/sourcemap-codec': 1.4.14
-
   '@jridgewell/trace-mapping@0.3.25':
     dependencies:
       '@jridgewell/resolve-uri': 3.1.0
@@ -16490,7 +16438,7 @@ snapshots:
 
   '@svgr/hast-util-to-babel-ast@6.5.1':
     dependencies:
-      '@babel/types': 7.20.2
+      '@babel/types': 7.24.0
       entities: 4.4.0
 
   '@svgr/plugin-jsx@6.5.1(@svgr/core@6.5.1)':
@@ -17109,93 +17057,89 @@ snapshots:
 
   '@ungap/structured-clone@1.2.0': {}
 
-  '@vitest/coverage-v8@1.4.0(vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
-      debug: 4.3.4
+      debug: 4.3.5
       istanbul-lib-coverage: 3.2.2
       istanbul-lib-report: 3.0.1
-      istanbul-lib-source-maps: 5.0.4
+      istanbul-lib-source-maps: 5.0.6
       istanbul-reports: 3.1.7
-      magic-string: 0.30.7
-      magicast: 0.3.3
-      picocolors: 1.0.0
+      magic-string: 0.30.10
+      magicast: 0.3.4
+      picocolors: 1.0.1
       std-env: 3.7.0
-      strip-literal: 2.0.0
-      test-exclude: 6.0.0
-      v8-to-istanbul: 9.2.0
-      vitest: 1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+      strip-literal: 2.1.0
+      test-exclude: 7.0.1
+      vitest: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/coverage-v8@1.4.0(vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
-      debug: 4.3.4
+      debug: 4.3.5
       istanbul-lib-coverage: 3.2.2
       istanbul-lib-report: 3.0.1
-      istanbul-lib-source-maps: 5.0.4
+      istanbul-lib-source-maps: 5.0.6
       istanbul-reports: 3.1.7
-      magic-string: 0.30.7
-      magicast: 0.3.3
-      picocolors: 1.0.0
+      magic-string: 0.30.10
+      magicast: 0.3.4
+      picocolors: 1.0.1
       std-env: 3.7.0
-      strip-literal: 2.0.0
-      test-exclude: 6.0.0
-      v8-to-istanbul: 9.2.0
-      vitest: 1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+      strip-literal: 2.1.0
+      test-exclude: 7.0.1
+      vitest: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/coverage-v8@1.4.0(vitest@1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
-      debug: 4.3.4
+      debug: 4.3.5
       istanbul-lib-coverage: 3.2.2
       istanbul-lib-report: 3.0.1
-      istanbul-lib-source-maps: 5.0.4
+      istanbul-lib-source-maps: 5.0.6
       istanbul-reports: 3.1.7
-      magic-string: 0.30.7
-      magicast: 0.3.3
-      picocolors: 1.0.0
+      magic-string: 0.30.10
+      magicast: 0.3.4
+      picocolors: 1.0.1
       std-env: 3.7.0
-      strip-literal: 2.0.0
-      test-exclude: 6.0.0
-      v8-to-istanbul: 9.2.0
-      vitest: 1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+      strip-literal: 2.1.0
+      test-exclude: 7.0.1
+      vitest: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/expect@1.4.0':
+  '@vitest/expect@2.0.0':
     dependencies:
-      '@vitest/spy': 1.4.0
-      '@vitest/utils': 1.4.0
-      chai: 4.4.1
+      '@vitest/spy': 2.0.0
+      '@vitest/utils': 2.0.0
+      chai: 5.1.1
 
-  '@vitest/runner@1.4.0':
+  '@vitest/runner@2.0.0':
     dependencies:
-      '@vitest/utils': 1.4.0
-      p-limit: 5.0.0
+      '@vitest/utils': 2.0.0
       pathe: 1.1.2
 
-  '@vitest/snapshot@1.4.0':
+  '@vitest/snapshot@2.0.0':
     dependencies:
-      magic-string: 0.30.7
+      magic-string: 0.30.10
       pathe: 1.1.2
       pretty-format: 29.7.0
 
-  '@vitest/spy@1.4.0':
+  '@vitest/spy@2.0.0':
     dependencies:
-      tinyspy: 2.2.1
+      tinyspy: 3.0.0
 
-  '@vitest/utils@1.4.0':
+  '@vitest/utils@2.0.0':
     dependencies:
       diff-sequences: 29.6.3
       estree-walker: 3.0.3
-      loupe: 2.3.7
+      loupe: 3.1.1
       pretty-format: 29.7.0
 
   '@withtyped/client@0.8.7(zod@3.22.4)':
@@ -17464,7 +17408,7 @@ snapshots:
       pvutils: 1.1.3
       tslib: 2.6.2
 
-  assertion-error@1.1.0: {}
+  assertion-error@2.0.1: {}
 
   ast-types-flow@0.0.8: {}
 
@@ -17739,15 +17683,13 @@ snapshots:
 
   ccount@2.0.1: {}
 
-  chai@4.4.1:
+  chai@5.1.1:
     dependencies:
-      assertion-error: 1.1.0
-      check-error: 1.0.3
-      deep-eql: 4.1.3
-      get-func-name: 2.0.2
-      loupe: 2.3.7
-      pathval: 1.1.1
-      type-detect: 4.0.8
+      assertion-error: 2.0.1
+      check-error: 2.1.1
+      deep-eql: 5.0.2
+      loupe: 3.1.1
+      pathval: 2.0.0
 
   chalk@2.4.2:
     dependencies:
@@ -17782,9 +17724,7 @@ snapshots:
 
   chardet@0.7.0: {}
 
-  check-error@1.0.3:
-    dependencies:
-      get-func-name: 2.0.2
+  check-error@2.1.1: {}
 
   chokidar@3.5.3:
     dependencies:
@@ -18387,6 +18327,10 @@ snapshots:
     dependencies:
       ms: 2.1.2
 
+  debug@4.3.5:
+    dependencies:
+      ms: 2.1.2
+
   decamelize-keys@1.1.1:
     dependencies:
       decamelize: 1.2.0
@@ -18414,9 +18358,7 @@ snapshots:
 
   dedent@1.5.1: {}
 
-  deep-eql@4.1.3:
-    dependencies:
-      type-detect: 4.0.8
+  deep-eql@5.0.2: {}
 
   deep-equal@1.0.1: {}
 
@@ -19541,14 +19483,6 @@ snapshots:
     dependencies:
       is-glob: 4.0.3
 
-  glob@10.3.12:
-    dependencies:
-      foreground-child: 3.1.1
-      jackspeak: 2.3.6
-      minimatch: 9.0.4
-      minipass: 7.0.4
-      path-scurry: 1.10.2
-
   glob@10.4.2:
     dependencies:
       foreground-child: 3.1.1
@@ -20314,10 +20248,10 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  istanbul-lib-source-maps@5.0.4:
+  istanbul-lib-source-maps@5.0.6:
     dependencies:
       '@jridgewell/trace-mapping': 0.3.25
-      debug: 4.3.4
+      debug: 4.3.5
       istanbul-lib-coverage: 3.2.2
     transitivePeerDependencies:
       - supports-color
@@ -20335,12 +20269,6 @@ snapshots:
       reflect.getprototypeof: 1.0.6
       set-function-name: 2.0.2
 
-  jackspeak@2.3.6:
-    dependencies:
-      '@isaacs/cliui': 8.0.2
-    optionalDependencies:
-      '@pkgjs/parseargs': 0.11.0
-
   jackspeak@3.4.0:
     dependencies:
       '@isaacs/cliui': 8.0.2
@@ -20862,7 +20790,7 @@ snapshots:
 
   js-tokens@4.0.0: {}
 
-  js-tokens@8.0.3: {}
+  js-tokens@9.0.0: {}
 
   js-types@1.0.0: {}
 
@@ -21247,11 +21175,6 @@ snapshots:
 
   loader-utils@3.2.0: {}
 
-  local-pkg@0.5.0:
-    dependencies:
-      mlly: 1.6.1
-      pkg-types: 1.0.3
-
   locate-path@5.0.0:
     dependencies:
       p-locate: 4.1.0
@@ -21334,7 +21257,7 @@ snapshots:
     dependencies:
       js-tokens: 4.0.0
 
-  loupe@2.3.7:
+  loupe@3.1.1:
     dependencies:
       get-func-name: 2.0.2
 
@@ -21372,15 +21295,19 @@ snapshots:
 
   lz-string@1.5.0: {}
 
+  magic-string@0.30.10:
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.4.15
+
   magic-string@0.30.7:
     dependencies:
       '@jridgewell/sourcemap-codec': 1.4.15
 
-  magicast@0.3.3:
+  magicast@0.3.4:
     dependencies:
-      '@babel/parser': 7.24.0
+      '@babel/parser': 7.24.4
       '@babel/types': 7.24.0
-      source-map-js: 1.0.2
+      source-map-js: 1.2.0
 
   make-dir@4.0.0:
     dependencies:
@@ -22118,13 +22045,6 @@ snapshots:
 
   mkdirp@3.0.1: {}
 
-  mlly@1.6.1:
-    dependencies:
-      acorn: 8.11.3
-      pathe: 1.1.2
-      pkg-types: 1.0.3
-      ufo: 1.5.2
-
   module-details-from-path@1.0.3: {}
 
   monaco-editor@0.47.0: {}
@@ -22484,10 +22404,6 @@ snapshots:
     dependencies:
       yocto-queue: 1.0.0
 
-  p-limit@5.0.0:
-    dependencies:
-      yocto-queue: 1.0.0
-
   p-limit@6.0.0:
     dependencies:
       yocto-queue: 1.1.1
@@ -22635,11 +22551,6 @@ snapshots:
 
   path-parse@1.0.7: {}
 
-  path-scurry@1.10.2:
-    dependencies:
-      lru-cache: 10.2.0
-      minipass: 7.0.4
-
   path-scurry@1.11.1:
     dependencies:
       lru-cache: 10.2.0
@@ -22655,7 +22566,7 @@ snapshots:
 
   pathe@1.1.2: {}
 
-  pathval@1.1.1: {}
+  pathval@2.0.0: {}
 
   pend@1.2.0: {}
 
@@ -22741,6 +22652,8 @@ snapshots:
 
   picocolors@1.0.0: {}
 
+  picocolors@1.0.1: {}
+
   picomatch@2.3.1: {}
 
   pidtree@0.6.0: {}
@@ -22757,12 +22670,6 @@ snapshots:
     dependencies:
       find-up: 5.0.0
 
-  pkg-types@1.0.3:
-    dependencies:
-      jsonc-parser: 3.2.0
-      mlly: 1.6.1
-      pathe: 1.1.2
-
   pluralize@8.0.0: {}
 
   pngjs@5.0.0: {}
@@ -23524,7 +23431,7 @@ snapshots:
 
   rimraf@5.0.5:
     dependencies:
-      glob: 10.3.12
+      glob: 10.4.2
 
   roarr@7.11.0:
     dependencies:
@@ -24023,9 +23930,9 @@ snapshots:
 
   strip-json-comments@3.1.1: {}
 
-  strip-literal@2.0.0:
+  strip-literal@2.1.0:
     dependencies:
-      js-tokens: 8.0.3
+      js-tokens: 9.0.0
 
   strnum@1.0.5: {}
 
@@ -24239,6 +24146,12 @@ snapshots:
       glob: 7.2.3
       minimatch: 3.1.2
 
+  test-exclude@7.0.1:
+    dependencies:
+      '@istanbuljs/schema': 0.1.3
+      glob: 10.4.2
+      minimatch: 9.0.4
+
   text-extensions@2.4.0: {}
 
   text-table@0.2.0: {}
@@ -24255,13 +24168,13 @@ snapshots:
 
   tiny-cookie@2.4.1: {}
 
-  tinybench@2.6.0: {}
+  tinybench@2.8.0: {}
 
   tinycolor2@1.6.0: {}
 
-  tinypool@0.8.2: {}
+  tinypool@1.0.0: {}
 
-  tinyspy@2.2.1: {}
+  tinyspy@3.0.0: {}
 
   tmp@0.0.33:
     dependencies:
@@ -24453,8 +24366,6 @@ snapshots:
 
   ua-parser-js@1.0.37: {}
 
-  ufo@1.5.2: {}
-
   unbox-primitive@1.0.2:
     dependencies:
       call-bind: 1.0.7
@@ -24597,12 +24508,12 @@ snapshots:
       unist-util-stringify-position: 4.0.0
       vfile-message: 4.0.2
 
-  vite-node@1.4.0(@types/node@20.10.4)(sass@1.56.1):
+  vite-node@2.0.0(@types/node@20.10.4)(sass@1.56.1):
     dependencies:
       cac: 6.7.14
-      debug: 4.3.4
+      debug: 4.3.5
       pathe: 1.1.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       vite: 5.2.9(@types/node@20.10.4)(sass@1.56.1)
     transitivePeerDependencies:
       - '@types/node'
@@ -24614,12 +24525,12 @@ snapshots:
       - supports-color
       - terser
 
-  vite-node@1.4.0(@types/node@20.11.20)(sass@1.56.1):
+  vite-node@2.0.0(@types/node@20.11.20)(sass@1.56.1):
     dependencies:
       cac: 6.7.14
-      debug: 4.3.4
+      debug: 4.3.5
       pathe: 1.1.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       vite: 5.2.9(@types/node@20.11.20)(sass@1.56.1)
     transitivePeerDependencies:
       - '@types/node'
@@ -24631,12 +24542,12 @@ snapshots:
       - supports-color
       - terser
 
-  vite-node@1.4.0(@types/node@20.12.7)(sass@1.56.1):
+  vite-node@2.0.0(@types/node@20.12.7)(sass@1.56.1):
     dependencies:
       cac: 6.7.14
-      debug: 4.3.4
+      debug: 4.3.5
       pathe: 1.1.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       vite: 5.2.9(@types/node@20.12.7)(sass@1.56.1)
     transitivePeerDependencies:
       - '@types/node'
@@ -24678,27 +24589,25 @@ snapshots:
       fsevents: 2.3.3
       sass: 1.56.1
 
-  vitest@1.4.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
+  vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
     dependencies:
-      '@vitest/expect': 1.4.0
-      '@vitest/runner': 1.4.0
-      '@vitest/snapshot': 1.4.0
-      '@vitest/spy': 1.4.0
-      '@vitest/utils': 1.4.0
-      acorn-walk: 8.3.2
-      chai: 4.4.1
-      debug: 4.3.4
+      '@ampproject/remapping': 2.3.0
+      '@vitest/expect': 2.0.0
+      '@vitest/runner': 2.0.0
+      '@vitest/snapshot': 2.0.0
+      '@vitest/spy': 2.0.0
+      '@vitest/utils': 2.0.0
+      chai: 5.1.1
+      debug: 4.3.5
       execa: 8.0.1
-      local-pkg: 0.5.0
-      magic-string: 0.30.7
+      magic-string: 0.30.10
       pathe: 1.1.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       std-env: 3.7.0
-      strip-literal: 2.0.0
-      tinybench: 2.6.0
-      tinypool: 0.8.2
+      tinybench: 2.8.0
+      tinypool: 1.0.0
       vite: 5.2.9(@types/node@20.10.4)(sass@1.56.1)
-      vite-node: 1.4.0(@types/node@20.10.4)(sass@1.56.1)
+      vite-node: 2.0.0(@types/node@20.10.4)(sass@1.56.1)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.10.4
@@ -24713,27 +24622,25 @@ snapshots:
       - supports-color
       - terser
 
-  vitest@1.4.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
+  vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
     dependencies:
-      '@vitest/expect': 1.4.0
-      '@vitest/runner': 1.4.0
-      '@vitest/snapshot': 1.4.0
-      '@vitest/spy': 1.4.0
-      '@vitest/utils': 1.4.0
-      acorn-walk: 8.3.2
-      chai: 4.4.1
-      debug: 4.3.4
+      '@ampproject/remapping': 2.3.0
+      '@vitest/expect': 2.0.0
+      '@vitest/runner': 2.0.0
+      '@vitest/snapshot': 2.0.0
+      '@vitest/spy': 2.0.0
+      '@vitest/utils': 2.0.0
+      chai: 5.1.1
+      debug: 4.3.5
       execa: 8.0.1
-      local-pkg: 0.5.0
-      magic-string: 0.30.7
+      magic-string: 0.30.10
       pathe: 1.1.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       std-env: 3.7.0
-      strip-literal: 2.0.0
-      tinybench: 2.6.0
-      tinypool: 0.8.2
+      tinybench: 2.8.0
+      tinypool: 1.0.0
       vite: 5.2.9(@types/node@20.11.20)(sass@1.56.1)
-      vite-node: 1.4.0(@types/node@20.11.20)(sass@1.56.1)
+      vite-node: 2.0.0(@types/node@20.11.20)(sass@1.56.1)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.11.20
@@ -24748,27 +24655,25 @@ snapshots:
       - supports-color
       - terser
 
-  vitest@1.4.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
+  vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
     dependencies:
-      '@vitest/expect': 1.4.0
-      '@vitest/runner': 1.4.0
-      '@vitest/snapshot': 1.4.0
-      '@vitest/spy': 1.4.0
-      '@vitest/utils': 1.4.0
-      acorn-walk: 8.3.2
-      chai: 4.4.1
-      debug: 4.3.4
+      '@ampproject/remapping': 2.3.0
+      '@vitest/expect': 2.0.0
+      '@vitest/runner': 2.0.0
+      '@vitest/snapshot': 2.0.0
+      '@vitest/spy': 2.0.0
+      '@vitest/utils': 2.0.0
+      chai: 5.1.1
+      debug: 4.3.5
       execa: 8.0.1
-      local-pkg: 0.5.0
-      magic-string: 0.30.7
+      magic-string: 0.30.10
       pathe: 1.1.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       std-env: 3.7.0
-      strip-literal: 2.0.0
-      tinybench: 2.6.0
-      tinypool: 0.8.2
+      tinybench: 2.8.0
+      tinypool: 1.0.0
       vite: 5.2.9(@types/node@20.12.7)(sass@1.56.1)
-      vite-node: 1.4.0(@types/node@20.12.7)(sass@1.56.1)
+      vite-node: 2.0.0(@types/node@20.12.7)(sass@1.56.1)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.12.7

From 5bae495cc9f6a095c5d0c338dcd5dbea2c8d7166 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 15 Jul 2024 09:53:50 +0800
Subject: [PATCH 015/135] feat(core,schemas): implement the sie settings guard
 (#6215)

* feat(core,schemas): implement the sie settings guard

implement the sie settings guard

* fix(test): fix integration test

fix integration test

* test(core): add sie guard ut

add sie guard ut

* chore(core): add some comment

add some comment

* refactor(core): rename the sign-in-experience-settings class

rename the sign-in-experience-settings class
---
 .../classes/experience-interaction.ts         | 122 +++--
 .../src/routes/experience/classes/utils.ts    |  50 +-
 .../sign-in-experience-validator.test.ts      | 500 ++++++++++++++++++
 .../sign-in-experience-validator.ts           | 230 ++++++++
 .../verifications/code-verification.ts        |  43 +-
 packages/core/src/routes/experience/index.ts  |  19 +-
 .../backup-code-verification.ts               |   2 +-
 .../verification-routes/totp-verification.ts  |   4 +-
 .../verification-routes/verification-code.ts  |   4 +-
 .../src/helpers/experience/index.ts           |   4 +-
 .../api/experience-api/interaction.test.ts    |   4 +-
 .../sign-in-interaction/password.test.ts      |   4 +-
 .../verification-code.test.ts                 |   8 +-
 .../backup-code-verification.test.ts          |   2 +-
 .../password-verification.test.ts             |   4 +-
 .../verifications/social-verification.test.ts |   4 +-
 .../verifications/totp-verification.test.ts   |   6 +-
 .../verifications/verification-code.test.ts   |   6 +-
 .../phrases/src/locales/en/errors/session.ts  |   1 -
 packages/schemas/src/types/interactions.ts    |  20 +-
 20 files changed, 882 insertions(+), 155 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
 create mode 100644 packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index ec37d2590b6b..9be9636029ce 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -9,7 +9,7 @@ import assertThat from '#src/utils/assert-that.js';
 
 import type { Interaction } from '../types.js';
 
-import { validateSieVerificationMethod } from './utils.js';
+import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
   buildVerificationRecord,
   verificationRecordDataGuard,
@@ -38,6 +38,8 @@ const interactionStorageGuard = z.object({
  * @see {@link https://github.com/logto-io/rfcs | Logto RFCs} for more information about RFC 0004.
  */
 export default class ExperienceInteraction {
+  public readonly signInExperienceValidator: SignInExperienceValidator;
+
   /** The user verification record list for the current interaction. */
   private readonly verificationRecords = new Map<VerificationType, VerificationRecord>();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
@@ -60,12 +62,15 @@ export default class ExperienceInteraction {
   ) {
     const { libraries, queries } = tenant;
 
+    this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
+
     if (!interactionDetails) {
       return;
     }
 
     const result = interactionStorageGuard.safeParse(interactionDetails.result ?? {});
 
+    // `interactionDetails.result` is not a valid experience interaction storage
     assertThat(
       result.success,
       new RequestError({ code: 'session.interaction_not_found', status: 404 })
@@ -91,9 +96,26 @@ export default class ExperienceInteraction {
     return this.#interactionEvent;
   }
 
-  /** Set the interaction event for the current interaction */
-  public setInteractionEvent(interactionEvent: InteractionEvent) {
-    // TODO: conflict event check (e.g. reset password session can't be used for sign in)
+  /**
+   * Set the interaction event for the current interaction
+   *
+   * @throws RequestError with 403 if the interaction event is not allowed by the `SignInExperienceValidator`
+   * @throws RequestError with 400 if the interaction event is `ForgotPassword` and the current interaction event is not `ForgotPassword`
+   * @throws RequestError with 400 if the interaction event is not `ForgotPassword` and the current interaction event is `ForgotPassword`
+   */
+  public async setInteractionEvent(interactionEvent: InteractionEvent) {
+    await this.signInExperienceValidator.guardInteractionEvent(interactionEvent);
+
+    // `ForgotPassword` interaction event can not interchanged with other events
+    if (this.interactionEvent) {
+      assertThat(
+        interactionEvent === InteractionEvent.ForgotPassword
+          ? this.interactionEvent === InteractionEvent.ForgotPassword
+          : this.interactionEvent !== InteractionEvent.ForgotPassword,
+        new RequestError({ code: 'session.not_supported_for_forgot_password', status: 400 })
+      );
+    }
+
     this.#interactionEvent = interactionEvent;
   }
 
@@ -101,13 +123,13 @@ export default class ExperienceInteraction {
    * Identify the user using the verification record.
    *
    * - Check if the verification record exists.
-   * - Check if the verification record is valid for the current interaction event.
+   * - Verify the verification record with `SignInExperienceValidator`.
    * - Create a new user using the verification record if the current interaction event is `Register`.
    * - Identify the user using the verification record if the current interaction event is `SignIn` or `ForgotPassword`.
    * - Set the user id to the current interaction.
    *
-   * @throws RequestError with 404 if the verification record is not found
    * @throws RequestError with 404 if the interaction event is not set
+   * @throws RequestError with 404 if the verification record is not found
    * @throws RequestError with 400 if the verification record is not valid for the current interaction event
    * @throws RequestError with 401 if the user is suspended
    * @throws RequestError with 409 if the current session has already identified a different user
@@ -116,47 +138,26 @@ export default class ExperienceInteraction {
     const verificationRecord = this.getVerificationRecordById(verificationId);
 
     assertThat(
-      verificationRecord && this.interactionEvent,
+      this.interactionEvent,
+      new RequestError({ code: 'session.interaction_not_found', status: 404 })
+    );
+
+    assertThat(
+      verificationRecord,
       new RequestError({ code: 'session.verification_session_not_found', status: 404 })
     );
 
-    // Existing user identification flow
-    validateSieVerificationMethod(this.interactionEvent, verificationRecord);
+    await this.signInExperienceValidator.verifyIdentificationMethod(
+      this.interactionEvent,
+      verificationRecord
+    );
 
-    // User creation flow
     if (this.interactionEvent === InteractionEvent.Register) {
-      this.createNewUser(verificationRecord);
+      await this.createNewUser(verificationRecord);
       return;
     }
 
-    switch (verificationRecord.type) {
-      case VerificationType.Password:
-      case VerificationType.VerificationCode:
-      case VerificationType.Social:
-      case VerificationType.EnterpriseSso: {
-        // TODO: social sign-in with verified email
-
-        const { id, isSuspended } = await verificationRecord.identifyUser();
-
-        assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
-
-        // Throws an 409 error if the current session has already identified a different user
-        if (this.userId) {
-          assertThat(
-            this.userId === id,
-            new RequestError({ code: 'session.identity_conflict', status: 409 })
-          );
-          return;
-        }
-
-        this.userId = id;
-        break;
-      }
-      default: {
-        // Unsupported verification type for identification, such as MFA verification.
-        throw new RequestError({ code: 'session.verification_failed', status: 400 });
-      }
-    }
+    await this.identifyExistingUser(verificationRecord);
   }
 
   /**
@@ -223,7 +224,46 @@ export default class ExperienceInteraction {
     return [...this.verificationRecords.values()];
   }
 
-  private createNewUser(verificationRecord: VerificationRecord) {
-    // TODO: create new user for the Register event
+  private async identifyExistingUser(verificationRecord: VerificationRecord) {
+    switch (verificationRecord.type) {
+      case VerificationType.Password:
+      case VerificationType.VerificationCode:
+      case VerificationType.Social:
+      case VerificationType.EnterpriseSso: {
+        // TODO: social sign-in with verified email
+        const { id, isSuspended } = await verificationRecord.identifyUser();
+
+        assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
+
+        // Throws an 409 error if the current session has already identified a different user
+        if (this.userId) {
+          assertThat(
+            this.userId === id,
+            new RequestError({ code: 'session.identity_conflict', status: 409 })
+          );
+          return;
+        }
+
+        this.userId = id;
+        break;
+      }
+      default: {
+        // Unsupported verification type for identification, such as MFA verification.
+        throw new RequestError({ code: 'session.verification_failed', status: 400 });
+      }
+    }
+  }
+
+  private async createNewUser(verificationRecord: VerificationRecord) {
+    // TODO: To be implemented
+    switch (verificationRecord.type) {
+      case VerificationType.VerificationCode: {
+        break;
+      }
+      default: {
+        // Unsupported verification type for user creation, such as MFA verification.
+        throw new RequestError({ code: 'session.verification_failed', status: 400 });
+      }
+    }
   }
 }
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index dfaa48847563..575908b45fa3 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -1,62 +1,20 @@
-import {
-  InteractionEvent,
-  InteractionIdentifierType,
-  VerificationType,
-  type InteractionIdentifier,
-} from '@logto/schemas';
+import { SignInIdentifier, type InteractionIdentifier } from '@logto/schemas';
 
-import RequestError from '#src/errors/RequestError/index.js';
 import type Queries from '#src/tenants/Queries.js';
-import assertThat from '#src/utils/assert-that.js';
-
-import { type VerificationRecord } from './verifications/index.js';
 
 export const findUserByIdentifier = async (
   userQuery: Queries['users'],
   { type, value }: InteractionIdentifier
 ) => {
   switch (type) {
-    case InteractionIdentifierType.Username: {
+    case SignInIdentifier.Username: {
       return userQuery.findUserByUsername(value);
     }
-    case InteractionIdentifierType.Email: {
+    case SignInIdentifier.Email: {
       return userQuery.findUserByEmail(value);
     }
-    case InteractionIdentifierType.Phone: {
+    case SignInIdentifier.Phone: {
       return userQuery.findUserByPhone(value);
     }
   }
 };
-
-/**
- * Check if the verification record is valid for the current interaction event.
- *
- * This function will compare the verification record for the current interaction event with Logto's SIE settings
- *
- * @throws RequestError with 400 if the verification record is not valid for the current interaction event
- */
-export const validateSieVerificationMethod = (
-  interactionEvent: InteractionEvent,
-  verificationRecord: VerificationRecord
-) => {
-  switch (interactionEvent) {
-    case InteractionEvent.SignIn: {
-      // TODO: sign-in methods validation
-      break;
-    }
-    case InteractionEvent.Register: {
-      // TODO: sign-up methods validation
-      break;
-    }
-    case InteractionEvent.ForgotPassword: {
-      // Forgot password only supports verification code type verification record
-      // The verification record's interaction event must be ForgotPassword
-      assertThat(
-        verificationRecord.type === VerificationType.VerificationCode &&
-          verificationRecord.interactionEvent === InteractionEvent.ForgotPassword,
-        new RequestError({ code: 'session.verification_session_not_found', status: 400 })
-      );
-      break;
-    }
-  }
-};
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
new file mode 100644
index 000000000000..f7f49f296cef
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
@@ -0,0 +1,500 @@
+/* eslint-disable max-lines */
+import {
+  InteractionEvent,
+  type SignInExperience,
+  SignInIdentifier,
+  SignInMode,
+  VerificationType,
+} from '@logto/schemas';
+
+import { mockSignInExperience } from '#src/__mocks__/sign-in-experience.js';
+import RequestError from '#src/errors/RequestError/index.js';
+import { MockTenant } from '#src/test-utils/tenant.js';
+
+import { CodeVerification } from '../verifications/code-verification.js';
+import { EnterpriseSsoVerification } from '../verifications/enterprise-sso-verification.js';
+import { type VerificationRecord } from '../verifications/index.js';
+import { PasswordVerification } from '../verifications/password-verification.js';
+import { SocialVerification } from '../verifications/social-verification.js';
+
+import { SignInExperienceValidator } from './sign-in-experience-validator.js';
+
+const { jest } = import.meta;
+
+const emailDomain = 'logto.io';
+
+const signInExperiences = {
+  findDefaultSignInExperience: jest.fn().mockResolvedValue(mockSignInExperience),
+};
+const ssoConnectors = {
+  getAvailableSsoConnectors: jest.fn().mockResolvedValue([]),
+};
+
+const mockTenant = new MockTenant(undefined, { signInExperiences }, undefined, { ssoConnectors });
+
+const passwordVerificationRecords = Object.fromEntries(
+  Object.values(SignInIdentifier).map((identifier) => [
+    identifier,
+    PasswordVerification.create(mockTenant.libraries, mockTenant.queries, {
+      type: identifier,
+      value: identifier === SignInIdentifier.Email ? `foo@${emailDomain}` : 'value',
+    }),
+  ])
+) as Record<SignInIdentifier, PasswordVerification>;
+
+const verificationCodeVerificationRecords = Object.freeze({
+  [SignInIdentifier.Email]: CodeVerification.create(
+    mockTenant.libraries,
+    mockTenant.queries,
+    {
+      type: SignInIdentifier.Email,
+      value: `foo@${emailDomain}`,
+    },
+    InteractionEvent.SignIn
+  ),
+  [SignInIdentifier.Phone]: CodeVerification.create(
+    mockTenant.libraries,
+    mockTenant.queries,
+    {
+      type: SignInIdentifier.Phone,
+      value: 'value',
+    },
+    InteractionEvent.SignIn
+  ),
+});
+
+const enterpriseSsoVerificationRecords = EnterpriseSsoVerification.create(
+  mockTenant.libraries,
+  mockTenant.queries,
+  'mock_connector_id'
+);
+
+const socialVerificationRecord = new SocialVerification(mockTenant.libraries, mockTenant.queries, {
+  id: 'social_verification_id',
+  type: VerificationType.Social,
+  connectorId: 'mock_connector_id',
+  socialUserInfo: {
+    id: 'user_id',
+    email: `foo@${emailDomain}`,
+  },
+});
+
+describe('SignInExperienceValidator', () => {
+  describe('guardInteractionEvent', () => {
+    it('SignInMode.Register', async () => {
+      const signInExperience = {
+        signInMode: SignInMode.Register,
+      };
+      signInExperiences.findDefaultSignInExperience.mockResolvedValueOnce(signInExperience);
+
+      const signInExperienceSettings = new SignInExperienceValidator(
+        mockTenant.libraries,
+        mockTenant.queries
+      );
+
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.SignIn)
+      ).rejects.toMatchError(new RequestError({ code: 'auth.forbidden', status: 403 }));
+
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.Register)
+      ).resolves.not.toThrow();
+
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.ForgotPassword)
+      ).resolves.not.toThrow();
+    });
+
+    it('SignInMode.SignIn', async () => {
+      const signInExperience = {
+        signInMode: SignInMode.SignIn,
+      };
+      signInExperiences.findDefaultSignInExperience.mockResolvedValueOnce(signInExperience);
+
+      const signInExperienceSettings = new SignInExperienceValidator(
+        mockTenant.libraries,
+        mockTenant.queries
+      );
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.Register)
+      ).rejects.toMatchError(new RequestError({ code: 'auth.forbidden', status: 403 }));
+
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.SignIn)
+      ).resolves.not.toThrow();
+
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.ForgotPassword)
+      ).resolves.not.toThrow();
+    });
+
+    it('SignInMode.SignInAndRegister', async () => {
+      const signInExperience = {
+        signInMode: SignInMode.SignInAndRegister,
+      };
+      signInExperiences.findDefaultSignInExperience.mockResolvedValueOnce(signInExperience);
+
+      const signInExperienceSettings = new SignInExperienceValidator(
+        mockTenant.libraries,
+        mockTenant.queries
+      );
+
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.Register)
+      ).resolves.not.toThrow();
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.SignIn)
+      ).resolves.not.toThrow();
+      await expect(
+        signInExperienceSettings.guardInteractionEvent(InteractionEvent.ForgotPassword)
+      ).resolves.not.toThrow();
+    });
+  });
+
+  describe('verifyIdentificationMethod (SignIn)', () => {
+    const signInVerificationTestCases: Record<
+      string,
+      {
+        signInExperience: SignInExperience;
+        cases: Array<{ verificationRecord: VerificationRecord; accepted: boolean }>;
+      }
+    > = Object.freeze({
+      'password enabled for all identifiers': {
+        signInExperience: mockSignInExperience,
+        cases: [
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Username],
+            accepted: true,
+          },
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Email],
+            accepted: true,
+          },
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Phone],
+            accepted: true,
+          },
+        ],
+      },
+      'password disabled for email and phone': {
+        signInExperience: {
+          ...mockSignInExperience,
+          signIn: {
+            methods: mockSignInExperience.signIn.methods.map((method) =>
+              method.identifier === SignInIdentifier.Username
+                ? method
+                : { ...method, password: false }
+            ),
+          },
+        },
+        cases: [
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Username],
+            accepted: true,
+          },
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Email],
+            accepted: false,
+          },
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Phone],
+            accepted: false,
+          },
+        ],
+      },
+      'verification code enabled for email and phone': {
+        signInExperience: mockSignInExperience,
+        cases: [
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
+            accepted: true,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Phone],
+            accepted: true,
+          },
+        ],
+      },
+      'verification code disabled for email and phone': {
+        signInExperience: {
+          ...mockSignInExperience,
+          signIn: {
+            methods: mockSignInExperience.signIn.methods.map((method) =>
+              method.identifier === SignInIdentifier.Username
+                ? method
+                : { ...method, verificationCode: false }
+            ),
+          },
+        },
+        cases: [
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
+            accepted: false,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Phone],
+            accepted: false,
+          },
+        ],
+      },
+      'no sign-in methods is enabled': {
+        signInExperience: {
+          ...mockSignInExperience,
+          signIn: {
+            methods: [],
+          },
+        },
+        cases: [
+          {
+            verificationRecord: passwordVerificationRecords[SignInIdentifier.Username],
+            accepted: false,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
+            accepted: false,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Phone],
+            accepted: false,
+          },
+        ],
+      },
+      'single sign-on enabled': {
+        signInExperience: {
+          ...mockSignInExperience,
+          singleSignOnEnabled: true,
+        },
+        cases: [
+          {
+            verificationRecord: enterpriseSsoVerificationRecords,
+            accepted: true,
+          },
+        ],
+      },
+      'single sign-on disabled': {
+        signInExperience: {
+          ...mockSignInExperience,
+          singleSignOnEnabled: false,
+        },
+        cases: [
+          {
+            verificationRecord: enterpriseSsoVerificationRecords,
+            accepted: false,
+          },
+        ],
+      },
+    });
+
+    describe.each(Object.keys(signInVerificationTestCases))(`%s`, (testCase) => {
+      const { signInExperience, cases } = signInVerificationTestCases[testCase]!;
+
+      it.each(cases)('guard verification record %p', async ({ verificationRecord, accepted }) => {
+        signInExperiences.findDefaultSignInExperience.mockResolvedValueOnce(signInExperience);
+
+        const signInExperienceSettings = new SignInExperienceValidator(
+          mockTenant.libraries,
+          mockTenant.queries
+        );
+
+        await (accepted
+          ? expect(
+              signInExperienceSettings.verifyIdentificationMethod(
+                InteractionEvent.SignIn,
+                verificationRecord
+              )
+            ).resolves.not.toThrow()
+          : expect(
+              signInExperienceSettings.verifyIdentificationMethod(
+                InteractionEvent.SignIn,
+                verificationRecord
+              )
+            ).rejects.toMatchError(
+              new RequestError({ code: 'user.sign_in_method_not_enabled', status: 422 })
+            ));
+      });
+    });
+  });
+
+  describe('verifyIdentificationMethod (Register)', () => {
+    const registerVerificationTestCases: Record<
+      string,
+      {
+        signInExperience: SignInExperience;
+        cases: Array<{ verificationRecord: VerificationRecord; accepted: boolean }>;
+      }
+    > = Object.freeze({
+      'only username is enabled for sign-up': {
+        signInExperience: mockSignInExperience,
+        cases: [
+          // TODO: username password registration
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
+            accepted: false,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Phone],
+            accepted: false,
+          },
+        ],
+      },
+      'email is enabled for sign-up': {
+        signInExperience: {
+          ...mockSignInExperience,
+          signUp: {
+            identifiers: [SignInIdentifier.Email],
+            password: true,
+            verify: true,
+          },
+        },
+        cases: [
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
+            accepted: true,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Phone],
+            accepted: false,
+          },
+        ],
+      },
+      'email and phone are enabled for sign-up': {
+        signInExperience: {
+          ...mockSignInExperience,
+          signUp: {
+            identifiers: [SignInIdentifier.Email, SignInIdentifier.Phone],
+            password: true,
+            verify: true,
+          },
+        },
+        cases: [
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
+            accepted: true,
+          },
+          {
+            verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Phone],
+            accepted: true,
+          },
+        ],
+      },
+      'enterprise sso enabled': {
+        signInExperience: {
+          ...mockSignInExperience,
+          singleSignOnEnabled: true,
+        },
+        cases: [
+          {
+            verificationRecord: enterpriseSsoVerificationRecords,
+            accepted: true,
+          },
+        ],
+      },
+      'enterprise sso disabled': {
+        signInExperience: {
+          ...mockSignInExperience,
+          singleSignOnEnabled: false,
+        },
+        cases: [
+          {
+            verificationRecord: enterpriseSsoVerificationRecords,
+            accepted: false,
+          },
+        ],
+      },
+    });
+
+    describe.each(Object.keys(registerVerificationTestCases))(`%s`, (testCase) => {
+      const { signInExperience, cases } = registerVerificationTestCases[testCase]!;
+
+      it.each(cases)('guard verification record %p', async ({ verificationRecord, accepted }) => {
+        signInExperiences.findDefaultSignInExperience.mockResolvedValueOnce(signInExperience);
+
+        const signInExperienceSettings = new SignInExperienceValidator(
+          mockTenant.libraries,
+          mockTenant.queries
+        );
+
+        await (accepted
+          ? expect(
+              signInExperienceSettings.verifyIdentificationMethod(
+                InteractionEvent.Register,
+                verificationRecord
+              )
+            ).resolves.not.toThrow()
+          : expect(
+              signInExperienceSettings.verifyIdentificationMethod(
+                InteractionEvent.Register,
+                verificationRecord
+              )
+            ).rejects.toMatchError(
+              new RequestError({ code: 'user.sign_up_method_not_enabled', status: 422 })
+            ));
+      });
+    });
+  });
+
+  describe('guardSsoOnlyEmailIdentifier: identifier with SSO enabled domain should throw', () => {
+    const mockSsoConnector = {
+      domains: [emailDomain],
+    };
+
+    const expectError = new RequestError(
+      {
+        code: 'session.sso_enabled',
+        status: 422,
+      },
+      {
+        ssoConnectors: [mockSsoConnector],
+      }
+    );
+
+    it('email password verification record', async () => {
+      ssoConnectors.getAvailableSsoConnectors.mockResolvedValueOnce([mockSsoConnector]);
+
+      const signInExperienceSettings = new SignInExperienceValidator(
+        mockTenant.libraries,
+        mockTenant.queries
+      );
+
+      await expect(
+        signInExperienceSettings.verifyIdentificationMethod(
+          InteractionEvent.SignIn,
+          passwordVerificationRecords[SignInIdentifier.Email]
+        )
+      ).rejects.toMatchError(expectError);
+    });
+
+    it('email verification code verification record', async () => {
+      ssoConnectors.getAvailableSsoConnectors.mockResolvedValueOnce([mockSsoConnector]);
+
+      const signInExperienceSettings = new SignInExperienceValidator(
+        mockTenant.libraries,
+        mockTenant.queries
+      );
+
+      await expect(
+        signInExperienceSettings.verifyIdentificationMethod(
+          InteractionEvent.SignIn,
+          verificationCodeVerificationRecords[SignInIdentifier.Email]
+        )
+      ).rejects.toMatchError(expectError);
+    });
+
+    it('social verification record', async () => {
+      ssoConnectors.getAvailableSsoConnectors.mockResolvedValueOnce([mockSsoConnector]);
+
+      const signInExperienceSettings = new SignInExperienceValidator(
+        mockTenant.libraries,
+        mockTenant.queries
+      );
+
+      await expect(
+        signInExperienceSettings.verifyIdentificationMethod(
+          InteractionEvent.SignIn,
+          socialVerificationRecord
+        )
+      ).rejects.toMatchError(expectError);
+    });
+  });
+});
+/* eslint-enable max-lines */
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
new file mode 100644
index 000000000000..26f095f3a911
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
@@ -0,0 +1,230 @@
+import {
+  InteractionEvent,
+  type SignInExperience,
+  SignInMode,
+  VerificationType,
+} from '@logto/schemas';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { type VerificationRecord } from '../verifications/index.js';
+
+const getEmailIdentifierFromVerificationRecord = (verificationRecord: VerificationRecord) => {
+  switch (verificationRecord.type) {
+    case VerificationType.Password:
+    case VerificationType.VerificationCode: {
+      const {
+        identifier: { type, value },
+      } = verificationRecord;
+
+      return type === 'email' ? value : undefined;
+    }
+    case VerificationType.Social: {
+      const { socialUserInfo } = verificationRecord;
+      return socialUserInfo?.email;
+    }
+    default: {
+      break;
+    }
+  }
+};
+
+/**
+ *  SignInExperienceValidator class provides all the sign-in experience settings validation logic.
+ *
+ * - Guard the interaction event based on the sign-in experience settings
+ * - Guard the identification method based on the sign-in experience settings
+ * - Guard the email identifier with SSO enabled domains
+ */
+export class SignInExperienceValidator {
+  private signInExperienceDataCache?: SignInExperience;
+
+  constructor(
+    private readonly libraries: Libraries,
+    private readonly queries: Queries
+  ) {}
+
+  public async guardInteractionEvent(event: InteractionEvent) {
+    const { signInMode } = await this.getSignInExperienceData();
+
+    switch (event) {
+      case InteractionEvent.SignIn: {
+        assertThat(
+          signInMode !== SignInMode.Register,
+          new RequestError({ code: 'auth.forbidden', status: 403 })
+        );
+        break;
+      }
+      case InteractionEvent.Register: {
+        assertThat(
+          signInMode !== SignInMode.SignIn,
+          new RequestError({ code: 'auth.forbidden', status: 403 })
+        );
+        break;
+      }
+      case InteractionEvent.ForgotPassword: {
+        break;
+      }
+    }
+  }
+
+  async verifyIdentificationMethod(
+    event: InteractionEvent,
+    verificationRecord: VerificationRecord
+  ) {
+    switch (event) {
+      case InteractionEvent.SignIn: {
+        await this.guardSignInVerificationMethod(verificationRecord);
+        break;
+      }
+      case InteractionEvent.Register: {
+        await this.guardRegisterVerificationMethod(verificationRecord);
+        break;
+      }
+      case InteractionEvent.ForgotPassword: {
+        this.guardForgotPasswordVerificationMethod(verificationRecord);
+        break;
+      }
+    }
+
+    await this.guardSsoOnlyEmailIdentifier(verificationRecord);
+  }
+
+  private async getSignInExperienceData() {
+    this.signInExperienceDataCache ||=
+      await this.queries.signInExperiences.findDefaultSignInExperience();
+
+    return this.signInExperienceDataCache;
+  }
+
+  /**
+   * Guard the verification records contains email identifier with SSO enabled
+   *
+   * @remarks
+   * Email identifier with SSO enabled domain will be blocked.
+   * Can only verify/identify via SSO verification record.
+   *
+   * - VerificationCode with email identifier
+   * - Social userinfo with email
+   **/
+  private async guardSsoOnlyEmailIdentifier(verificationRecord: VerificationRecord) {
+    const emailIdentifier = getEmailIdentifierFromVerificationRecord(verificationRecord);
+
+    if (!emailIdentifier) {
+      return;
+    }
+
+    const domain = emailIdentifier.split('@')[1];
+    const { singleSignOnEnabled } = await this.getSignInExperienceData();
+
+    if (!singleSignOnEnabled || !domain) {
+      return;
+    }
+
+    const { getAvailableSsoConnectors } = this.libraries.ssoConnectors;
+    const availableSsoConnectors = await getAvailableSsoConnectors();
+
+    const domainEnabledConnectors = availableSsoConnectors.filter(({ domains }) =>
+      domains.includes(domain)
+    );
+
+    assertThat(
+      domainEnabledConnectors.length === 0,
+      new RequestError(
+        {
+          code: 'session.sso_enabled',
+          status: 422,
+        },
+        {
+          ssoConnectors: domainEnabledConnectors,
+        }
+      )
+    );
+  }
+
+  private async guardSignInVerificationMethod(verificationRecord: VerificationRecord) {
+    const {
+      signIn: { methods: signInMethods },
+      singleSignOnEnabled,
+    } = await this.getSignInExperienceData();
+
+    switch (verificationRecord.type) {
+      case VerificationType.Password:
+      case VerificationType.VerificationCode: {
+        const {
+          identifier: { type },
+        } = verificationRecord;
+
+        assertThat(
+          signInMethods.some(({ identifier: method, password, verificationCode }) => {
+            return (
+              method === type &&
+              (verificationRecord.type === VerificationType.Password ? password : verificationCode)
+            );
+          }),
+          new RequestError({ code: 'user.sign_in_method_not_enabled', status: 422 })
+        );
+        break;
+      }
+
+      case VerificationType.Social: {
+        // No need to verify social verification method
+        break;
+      }
+      case VerificationType.EnterpriseSso: {
+        assertThat(
+          singleSignOnEnabled,
+          new RequestError({ code: 'user.sign_in_method_not_enabled', status: 422 })
+        );
+        break;
+      }
+      default: {
+        throw new RequestError({ code: 'user.sign_in_method_not_enabled', status: 422 });
+      }
+    }
+  }
+
+  private async guardRegisterVerificationMethod(verificationRecord: VerificationRecord) {
+    const { signUp, singleSignOnEnabled } = await this.getSignInExperienceData();
+
+    switch (verificationRecord.type) {
+      // TODO: username password registration
+      case VerificationType.VerificationCode: {
+        const {
+          identifier: { type },
+        } = verificationRecord;
+
+        assertThat(
+          signUp.identifiers.includes(type) && signUp.verify,
+          new RequestError({ code: 'user.sign_up_method_not_enabled', status: 422 })
+        );
+        break;
+      }
+      case VerificationType.Social: {
+        // No need to verify social verification method
+        break;
+      }
+      case VerificationType.EnterpriseSso: {
+        assertThat(
+          singleSignOnEnabled,
+          new RequestError({ code: 'user.sign_up_method_not_enabled', status: 422 })
+        );
+        break;
+      }
+      default: {
+        throw new RequestError({ code: 'user.sign_up_method_not_enabled', status: 422 });
+      }
+    }
+  }
+
+  /** Forgot password only supports verification code type verification record */
+  private guardForgotPasswordVerificationMethod(verificationRecord: VerificationRecord) {
+    assertThat(
+      verificationRecord.type === VerificationType.VerificationCode,
+      new RequestError({ code: 'session.not_supported_for_forgot_password', status: 422 })
+    );
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/verifications/code-verification.ts b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
index ccc8351af923..e87aceed9e1e 100644
--- a/packages/core/src/routes/experience/classes/verifications/code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
@@ -70,9 +70,8 @@ const getPasscodeIdentifierPayload = (
 export class CodeVerification implements VerificationRecord<VerificationType.VerificationCode> {
   /**
    * Factory method to create a new CodeVerification record using the given identifier.
-   * The sendVerificationCode method will be automatically triggered.
    */
-  static async create(
+  static create(
     libraries: Libraries,
     queries: Queries,
     identifier: VerificationCodeIdentifier,
@@ -86,8 +85,6 @@ export class CodeVerification implements VerificationRecord<VerificationType.Ver
       verified: false,
     });
 
-    await record.sendVerificationCode();
-
     return record;
   }
 
@@ -123,6 +120,25 @@ export class CodeVerification implements VerificationRecord<VerificationType.Ver
     return this.verified;
   }
 
+  /**
+   * Send the verification code to the current `identifier`
+   *
+   * @remark Instead of session jti,
+   * the verification id is used as `interaction_jti` to uniquely identify the passcode record in DB
+   * for the current interaction.
+   */
+  async sendVerificationCode() {
+    const { createPasscode, sendPasscode } = this.libraries.passcodes;
+
+    const verificationCode = await createPasscode(
+      this.id,
+      getTemplateTypeByEvent(this.interactionEvent),
+      getPasscodeIdentifierPayload(this.identifier)
+    );
+
+    await sendPasscode(verificationCode);
+  }
+
   /**
    * Verify the `identifier` with the given code
    *
@@ -184,23 +200,4 @@ export class CodeVerification implements VerificationRecord<VerificationType.Ver
       verified,
     };
   }
-
-  /**
-   * Send the verification code to the current `identifier`
-   *
-   * @remark Instead of session jti,
-   * the verification id is used as `interaction_jti` to uniquely identify the passcode record in DB
-   * for the current interaction.
-   */
-  private async sendVerificationCode() {
-    const { createPasscode, sendPasscode } = this.libraries.passcodes;
-
-    const verificationCode = await createPasscode(
-      this.id,
-      getTemplateTypeByEvent(this.interactionEvent),
-      getPasscodeIdentifierPayload(this.identifier)
-    );
-
-    await sendPasscode(verificationCode);
-  }
 }
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index 5cbe17513e44..f020e06fada6 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -52,7 +52,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       body: z.object({
         interactionEvent: z.nativeEnum(InteractionEvent),
       }),
-      status: [204],
+      status: [204, 403],
     }),
     async (ctx, next) => {
       const { interactionEvent } = ctx.guard.body;
@@ -61,7 +61,8 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       createLog(`Interaction.${interactionEvent}.Update`);
 
       const experienceInteraction = new ExperienceInteraction(ctx, tenant);
-      experienceInteraction.setInteractionEvent(interactionEvent);
+
+      await experienceInteraction.setInteractionEvent(interactionEvent);
 
       await experienceInteraction.save();
 
@@ -78,7 +79,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       body: z.object({
         interactionEvent: z.nativeEnum(InteractionEvent),
       }),
-      status: [204],
+      status: [204, 403],
     }),
     async (ctx, next) => {
       const { interactionEvent } = ctx.guard.body;
@@ -88,7 +89,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
         `Interaction.${experienceInteraction.interactionEvent ?? interactionEvent}.Update`
       );
 
-      experienceInteraction.setInteractionEvent(interactionEvent);
+      await experienceInteraction.setInteractionEvent(interactionEvent);
 
       eventLog.append({
         interactionEvent,
@@ -106,16 +107,18 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
     experienceRoutes.identification,
     koaGuard({
       body: identificationApiPayloadGuard,
-      status: [204, 400, 401, 404],
+      status: [204, 400, 401, 404, 409],
     }),
     async (ctx, next) => {
       const { verificationId } = ctx.guard.body;
+      const { experienceInteraction } = ctx;
 
-      await ctx.experienceInteraction.identifyUser(verificationId);
+      await experienceInteraction.identifyUser(verificationId);
 
-      await ctx.experienceInteraction.save();
+      await experienceInteraction.save();
 
-      ctx.status = 204;
+      // Return 201 if a new user is created
+      ctx.status = experienceInteraction.interactionEvent === InteractionEvent.Register ? 201 : 204;
 
       return next();
     }
diff --git a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
index 282197c1e7d3..b38b72cdb4e0 100644
--- a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
@@ -30,7 +30,7 @@ export default function backupCodeVerificationRoutes<T extends WithLogContext>(
       const { experienceInteraction } = ctx;
       const { code } = ctx.guard.body;
 
-      assertThat(experienceInteraction.identifiedUserId, 'session.not_identified');
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
 
       // TODO: Check if the MFA is enabled
 
diff --git a/packages/core/src/routes/experience/verification-routes/totp-verification.ts b/packages/core/src/routes/experience/verification-routes/totp-verification.ts
index d564a7bca58d..ef6a4925b002 100644
--- a/packages/core/src/routes/experience/verification-routes/totp-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/totp-verification.ts
@@ -31,7 +31,7 @@ export default function totpVerificationRoutes<T extends WithLogContext>(
     async (ctx, next) => {
       const { experienceInteraction } = ctx;
 
-      assertThat(experienceInteraction.identifiedUserId, 'session.not_identified');
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
 
       // TODO: Check if the MFA is enabled
       // TODO: Check if the interaction is fully verified
@@ -71,7 +71,7 @@ export default function totpVerificationRoutes<T extends WithLogContext>(
       const { experienceInteraction } = ctx;
       const { verificationId, code } = ctx.guard.body;
 
-      assertThat(experienceInteraction.identifiedUserId, 'session.not_identified');
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
 
       // Verify new generated secret
       if (verificationId) {
diff --git a/packages/core/src/routes/experience/verification-routes/verification-code.ts b/packages/core/src/routes/experience/verification-routes/verification-code.ts
index 0ee92b68a818..1e99894b51c3 100644
--- a/packages/core/src/routes/experience/verification-routes/verification-code.ts
+++ b/packages/core/src/routes/experience/verification-routes/verification-code.ts
@@ -36,13 +36,15 @@ export default function verificationCodeRoutes<T extends WithLogContext>(
     async (ctx, next) => {
       const { identifier, interactionEvent } = ctx.guard.body;
 
-      const codeVerification = await CodeVerification.create(
+      const codeVerification = CodeVerification.create(
         libraries,
         queries,
         identifier,
         interactionEvent
       );
 
+      await codeVerification.sendVerificationCode();
+
       ctx.experienceInteraction.setVerificationRecord(codeVerification);
 
       await ctx.experienceInteraction.save();
diff --git a/packages/integration-tests/src/helpers/experience/index.ts b/packages/integration-tests/src/helpers/experience/index.ts
index af3ebe3e660a..95082dda021d 100644
--- a/packages/integration-tests/src/helpers/experience/index.ts
+++ b/packages/integration-tests/src/helpers/experience/index.ts
@@ -4,7 +4,7 @@
 
 import {
   InteractionEvent,
-  InteractionIdentifierType,
+  SignInIdentifier,
   type InteractionIdentifier,
   type VerificationCodeIdentifier,
 } from '@logto/schemas';
@@ -86,7 +86,7 @@ export const identifyUserWithUsernamePassword = async (
 
   const { verificationId } = await client.verifyPassword({
     identifier: {
-      type: InteractionIdentifierType.Username,
+      type: SignInIdentifier.Username,
       value: username,
     },
     password,
diff --git a/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts b/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts
index 37be24186772..bdf0315dd824 100644
--- a/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/interaction.test.ts
@@ -1,4 +1,4 @@
-import { InteractionEvent, InteractionIdentifierType } from '@logto/schemas';
+import { InteractionEvent, SignInIdentifier } from '@logto/schemas';
 
 import { initExperienceClient } from '#src/helpers/client.js';
 import { expectRejects } from '#src/helpers/index.js';
@@ -19,7 +19,7 @@ devFeatureTest.describe('PUT /experience API', () => {
     const client = await initExperienceClient();
     await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
     const { verificationId } = await client.verifyPassword({
-      identifier: { type: InteractionIdentifierType.Username, value: username },
+      identifier: { type: SignInIdentifier.Username, value: username },
       password,
     });
 
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts
index 0663ca7ffed0..fcf9a6093cbd 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts
@@ -1,4 +1,4 @@
-import { InteractionIdentifierType } from '@logto/schemas';
+import { SignInIdentifier } from '@logto/schemas';
 
 import { deleteUser } from '#src/api/admin-user.js';
 import { signInWithPassword } from '#src/helpers/experience/index.js';
@@ -17,7 +17,7 @@ devFeatureTest.describe('sign-in with password verification happy path', () => {
     await enableAllPasswordSignInMethods();
   });
 
-  it.each(Object.values(InteractionIdentifierType))(
+  it.each(Object.values(SignInIdentifier))(
     'should sign-in with password using %p',
     async (identifier) => {
       const { userProfile, user } = await generateNewUser({
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts
index d18eb8e5be6d..4deb166f167e 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts
@@ -1,4 +1,4 @@
-import { InteractionIdentifierType } from '@logto/schemas';
+import { SignInIdentifier } from '@logto/schemas';
 
 import { deleteUser } from '#src/api/admin-user.js';
 import { setEmailConnector, setSmsConnector } from '#src/helpers/connector.js';
@@ -7,10 +7,8 @@ import { enableAllVerificationCodeSignInMethods } from '#src/helpers/sign-in-exp
 import { generateNewUser } from '#src/helpers/user.js';
 import { devFeatureTest } from '#src/utils.js';
 
-const verificationIdentifierType: readonly [
-  InteractionIdentifierType.Email,
-  InteractionIdentifierType.Phone,
-] = Object.freeze([InteractionIdentifierType.Email, InteractionIdentifierType.Phone]);
+const verificationIdentifierType: readonly [SignInIdentifier.Email, SignInIdentifier.Phone] =
+  Object.freeze([SignInIdentifier.Email, SignInIdentifier.Phone]);
 
 const identifiersTypeToUserProfile = Object.freeze({
   email: 'primaryEmail',
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/backup-code-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/backup-code-verification.test.ts
index d5148b7e5be6..206c285fde3d 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/backup-code-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/backup-code-verification.test.ts
@@ -25,7 +25,7 @@ devFeatureTest.describe('backup code verification APIs', () => {
     const client = await initExperienceClient();
 
     await expectRejects(client.verifyBackupCode({ code: '1234' }), {
-      code: 'session.not_identified',
+      code: 'session.identifier_not_found',
       status: 400,
     });
   });
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/password-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/password-verification.test.ts
index 372a80a0fc75..f2c8c9cba23b 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/password-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/password-verification.test.ts
@@ -1,4 +1,4 @@
-import { InteractionIdentifierType } from '@logto/schemas';
+import { SignInIdentifier } from '@logto/schemas';
 
 import { deleteUser } from '#src/api/admin-user.js';
 import { initExperienceClient } from '#src/helpers/client.js';
@@ -12,7 +12,7 @@ const identifiersTypeToUserProfile = Object.freeze({
 });
 
 devFeatureTest.describe('password verifications', () => {
-  it.each(Object.values(InteractionIdentifierType))(
+  it.each(Object.values(SignInIdentifier))(
     'should verify with password successfully using %p',
     async (identifier) => {
       const { userProfile, user } = await generateNewUser({
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/social-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/social-verification.test.ts
index 6962924e3d94..6350cdcd34da 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/social-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/social-verification.test.ts
@@ -1,5 +1,5 @@
 import { ConnectorType } from '@logto/connector-kit';
-import { InteractionEvent, InteractionIdentifierType } from '@logto/schemas';
+import { InteractionEvent, SignInIdentifier } from '@logto/schemas';
 
 import { mockEmailConnectorId, mockSocialConnectorId } from '#src/__mocks__/connectors-mock.js';
 import { initExperienceClient } from '#src/helpers/client.js';
@@ -134,7 +134,7 @@ devFeatureTest.describe('social verification', () => {
 
       const { verificationId } = await client.sendVerificationCode({
         identifier: {
-          type: InteractionIdentifierType.Email,
+          type: SignInIdentifier.Email,
           value: 'foo',
         },
         interactionEvent: InteractionEvent.SignIn,
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts
index 7e77e99ea457..c1fa2a76b38a 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts
@@ -31,7 +31,7 @@ devFeatureTest.describe('TOTP verification APIs', () => {
       const client = await initExperienceClient();
 
       await expectRejects(client.createTotpSecret(), {
-        code: 'session.not_identified',
+        code: 'session.identifier_not_found',
         status: 400,
       });
     });
@@ -50,7 +50,7 @@ devFeatureTest.describe('TOTP verification APIs', () => {
       const client = await initExperienceClient();
 
       await expectRejects(client.verifyTotp({ code: '1234' }), {
-        code: 'session.not_identified',
+        code: 'session.identifier_not_found',
         status: 400,
       });
     });
@@ -107,7 +107,7 @@ devFeatureTest.describe('TOTP verification APIs', () => {
       const client = await initExperienceClient();
 
       await expectRejects(client.verifyTotp({ code: '1234' }), {
-        code: 'session.not_identified',
+        code: 'session.identifier_not_found',
         status: 400,
       });
     });
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/verification-code.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/verification-code.test.ts
index 169d82f81302..66dafe72b09c 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/verification-code.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/verification-code.test.ts
@@ -1,7 +1,7 @@
 import { ConnectorType } from '@logto/connector-kit';
 import {
   InteractionEvent,
-  InteractionIdentifierType,
+  SignInIdentifier,
   type VerificationCodeIdentifier,
 } from '@logto/schemas';
 
@@ -25,11 +25,11 @@ devFeatureTest.describe('Verification code verification APIs', () => {
 
   const identifiers: VerificationCodeIdentifier[] = [
     {
-      type: InteractionIdentifierType.Email,
+      type: SignInIdentifier.Email,
       value: 'foo@logto.io',
     },
     {
-      type: InteractionIdentifierType.Phone,
+      type: SignInIdentifier.Phone,
       value: '+1234567890',
     },
   ];
diff --git a/packages/phrases/src/locales/en/errors/session.ts b/packages/phrases/src/locales/en/errors/session.ts
index 34c58ac1f083..ab6e00e11896 100644
--- a/packages/phrases/src/locales/en/errors/session.ts
+++ b/packages/phrases/src/locales/en/errors/session.ts
@@ -23,7 +23,6 @@ const session = {
   interaction_not_found:
     'Interaction session not found. Please go back and start the session again.',
   not_supported_for_forgot_password: 'This operation is not supported for forgot password.',
-  not_identified: 'User not identified. Please sign in first.',
   identity_conflict:
     'Identity mismatch detected. Please initiate a new session to proceed with a different identity.',
   mfa: {
diff --git a/packages/schemas/src/types/interactions.ts b/packages/schemas/src/types/interactions.ts
index 877974224726..82b77965b5ba 100644
--- a/packages/schemas/src/types/interactions.ts
+++ b/packages/schemas/src/types/interactions.ts
@@ -1,7 +1,12 @@
 import { emailRegEx, phoneRegEx, usernameRegEx } from '@logto/core-kit';
 import { z } from 'zod';
 
-import { MfaFactor, jsonObjectGuard, webAuthnTransportGuard } from '../foundations/index.js';
+import {
+  MfaFactor,
+  SignInIdentifier,
+  jsonObjectGuard,
+  webAuthnTransportGuard,
+} from '../foundations/index.js';
 import { type ToZodObject } from '../utils/zod.js';
 
 import type {
@@ -24,31 +29,26 @@ export enum InteractionEvent {
 }
 
 // ====== Experience API payload guards and type definitions start ======
-export enum InteractionIdentifierType {
-  Username = 'username',
-  Email = 'email',
-  Phone = 'phone',
-}
 
 /** Identifiers that can be used to uniquely identify a user. */
 export type InteractionIdentifier = {
-  type: InteractionIdentifierType;
+  type: SignInIdentifier;
   value: string;
 };
 
 export const interactionIdentifierGuard = z.object({
-  type: z.nativeEnum(InteractionIdentifierType),
+  type: z.nativeEnum(SignInIdentifier),
   value: z.string(),
 }) satisfies ToZodObject<InteractionIdentifier>;
 
 /** Currently only email and phone are supported for verification code validation. */
 export type VerificationCodeIdentifier = {
-  type: InteractionIdentifierType.Email | InteractionIdentifierType.Phone;
+  type: SignInIdentifier.Email | SignInIdentifier.Phone;
   value: string;
 };
 
 export const verificationCodeIdentifierGuard = z.object({
-  type: z.enum([InteractionIdentifierType.Email, InteractionIdentifierType.Phone]),
+  type: z.enum([SignInIdentifier.Email, SignInIdentifier.Phone]),
   value: z.string(),
 }) satisfies ToZodObject<VerificationCodeIdentifier>;
 

From c637fcb2c292b2a3e8251f3fc31bef0763f6fc03 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 15 Jul 2024 11:43:48 +0800
Subject: [PATCH 016/135] feat: init elements

---
 packages/console/package.json                 |   1 +
 packages/console/src/pages/Profile/index.tsx  | 114 ++--
 packages/elements/README.md                   |   3 +
 packages/elements/package.json                |  74 +++
 .../elements/src/components/logto-card.ts     |  23 +
 .../src/components/logto-form-card.ts         |  55 ++
 .../src/components/logto-theme-provider.ts    |  22 +
 packages/elements/src/index.ts                |   3 +
 packages/elements/src/locales/en.ts           |   9 +
 packages/elements/src/locales/index.ts        |  40 ++
 packages/elements/src/react.ts                |  23 +
 packages/elements/src/utils/css.ts            |  37 ++
 packages/elements/src/utils/string.ts         |  19 +
 packages/elements/src/utils/theme.ts          | 123 +++++
 packages/elements/tsconfig.json               |  12 +
 packages/elements/tsup.config.ts              |   8 +
 pnpm-lock.yaml                                | 507 +++++++++++++-----
 17 files changed, 897 insertions(+), 176 deletions(-)
 create mode 100644 packages/elements/README.md
 create mode 100644 packages/elements/package.json
 create mode 100644 packages/elements/src/components/logto-card.ts
 create mode 100644 packages/elements/src/components/logto-form-card.ts
 create mode 100644 packages/elements/src/components/logto-theme-provider.ts
 create mode 100644 packages/elements/src/index.ts
 create mode 100644 packages/elements/src/locales/en.ts
 create mode 100644 packages/elements/src/locales/index.ts
 create mode 100644 packages/elements/src/react.ts
 create mode 100644 packages/elements/src/utils/css.ts
 create mode 100644 packages/elements/src/utils/string.ts
 create mode 100644 packages/elements/src/utils/theme.ts
 create mode 100644 packages/elements/tsconfig.json
 create mode 100644 packages/elements/tsup.config.ts

diff --git a/packages/console/package.json b/packages/console/package.json
index 83eed75a5be5..a93c6f63e17d 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -30,6 +30,7 @@
     "@logto/cloud": "0.2.5-a7eedce",
     "@logto/connector-kit": "workspace:^4.0.0",
     "@logto/core-kit": "workspace:^2.5.0",
+    "@logto/elements": "workspace:^0.0.0",
     "@logto/language-kit": "workspace:^1.1.0",
     "@logto/phrases": "workspace:^1.12.0",
     "@logto/phrases-experience": "workspace:^1.7.0",
diff --git a/packages/console/src/pages/Profile/index.tsx b/packages/console/src/pages/Profile/index.tsx
index cd8c680faef0..3560bab4cb9a 100644
--- a/packages/console/src/pages/Profile/index.tsx
+++ b/packages/console/src/pages/Profile/index.tsx
@@ -1,5 +1,6 @@
+import { createReactComponents } from '@logto/elements/react';
 import type { ConnectorResponse } from '@logto/schemas';
-import { useCallback, useState } from 'react';
+import React, { useCallback, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useRoutes } from 'react-router-dom';
 import useSWRImmutable from 'swr/immutable';
@@ -8,7 +9,7 @@ import FormCard from '@/components/FormCard';
 import PageMeta from '@/components/PageMeta';
 import Topbar from '@/components/Topbar';
 import { adminTenantEndpoint, meApi } from '@/consts';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import AppBoundary from '@/containers/AppBoundary';
 import Button from '@/ds-components/Button';
 import CardTitle from '@/ds-components/CardTitle';
@@ -31,6 +32,8 @@ import Skeleton from './components/Skeleton';
 import DeleteAccountModal from './containers/DeleteAccountModal';
 import * as styles from './index.module.scss';
 
+const { LogtoFormCard, LogtoThemeProvider } = createReactComponents(React);
+
 function Profile() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { navigate } = useTenantPathname();
@@ -62,59 +65,66 @@ function Profile() {
 
   return (
     <AppBoundary>
-      <div className={styles.pageContainer}>
-        <Topbar hideTenantSelector hideTitle />
-        <OverlayScrollbar className={styles.scrollable}>
-          <div className={styles.wrapper}>
-            <PageMeta titleKey="profile.page_title" />
-            <div className={pageLayout.headline}>
-              <CardTitle title="profile.title" subtitle="profile.description" />
-            </div>
-            {showLoadingSkeleton && <Skeleton />}
-            {user && !showLoadingSkeleton && (
-              <div className={styles.content}>
-                <BasicUserInfoSection user={user} onUpdate={reload} />
-                {isCloud && (
-                  <LinkAccountSection user={user} connectors={connectors} onUpdate={reload} />
-                )}
-                <FormCard title="profile.password.title">
-                  <CardContent
-                    title="profile.password.password_setting"
-                    data={[
-                      {
-                        key: 'password',
-                        label: 'profile.password.password',
-                        value: user.hasPassword,
-                        renderer: (value) => (value ? <span>********</span> : <NotSet />),
-                        action: {
-                          name: 'profile.change',
-                          handler: () => {
-                            navigate(user.hasPassword ? 'verify-password' : 'change-password', {
-                              state: { email: user.primaryEmail, action: 'changePassword' },
-                            });
+      <LogtoThemeProvider theme="dark">
+        <div className={styles.pageContainer}>
+          <Topbar hideTenantSelector hideTitle />
+          <OverlayScrollbar className={styles.scrollable}>
+            <div className={styles.wrapper}>
+              <PageMeta titleKey="profile.page_title" />
+              <div className={pageLayout.headline}>
+                <CardTitle title="profile.title" subtitle="profile.description" />
+              </div>
+              {showLoadingSkeleton && <Skeleton />}
+              {isDevFeaturesEnabled && (
+                <LogtoFormCard title="sections.profile">
+                  <p>🚧 This section is a dev feature that is still working in progress.</p>
+                </LogtoFormCard>
+              )}
+              {user && !showLoadingSkeleton && (
+                <div className={styles.content}>
+                  <BasicUserInfoSection user={user} onUpdate={reload} />
+                  {isCloud && (
+                    <LinkAccountSection user={user} connectors={connectors} onUpdate={reload} />
+                  )}
+                  <FormCard title="profile.password.title">
+                    <CardContent
+                      title="profile.password.password_setting"
+                      data={[
+                        {
+                          key: 'password',
+                          label: 'profile.password.password',
+                          value: user.hasPassword,
+                          renderer: (value) => (value ? <span>********</span> : <NotSet />),
+                          action: {
+                            name: 'profile.change',
+                            handler: () => {
+                              navigate(user.hasPassword ? 'verify-password' : 'change-password', {
+                                state: { email: user.primaryEmail, action: 'changePassword' },
+                              });
+                            },
                           },
                         },
-                      },
-                    ]}
-                  />
-                </FormCard>
-                {isCloud && (
-                  <FormCard title="profile.delete_account.title">
-                    <div className={styles.deleteAccount}>
-                      <div className={styles.description}>
-                        {t('profile.delete_account.description')}
-                      </div>
-                      <Button title="profile.delete_account.button" onClick={show} />
-                    </div>
-                    <DeleteAccountModal isOpen={showDeleteAccountModal} onClose={hide} />
+                      ]}
+                    />
                   </FormCard>
-                )}
-              </div>
-            )}
-          </div>
-        </OverlayScrollbar>
-        {childrenRoutes}
-      </div>
+                  {isCloud && (
+                    <FormCard title="profile.delete_account.title">
+                      <div className={styles.deleteAccount}>
+                        <div className={styles.description}>
+                          {t('profile.delete_account.description')}
+                        </div>
+                        <Button title="profile.delete_account.button" onClick={show} />
+                      </div>
+                      <DeleteAccountModal isOpen={showDeleteAccountModal} onClose={hide} />
+                    </FormCard>
+                  )}
+                </div>
+              )}
+            </div>
+          </OverlayScrollbar>
+          {childrenRoutes}
+        </div>
+      </LogtoThemeProvider>
     </AppBoundary>
   );
 }
diff --git a/packages/elements/README.md b/packages/elements/README.md
new file mode 100644
index 000000000000..3a7ddcdad42a
--- /dev/null
+++ b/packages/elements/README.md
@@ -0,0 +1,3 @@
+# Logto elements
+
+🚧 Work in progress
diff --git a/packages/elements/package.json b/packages/elements/package.json
new file mode 100644
index 000000000000..3ac8d3e2dbab
--- /dev/null
+++ b/packages/elements/package.json
@@ -0,0 +1,74 @@
+{
+  "name": "@logto/elements",
+  "version": "0.0.0",
+  "description": "Logto user interface elements.",
+  "author": "Silverhand Inc. <contact@silverhand.io>",
+  "homepage": "https://github.com/logto-io/logto#readme",
+  "license": "MPL-2.0",
+  "type": "module",
+  "private": true,
+  "main": "dist/index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./react": {
+      "import": "./dist/react.js",
+      "types": "./dist/react.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/logto-io/logto.git"
+  },
+  "scripts": {
+    "precommit": "lint-staged",
+    "build": "tsup",
+    "dev": "tsup --watch --no-splitting",
+    "lint": "eslint --ext .ts src",
+    "lint:report": "pnpm lint --format json --output-file report.json",
+    "test": "echo \"No tests yet.\"",
+    "test:ci": "pnpm run test --silent --coverage",
+    "prepack": "pnpm build"
+  },
+  "engines": {
+    "node": "^20.9.0"
+  },
+  "bugs": {
+    "url": "https://github.com/logto-io/logto/issues"
+  },
+  "dependencies": {
+    "@lit/localize": "^0.12.1",
+    "@lit/react": "^1.0.5",
+    "@silverhand/essentials": "^2.9.1",
+    "lit": "^3.1.4"
+  },
+  "devDependencies": {
+    "@silverhand/eslint-config": "6.0.1",
+    "@silverhand/ts-config": "6.0.0",
+    "eslint": "^8.56.0",
+    "lint-staged": "^15.0.0",
+    "prettier": "^3.0.0",
+    "tsup": "^8.1.0"
+  },
+  "eslintConfig": {
+    "extends": "@silverhand",
+    "rules": {
+      "no-console": "error",
+      "unicorn/prevent-abbreviations": [
+        "error",
+        {
+          "replacements": {
+            "var": false,
+            "vars": false
+          }
+        }
+      ]
+    }
+  },
+  "prettier": "@silverhand/eslint-config/.prettierrc"
+}
diff --git a/packages/elements/src/components/logto-card.ts b/packages/elements/src/components/logto-card.ts
new file mode 100644
index 000000000000..a6bde4ad6878
--- /dev/null
+++ b/packages/elements/src/components/logto-card.ts
@@ -0,0 +1,23 @@
+import { LitElement, css, html } from 'lit';
+import { customElement } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-card';
+
+@customElement(tagName)
+export class LogtoCard extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    :host {
+      background: ${vars.colorLayer1};
+      border-radius: ${unit(4)};
+      padding: ${unit(6)};
+    }
+  `;
+
+  render() {
+    return html`<slot></slot>`;
+  }
+}
diff --git a/packages/elements/src/components/logto-form-card.ts b/packages/elements/src/components/logto-form-card.ts
new file mode 100644
index 000000000000..4b371b980243
--- /dev/null
+++ b/packages/elements/src/components/logto-form-card.ts
@@ -0,0 +1,55 @@
+import { cond } from '@silverhand/essentials';
+import { LitElement, css, html } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+import { type LocaleKeyOptional, type LocaleKey } from '../locales/index.js';
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-form-card';
+
+@customElement(tagName)
+export class LogtoFormCard extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    logto-card {
+      display: flex;
+      padding: ${unit(6, 8)};
+    }
+
+    header {
+      flex: 7;
+      font: ${vars.fontSectionHeading1};
+      color: ${vars.colorCardTitle};
+      letter-spacing: 0.1em;
+      text-transform: uppercase;
+    }
+
+    div.spacer {
+      flex: 1;
+    }
+
+    ::slotted(*) {
+      flex: 16;
+    }
+  `;
+
+  @property()
+  title: LocaleKey = 'placeholders.not_available';
+
+  @property()
+  description: LocaleKeyOptional = '';
+
+  render() {
+    return html`
+      <logto-card>
+        <header>
+          <div role="heading">${this.title}</div>
+          ${cond(this.description && html`<p>${this.description}</p>`)}
+        </header>
+        <div class="spacer"></div>
+        <slot></slot>
+      </logto-card>
+    `;
+  }
+}
diff --git a/packages/elements/src/components/logto-theme-provider.ts b/packages/elements/src/components/logto-theme-provider.ts
new file mode 100644
index 000000000000..988c6dd26fca
--- /dev/null
+++ b/packages/elements/src/components/logto-theme-provider.ts
@@ -0,0 +1,22 @@
+import { LitElement, css, html } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+import { defaultTheme, darkTheme, toLitCss } from '../utils/theme.js';
+
+const tagName = 'logto-theme-provider';
+
+@customElement(tagName)
+export class LogtoThemeProvider extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    ${toLitCss(defaultTheme)}
+    ${toLitCss(darkTheme, 'dark')}
+  `;
+
+  @property({ reflect: true })
+  theme: 'default' | 'dark' = 'default';
+
+  render() {
+    return html`<slot></slot>`;
+  }
+}
diff --git a/packages/elements/src/index.ts b/packages/elements/src/index.ts
new file mode 100644
index 000000000000..d4cb36992705
--- /dev/null
+++ b/packages/elements/src/index.ts
@@ -0,0 +1,3 @@
+export * from './components/logto-card.js';
+export * from './components/logto-form-card.js';
+export * from './components/logto-theme-provider.js';
diff --git a/packages/elements/src/locales/en.ts b/packages/elements/src/locales/en.ts
new file mode 100644
index 000000000000..f8998af8bc90
--- /dev/null
+++ b/packages/elements/src/locales/en.ts
@@ -0,0 +1,9 @@
+export const en = Object.freeze({
+  placeholders: {
+    not_available: 'Not available',
+  },
+  sections: {
+    profile: 'Profile',
+    security: 'Security',
+  },
+});
diff --git a/packages/elements/src/locales/index.ts b/packages/elements/src/locales/index.ts
new file mode 100644
index 000000000000..bfce23d867f2
--- /dev/null
+++ b/packages/elements/src/locales/index.ts
@@ -0,0 +1,40 @@
+import { type en } from './en.js';
+
+type KeyPath<T> = T extends Record<string, unknown>
+  ? {
+      [K in keyof T]: K extends string
+        ? T[K] extends Record<string, unknown>
+          ? `${K}.${KeyPath<T[K]>}`
+          : `${K}`
+        : never;
+    }[keyof T]
+  : '';
+
+/** The type of a full locale data object. */
+export type LocaleData = typeof en;
+
+/**
+ * The type of a locale key. It is a string that represents a path to a value in the locale data
+ * object.
+ *
+ * @example
+ * With the following locale data object:
+ *
+ * ```ts
+ * const en = {
+ *   profile: {
+ *     title: 'Profile',
+ *     description: 'Your profile',
+ *   },
+ * };
+ * ```
+ *
+ * The locale key for the title would be `'profile.title'`.
+ */
+export type LocaleKey = KeyPath<LocaleData>;
+
+/**
+ * The type of a locale key that is optional. Note that it uses an empty string to represent the
+ * absence of a key since Web Components do not support `undefined` as a property value.
+ */
+export type LocaleKeyOptional = LocaleKey | '';
diff --git a/packages/elements/src/react.ts b/packages/elements/src/react.ts
new file mode 100644
index 000000000000..1a3df2b52934
--- /dev/null
+++ b/packages/elements/src/react.ts
@@ -0,0 +1,23 @@
+import { createComponent } from '@lit/react';
+
+import { LogtoThemeProvider, LogtoCard, LogtoFormCard } from './index.js';
+
+export const createReactComponents = (react: Parameters<typeof createComponent>[0]['react']) => {
+  return {
+    LogtoFormCard: createComponent({
+      tagName: LogtoFormCard.tagName,
+      elementClass: LogtoFormCard,
+      react,
+    }),
+    LogtoCard: createComponent({
+      tagName: LogtoCard.tagName,
+      elementClass: LogtoCard,
+      react,
+    }),
+    LogtoThemeProvider: createComponent({
+      tagName: LogtoThemeProvider.tagName,
+      elementClass: LogtoThemeProvider,
+      react,
+    }),
+  };
+};
diff --git a/packages/elements/src/utils/css.ts b/packages/elements/src/utils/css.ts
new file mode 100644
index 000000000000..6746bf2d39c4
--- /dev/null
+++ b/packages/elements/src/utils/css.ts
@@ -0,0 +1,37 @@
+import { type CSSResult, unsafeCSS } from 'lit';
+
+type Unit = {
+  /**
+   * @example unit(1) // '4px'
+   */
+  (value: number): CSSResult;
+  /**
+   * @example unit(1, 2) // '4px 8px'
+   */
+  (value1: number, value2: number): CSSResult;
+  /**
+   * @example unit(1, 2, 3) // '4px 8px 12px'
+   */
+  // eslint-disable-next-line @typescript-eslint/unified-signatures -- for better readability
+  (value1: number, value2: number, value3: number): CSSResult;
+  /**
+   * @example unit(1, 2, 3, 4) // '4px 8px 12px 16px'
+   */
+  // eslint-disable-next-line @typescript-eslint/unified-signatures -- for better readability
+  (value1: number, value2: number, value3: number, value4: number): CSSResult;
+};
+
+/**
+ * Returns a `CSSResult` that represents the given values in pixels. The values are multiplied by 4.
+ */
+export const unit: Unit = (...values: number[]) => {
+  if (values.length === 0 || values.length > 4) {
+    throw new Error('unit() accepts 1 to 4 arguments');
+  }
+
+  if (values.some((value) => typeof value !== 'number')) {
+    throw new Error('unit() accepts only numbers');
+  }
+
+  return unsafeCSS(values.map((value) => `${value * 4}px`).join(' '));
+};
diff --git a/packages/elements/src/utils/string.ts b/packages/elements/src/utils/string.ts
new file mode 100644
index 000000000000..64cfc71260da
--- /dev/null
+++ b/packages/elements/src/utils/string.ts
@@ -0,0 +1,19 @@
+export type KebabCase<T extends string> = T extends `${infer L}${infer M}${infer R}`
+  ? L extends Lowercase<L>
+    ? M extends Lowercase<M>
+      ? `${L}${KebabCase<`${M}${R}`>}`
+      : `${L}-${KebabCase<`${M}${R}`>}`
+    : M extends Lowercase<M>
+    ? `${Lowercase<L>}${KebabCase<`${M}${R}`>}`
+    : R extends Uncapitalize<R>
+    ? `${Lowercase<L>}-${Lowercase<M>}${KebabCase<R>}`
+    : `${Lowercase<L>}${KebabCase<`${M}${R}`>}`
+  : T;
+
+export const kebabCase = <T extends string>(value: T): KebabCase<T> => {
+  // eslint-disable-next-line no-restricted-syntax -- `as` assertion is needed to make TS happy
+  return value
+    .replaceAll(/([^A-Z])([A-Z])/g, '$1-$2')
+    .replaceAll(/([A-Z])([A-Z][^A-Z])/g, '$1-$2')
+    .toLowerCase() as KebabCase<T>;
+};
diff --git a/packages/elements/src/utils/theme.ts b/packages/elements/src/utils/theme.ts
new file mode 100644
index 000000000000..8eb806d1d7f2
--- /dev/null
+++ b/packages/elements/src/utils/theme.ts
@@ -0,0 +1,123 @@
+import { type CSSResult, unsafeCSS } from 'lit';
+
+import { type KebabCase, kebabCase } from './string.js';
+
+/** All the colors to be used in the Logto components and elements. */
+export type Color = {
+  colorPrimary: string;
+  colorText: string;
+  colorTextLink: string;
+  colorTextSecondary: string;
+  colorBorder: string;
+  colorCardTitle: string;
+  colorLayer1: string;
+  colorLayer2: string;
+};
+
+/** All the fonts to be used in the Logto components and elements. */
+export type Font = {
+  fontLabel1: string;
+  fontLabel2: string;
+  fontLabel3: string;
+  fontSectionHeading1: string;
+  fontSectionHeading2: string;
+};
+
+/** The complete styling properties to be used in the Logto components and elements. */
+export type Theme = Color & Font;
+
+export const defaultFontFamily =
+  '-apple-system, system-ui, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Helvetica, Arial, sans-serif, Apple Color Emoji';
+
+export const defaultFont: Readonly<Font> = Object.freeze({
+  fontLabel1: `500 16px / 24px ${defaultFontFamily}`,
+  fontLabel2: `500 14px / 20px ${defaultFontFamily}`,
+  fontLabel3: `500 12px / 16px ${defaultFontFamily}`,
+  fontSectionHeading1: `700 12px / 16px ${defaultFontFamily}`,
+  fontSectionHeading2: `700 10px / 16px ${defaultFontFamily}`,
+});
+
+export const defaultTheme: Readonly<Theme> = Object.freeze({
+  ...defaultFont,
+  colorPrimary: '#5d34f2',
+  colorText: '#191c1d',
+  colorTextLink: '#5d34f2',
+  colorTextSecondary: '#747778',
+  colorBorder: '#c4c7c7',
+  colorCardTitle: '#928f9a',
+  colorLayer1: '#000',
+  colorLayer2: '#2d3132',
+});
+
+export const darkTheme: Readonly<Theme> = Object.freeze({
+  ...defaultFont,
+  colorPrimary: '#7958ff',
+  colorText: '#f7f8f8',
+  colorTextLink: '#cabeff',
+  colorTextSecondary: '#a9acac',
+  colorBorder: '#5c5f60',
+  colorCardTitle: '#928f9a',
+  colorLayer1: '#2a2c32',
+  colorLayer2: '#34353f',
+});
+
+/**
+ * Converts the theme object to a list of CSS custom properties entries. Each key is prefixed
+ * with `--logto-`.
+ *
+ * @example
+ * toLogtoCssEntries(defaultTheme) // [['--logto-color-primary', '#5d34f2'], ...]
+ */
+export const toLogtoCssEntries = (theme: Theme) =>
+  Object.entries(theme).map(([key, value]) =>
+    Object.freeze([`--logto-${kebabCase(key)}`, value] as const)
+  );
+
+export type ToLogtoCssProperties<T extends Record<string, unknown>> = {
+  [K in keyof T as K extends string ? `--logto-${KebabCase<K>}` : never]: T[K];
+};
+
+/**
+ * Converts the theme object to a map of CSS custom properties. Each key is prefixed with
+ * `--logto-`.
+ *
+ * @example
+ * toLogtoCssProperties(defaultTheme) // { '--logto-color-primary': '#5d34f2', ... }
+ */
+export const toLogtoCssProperties = (theme: Theme): ToLogtoCssProperties<Theme> => {
+  // eslint-disable-next-line no-restricted-syntax -- `Object.fromEntries` will lose the type
+  return Object.fromEntries(toLogtoCssEntries(theme)) as ToLogtoCssProperties<Theme>;
+};
+
+/**
+ * Converts the given value to a logto CSS custom property prefixed with `--logto-`.
+ *
+ * @example
+ * toVar('colorPrimary') // '--logto-color-primary' in `CSSResult`
+ */
+export const toVar = (value: string) => unsafeCSS(`var(--logto-${kebabCase(value)})`);
+
+/**
+ * The CSS custom properties in `CSSResult` format for a theme object. You can use this object
+ * to apply a custom property from the theme.
+ *
+ * @example
+ * css`
+ * p {
+ *   color: ${vars.colorPrimary};
+ * }
+ * `
+ */
+// eslint-disable-next-line no-restricted-syntax -- `Object.fromEntries` will lose the type
+export const vars = Object.freeze(
+  Object.fromEntries(Object.keys(defaultTheme).map((key) => [key, toVar(key)]))
+) as Record<keyof Theme, CSSResult>;
+
+export const toLitCss = (theme: Theme, name?: string) =>
+  unsafeCSS(
+    `:host${typeof name === 'string' ? `([theme=${name}])` : ''} {\n` +
+      toLogtoCssEntries(theme)
+        .map(([key, value]) => `${key}: ${value};`)
+        .join('\n') +
+      '\n}'
+  );
diff --git a/packages/elements/tsconfig.json b/packages/elements/tsconfig.json
new file mode 100644
index 000000000000..8c6e9bf2b8ca
--- /dev/null
+++ b/packages/elements/tsconfig.json
@@ -0,0 +1,12 @@
+{
+  "extends": "@silverhand/ts-config/tsconfig.base",
+  "compilerOptions": {
+    "experimentalDecorators": true,
+    "useDefineForClassFields": false,
+    "noEmit": true
+  },
+  "include": [
+    "src",
+    "*.config.ts"
+  ]
+}
diff --git a/packages/elements/tsup.config.ts b/packages/elements/tsup.config.ts
new file mode 100644
index 000000000000..6bbc8ee650bb
--- /dev/null
+++ b/packages/elements/tsup.config.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts', 'src/react.ts'],
+  format: 'esm',
+  dts: true,
+  clean: true,
+});
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 43088bf0a603..90e736f82dc2 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -2866,6 +2866,9 @@ importers:
       '@logto/core-kit':
         specifier: workspace:^2.5.0
         version: link:../toolkit/core-kit
+      '@logto/elements':
+        specifier: workspace:^0.0.0
+        version: link:../elements
       '@logto/language-kit':
         specifier: workspace:^1.1.0
         version: link:../toolkit/language-kit
@@ -3141,7 +3144,7 @@ importers:
         version: 2.2.0(react@18.2.0)
       ts-node:
         specifier: ^10.9.2
-        version: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+        version: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)
       tslib:
         specifier: ^2.4.1
         version: 2.4.1
@@ -3549,6 +3552,40 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
 
+  packages/elements:
+    dependencies:
+      '@lit/localize':
+        specifier: ^0.12.1
+        version: 0.12.1
+      '@lit/react':
+        specifier: ^1.0.5
+        version: 1.0.5(@types/react@18.0.31)
+      '@silverhand/essentials':
+        specifier: ^2.9.1
+        version: 2.9.1
+      lit:
+        specifier: ^3.1.4
+        version: 3.1.4
+    devDependencies:
+      '@silverhand/eslint-config':
+        specifier: 6.0.1
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+      '@silverhand/ts-config':
+        specifier: 6.0.0
+        version: 6.0.0(typescript@5.3.3)
+      eslint:
+        specifier: ^8.56.0
+        version: 8.57.0
+      lint-staged:
+        specifier: ^15.0.0
+        version: 15.0.2
+      prettier:
+        specifier: ^3.0.0
+        version: 3.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3))(typescript@5.3.3)
+
   packages/experience:
     devDependencies:
       '@jest/types':
@@ -4816,140 +4853,140 @@ packages:
     peerDependencies:
       postcss-selector-parser: ^6.0.13
 
-  '@esbuild/aix-ppc64@0.20.2':
-    resolution: {integrity: sha512-D+EBOJHXdNZcLJRBkhENNG8Wji2kgc9AZ9KiPr1JuZjsNtyHzrsfLRrY0tk2H2aoFu6RANO1y1iPPUCDYWkb5g==}
+  '@esbuild/aix-ppc64@0.21.5':
+    resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==}
     engines: {node: '>=12'}
     cpu: [ppc64]
     os: [aix]
 
-  '@esbuild/android-arm64@0.20.2':
-    resolution: {integrity: sha512-mRzjLacRtl/tWU0SvD8lUEwb61yP9cqQo6noDZP/O8VkwafSYwZ4yWy24kan8jE/IMERpYncRt2dw438LP3Xmg==}
+  '@esbuild/android-arm64@0.21.5':
+    resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [android]
 
-  '@esbuild/android-arm@0.20.2':
-    resolution: {integrity: sha512-t98Ra6pw2VaDhqNWO2Oph2LXbz/EJcnLmKLGBJwEwXX/JAN83Fym1rU8l0JUWK6HkIbWONCSSatf4sf2NBRx/w==}
+  '@esbuild/android-arm@0.21.5':
+    resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==}
     engines: {node: '>=12'}
     cpu: [arm]
     os: [android]
 
-  '@esbuild/android-x64@0.20.2':
-    resolution: {integrity: sha512-btzExgV+/lMGDDa194CcUQm53ncxzeBrWJcncOBxuC6ndBkKxnHdFJn86mCIgTELsooUmwUm9FkhSp5HYu00Rg==}
+  '@esbuild/android-x64@0.21.5':
+    resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [android]
 
-  '@esbuild/darwin-arm64@0.20.2':
-    resolution: {integrity: sha512-4J6IRT+10J3aJH3l1yzEg9y3wkTDgDk7TSDFX+wKFiWjqWp/iCfLIYzGyasx9l0SAFPT1HwSCR+0w/h1ES/MjA==}
+  '@esbuild/darwin-arm64@0.21.5':
+    resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [darwin]
 
-  '@esbuild/darwin-x64@0.20.2':
-    resolution: {integrity: sha512-tBcXp9KNphnNH0dfhv8KYkZhjc+H3XBkF5DKtswJblV7KlT9EI2+jeA8DgBjp908WEuYll6pF+UStUCfEpdysA==}
+  '@esbuild/darwin-x64@0.21.5':
+    resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [darwin]
 
-  '@esbuild/freebsd-arm64@0.20.2':
-    resolution: {integrity: sha512-d3qI41G4SuLiCGCFGUrKsSeTXyWG6yem1KcGZVS+3FYlYhtNoNgYrWcvkOoaqMhwXSMrZRl69ArHsGJ9mYdbbw==}
+  '@esbuild/freebsd-arm64@0.21.5':
+    resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [freebsd]
 
-  '@esbuild/freebsd-x64@0.20.2':
-    resolution: {integrity: sha512-d+DipyvHRuqEeM5zDivKV1KuXn9WeRX6vqSqIDgwIfPQtwMP4jaDsQsDncjTDDsExT4lR/91OLjRo8bmC1e+Cw==}
+  '@esbuild/freebsd-x64@0.21.5':
+    resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [freebsd]
 
-  '@esbuild/linux-arm64@0.20.2':
-    resolution: {integrity: sha512-9pb6rBjGvTFNira2FLIWqDk/uaf42sSyLE8j1rnUpuzsODBq7FvpwHYZxQ/It/8b+QOS1RYfqgGFNLRI+qlq2A==}
+  '@esbuild/linux-arm64@0.21.5':
+    resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [linux]
 
-  '@esbuild/linux-arm@0.20.2':
-    resolution: {integrity: sha512-VhLPeR8HTMPccbuWWcEUD1Az68TqaTYyj6nfE4QByZIQEQVWBB8vup8PpR7y1QHL3CpcF6xd5WVBU/+SBEvGTg==}
+  '@esbuild/linux-arm@0.21.5':
+    resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==}
     engines: {node: '>=12'}
     cpu: [arm]
     os: [linux]
 
-  '@esbuild/linux-ia32@0.20.2':
-    resolution: {integrity: sha512-o10utieEkNPFDZFQm9CoP7Tvb33UutoJqg3qKf1PWVeeJhJw0Q347PxMvBgVVFgouYLGIhFYG0UGdBumROyiig==}
+  '@esbuild/linux-ia32@0.21.5':
+    resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==}
     engines: {node: '>=12'}
     cpu: [ia32]
     os: [linux]
 
-  '@esbuild/linux-loong64@0.20.2':
-    resolution: {integrity: sha512-PR7sp6R/UC4CFVomVINKJ80pMFlfDfMQMYynX7t1tNTeivQ6XdX5r2XovMmha/VjR1YN/HgHWsVcTRIMkymrgQ==}
+  '@esbuild/linux-loong64@0.21.5':
+    resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
     engines: {node: '>=12'}
     cpu: [loong64]
     os: [linux]
 
-  '@esbuild/linux-mips64el@0.20.2':
-    resolution: {integrity: sha512-4BlTqeutE/KnOiTG5Y6Sb/Hw6hsBOZapOVF6njAESHInhlQAghVVZL1ZpIctBOoTFbQyGW+LsVYZ8lSSB3wkjA==}
+  '@esbuild/linux-mips64el@0.21.5':
+    resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==}
     engines: {node: '>=12'}
     cpu: [mips64el]
     os: [linux]
 
-  '@esbuild/linux-ppc64@0.20.2':
-    resolution: {integrity: sha512-rD3KsaDprDcfajSKdn25ooz5J5/fWBylaaXkuotBDGnMnDP1Uv5DLAN/45qfnf3JDYyJv/ytGHQaziHUdyzaAg==}
+  '@esbuild/linux-ppc64@0.21.5':
+    resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==}
     engines: {node: '>=12'}
     cpu: [ppc64]
     os: [linux]
 
-  '@esbuild/linux-riscv64@0.20.2':
-    resolution: {integrity: sha512-snwmBKacKmwTMmhLlz/3aH1Q9T8v45bKYGE3j26TsaOVtjIag4wLfWSiZykXzXuE1kbCE+zJRmwp+ZbIHinnVg==}
+  '@esbuild/linux-riscv64@0.21.5':
+    resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==}
     engines: {node: '>=12'}
     cpu: [riscv64]
     os: [linux]
 
-  '@esbuild/linux-s390x@0.20.2':
-    resolution: {integrity: sha512-wcWISOobRWNm3cezm5HOZcYz1sKoHLd8VL1dl309DiixxVFoFe/o8HnwuIwn6sXre88Nwj+VwZUvJf4AFxkyrQ==}
+  '@esbuild/linux-s390x@0.21.5':
+    resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==}
     engines: {node: '>=12'}
     cpu: [s390x]
     os: [linux]
 
-  '@esbuild/linux-x64@0.20.2':
-    resolution: {integrity: sha512-1MdwI6OOTsfQfek8sLwgyjOXAu+wKhLEoaOLTjbijk6E2WONYpH9ZU2mNtR+lZ2B4uwr+usqGuVfFT9tMtGvGw==}
+  '@esbuild/linux-x64@0.21.5':
+    resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [linux]
 
-  '@esbuild/netbsd-x64@0.20.2':
-    resolution: {integrity: sha512-K8/DhBxcVQkzYc43yJXDSyjlFeHQJBiowJ0uVL6Tor3jGQfSGHNNJcWxNbOI8v5k82prYqzPuwkzHt3J1T1iZQ==}
+  '@esbuild/netbsd-x64@0.21.5':
+    resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [netbsd]
 
-  '@esbuild/openbsd-x64@0.20.2':
-    resolution: {integrity: sha512-eMpKlV0SThJmmJgiVyN9jTPJ2VBPquf6Kt/nAoo6DgHAoN57K15ZghiHaMvqjCye/uU4X5u3YSMgVBI1h3vKrQ==}
+  '@esbuild/openbsd-x64@0.21.5':
+    resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [openbsd]
 
-  '@esbuild/sunos-x64@0.20.2':
-    resolution: {integrity: sha512-2UyFtRC6cXLyejf/YEld4Hajo7UHILetzE1vsRcGL3earZEW77JxrFjH4Ez2qaTiEfMgAXxfAZCm1fvM/G/o8w==}
+  '@esbuild/sunos-x64@0.21.5':
+    resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [sunos]
 
-  '@esbuild/win32-arm64@0.20.2':
-    resolution: {integrity: sha512-GRibxoawM9ZCnDxnP3usoUDO9vUkpAxIIZ6GQI+IlVmr5kP3zUq+l17xELTHMWTWzjxa2guPNyrpq1GWmPvcGQ==}
+  '@esbuild/win32-arm64@0.21.5':
+    resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [win32]
 
-  '@esbuild/win32-ia32@0.20.2':
-    resolution: {integrity: sha512-HfLOfn9YWmkSKRQqovpnITazdtquEW8/SoHW7pWpuEeguaZI4QnCRW6b+oZTztdBnZOS2hqJ6im/D5cPzBTTlQ==}
+  '@esbuild/win32-ia32@0.21.5':
+    resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==}
     engines: {node: '>=12'}
     cpu: [ia32]
     os: [win32]
 
-  '@esbuild/win32-x64@0.20.2':
-    resolution: {integrity: sha512-N49X4lJX27+l9jbLKSqZ6bKNjzQvHaT8IIFUy+YIqmXQdjYCToGWwOItDrfby14c78aDd5NHQl29xingXfCdLQ==}
+  '@esbuild/win32-x64@0.21.5':
+    resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [win32]
@@ -5177,6 +5214,20 @@ packages:
   '@lezer/lr@0.15.8':
     resolution: {integrity: sha512-bM6oE6VQZ6hIFxDNKk8bKPa14hqFrV07J/vHGOeiAbJReIaQXmkVb6xQu4MR+JBTLa5arGRyAAjJe1qaQt3Uvg==}
 
+  '@lit-labs/ssr-dom-shim@1.2.0':
+    resolution: {integrity: sha512-yWJKmpGE6lUURKAaIltoPIE/wrbY3TEkqQt+X0m+7fQNnAv0keydnYvbiJFP1PnMhizmIWRWOG5KLhYyc/xl+g==}
+
+  '@lit/localize@0.12.1':
+    resolution: {integrity: sha512-uuF6OO6fjqomCf3jXsJ5cTGf1APYuN88S4Gvo/fjt9YkG4OMaMvpEUqd5oWhyzrJfY+HcenAbLJNi2Cq3H7gdg==}
+
+  '@lit/react@1.0.5':
+    resolution: {integrity: sha512-RSHhrcuSMa4vzhqiTenzXvtQ6QDq3hSPsnHHO3jaPmmvVFeoNNm4DHoQ0zLdKAUvY3wP3tTENSUf7xpyVfrDEA==}
+    peerDependencies:
+      '@types/react': 17 || 18
+
+  '@lit/reactive-element@2.0.4':
+    resolution: {integrity: sha512-GFn91inaUa2oHLak8awSIigYz0cU0Payr1rcFsrkf5OJ5eSPxElyZfKh0f2p9FsTiZWXQdWGJeXZICEfXXYSXQ==}
+
   '@lmdb/lmdb-darwin-arm64@2.7.11':
     resolution: {integrity: sha512-r6+vYq2vKzE+vgj/rNVRMwAevq0+ZR9IeMFIqcSga+wMtMdXQ27KqQ7uS99/yXASg29bos7yHP3yk4x6Iio0lw==}
     cpu: [arm64]
@@ -6700,6 +6751,9 @@ packages:
   '@types/tough-cookie@4.0.2':
     resolution: {integrity: sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==}
 
+  '@types/trusted-types@2.0.7':
+    resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==}
+
   '@types/tunnel@0.0.3':
     resolution: {integrity: sha512-sOUTGn6h1SfQ+gbgqC364jLFBw2lnFqkgF3q0WovEHRLMrVD1sd5aufqi/aJObLekJO+Aq5z646U4Oxy6shXMA==}
 
@@ -6944,6 +6998,9 @@ packages:
     resolution: {integrity: sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==}
     engines: {node: '>=12'}
 
+  any-promise@1.3.0:
+    resolution: {integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==}
+
   anymatch@3.1.3:
     resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
     engines: {node: '>= 8'}
@@ -7217,6 +7274,12 @@ packages:
     resolution: {integrity: sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==}
     engines: {node: '>=6'}
 
+  bundle-require@4.2.1:
+    resolution: {integrity: sha512-7Q/6vkyYAwOmQNRw75x+4yRtZCZJXUDmHHlFdkiV0wgv/reNjtJwpu1jPJ0w2kbEpIM0uoKI3S4/f39dU7AjSA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+    peerDependencies:
+      esbuild: '>=0.17'
+
   bytes@3.1.1:
     resolution: {integrity: sha512-dWe4nWO/ruEOY7HkUJ5gFt1DCFV9zPRoJr8pV0/ASQermOZjtq8jMjOprC0Kd10GLN+l7xaUPvxzJFWtxGu8Fg==}
     engines: {node: '>= 0.8'}
@@ -7465,6 +7528,10 @@ packages:
     resolution: {integrity: sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==}
     engines: {node: '>=16'}
 
+  commander@4.1.1:
+    resolution: {integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==}
+    engines: {node: '>= 6'}
+
   commander@5.1.0:
     resolution: {integrity: sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==}
     engines: {node: '>= 6'}
@@ -8234,8 +8301,8 @@ packages:
     resolution: {integrity: sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==}
     engines: {node: '>= 0.4'}
 
-  esbuild@0.20.2:
-    resolution: {integrity: sha512-WdOOppmUNU+IbZ0PaDiTst80zjnrOkyJNHoKupIcVyU8Lvla3Ugx94VzkQ32Ijqd7UhHJy75gNWDMUekcrSJ6g==}
+  esbuild@0.21.5:
+    resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
     engines: {node: '>=12'}
     hasBin: true
 
@@ -9793,6 +9860,10 @@ packages:
   jose@5.6.3:
     resolution: {integrity: sha512-1Jh//hEEwMhNYPDDLwXHa2ePWgWiFNNUadVmguAAw2IJ6sj9mNxV5tGXJNqlMkJAybF6Lgw1mISDxTePP/187g==}
 
+  joycon@3.1.1:
+    resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
+    engines: {node: '>=10'}
+
   js-base64@3.7.5:
     resolution: {integrity: sha512-3MEt5DTINKqfScXKfJFrRbxkrnk2AxPWGBL/ycjz4dK8iqiSJ06UxD8jh8xuh6p10TX4t2+7FsBYVxxQbMg+qA==}
 
@@ -10063,6 +10134,10 @@ packages:
     resolution: {integrity: sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==}
     engines: {node: '>=10'}
 
+  lilconfig@3.1.2:
+    resolution: {integrity: sha512-eop+wDAvpItUys0FWkHIKeC9ybYrTGbU41U5K7+bttZZeohvnY7M9dZ5kB21GNWiFT2q1OoPTvncPCgSOVO5ow==}
+    engines: {node: '>=14'}
+
   lines-and-columns@1.2.4:
     resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==}
 
@@ -10075,10 +10150,23 @@ packages:
     resolution: {integrity: sha512-rJysbR9GKIalhTbVL2tYbF2hVyDnrf7pFUZBwjPaMIdadYHmeT+EVi/Bu3qd7ETQPahTotg2WRCatXwRBW554g==}
     engines: {node: '>=16.0.0'}
 
+  lit-element@4.0.6:
+    resolution: {integrity: sha512-U4sdJ3CSQip7sLGZ/uJskO5hGiqtlpxndsLr6mt3IQIjheg93UKYeGQjWMRql1s/cXNOaRrCzC2FQwjIwSUqkg==}
+
+  lit-html@3.1.4:
+    resolution: {integrity: sha512-yKKO2uVv7zYFHlWMfZmqc+4hkmSbFp8jgjdZY9vvR9jr4J8fH6FUMXhr+ljfELgmjpvlF7Z1SJ5n5/Jeqtc9YA==}
+
+  lit@3.1.4:
+    resolution: {integrity: sha512-q6qKnKXHy2g1kjBaNfcoLlgbI3+aSOZ9Q4tiGa9bGYXq5RBXxkVTqTIVmP2VWMp29L4GyvCFm8ZQ2o56eUAMyA==}
+
   lmdb@2.7.11:
     resolution: {integrity: sha512-x9bD4hVp7PFLUoELL8RglbNXhAMt5CYhkmss+CEau9KlNoilsTzNi9QDsPZb3KMpOGZXG6jmXhW3bBxE2XVztw==}
     hasBin: true
 
+  load-tsconfig@0.2.5:
+    resolution: {integrity: sha512-IXO6OCs9yg8tMKzfPZ1YmheJbZCiEsnBdcB03l0OcfK9prKnJb96siuHCr5Fl37/yo9DnKU+TLpxzTUspw9shg==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
   load-yaml-file@0.2.0:
     resolution: {integrity: sha512-OfCBkGEw4nN6JLtgRidPX6QxjBQGQf72q3si2uvqyFEMbycSFFHwAZeXx6cJgFM9wmLrf9zBwCP3Ivqa+LLZPw==}
     engines: {node: '>=6'}
@@ -10655,6 +10743,9 @@ packages:
   mute-stream@0.0.8:
     resolution: {integrity: sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA==}
 
+  mz@2.7.0:
+    resolution: {integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==}
+
   nanoid@3.3.7:
     resolution: {integrity: sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==}
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
@@ -11222,6 +11313,18 @@ packages:
     resolution: {integrity: sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==}
     engines: {node: '>= 0.4'}
 
+  postcss-load-config@4.0.2:
+    resolution: {integrity: sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==}
+    engines: {node: '>= 14'}
+    peerDependencies:
+      postcss: '>=8.0.9'
+      ts-node: '>=9.0.0'
+    peerDependenciesMeta:
+      postcss:
+        optional: true
+      ts-node:
+        optional: true
+
   postcss-media-query-parser@0.2.3:
     resolution: {integrity: sha512-3sOlxmbKcSHMjlUXQZKQ06jOswE7oVkXPxmZdoB1r5l0q6gTFTQSHxNxOrCccElbW7dxNytifNEo8qidX2Vsig==}
 
@@ -11296,6 +11399,10 @@ packages:
     resolution: {integrity: sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==}
     engines: {node: ^10 || ^12 || >=14}
 
+  postcss@8.4.39:
+    resolution: {integrity: sha512-0vzE+lAiG7hZl1/9I8yzKLx3aR9Xbof3fBHKunvMfOCYAtMhrsnccJY2iTURb9EZd5+pLuiNV9/c/GZJOHsgIw==}
+    engines: {node: ^10 || ^12 || >=14}
+
   postgres-array@2.0.0:
     resolution: {integrity: sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==}
     engines: {node: '>=4'}
@@ -12385,6 +12492,11 @@ packages:
   stylis@4.3.2:
     resolution: {integrity: sha512-bhtUjWd/z6ltJiQwg0dUfxEJ+W+jdqQd8TbWLWyeIJHlnsqmGLRFFd8e5mA0AZi/zx90smXRlN66YMTcaSFifg==}
 
+  sucrase@3.35.0:
+    resolution: {integrity: sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==}
+    engines: {node: '>=16 || 14 >=14.17'}
+    hasBin: true
+
   superagent@9.0.1:
     resolution: {integrity: sha512-CcRSdb/P2oUVaEpQ87w9Obsl+E9FruRd6b2b7LdiBtJoyMr2DQt7a89anAfiX/EL59j9b2CbRFvf2S91DhuCww==}
     engines: {node: '>=14.18.0'}
@@ -12481,6 +12593,13 @@ packages:
   text-table@0.2.0:
     resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
 
+  thenify-all@1.6.0:
+    resolution: {integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==}
+    engines: {node: '>=0.8'}
+
+  thenify@3.3.1:
+    resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==}
+
   thirty-two@1.0.2:
     resolution: {integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==}
     engines: {node: '>=0.2.6'}
@@ -12576,6 +12695,9 @@ packages:
     resolution: {integrity: sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==}
     engines: {node: '>=6.10'}
 
+  ts-interface-checker@0.1.13:
+    resolution: {integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==}
+
   ts-node@10.9.2:
     resolution: {integrity: sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==}
     hasBin: true
@@ -12609,6 +12731,25 @@ packages:
     resolution: {integrity: sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==}
     engines: {node: '>=0.6.x'}
 
+  tsup@8.1.0:
+    resolution: {integrity: sha512-UFdfCAXukax+U6KzeTNO2kAARHcWxmKsnvSPXUcfA1D+kU05XDccCrkffCQpFaWDsZfV0jMyTsxU39VfCp6EOg==}
+    engines: {node: '>=18'}
+    hasBin: true
+    peerDependencies:
+      '@microsoft/api-extractor': ^7.36.0
+      '@swc/core': ^1
+      postcss: ^8.4.12
+      typescript: '>=4.5.0'
+    peerDependenciesMeta:
+      '@microsoft/api-extractor':
+        optional: true
+      '@swc/core':
+        optional: true
+      postcss:
+        optional: true
+      typescript:
+        optional: true
+
   tty-table@4.1.6:
     resolution: {integrity: sha512-kRj5CBzOrakV4VRRY5kUWbNYvo/FpOsz65DzI5op9P+cHov3+IqPbo1JE1ZnQGkHdZgNFDsrEjrfqqy/Ply9fw==}
     engines: {node: '>=8.0.0'}
@@ -12830,8 +12971,8 @@ packages:
     engines: {node: ^18.0.0 || >=20.0.0}
     hasBin: true
 
-  vite@5.2.9:
-    resolution: {integrity: sha512-uOQWfuZBlc6Y3W/DTuQ1Sr+oIXWvqljLvS881SVmAj00d5RdgShLcuXWxseWPd4HXwiYBFW/vXHfKFeqj9uQnw==}
+  vite@5.3.3:
+    resolution: {integrity: sha512-NPQdeCU0Dv2z5fu+ULotpuq5yfCS1BzKUIPhNbP3YBfAMGJXbt2nS+sbTFu+qchaqWTD+H3JK++nRwr6XIcp6A==}
     engines: {node: ^18.0.0 || >=20.0.0}
     hasBin: true
     peerDependencies:
@@ -13078,6 +13219,11 @@ packages:
     resolution: {integrity: sha512-zw0VAJxgeZ6+++/su5AFoqBbZbrEakwu+X0M5HmcwUiBL7AzcuPKjj5we4xfQLp78LkEMpD0cOnUhmgOVy3KdQ==}
     engines: {node: '>= 14'}
 
+  yaml@2.4.5:
+    resolution: {integrity: sha512-aBx2bnqDzVOyNKfsysjA2ms5ZlnjSAW2eG3/L5G/CSujfjLJTJsEw1bGw8kCf04KodQWk1pxlGnZ56CRxiawmg==}
+    engines: {node: '>= 14'}
+    hasBin: true
+
   yargs-parser@18.1.3:
     resolution: {integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==}
     engines: {node: '>=6'}
@@ -14357,73 +14503,73 @@ snapshots:
     dependencies:
       postcss-selector-parser: 6.0.16
 
-  '@esbuild/aix-ppc64@0.20.2':
+  '@esbuild/aix-ppc64@0.21.5':
     optional: true
 
-  '@esbuild/android-arm64@0.20.2':
+  '@esbuild/android-arm64@0.21.5':
     optional: true
 
-  '@esbuild/android-arm@0.20.2':
+  '@esbuild/android-arm@0.21.5':
     optional: true
 
-  '@esbuild/android-x64@0.20.2':
+  '@esbuild/android-x64@0.21.5':
     optional: true
 
-  '@esbuild/darwin-arm64@0.20.2':
+  '@esbuild/darwin-arm64@0.21.5':
     optional: true
 
-  '@esbuild/darwin-x64@0.20.2':
+  '@esbuild/darwin-x64@0.21.5':
     optional: true
 
-  '@esbuild/freebsd-arm64@0.20.2':
+  '@esbuild/freebsd-arm64@0.21.5':
     optional: true
 
-  '@esbuild/freebsd-x64@0.20.2':
+  '@esbuild/freebsd-x64@0.21.5':
     optional: true
 
-  '@esbuild/linux-arm64@0.20.2':
+  '@esbuild/linux-arm64@0.21.5':
     optional: true
 
-  '@esbuild/linux-arm@0.20.2':
+  '@esbuild/linux-arm@0.21.5':
     optional: true
 
-  '@esbuild/linux-ia32@0.20.2':
+  '@esbuild/linux-ia32@0.21.5':
     optional: true
 
-  '@esbuild/linux-loong64@0.20.2':
+  '@esbuild/linux-loong64@0.21.5':
     optional: true
 
-  '@esbuild/linux-mips64el@0.20.2':
+  '@esbuild/linux-mips64el@0.21.5':
     optional: true
 
-  '@esbuild/linux-ppc64@0.20.2':
+  '@esbuild/linux-ppc64@0.21.5':
     optional: true
 
-  '@esbuild/linux-riscv64@0.20.2':
+  '@esbuild/linux-riscv64@0.21.5':
     optional: true
 
-  '@esbuild/linux-s390x@0.20.2':
+  '@esbuild/linux-s390x@0.21.5':
     optional: true
 
-  '@esbuild/linux-x64@0.20.2':
+  '@esbuild/linux-x64@0.21.5':
     optional: true
 
-  '@esbuild/netbsd-x64@0.20.2':
+  '@esbuild/netbsd-x64@0.21.5':
     optional: true
 
-  '@esbuild/openbsd-x64@0.20.2':
+  '@esbuild/openbsd-x64@0.21.5':
     optional: true
 
-  '@esbuild/sunos-x64@0.20.2':
+  '@esbuild/sunos-x64@0.21.5':
     optional: true
 
-  '@esbuild/win32-arm64@0.20.2':
+  '@esbuild/win32-arm64@0.21.5':
     optional: true
 
-  '@esbuild/win32-ia32@0.20.2':
+  '@esbuild/win32-ia32@0.21.5':
     optional: true
 
-  '@esbuild/win32-x64@0.20.2':
+  '@esbuild/win32-x64@0.21.5':
     optional: true
 
   '@eslint-community/eslint-utils@4.4.0(eslint@8.57.0)':
@@ -14797,6 +14943,20 @@ snapshots:
     dependencies:
       '@lezer/common': 0.15.12
 
+  '@lit-labs/ssr-dom-shim@1.2.0': {}
+
+  '@lit/localize@0.12.1':
+    dependencies:
+      lit: 3.1.4
+
+  '@lit/react@1.0.5(@types/react@18.0.31)':
+    dependencies:
+      '@types/react': 18.0.31
+
+  '@lit/reactive-element@2.0.4':
+    dependencies:
+      '@lit-labs/ssr-dom-shim': 1.2.0
+
   '@lmdb/lmdb-darwin-arm64@2.7.11':
     optional: true
 
@@ -15902,10 +16062,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -16885,6 +17045,8 @@ snapshots:
 
   '@types/tough-cookie@4.0.2': {}
 
+  '@types/trusted-types@2.0.7': {}
+
   '@types/tunnel@0.0.3':
     dependencies:
       '@types/node': 20.12.7
@@ -17213,6 +17375,8 @@ snapshots:
 
   ansi-styles@6.2.1: {}
 
+  any-promise@1.3.0: {}
+
   anymatch@3.1.3:
     dependencies:
       normalize-path: 3.0.0
@@ -17557,6 +17721,11 @@ snapshots:
 
   builtin-modules@3.3.0: {}
 
+  bundle-require@4.2.1(esbuild@0.21.5):
+    dependencies:
+      esbuild: 0.21.5
+      load-tsconfig: 0.2.5
+
   bytes@3.1.1: {}
 
   bytes@3.1.2: {}
@@ -17792,6 +17961,8 @@ snapshots:
 
   commander@11.1.0: {}
 
+  commander@4.1.1: {}
+
   commander@5.1.0: {}
 
   commander@7.2.0: {}
@@ -18641,31 +18812,31 @@ snapshots:
       is-date-object: 1.0.5
       is-symbol: 1.0.4
 
-  esbuild@0.20.2:
+  esbuild@0.21.5:
     optionalDependencies:
-      '@esbuild/aix-ppc64': 0.20.2
-      '@esbuild/android-arm': 0.20.2
-      '@esbuild/android-arm64': 0.20.2
-      '@esbuild/android-x64': 0.20.2
-      '@esbuild/darwin-arm64': 0.20.2
-      '@esbuild/darwin-x64': 0.20.2
-      '@esbuild/freebsd-arm64': 0.20.2
-      '@esbuild/freebsd-x64': 0.20.2
-      '@esbuild/linux-arm': 0.20.2
-      '@esbuild/linux-arm64': 0.20.2
-      '@esbuild/linux-ia32': 0.20.2
-      '@esbuild/linux-loong64': 0.20.2
-      '@esbuild/linux-mips64el': 0.20.2
-      '@esbuild/linux-ppc64': 0.20.2
-      '@esbuild/linux-riscv64': 0.20.2
-      '@esbuild/linux-s390x': 0.20.2
-      '@esbuild/linux-x64': 0.20.2
-      '@esbuild/netbsd-x64': 0.20.2
-      '@esbuild/openbsd-x64': 0.20.2
-      '@esbuild/sunos-x64': 0.20.2
-      '@esbuild/win32-arm64': 0.20.2
-      '@esbuild/win32-ia32': 0.20.2
-      '@esbuild/win32-x64': 0.20.2
+      '@esbuild/aix-ppc64': 0.21.5
+      '@esbuild/android-arm': 0.21.5
+      '@esbuild/android-arm64': 0.21.5
+      '@esbuild/android-x64': 0.21.5
+      '@esbuild/darwin-arm64': 0.21.5
+      '@esbuild/darwin-x64': 0.21.5
+      '@esbuild/freebsd-arm64': 0.21.5
+      '@esbuild/freebsd-x64': 0.21.5
+      '@esbuild/linux-arm': 0.21.5
+      '@esbuild/linux-arm64': 0.21.5
+      '@esbuild/linux-ia32': 0.21.5
+      '@esbuild/linux-loong64': 0.21.5
+      '@esbuild/linux-mips64el': 0.21.5
+      '@esbuild/linux-ppc64': 0.21.5
+      '@esbuild/linux-riscv64': 0.21.5
+      '@esbuild/linux-s390x': 0.21.5
+      '@esbuild/linux-x64': 0.21.5
+      '@esbuild/netbsd-x64': 0.21.5
+      '@esbuild/openbsd-x64': 0.21.5
+      '@esbuild/sunos-x64': 0.21.5
+      '@esbuild/win32-arm64': 0.21.5
+      '@esbuild/win32-ia32': 0.21.5
+      '@esbuild/win32-x64': 0.21.5
 
   escalade@3.1.1: {}
 
@@ -18727,13 +18898,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18744,14 +18915,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18773,7 +18944,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18783,7 +18954,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -20357,7 +20528,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20723,6 +20894,8 @@ snapshots:
 
   jose@5.6.3: {}
 
+  joycon@3.1.1: {}
+
   js-base64@3.7.5: {}
 
   js-tokens@4.0.0: {}
@@ -21064,6 +21237,8 @@ snapshots:
 
   lilconfig@2.1.0: {}
 
+  lilconfig@3.1.2: {}
+
   lines-and-columns@1.2.4: {}
 
   lint-staged@15.0.2:
@@ -21090,6 +21265,22 @@ snapshots:
       rfdc: 1.3.0
       wrap-ansi: 8.1.0
 
+  lit-element@4.0.6:
+    dependencies:
+      '@lit-labs/ssr-dom-shim': 1.2.0
+      '@lit/reactive-element': 2.0.4
+      lit-html: 3.1.4
+
+  lit-html@3.1.4:
+    dependencies:
+      '@types/trusted-types': 2.0.7
+
+  lit@3.1.4:
+    dependencies:
+      '@lit/reactive-element': 2.0.4
+      lit-element: 4.0.6
+      lit-html: 3.1.4
+
   lmdb@2.7.11:
     dependencies:
       msgpackr: 1.8.5
@@ -21105,6 +21296,8 @@ snapshots:
       '@lmdb/lmdb-linux-x64': 2.7.11
       '@lmdb/lmdb-win32-x64': 2.7.11
 
+  load-tsconfig@0.2.5: {}
+
   load-yaml-file@0.2.0:
     dependencies:
       graceful-fs: 4.2.11
@@ -22012,6 +22205,12 @@ snapshots:
 
   mute-stream@0.0.8: {}
 
+  mz@2.7.0:
+    dependencies:
+      any-promise: 1.3.0
+      object-assign: 4.1.1
+      thenify-all: 1.6.0
+
   nanoid@3.3.7: {}
 
   nanoid@4.0.2: {}
@@ -22615,6 +22814,14 @@ snapshots:
 
   possible-typed-array-names@1.0.0: {}
 
+  postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)):
+    dependencies:
+      lilconfig: 3.1.2
+      yaml: 2.4.5
+    optionalDependencies:
+      postcss: 8.4.39
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)
+
   postcss-media-query-parser@0.2.3: {}
 
   postcss-modules-extract-imports@3.0.0(postcss@8.4.31):
@@ -22690,6 +22897,12 @@ snapshots:
       picocolors: 1.0.0
       source-map-js: 1.2.0
 
+  postcss@8.4.39:
+    dependencies:
+      nanoid: 3.3.7
+      picocolors: 1.0.1
+      source-map-js: 1.2.0
+
   postgres-array@2.0.0: {}
 
   postgres-array@3.0.2: {}
@@ -23964,6 +24177,16 @@ snapshots:
 
   stylis@4.3.2: {}
 
+  sucrase@3.35.0:
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.5
+      commander: 4.1.1
+      glob: 10.4.2
+      lines-and-columns: 1.2.4
+      mz: 2.7.0
+      pirates: 4.0.5
+      ts-interface-checker: 0.1.13
+
   superagent@9.0.1:
     dependencies:
       component-emitter: 1.3.0
@@ -24095,6 +24318,14 @@ snapshots:
 
   text-table@0.2.0: {}
 
+  thenify-all@1.6.0:
+    dependencies:
+      thenify: 3.3.1
+
+  thenify@3.3.1:
+    dependencies:
+      any-promise: 1.3.0
+
   thirty-two@1.0.2: {}
 
   through2@4.0.2:
@@ -24166,7 +24397,9 @@ snapshots:
 
   ts-dedent@2.2.0: {}
 
-  ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3):
+  ts-interface-checker@0.1.13: {}
+
+  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
       '@tsconfig/node10': 1.0.9
@@ -24203,6 +24436,30 @@ snapshots:
 
   tsscmp@1.0.6: {}
 
+  tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3))(typescript@5.3.3):
+    dependencies:
+      bundle-require: 4.2.1(esbuild@0.21.5)
+      cac: 6.7.14
+      chokidar: 3.5.3
+      debug: 4.3.4
+      esbuild: 0.21.5
+      execa: 5.1.1
+      globby: 11.1.0
+      joycon: 3.1.1
+      postcss-load-config: 4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3))
+      resolve-from: 5.0.0
+      rollup: 4.14.3
+      source-map: 0.8.0-beta.0
+      sucrase: 3.35.0
+      tree-kill: 1.2.2
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+      postcss: 8.4.39
+      typescript: 5.3.3
+    transitivePeerDependencies:
+      - supports-color
+      - ts-node
+
   tty-table@4.1.6:
     dependencies:
       chalk: 4.1.2
@@ -24432,7 +24689,7 @@ snapshots:
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.2.9(@types/node@20.10.4)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.10.4)(sass@1.56.1)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -24449,7 +24706,7 @@ snapshots:
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.2.9(@types/node@20.11.20)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.11.20)(sass@1.56.1)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -24466,7 +24723,7 @@ snapshots:
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.2.9(@types/node@20.12.7)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.12.7)(sass@1.56.1)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -24477,30 +24734,30 @@ snapshots:
       - supports-color
       - terser
 
-  vite@5.2.9(@types/node@20.10.4)(sass@1.56.1):
+  vite@5.3.3(@types/node@20.10.4)(sass@1.56.1):
     dependencies:
-      esbuild: 0.20.2
-      postcss: 8.4.38
+      esbuild: 0.21.5
+      postcss: 8.4.39
       rollup: 4.14.3
     optionalDependencies:
       '@types/node': 20.10.4
       fsevents: 2.3.3
       sass: 1.56.1
 
-  vite@5.2.9(@types/node@20.11.20)(sass@1.56.1):
+  vite@5.3.3(@types/node@20.11.20)(sass@1.56.1):
     dependencies:
-      esbuild: 0.20.2
-      postcss: 8.4.38
+      esbuild: 0.21.5
+      postcss: 8.4.39
       rollup: 4.14.3
     optionalDependencies:
       '@types/node': 20.11.20
       fsevents: 2.3.3
       sass: 1.56.1
 
-  vite@5.2.9(@types/node@20.12.7)(sass@1.56.1):
+  vite@5.3.3(@types/node@20.12.7)(sass@1.56.1):
     dependencies:
-      esbuild: 0.20.2
-      postcss: 8.4.38
+      esbuild: 0.21.5
+      postcss: 8.4.39
       rollup: 4.14.3
     optionalDependencies:
       '@types/node': 20.12.7
@@ -24524,7 +24781,7 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.2.9(@types/node@20.10.4)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.10.4)(sass@1.56.1)
       vite-node: 2.0.0(@types/node@20.10.4)(sass@1.56.1)
       why-is-node-running: 2.2.2
     optionalDependencies:
@@ -24557,7 +24814,7 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.2.9(@types/node@20.11.20)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.11.20)(sass@1.56.1)
       vite-node: 2.0.0(@types/node@20.11.20)(sass@1.56.1)
       why-is-node-running: 2.2.2
     optionalDependencies:
@@ -24590,7 +24847,7 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.2.9(@types/node@20.12.7)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.12.7)(sass@1.56.1)
       vite-node: 2.0.0(@types/node@20.12.7)(sass@1.56.1)
       why-is-node-running: 2.2.2
     optionalDependencies:
@@ -24804,6 +25061,8 @@ snapshots:
 
   yaml@2.3.3: {}
 
+  yaml@2.4.5: {}
+
   yargs-parser@18.1.3:
     dependencies:
       camelcase: 5.3.1

From c5897b3893c76eda0c3eb566ea365b8d10a529ef Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Mon, 15 Jul 2024 15:36:14 +0800
Subject: [PATCH 017/135] refactor(core): remove subject token api prefix
 (#6235)

---
 packages/core/src/routes/init.ts                          | 4 ++--
 .../index.openapi.json => subject-token.openapi.json}     | 6 +++---
 .../src/routes/{security/index.ts => subject-token.ts}    | 8 +++++---
 packages/core/src/routes/swagger/index.ts                 | 2 +-
 packages/core/src/routes/swagger/utils/operation-id.ts    | 4 ++--
 packages/integration-tests/src/api/subject-token.ts       | 2 +-
 6 files changed, 14 insertions(+), 12 deletions(-)
 rename packages/core/src/routes/{security/index.openapi.json => subject-token.openapi.json} (83%)
 rename packages/core/src/routes/{security/index.ts => subject-token.ts} (91%)

diff --git a/packages/core/src/routes/init.ts b/packages/core/src/routes/init.ts
index 557004a2738a..f166af765f66 100644
--- a/packages/core/src/routes/init.ts
+++ b/packages/core/src/routes/init.ts
@@ -34,10 +34,10 @@ import resourceRoutes from './resource.js';
 import resourceScopeRoutes from './resource.scope.js';
 import roleRoutes from './role.js';
 import roleScopeRoutes from './role.scope.js';
-import securityRoutes from './security/index.js';
 import signInExperiencesRoutes from './sign-in-experience/index.js';
 import ssoConnectors from './sso-connector/index.js';
 import statusRoutes from './status.js';
+import subjectTokenRoutes from './subject-token.js';
 import swaggerRoutes from './swagger/index.js';
 import systemRoutes from './system.js';
 import type { AnonymousRouter, ManagementApiRouter } from './types.js';
@@ -89,7 +89,7 @@ const createRouters = (tenant: TenantContext) => {
   organizationRoutes(managementRouter, tenant);
   ssoConnectors(managementRouter, tenant);
   systemRoutes(managementRouter, tenant);
-  securityRoutes(managementRouter, tenant);
+  subjectTokenRoutes(managementRouter, tenant);
 
   const anonymousRouter: AnonymousRouter = new Router();
   wellKnownRoutes(anonymousRouter, tenant);
diff --git a/packages/core/src/routes/security/index.openapi.json b/packages/core/src/routes/subject-token.openapi.json
similarity index 83%
rename from packages/core/src/routes/security/index.openapi.json
rename to packages/core/src/routes/subject-token.openapi.json
index bbee8d1666b5..6f2384f0123b 100644
--- a/packages/core/src/routes/security/index.openapi.json
+++ b/packages/core/src/routes/subject-token.openapi.json
@@ -1,13 +1,13 @@
 {
   "tags": [
     {
-      "name": "Security",
-      "description": "Security related endpoints."
+      "name": "Subject tokens",
+      "description": "The subject token API provides the ability to create a new subject token for the use of impersonating the user."
     },
     { "name": "Dev feature" }
   ],
   "paths": {
-    "/api/security/subject-tokens": {
+    "/api/subject-tokens": {
       "post": {
         "summary": "Create a new subject token.",
         "description": "Create a new subject token for the use of impersonating the user.",
diff --git a/packages/core/src/routes/security/index.ts b/packages/core/src/routes/subject-token.ts
similarity index 91%
rename from packages/core/src/routes/security/index.ts
rename to packages/core/src/routes/subject-token.ts
index 45440dc87d4d..99cbcb84a5a9 100644
--- a/packages/core/src/routes/security/index.ts
+++ b/packages/core/src/routes/subject-token.ts
@@ -8,9 +8,11 @@ import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 
-import { type RouterInitArgs, type ManagementApiRouter } from '../types.js';
+import { type RouterInitArgs, type ManagementApiRouter } from './types.js';
 
-export default function securityRoutes<T extends ManagementApiRouter>(...args: RouterInitArgs<T>) {
+export default function subjectTokenRoutes<T extends ManagementApiRouter>(
+  ...args: RouterInitArgs<T>
+) {
   const [
     router,
     {
@@ -27,7 +29,7 @@ export default function securityRoutes<T extends ManagementApiRouter>(...args: R
   }
 
   router.post(
-    '/security/subject-tokens',
+    '/subject-tokens',
     koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
     koaGuard({
       body: object({
diff --git a/packages/core/src/routes/swagger/index.ts b/packages/core/src/routes/swagger/index.ts
index ffbc37d6626e..9973d7430c3a 100644
--- a/packages/core/src/routes/swagger/index.ts
+++ b/packages/core/src/routes/swagger/index.ts
@@ -155,7 +155,7 @@ const identifiableEntityNames = Object.freeze([
 const additionalTags = Object.freeze(
   condArray<string>(
     'Organization applications',
-    EnvSet.values.isDevFeaturesEnabled && 'Security',
+    EnvSet.values.isDevFeaturesEnabled && 'Subject tokens',
     'Organization users'
   )
 );
diff --git a/packages/core/src/routes/swagger/utils/operation-id.ts b/packages/core/src/routes/swagger/utils/operation-id.ts
index fe3df4002eb4..b65795657b79 100644
--- a/packages/core/src/routes/swagger/utils/operation-id.ts
+++ b/packages/core/src/routes/swagger/utils/operation-id.ts
@@ -25,8 +25,8 @@ const methodToVerb = Object.freeze({
 type RouteDictionary = Record<`${OpenAPIV3.HttpMethods} ${string}`, string>;
 
 const devFeatureCustomRoutes: RouteDictionary = Object.freeze({
-  // Security
-  'post /security/subject-tokens': 'CreateSubjectToken',
+  // Subject tokens
+  'post /subject-tokens': 'CreateSubjectToken',
 });
 
 export const customRoutes: Readonly<RouteDictionary> = Object.freeze({
diff --git a/packages/integration-tests/src/api/subject-token.ts b/packages/integration-tests/src/api/subject-token.ts
index 8eba50195209..ec54bff45dd1 100644
--- a/packages/integration-tests/src/api/subject-token.ts
+++ b/packages/integration-tests/src/api/subject-token.ts
@@ -4,7 +4,7 @@ import { authedAdminApi } from './api.js';
 
 export const createSubjectToken = async (userId: string, context?: JsonObject) =>
   authedAdminApi
-    .post('security/subject-tokens', {
+    .post('subject-tokens', {
       json: {
         userId,
         context,

From f94fb519f442e6a9d592d89583400f8f7dd98da7 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 15 Jul 2024 18:32:42 +0800
Subject: [PATCH 018/135] feat(core): add get available sso connectors endpoint
 (#6224)

feat(core): implement get sso connectors
implement get sso connectors endpoint
---
 .../sign-in-experience-validator.ts           | 36 ++++++++-------
 .../enterprise-sso-verification.ts            | 32 +++++++++++++
 .../src/client/experience/index.ts            |  9 ++++
 .../enterprise-sso-verification.test.ts       | 46 +++++++++++++++++++
 4 files changed, 106 insertions(+), 17 deletions(-)

diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
index 26f095f3a911..5bd7935ce2bb 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
@@ -71,7 +71,7 @@ export class SignInExperienceValidator {
     }
   }
 
-  async verifyIdentificationMethod(
+  public async verifyIdentificationMethod(
     event: InteractionEvent,
     verificationRecord: VerificationRecord
   ) {
@@ -93,7 +93,21 @@ export class SignInExperienceValidator {
     await this.guardSsoOnlyEmailIdentifier(verificationRecord);
   }
 
-  private async getSignInExperienceData() {
+  public async getEnabledSsoConnectorsByEmail(email: string) {
+    const domain = email.split('@')[1];
+    const { singleSignOnEnabled } = await this.getSignInExperienceData();
+
+    if (!singleSignOnEnabled || !domain) {
+      return [];
+    }
+
+    const { getAvailableSsoConnectors } = this.libraries.ssoConnectors;
+    const availableSsoConnectors = await getAvailableSsoConnectors();
+
+    return availableSsoConnectors.filter(({ domains }) => domains.includes(domain));
+  }
+
+  public async getSignInExperienceData() {
     this.signInExperienceDataCache ||=
       await this.queries.signInExperiences.findDefaultSignInExperience();
 
@@ -117,29 +131,17 @@ export class SignInExperienceValidator {
       return;
     }
 
-    const domain = emailIdentifier.split('@')[1];
-    const { singleSignOnEnabled } = await this.getSignInExperienceData();
-
-    if (!singleSignOnEnabled || !domain) {
-      return;
-    }
-
-    const { getAvailableSsoConnectors } = this.libraries.ssoConnectors;
-    const availableSsoConnectors = await getAvailableSsoConnectors();
-
-    const domainEnabledConnectors = availableSsoConnectors.filter(({ domains }) =>
-      domains.includes(domain)
-    );
+    const enabledSsoConnectors = await this.getEnabledSsoConnectorsByEmail(emailIdentifier);
 
     assertThat(
-      domainEnabledConnectors.length === 0,
+      enabledSsoConnectors.length === 0,
       new RequestError(
         {
           code: 'session.sso_enabled',
           status: 422,
         },
         {
-          ssoConnectors: domainEnabledConnectors,
+          ssoConnectors: enabledSsoConnectors,
         }
       )
     );
diff --git a/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts b/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts
index 05464cee4c8f..bdb1d86e704e 100644
--- a/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts
@@ -100,4 +100,36 @@ export default function enterpriseSsoVerificationRoutes<T extends WithLogContext
       return next();
     }
   );
+
+  router.get(
+    `${experienceRoutes.verification}/sso/connectors`,
+    koaGuard({
+      query: z.object({
+        email: z.string().email(),
+      }),
+      status: [200, 400],
+      response: z.object({
+        connectorIds: z.string().array(),
+      }),
+    }),
+    async (ctx, next) => {
+      const { email } = ctx.guard.query;
+      const {
+        experienceInteraction: { signInExperienceValidator },
+      } = ctx;
+
+      assertThat(
+        email.split('@')[1],
+        new RequestError({ code: 'guard.invalid_input', status: 400, email })
+      );
+
+      const connectors = await signInExperienceValidator.getEnabledSsoConnectorsByEmail(email);
+
+      ctx.body = {
+        connectorIds: connectors.map(({ id }) => id),
+      };
+
+      return next();
+    }
+  );
 }
diff --git a/packages/integration-tests/src/client/experience/index.ts b/packages/integration-tests/src/client/experience/index.ts
index 2bacb75b6ccb..8a06e389f4f4 100644
--- a/packages/integration-tests/src/client/experience/index.ts
+++ b/packages/integration-tests/src/client/experience/index.ts
@@ -152,6 +152,15 @@ export class ExperienceClient extends MockClient {
       .json<{ verificationId: string }>();
   }
 
+  public async getAvailableSsoConnectors(email: string) {
+    return api
+      .get(`${experienceRoutes.verification}/sso/connectors`, {
+        headers: { cookie: this.interactionCookie },
+        searchParams: { email },
+      })
+      .json<{ connectorIds: string[] }>();
+  }
+
   public async createTotpSecret() {
     return api
       .post(`${experienceRoutes.verification}/totp/secret`, {
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/enterprise-sso-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/enterprise-sso-verification.test.ts
index f1b98dfe2555..a33a05a0ae8a 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/enterprise-sso-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/enterprise-sso-verification.test.ts
@@ -198,4 +198,50 @@ devFeatureTest.describe('enterprise sso verification', () => {
       });
     });
   });
+
+  describe('getSsoConnectorsByEmail', () => {
+    const ssoConnectorApi = new SsoConnectorApi();
+    const domain = `foo${randomString()}.com`;
+
+    beforeAll(async () => {
+      await ssoConnectorApi.createMockOidcConnector([domain]);
+
+      await updateSignInExperience({
+        singleSignOnEnabled: true,
+      });
+    });
+
+    afterAll(async () => {
+      await ssoConnectorApi.cleanUp();
+    });
+
+    it('should get sso connectors with given email properly', async () => {
+      const client = await initExperienceClient();
+
+      const response = await client.getAvailableSsoConnectors('bar@' + domain);
+
+      expect(response.connectorIds.length).toBeGreaterThan(0);
+      expect(response.connectorIds[0]).toBe(ssoConnectorApi.firstConnectorId);
+    });
+
+    it('should return empty array if no sso connectors found', async () => {
+      const client = await initExperienceClient();
+
+      const response = await client.getAvailableSsoConnectors('bar@invalid.com');
+
+      expect(response.connectorIds.length).toBe(0);
+    });
+
+    it('should return empty array if sso is not enabled', async () => {
+      await updateSignInExperience({
+        singleSignOnEnabled: false,
+      });
+
+      const client = await initExperienceClient();
+
+      const response = await client.getAvailableSsoConnectors('bar@' + domain);
+
+      expect(response.connectorIds.length).toBe(0);
+    });
+  });
 });

From bf139e5a8a17b1787fb276a75c63ac041cddc4d6 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 15 Jul 2024 19:00:18 +0800
Subject: [PATCH 019/135] feat(elements): init i18n

---
 commitlint.config.ts                          |  2 +-
 packages/console/src/pages/Profile/index.tsx  | 14 +--
 packages/elements/.gitignore                  |  1 +
 packages/elements/lit-localize.json           | 15 +++
 packages/elements/package.json                | 12 ++-
 .../src/components/logto-card-section.ts      | 34 +++++++
 .../src/components/logto-form-card.ts         | 12 ++-
 .../src/elements/logto-profile-card.ts        | 30 ++++++
 packages/elements/src/index.ts                |  3 +
 packages/elements/src/locales/en.ts           |  9 --
 packages/elements/src/locales/index.ts        | 40 --------
 packages/elements/src/react.ts                |  9 +-
 packages/elements/src/utils/locale.ts         | 11 +++
 packages/elements/xliff/de.xlf                | 18 ++++
 packages/elements/xliff/es.xlf                | 18 ++++
 packages/elements/xliff/fr.xlf                | 18 ++++
 packages/elements/xliff/it.xlf                | 18 ++++
 packages/elements/xliff/ja.xlf                | 18 ++++
 packages/elements/xliff/ko.xlf                | 18 ++++
 packages/elements/xliff/pl-PL.xlf             | 18 ++++
 packages/elements/xliff/pt-BR.xlf             | 18 ++++
 packages/elements/xliff/pt-PT.xlf             | 18 ++++
 packages/elements/xliff/ru.xlf                | 18 ++++
 packages/elements/xliff/tr-TR.xlf             | 18 ++++
 packages/elements/xliff/zh-CN.xlf             | 18 ++++
 packages/elements/xliff/zh-HK.xlf             | 18 ++++
 packages/elements/xliff/zh-TW.xlf             | 18 ++++
 pnpm-lock.yaml                                | 92 ++++++++++++++++---
 28 files changed, 458 insertions(+), 78 deletions(-)
 create mode 100644 packages/elements/.gitignore
 create mode 100644 packages/elements/lit-localize.json
 create mode 100644 packages/elements/src/components/logto-card-section.ts
 create mode 100644 packages/elements/src/elements/logto-profile-card.ts
 delete mode 100644 packages/elements/src/locales/en.ts
 delete mode 100644 packages/elements/src/locales/index.ts
 create mode 100644 packages/elements/src/utils/locale.ts
 create mode 100644 packages/elements/xliff/de.xlf
 create mode 100644 packages/elements/xliff/es.xlf
 create mode 100644 packages/elements/xliff/fr.xlf
 create mode 100644 packages/elements/xliff/it.xlf
 create mode 100644 packages/elements/xliff/ja.xlf
 create mode 100644 packages/elements/xliff/ko.xlf
 create mode 100644 packages/elements/xliff/pl-PL.xlf
 create mode 100644 packages/elements/xliff/pt-BR.xlf
 create mode 100644 packages/elements/xliff/pt-PT.xlf
 create mode 100644 packages/elements/xliff/ru.xlf
 create mode 100644 packages/elements/xliff/tr-TR.xlf
 create mode 100644 packages/elements/xliff/zh-CN.xlf
 create mode 100644 packages/elements/xliff/zh-HK.xlf
 create mode 100644 packages/elements/xliff/zh-TW.xlf

diff --git a/commitlint.config.ts b/commitlint.config.ts
index 5f44c75e5e8b..c89743462dc5 100644
--- a/commitlint.config.ts
+++ b/commitlint.config.ts
@@ -7,7 +7,7 @@ const config: UserConfig = {
   extends: ['@commitlint/config-conventional'],
   rules: {
     'type-enum': [2, 'always', [...conventional.rules['type-enum'][2], 'api', 'release']],
-    'scope-enum': [2, 'always', ['connector', 'console', 'core', 'demo-app', 'test', 'phrases', 'schemas', 'shared', 'experience', 'deps', 'deps-dev', 'cli', 'toolkit', 'cloud', 'app-insights']],
+    'scope-enum': [2, 'always', ['connector', 'console', 'core', 'demo-app', 'test', 'phrases', 'schemas', 'shared', 'experience', 'deps', 'deps-dev', 'cli', 'toolkit', 'cloud', 'app-insights', 'elements']],
     // Slightly increase the tolerance to allow the appending PR number
     ...(isCi && { 'header-max-length': [2, 'always', 110] }),
     'body-max-line-length': [2, 'always', 110],
diff --git a/packages/console/src/pages/Profile/index.tsx b/packages/console/src/pages/Profile/index.tsx
index 3560bab4cb9a..aa71c15acd8a 100644
--- a/packages/console/src/pages/Profile/index.tsx
+++ b/packages/console/src/pages/Profile/index.tsx
@@ -1,4 +1,4 @@
-import { createReactComponents } from '@logto/elements/react';
+import { createReactComponents, initLocalization } from '@logto/elements/react';
 import type { ConnectorResponse } from '@logto/schemas';
 import React, { useCallback, useState } from 'react';
 import { useTranslation } from 'react-i18next';
@@ -32,7 +32,11 @@ import Skeleton from './components/Skeleton';
 import DeleteAccountModal from './containers/DeleteAccountModal';
 import * as styles from './index.module.scss';
 
-const { LogtoFormCard, LogtoThemeProvider } = createReactComponents(React);
+if (isDevFeaturesEnabled) {
+  initLocalization();
+}
+
+const { LogtoProfileCard, LogtoThemeProvider } = createReactComponents(React);
 
 function Profile() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
@@ -75,11 +79,7 @@ function Profile() {
                 <CardTitle title="profile.title" subtitle="profile.description" />
               </div>
               {showLoadingSkeleton && <Skeleton />}
-              {isDevFeaturesEnabled && (
-                <LogtoFormCard title="sections.profile">
-                  <p>🚧 This section is a dev feature that is still working in progress.</p>
-                </LogtoFormCard>
-              )}
+              {isDevFeaturesEnabled && <LogtoProfileCard />}
               {user && !showLoadingSkeleton && (
                 <div className={styles.content}>
                   <BasicUserInfoSection user={user} onUpdate={reload} />
diff --git a/packages/elements/.gitignore b/packages/elements/.gitignore
new file mode 100644
index 000000000000..d3db8f9b18c4
--- /dev/null
+++ b/packages/elements/.gitignore
@@ -0,0 +1 @@
+src/generated/
diff --git a/packages/elements/lit-localize.json b/packages/elements/lit-localize.json
new file mode 100644
index 000000000000..6df04a74a424
--- /dev/null
+++ b/packages/elements/lit-localize.json
@@ -0,0 +1,15 @@
+{
+  "$schema": "https://raw.githubusercontent.com/lit/lit/main/packages/localize-tools/config.schema.json",
+  "sourceLocale": "en",
+  "targetLocales": ["de", "es", "fr", "it", "ja", "ko", "pl-PL", "pt-BR", "pt-PT", "ru", "tr-TR", "zh-CN", "zh-HK", "zh-TW"],
+  "tsConfig": "./tsconfig.json",
+  "output": {
+    "mode": "runtime",
+    "outputDir": "./src/generated/locales",
+    "localeCodesModule": "./src/generated/locale-codes.ts"
+  },
+  "interchange": {
+    "format": "xliff",
+    "xliffDir": "./xliff/"
+  }
+}
diff --git a/packages/elements/package.json b/packages/elements/package.json
index 3ac8d3e2dbab..b9640c5ecdbd 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -27,13 +27,15 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build": "tsup",
-    "dev": "tsup --watch --no-splitting",
+    "build": "lit-localize build && tsup",
+    "dev": "lit-localize build && tsup --watch --no-splitting",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "echo \"No tests yet.\"",
     "test:ci": "pnpm run test --silent --coverage",
-    "prepack": "pnpm build"
+    "prepack": "pnpm check && pnpm build",
+    "localize": "lit-localize",
+    "check": "lit-localize extract && git add . -N && git diff --exit-code"
   },
   "engines": {
     "node": "^20.9.0"
@@ -48,6 +50,7 @@
     "lit": "^3.1.4"
   },
   "devDependencies": {
+    "@lit/localize-tools": "^0.7.2",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "eslint": "^8.56.0",
@@ -57,6 +60,9 @@
   },
   "eslintConfig": {
     "extends": "@silverhand",
+    "ignorePatterns": [
+      "src/generated/"
+    ],
     "rules": {
       "no-console": "error",
       "unicorn/prevent-abbreviations": [
diff --git a/packages/elements/src/components/logto-card-section.ts b/packages/elements/src/components/logto-card-section.ts
new file mode 100644
index 000000000000..de4e88be549c
--- /dev/null
+++ b/packages/elements/src/components/logto-card-section.ts
@@ -0,0 +1,34 @@
+import { localized, msg } from '@lit/localize';
+import { LitElement, css, html } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-card-section';
+
+@customElement(tagName)
+@localized()
+export class LogtoCardSection extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    header {
+      font: ${vars.fontLabel2};
+      color: ${vars.colorText};
+      margin-bottom: ${unit(1)};
+    }
+  `;
+
+  @property()
+  heading = msg('Not available', {
+    id: 'form-card.fallback-title',
+    desc: 'The fallback title of a form card when the title is not provided.',
+  });
+
+  render() {
+    return html`
+      <header>${this.heading}</header>
+      <slot></slot>
+    `;
+  }
+}
diff --git a/packages/elements/src/components/logto-form-card.ts b/packages/elements/src/components/logto-form-card.ts
index 4b371b980243..dc02bbd99207 100644
--- a/packages/elements/src/components/logto-form-card.ts
+++ b/packages/elements/src/components/logto-form-card.ts
@@ -1,14 +1,15 @@
+import { localized, msg } from '@lit/localize';
 import { cond } from '@silverhand/essentials';
 import { LitElement, css, html } from 'lit';
 import { customElement, property } from 'lit/decorators.js';
 
-import { type LocaleKeyOptional, type LocaleKey } from '../locales/index.js';
 import { unit } from '../utils/css.js';
 import { vars } from '../utils/theme.js';
 
 const tagName = 'logto-form-card';
 
 @customElement(tagName)
+@localized()
 export class LogtoFormCard extends LitElement {
   static tagName = tagName;
   static styles = css`
@@ -35,16 +36,19 @@ export class LogtoFormCard extends LitElement {
   `;
 
   @property()
-  title: LocaleKey = 'placeholders.not_available';
+  heading = msg('Not available', {
+    id: 'form-card.fallback-title',
+    desc: 'The fallback title of a form card when the title is not provided.',
+  });
 
   @property()
-  description: LocaleKeyOptional = '';
+  description = '';
 
   render() {
     return html`
       <logto-card>
         <header>
-          <div role="heading">${this.title}</div>
+          <div role="heading">${this.heading}</div>
           ${cond(this.description && html`<p>${this.description}</p>`)}
         </header>
         <div class="spacer"></div>
diff --git a/packages/elements/src/elements/logto-profile-card.ts b/packages/elements/src/elements/logto-profile-card.ts
new file mode 100644
index 000000000000..faa12273ad92
--- /dev/null
+++ b/packages/elements/src/elements/logto-profile-card.ts
@@ -0,0 +1,30 @@
+import { localized, msg } from '@lit/localize';
+import { LitElement, css, html } from 'lit';
+import { customElement } from 'lit/decorators.js';
+
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-profile-card';
+
+@customElement(tagName)
+@localized()
+export class LogtoProfileCard extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    p {
+      color: ${vars.colorTextSecondary};
+    }
+  `;
+
+  render() {
+    return html`
+      <logto-form-card heading=${msg('Profile', { id: 'account.profile.title' })}>
+        <logto-card-section
+          heading=${msg('Personal information', { id: 'account.profile.personal-info.title' })}
+        >
+          <p>🚧 This section is a dev feature that is still working in progress.</p>
+        </logto-card-section>
+      </logto-form-card>
+    `;
+  }
+}
diff --git a/packages/elements/src/index.ts b/packages/elements/src/index.ts
index d4cb36992705..de8f4983214e 100644
--- a/packages/elements/src/index.ts
+++ b/packages/elements/src/index.ts
@@ -1,3 +1,6 @@
+export * from './components/logto-card-section.js';
 export * from './components/logto-card.js';
 export * from './components/logto-form-card.js';
 export * from './components/logto-theme-provider.js';
+export * from './elements/logto-profile-card.js';
+export * from './utils/locale.js';
diff --git a/packages/elements/src/locales/en.ts b/packages/elements/src/locales/en.ts
deleted file mode 100644
index f8998af8bc90..000000000000
--- a/packages/elements/src/locales/en.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-export const en = Object.freeze({
-  placeholders: {
-    not_available: 'Not available',
-  },
-  sections: {
-    profile: 'Profile',
-    security: 'Security',
-  },
-});
diff --git a/packages/elements/src/locales/index.ts b/packages/elements/src/locales/index.ts
deleted file mode 100644
index bfce23d867f2..000000000000
--- a/packages/elements/src/locales/index.ts
+++ /dev/null
@@ -1,40 +0,0 @@
-import { type en } from './en.js';
-
-type KeyPath<T> = T extends Record<string, unknown>
-  ? {
-      [K in keyof T]: K extends string
-        ? T[K] extends Record<string, unknown>
-          ? `${K}.${KeyPath<T[K]>}`
-          : `${K}`
-        : never;
-    }[keyof T]
-  : '';
-
-/** The type of a full locale data object. */
-export type LocaleData = typeof en;
-
-/**
- * The type of a locale key. It is a string that represents a path to a value in the locale data
- * object.
- *
- * @example
- * With the following locale data object:
- *
- * ```ts
- * const en = {
- *   profile: {
- *     title: 'Profile',
- *     description: 'Your profile',
- *   },
- * };
- * ```
- *
- * The locale key for the title would be `'profile.title'`.
- */
-export type LocaleKey = KeyPath<LocaleData>;
-
-/**
- * The type of a locale key that is optional. Note that it uses an empty string to represent the
- * absence of a key since Web Components do not support `undefined` as a property value.
- */
-export type LocaleKeyOptional = LocaleKey | '';
diff --git a/packages/elements/src/react.ts b/packages/elements/src/react.ts
index 1a3df2b52934..cacc64ea1bff 100644
--- a/packages/elements/src/react.ts
+++ b/packages/elements/src/react.ts
@@ -1,6 +1,8 @@
 import { createComponent } from '@lit/react';
 
-import { LogtoThemeProvider, LogtoCard, LogtoFormCard } from './index.js';
+import { LogtoThemeProvider, LogtoCard, LogtoFormCard, LogtoProfileCard } from './index.js';
+
+export * from './utils/locale.js';
 
 export const createReactComponents = (react: Parameters<typeof createComponent>[0]['react']) => {
   return {
@@ -9,6 +11,11 @@ export const createReactComponents = (react: Parameters<typeof createComponent>[
       elementClass: LogtoFormCard,
       react,
     }),
+    LogtoProfileCard: createComponent({
+      tagName: LogtoProfileCard.tagName,
+      elementClass: LogtoProfileCard,
+      react,
+    }),
     LogtoCard: createComponent({
       tagName: LogtoCard.tagName,
       elementClass: LogtoCard,
diff --git a/packages/elements/src/utils/locale.ts b/packages/elements/src/utils/locale.ts
new file mode 100644
index 000000000000..7b41d4213b88
--- /dev/null
+++ b/packages/elements/src/utils/locale.ts
@@ -0,0 +1,11 @@
+import { configureLocalization } from '@lit/localize';
+
+// Generated via output.localeCodesModule
+import { sourceLocale, targetLocales } from '../generated/locale-codes.js';
+
+export const initLocalization = () =>
+  configureLocalization({
+    sourceLocale,
+    targetLocales,
+    loadLocale: async (locale) => import(`/locales/${locale}.js`),
+  });
diff --git a/packages/elements/xliff/de.xlf b/packages/elements/xliff/de.xlf
new file mode 100644
index 000000000000..29226b9e3211
--- /dev/null
+++ b/packages/elements/xliff/de.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="de" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Nicht verfügbar</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/es.xlf b/packages/elements/xliff/es.xlf
new file mode 100644
index 000000000000..27081c5ff4c9
--- /dev/null
+++ b/packages/elements/xliff/es.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="es" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>No disponible</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/fr.xlf b/packages/elements/xliff/fr.xlf
new file mode 100644
index 000000000000..d15883afb2f0
--- /dev/null
+++ b/packages/elements/xliff/fr.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="fr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Non disponible</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/it.xlf b/packages/elements/xliff/it.xlf
new file mode 100644
index 000000000000..891dd2a0cc7d
--- /dev/null
+++ b/packages/elements/xliff/it.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="it" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Non disponibile</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/ja.xlf b/packages/elements/xliff/ja.xlf
new file mode 100644
index 000000000000..cd69abf18910
--- /dev/null
+++ b/packages/elements/xliff/ja.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="ja" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>利用できません</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/ko.xlf b/packages/elements/xliff/ko.xlf
new file mode 100644
index 000000000000..11d955e80cc0
--- /dev/null
+++ b/packages/elements/xliff/ko.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="ko" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>사용할 수 없음</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/pl-PL.xlf b/packages/elements/xliff/pl-PL.xlf
new file mode 100644
index 000000000000..6773af30bcb5
--- /dev/null
+++ b/packages/elements/xliff/pl-PL.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="pl-PL" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Niedostępne</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/pt-BR.xlf b/packages/elements/xliff/pt-BR.xlf
new file mode 100644
index 000000000000..d13410c2f0cc
--- /dev/null
+++ b/packages/elements/xliff/pt-BR.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="pt-BR" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Não disponível</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/pt-PT.xlf b/packages/elements/xliff/pt-PT.xlf
new file mode 100644
index 000000000000..7c4554c56122
--- /dev/null
+++ b/packages/elements/xliff/pt-PT.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="pt-PT" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Não disponível</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/ru.xlf b/packages/elements/xliff/ru.xlf
new file mode 100644
index 000000000000..04de783759fa
--- /dev/null
+++ b/packages/elements/xliff/ru.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="ru" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Недоступно</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/tr-TR.xlf b/packages/elements/xliff/tr-TR.xlf
new file mode 100644
index 000000000000..2a68b7f21454
--- /dev/null
+++ b/packages/elements/xliff/tr-TR.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="tr-TR" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>Mevcut değil</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/zh-CN.xlf b/packages/elements/xliff/zh-CN.xlf
new file mode 100644
index 000000000000..ddd4d329885c
--- /dev/null
+++ b/packages/elements/xliff/zh-CN.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="zh-CN" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>不可用</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/zh-HK.xlf b/packages/elements/xliff/zh-HK.xlf
new file mode 100644
index 000000000000..010937564ab4
--- /dev/null
+++ b/packages/elements/xliff/zh-HK.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="zh-HK" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>不可用</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/packages/elements/xliff/zh-TW.xlf b/packages/elements/xliff/zh-TW.xlf
new file mode 100644
index 000000000000..baff9eed8dcb
--- /dev/null
+++ b/packages/elements/xliff/zh-TW.xlf
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+<file target-language="zh-TW" source-language="en" original="lit-localize-inputs" datatype="plaintext">
+<body>
+<trans-unit id="form-card.fallback-title">
+  <source>Not available</source>
+  <target>不可用</target>
+  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
+</trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
+</body>
+</file>
+</xliff>
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 90e736f82dc2..3cfa8d2677f6 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3144,7 +3144,7 @@ importers:
         version: 2.2.0(react@18.2.0)
       ts-node:
         specifier: ^10.9.2
-        version: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)
+        version: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
       tslib:
         specifier: ^2.4.1
         version: 2.4.1
@@ -3567,6 +3567,9 @@ importers:
         specifier: ^3.1.4
         version: 3.1.4
     devDependencies:
+      '@lit/localize-tools':
+        specifier: ^0.7.2
+        version: 0.7.2
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
@@ -5217,6 +5220,10 @@ packages:
   '@lit-labs/ssr-dom-shim@1.2.0':
     resolution: {integrity: sha512-yWJKmpGE6lUURKAaIltoPIE/wrbY3TEkqQt+X0m+7fQNnAv0keydnYvbiJFP1PnMhizmIWRWOG5KLhYyc/xl+g==}
 
+  '@lit/localize-tools@0.7.2':
+    resolution: {integrity: sha512-d5tehVao3Hz1DlTq6jy7TUYrCeyFi/E4BkzWr8MuAMjIM8aoKCR9s3cUw6m++8ZIiqGm2z7+6aHaPc/p1FGHyA==}
+    hasBin: true
+
   '@lit/localize@0.12.1':
     resolution: {integrity: sha512-uuF6OO6fjqomCf3jXsJ5cTGf1APYuN88S4Gvo/fjt9YkG4OMaMvpEUqd5oWhyzrJfY+HcenAbLJNi2Cq3H7gdg==}
 
@@ -5652,6 +5659,9 @@ packages:
     peerDependencies:
       '@parcel/core': ^2.9.3
 
+  '@parse5/tools@0.3.0':
+    resolution: {integrity: sha512-zxRyTHkqb7WQMV8kTNBKWb1BeOFUKXBXTBWuxg9H9hfvQB3IwP6Iw2U75Ia5eyRxPNltmY7E8YAlz6zWwUnjKg==}
+
   '@peculiar/asn1-android@2.3.10':
     resolution: {integrity: sha512-z9Rx9cFJv7UUablZISe7uksNbFJCq13hO0yEAOoIpAymALTLlvUOSLnGiQS7okPaM5dP42oTLhezH6XDXRXjGw==}
 
@@ -8811,6 +8821,10 @@ packages:
     resolution: {integrity: sha512-cR/vflFyPZtrN6b38ZyWxpWdhlXrzZEBawlpBQMq7033xVY7/kg0GDMBK5jg8lDYQckdJ5x/YC88lM3C7VMsLg==}
     engines: {node: '>=0.10.0'}
 
+  fs-extra@10.1.0:
+    resolution: {integrity: sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==}
+    engines: {node: '>=12'}
+
   fs-extra@7.0.1:
     resolution: {integrity: sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==}
     engines: {node: '>=6 <7 || >=8'}
@@ -9948,10 +9962,16 @@ packages:
   jsonfile@4.0.0:
     resolution: {integrity: sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==}
 
+  jsonfile@6.1.0:
+    resolution: {integrity: sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==}
+
   jsonparse@1.3.1:
     resolution: {integrity: sha512-POQXvpdL69+CluYsillJ7SUhKvytYjW9vG/GKpnf+xP8UWgYEM/RaMzHHofbALDiKbbP1W8UEYmgGl39WkPZsg==}
     engines: {'0': node >= 0.2.0}
 
+  jsonschema@1.4.1:
+    resolution: {integrity: sha512-S6cATIPVv1z0IlxdN+zUk5EPjkGCdnhN4wVSBlvoUO1tOLJootbo9CquNJmbIh4yikWHiUedhRYrNPn1arpEmQ==}
+
   jsonwebtoken@9.0.2:
     resolution: {integrity: sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==}
     engines: {node: '>=12', npm: '>=6'}
@@ -12243,6 +12263,9 @@ packages:
   source-map-support@0.5.13:
     resolution: {integrity: sha512-SHSKFHadjVA5oR4PPqhtAVdcBWwRYVd6g6cAXnIbRiIwc2EhPrTuKUBdSLvlEKyIP3GCf89fltvcZiP9MMFA1w==}
 
+  source-map-support@0.5.21:
+    resolution: {integrity: sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==}
+
   source-map@0.6.1:
     resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==}
     engines: {node: '>=0.10.0'}
@@ -12890,6 +12913,10 @@ packages:
     resolution: {integrity: sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==}
     engines: {node: '>= 4.0.0'}
 
+  universalify@2.0.1:
+    resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==}
+    engines: {node: '>= 10.0.0'}
+
   unpipe@1.0.0:
     resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==}
     engines: {node: '>= 0.8'}
@@ -14945,6 +14972,20 @@ snapshots:
 
   '@lit-labs/ssr-dom-shim@1.2.0': {}
 
+  '@lit/localize-tools@0.7.2':
+    dependencies:
+      '@lit/localize': 0.12.1
+      '@parse5/tools': 0.3.0
+      '@xmldom/xmldom': 0.8.7
+      fast-glob: 3.3.2
+      fs-extra: 10.1.0
+      jsonschema: 1.4.1
+      lit: 3.1.4
+      minimist: 1.2.8
+      parse5: 7.1.1
+      source-map-support: 0.5.21
+      typescript: 5.3.3
+
   '@lit/localize@0.12.1':
     dependencies:
       lit: 3.1.4
@@ -15721,6 +15762,10 @@ snapshots:
       '@parcel/utils': 2.9.3
       nullthrows: 1.1.1
 
+  '@parse5/tools@0.3.0':
+    dependencies:
+      parse5: 7.1.1
+
   '@peculiar/asn1-android@2.3.10':
     dependencies:
       '@peculiar/asn1-schema': 2.3.8
@@ -16062,10 +16107,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -18898,13 +18943,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18915,14 +18960,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18944,7 +18989,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18954,7 +18999,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -19457,6 +19502,12 @@ snapshots:
 
   fs-exists-sync@0.1.0: {}
 
+  fs-extra@10.1.0:
+    dependencies:
+      graceful-fs: 4.2.11
+      jsonfile: 6.1.0
+      universalify: 2.0.1
+
   fs-extra@7.0.1:
     dependencies:
       graceful-fs: 4.2.11
@@ -20528,7 +20579,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20987,8 +21038,16 @@ snapshots:
     optionalDependencies:
       graceful-fs: 4.2.11
 
+  jsonfile@6.1.0:
+    dependencies:
+      universalify: 2.0.1
+    optionalDependencies:
+      graceful-fs: 4.2.11
+
   jsonparse@1.3.1: {}
 
+  jsonschema@1.4.1: {}
+
   jsonwebtoken@9.0.2:
     dependencies:
       jws: 3.2.2
@@ -22820,7 +22879,7 @@ snapshots:
       yaml: 2.4.5
     optionalDependencies:
       postcss: 8.4.39
-      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
 
   postcss-media-query-parser@0.2.3: {}
 
@@ -23883,6 +23942,11 @@ snapshots:
       buffer-from: 1.1.2
       source-map: 0.6.1
 
+  source-map-support@0.5.21:
+    dependencies:
+      buffer-from: 1.1.2
+      source-map: 0.6.1
+
   source-map@0.6.1: {}
 
   source-map@0.7.4: {}
@@ -24399,7 +24463,7 @@ snapshots:
 
   ts-interface-checker@0.1.13: {}
 
-  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3):
+  ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
       '@tsconfig/node10': 1.0.9
@@ -24609,6 +24673,8 @@ snapshots:
 
   universalify@0.2.0: {}
 
+  universalify@2.0.1: {}
+
   unpipe@1.0.0: {}
 
   update-browserslist-db@1.0.10(browserslist@4.21.4):

From 84ac935c80b6c3af378fa275940963a09a4295ae Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 15 Jul 2024 19:02:57 +0800
Subject: [PATCH 020/135] feat(core,schemas): implement the register flow
 (#6237)

* feat(core,schemas): implement the register flow

implement the register flow

* refactor(core,schemas): relocate the profile type defs

relocate the profile type defs

* fix(core): fix the validation guard logic

fix the validation guard logic

* fix(core): fix social and sso identity not created bug

fix social and sso identity not created bug

* fix(core): fix social identities profile key

fix social identities profile key

* fix(core): fix sso query method

fix sso query method
---
 .../classes/experience-interaction.ts         | 137 ++++++++++++------
 .../src/routes/experience/classes/utils.ts    |  52 ++++++-
 .../classes/validators/profile-validator.ts   |  85 +++++++++++
 .../verifications/code-verification.ts        |  21 ++-
 .../enterprise-sso-verification.ts            |  65 ++++++++-
 .../verifications/password-verification.ts    |  17 ++-
 .../verifications/social-verification.ts      |  71 ++++++++-
 .../verifications/verification-record.ts      |  20 ++-
 packages/core/src/routes/experience/index.ts  |   4 +-
 packages/core/src/routes/experience/types.ts  |  50 +++++++
 10 files changed, 449 insertions(+), 73 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/validators/profile-validator.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 9be9636029ce..16f80f602131 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -1,5 +1,7 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import { InteractionEvent, VerificationType } from '@logto/schemas';
+import { InteractionEvent, type VerificationType } from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -7,8 +9,10 @@ import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import type { Interaction } from '../types.js';
+import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
 
+import { getNewUserProfileFromVerificationRecord, toUserSocialIdentityData } from './utils.js';
+import { ProfileValidator } from './validators/profile-validator.js';
 import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
   buildVerificationRecord,
@@ -20,14 +24,14 @@ import {
 type InteractionStorage = {
   interactionEvent?: InteractionEvent;
   userId?: string;
-  profile?: Record<string, unknown>;
+  profile?: InteractionProfile;
   verificationRecords?: VerificationRecordData[];
 };
 
 const interactionStorageGuard = z.object({
   interactionEvent: z.nativeEnum(InteractionEvent).optional(),
   userId: z.string().optional(),
-  profile: z.object({}).optional(),
+  profile: interactionProfileGuard.optional(),
   verificationRecords: verificationRecordDataGuard.array().optional(),
 }) satisfies ToZodObject<InteractionStorage>;
 
@@ -39,6 +43,7 @@ const interactionStorageGuard = z.object({
  */
 export default class ExperienceInteraction {
   public readonly signInExperienceValidator: SignInExperienceValidator;
+  public readonly profileValidator: ProfileValidator;
 
   /** The user verification record list for the current interaction. */
   private readonly verificationRecords = new Map<VerificationType, VerificationRecord>();
@@ -65,6 +70,7 @@ export default class ExperienceInteraction {
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
 
     if (!interactionDetails) {
+      this.profileValidator = new ProfileValidator(libraries, queries);
       return;
     }
 
@@ -82,6 +88,9 @@ export default class ExperienceInteraction {
     this.userId = userId;
     this.profile = profile;
 
+    // Profile validator requires the userId for existing user profile update validation
+    this.profileValidator = new ProfileValidator(libraries, queries, userId);
+
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
       this.verificationRecords.set(instance.type, instance);
@@ -123,16 +132,16 @@ export default class ExperienceInteraction {
    * Identify the user using the verification record.
    *
    * - Check if the verification record exists.
-   * - Verify the verification record with `SignInExperienceValidator`.
+   * - Verify the verification record with {@link SignInExperienceValidator}.
    * - Create a new user using the verification record if the current interaction event is `Register`.
    * - Identify the user using the verification record if the current interaction event is `SignIn` or `ForgotPassword`.
    * - Set the user id to the current interaction.
    *
-   * @throws RequestError with 404 if the interaction event is not set
-   * @throws RequestError with 404 if the verification record is not found
-   * @throws RequestError with 400 if the verification record is not valid for the current interaction event
-   * @throws RequestError with 401 if the user is suspended
-   * @throws RequestError with 409 if the current session has already identified a different user
+   * @throws RequestError with 404 if the interaction event is not set.
+   * @throws RequestError with 404 if the verification record is not found.
+   * @throws RequestError with 422 if the verification record is not enabled in the SIE settings.
+   * @see {@link identifyExistingUser} for more exceptions that can be thrown in the SignIn and ForgotPassword events.
+   * @see {@link createNewUser} for more exceptions that can be thrown in the Register event.
    **/
   public async identifyUser(verificationId: string) {
     const verificationRecord = this.getVerificationRecordById(verificationId);
@@ -196,9 +205,20 @@ export default class ExperienceInteraction {
 
   /** Submit the current interaction result to the OIDC provider and clear the interaction data */
   public async submit() {
-    // TODO: refine the error code
     assertThat(this.userId, 'session.verification_session_not_found');
 
+    // TODO: mfa validation
+    // TODO: missing profile fields validation
+
+    const {
+      queries: { users: userQueries },
+    } = this.tenant;
+
+    // Update user profile
+    await userQueries.updateUserById(this.userId, {
+      lastSignInAt: Date.now(),
+    });
+
     const { provider } = this.tenant;
 
     const redirectTo = await provider.interactionResult(this.ctx.req, this.ctx.res, {
@@ -224,46 +244,71 @@ export default class ExperienceInteraction {
     return [...this.verificationRecords.values()];
   }
 
+  /**
+   * Identify the existing user using the verification record.
+   *
+   * @throws RequestError with 400 if the verification record is not verified or not valid for identifying a user
+   * @throws RequestError with 404 if the user is not found
+   * @throws RequestError with 401 if the user is suspended
+   * @throws RequestError with 409 if the current session has already identified a different user
+   */
   private async identifyExistingUser(verificationRecord: VerificationRecord) {
-    switch (verificationRecord.type) {
-      case VerificationType.Password:
-      case VerificationType.VerificationCode:
-      case VerificationType.Social:
-      case VerificationType.EnterpriseSso: {
-        // TODO: social sign-in with verified email
-        const { id, isSuspended } = await verificationRecord.identifyUser();
-
-        assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
-
-        // Throws an 409 error if the current session has already identified a different user
-        if (this.userId) {
-          assertThat(
-            this.userId === id,
-            new RequestError({ code: 'session.identity_conflict', status: 409 })
-          );
-          return;
-        }
-
-        this.userId = id;
-        break;
-      }
-      default: {
-        // Unsupported verification type for identification, such as MFA verification.
-        throw new RequestError({ code: 'session.verification_failed', status: 400 });
-      }
+    // Check verification record can be used to identify a user using the `identifyUser` method.
+    // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
+    assertThat(
+      'identifyUser' in verificationRecord,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const { id, isSuspended } = await verificationRecord.identifyUser();
+
+    assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
+
+    // Throws an 409 error if the current session has already identified a different user
+    if (this.userId) {
+      assertThat(
+        this.userId === id,
+        new RequestError({ code: 'session.identity_conflict', status: 409 })
+      );
+      return;
     }
+
+    this.userId = id;
   }
 
   private async createNewUser(verificationRecord: VerificationRecord) {
-    // TODO: To be implemented
-    switch (verificationRecord.type) {
-      case VerificationType.VerificationCode: {
-        break;
-      }
-      default: {
-        // Unsupported verification type for user creation, such as MFA verification.
-        throw new RequestError({ code: 'session.verification_failed', status: 400 });
-      }
+    const {
+      libraries: {
+        users: { generateUserId, insertUser },
+      },
+      queries: { userSsoIdentities: userSsoIdentitiesQueries },
+    } = this.tenant;
+
+    const newProfile = await getNewUserProfileFromVerificationRecord(verificationRecord);
+
+    await this.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
+
+    // TODO: new user provisioning and hooks
+
+    const { socialIdentity, enterpriseSsoIdentity, ...rest } = newProfile;
+
+    const [user] = await insertUser(
+      {
+        id: await generateUserId(),
+        ...rest,
+        ...conditional(socialIdentity && { identities: toUserSocialIdentityData(socialIdentity) }),
+      },
+      []
+    );
+
+    if (enterpriseSsoIdentity) {
+      await userSsoIdentitiesQueries.insert({
+        id: generateStandardId(),
+        userId: user.id,
+        ...enterpriseSsoIdentity,
+      });
     }
+
+    this.userId = user.id;
   }
 }
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index 575908b45fa3..4ddb0534a210 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -1,7 +1,17 @@
-import { SignInIdentifier, type InteractionIdentifier } from '@logto/schemas';
+import {
+  SignInIdentifier,
+  VerificationType,
+  type InteractionIdentifier,
+  type User,
+} from '@logto/schemas';
 
+import RequestError from '#src/errors/RequestError/index.js';
 import type Queries from '#src/tenants/Queries.js';
 
+import type { InteractionProfile } from '../types.js';
+
+import { type VerificationRecord } from './verifications/index.js';
+
 export const findUserByIdentifier = async (
   userQuery: Queries['users'],
   { type, value }: InteractionIdentifier
@@ -18,3 +28,43 @@ export const findUserByIdentifier = async (
     }
   }
 };
+
+/**
+ * @throws {RequestError} -400 if the verification record type is not supported for user creation.
+ * @throws {RequestError} -400 if the verification record is not verified.
+ */
+export const getNewUserProfileFromVerificationRecord = async (
+  verificationRecord: VerificationRecord
+): Promise<InteractionProfile> => {
+  switch (verificationRecord.type) {
+    case VerificationType.VerificationCode: {
+      return verificationRecord.toUserProfile();
+    }
+    case VerificationType.EnterpriseSso:
+    case VerificationType.Social: {
+      const identityProfile = await verificationRecord.toUserProfile();
+      const syncedProfile = await verificationRecord.toSyncedProfile(true);
+      return { ...identityProfile, ...syncedProfile };
+    }
+    default: {
+      // Unsupported verification type for user creation, such as MFA verification.
+      throw new RequestError({ code: 'session.verification_failed', status: 400 });
+    }
+  }
+};
+
+/**
+ * Convert the interaction profile `socialIdentity` to `User['identities']` data format
+ */
+export const toUserSocialIdentityData = (
+  socialIdentity: Required<InteractionProfile>['socialIdentity']
+): User['identities'] => {
+  const { target, userInfo } = socialIdentity;
+
+  return {
+    [target]: {
+      userId: userInfo.id,
+      details: userInfo,
+    },
+  };
+};
diff --git a/packages/core/src/routes/experience/classes/validators/profile-validator.ts b/packages/core/src/routes/experience/classes/validators/profile-validator.ts
new file mode 100644
index 000000000000..a2c8bcb1ce0f
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/validators/profile-validator.ts
@@ -0,0 +1,85 @@
+import RequestError from '#src/errors/RequestError/index.js';
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import type { InteractionProfile } from '../../types.js';
+
+export class ProfileValidator {
+  constructor(
+    private readonly libraries: Libraries,
+    private readonly queries: Queries,
+    /** UserId is required for existing user profile update validation */
+    private readonly userId?: string
+  ) {}
+
+  public async guardProfileUniquenessAcrossUsers(profile: InteractionProfile) {
+    const { hasUser, hasUserWithEmail, hasUserWithPhone, hasUserWithIdentity } = this.queries.users;
+    const { userSsoIdentities } = this.queries;
+
+    const { username, primaryEmail, primaryPhone, socialIdentity, enterpriseSsoIdentity } = profile;
+
+    if (username) {
+      assertThat(
+        !(await hasUser(username)),
+        new RequestError({
+          code: 'user.username_already_in_use',
+          status: 422,
+        })
+      );
+    }
+
+    if (primaryEmail) {
+      assertThat(
+        !(await hasUserWithEmail(primaryEmail)),
+        new RequestError({
+          code: 'user.email_already_in_use',
+          status: 422,
+        })
+      );
+    }
+
+    if (primaryPhone) {
+      assertThat(
+        !(await hasUserWithPhone(primaryPhone)),
+        new RequestError({
+          code: 'user.phone_already_in_use',
+          status: 422,
+        })
+      );
+    }
+
+    if (socialIdentity) {
+      const {
+        target,
+        userInfo: { id },
+      } = socialIdentity;
+
+      assertThat(
+        !(await hasUserWithIdentity(target, id)),
+        new RequestError({
+          code: 'user.identity_already_in_use',
+          status: 422,
+        })
+      );
+    }
+
+    if (enterpriseSsoIdentity) {
+      const { issuer, identityId } = enterpriseSsoIdentity;
+      const userSsoIdentity = await userSsoIdentities.findUserSsoIdentityBySsoIdentityId(
+        issuer,
+        identityId
+      );
+
+      assertThat(
+        !userSsoIdentity,
+        new RequestError({
+          code: 'user.identity_already_in_use',
+          status: 422,
+        })
+      );
+    }
+
+    // TODO: Password validation
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/verifications/code-verification.ts b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
index e87aceed9e1e..e536cc4d2ffb 100644
--- a/packages/core/src/routes/experience/classes/verifications/code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
@@ -18,7 +18,7 @@ import assertThat from '#src/utils/assert-that.js';
 
 import { findUserByIdentifier } from '../utils.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import { type IdentifierVerificationRecord } from './verification-record.js';
 
 const eventToTemplateTypeMap: Record<InteractionEvent, TemplateType> = {
   SignIn: TemplateType.SignIn,
@@ -67,7 +67,9 @@ const getPasscodeIdentifierPayload = (
  *
  * To avoid the redundant naming, the `CodeVerification` is used instead of `VerificationCodeVerification`.
  */
-export class CodeVerification implements VerificationRecord<VerificationType.VerificationCode> {
+export class CodeVerification
+  implements IdentifierVerificationRecord<VerificationType.VerificationCode>
+{
   /**
    * Factory method to create a new CodeVerification record using the given identifier.
    */
@@ -164,10 +166,6 @@ export class CodeVerification implements VerificationRecord<VerificationType.Ver
     this.verified = true;
   }
 
-  /**
-   * Identify the user by the current `identifier`.
-   * Return undefined if the verification record is not verified or no user is found by the identifier.
-   */
   async identifyUser(): Promise<User> {
     assertThat(
       this.verified,
@@ -189,6 +187,17 @@ export class CodeVerification implements VerificationRecord<VerificationType.Ver
     return user;
   }
 
+  async toUserProfile(): Promise<{ primaryEmail: string } | { primaryPhone: string }> {
+    assertThat(
+      this.verified,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const { type, value } = this.identifier;
+
+    return type === 'email' ? { primaryEmail: value } : { primaryPhone: value };
+  }
+
   toJson(): CodeVerificationRecordData {
     const { id, type, identifier, interactionEvent, verified } = this;
 
diff --git a/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts b/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
index c282d76350c5..4a8db8cdaa92 100644
--- a/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
@@ -21,7 +21,9 @@ import type Queries from '#src/tenants/Queries.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import type { InteractionProfile } from '../../types.js';
+
+import { type IdentifierVerificationRecord } from './verification-record.js';
 
 /** The JSON data type for the EnterpriseSsoVerification record stored in the interaction storage */
 export type EnterpriseSsoVerificationRecordData = {
@@ -44,7 +46,7 @@ export const enterPriseSsoVerificationRecordDataGuard = z.object({
 }) satisfies ToZodObject<EnterpriseSsoVerificationRecordData>;
 
 export class EnterpriseSsoVerification
-  implements VerificationRecord<VerificationType.EnterpriseSso>
+  implements IdentifierVerificationRecord<VerificationType.EnterpriseSso>
 {
   static create(libraries: Libraries, queries: Queries, connectorId: string) {
     return new EnterpriseSsoVerification(libraries, queries, {
@@ -81,8 +83,10 @@ export class EnterpriseSsoVerification
     return Boolean(this.enterpriseSsoUserInfo && this.issuer);
   }
 
-  async getConnectorData(connectorId: string) {
-    this.connectorDataCache ||= await this.libraries.ssoConnectors.getSsoConnectorById(connectorId);
+  async getConnectorData() {
+    this.connectorDataCache ||= await this.libraries.ssoConnectors.getSsoConnectorById(
+      this.connectorId
+    );
 
     return this.connectorDataCache;
   }
@@ -104,7 +108,7 @@ export class EnterpriseSsoVerification
     tenantContext: TenantContext,
     payload: SocialAuthorizationUrlPayload
   ) {
-    const connectorData = await this.getConnectorData(this.connectorId);
+    const connectorData = await this.getConnectorData();
     return getSsoAuthorizationUrl(ctx, tenantContext, connectorData, payload);
   }
 
@@ -117,7 +121,7 @@ export class EnterpriseSsoVerification
    * See the above {@link createAuthorizationUrl} method for more details.
    */
   async verify(ctx: WithLogContext, tenantContext: TenantContext, callbackData: JsonObject) {
-    const connectorData = await this.getConnectorData(this.connectorId);
+    const connectorData = await this.getConnectorData();
     const { issuer, userInfo } = await verifySsoIdentity(
       ctx,
       tenantContext,
@@ -129,10 +133,14 @@ export class EnterpriseSsoVerification
     this.enterpriseSsoUserInfo = userInfo;
   }
 
+  /**
+   * Identify the user by the enterprise SSO identity.
+   * If the user is not found, find the related user by the enterprise SSO identity and return the related user.
+   */
   async identifyUser(): Promise<User> {
     assertThat(
       this.isVerified,
-      new RequestError({ code: 'session.verification_failed', status: 422 })
+      new RequestError({ code: 'session.verification_failed', status: 400 })
     );
 
     // TODO: sync userInfo and link sso identity
@@ -152,6 +160,49 @@ export class EnterpriseSsoVerification
     throw new RequestError({ code: 'user.identity_not_exist', status: 404 });
   }
 
+  /**
+   * Returns the use SSO identity as a new user profile.
+   */
+  async toUserProfile(): Promise<Required<Pick<InteractionProfile, 'enterpriseSsoIdentity'>>> {
+    assertThat(
+      this.enterpriseSsoUserInfo && this.issuer,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    return {
+      enterpriseSsoIdentity: {
+        issuer: this.issuer,
+        ssoConnectorId: this.connectorId,
+        identityId: this.enterpriseSsoUserInfo.id,
+        detail: this.enterpriseSsoUserInfo,
+      },
+    };
+  }
+
+  /**
+   * Returns the synced profile from the enterprise SSO identity.
+   *
+   * @param isNewUser - Whether the returned profile is for a new user. If true, the profile should contain the user's email.
+   */
+  async toSyncedProfile(
+    isNewUser = false
+  ): Promise<Pick<InteractionProfile, 'avatar' | 'name' | 'primaryEmail'>> {
+    assertThat(
+      this.enterpriseSsoUserInfo && this.issuer,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const { name, avatar, email: primaryEmail } = this.enterpriseSsoUserInfo;
+
+    if (isNewUser) {
+      return { name, avatar, primaryEmail };
+    }
+
+    const { syncProfile } = await this.getConnectorData();
+
+    return syncProfile ? { name, avatar } : {};
+  }
+
   toJson(): EnterpriseSsoVerificationRecordData {
     const { id, connectorId, type, enterpriseSsoUserInfo, issuer } = this;
 
diff --git a/packages/core/src/routes/experience/classes/verifications/password-verification.ts b/packages/core/src/routes/experience/classes/verifications/password-verification.ts
index fd9b5675124e..60d25da7ec55 100644
--- a/packages/core/src/routes/experience/classes/verifications/password-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/password-verification.ts
@@ -15,7 +15,7 @@ import assertThat from '#src/utils/assert-that.js';
 
 import { findUserByIdentifier } from '../utils.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import { type IdentifierVerificationRecord } from './verification-record.js';
 
 export type PasswordVerificationRecordData = {
   id: string;
@@ -31,7 +31,9 @@ export const passwordVerificationRecordDataGuard = z.object({
   verified: z.boolean(),
 }) satisfies ToZodObject<PasswordVerificationRecordData>;
 
-export class PasswordVerification implements VerificationRecord<VerificationType.Password> {
+export class PasswordVerification
+  implements IdentifierVerificationRecord<VerificationType.Password>
+{
   /** Factory method to create a new `PasswordVerification` record using an identifier */
   static create(libraries: Libraries, queries: Queries, identifier: InteractionIdentifier) {
     return new PasswordVerification(libraries, queries, {
@@ -89,7 +91,6 @@ export class PasswordVerification implements VerificationRecord<VerificationType
     return user;
   }
 
-  /** Identifies the user using the username */
   async identifyUser(): Promise<User> {
     assertThat(
       this.verified,
@@ -98,7 +99,15 @@ export class PasswordVerification implements VerificationRecord<VerificationType
 
     const user = await findUserByIdentifier(this.queries.users, this.identifier);
 
-    assertThat(user, new RequestError({ code: 'user.user_not_exist', status: 404 }));
+    assertThat(
+      user,
+      new RequestError(
+        { code: 'user.user_not_exist', status: 404 },
+        {
+          identifier: this.identifier.value,
+        }
+      )
+    );
 
     return user;
   }
diff --git a/packages/core/src/routes/experience/classes/verifications/social-verification.ts b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
index ef3a8c5c55ec..e20abd264898 100644
--- a/packages/core/src/routes/experience/classes/verifications/social-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
@@ -18,8 +18,11 @@ import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
+import { type LogtoConnector } from '#src/utils/connectors/types.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import type { InteractionProfile } from '../../types.js';
+
+import { type IdentifierVerificationRecord } from './verification-record.js';
 
 /** The JSON data type for the SocialVerification record stored in the interaction storage */
 export type SocialVerificationRecordData = {
@@ -39,7 +42,7 @@ export const socialVerificationRecordDataGuard = z.object({
   socialUserInfo: socialUserInfoGuard.optional(),
 }) satisfies ToZodObject<SocialVerificationRecordData>;
 
-export class SocialVerification implements VerificationRecord<VerificationType.Social> {
+export class SocialVerification implements IdentifierVerificationRecord<VerificationType.Social> {
   /**
    * Factory method to create a new SocialVerification instance
    */
@@ -56,6 +59,8 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
   public readonly connectorId: string;
   public socialUserInfo?: SocialUserInfo;
 
+  private connectorDataCache?: LogtoConnector;
+
   constructor(
     private readonly libraries: Libraries,
     private readonly queries: Queries,
@@ -130,7 +135,7 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
   async identifyUser(): Promise<User> {
     assertThat(
       this.isVerified,
-      new RequestError({ code: 'session.verification_failed', status: 422 })
+      new RequestError({ code: 'session.verification_failed', status: 400 })
     );
 
     // TODO: sync userInfo and link social identity
@@ -143,7 +148,7 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
       throw new RequestError(
         {
           code: 'user.identity_not_exist',
-          status: 422,
+          status: 404,
         },
         {
           ...(relatedUser && { relatedUser: relatedUser[0] }),
@@ -154,6 +159,53 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
     return user;
   }
 
+  /**
+   * Returns the social identity as a new user profile.
+   */
+  async toUserProfile(): Promise<Required<Pick<InteractionProfile, 'socialIdentity'>>> {
+    assertThat(
+      this.socialUserInfo,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const {
+      metadata: { target },
+    } = await this.getConnectorData();
+
+    return {
+      socialIdentity: {
+        target,
+        userInfo: this.socialUserInfo,
+      },
+    };
+  }
+
+  /**
+   * Returns the synced profile from the social identity.
+   *
+   * @param isNewUser - Whether the profile is for a new user. If set to true, the primary email will be included in the profile.
+   */
+  async toSyncedProfile(
+    isNewUser = false
+  ): Promise<Pick<InteractionProfile, 'avatar' | 'name' | 'primaryEmail'>> {
+    assertThat(
+      this.socialUserInfo,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const { name, avatar, email: primaryEmail } = this.socialUserInfo;
+
+    if (isNewUser) {
+      return { name, avatar, primaryEmail };
+    }
+
+    const {
+      dbEntry: { syncProfile },
+    } = await this.getConnectorData();
+
+    return syncProfile ? { name, avatar } : {};
+  }
+
   toJson(): SocialVerificationRecordData {
     const { id, connectorId, type, socialUserInfo } = this;
 
@@ -166,7 +218,6 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
   }
 
   private async findUserBySocialIdentity(): Promise<User | undefined> {
-    const { socials } = this.libraries;
     const {
       users: { findUserByIdentity },
     } = this.queries;
@@ -177,7 +228,7 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
 
     const {
       metadata: { target },
-    } = await socials.getConnector(this.connectorId);
+    } = await this.getConnectorData();
 
     const user = await findUserByIdentity(target, this.socialUserInfo.id);
 
@@ -198,4 +249,12 @@ export class SocialVerification implements VerificationRecord<VerificationType.S
 
     return socials.findSocialRelatedUser(this.socialUserInfo);
   }
+
+  private async getConnectorData() {
+    const { getConnector } = this.libraries.socials;
+
+    this.connectorDataCache ||= await getConnector(this.connectorId);
+
+    return this.connectorDataCache;
+  }
 }
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-record.ts b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
index 3acec90feeb4..df64bb385dd4 100644
--- a/packages/core/src/routes/experience/classes/verifications/verification-record.ts
+++ b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
@@ -1,4 +1,4 @@
-import type { VerificationType } from '@logto/schemas';
+import { type User, type VerificationType } from '@logto/schemas';
 
 type Data<T> = {
   id: string;
@@ -17,3 +17,21 @@ export abstract class VerificationRecord<
 
   abstract toJson(): Json;
 }
+
+type IdentifierVerificationType =
+  | VerificationType.VerificationCode
+  | VerificationType.Password
+  | VerificationType.Social
+  | VerificationType.EnterpriseSso;
+
+/**
+ * The abstract class for all identifier verification records.
+ *
+ * - A `identifyUser` method must be provided to identify the user associated with the verification record.
+ */
+export abstract class IdentifierVerificationRecord<
+  T extends VerificationType = IdentifierVerificationType,
+  Json extends Data<T> = Data<T>,
+> extends VerificationRecord<T, Json> {
+  abstract identifyUser(): Promise<User>;
+}
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index f020e06fada6..ec83da600bda 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -79,7 +79,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       body: z.object({
         interactionEvent: z.nativeEnum(InteractionEvent),
       }),
-      status: [204, 403],
+      status: [204, 400, 403],
     }),
     async (ctx, next) => {
       const { interactionEvent } = ctx.guard.body;
@@ -107,7 +107,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
     experienceRoutes.identification,
     koaGuard({
       body: identificationApiPayloadGuard,
-      status: [204, 400, 401, 404, 409],
+      status: [201, 204, 400, 401, 404, 409, 422],
     }),
     async (ctx, next) => {
       const { verificationId } = ctx.guard.body;
diff --git a/packages/core/src/routes/experience/types.ts b/packages/core/src/routes/experience/types.ts
index 8100dfcdf9e5..9e0bb69e89de 100644
--- a/packages/core/src/routes/experience/types.ts
+++ b/packages/core/src/routes/experience/types.ts
@@ -1,3 +1,53 @@
+import { type SocialUserInfo, socialUserInfoGuard, type ToZodObject } from '@logto/connector-kit';
+import { type CreateUser, Users, UserSsoIdentities, type UserSsoIdentity } from '@logto/schemas';
 import type Provider from 'oidc-provider';
+import { z } from 'zod';
 
 export type Interaction = Awaited<ReturnType<Provider['interactionDetails']>>;
+
+export type InteractionProfile = {
+  socialIdentity?: {
+    target: string;
+    userInfo: SocialUserInfo;
+  };
+  enterpriseSsoIdentity?: Pick<
+    UserSsoIdentity,
+    'identityId' | 'ssoConnectorId' | 'issuer' | 'detail'
+  >;
+} & Pick<
+  CreateUser,
+  | 'avatar'
+  | 'name'
+  | 'username'
+  | 'primaryEmail'
+  | 'primaryPhone'
+  | 'passwordEncrypted'
+  | 'passwordEncryptionMethod'
+>;
+
+export const interactionProfileGuard = Users.createGuard
+  .pick({
+    avatar: true,
+    name: true,
+    username: true,
+    primaryEmail: true,
+    primaryPhone: true,
+    passwordEncrypted: true,
+    passwordEncryptionMethod: true,
+  })
+  .extend({
+    socialIdentity: z
+      .object({
+        target: z.string(),
+        userInfo: socialUserInfoGuard,
+      })
+      .optional(),
+    enterpriseSsoIdentity: UserSsoIdentities.guard
+      .pick({
+        identityId: true,
+        ssoConnectorId: true,
+        issuer: true,
+        detail: true,
+      })
+      .optional(),
+  }) satisfies ToZodObject<InteractionProfile>;

From ce3a62bc7aed866cced38c37c416e91d4b59c505 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Tue, 16 Jul 2024 00:06:09 +0800
Subject: [PATCH 021/135] feat(core,schemas): add post custom ui assets api
 (#6118)

* feat(core,schemas): add post custom ui assets api
---
 packages/core/package.json                    |   2 +
 .../core/src/__mocks__/sign-in-experience.ts  |   2 +-
 .../src/queries/sign-in-experience.test.ts    |   3 +-
 packages/core/src/routes-me/user-assets.ts    |   2 +-
 .../custom-ui-assets/index.openapi.json       |  42 +++++
 .../custom-ui-assets/index.test.ts            | 133 +++++++++++++
 .../custom-ui-assets/index.ts                 | 115 ++++++++++++
 .../src/routes/sign-in-experience/index.ts    |   7 +-
 packages/core/src/routes/swagger/index.ts     |   1 +
 .../src/routes/swagger/utils/operation-id.ts  |   2 +
 packages/core/src/routes/user-assets.ts       |   2 +-
 packages/core/src/tenants/SystemContext.ts    |  16 ++
 packages/core/src/utils/file.test.ts          |  16 ++
 packages/core/src/utils/file.ts               |  17 ++
 .../core/src/utils/storage/azure-storage.ts   |  23 ++-
 packages/core/src/utils/storage/consts.ts     |   8 -
 packages/experience/src/__mocks__/logto.tsx   |   4 +-
 ...next-1720505152-update-custom-ui-assets.ts |  20 ++
 .../jsonb-types/sign-in-experience.ts         |   7 +
 .../schemas/src/seeds/sign-in-experience.ts   |   2 +-
 packages/schemas/src/types/system.ts          |   6 +
 packages/schemas/src/types/user-assets.ts     |   7 +
 .../schemas/tables/sign_in_experiences.sql    |   2 +-
 pnpm-lock.yaml                                | 177 ++++++++++++------
 24 files changed, 542 insertions(+), 74 deletions(-)
 create mode 100644 packages/core/src/routes/sign-in-experience/custom-ui-assets/index.openapi.json
 create mode 100644 packages/core/src/routes/sign-in-experience/custom-ui-assets/index.test.ts
 create mode 100644 packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
 create mode 100644 packages/core/src/utils/file.test.ts
 create mode 100644 packages/core/src/utils/file.ts
 delete mode 100644 packages/core/src/utils/storage/consts.ts
 create mode 100644 packages/schemas/alterations/next-1720505152-update-custom-ui-assets.ts

diff --git a/packages/core/package.json b/packages/core/package.json
index e6eecbcd404e..70dc802a874d 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -96,6 +96,7 @@
     "@logto/cloud": "0.2.5-3046fa6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
+    "@types/adm-zip": "^0.5.5",
     "@types/debug": "^4.1.7",
     "@types/etag": "^1.8.1",
     "@types/jest": "^29.4.0",
@@ -113,6 +114,7 @@
     "@types/semver": "^7.3.12",
     "@types/sinon": "^17.0.0",
     "@types/supertest": "^6.0.2",
+    "adm-zip": "^0.5.14",
     "eslint": "^8.56.0",
     "jest": "^29.7.0",
     "jest-matcher-specific-error": "^1.0.0",
diff --git a/packages/core/src/__mocks__/sign-in-experience.ts b/packages/core/src/__mocks__/sign-in-experience.ts
index 37cbff29ae87..f76cf869f538 100644
--- a/packages/core/src/__mocks__/sign-in-experience.ts
+++ b/packages/core/src/__mocks__/sign-in-experience.ts
@@ -92,7 +92,7 @@ export const mockSignInExperience: SignInExperience = {
   customCss: null,
   customContent: {},
   agreeToTermsPolicy: AgreeToTermsPolicy.Automatic,
-  customUiAssetId: null,
+  customUiAssets: null,
   passwordPolicy: {},
   mfa: {
     policy: MfaPolicy.UserControlled,
diff --git a/packages/core/src/queries/sign-in-experience.test.ts b/packages/core/src/queries/sign-in-experience.test.ts
index f9e5c9daaf96..7bfca4aed888 100644
--- a/packages/core/src/queries/sign-in-experience.test.ts
+++ b/packages/core/src/queries/sign-in-experience.test.ts
@@ -32,6 +32,7 @@ describe('sign-in-experience query', () => {
     signUp: JSON.stringify(mockSignInExperience.signUp),
     socialSignInConnectorTargets: JSON.stringify(mockSignInExperience.socialSignInConnectorTargets),
     customContent: JSON.stringify(mockSignInExperience.customContent),
+    customUiAssets: JSON.stringify(mockSignInExperience.customUiAssets),
     passwordPolicy: JSON.stringify(mockSignInExperience.passwordPolicy),
     mfa: JSON.stringify(mockSignInExperience.mfa),
     socialSignIn: JSON.stringify(mockSignInExperience.socialSignIn),
@@ -40,7 +41,7 @@ describe('sign-in-experience query', () => {
   it('findDefaultSignInExperience', async () => {
     /* eslint-disable sql/no-unsafe-query */
     const expectSql = `
-      select "tenant_id", "id", "color", "branding", "language_info", "terms_of_use_url", "privacy_policy_url", "agree_to_terms_policy", "sign_in", "sign_up", "social_sign_in", "social_sign_in_connector_targets", "sign_in_mode", "custom_css", "custom_content", "custom_ui_asset_id", "password_policy", "mfa", "single_sign_on_enabled"
+      select "tenant_id", "id", "color", "branding", "language_info", "terms_of_use_url", "privacy_policy_url", "agree_to_terms_policy", "sign_in", "sign_up", "social_sign_in", "social_sign_in_connector_targets", "sign_in_mode", "custom_css", "custom_content", "custom_ui_assets", "password_policy", "mfa", "single_sign_on_enabled"
       from "sign_in_experiences"
       where "id"=$1
     `;
diff --git a/packages/core/src/routes-me/user-assets.ts b/packages/core/src/routes-me/user-assets.ts
index f80333774d9d..a667a26c5d87 100644
--- a/packages/core/src/routes-me/user-assets.ts
+++ b/packages/core/src/routes-me/user-assets.ts
@@ -8,6 +8,7 @@ import {
   type UserAssets,
   userAssetsGuard,
   adminTenantId,
+  uploadFileGuard,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { format } from 'date-fns';
@@ -18,7 +19,6 @@ import koaGuard from '#src/middleware/koa-guard.js';
 import type { RouterInitArgs } from '#src/routes/types.js';
 import SystemContext from '#src/tenants/SystemContext.js';
 import assertThat from '#src/utils/assert-that.js';
-import { uploadFileGuard } from '#src/utils/storage/consts.js';
 import { buildUploadFile } from '#src/utils/storage/index.js';
 
 import type { AuthedMeRouter } from './types.js';
diff --git a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.openapi.json b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.openapi.json
new file mode 100644
index 000000000000..33c74c99de57
--- /dev/null
+++ b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.openapi.json
@@ -0,0 +1,42 @@
+{
+  "tags": [
+    {
+      "name": "Custom UI assets",
+      "description": "Endpoints for uploading custom UI assets for the sign-in experience. Users can upload a zip file containing custom HTML, CSS, and JavaScript files to replace and fully customize the sign-in experience."
+    },
+    { "name": "Cloud only" },
+    { "name": "Dev feature" }
+  ],
+  "paths": {
+    "/api/sign-in-exp/default/custom-ui-assets": {
+      "post": {
+        "summary": "Upload custom UI assets",
+        "description": "Upload a zip file containing custom web assets such as HTML, CSS, and JavaScript files, then replace the default sign-in experience with the custom UI assets.",
+        "requestBody": {
+          "content": {
+            "multipart/form-data": {
+              "schema": {
+                "properties": {
+                  "file": {
+                    "description": "The zip file containing custom web assets such as HTML, CSS, and JavaScript files."
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "An JSON object containing the custom UI assets ID."
+          },
+          "400": {
+            "description": "Bad request. The request body is invalid."
+          },
+          "500": {
+            "description": "Failed to unzip or upload the custom UI assets to storage provider."
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.test.ts b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.test.ts
new file mode 100644
index 000000000000..ea25f642f8a9
--- /dev/null
+++ b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.test.ts
@@ -0,0 +1,133 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { Readable } from 'node:stream';
+import { fileURLToPath } from 'node:url';
+
+import { StorageProvider } from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { createMockUtils, pickDefault } from '@logto/shared/esm';
+import AdmZip from 'adm-zip';
+import pRetry from 'p-retry';
+import { type Response } from 'supertest';
+
+import SystemContext from '#src/tenants/SystemContext.js';
+import { MockTenant } from '#src/test-utils/tenant.js';
+import { createRequester } from '#src/utils/test-utils.js';
+
+const { jest } = import.meta;
+const { mockEsmWithActual } = createMockUtils(jest);
+
+const experienceZipsProviderConfig = {
+  provider: StorageProvider.AzureStorage,
+  connectionString: 'connectionString',
+  container: 'container',
+} satisfies {
+  provider: StorageProvider.AzureStorage;
+  connectionString: string;
+  container: string;
+};
+
+// eslint-disable-next-line @silverhand/fp/no-mutation
+SystemContext.shared.experienceZipsProviderConfig = experienceZipsProviderConfig;
+
+const mockedIsFileExisted = jest.fn(async (filename: string) => false);
+const mockedDownloadFile = jest.fn();
+
+await mockEsmWithActual('#src/utils/storage/azure-storage.js', () => ({
+  buildAzureStorage: () => ({
+    uploadFile: jest.fn(async () => 'https://fake.url'),
+    downloadFile: mockedDownloadFile,
+    isFileExisted: mockedIsFileExisted,
+  }),
+}));
+
+await mockEsmWithActual('#src/utils/tenant.js', () => ({
+  getTenantId: jest.fn().mockResolvedValue(['default']),
+}));
+
+await mockEsmWithActual('p-retry', () => ({
+  // Stub pRetry by overriding the default "exponential backoff",
+  // in order to make the test run faster.
+  default: async (input: <T>(retries: number) => T | PromiseLike<T>) =>
+    pRetry(input, { factor: 0 }),
+}));
+
+const mockedGenerateStandardId = jest.fn(generateStandardId);
+
+await mockEsmWithActual('@logto/shared', () => ({
+  generateStandardId: mockedGenerateStandardId,
+}));
+
+const tenantContext = new MockTenant();
+
+const signInExperiencesRoutes = await pickDefault(import('./index.js'));
+const signInExperienceRequester = createRequester({
+  authedRoutes: signInExperiencesRoutes,
+  tenantContext,
+});
+
+const currentPath = path.dirname(fileURLToPath(import.meta.url));
+const testFilesPath = path.join(currentPath, 'test-files');
+const pathToZip = path.join(testFilesPath, 'assets.zip');
+
+const uploadCustomUiAssets = async (filePath: string): Promise<Response> => {
+  const response = await signInExperienceRequester
+    .post('/sign-in-exp/default/custom-ui-assets')
+    .field('name', 'file')
+    .attach('file', filePath);
+
+  return response;
+};
+
+describe('POST /sign-in-exp/default/custom-ui-assets', () => {
+  beforeAll(async () => {
+    await fs.mkdir(testFilesPath);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  afterAll(async () => {
+    void fs.rm(testFilesPath, { force: true, recursive: true });
+  });
+
+  it('should fail if upload file is not a zip', async () => {
+    const pathToTxt = path.join(testFilesPath, 'foo.txt');
+    await fs.writeFile(pathToTxt, 'foo');
+    const response = await uploadCustomUiAssets(pathToTxt);
+
+    expect(response.status).toBe(400);
+  });
+
+  it('should upload custom ui assets', async () => {
+    mockedGenerateStandardId.mockReturnValue('custom-ui-asset-id');
+    const zip = new AdmZip();
+    zip.addFile('index.html', Buffer.from('<html></html>'));
+    await zip.writeZipPromise(pathToZip);
+    const response = await uploadCustomUiAssets(pathToZip);
+
+    expect(response.status).toBe(200);
+    expect(response.body.customUiAssetId).toBe('custom-ui-asset-id');
+  });
+
+  it('should fail if the error.log file exists', async () => {
+    mockedIsFileExisted.mockImplementation(async (filename: string) =>
+      filename.endsWith('error.log')
+    );
+    mockedDownloadFile.mockImplementation(async () => ({
+      readableStreamBody: Readable.from('Failed to unzip files!'),
+    }));
+    const response = await uploadCustomUiAssets(pathToZip);
+    expect(response.status).toBe(500);
+    expect(response.text).toBe('Failed to upload file to the storage provider.');
+  });
+
+  it('should fail if the upload zip always persists (unzipping azure function does not trigger)', async () => {
+    mockedIsFileExisted.mockImplementation(async (filename) => filename.endsWith('assets.zip'));
+    const response = await uploadCustomUiAssets(pathToZip);
+    expect(response.status).toBe(500);
+    expect(response.text).toBe('Failed to upload file to the storage provider.');
+    expect(mockedIsFileExisted).toHaveBeenCalledTimes(10);
+  });
+});
diff --git a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
new file mode 100644
index 000000000000..16b7eca331ed
--- /dev/null
+++ b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
@@ -0,0 +1,115 @@
+import { readFile } from 'node:fs/promises';
+
+import { uploadFileGuard, maxUploadFileSize } from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import pRetry, { AbortError } from 'p-retry';
+import { object, z } from 'zod';
+
+import { EnvSet } from '#src/env-set/index.js';
+import RequestError from '#src/errors/RequestError/index.js';
+import koaGuard from '#src/middleware/koa-guard.js';
+import SystemContext from '#src/tenants/SystemContext.js';
+import assertThat from '#src/utils/assert-that.js';
+import { getConsoleLogFromContext } from '#src/utils/console.js';
+import { streamToString } from '#src/utils/file.js';
+import { buildAzureStorage } from '#src/utils/storage/azure-storage.js';
+import { getTenantId } from '#src/utils/tenant.js';
+
+import { type ManagementApiRouter, type RouterInitArgs } from '../../types.js';
+
+const maxRetryCount = 5;
+
+export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
+  ...[router]: RouterInitArgs<T>
+) {
+  // TODO: Remove
+  if (!EnvSet.values.isDevFeaturesEnabled) {
+    return;
+  }
+
+  router.post(
+    '/sign-in-exp/default/custom-ui-assets',
+    koaGuard({
+      files: object({
+        file: uploadFileGuard.array().min(1).max(1),
+      }),
+      response: z.object({
+        customUiAssetId: z.string(),
+      }),
+      status: [200, 400, 500],
+    }),
+    async (ctx, next) => {
+      const { file: bodyFiles } = ctx.guard.files;
+      const file = bodyFiles[0];
+
+      assertThat(file, 'guard.invalid_input');
+      assertThat(file.size <= maxUploadFileSize, 'guard.file_size_exceeded');
+      assertThat(file.mimetype === 'application/zip', 'guard.mime_type_not_allowed');
+
+      const { experienceZipsProviderConfig } = SystemContext.shared;
+      assertThat(
+        experienceZipsProviderConfig?.provider === 'AzureStorage',
+        'storage.not_configured'
+      );
+      const { connectionString, container } = experienceZipsProviderConfig;
+
+      const { uploadFile, downloadFile, isFileExisted } = buildAzureStorage(
+        connectionString,
+        container
+      );
+
+      const [tenantId] = await getTenantId(ctx.URL);
+      assertThat(tenantId, 'guard.can_not_get_tenant_id');
+
+      const customUiAssetId = generateStandardId(8);
+      const objectKey = `${tenantId}/${customUiAssetId}/assets.zip`;
+      const errorLogObjectKey = `${tenantId}/${customUiAssetId}/error.log`;
+
+      try {
+        // Upload the zip file to `experience-zips` container, in which a blob trigger is configured,
+        // and an azure function will be executed automatically to unzip the file on blob received.
+        // If the unzipping process succeeds, the zip file will be removed and assets will be stored in
+        // `experience-blobs` container. If it fails, the error message will be written to `error.log` file.
+        await uploadFile(await readFile(file.filepath), objectKey, {
+          contentType: file.mimetype,
+        });
+
+        const hasUnzipCompleted = async (retryTimes: number) => {
+          if (retryTimes > maxRetryCount) {
+            throw new AbortError('Unzip timeout. Max retry count reached.');
+          }
+          const [hasZip, hasError] = await Promise.all([
+            isFileExisted(objectKey),
+            isFileExisted(errorLogObjectKey),
+          ]);
+          if (hasZip) {
+            throw new Error('Unzip in progress...');
+          }
+          if (hasError) {
+            const errorLogBlob = await downloadFile(errorLogObjectKey);
+            const errorLog = await streamToString(errorLogBlob.readableStreamBody);
+            throw new AbortError(errorLog || 'Unzipping failed.');
+          }
+        };
+
+        await pRetry(hasUnzipCompleted, {
+          retries: maxRetryCount,
+        });
+      } catch (error: unknown) {
+        getConsoleLogFromContext(ctx).error(error);
+        throw new RequestError(
+          {
+            code: 'storage.upload_error',
+            status: 500,
+          },
+          {
+            details: error instanceof Error ? error.message : String(error),
+          }
+        );
+      }
+
+      ctx.body = { customUiAssetId };
+      return next();
+    }
+  );
+}
diff --git a/packages/core/src/routes/sign-in-experience/index.ts b/packages/core/src/routes/sign-in-experience/index.ts
index 3ccc2ceefbb1..9700158cdccc 100644
--- a/packages/core/src/routes/sign-in-experience/index.ts
+++ b/packages/core/src/routes/sign-in-experience/index.ts
@@ -8,9 +8,12 @@ import koaGuard from '#src/middleware/koa-guard.js';
 
 import type { ManagementApiRouter, RouterInitArgs } from '../types.js';
 
+import customUiAssetsRoutes from './custom-ui-assets/index.js';
+
 export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
-  ...[router, { queries, libraries, connectors }]: RouterInitArgs<T>
+  ...args: RouterInitArgs<T>
 ) {
+  const [router, { queries, libraries, connectors }] = args;
   const { findDefaultSignInExperience, updateDefaultSignInExperience } = queries.signInExperiences;
   const { deleteConnectorById } = queries.connectors;
   const {
@@ -118,4 +121,6 @@ export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
       return next();
     }
   );
+
+  customUiAssetsRoutes(...args);
 }
diff --git a/packages/core/src/routes/swagger/index.ts b/packages/core/src/routes/swagger/index.ts
index 9973d7430c3a..f79d26a02c71 100644
--- a/packages/core/src/routes/swagger/index.ts
+++ b/packages/core/src/routes/swagger/index.ts
@@ -156,6 +156,7 @@ const additionalTags = Object.freeze(
   condArray<string>(
     'Organization applications',
     EnvSet.values.isDevFeaturesEnabled && 'Subject tokens',
+    EnvSet.values.isDevFeaturesEnabled && 'Custom UI assets',
     'Organization users'
   )
 );
diff --git a/packages/core/src/routes/swagger/utils/operation-id.ts b/packages/core/src/routes/swagger/utils/operation-id.ts
index b65795657b79..b0702fdee700 100644
--- a/packages/core/src/routes/swagger/utils/operation-id.ts
+++ b/packages/core/src/routes/swagger/utils/operation-id.ts
@@ -27,6 +27,8 @@ type RouteDictionary = Record<`${OpenAPIV3.HttpMethods} ${string}`, string>;
 const devFeatureCustomRoutes: RouteDictionary = Object.freeze({
   // Subject tokens
   'post /subject-tokens': 'CreateSubjectToken',
+  // Custom UI assets
+  'post /sign-in-exp/default/custom-ui-assets': 'UploadCustomUiAssets',
 });
 
 export const customRoutes: Readonly<RouteDictionary> = Object.freeze({
diff --git a/packages/core/src/routes/user-assets.ts b/packages/core/src/routes/user-assets.ts
index cf1f7e637fd5..2867b0ad4330 100644
--- a/packages/core/src/routes/user-assets.ts
+++ b/packages/core/src/routes/user-assets.ts
@@ -6,6 +6,7 @@ import {
   userAssetsServiceStatusGuard,
   allowUploadMimeTypes,
   maxUploadFileSize,
+  uploadFileGuard,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { format } from 'date-fns';
@@ -16,7 +17,6 @@ import koaGuard from '#src/middleware/koa-guard.js';
 import SystemContext from '#src/tenants/SystemContext.js';
 import assertThat from '#src/utils/assert-that.js';
 import { getConsoleLogFromContext } from '#src/utils/console.js';
-import { uploadFileGuard } from '#src/utils/storage/consts.js';
 import { buildUploadFile } from '#src/utils/storage/index.js';
 import { getTenantId } from '#src/utils/tenant.js';
 
diff --git a/packages/core/src/tenants/SystemContext.ts b/packages/core/src/tenants/SystemContext.ts
index 49bd393ca135..ed5bb17cd360 100644
--- a/packages/core/src/tenants/SystemContext.ts
+++ b/packages/core/src/tenants/SystemContext.ts
@@ -18,6 +18,8 @@ import { devConsole } from '#src/utils/console.js';
 export default class SystemContext {
   static shared = new SystemContext();
   public storageProviderConfig?: StorageProviderData;
+  public experienceBlobsProviderConfig?: StorageProviderData;
+  public experienceZipsProviderConfig?: StorageProviderData;
   public hostnameProviderConfig?: HostnameProviderData;
   public protectedAppConfigProviderConfig?: ProtectedAppConfigProviderData;
   public protectedAppHostnameProviderConfig?: HostnameProviderData;
@@ -31,6 +33,20 @@ export default class SystemContext {
           storageProviderDataGuard
         );
       })(),
+      (async () => {
+        this.experienceBlobsProviderConfig = await this.loadConfig(
+          pool,
+          StorageProviderKey.ExperienceBlobsProvider,
+          storageProviderDataGuard
+        );
+      })(),
+      (async () => {
+        this.experienceZipsProviderConfig = await this.loadConfig(
+          pool,
+          StorageProviderKey.ExperienceZipsProvider,
+          storageProviderDataGuard
+        );
+      })(),
       (async () => {
         this.hostnameProviderConfig = await this.loadConfig(
           pool,
diff --git a/packages/core/src/utils/file.test.ts b/packages/core/src/utils/file.test.ts
new file mode 100644
index 000000000000..8057a634c6d1
--- /dev/null
+++ b/packages/core/src/utils/file.test.ts
@@ -0,0 +1,16 @@
+import { Readable } from 'node:stream';
+
+import { streamToString } from './file.js';
+
+describe('streamToString()', () => {
+  it('should return an empty string if the stream is empty', async () => {
+    const result = await streamToString();
+    expect(result).toBe('');
+  });
+
+  it('should return the stream content as a string', async () => {
+    const stream = Readable.from(['Hello', ' ', 'world', '!']);
+    const result = await streamToString(stream);
+    expect(result).toBe('Hello world!');
+  });
+});
diff --git a/packages/core/src/utils/file.ts b/packages/core/src/utils/file.ts
new file mode 100644
index 000000000000..10a39584a160
--- /dev/null
+++ b/packages/core/src/utils/file.ts
@@ -0,0 +1,17 @@
+/**
+ * Read a Readable stream to a string
+ * @param stream - The Readable stream to read from
+ * @returns A promise that resolves to a string containing the stream's data
+ */
+export async function streamToString(stream?: NodeJS.ReadableStream): Promise<string> {
+  if (!stream) {
+    return '';
+  }
+  const chunks: Uint8Array[] = [];
+  for await (const chunk of stream) {
+    // eslint-disable-next-line @silverhand/fp/no-mutating-methods
+    chunks.push(typeof chunk === 'string' ? Buffer.from(chunk) : chunk);
+  }
+  const buffer = Buffer.concat(chunks);
+  return buffer.toString('utf8');
+}
diff --git a/packages/core/src/utils/storage/azure-storage.ts b/packages/core/src/utils/storage/azure-storage.ts
index 8c763412d94c..ed03f26efa12 100644
--- a/packages/core/src/utils/storage/azure-storage.ts
+++ b/packages/core/src/utils/storage/azure-storage.ts
@@ -1,10 +1,17 @@
-import { BlobServiceClient } from '@azure/storage-blob';
+import { type BlobDownloadResponseParsed, BlobServiceClient } from '@azure/storage-blob';
 
 import type { UploadFile } from './types.js';
 
 const defaultPublicDomain = 'blob.core.windows.net';
 
-export const buildAzureStorage = (connectionString: string, container: string) => {
+export const buildAzureStorage = (
+  connectionString: string,
+  container: string
+): {
+  uploadFile: UploadFile;
+  downloadFile: (objectKey: string) => Promise<BlobDownloadResponseParsed>;
+  isFileExisted: (objectKey: string) => Promise<boolean>;
+} => {
   const blobServiceClient = BlobServiceClient.fromConnectionString(connectionString);
   const containerClient = blobServiceClient.getContainerClient(container);
 
@@ -24,5 +31,15 @@ export const buildAzureStorage = (connectionString: string, container: string) =
     };
   };
 
-  return { uploadFile };
+  const downloadFile = async (objectKey: string) => {
+    const blockBlobClient = containerClient.getBlockBlobClient(objectKey);
+    return blockBlobClient.download();
+  };
+
+  const isFileExisted = async (objectKey: string) => {
+    const blockBlobClient = containerClient.getBlockBlobClient(objectKey);
+    return blockBlobClient.exists();
+  };
+
+  return { uploadFile, downloadFile, isFileExisted };
 };
diff --git a/packages/core/src/utils/storage/consts.ts b/packages/core/src/utils/storage/consts.ts
deleted file mode 100644
index 8e2b44fff8de..000000000000
--- a/packages/core/src/utils/storage/consts.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import { number, object, string } from 'zod';
-
-export const uploadFileGuard = object({
-  filepath: string(),
-  mimetype: string(),
-  originalFilename: string(),
-  size: number(),
-});
diff --git a/packages/experience/src/__mocks__/logto.tsx b/packages/experience/src/__mocks__/logto.tsx
index 58219f6e6501..d7138716ef6c 100644
--- a/packages/experience/src/__mocks__/logto.tsx
+++ b/packages/experience/src/__mocks__/logto.tsx
@@ -106,7 +106,7 @@ export const mockSignInExperience: SignInExperience = {
   customCss: null,
   customContent: {},
   agreeToTermsPolicy: AgreeToTermsPolicy.ManualRegistrationOnly,
-  customUiAssetId: null,
+  customUiAssets: null,
   passwordPolicy: {},
   mfa: {
     policy: MfaPolicy.UserControlled,
@@ -140,7 +140,7 @@ export const mockSignInExperienceSettings: SignInExperienceResponse = {
   customCss: null,
   customContent: {},
   agreeToTermsPolicy: mockSignInExperience.agreeToTermsPolicy,
-  customUiAssetId: null,
+  customUiAssets: null,
   passwordPolicy: {},
   mfa: {
     policy: MfaPolicy.UserControlled,
diff --git a/packages/schemas/alterations/next-1720505152-update-custom-ui-assets.ts b/packages/schemas/alterations/next-1720505152-update-custom-ui-assets.ts
new file mode 100644
index 000000000000..03f95d168de9
--- /dev/null
+++ b/packages/schemas/alterations/next-1720505152-update-custom-ui-assets.ts
@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences drop column custom_ui_asset_id;
+      alter table sign_in_experiences add column custom_ui_assets jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences add column custom_ui_asset_id varchar(21);
+      alter table sign_in_experiences drop column custom_ui_assets;
+    `);
+  },
+};
+
+export default alteration;
diff --git a/packages/schemas/src/foundations/jsonb-types/sign-in-experience.ts b/packages/schemas/src/foundations/jsonb-types/sign-in-experience.ts
index 56f365003ac9..1bd2897d2c72 100644
--- a/packages/schemas/src/foundations/jsonb-types/sign-in-experience.ts
+++ b/packages/schemas/src/foundations/jsonb-types/sign-in-experience.ts
@@ -109,3 +109,10 @@ export const mfaGuard = z.object({
 });
 
 export type Mfa = z.infer<typeof mfaGuard>;
+
+export const customUiAssetsGuard = z.object({
+  id: z.string(),
+  createdAt: z.number(),
+});
+
+export type CustomUiAssets = z.infer<typeof customUiAssetsGuard>;
diff --git a/packages/schemas/src/seeds/sign-in-experience.ts b/packages/schemas/src/seeds/sign-in-experience.ts
index 866fe317b2f3..3a0a5ffc3df4 100644
--- a/packages/schemas/src/seeds/sign-in-experience.ts
+++ b/packages/schemas/src/seeds/sign-in-experience.ts
@@ -49,7 +49,7 @@ export const createDefaultSignInExperience = (
     signInMode: SignInMode.SignInAndRegister,
     customCss: null,
     customContent: {},
-    customUiAssetId: null,
+    customUiAssets: null,
     passwordPolicy: {},
     mfa: {
       factors: [],
diff --git a/packages/schemas/src/types/system.ts b/packages/schemas/src/types/system.ts
index 5813caffdb6f..bf01b0bc1da7 100644
--- a/packages/schemas/src/types/system.ts
+++ b/packages/schemas/src/types/system.ts
@@ -61,16 +61,22 @@ export type StorageProviderData = z.infer<typeof storageProviderDataGuard>;
 
 export enum StorageProviderKey {
   StorageProvider = 'storageProvider',
+  ExperienceBlobsProvider = 'experienceBlobsProvider',
+  ExperienceZipsProvider = 'experienceZipsProvider',
 }
 
 export type StorageProviderType = {
   [StorageProviderKey.StorageProvider]: StorageProviderData;
+  [StorageProviderKey.ExperienceBlobsProvider]: StorageProviderData;
+  [StorageProviderKey.ExperienceZipsProvider]: StorageProviderData;
 };
 
 export const storageProviderGuard: Readonly<{
   [key in StorageProviderKey]: ZodType<StorageProviderType[key]>;
 }> = Object.freeze({
   [StorageProviderKey.StorageProvider]: storageProviderDataGuard,
+  [StorageProviderKey.ExperienceBlobsProvider]: storageProviderDataGuard,
+  [StorageProviderKey.ExperienceZipsProvider]: storageProviderDataGuard,
 });
 
 // Email service provider
diff --git a/packages/schemas/src/types/user-assets.ts b/packages/schemas/src/types/user-assets.ts
index d6e2d4312c9a..99e92bc8fb46 100644
--- a/packages/schemas/src/types/user-assets.ts
+++ b/packages/schemas/src/types/user-assets.ts
@@ -32,3 +32,10 @@ export const userAssetsGuard = z.object({
 });
 
 export type UserAssets = z.infer<typeof userAssetsGuard>;
+
+export const uploadFileGuard = z.object({
+  filepath: z.string(),
+  mimetype: z.string(),
+  originalFilename: z.string(),
+  size: z.number(),
+});
diff --git a/packages/schemas/tables/sign_in_experiences.sql b/packages/schemas/tables/sign_in_experiences.sql
index b9f078103608..8e34aafd4043 100644
--- a/packages/schemas/tables/sign_in_experiences.sql
+++ b/packages/schemas/tables/sign_in_experiences.sql
@@ -19,7 +19,7 @@ create table sign_in_experiences (
   sign_in_mode sign_in_mode not null default 'SignInAndRegister',
   custom_css text,
   custom_content jsonb /* @use CustomContent */ not null default '{}'::jsonb,
-  custom_ui_asset_id varchar(21),
+  custom_ui_assets jsonb /* @use CustomUiAssets */,
   password_policy jsonb /* @use PartialPasswordPolicy */ not null default '{}'::jsonb,
   mfa jsonb /* @use Mfa */ not null default '{}'::jsonb,
   single_sign_on_enabled boolean not null default false,
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 43088bf0a603..591ce09c7819 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3365,6 +3365,9 @@ importers:
       '@silverhand/ts-config':
         specifier: 6.0.0
         version: 6.0.0(typescript@5.3.3)
+      '@types/adm-zip':
+        specifier: ^0.5.5
+        version: 0.5.5
       '@types/debug':
         specifier: ^4.1.7
         version: 4.1.7
@@ -3416,12 +3419,15 @@ importers:
       '@types/supertest':
         specifier: ^6.0.2
         version: 6.0.2
+      adm-zip:
+        specifier: ^0.5.14
+        version: 0.5.14
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)
+        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -3676,7 +3682,7 @@ importers:
         version: 3.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.12.7)
+        version: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       jest-environment-jsdom:
         specifier: ^29.7.0
         version: 29.7.0
@@ -3685,7 +3691,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)))(react@18.2.0)
       js-base64:
         specifier: ^3.7.5
         version: 3.7.5
@@ -3824,7 +3830,7 @@ importers:
         version: 10.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)
+        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -6403,6 +6409,9 @@ packages:
   '@types/acorn@4.0.6':
     resolution: {integrity: sha512-veQTnWP+1D/xbxVrPC3zHnCZRjSrKfhbMUlEA43iMZLu7EsnTtkJklIuwrCPbOi8YkvDQAiW05VQQFvvz9oieQ==}
 
+  '@types/adm-zip@0.5.5':
+    resolution: {integrity: sha512-YCGstVMjc4LTY5uK9/obvxBya93axZOVOyf2GSUulADzmLhYE45u2nAssCs/fWBs1Ifq5Vat75JTPwd5XZoPJw==}
+
   '@types/aria-query@5.0.1':
     resolution: {integrity: sha512-XTIieEY+gvJ39ChLcB4If5zHtPxt3Syj5rgZR+e1ctpmK8NjPf0zFqsz4JpLJT0xla9GFDKjy8Cpu331nrmE1Q==}
 
@@ -6874,6 +6883,10 @@ packages:
     engines: {node: '>=0.4.0'}
     hasBin: true
 
+  adm-zip@0.5.14:
+    resolution: {integrity: sha512-DnyqqifT4Jrcvb8USYjp6FHtBpEIz1mnXu6pTRHZ0RL69LbQYiO+0lDFg5+OKA7U29oWSs3a/i8fhn8ZcceIWg==}
+    engines: {node: '>=12.0'}
+
   agent-base@6.0.2:
     resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==}
     engines: {node: '>= 6.0.0'}
@@ -14581,6 +14594,41 @@ snapshots:
       - supports-color
       - ts-node
 
+  '@jest/core@29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))':
+    dependencies:
+      '@jest/console': 29.7.0
+      '@jest/reporters': 29.7.0
+      '@jest/test-result': 29.7.0
+      '@jest/transform': 29.7.0
+      '@jest/types': 29.6.3
+      '@types/node': 20.12.7
+      ansi-escapes: 4.3.2
+      chalk: 4.1.2
+      ci-info: 3.8.0
+      exit: 0.1.2
+      graceful-fs: 4.2.11
+      jest-changed-files: 29.7.0
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-haste-map: 29.7.0
+      jest-message-util: 29.7.0
+      jest-regex-util: 29.6.3
+      jest-resolve: 29.7.0
+      jest-resolve-dependencies: 29.7.0
+      jest-runner: 29.7.0
+      jest-runtime: 29.7.0
+      jest-snapshot: 29.7.0
+      jest-util: 29.7.0
+      jest-validate: 29.7.0
+      jest-watcher: 29.7.0
+      micromatch: 4.0.5
+      pretty-format: 29.7.0
+      slash: 3.0.0
+      strip-ansi: 6.0.1
+    transitivePeerDependencies:
+      - babel-plugin-macros
+      - supports-color
+      - ts-node
+
   '@jest/create-cache-key-function@27.5.1':
     dependencies:
       '@jest/types': 27.5.1
@@ -15902,10 +15950,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -16518,6 +16566,10 @@ snapshots:
     dependencies:
       '@types/estree': 1.0.5
 
+  '@types/adm-zip@0.5.5':
+    dependencies:
+      '@types/node': 20.12.7
+
   '@types/aria-query@5.0.1': {}
 
   '@types/babel__core@7.1.19':
@@ -17149,6 +17201,8 @@ snapshots:
 
   acorn@8.11.3: {}
 
+  adm-zip@0.5.14: {}
+
   agent-base@6.0.2:
     dependencies:
       debug: 4.3.4
@@ -17913,13 +17967,13 @@ snapshots:
     dependencies:
       lodash.get: 4.4.2
 
-  create-jest@29.7.0(@types/node@20.10.4):
+  create-jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
     dependencies:
       '@jest/types': 29.6.3
       chalk: 4.1.2
       exit: 0.1.2
       graceful-fs: 4.2.11
-      jest-config: 29.7.0(@types/node@20.10.4)
+      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       jest-util: 29.7.0
       prompts: 2.4.2
     transitivePeerDependencies:
@@ -18727,13 +18781,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18744,14 +18798,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18773,7 +18827,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18783,7 +18837,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -20244,16 +20298,16 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-cli@29.7.0(@types/node@20.10.4):
+  jest-cli@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.10.4)
+      create-jest: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.10.4)
+      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -20263,7 +20317,7 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7):
+  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
     dependencies:
       '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/test-result': 29.7.0
@@ -20282,26 +20336,38 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
-      '@jest/test-result': 29.7.0
+      '@babel/core': 7.24.4
+      '@jest/test-sequencer': 29.7.0
       '@jest/types': 29.6.3
+      babel-jest: 29.7.0(@babel/core@7.24.4)
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
-      exit: 0.1.2
-      import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      ci-info: 3.8.0
+      deepmerge: 4.3.1
+      glob: 7.2.3
+      graceful-fs: 4.2.11
+      jest-circus: 29.7.0
+      jest-environment-node: 29.7.0
+      jest-get-type: 29.6.3
+      jest-regex-util: 29.6.3
+      jest-resolve: 29.7.0
+      jest-runner: 29.7.0
       jest-util: 29.7.0
       jest-validate: 29.7.0
-      yargs: 17.7.2
+      micromatch: 4.0.5
+      parse-json: 5.2.0
+      pretty-format: 29.7.0
+      slash: 3.0.0
+      strip-json-comments: 3.1.1
+    optionalDependencies:
+      '@types/node': 20.10.4
+      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.3.3)
     transitivePeerDependencies:
-      - '@types/node'
       - babel-plugin-macros
       - supports-color
-      - ts-node
 
-  jest-config@29.7.0(@types/node@20.10.4):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20326,12 +20392,13 @@ snapshots:
       slash: 3.0.0
       strip-json-comments: 3.1.1
     optionalDependencies:
-      '@types/node': 20.10.4
+      '@types/node': 20.12.7
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20357,7 +20424,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.3.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20618,11 +20685,6 @@ snapshots:
       jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       react: 18.2.0
 
-  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0):
-    dependencies:
-      jest: 29.7.0(@types/node@20.12.7)
-      react: 18.2.0
-
   jest-util@29.5.0:
     dependencies:
       '@jest/types': 29.6.3
@@ -20675,24 +20737,12 @@ snapshots:
       merge-stream: 2.0.0
       supports-color: 8.1.1
 
-  jest@29.7.0(@types/node@20.10.4):
-    dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
-      '@jest/types': 29.6.3
-      import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.10.4)
-    transitivePeerDependencies:
-      - '@types/node'
-      - babel-plugin-macros
-      - supports-color
-      - ts-node
-
-  jest@29.7.0(@types/node@20.12.7):
+  jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.12.7)
+      jest-cli: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
     transitivePeerDependencies:
       - '@types/node'
       - babel-plugin-macros
@@ -24186,6 +24236,25 @@ snapshots:
     optionalDependencies:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
 
+  ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3):
+    dependencies:
+      '@cspotcode/source-map-support': 0.8.1
+      '@tsconfig/node10': 1.0.9
+      '@tsconfig/node12': 1.0.11
+      '@tsconfig/node14': 1.0.3
+      '@tsconfig/node16': 1.0.4
+      '@types/node': 20.10.4
+      acorn: 8.10.0
+      acorn-walk: 8.2.0
+      arg: 4.1.3
+      create-require: 1.1.1
+      diff: 4.0.2
+      make-error: 1.3.6
+      typescript: 5.3.3
+      v8-compile-cache-lib: 3.0.1
+      yn: 3.1.1
+    optional: true
+
   tsconfig-paths@3.15.0:
     dependencies:
       '@types/json5': 0.0.29

From ae4a12757ad0136b904ebe8b866608c5e8a57387 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Tue, 16 Jul 2024 10:55:48 +0800
Subject: [PATCH 022/135] test(core): add register integration tests (#6248)

* test(core): add register integration tests

add register integration tests

* test: add enterprise sso integration tests

add enterprise sso integration tests
---
 packages/core/src/routes/experience/index.ts  |   2 +-
 .../src/client/experience/index.ts            |  10 +-
 .../src/helpers/experience/index.ts           | 131 ++++++++++++++++++
 .../verification-code.test.ts                 | 101 ++++++++++++++
 .../enterprise-sso.test.ts                    |  48 +++++++
 .../sign-in-interaction/social.test.ts        |  48 +++++++
 .../verification-code.test.ts                 |  70 +++++++++-
 7 files changed, 398 insertions(+), 12 deletions(-)
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts

diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index ec83da600bda..850ed02ef9ed 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -127,7 +127,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
   router.post(
     `${experienceRoutes.prefix}/submit`,
     koaGuard({
-      status: [200],
+      status: [200, 400],
       response: z.object({
         redirectTo: z.string(),
       }),
diff --git a/packages/integration-tests/src/client/experience/index.ts b/packages/integration-tests/src/client/experience/index.ts
index 8a06e389f4f4..1b5217616ed5 100644
--- a/packages/integration-tests/src/client/experience/index.ts
+++ b/packages/integration-tests/src/client/experience/index.ts
@@ -26,12 +26,10 @@ export const identifyUser = async (cookie: string, payload: IdentificationApiPay
 
 export class ExperienceClient extends MockClient {
   public async identifyUser(payload: IdentificationApiPayload) {
-    return api
-      .post(experienceRoutes.identification, {
-        headers: { cookie: this.interactionCookie },
-        json: payload,
-      })
-      .json();
+    return api.post(experienceRoutes.identification, {
+      headers: { cookie: this.interactionCookie },
+      json: payload,
+    });
   }
 
   public async updateInteractionEvent(payload: { interactionEvent: InteractionEvent }) {
diff --git a/packages/integration-tests/src/helpers/experience/index.ts b/packages/integration-tests/src/helpers/experience/index.ts
index 95082dda021d..71926a4986ca 100644
--- a/packages/integration-tests/src/helpers/experience/index.ts
+++ b/packages/integration-tests/src/helpers/experience/index.ts
@@ -2,6 +2,7 @@
  * @fileoverview This file contains the successful interaction flow helper functions that use the experience APIs.
  */
 
+import { type SocialUserInfo } from '@logto/connector-kit';
 import {
   InteractionEvent,
   SignInIdentifier,
@@ -12,7 +13,12 @@ import {
 import { type ExperienceClient } from '#src/client/experience/index.js';
 
 import { initExperienceClient, logoutClient, processSession } from '../client.js';
+import { expectRejects } from '../index.js';
 
+import {
+  successFullyCreateSocialVerification,
+  successFullyVerifySocialAuthorization,
+} from './social-verification.js';
 import {
   successfullySendVerificationCode,
   successfullyVerifyVerificationCode,
@@ -96,3 +102,128 @@ export const identifyUserWithUsernamePassword = async (
 
   return { verificationId };
 };
+
+export const registerNewUserWithVerificationCode = async (
+  identifier: VerificationCodeIdentifier
+) => {
+  const client = await initExperienceClient();
+
+  await client.initInteraction({ interactionEvent: InteractionEvent.Register });
+
+  const { verificationId, code } = await successfullySendVerificationCode(client, {
+    identifier,
+    interactionEvent: InteractionEvent.Register,
+  });
+
+  const verifiedVerificationId = await successfullyVerifyVerificationCode(client, {
+    identifier,
+    verificationId,
+    code,
+  });
+
+  await client.identifyUser({
+    verificationId: verifiedVerificationId,
+  });
+
+  const { redirectTo } = await client.submitInteraction();
+
+  const userId = await processSession(client, redirectTo);
+  await logoutClient(client);
+
+  return userId;
+};
+
+/**
+ *
+ * @param socialUserInfo The social user info that will be returned by the social connector.
+ * @param registerNewUser Optional. If true, the user will be registered if the user does not exist, otherwise a error will be thrown if the user does not exist.
+ */
+export const signInWithSocial = async (
+  connectorId: string,
+  socialUserInfo: SocialUserInfo,
+  registerNewUser = false
+) => {
+  const state = 'state';
+  const redirectUri = 'http://localhost:3000';
+
+  const client = await initExperienceClient();
+  await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+  const { verificationId } = await successFullyCreateSocialVerification(client, connectorId, {
+    redirectUri,
+    state,
+  });
+
+  await successFullyVerifySocialAuthorization(client, connectorId, {
+    verificationId,
+    connectorData: {
+      state,
+      redirectUri,
+      code: 'fake_code',
+      userId: socialUserInfo.id,
+      email: socialUserInfo.email,
+    },
+  });
+
+  if (registerNewUser) {
+    await expectRejects(client.identifyUser({ verificationId }), {
+      code: 'user.identity_not_exist',
+      status: 404,
+    });
+
+    await client.updateInteractionEvent({ interactionEvent: InteractionEvent.Register });
+    await client.identifyUser({ verificationId });
+  } else {
+    await client.identifyUser({
+      verificationId,
+    });
+  }
+
+  const { redirectTo } = await client.submitInteraction();
+  const userId = await processSession(client, redirectTo);
+  await logoutClient(client);
+
+  return userId;
+};
+
+export const signInWithEnterpriseSso = async (
+  connectorId: string,
+  enterpriseUserInfo: Record<string, unknown>,
+  registerNewUser = false
+) => {
+  const state = 'state';
+  const redirectUri = 'http://localhost:3000';
+
+  const client = await initExperienceClient();
+  await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+  const { verificationId } = await client.getEnterpriseSsoAuthorizationUri(connectorId, {
+    redirectUri,
+    state,
+  });
+
+  await client.verifyEnterpriseSsoAuthorization(connectorId, {
+    verificationId,
+    connectorData: enterpriseUserInfo,
+  });
+
+  if (registerNewUser) {
+    await expectRejects(client.identifyUser({ verificationId }), {
+      code: 'user.identity_not_exist',
+      status: 404,
+    });
+
+    await client.updateInteractionEvent({ interactionEvent: InteractionEvent.Register });
+    await client.identifyUser({ verificationId });
+  } else {
+    await client.identifyUser({
+      verificationId,
+    });
+  }
+
+  const { redirectTo } = await client.submitInteraction();
+  const userId = await processSession(client, redirectTo);
+  await logoutClient(client);
+
+  return userId;
+};
diff --git a/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts b/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts
new file mode 100644
index 000000000000..c210797d41eb
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts
@@ -0,0 +1,101 @@
+import {
+  InteractionEvent,
+  SignInIdentifier,
+  type VerificationCodeIdentifier,
+} from '@logto/schemas';
+
+import { deleteUser } from '#src/api/admin-user.js';
+import { initExperienceClient, logoutClient, processSession } from '#src/helpers/client.js';
+import { setEmailConnector, setSmsConnector } from '#src/helpers/connector.js';
+import { registerNewUserWithVerificationCode } from '#src/helpers/experience/index.js';
+import {
+  successfullySendVerificationCode,
+  successfullyVerifyVerificationCode,
+} from '#src/helpers/experience/verification-code.js';
+import { expectRejects } from '#src/helpers/index.js';
+import { enableAllVerificationCodeSignInMethods } from '#src/helpers/sign-in-experience.js';
+import { generateNewUser } from '#src/helpers/user.js';
+import { devFeatureTest, generateEmail, generatePhone } from '#src/utils.js';
+
+const verificationIdentifierType: readonly [SignInIdentifier.Email, SignInIdentifier.Phone] =
+  Object.freeze([SignInIdentifier.Email, SignInIdentifier.Phone]);
+
+const identifiersTypeToUserProfile = Object.freeze({
+  email: 'primaryEmail',
+  phone: 'primaryPhone',
+});
+
+devFeatureTest.describe('Register interaction with verification code happy path', () => {
+  beforeAll(async () => {
+    await Promise.all([setEmailConnector(), setSmsConnector()]);
+    await enableAllVerificationCodeSignInMethods({
+      identifiers: [SignInIdentifier.Email, SignInIdentifier.Phone],
+      password: false,
+      verify: true,
+    });
+  });
+
+  it.each(verificationIdentifierType)(
+    'Should register with verification code using %p successfully',
+    async (identifier) => {
+      const userId = await registerNewUserWithVerificationCode({
+        type: identifier,
+        value: identifier === SignInIdentifier.Email ? generateEmail() : generatePhone(),
+      });
+
+      await deleteUser(userId);
+    }
+  );
+
+  it.each(verificationIdentifierType)(
+    'Should fail to sign-up with existing %p identifier and directly sign-in instead ',
+    async (identifierType) => {
+      const { userProfile, user } = await generateNewUser({
+        [identifiersTypeToUserProfile[identifierType]]: true,
+      });
+
+      const identifier: VerificationCodeIdentifier = {
+        type: identifierType,
+        value: userProfile[identifiersTypeToUserProfile[identifierType]]!,
+      };
+
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.Register });
+
+      const { verificationId, code } = await successfullySendVerificationCode(client, {
+        identifier,
+        interactionEvent: InteractionEvent.Register,
+      });
+
+      await successfullyVerifyVerificationCode(client, {
+        identifier,
+        verificationId,
+        code,
+      });
+
+      await expectRejects(
+        client.identifyUser({
+          verificationId,
+        }),
+        {
+          code: `user.${identifierType}_already_in_use`,
+          status: 422,
+        }
+      );
+
+      await client.updateInteractionEvent({
+        interactionEvent: InteractionEvent.SignIn,
+      });
+
+      await client.identifyUser({
+        verificationId,
+      });
+
+      const { redirectTo } = await client.submitInteraction();
+      await processSession(client, redirectTo);
+      await logoutClient(client);
+
+      await deleteUser(user.id);
+    }
+  );
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
new file mode 100644
index 000000000000..e86cc54ec461
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
@@ -0,0 +1,48 @@
+import { generateStandardId } from '@logto/shared';
+
+import { deleteUser, getUser } from '#src/api/admin-user.js';
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
+import { SsoConnectorApi } from '#src/api/sso-connector.js';
+import { signInWithEnterpriseSso } from '#src/helpers/experience/index.js';
+import { devFeatureTest, generateEmail } from '#src/utils.js';
+
+devFeatureTest.describe('enterprise sso sign-in and sign-up', () => {
+  const ssoConnectorApi = new SsoConnectorApi();
+  const domain = 'foo.com';
+  const socialUserId = generateStandardId();
+  const email = generateEmail(domain);
+
+  beforeAll(async () => {
+    await ssoConnectorApi.createMockOidcConnector([domain]);
+    await updateSignInExperience({ singleSignOnEnabled: true });
+  });
+
+  afterAll(async () => {
+    await ssoConnectorApi.cleanUp();
+  });
+
+  it('should successfully sign-up with enterprise sso ans sync email', async () => {
+    const userId = await signInWithEnterpriseSso(
+      ssoConnectorApi.firstConnectorId!,
+      {
+        sub: socialUserId,
+        email,
+        email_verified: true,
+      },
+      true
+    );
+
+    const { primaryEmail } = await getUser(userId);
+    expect(primaryEmail).toBe(email);
+  });
+
+  it('should successfully sign-in with enterprise sso', async () => {
+    const userId = await signInWithEnterpriseSso(ssoConnectorApi.firstConnectorId!, {
+      sub: socialUserId,
+      email,
+      email_verified: true,
+    });
+
+    await deleteUser(userId);
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
new file mode 100644
index 000000000000..6ae61112025a
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@@ -0,0 +1,48 @@
+import { ConnectorType } from '@logto/connector-kit';
+import { generateStandardId } from '@logto/shared';
+
+import { mockSocialConnectorId } from '#src/__mocks__/connectors-mock.js';
+import { deleteUser, getUser } from '#src/api/admin-user.js';
+import { clearConnectorsByTypes, setSocialConnector } from '#src/helpers/connector.js';
+import { signInWithSocial } from '#src/helpers/experience/index.js';
+import { devFeatureTest, generateEmail } from '#src/utils.js';
+
+devFeatureTest.describe('social sign-in and sign-up', () => {
+  const connectorIdMap = new Map<string, string>();
+  const socialUserId = generateStandardId();
+  const email = generateEmail();
+
+  beforeAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Social]);
+
+    const { id: socialConnectorId } = await setSocialConnector();
+    connectorIdMap.set(mockSocialConnectorId, socialConnectorId);
+  });
+
+  afterAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Social]);
+  });
+
+  it('should successfully sign-up with social and sync email', async () => {
+    const userId = await signInWithSocial(
+      connectorIdMap.get(mockSocialConnectorId)!,
+      {
+        id: socialUserId,
+        email,
+      },
+      true
+    );
+
+    const { primaryEmail } = await getUser(userId);
+    expect(primaryEmail).toBe(email);
+  });
+
+  it('should successfully sign-in with social', async () => {
+    const userId = await signInWithSocial(connectorIdMap.get(mockSocialConnectorId)!, {
+      id: socialUserId,
+      email,
+    });
+
+    await deleteUser(userId);
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts
index 4deb166f167e..5c2b92807f69 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/verification-code.test.ts
@@ -1,11 +1,21 @@
-import { SignInIdentifier } from '@logto/schemas';
+import {
+  InteractionEvent,
+  SignInIdentifier,
+  type VerificationCodeIdentifier,
+} from '@logto/schemas';
 
 import { deleteUser } from '#src/api/admin-user.js';
+import { initExperienceClient, logoutClient, processSession } from '#src/helpers/client.js';
 import { setEmailConnector, setSmsConnector } from '#src/helpers/connector.js';
 import { signInWithVerificationCode } from '#src/helpers/experience/index.js';
+import {
+  successfullySendVerificationCode,
+  successfullyVerifyVerificationCode,
+} from '#src/helpers/experience/verification-code.js';
+import { expectRejects } from '#src/helpers/index.js';
 import { enableAllVerificationCodeSignInMethods } from '#src/helpers/sign-in-experience.js';
 import { generateNewUser } from '#src/helpers/user.js';
-import { devFeatureTest } from '#src/utils.js';
+import { devFeatureTest, generateEmail, generatePhone } from '#src/utils.js';
 
 const verificationIdentifierType: readonly [SignInIdentifier.Email, SignInIdentifier.Phone] =
   Object.freeze([SignInIdentifier.Email, SignInIdentifier.Phone]);
@@ -15,14 +25,18 @@ const identifiersTypeToUserProfile = Object.freeze({
   phone: 'primaryPhone',
 });
 
-devFeatureTest.describe('Sign-in with verification code happy path', () => {
+devFeatureTest.describe('Sign-in with verification code', () => {
   beforeAll(async () => {
     await Promise.all([setEmailConnector(), setSmsConnector()]);
-    await enableAllVerificationCodeSignInMethods();
+    await enableAllVerificationCodeSignInMethods({
+      identifiers: [SignInIdentifier.Email, SignInIdentifier.Phone],
+      password: false,
+      verify: true,
+    });
   });
 
   it.each(verificationIdentifierType)(
-    'Should sign-in with verification code using %p',
+    'should sign-in with verification code using %p',
     async (identifier) => {
       const { userProfile, user } = await generateNewUser({
         [identifiersTypeToUserProfile[identifier]]: true,
@@ -37,4 +51,50 @@ devFeatureTest.describe('Sign-in with verification code happy path', () => {
       await deleteUser(user.id);
     }
   );
+
+  it.each(verificationIdentifierType)(
+    'should fail to sign-in with non-existing %p identifier and directly sign-up instead',
+    async (type) => {
+      const identifier: VerificationCodeIdentifier = {
+        type,
+        value: type === SignInIdentifier.Email ? generateEmail() : generatePhone(),
+      };
+
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+      const { verificationId, code } = await successfullySendVerificationCode(client, {
+        identifier,
+        interactionEvent: InteractionEvent.SignIn,
+      });
+
+      await successfullyVerifyVerificationCode(client, {
+        identifier,
+        verificationId,
+        code,
+      });
+
+      await expectRejects(
+        client.identifyUser({
+          verificationId,
+        }),
+        {
+          code: 'user.user_not_exist',
+          status: 404,
+        }
+      );
+
+      await client.updateInteractionEvent({ interactionEvent: InteractionEvent.Register });
+
+      await client.identifyUser({
+        verificationId,
+      });
+
+      const { redirectTo } = await client.submitInteraction();
+      const userId = await processSession(client, redirectTo);
+      await logoutClient(client);
+
+      await deleteUser(userId);
+    }
+  );
 });

From 0fec4556f9b684634d3716d074f68d09b29ace4f Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Tue, 16 Jul 2024 14:55:47 +0800
Subject: [PATCH 023/135] feat(elements): add components

---
 packages/elements/index.html                  |  14 +
 packages/elements/package.json                |   7 +-
 .../elements/src/components/logto-avatar.ts   |  53 ++
 .../elements/src/components/logto-button.ts   |  67 ++
 .../src/components/logto-card-section.ts      |   3 +-
 .../elements/src/components/logto-card.ts     |  10 +
 .../src/components/logto-form-card.ts         |  23 +-
 .../elements/src/components/logto-list-row.ts |  50 ++
 .../elements/src/components/logto-list.ts     |  23 +
 .../src/elements/logto-profile-card.ts        |  36 +-
 packages/elements/src/index.ts                |   4 +
 packages/elements/src/react.ts                |  13 +-
 packages/elements/src/utils/theme.ts          |  29 +-
 packages/elements/web-dev-server.config.js    |  21 +
 pnpm-lock.yaml                                | 683 +++++++++++++++++-
 15 files changed, 1024 insertions(+), 12 deletions(-)
 create mode 100644 packages/elements/index.html
 create mode 100644 packages/elements/src/components/logto-avatar.ts
 create mode 100644 packages/elements/src/components/logto-button.ts
 create mode 100644 packages/elements/src/components/logto-list-row.ts
 create mode 100644 packages/elements/src/components/logto-list.ts
 create mode 100644 packages/elements/web-dev-server.config.js

diff --git a/packages/elements/index.html b/packages/elements/index.html
new file mode 100644
index 000000000000..93d3782ab4bb
--- /dev/null
+++ b/packages/elements/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Logto elements dev page</title>
+  <script type="module" src="./src/index.ts"></script>
+</head>
+<body style="background: #111;">
+  <logto-theme-provider theme="dark">
+    <logto-profile-card></logto-profile-card>
+  </logto-theme-provider>
+</body>
+</html>
diff --git a/packages/elements/package.json b/packages/elements/package.json
index b9640c5ecdbd..a9bcfd3cdd54 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -8,6 +8,7 @@
   "type": "module",
   "private": true,
   "main": "dist/index.js",
+  "module": "dist/index.js",
   "exports": {
     ".": {
       "import": "./dist/index.js",
@@ -28,12 +29,14 @@
   "scripts": {
     "precommit": "lint-staged",
     "build": "lit-localize build && tsup",
+    "start": "web-dev-server",
     "dev": "lit-localize build && tsup --watch --no-splitting",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "echo \"No tests yet.\"",
     "test:ci": "pnpm run test --silent --coverage",
-    "prepack": "pnpm check && pnpm build",
+    "prepublishOnly": "pnpm check",
+    "prepack": "pnpm build",
     "localize": "lit-localize",
     "check": "lit-localize extract && git add . -N && git diff --exit-code"
   },
@@ -53,6 +56,8 @@
     "@lit/localize-tools": "^0.7.2",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
+    "@web/dev-server": "^0.4.6",
+    "@web/dev-server-esbuild": "^1.0.2",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
diff --git a/packages/elements/src/components/logto-avatar.ts b/packages/elements/src/components/logto-avatar.ts
new file mode 100644
index 000000000000..7ab7a82a5738
--- /dev/null
+++ b/packages/elements/src/components/logto-avatar.ts
@@ -0,0 +1,53 @@
+import { msg } from '@lit/localize';
+import { LitElement, css } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+
+const tagName = 'logto-avatar';
+
+const sizes = Object.freeze({
+  medium: unit(8),
+  large: unit(10),
+});
+
+@customElement(tagName)
+export class LogtoAvatar extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    :host {
+      display: block;
+      border-radius: ${unit(2)};
+      background-size: cover;
+      background-position: center;
+      background-repeat: no-repeat;
+    }
+  `;
+
+  @property({ reflect: true })
+  size: 'medium' | 'large' = 'medium';
+
+  @property({ reflect: true })
+  src = '';
+
+  @property({ reflect: true })
+  alt = msg('Avatar', {
+    id: 'account.profile.personal-info.avatar',
+    desc: 'The avatar of the user.',
+  });
+
+  connectedCallback(): void {
+    super.connectedCallback();
+    this.style.setProperty('width', sizes[this.size].cssText);
+    this.style.setProperty('height', sizes[this.size].cssText);
+
+    if (this.src) {
+      // Show the image holder with the provided image.
+      this.style.setProperty('background-color', '#adaab422');
+      this.style.setProperty('background-image', `url(${this.src})`);
+    } else {
+      // A temporary default fallback color. Need to implement the relevant logic in `<UserAvatar />` later.
+      this.style.setProperty('background-color', '#e74c3c');
+    }
+  }
+}
diff --git a/packages/elements/src/components/logto-button.ts b/packages/elements/src/components/logto-button.ts
new file mode 100644
index 000000000000..78972cfbe7e0
--- /dev/null
+++ b/packages/elements/src/components/logto-button.ts
@@ -0,0 +1,67 @@
+import { LitElement, css, html } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-button';
+
+@customElement(tagName)
+export class LogtoButton extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    :host {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      border: none;
+      outline: none;
+      font: ${vars.fontLabel2};
+      transition: background-color 0.2s ease-in-out;
+      white-space: nowrap;
+      user-select: none;
+      position: relative;
+      text-decoration: none;
+      gap: ${unit(2)};
+      cursor: pointer;
+    }
+
+    :host(:disabled) {
+      cursor: not-allowed;
+    }
+
+    :host([type='text']) {
+      background: none;
+      border-color: none;
+      font: ${vars.fontLabel2};
+      color: ${vars.colorTextLink};
+      padding: ${unit(0.5, 1)};
+      border-radius: ${unit(1)};
+    }
+
+    :host([type='text']:disabled) {
+      color: ${vars.colorDisabled};
+    }
+
+    :host([type='text']:focus-visible) {
+      outline: 2px solid ${vars.colorFocusedVariant};
+    }
+
+    :host([type='text']:not(:disabled):hover) {
+      background: ${vars.colorHoverVariant};
+    }
+  `;
+
+  @property()
+  type: 'default' | 'text' = 'default';
+
+  connectedCallback(): void {
+    super.connectedCallback();
+    this.role = 'button';
+    this.tabIndex = 0;
+  }
+
+  render() {
+    return html`<slot></slot>`;
+  }
+}
diff --git a/packages/elements/src/components/logto-card-section.ts b/packages/elements/src/components/logto-card-section.ts
index de4e88be549c..3ce9da6af11f 100644
--- a/packages/elements/src/components/logto-card-section.ts
+++ b/packages/elements/src/components/logto-card-section.ts
@@ -7,6 +7,7 @@ import { vars } from '../utils/theme.js';
 
 const tagName = 'logto-card-section';
 
+/** A section in a form card with a heading. It is used to group related content. */
 @customElement(tagName)
 @localized()
 export class LogtoCardSection extends LitElement {
@@ -14,7 +15,7 @@ export class LogtoCardSection extends LitElement {
   static styles = css`
     header {
       font: ${vars.fontLabel2};
-      color: ${vars.colorText};
+      color: ${vars.colorTextPrimary};
       margin-bottom: ${unit(1)};
     }
   `;
diff --git a/packages/elements/src/components/logto-card.ts b/packages/elements/src/components/logto-card.ts
index a6bde4ad6878..da67b41038fb 100644
--- a/packages/elements/src/components/logto-card.ts
+++ b/packages/elements/src/components/logto-card.ts
@@ -6,6 +6,16 @@ import { vars } from '../utils/theme.js';
 
 const tagName = 'logto-card';
 
+/**
+ * A card with background, padding, and border radius.
+ *
+ * @example
+ * ```html
+ * <logto-card>
+ *   <!-- Content goes here -->
+ * </logto-card>
+ * ```
+ */
 @customElement(tagName)
 export class LogtoCard extends LitElement {
   static tagName = tagName;
diff --git a/packages/elements/src/components/logto-form-card.ts b/packages/elements/src/components/logto-form-card.ts
index dc02bbd99207..6252d8393a31 100644
--- a/packages/elements/src/components/logto-form-card.ts
+++ b/packages/elements/src/components/logto-form-card.ts
@@ -8,6 +8,26 @@ import { vars } from '../utils/theme.js';
 
 const tagName = 'logto-form-card';
 
+/**
+ * A card that contains a form or form-like content. A heading and an optional description can be
+ * provided to describe the purpose of the content.
+ *
+ * To group related content in a form card, use the `logto-card-section` element.
+ *
+ * @example
+ * ```tsx
+ * html`
+ *   <logto-form-card heading=${msg('Account', ...)}>
+ *     <logto-card-section heading=${msg('Personal information', ...)}>
+ *       <!-- Content goes here -->
+ *     </logto-card-section>
+ *     <logto-card-section heading=${msg('Account settings', ...)}>
+ *       <!-- Content goes here -->
+ *     </logto-card-section>
+ *   </logto-form-card>
+ * `
+ * ```
+ */
 @customElement(tagName)
 @localized()
 export class LogtoFormCard extends LitElement {
@@ -30,7 +50,8 @@ export class LogtoFormCard extends LitElement {
       flex: 1;
     }
 
-    ::slotted(*) {
+    slot {
+      display: block;
       flex: 16;
     }
   `;
diff --git a/packages/elements/src/components/logto-list-row.ts b/packages/elements/src/components/logto-list-row.ts
new file mode 100644
index 000000000000..5faf2c45f994
--- /dev/null
+++ b/packages/elements/src/components/logto-list-row.ts
@@ -0,0 +1,50 @@
+import { localized, msg } from '@lit/localize';
+import { LitElement, css, html } from 'lit';
+import { customElement } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-list-row';
+
+@customElement(tagName)
+@localized()
+export class LogtoListRow extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    :host {
+      box-sizing: border-box;
+      display: grid;
+      height: ${unit(16)};
+      padding: ${unit(2, 6)};
+      grid-template-columns: 1fr 2fr 1fr;
+      align-items: center;
+      color: ${vars.colorTextPrimary};
+      font: ${vars.fontBody2};
+    }
+
+    :host(:not(:last-child)) {
+      border-bottom: 1px solid ${vars.colorLineDivider};
+    }
+
+    slot {
+      display: block;
+    }
+
+    slot[name='title'] {
+      font: ${vars.fontLabel2};
+    }
+
+    slot[name='actions'] {
+      text-align: right;
+    }
+  `;
+
+  render() {
+    return html`
+      <slot name="title">{${msg('Title', { id: 'general.title' })}}</slot>
+      <slot name="content">{${msg('Content', { id: 'general.content' })}}</slot>
+      <slot name="actions">{${msg('Actions', { id: 'general.actions' })}}</slot>
+    `;
+  }
+}
diff --git a/packages/elements/src/components/logto-list.ts b/packages/elements/src/components/logto-list.ts
new file mode 100644
index 000000000000..a26ab1174732
--- /dev/null
+++ b/packages/elements/src/components/logto-list.ts
@@ -0,0 +1,23 @@
+import { LitElement, css, html } from 'lit';
+import { customElement } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-list';
+
+@customElement(tagName)
+export class LogtoList extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    :host {
+      display: block;
+      border-radius: ${unit(2)};
+      border: 1px solid ${vars.colorLineDivider};
+    }
+  `;
+
+  render() {
+    return html`<slot></slot>`;
+  }
+}
diff --git a/packages/elements/src/elements/logto-profile-card.ts b/packages/elements/src/elements/logto-profile-card.ts
index faa12273ad92..31fcc9bd3cf7 100644
--- a/packages/elements/src/elements/logto-profile-card.ts
+++ b/packages/elements/src/elements/logto-profile-card.ts
@@ -11,7 +11,7 @@ const tagName = 'logto-profile-card';
 export class LogtoProfileCard extends LitElement {
   static tagName = tagName;
   static styles = css`
-    p {
+    p.dev {
       color: ${vars.colorTextSecondary};
     }
   `;
@@ -19,10 +19,42 @@ export class LogtoProfileCard extends LitElement {
   render() {
     return html`
       <logto-form-card heading=${msg('Profile', { id: 'account.profile.title' })}>
+        <p class="dev">🚧 This section is a dev feature that is still working in progress.</p>
         <logto-card-section
           heading=${msg('Personal information', { id: 'account.profile.personal-info.title' })}
         >
-          <p>🚧 This section is a dev feature that is still working in progress.</p>
+          <logto-list>
+            <logto-list-row>
+              <div slot="title">
+                ${msg('Avatar', {
+                  id: 'account.profile.personal-info.avatar',
+                  desc: 'The avatar of the user.',
+                })}
+              </div>
+              <div slot="content">
+                <logto-avatar size="large" src="https://github.com/logto-io.png"></logto-avatar>
+              </div>
+              <div slot="actions">
+                <logto-button type="text">
+                  ${msg('Change', { id: 'general.change' })}
+                </logto-button>
+              </div>
+            </logto-list-row>
+            <logto-list-row>
+              <div slot="title">
+                ${msg('Name', {
+                  id: 'account.profile.personal-info.name',
+                  desc: 'The name of the user.',
+                })}
+              </div>
+              <div slot="content">John Doe</div>
+              <div slot="actions">
+                <logto-button type="text">
+                  ${msg('Change', { id: 'general.change' })}
+                </logto-button>
+              </div>
+            </logto-list-row>
+          </logto-list>
         </logto-card-section>
       </logto-form-card>
     `;
diff --git a/packages/elements/src/index.ts b/packages/elements/src/index.ts
index de8f4983214e..9d2edf45a92e 100644
--- a/packages/elements/src/index.ts
+++ b/packages/elements/src/index.ts
@@ -1,6 +1,10 @@
+export * from './components/logto-avatar.js';
+export * from './components/logto-button.js';
 export * from './components/logto-card-section.js';
 export * from './components/logto-card.js';
 export * from './components/logto-form-card.js';
+export * from './components/logto-list-row.js';
+export * from './components/logto-list.js';
 export * from './components/logto-theme-provider.js';
 export * from './elements/logto-profile-card.js';
 export * from './utils/locale.js';
diff --git a/packages/elements/src/react.ts b/packages/elements/src/react.ts
index cacc64ea1bff..28b363ae474b 100644
--- a/packages/elements/src/react.ts
+++ b/packages/elements/src/react.ts
@@ -1,6 +1,12 @@
 import { createComponent } from '@lit/react';
 
-import { LogtoThemeProvider, LogtoCard, LogtoFormCard, LogtoProfileCard } from './index.js';
+import {
+  LogtoThemeProvider,
+  LogtoCard,
+  LogtoFormCard,
+  LogtoProfileCard,
+  LogtoList,
+} from './index.js';
 
 export * from './utils/locale.js';
 
@@ -11,6 +17,11 @@ export const createReactComponents = (react: Parameters<typeof createComponent>[
       elementClass: LogtoFormCard,
       react,
     }),
+    LogtoList: createComponent({
+      tagName: LogtoList.tagName,
+      elementClass: LogtoList,
+      react,
+    }),
     LogtoProfileCard: createComponent({
       tagName: LogtoProfileCard.tagName,
       elementClass: LogtoProfileCard,
diff --git a/packages/elements/src/utils/theme.ts b/packages/elements/src/utils/theme.ts
index 8eb806d1d7f2..41a72810fd5f 100644
--- a/packages/elements/src/utils/theme.ts
+++ b/packages/elements/src/utils/theme.ts
@@ -5,13 +5,18 @@ import { type KebabCase, kebabCase } from './string.js';
 /** All the colors to be used in the Logto components and elements. */
 export type Color = {
   colorPrimary: string;
-  colorText: string;
+  colorTextPrimary: string;
   colorTextLink: string;
   colorTextSecondary: string;
   colorBorder: string;
   colorCardTitle: string;
   colorLayer1: string;
   colorLayer2: string;
+  colorLineDivider: string;
+  colorDisabled: string;
+  colorHover: string;
+  colorHoverVariant: string;
+  colorFocusedVariant: string;
 };
 
 /** All the fonts to be used in the Logto components and elements. */
@@ -19,6 +24,9 @@ export type Font = {
   fontLabel1: string;
   fontLabel2: string;
   fontLabel3: string;
+  fontBody1: string;
+  fontBody2: string;
+  fontBody3: string;
   fontSectionHeading1: string;
   fontSectionHeading2: string;
 };
@@ -33,6 +41,9 @@ export const defaultFont: Readonly<Font> = Object.freeze({
   fontLabel1: `500 16px / 24px ${defaultFontFamily}`,
   fontLabel2: `500 14px / 20px ${defaultFontFamily}`,
   fontLabel3: `500 12px / 16px ${defaultFontFamily}`,
+  fontBody1: `400 16px / 24px ${defaultFontFamily}`,
+  fontBody2: `400 14px / 20px ${defaultFontFamily}`,
+  fontBody3: `400 12px / 16px ${defaultFontFamily}`,
   fontSectionHeading1: `700 12px / 16px ${defaultFontFamily}`,
   fontSectionHeading2: `700 10px / 16px ${defaultFontFamily}`,
 });
@@ -40,25 +51,35 @@ export const defaultFont: Readonly<Font> = Object.freeze({
 export const defaultTheme: Readonly<Theme> = Object.freeze({
   ...defaultFont,
   colorPrimary: '#5d34f2',
-  colorText: '#191c1d',
+  colorTextPrimary: '#191c1d',
   colorTextLink: '#5d34f2',
   colorTextSecondary: '#747778',
   colorBorder: '#c4c7c7',
   colorCardTitle: '#928f9a',
   colorLayer1: '#000',
   colorLayer2: '#2d3132',
+  colorLineDivider: '#191c1d1f',
+  colorDisabled: '#5c5f60',
+  colorHover: '#191c1d14',
+  colorHoverVariant: '#5d34f214',
+  colorFocusedVariant: '#5d34f229',
 });
 
 export const darkTheme: Readonly<Theme> = Object.freeze({
   ...defaultFont,
   colorPrimary: '#7958ff',
-  colorText: '#f7f8f8',
+  colorTextPrimary: '#f7f8f8',
   colorTextLink: '#cabeff',
   colorTextSecondary: '#a9acac',
   colorBorder: '#5c5f60',
   colorCardTitle: '#928f9a',
   colorLayer1: '#2a2c32',
   colorLayer2: '#34353f',
+  colorLineDivider: '#f7f8f824',
+  colorDisabled: '#5c5f60',
+  colorHover: '#f7f8f814',
+  colorHoverVariant: '#cabeff14',
+  colorFocusedVariant: '#cabeff29',
 });
 
 /**
@@ -109,7 +130,7 @@ export const toVar = (value: string) => unsafeCSS(`var(--logto-${kebabCase(value
  * `
  */
 // eslint-disable-next-line no-restricted-syntax -- `Object.fromEntries` will lose the type
-export const vars = Object.freeze(
+export const vars: Record<keyof Theme, CSSResult> = Object.freeze(
   Object.fromEntries(Object.keys(defaultTheme).map((key) => [key, toVar(key)]))
 ) as Record<keyof Theme, CSSResult>;
 
diff --git a/packages/elements/web-dev-server.config.js b/packages/elements/web-dev-server.config.js
new file mode 100644
index 000000000000..ea305a4b8494
--- /dev/null
+++ b/packages/elements/web-dev-server.config.js
@@ -0,0 +1,21 @@
+// eslint-disable-next-line unicorn/prevent-abbreviations
+import { fileURLToPath } from 'node:url';
+
+import { esbuildPlugin } from '@web/dev-server-esbuild';
+
+const config = {
+  open: true,
+  watch: true,
+  appIndex: 'index.html',
+  nodeResolve: {
+    exportConditions: ['development'],
+  },
+  plugins: [
+    esbuildPlugin({
+      ts: true,
+      tsconfig: fileURLToPath(new URL('tsconfig.json', import.meta.url)),
+    }),
+  ],
+};
+
+export default config;
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 3cfa8d2677f6..cbbc3abc25c0 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3576,6 +3576,12 @@ importers:
       '@silverhand/ts-config':
         specifier: 6.0.0
         version: 6.0.0(typescript@5.3.3)
+      '@web/dev-server':
+        specifier: ^0.4.6
+        version: 0.4.6
+      '@web/dev-server-esbuild':
+        specifier: ^1.0.2
+        version: 1.0.2
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4243,6 +4249,10 @@ importers:
 
 packages:
 
+  '@75lb/deep-merge@1.1.1':
+    resolution: {integrity: sha512-xvgv6pkMGBA6GwdyJbNAnDmfAIR/DfWhrj9jgWh3TY7gRm3KO46x/GPjRg6wJ0nOepwqrNxFfojebh0Df4h4Tw==}
+    engines: {node: '>=12.17'}
+
   '@aashutoshrathi/word-wrap@1.2.6':
     resolution: {integrity: sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==}
     engines: {node: '>=0.10.0'}
@@ -4856,138 +4866,276 @@ packages:
     peerDependencies:
       postcss-selector-parser: ^6.0.13
 
+  '@esbuild/aix-ppc64@0.19.12':
+    resolution: {integrity: sha512-bmoCYyWdEL3wDQIVbcyzRyeKLgk2WtWLTWz1ZIAZF/EGbNOwSA6ew3PftJ1PqMiOOGu0OyFMzG53L0zqIpPeNA==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [aix]
+
   '@esbuild/aix-ppc64@0.21.5':
     resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==}
     engines: {node: '>=12'}
     cpu: [ppc64]
     os: [aix]
 
+  '@esbuild/android-arm64@0.19.12':
+    resolution: {integrity: sha512-P0UVNGIienjZv3f5zq0DP3Nt2IE/3plFzuaS96vihvD0Hd6H/q4WXUGpCxD/E8YrSXfNyRPbpTq+T8ZQioSuPA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [android]
+
   '@esbuild/android-arm64@0.21.5':
     resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [android]
 
+  '@esbuild/android-arm@0.19.12':
+    resolution: {integrity: sha512-qg/Lj1mu3CdQlDEEiWrlC4eaPZ1KztwGJ9B6J+/6G+/4ewxJg7gqj8eVYWvao1bXrqGiW2rsBZFSX3q2lcW05w==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [android]
+
   '@esbuild/android-arm@0.21.5':
     resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==}
     engines: {node: '>=12'}
     cpu: [arm]
     os: [android]
 
+  '@esbuild/android-x64@0.19.12':
+    resolution: {integrity: sha512-3k7ZoUW6Q6YqhdhIaq/WZ7HwBpnFBlW905Fa4s4qWJyiNOgT1dOqDiVAQFwBH7gBRZr17gLrlFCRzF6jFh7Kew==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [android]
+
   '@esbuild/android-x64@0.21.5':
     resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [android]
 
+  '@esbuild/darwin-arm64@0.19.12':
+    resolution: {integrity: sha512-B6IeSgZgtEzGC42jsI+YYu9Z3HKRxp8ZT3cqhvliEHovq8HSX2YX8lNocDn79gCKJXOSaEot9MVYky7AKjCs8g==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+
   '@esbuild/darwin-arm64@0.21.5':
     resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [darwin]
 
+  '@esbuild/darwin-x64@0.19.12':
+    resolution: {integrity: sha512-hKoVkKzFiToTgn+41qGhsUJXFlIjxI/jSYeZf3ugemDYZldIXIxhvwN6erJGlX4t5h417iFuheZ7l+YVn05N3A==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+
   '@esbuild/darwin-x64@0.21.5':
     resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [darwin]
 
+  '@esbuild/freebsd-arm64@0.19.12':
+    resolution: {integrity: sha512-4aRvFIXmwAcDBw9AueDQ2YnGmz5L6obe5kmPT8Vd+/+x/JMVKCgdcRwH6APrbpNXsPz+K653Qg8HB/oXvXVukA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [freebsd]
+
   '@esbuild/freebsd-arm64@0.21.5':
     resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [freebsd]
 
+  '@esbuild/freebsd-x64@0.19.12':
+    resolution: {integrity: sha512-EYoXZ4d8xtBoVN7CEwWY2IN4ho76xjYXqSXMNccFSx2lgqOG/1TBPW0yPx1bJZk94qu3tX0fycJeeQsKovA8gg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [freebsd]
+
   '@esbuild/freebsd-x64@0.21.5':
     resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [freebsd]
 
+  '@esbuild/linux-arm64@0.19.12':
+    resolution: {integrity: sha512-EoTjyYyLuVPfdPLsGVVVC8a0p1BFFvtpQDB/YLEhaXyf/5bczaGeN15QkR+O4S5LeJ92Tqotve7i1jn35qwvdA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+
   '@esbuild/linux-arm64@0.21.5':
     resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [linux]
 
+  '@esbuild/linux-arm@0.19.12':
+    resolution: {integrity: sha512-J5jPms//KhSNv+LO1S1TX1UWp1ucM6N6XuL6ITdKWElCu8wXP72l9MM0zDTzzeikVyqFE6U8YAV9/tFyj0ti+w==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+
   '@esbuild/linux-arm@0.21.5':
     resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==}
     engines: {node: '>=12'}
     cpu: [arm]
     os: [linux]
 
+  '@esbuild/linux-ia32@0.19.12':
+    resolution: {integrity: sha512-Thsa42rrP1+UIGaWz47uydHSBOgTUnwBwNq59khgIwktK6x60Hivfbux9iNR0eHCHzOLjLMLfUMLCypBkZXMHA==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [linux]
+
   '@esbuild/linux-ia32@0.21.5':
     resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==}
     engines: {node: '>=12'}
     cpu: [ia32]
     os: [linux]
 
+  '@esbuild/linux-loong64@0.19.12':
+    resolution: {integrity: sha512-LiXdXA0s3IqRRjm6rV6XaWATScKAXjI4R4LoDlvO7+yQqFdlr1Bax62sRwkVvRIrwXxvtYEHHI4dm50jAXkuAA==}
+    engines: {node: '>=12'}
+    cpu: [loong64]
+    os: [linux]
+
   '@esbuild/linux-loong64@0.21.5':
     resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
     engines: {node: '>=12'}
     cpu: [loong64]
     os: [linux]
 
+  '@esbuild/linux-mips64el@0.19.12':
+    resolution: {integrity: sha512-fEnAuj5VGTanfJ07ff0gOA6IPsvrVHLVb6Lyd1g2/ed67oU1eFzL0r9WL7ZzscD+/N6i3dWumGE1Un4f7Amf+w==}
+    engines: {node: '>=12'}
+    cpu: [mips64el]
+    os: [linux]
+
   '@esbuild/linux-mips64el@0.21.5':
     resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==}
     engines: {node: '>=12'}
     cpu: [mips64el]
     os: [linux]
 
+  '@esbuild/linux-ppc64@0.19.12':
+    resolution: {integrity: sha512-nYJA2/QPimDQOh1rKWedNOe3Gfc8PabU7HT3iXWtNUbRzXS9+vgB0Fjaqr//XNbd82mCxHzik2qotuI89cfixg==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [linux]
+
   '@esbuild/linux-ppc64@0.21.5':
     resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==}
     engines: {node: '>=12'}
     cpu: [ppc64]
     os: [linux]
 
+  '@esbuild/linux-riscv64@0.19.12':
+    resolution: {integrity: sha512-2MueBrlPQCw5dVJJpQdUYgeqIzDQgw3QtiAHUC4RBz9FXPrskyyU3VI1hw7C0BSKB9OduwSJ79FTCqtGMWqJHg==}
+    engines: {node: '>=12'}
+    cpu: [riscv64]
+    os: [linux]
+
   '@esbuild/linux-riscv64@0.21.5':
     resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==}
     engines: {node: '>=12'}
     cpu: [riscv64]
     os: [linux]
 
+  '@esbuild/linux-s390x@0.19.12':
+    resolution: {integrity: sha512-+Pil1Nv3Umes4m3AZKqA2anfhJiVmNCYkPchwFJNEJN5QxmTs1uzyy4TvmDrCRNT2ApwSari7ZIgrPeUx4UZDg==}
+    engines: {node: '>=12'}
+    cpu: [s390x]
+    os: [linux]
+
   '@esbuild/linux-s390x@0.21.5':
     resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==}
     engines: {node: '>=12'}
     cpu: [s390x]
     os: [linux]
 
+  '@esbuild/linux-x64@0.19.12':
+    resolution: {integrity: sha512-B71g1QpxfwBvNrfyJdVDexenDIt1CiDN1TIXLbhOw0KhJzE78KIFGX6OJ9MrtC0oOqMWf+0xop4qEU8JrJTwCg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+
   '@esbuild/linux-x64@0.21.5':
     resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [linux]
 
+  '@esbuild/netbsd-x64@0.19.12':
+    resolution: {integrity: sha512-3ltjQ7n1owJgFbuC61Oj++XhtzmymoCihNFgT84UAmJnxJfm4sYCiSLTXZtE00VWYpPMYc+ZQmB6xbSdVh0JWA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [netbsd]
+
   '@esbuild/netbsd-x64@0.21.5':
     resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [netbsd]
 
+  '@esbuild/openbsd-x64@0.19.12':
+    resolution: {integrity: sha512-RbrfTB9SWsr0kWmb9srfF+L933uMDdu9BIzdA7os2t0TXhCRjrQyCeOt6wVxr79CKD4c+p+YhCj31HBkYcXebw==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [openbsd]
+
   '@esbuild/openbsd-x64@0.21.5':
     resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [openbsd]
 
+  '@esbuild/sunos-x64@0.19.12':
+    resolution: {integrity: sha512-HKjJwRrW8uWtCQnQOz9qcU3mUZhTUQvi56Q8DPTLLB+DawoiQdjsYq+j+D3s9I8VFtDr+F9CjgXKKC4ss89IeA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [sunos]
+
   '@esbuild/sunos-x64@0.21.5':
     resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [sunos]
 
+  '@esbuild/win32-arm64@0.19.12':
+    resolution: {integrity: sha512-URgtR1dJnmGvX864pn1B2YUYNzjmXkuJOIqG2HdU62MVS4EHpU2946OZoTMnRUHklGtJdJZ33QfzdjGACXhn1A==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+
   '@esbuild/win32-arm64@0.21.5':
     resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [win32]
 
+  '@esbuild/win32-ia32@0.19.12':
+    resolution: {integrity: sha512-+ZOE6pUkMOJfmxmBZElNOx72NKpIa/HFOMGzu8fqzQJ5kgf6aTGrcJaFsNiVMH4JKpMipyK+7k0n2UXN7a8YKQ==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [win32]
+
   '@esbuild/win32-ia32@0.21.5':
     resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==}
     engines: {node: '>=12'}
     cpu: [ia32]
     os: [win32]
 
+  '@esbuild/win32-x64@0.19.12':
+    resolution: {integrity: sha512-T1QyPSDCyMXaO3pzBkF96E8xMkiRYbUEZADd29SyPGabqxMViNoii+NcK7eWJAEoU6RZyEm5lVSIjTmcdoB9HA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+
   '@esbuild/win32-x64@0.21.5':
     resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==}
     engines: {node: '>=12'}
@@ -5300,6 +5448,9 @@ packages:
   '@manypkg/get-packages@1.1.3':
     resolution: {integrity: sha512-fo+QhuU3qE/2TQMQmbVMqaQ6EWbMhi4ABWP+O4AM1NqPBuy0OrApV5LO6BrrgnhtAHS2NH6RrVk9OL181tTi8A==}
 
+  '@mdn/browser-compat-data@4.2.1':
+    resolution: {integrity: sha512-EWUguj2kd7ldmrF9F+vI5hUOralPd+sdsUnYbRy33vZTuZkduC1shE9TtEMEjAQwyfyMb4ole5KtjF8MsnQOlA==}
+
   '@mdx-js/mdx@3.0.1':
     resolution: {integrity: sha512-eIQ4QTrOWyL3LWEe/bu6Taqzq2HQvHcyTMaOrI95P2/LmJE7AsfPfgJGuFLPVqBUE1BC1rik3VIhU+s9u72arA==}
 
@@ -6497,6 +6648,9 @@ packages:
   '@types/color@3.0.3':
     resolution: {integrity: sha512-X//qzJ3d3Zj82J9sC/C18ZY5f43utPbAJ6PhYt/M7uG6etcF6MRpKdN880KBy43B0BMzSfeT96MzrsNjFI3GbA==}
 
+  '@types/command-line-args@5.2.3':
+    resolution: {integrity: sha512-uv0aG6R0Y8WHZLTamZwtfsDLVRnOa+n+n5rEvFWL5Na5gZ8V2Teab/duDPFzIIIhs9qizDpcavCusCLJZu62Kw==}
+
   '@types/connect@3.4.35':
     resolution: {integrity: sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==}
 
@@ -6662,6 +6816,9 @@ packages:
   '@types/parse-json@4.0.0':
     resolution: {integrity: sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==}
 
+  '@types/parse5@6.0.3':
+    resolution: {integrity: sha512-SuT16Q1K51EAVPz1K29DJ/sXjhSQ0zjvsypYJ6tlwVsRV9jwW5Adq2ch8Dq8kDBCkYnELS7N7VNCSB5nC56t/g==}
+
   '@types/pg@8.11.2':
     resolution: {integrity: sha512-G2Mjygf2jFMU/9hCaTYxJrwdObdcnuQde1gndooZSOHsNSaCehAuwc7EIuSA34Do8Jx2yZ19KtvW8P0j4EuUXw==}
 
@@ -6773,6 +6930,9 @@ packages:
   '@types/unist@3.0.0':
     resolution: {integrity: sha512-MFETx3tbTjE7Uk6vvnWINA/1iJ7LuMdO4fcq8UfF0pRbj01aGLduVvQcRyswuACJdpnHgg8E3rQLhaRdNEJS0w==}
 
+  '@types/ws@7.4.7':
+    resolution: {integrity: sha512-JQbbmxZTZehdc2iszGKs5oC3NFnjeay7mtAWrdt7qNtAVK0g19muApzAy4bm9byz79xa2ZnO/BOBC2R8RC5Lww==}
+
   '@types/yargs-parser@21.0.0':
     resolution: {integrity: sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==}
 
@@ -6866,6 +7026,31 @@ packages:
   '@vitest/utils@2.0.0':
     resolution: {integrity: sha512-t0jbx8VugWEP6A29NbyfQKVU68Vo6oUw0iX3a8BwO3nrZuivfHcFO4Y5UsqXlplX+83P9UaqEvC2YQhspC0JSA==}
 
+  '@web/config-loader@0.3.1':
+    resolution: {integrity: sha512-IYjHXUgSGGNpO3YJQ9foLcazbJlAWDdJGRe9be7aOhon0Nd6Na5JIOJAej7jsMu76fKHr4b4w2LfIdNQ4fJ8pA==}
+    engines: {node: '>=18.0.0'}
+
+  '@web/dev-server-core@0.7.2':
+    resolution: {integrity: sha512-Q/0jpF13Ipk+qGGQ+Yx/FW1TQBYazpkfgYHHo96HBE7qv4V4KKHqHglZcSUxti/zd4bToxX1cFTz8dmbTlb8JA==}
+    engines: {node: '>=18.0.0'}
+
+  '@web/dev-server-esbuild@1.0.2':
+    resolution: {integrity: sha512-ak5mKt7L0H/Fa470Ku7p9A1eI32DNyFGM83jDkJviBO8r3lM00O5hVFW1K+UIYNC5EyanLyPxTqgtIuQEyMYcQ==}
+    engines: {node: '>=18.0.0'}
+
+  '@web/dev-server-rollup@0.6.4':
+    resolution: {integrity: sha512-sJZfTGCCrdku5xYnQQG51odGI092hKY9YFM0X3Z0tRY3iXKXcYRaLZrErw5KfCxr6g0JRuhe4BBhqXTA5Q2I3Q==}
+    engines: {node: '>=18.0.0'}
+
+  '@web/dev-server@0.4.6':
+    resolution: {integrity: sha512-jj/1bcElAy5EZet8m2CcUdzxT+CRvUjIXGh8Lt7vxtthkN9PzY9wlhWx/9WOs5iwlnG1oj0VGo6f/zvbPO0s9w==}
+    engines: {node: '>=18.0.0'}
+    hasBin: true
+
+  '@web/parse5-utils@2.1.0':
+    resolution: {integrity: sha512-GzfK5disEJ6wEjoPwx8AVNwUe9gYIiwc+x//QYxYDAFKUp4Xb1OJAGLc2l2gVrSQmtPGLKrTRcW90Hv4pEq1qA==}
+    engines: {node: '>=18.0.0'}
+
   '@withtyped/client@0.8.7':
     resolution: {integrity: sha512-qK+Tsczvko8mBRACtHGYj0CdMZFaBmosMGUahTAr544Jb183INPZPn/NpUFtTEpl5g3e4lUjMc5jPH0V78D0+g==}
 
@@ -7036,6 +7221,14 @@ packages:
   aria-query@5.3.0:
     resolution: {integrity: sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==}
 
+  array-back@3.1.0:
+    resolution: {integrity: sha512-TkuxA4UCOvxuDK6NZYXCalszEzj+TLszyASooky+i742l9TqsOdYCMJJupxRic61hwquNtppB3hgcuq9SVSH1Q==}
+    engines: {node: '>=6'}
+
+  array-back@6.2.2:
+    resolution: {integrity: sha512-gUAZ7HPyb4SJczXAMUXMGAvI976JoK3qEx9v1FTmeYuJj0IBiaKttG1ydtGKdkfqWkIkouke7nG8ufGy77+Cvw==}
+    engines: {node: '>=12.17'}
+
   array-buffer-byte-length@1.0.1:
     resolution: {integrity: sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==}
     engines: {node: '>= 0.4'}
@@ -7129,6 +7322,9 @@ packages:
   async-retry@1.3.3:
     resolution: {integrity: sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==}
 
+  async@2.6.4:
+    resolution: {integrity: sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==}
+
   asynckit@0.4.0:
     resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
 
@@ -7359,6 +7555,10 @@ packages:
     resolution: {integrity: sha512-pT1ZgP8rPNqUgieVaEY+ryQr6Q4HXNg8Ei9UnLUrjN4IA7dvQC5JB+/kxVcPNDHyBcc/26CXPkbNzq3qwrOEKA==}
     engines: {node: '>=12'}
 
+  chalk-template@0.4.0:
+    resolution: {integrity: sha512-/ghrgmhfY8RaSdeo43hNXxpoHAtxdbskUHjPpfqUWGttFgycUhYPGx3YZBCnUCvOa7Doivn1IZec3DEGFoMgLg==}
+    engines: {node: '>=12'}
+
   chalk@2.4.2:
     resolution: {integrity: sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==}
     engines: {node: '>=4'}
@@ -7534,6 +7734,14 @@ packages:
   comma-separated-tokens@2.0.2:
     resolution: {integrity: sha512-G5yTt3KQN4Yn7Yk4ed73hlZ1evrFKXeUW3086p3PRFNp7m2vIjI6Pg+Kgb+oyzhd9F2qdcoj67+y3SdxL5XWsg==}
 
+  command-line-args@5.2.1:
+    resolution: {integrity: sha512-H4UfQhZyakIjC74I9d34fGYDwk3XpSr17QhEd0Q3I9Xq1CETHo4Hcuo87WyWHpAF1aSLjLRf5lD9ZGX2qStUvg==}
+    engines: {node: '>=4.0.0'}
+
+  command-line-usage@7.0.2:
+    resolution: {integrity: sha512-MwNFB8nxi3IVnzir+nkSIbDTU4H6ne26zqicO2eTt1wPrvdOAphPhnYqWOjxXKWYLNYDu4Z/r2ESEziEqKuOVg==}
+    engines: {node: '>=12.20.0'}
+
   commander@11.1.0:
     resolution: {integrity: sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==}
     engines: {node: '>=16'}
@@ -7945,6 +8153,9 @@ packages:
   dayjs@1.11.6:
     resolution: {integrity: sha512-zZbY5giJAinCG+7AGaw0wIhNZ6J8AhWuSXKvuc1KAyMiRsvGQWqh4L+MomvhdAYjN+lqvVCMq1I41e3YHvXkyQ==}
 
+  debounce@1.2.1:
+    resolution: {integrity: sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug==}
+
   debug@3.2.7:
     resolution: {integrity: sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==}
     peerDependencies:
@@ -8033,6 +8244,10 @@ packages:
     resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==}
     engines: {node: '>=0.10.0'}
 
+  default-gateway@6.0.3:
+    resolution: {integrity: sha512-fwSOJsbbNzZ/CUFpqFBqYfYNLj1NbMPm8MMCIzHjC83iSJRBEGmDUxU+WP661BaBQImeC2yHwXtz+P/O9o+XEg==}
+    engines: {node: '>= 10'}
+
   defaults@1.0.4:
     resolution: {integrity: sha512-eFuaLoy/Rxalv2kr+lqMlUnrDWV+3j4pljOIJgLIhI058IQfWJ7vXhyEIHu+HtC738klGALYxOKDO0bQP3tg8A==}
 
@@ -8044,6 +8259,10 @@ packages:
     resolution: {integrity: sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==}
     engines: {node: '>= 0.4'}
 
+  define-lazy-prop@2.0.0:
+    resolution: {integrity: sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==}
+    engines: {node: '>=8'}
+
   define-properties@1.1.4:
     resolution: {integrity: sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==}
     engines: {node: '>= 0.4'}
@@ -8293,6 +8512,9 @@ packages:
     resolution: {integrity: sha512-scxAJaewsahbqTYrGKJihhViaM6DDZDDoucfvzNbK0pOren1g/daDQ3IAhzn+1G14rBG7w+i5N+qul60++zlKA==}
     engines: {node: '>= 0.4'}
 
+  es-module-lexer@1.5.4:
+    resolution: {integrity: sha512-MVNK56NiMrOwitFB7cqDwq0CQutbw+0BvLshJSse0MUNU+y1FC3bUS/AQg7oUng+/wKrrki7JfmwtVHkVfPLlw==}
+
   es-object-atoms@1.0.0:
     resolution: {integrity: sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==}
     engines: {node: '>= 0.4'}
@@ -8311,6 +8533,11 @@ packages:
     resolution: {integrity: sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==}
     engines: {node: '>= 0.4'}
 
+  esbuild@0.19.12:
+    resolution: {integrity: sha512-aARqgq8roFBj054KvQr5f1sFu0D65G+miZRCuJyJ0G13Zwx7vRar5Zhn2tkQNzIXcBrNVsv/8stehpj+GAjgbg==}
+    engines: {node: '>=12'}
+    hasBin: true
+
   esbuild@0.21.5:
     resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
     engines: {node: '>=12'}
@@ -8741,6 +8968,10 @@ packages:
     resolution: {integrity: sha512-/U4CYp1214Xrp3u3Fqr9yNynUrr5Le4y0SsJh2lMDDSbpwYSz3M2SMWQC+wqcx79cN8PQtHQIL8KnuY9M66fdg==}
     hasBin: true
 
+  find-replace@3.0.0:
+    resolution: {integrity: sha512-6Tb2myMioCAgv5kfvP5/PkZZ/ntTpVK39fHY7WkWBgvbeE+VHd/tZuZ4mrC+bxh4cfOZeYKVPaJIZtZXV7GNCQ==}
+    engines: {node: '>=4.0.0'}
+
   find-up@4.1.0:
     resolution: {integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==}
     engines: {node: '>=8'}
@@ -9373,6 +9604,10 @@ packages:
     resolution: {integrity: sha512-9hiJxE5gkK/cM2d1mTEnuurGTAoHebbkX0BYl3h7iEg7FYfuNIom+nDfBCSWtvSnoSrWCeBxqqBZu26xdlJlXA==}
     engines: {node: '>=12.0.0'}
 
+  internal-ip@6.2.0:
+    resolution: {integrity: sha512-D8WGsR6yDt8uq7vDMu7mjcR+yRMm3dW8yufyChmszWRjcSHuxLBkR3GdS2HZAjodsaGuCvXeEJpueisXJULghg==}
+    engines: {node: '>=10'}
+
   internal-slot@1.0.3:
     resolution: {integrity: sha512-O0DB1JC/sPyZl7cIo78n5dR7eUSwwpYPiXRhTzNxZVAMUuB8vlnRFyLxdrVToks6XPLVnFfbzaVd5WLjhgg+vA==}
     engines: {node: '>= 0.4'}
@@ -9384,12 +9619,20 @@ packages:
   internmap@1.0.1:
     resolution: {integrity: sha512-lDB5YccMydFBtasVtxnZ3MRBHuaoE8GKsppq+EchKL2U4nK/DmEpPHNH8MZe5HkMtpSiTSOZwfN0tzYjO/lJEw==}
 
+  ip-regex@4.3.0:
+    resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==}
+    engines: {node: '>=8'}
+
   ip@1.1.9:
     resolution: {integrity: sha512-cyRxvOEpNHNtchU3Ln9KC/auJgup87llfQpQ+t5ghoC/UhL16SWzbueiCsdTnWmqAWl7LadfuwhlqmtOaqMHdQ==}
 
   ip@2.0.1:
     resolution: {integrity: sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==}
 
+  ipaddr.js@1.9.1:
+    resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
+    engines: {node: '>= 0.10'}
+
   ipaddr.js@2.1.0:
     resolution: {integrity: sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==}
     engines: {node: '>= 10'}
@@ -9463,6 +9706,11 @@ packages:
   is-decimal@2.0.1:
     resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==}
 
+  is-docker@2.2.1:
+    resolution: {integrity: sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==}
+    engines: {node: '>=8'}
+    hasBin: true
+
   is-extglob@2.1.1:
     resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
     engines: {node: '>=0.10.0'}
@@ -9503,6 +9751,10 @@ packages:
     resolution: {integrity: sha512-qP1vozQRI+BMOPcjFzrjXuQvdak2pHNUMZoeG2eRbiSqyvbEf/wQtEOTOX1guk6E3t36RkaqiSt8A/6YElNxLQ==}
     engines: {node: '>=12'}
 
+  is-ip@3.1.0:
+    resolution: {integrity: sha512-35vd5necO7IitFPjd/YBeqwWnyDWbuLH9ZXQdMfDA8TEo7pv5X8yfrvVO3xbJbLUlERCMvf6X0hTUamQxCYJ9Q==}
+    engines: {node: '>=8'}
+
   is-js-type@2.0.0:
     resolution: {integrity: sha512-Aj13l47+uyTjlQNHtXBV8Cji3jb037vxwMWCgopRR8h6xocgBGW3qG8qGlIOEmbXQtkKShKuBM9e8AA1OeQ+xw==}
 
@@ -9637,12 +9889,20 @@ packages:
     resolution: {integrity: sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==}
     engines: {node: '>=0.10.0'}
 
+  is-wsl@2.2.0:
+    resolution: {integrity: sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==}
+    engines: {node: '>=8'}
+
   isarray@0.0.1:
     resolution: {integrity: sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==}
 
   isarray@2.0.5:
     resolution: {integrity: sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==}
 
+  isbinaryfile@5.0.2:
+    resolution: {integrity: sha512-GvcjojwonMjWbTkfMpnVHVqXW/wKMYDfEpY94/8zy8HFMOqb/VL6oeONq9v87q4ttVlaTLnGXnJD4B5B1OTGIg==}
+    engines: {node: '>= 18.0.0'}
+
   isexe@2.0.0:
     resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
 
@@ -10041,6 +10301,9 @@ packages:
     resolution: {integrity: sha512-asOvN6bFlSnxewce2e/DK3p4tltyfC4VM7ZwuTuepI7dEQVcvpyFuBcEARu1+Hxg8DIwytce2n7jrZtRlPrARA==}
     engines: {node: '>= 10'}
 
+  koa-etag@4.0.0:
+    resolution: {integrity: sha512-1cSdezCkBWlyuB9l6c/IFoe1ANCDdPBxkDkRiaIup40xpUub6U/wwRXoKBZw/O5BifX9OlqAjYnDyzM6+l+TAg==}
+
   koa-is-json@1.0.0:
     resolution: {integrity: sha512-+97CtHAlWDx0ndt0J8y3P12EWLwTLMXIfMnYDev3wOTwH/RpBGMlfn4bDXlMEg1u73K6XRE9BbUp+5ZAYoRYWw==}
 
@@ -10065,6 +10328,10 @@ packages:
     resolution: {integrity: sha512-tmcyQ/wXXuxpDxyNXv5yNNkdAMdFRqwtegBXUaowiQzUKqJehttS0x2j0eOZDQAyloAth5w6wwBImnFzkUz3pQ==}
     engines: {node: '>= 8'}
 
+  koa-static@5.0.0:
+    resolution: {integrity: sha512-UqyYyH5YEXaJrf9S8E23GoJFQZXkBVJ9zYYMPGz919MSX1KuvAcycIuS0ci150HCoPf4XQVhQ84Qf8xRPWxFaQ==}
+    engines: {node: '>= 7.6.0'}
+
   koa@2.13.4:
     resolution: {integrity: sha512-43zkIKubNbnrULWlHdN5h1g3SEKXOEzoAlRsHOTFpnlDu8JlAOZSMJBLULusuXRequboiwJcj5vtYXKB3k7+2g==}
     engines: {node: ^4.8.4 || ^6.10.1 || ^7.10.1 || >= 8.1.4}
@@ -10210,6 +10477,9 @@ packages:
   lodash-es@4.17.21:
     resolution: {integrity: sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==}
 
+  lodash.assignwith@4.2.0:
+    resolution: {integrity: sha512-ZznplvbvtjK2gMvnQ1BR/zqPFZmS6jbK4p+6Up4xcRYA7yMIwxHCfbTcrYxXKzzqLsQ05eJPVznEW3tuwV7k1g==}
+
   lodash.camelcase@4.3.0:
     resolution: {integrity: sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==}
 
@@ -10334,6 +10604,10 @@ packages:
     resolution: {integrity: sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==}
     engines: {node: '>=12'}
 
+  lru-cache@8.0.5:
+    resolution: {integrity: sha512-MhWWlVnuab1RG5/zMRRcVGXZLCXrZTgfwMikgzCegsPnG62yDQo5JnqKkrK4jO5iKqDAZGItAqN5CtKBCBWRUA==}
+    engines: {node: '>=16.14'}
+
   lz-string@1.5.0:
     resolution: {integrity: sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==}
     hasBin: true
@@ -10732,6 +11006,10 @@ packages:
     resolution: {integrity: sha512-3KYa4m4Vlqx98GPdOHghxSdNtTvcP8E0kkaJ5Dlh+h2DRzF7zpuVVcA8B0QpKd11YJeP9QQ7ASkKzOeu195Wzw==}
     engines: {node: '>= 8.0.0'}
 
+  mkdirp@0.5.6:
+    resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==}
+    hasBin: true
+
   mkdirp@3.0.1:
     resolution: {integrity: sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==}
     engines: {node: '>=10'}
@@ -10766,6 +11044,9 @@ packages:
   mz@2.7.0:
     resolution: {integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==}
 
+  nanocolors@0.2.13:
+    resolution: {integrity: sha512-0n3mSAQLPpGLV9ORXT5+C/D4mwew7Ebws69Hx4E2sgz2ZA5+32Q80B9tL8PbL7XHnRDiAxH/pnrUJ9a4fkTNTA==}
+
   nanoid@3.3.7:
     resolution: {integrity: sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==}
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
@@ -11000,6 +11281,10 @@ packages:
   only@0.0.2:
     resolution: {integrity: sha512-Fvw+Jemq5fjjyWz6CpKx6w9s7xxqo3+JCyM0WXWeCSOboZ8ABkyvP8ID4CZuChA/wxSx+XSJmdOm8rGVyJ1hdQ==}
 
+  open@8.4.2:
+    resolution: {integrity: sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==}
+    engines: {node: '>=12'}
+
   openapi-schema-validator@12.1.3:
     resolution: {integrity: sha512-xTHOmxU/VQGUgo7Cm0jhwbklOKobXby+/237EG967+3TQEYJztMgX9Q5UE2taZKwyKPUq0j11dngpGjUuxz1hQ==}
 
@@ -11056,10 +11341,18 @@ packages:
     resolution: {integrity: sha512-Vb3QRvQ0Y5XnF40ZUWW7JfLogicVh/EnA5gBIvKDJoYpeI82+1E3AlB9yOcKFS0AhHrWVnAQO39fbR0G99IVEQ==}
     engines: {node: '>=12'}
 
+  p-event@4.2.0:
+    resolution: {integrity: sha512-KXatOjCRXXkSePPb1Nbi0p0m+gQAwdlbhi4wQKJPI1HsMQS9g+Sqp2o+QHziPr7eYJyOZet836KoHEVM1mwOrQ==}
+    engines: {node: '>=8'}
+
   p-filter@2.1.0:
     resolution: {integrity: sha512-ZBxxZ5sL2HghephhpGAQdoskxplTwr7ICaehZwLIlfL6acuVgZPm8yBNuRAFBGEqtD/hmUeq9eqLg2ys9Xr/yw==}
     engines: {node: '>=8'}
 
+  p-finally@1.0.0:
+    resolution: {integrity: sha512-LICb2p9CB7FS+0eR1oqWnHhp0FljGLZCWBE9aix0Uye9W8LTQPwMTYVGWQWIw9RdQiDg4+epXQODwIYJtSJaow==}
+    engines: {node: '>=4'}
+
   p-limit@2.3.0:
     resolution: {integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==}
     engines: {node: '>=6'}
@@ -11104,6 +11397,10 @@ packages:
     resolution: {integrity: sha512-6NuuXu8Upembd4sNdo4PRbs+M6aHgBTrFE6lkH0YKjVzne3cDW4gkncB98ty/bkMxLxLVNeD5bX9FyWjM7WZ+A==}
     engines: {node: '>=16.17'}
 
+  p-timeout@3.2.0:
+    resolution: {integrity: sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg==}
+    engines: {node: '>=8'}
+
   p-timeout@6.1.2:
     resolution: {integrity: sha512-UbD77BuZ9Bc9aABo74gfXhNvzC9Tx7SxtHSh1fxvx3jTLLYvmVhiQZZrJzqqU0jKbN32kb5VOKiLEQI/3bIjgQ==}
     engines: {node: '>=14.16'}
@@ -11158,6 +11455,9 @@ packages:
     resolution: {integrity: sha512-1Y1A//QUXEZK7YKz+rD9WydcE1+EuPr6ZBgKecAB8tmoW6UFv0NREVJe1p+jRxtThkcbbKkfwIbWJe/IeE6m2Q==}
     engines: {node: '>=0.10.0'}
 
+  parse5@6.0.1:
+    resolution: {integrity: sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==}
+
   parse5@7.1.1:
     resolution: {integrity: sha512-kwpuwzB+px5WUg9pyK0IcK/shltJN5/OVhQagxhCQNtT9Y9QRZqNY2e1cmbu/paRh5LMnz/oVTVLBpjFmMZhSg==}
 
@@ -11329,6 +11629,10 @@ packages:
     resolution: {integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==}
     engines: {node: '>=10.13.0'}
 
+  portfinder@1.0.32:
+    resolution: {integrity: sha512-on2ZJVVDXRADWE6jnQaX0ioEylzgBpQk8r55NE4wjXW1ZxO+BgDlY6DXwj20i0V8eB4SenDQ00WEaxfiIQPcxg==}
+    engines: {node: '>= 0.12.0'}
+
   possible-typed-array-names@1.0.0:
     resolution: {integrity: sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==}
     engines: {node: '>= 0.4'}
@@ -11568,6 +11872,10 @@ packages:
     resolution: {integrity: sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==}
     engines: {node: '>=6'}
 
+  punycode@2.3.1:
+    resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
+    engines: {node: '>=6'}
+
   puppeteer-core@22.6.5:
     resolution: {integrity: sha512-s0/5XkAWe0/dWISiljdrybjwDCHhgN31Nu/wznOZPKeikgcJtZtbvPKBz0t802XWqfSQnQDt3L6xiAE5JLlfuw==}
     engines: {node: '>=18'}
@@ -12360,6 +12668,10 @@ packages:
   stream-events@1.0.5:
     resolution: {integrity: sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg==}
 
+  stream-read-all@3.0.1:
+    resolution: {integrity: sha512-EWZT9XOceBPlVJRrYcykW8jyRSZYbkb/0ZK36uLEmoWVO5gxBOnntNTseNzfREsqxqdfEGQrD8SXQ3QWbBmq8A==}
+    engines: {node: '>=10'}
+
   stream-shift@1.0.3:
     resolution: {integrity: sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==}
 
@@ -12575,6 +12887,11 @@ packages:
     resolution: {integrity: sha512-HwOKAP7Wc5aRGYdKH+dw0PRRpbO841v2DENBtjnR5HFWoiNByAl7vrx3p0G/rCyYXQsrxqtX48TImFtPcIHSpQ==}
     engines: {node: ^14.18.0 || >=16.0.0}
 
+  table-layout@3.0.2:
+    resolution: {integrity: sha512-rpyNZYRw+/C+dYkcQ3Pr+rLxW4CfHpXjPDnG7lYhdRoUcZTUt+KEsX+94RGp/aVp/MQU35JCITv2T/beY4m+hw==}
+    engines: {node: '>=12.17'}
+    hasBin: true
+
   table@6.8.1:
     resolution: {integrity: sha512-Y4X9zqrCftUhMeH2EptSSERdVKt/nEdijTOacGD/97EKjhQ/Qs8RTlEGABSJNNN8lac9kheH+af7yAkEWlgneA==}
     engines: {node: '>=10.0.0'}
@@ -12690,6 +13007,10 @@ packages:
     resolution: {integrity: sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==}
     engines: {node: '>=12'}
 
+  tr46@5.0.0:
+    resolution: {integrity: sha512-tk2G5R2KRwBd+ZN0zaEXpmzdKyOYksXwywulIX95MBODjSzMIuQnQ3m8JxgbhnL1LeVo7lqQKsYa1O3Htl7K5g==}
+    engines: {node: '>=18'}
+
   tree-kill@1.2.2:
     resolution: {integrity: sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==}
     hasBin: true
@@ -12859,6 +13180,14 @@ packages:
     engines: {node: '>=14.17'}
     hasBin: true
 
+  typical@4.0.0:
+    resolution: {integrity: sha512-VAH4IvQ7BDFYglMd7BPRDfLgxZZX4O4TFcRDA6EN5X7erNJJq+McIEp8np9aVtxrCJ6qx4GTYVfOWNjcqwZgRw==}
+    engines: {node: '>=8'}
+
+  typical@7.1.1:
+    resolution: {integrity: sha512-T+tKVNs6Wu7IWiAce5BgMd7OZfNYUndHwc5MknN+UHOudi7sGZzuHdCadllRuqJ3fPtgFtIH9+lt9qRv6lmpfA==}
+    engines: {node: '>=12.17'}
+
   ua-parser-js@1.0.37:
     resolution: {integrity: sha512-bhTyI94tZofjo+Dn8SN6Zv8nBDvyXTymAdM3LDI/0IboIUwTu1rEhW7v2TfiVsoYWgkQ4kOVqnI8APUFbIQIFQ==}
 
@@ -13101,6 +13430,10 @@ packages:
     resolution: {integrity: sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==}
     engines: {node: '>=12'}
 
+  whatwg-url@14.0.0:
+    resolution: {integrity: sha512-1lfMEm2IEr7RIV+f4lUNPOqfFL+pO+Xw3fJSqmjX9AbXcXcYOkCe1P6+9VBZB6n94af16NfZf+sSk0JCBZC9aw==}
+    engines: {node: '>=18'}
+
   whatwg-url@5.0.0:
     resolution: {integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==}
 
@@ -13143,6 +13476,10 @@ packages:
     engines: {node: '>=8'}
     hasBin: true
 
+  wordwrapjs@5.1.0:
+    resolution: {integrity: sha512-JNjcULU2e4KJwUNv6CHgI46UvDGitb6dGryHajXTDiLgg1/RiGoPSDw4kZfYnwGtEXf2ZMeIewDQgFGzkCB2Sg==}
+    engines: {node: '>=12.17'}
+
   wrap-ansi@6.2.0:
     resolution: {integrity: sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==}
     engines: {node: '>=8'}
@@ -13170,6 +13507,18 @@ packages:
     resolution: {integrity: sha512-+QU2zd6OTD8XWIJCbffaiQeH9U73qIqafo1x6V1snCWYGJf6cVE0cDR4D8xRzcEnfI21IFrUPzPGtcPf8AC+Rw==}
     engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0}
 
+  ws@7.5.10:
+    resolution: {integrity: sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==}
+    engines: {node: '>=8.3.0'}
+    peerDependencies:
+      bufferutil: ^4.0.1
+      utf-8-validate: ^5.0.2
+    peerDependenciesMeta:
+      bufferutil:
+        optional: true
+      utf-8-validate:
+        optional: true
+
   ws@8.16.0:
     resolution: {integrity: sha512-HS0c//TP7Ina87TfiPUz1rQzMhHrl/SG2guqRcTOIUYD2q8uhUdNHZYJUaQ8aTGPzCh+c6oawMKW35nFl1dxyQ==}
     engines: {node: '>=10.0.0'}
@@ -13315,6 +13664,11 @@ packages:
 
 snapshots:
 
+  '@75lb/deep-merge@1.1.1':
+    dependencies:
+      lodash.assignwith: 4.2.0
+      typical: 7.1.1
+
   '@aashutoshrathi/word-wrap@1.2.6': {}
 
   '@ampproject/remapping@2.3.0':
@@ -14019,7 +14373,7 @@ snapshots:
   '@babel/code-frame@7.24.2':
     dependencies:
       '@babel/highlight': 7.24.2
-      picocolors: 1.0.0
+      picocolors: 1.0.1
 
   '@babel/compat-data@7.24.4': {}
 
@@ -14123,7 +14477,7 @@ snapshots:
       '@babel/helper-validator-identifier': 7.22.20
       chalk: 2.4.2
       js-tokens: 4.0.0
-      picocolors: 1.0.0
+      picocolors: 1.0.1
 
   '@babel/parser@7.24.4':
     dependencies:
@@ -14530,72 +14884,141 @@ snapshots:
     dependencies:
       postcss-selector-parser: 6.0.16
 
+  '@esbuild/aix-ppc64@0.19.12':
+    optional: true
+
   '@esbuild/aix-ppc64@0.21.5':
     optional: true
 
+  '@esbuild/android-arm64@0.19.12':
+    optional: true
+
   '@esbuild/android-arm64@0.21.5':
     optional: true
 
+  '@esbuild/android-arm@0.19.12':
+    optional: true
+
   '@esbuild/android-arm@0.21.5':
     optional: true
 
+  '@esbuild/android-x64@0.19.12':
+    optional: true
+
   '@esbuild/android-x64@0.21.5':
     optional: true
 
+  '@esbuild/darwin-arm64@0.19.12':
+    optional: true
+
   '@esbuild/darwin-arm64@0.21.5':
     optional: true
 
+  '@esbuild/darwin-x64@0.19.12':
+    optional: true
+
   '@esbuild/darwin-x64@0.21.5':
     optional: true
 
+  '@esbuild/freebsd-arm64@0.19.12':
+    optional: true
+
   '@esbuild/freebsd-arm64@0.21.5':
     optional: true
 
+  '@esbuild/freebsd-x64@0.19.12':
+    optional: true
+
   '@esbuild/freebsd-x64@0.21.5':
     optional: true
 
+  '@esbuild/linux-arm64@0.19.12':
+    optional: true
+
   '@esbuild/linux-arm64@0.21.5':
     optional: true
 
+  '@esbuild/linux-arm@0.19.12':
+    optional: true
+
   '@esbuild/linux-arm@0.21.5':
     optional: true
 
+  '@esbuild/linux-ia32@0.19.12':
+    optional: true
+
   '@esbuild/linux-ia32@0.21.5':
     optional: true
 
+  '@esbuild/linux-loong64@0.19.12':
+    optional: true
+
   '@esbuild/linux-loong64@0.21.5':
     optional: true
 
+  '@esbuild/linux-mips64el@0.19.12':
+    optional: true
+
   '@esbuild/linux-mips64el@0.21.5':
     optional: true
 
+  '@esbuild/linux-ppc64@0.19.12':
+    optional: true
+
   '@esbuild/linux-ppc64@0.21.5':
     optional: true
 
+  '@esbuild/linux-riscv64@0.19.12':
+    optional: true
+
   '@esbuild/linux-riscv64@0.21.5':
     optional: true
 
+  '@esbuild/linux-s390x@0.19.12':
+    optional: true
+
   '@esbuild/linux-s390x@0.21.5':
     optional: true
 
+  '@esbuild/linux-x64@0.19.12':
+    optional: true
+
   '@esbuild/linux-x64@0.21.5':
     optional: true
 
+  '@esbuild/netbsd-x64@0.19.12':
+    optional: true
+
   '@esbuild/netbsd-x64@0.21.5':
     optional: true
 
+  '@esbuild/openbsd-x64@0.19.12':
+    optional: true
+
   '@esbuild/openbsd-x64@0.21.5':
     optional: true
 
+  '@esbuild/sunos-x64@0.19.12':
+    optional: true
+
   '@esbuild/sunos-x64@0.21.5':
     optional: true
 
+  '@esbuild/win32-arm64@0.19.12':
+    optional: true
+
   '@esbuild/win32-arm64@0.21.5':
     optional: true
 
+  '@esbuild/win32-ia32@0.19.12':
+    optional: true
+
   '@esbuild/win32-ia32@0.21.5':
     optional: true
 
+  '@esbuild/win32-x64@0.19.12':
+    optional: true
+
   '@esbuild/win32-x64@0.21.5':
     optional: true
 
@@ -15081,6 +15504,8 @@ snapshots:
       globby: 11.1.0
       read-yaml-file: 1.1.0
 
+  '@mdn/browser-compat-data@4.2.1': {}
+
   '@mdx-js/mdx@3.0.1':
     dependencies:
       '@types/estree': 1.0.5
@@ -16768,6 +17193,8 @@ snapshots:
     dependencies:
       '@types/color-convert': 2.0.0
 
+  '@types/command-line-args@5.2.3': {}
+
   '@types/connect@3.4.35':
     dependencies:
       '@types/node': 20.12.7
@@ -16968,6 +17395,8 @@ snapshots:
 
   '@types/parse-json@4.0.0': {}
 
+  '@types/parse5@6.0.3': {}
+
   '@types/pg@8.11.2':
     dependencies:
       '@types/node': 20.12.7
@@ -17100,6 +17529,10 @@ snapshots:
 
   '@types/unist@3.0.0': {}
 
+  '@types/ws@7.4.7':
+    dependencies:
+      '@types/node': 20.12.7
+
   '@types/yargs-parser@21.0.0': {}
 
   '@types/yargs@16.0.4':
@@ -17288,6 +17721,85 @@ snapshots:
       loupe: 3.1.1
       pretty-format: 29.7.0
 
+  '@web/config-loader@0.3.1': {}
+
+  '@web/dev-server-core@0.7.2':
+    dependencies:
+      '@types/koa': 2.15.0
+      '@types/ws': 7.4.7
+      '@web/parse5-utils': 2.1.0
+      chokidar: 3.5.3
+      clone: 2.1.2
+      es-module-lexer: 1.5.4
+      get-stream: 6.0.1
+      is-stream: 2.0.1
+      isbinaryfile: 5.0.2
+      koa: 2.15.3
+      koa-etag: 4.0.0
+      koa-send: 5.0.1
+      koa-static: 5.0.0
+      lru-cache: 8.0.5
+      mime-types: 2.1.35
+      parse5: 6.0.1
+      picomatch: 2.3.1
+      ws: 7.5.10
+    transitivePeerDependencies:
+      - bufferutil
+      - supports-color
+      - utf-8-validate
+
+  '@web/dev-server-esbuild@1.0.2':
+    dependencies:
+      '@mdn/browser-compat-data': 4.2.1
+      '@web/dev-server-core': 0.7.2
+      esbuild: 0.19.12
+      get-tsconfig: 4.7.3
+      parse5: 6.0.1
+      ua-parser-js: 1.0.37
+    transitivePeerDependencies:
+      - bufferutil
+      - supports-color
+      - utf-8-validate
+
+  '@web/dev-server-rollup@0.6.4':
+    dependencies:
+      '@rollup/plugin-node-resolve': 15.2.3(rollup@4.14.3)
+      '@web/dev-server-core': 0.7.2
+      nanocolors: 0.2.13
+      parse5: 6.0.1
+      rollup: 4.14.3
+      whatwg-url: 14.0.0
+    transitivePeerDependencies:
+      - bufferutil
+      - supports-color
+      - utf-8-validate
+
+  '@web/dev-server@0.4.6':
+    dependencies:
+      '@babel/code-frame': 7.24.2
+      '@types/command-line-args': 5.2.3
+      '@web/config-loader': 0.3.1
+      '@web/dev-server-core': 0.7.2
+      '@web/dev-server-rollup': 0.6.4
+      camelcase: 6.3.0
+      command-line-args: 5.2.1
+      command-line-usage: 7.0.2
+      debounce: 1.2.1
+      deepmerge: 4.3.1
+      internal-ip: 6.2.0
+      nanocolors: 0.2.13
+      open: 8.4.2
+      portfinder: 1.0.32
+    transitivePeerDependencies:
+      - bufferutil
+      - supports-color
+      - utf-8-validate
+
+  '@web/parse5-utils@2.1.0':
+    dependencies:
+      '@types/parse5': 6.0.3
+      parse5: 6.0.1
+
   '@withtyped/client@0.8.7(zod@3.23.8)':
     dependencies:
       '@withtyped/server': 0.13.6(zod@3.23.8)
@@ -17457,6 +17969,10 @@ snapshots:
     dependencies:
       dequal: 2.0.3
 
+  array-back@3.1.0: {}
+
+  array-back@6.2.2: {}
+
   array-buffer-byte-length@1.0.1:
     dependencies:
       call-bind: 1.0.7
@@ -17581,6 +18097,10 @@ snapshots:
     dependencies:
       retry: 0.13.1
 
+  async@2.6.4:
+    dependencies:
+      lodash: 4.17.21
+
   asynckit@0.4.0: {}
 
   attr-accept@2.2.2: {}
@@ -17844,6 +18364,10 @@ snapshots:
       loupe: 3.1.1
       pathval: 2.0.0
 
+  chalk-template@0.4.0:
+    dependencies:
+      chalk: 4.1.2
+
   chalk@2.4.2:
     dependencies:
       ansi-styles: 3.2.1
@@ -18004,6 +18528,20 @@ snapshots:
 
   comma-separated-tokens@2.0.2: {}
 
+  command-line-args@5.2.1:
+    dependencies:
+      array-back: 3.1.0
+      find-replace: 3.0.0
+      lodash.camelcase: 4.3.0
+      typical: 4.0.0
+
+  command-line-usage@7.0.2:
+    dependencies:
+      array-back: 6.2.2
+      chalk-template: 0.4.0
+      table-layout: 3.0.2
+      typical: 7.1.1
+
   commander@11.1.0: {}
 
   commander@4.1.1: {}
@@ -18470,6 +19008,8 @@ snapshots:
 
   dayjs@1.11.6: {}
 
+  debounce@1.2.1: {}
+
   debug@3.2.7(supports-color@5.5.0):
     dependencies:
       ms: 2.1.3
@@ -18523,6 +19063,10 @@ snapshots:
 
   deepmerge@4.3.1: {}
 
+  default-gateway@6.0.3:
+    dependencies:
+      execa: 5.1.1
+
   defaults@1.0.4:
     dependencies:
       clone: 1.0.4
@@ -18535,6 +19079,8 @@ snapshots:
       es-errors: 1.3.0
       gopd: 1.0.1
 
+  define-lazy-prop@2.0.0: {}
+
   define-properties@1.1.4:
     dependencies:
       has-property-descriptors: 1.0.0
@@ -18833,6 +19379,8 @@ snapshots:
       iterator.prototype: 1.1.2
       safe-array-concat: 1.1.2
 
+  es-module-lexer@1.5.4: {}
+
   es-object-atoms@1.0.0:
     dependencies:
       es-errors: 1.3.0
@@ -18857,6 +19405,32 @@ snapshots:
       is-date-object: 1.0.5
       is-symbol: 1.0.4
 
+  esbuild@0.19.12:
+    optionalDependencies:
+      '@esbuild/aix-ppc64': 0.19.12
+      '@esbuild/android-arm': 0.19.12
+      '@esbuild/android-arm64': 0.19.12
+      '@esbuild/android-x64': 0.19.12
+      '@esbuild/darwin-arm64': 0.19.12
+      '@esbuild/darwin-x64': 0.19.12
+      '@esbuild/freebsd-arm64': 0.19.12
+      '@esbuild/freebsd-x64': 0.19.12
+      '@esbuild/linux-arm': 0.19.12
+      '@esbuild/linux-arm64': 0.19.12
+      '@esbuild/linux-ia32': 0.19.12
+      '@esbuild/linux-loong64': 0.19.12
+      '@esbuild/linux-mips64el': 0.19.12
+      '@esbuild/linux-ppc64': 0.19.12
+      '@esbuild/linux-riscv64': 0.19.12
+      '@esbuild/linux-s390x': 0.19.12
+      '@esbuild/linux-x64': 0.19.12
+      '@esbuild/netbsd-x64': 0.19.12
+      '@esbuild/openbsd-x64': 0.19.12
+      '@esbuild/sunos-x64': 0.19.12
+      '@esbuild/win32-arm64': 0.19.12
+      '@esbuild/win32-ia32': 0.19.12
+      '@esbuild/win32-x64': 0.19.12
+
   esbuild@0.21.5:
     optionalDependencies:
       '@esbuild/aix-ppc64': 0.21.5
@@ -19421,6 +19995,10 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  find-replace@3.0.0:
+    dependencies:
+      array-back: 3.1.0
+
   find-up@4.1.0:
     dependencies:
       locate-path: 5.0.0
@@ -20134,6 +20712,13 @@ snapshots:
       through: 2.3.8
       wrap-ansi: 8.0.1
 
+  internal-ip@6.2.0:
+    dependencies:
+      default-gateway: 6.0.3
+      ipaddr.js: 1.9.1
+      is-ip: 3.1.0
+      p-event: 4.2.0
+
   internal-slot@1.0.3:
     dependencies:
       get-intrinsic: 1.2.4
@@ -20148,10 +20733,14 @@ snapshots:
 
   internmap@1.0.1: {}
 
+  ip-regex@4.3.0: {}
+
   ip@1.1.9: {}
 
   ip@2.0.1: {}
 
+  ipaddr.js@1.9.1: {}
+
   ipaddr.js@2.1.0: {}
 
   is-alphabetical@1.0.4: {}
@@ -20224,6 +20813,8 @@ snapshots:
 
   is-decimal@2.0.1: {}
 
+  is-docker@2.2.1: {}
+
   is-extglob@2.1.1: {}
 
   is-finalizationregistry@1.0.2:
@@ -20255,6 +20846,10 @@ snapshots:
 
   is-interactive@2.0.0: {}
 
+  is-ip@3.1.0:
+    dependencies:
+      ip-regex: 4.3.0
+
   is-js-type@2.0.0:
     dependencies:
       js-types: 1.0.0
@@ -20363,10 +20958,16 @@ snapshots:
 
   is-windows@1.0.2: {}
 
+  is-wsl@2.2.0:
+    dependencies:
+      is-docker: 2.2.1
+
   isarray@0.0.1: {}
 
   isarray@2.0.5: {}
 
+  isbinaryfile@5.0.2: {}
+
   isexe@2.0.0: {}
 
   iso8601-duration@2.1.2: {}
@@ -21139,6 +21740,10 @@ snapshots:
       co: 4.6.0
       koa-compose: 4.1.0
 
+  koa-etag@4.0.0:
+    dependencies:
+      etag: 1.8.1
+
   koa-is-json@1.0.0: {}
 
   koa-logger@3.2.1:
@@ -21182,6 +21787,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  koa-static@5.0.0:
+    dependencies:
+      debug: 3.2.7(supports-color@5.5.0)
+      koa-send: 5.0.1
+    transitivePeerDependencies:
+      - supports-color
+
   koa@2.13.4:
     dependencies:
       accepts: 1.3.7
@@ -21380,6 +21992,8 @@ snapshots:
 
   lodash-es@4.17.21: {}
 
+  lodash.assignwith@4.2.0: {}
+
   lodash.camelcase@4.3.0: {}
 
   lodash.get@4.4.2: {}
@@ -21484,6 +22098,8 @@ snapshots:
 
   lru-cache@7.18.3: {}
 
+  lru-cache@8.0.5: {}
+
   lz-string@1.5.0: {}
 
   magic-string@0.30.10:
@@ -22234,6 +22850,10 @@ snapshots:
 
   mixme@0.5.4: {}
 
+  mkdirp@0.5.6:
+    dependencies:
+      minimist: 1.2.8
+
   mkdirp@3.0.1: {}
 
   module-details-from-path@1.0.3: {}
@@ -22270,6 +22890,8 @@ snapshots:
       object-assign: 4.1.1
       thenify-all: 1.6.0
 
+  nanocolors@0.2.13: {}
+
   nanoid@3.3.7: {}
 
   nanoid@4.0.2: {}
@@ -22516,6 +23138,12 @@ snapshots:
 
   only@0.0.2: {}
 
+  open@8.4.2:
+    dependencies:
+      define-lazy-prop: 2.0.0
+      is-docker: 2.2.1
+      is-wsl: 2.2.0
+
   openapi-schema-validator@12.1.3:
     dependencies:
       ajv: 8.12.0
@@ -22585,10 +23213,16 @@ snapshots:
 
   p-defer@4.0.0: {}
 
+  p-event@4.2.0:
+    dependencies:
+      p-timeout: 3.2.0
+
   p-filter@2.1.0:
     dependencies:
       p-map: 2.1.0
 
+  p-finally@1.0.0: {}
+
   p-limit@2.3.0:
     dependencies:
       p-try: 2.2.0
@@ -22631,6 +23265,10 @@ snapshots:
       '@types/retry': 0.12.2
       retry: 0.13.1
 
+  p-timeout@3.2.0:
+    dependencies:
+      p-finally: 1.0.0
+
   p-timeout@6.1.2: {}
 
   p-try@2.2.0: {}
@@ -22723,6 +23361,8 @@ snapshots:
 
   parse-passwd@1.0.0: {}
 
+  parse5@6.0.1: {}
+
   parse5@7.1.1:
     dependencies:
       entities: 4.5.0
@@ -22871,6 +23511,14 @@ snapshots:
 
   pngjs@5.0.0: {}
 
+  portfinder@1.0.32:
+    dependencies:
+      async: 2.6.4
+      debug: 3.2.7(supports-color@5.5.0)
+      mkdirp: 0.5.6
+    transitivePeerDependencies:
+      - supports-color
+
   possible-typed-array-names@1.0.0: {}
 
   postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)):
@@ -23089,6 +23737,8 @@ snapshots:
 
   punycode@2.3.0: {}
 
+  punycode@2.3.1: {}
+
   puppeteer-core@22.6.5:
     dependencies:
       '@puppeteer/browsers': 2.2.2
@@ -24021,6 +24671,8 @@ snapshots:
     dependencies:
       stubs: 3.0.0
 
+  stream-read-all@3.0.1: {}
+
   stream-shift@1.0.3: {}
 
   stream-transform@2.1.3:
@@ -24320,6 +24972,16 @@ snapshots:
       '@pkgr/core': 0.1.1
       tslib: 2.6.2
 
+  table-layout@3.0.2:
+    dependencies:
+      '@75lb/deep-merge': 1.1.1
+      array-back: 6.2.2
+      command-line-args: 5.2.1
+      command-line-usage: 7.0.2
+      stream-read-all: 3.0.1
+      typical: 7.1.1
+      wordwrapjs: 5.1.0
+
   table@6.8.1:
     dependencies:
       ajv: 8.12.0
@@ -24445,6 +25107,10 @@ snapshots:
     dependencies:
       punycode: 2.3.0
 
+  tr46@5.0.0:
+    dependencies:
+      punycode: 2.3.1
+
   tree-kill@1.2.2: {}
 
   trim-lines@3.0.1: {}
@@ -24603,6 +25269,10 @@ snapshots:
 
   typescript@5.3.3: {}
 
+  typical@4.0.0: {}
+
+  typical@7.1.1: {}
+
   ua-parser-js@1.0.37: {}
 
   unbox-primitive@1.0.2:
@@ -24978,6 +25648,11 @@ snapshots:
       tr46: 3.0.0
       webidl-conversions: 7.0.0
 
+  whatwg-url@14.0.0:
+    dependencies:
+      tr46: 5.0.0
+      webidl-conversions: 7.0.0
+
   whatwg-url@5.0.0:
     dependencies:
       tr46: 0.0.3
@@ -25047,6 +25722,8 @@ snapshots:
       siginfo: 2.0.0
       stackback: 0.0.2
 
+  wordwrapjs@5.1.0: {}
+
   wrap-ansi@6.2.0:
     dependencies:
       ansi-styles: 4.3.0
@@ -25083,6 +25760,8 @@ snapshots:
       imurmurhash: 0.1.4
       signal-exit: 4.1.0
 
+  ws@7.5.10: {}
+
   ws@8.16.0: {}
 
   xml-crypto@3.0.1:

From 0a9da5245b91ed1eae0f2e03fdb835e3ff803f99 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Tue, 16 Jul 2024 16:18:30 +0800
Subject: [PATCH 024/135] feat(core,schemas): implement the username password
 registration flow (#6249)

* feat(core,schemas): implement the username password registration flow

implement the username password registration flow

* chore(core): update some comments

update some comments

* fix(test): fix integration tests

fix integration tests

* fix(test): fix lint

fix lint
---
 packages/core/src/libraries/user.utils.ts     |   2 +-
 .../classes/experience-interaction.ts         |   6 +
 .../routes/experience/classes/utils.test.ts   |  52 +++++++
 .../src/routes/experience/classes/utils.ts    |  36 +++++
 .../classes/validators/profile-validator.ts   |  21 ++-
 .../sign-in-experience-validator.test.ts      |  15 +-
 .../sign-in-experience-validator.ts           |  26 +++-
 .../verifications/code-verification.ts        |   2 +-
 .../experience/classes/verifications/index.ts |  15 +-
 .../new-password-identity-verification.ts     | 142 ++++++++++++++++++
 .../verifications/password-verification.ts    |   4 +-
 packages/core/src/routes/experience/index.ts  |   2 +
 .../new-password-identity-verification.ts     |  52 +++++++
 .../src/client/experience/index.ts            |  12 ++
 .../src/helpers/experience/index.ts           |  21 +++
 .../username-password.test.ts                 |  40 +++++
 ...new-password-identity-verification.test.ts | 127 ++++++++++++++++
 packages/schemas/src/types/interactions.ts    |  25 ++-
 18 files changed, 589 insertions(+), 11 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/utils.test.ts
 create mode 100644 packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
 create mode 100644 packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/register-interaction/username-password.test.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/verifications/new-password-identity-verification.test.ts

diff --git a/packages/core/src/libraries/user.utils.ts b/packages/core/src/libraries/user.utils.ts
index be7a7d3cbc15..a6d73167fe6d 100644
--- a/packages/core/src/libraries/user.utils.ts
+++ b/packages/core/src/libraries/user.utils.ts
@@ -8,7 +8,7 @@ export const encryptUserPassword = async (
   password: string
 ): Promise<{
   passwordEncrypted: string;
-  passwordEncryptionMethod: UsersPasswordEncryptionMethod;
+  passwordEncryptionMethod: UsersPasswordEncryptionMethod.Argon2i;
 }> => {
   const passwordEncryptionMethod = UsersPasswordEncryptionMethod.Argon2i;
   const passwordEncrypted = await encryptPassword(password, passwordEncryptionMethod);
diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 16f80f602131..a5632b99679c 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -276,6 +276,12 @@ export default class ExperienceInteraction {
     this.userId = id;
   }
 
+  /**
+   * Create a new user using the verification record.
+   *
+   * @throws {RequestError} with 422 if the profile data is not unique across users
+   * @throws {RequestError} with 400 if the verification record is invalid for creating a new user or not verified
+   */
   private async createNewUser(verificationRecord: VerificationRecord) {
     const {
       libraries: {
diff --git a/packages/core/src/routes/experience/classes/utils.test.ts b/packages/core/src/routes/experience/classes/utils.test.ts
new file mode 100644
index 000000000000..dbe1f3507546
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/utils.test.ts
@@ -0,0 +1,52 @@
+import { type InteractionIdentifier, SignInIdentifier } from '@logto/schemas';
+
+import { type InteractionProfile } from '../types.js';
+
+import { interactionIdentifierToUserProfile, profileToUserInfo } from './utils.js';
+
+const identifierToProfileTestCase = [
+  {
+    identifier: {
+      type: SignInIdentifier.Username,
+      value: 'username',
+    },
+    expected: { username: 'username' },
+  },
+  {
+    identifier: {
+      type: SignInIdentifier.Email,
+      value: 'email',
+    },
+    expected: { primaryEmail: 'email' },
+  },
+  {
+    identifier: {
+      type: SignInIdentifier.Phone,
+      value: 'phone',
+    },
+    expected: { primaryPhone: 'phone' },
+  },
+] satisfies Array<{ identifier: InteractionIdentifier; expected: InteractionProfile }>;
+
+describe('experience utils tests', () => {
+  it.each(identifierToProfileTestCase)(
+    `interactionIdentifierToUserProfile %p`,
+    ({ identifier, expected }) => {
+      expect(interactionIdentifierToUserProfile(identifier)).toEqual(expected);
+    }
+  );
+  it('profileToUserInfo', () => {
+    expect(
+      profileToUserInfo({
+        username: 'username',
+        primaryEmail: 'email',
+        primaryPhone: 'phone',
+      })
+    ).toEqual({
+      name: undefined,
+      username: 'username',
+      email: 'email',
+      phoneNumber: 'phone',
+    });
+  });
+});
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index 4ddb0534a210..0a918ec8a5ec 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -1,3 +1,4 @@
+import { type UserInfo } from '@logto/core-kit';
 import {
   SignInIdentifier,
   VerificationType,
@@ -37,6 +38,7 @@ export const getNewUserProfileFromVerificationRecord = async (
   verificationRecord: VerificationRecord
 ): Promise<InteractionProfile> => {
   switch (verificationRecord.type) {
+    case VerificationType.NewPasswordIdentity:
     case VerificationType.VerificationCode: {
       return verificationRecord.toUserProfile();
     }
@@ -68,3 +70,37 @@ export const toUserSocialIdentityData = (
     },
   };
 };
+
+export function interactionIdentifierToUserProfile(
+  identifier: InteractionIdentifier
+): { username: string } | { primaryEmail: string } | { primaryPhone: string } {
+  const { type, value } = identifier;
+  switch (type) {
+    case SignInIdentifier.Username: {
+      return { username: value };
+    }
+    case SignInIdentifier.Email: {
+      return { primaryEmail: value };
+    }
+    case SignInIdentifier.Phone: {
+      return { primaryPhone: value };
+    }
+  }
+}
+
+/**
+ * This function is used to convert the interaction profile to the UserInfo format.
+ * It will be used by the PasswordPolicyChecker to check the password policy against the user profile.
+ */
+export function profileToUserInfo(
+  profile: Pick<InteractionProfile, 'name' | 'username' | 'primaryEmail' | 'primaryPhone'>
+): UserInfo {
+  const { name, username, primaryEmail, primaryPhone } = profile;
+
+  return {
+    name: name ?? undefined,
+    username: username ?? undefined,
+    email: primaryEmail ?? undefined,
+    phoneNumber: primaryPhone ?? undefined,
+  };
+}
diff --git a/packages/core/src/routes/experience/classes/validators/profile-validator.ts b/packages/core/src/routes/experience/classes/validators/profile-validator.ts
index a2c8bcb1ce0f..dc6a5848981b 100644
--- a/packages/core/src/routes/experience/classes/validators/profile-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/profile-validator.ts
@@ -1,3 +1,5 @@
+import { type PasswordPolicyChecker, type UserInfo } from '@logto/core-kit';
+
 import RequestError from '#src/errors/RequestError/index.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
@@ -79,7 +81,24 @@ export class ProfileValidator {
         })
       );
     }
+  }
 
-    // TODO: Password validation
+  /**
+   * Validate password against the given password policy
+   * throw a {@link RequestError} -422 if the password is invalid; otherwise, do nothing.
+   */
+  public async validatePassword(
+    password: string,
+    passwordPolicyChecker: PasswordPolicyChecker,
+    userInfo: UserInfo = {}
+  ) {
+    const issues = await passwordPolicyChecker.check(
+      password,
+      passwordPolicyChecker.policy.rejects.userInfo ? userInfo : {}
+    );
+
+    if (issues.length > 0) {
+      throw new RequestError({ code: 'password.rejected', status: 422 }, { issues });
+    }
   }
 }
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
index f7f49f296cef..83adb6998428 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
@@ -14,6 +14,7 @@ import { MockTenant } from '#src/test-utils/tenant.js';
 import { CodeVerification } from '../verifications/code-verification.js';
 import { EnterpriseSsoVerification } from '../verifications/enterprise-sso-verification.js';
 import { type VerificationRecord } from '../verifications/index.js';
+import { NewPasswordIdentityVerification } from '../verifications/new-password-identity-verification.js';
 import { PasswordVerification } from '../verifications/password-verification.js';
 import { SocialVerification } from '../verifications/social-verification.js';
 
@@ -32,6 +33,15 @@ const ssoConnectors = {
 
 const mockTenant = new MockTenant(undefined, { signInExperiences }, undefined, { ssoConnectors });
 
+const newPasswordIdentityVerificationRecord = NewPasswordIdentityVerification.create(
+  mockTenant.libraries,
+  mockTenant.queries,
+  {
+    type: SignInIdentifier.Username,
+    value: 'username',
+  }
+);
+
 const passwordVerificationRecords = Object.fromEntries(
   Object.values(SignInIdentifier).map((identifier) => [
     identifier,
@@ -326,7 +336,10 @@ describe('SignInExperienceValidator', () => {
       'only username is enabled for sign-up': {
         signInExperience: mockSignInExperience,
         cases: [
-          // TODO: username password registration
+          {
+            verificationRecord: newPasswordIdentityVerificationRecord,
+            accepted: true,
+          },
           {
             verificationRecord: verificationCodeVerificationRecords[SignInIdentifier.Email],
             accepted: false,
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
index 5bd7935ce2bb..25de8357eaf1 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
@@ -1,3 +1,6 @@
+import crypto from 'node:crypto';
+
+import { PasswordPolicyChecker } from '@logto/core-kit';
 import {
   InteractionEvent,
   type SignInExperience,
@@ -41,6 +44,7 @@ const getEmailIdentifierFromVerificationRecord = (verificationRecord: Verificati
  */
 export class SignInExperienceValidator {
   private signInExperienceDataCache?: SignInExperience;
+  #passwordPolicyChecker?: PasswordPolicyChecker;
 
   constructor(
     private readonly libraries: Libraries,
@@ -114,6 +118,15 @@ export class SignInExperienceValidator {
     return this.signInExperienceDataCache;
   }
 
+  public async getPasswordPolicyChecker() {
+    if (!this.#passwordPolicyChecker) {
+      const { passwordPolicy } = await this.getSignInExperienceData();
+      this.#passwordPolicyChecker = new PasswordPolicyChecker(passwordPolicy, crypto.subtle);
+    }
+
+    return this.#passwordPolicyChecker;
+  }
+
   /**
    * Guard the verification records contains email identifier with SSO enabled
    *
@@ -193,7 +206,18 @@ export class SignInExperienceValidator {
     const { signUp, singleSignOnEnabled } = await this.getSignInExperienceData();
 
     switch (verificationRecord.type) {
-      // TODO: username password registration
+      // Username and password registration
+      case VerificationType.NewPasswordIdentity: {
+        const {
+          identifier: { type },
+        } = verificationRecord;
+
+        assertThat(
+          signUp.identifiers.includes(type) && signUp.password,
+          new RequestError({ code: 'user.sign_up_method_not_enabled', status: 422 })
+        );
+        break;
+      }
       case VerificationType.VerificationCode: {
         const {
           identifier: { type },
diff --git a/packages/core/src/routes/experience/classes/verifications/code-verification.ts b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
index e536cc4d2ffb..e9879c9726cd 100644
--- a/packages/core/src/routes/experience/classes/verifications/code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
@@ -187,7 +187,7 @@ export class CodeVerification
     return user;
   }
 
-  async toUserProfile(): Promise<{ primaryEmail: string } | { primaryPhone: string }> {
+  toUserProfile(): { primaryEmail: string } | { primaryPhone: string } {
     assertThat(
       this.verified,
       new RequestError({ code: 'session.verification_failed', status: 400 })
diff --git a/packages/core/src/routes/experience/classes/verifications/index.ts b/packages/core/src/routes/experience/classes/verifications/index.ts
index a82cce2ec479..8522de9a9cdf 100644
--- a/packages/core/src/routes/experience/classes/verifications/index.ts
+++ b/packages/core/src/routes/experience/classes/verifications/index.ts
@@ -19,6 +19,11 @@ import {
   enterPriseSsoVerificationRecordDataGuard,
   type EnterpriseSsoVerificationRecordData,
 } from './enterprise-sso-verification.js';
+import {
+  NewPasswordIdentityVerification,
+  newPasswordIdentityVerificationRecordDataGuard,
+  type NewPasswordIdentityVerificationRecordData,
+} from './new-password-identity-verification.js';
 import {
   PasswordVerification,
   passwordVerificationRecordDataGuard,
@@ -41,7 +46,8 @@ export type VerificationRecordData =
   | SocialVerificationRecordData
   | EnterpriseSsoVerificationRecordData
   | TotpVerificationRecordData
-  | BackupCodeVerificationRecordData;
+  | BackupCodeVerificationRecordData
+  | NewPasswordIdentityVerificationRecordData;
 
 /**
  * Union type for all verification record types
@@ -57,7 +63,8 @@ export type VerificationRecord =
   | SocialVerification
   | EnterpriseSsoVerification
   | TotpVerification
-  | BackupCodeVerification;
+  | BackupCodeVerification
+  | NewPasswordIdentityVerification;
 
 export const verificationRecordDataGuard = z.discriminatedUnion('type', [
   passwordVerificationRecordDataGuard,
@@ -66,6 +73,7 @@ export const verificationRecordDataGuard = z.discriminatedUnion('type', [
   enterPriseSsoVerificationRecordDataGuard,
   totpVerificationRecordDataGuard,
   backupCodeVerificationRecordDataGuard,
+  newPasswordIdentityVerificationRecordDataGuard,
 ]);
 
 /**
@@ -95,5 +103,8 @@ export const buildVerificationRecord = (
     case VerificationType.BackupCode: {
       return new BackupCodeVerification(libraries, queries, data);
     }
+    case VerificationType.NewPasswordIdentity: {
+      return new NewPasswordIdentityVerification(libraries, queries, data);
+    }
   }
 };
diff --git a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
new file mode 100644
index 000000000000..bb40c3b1284d
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
@@ -0,0 +1,142 @@
+import { type ToZodObject } from '@logto/connector-kit';
+import { type PasswordPolicyChecker } from '@logto/core-kit';
+import {
+  type InteractionIdentifier,
+  interactionIdentifierGuard,
+  UsersPasswordEncryptionMethod,
+  VerificationType,
+} from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { z } from 'zod';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import { encryptUserPassword } from '#src/libraries/user.utils.js';
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { interactionIdentifierToUserProfile, profileToUserInfo } from '../utils.js';
+import { ProfileValidator } from '../validators/profile-validator.js';
+
+import { type VerificationRecord } from './verification-record.js';
+
+export type NewPasswordIdentityVerificationRecordData = {
+  id: string;
+  type: VerificationType.NewPasswordIdentity;
+  /**
+   * For now we only support username identifier for new password identity registration.
+   * For email and phone new identity registration, a `CodeVerification` record is required.
+   */
+  identifier: InteractionIdentifier;
+  passwordEncrypted?: string;
+  passwordEncryptionMethod?: UsersPasswordEncryptionMethod.Argon2i;
+};
+
+export const newPasswordIdentityVerificationRecordDataGuard = z.object({
+  id: z.string(),
+  type: z.literal(VerificationType.NewPasswordIdentity),
+  identifier: interactionIdentifierGuard,
+  passwordEncrypted: z.string().optional(),
+  passwordEncryptionMethod: z.literal(UsersPasswordEncryptionMethod.Argon2i).optional(),
+}) satisfies ToZodObject<NewPasswordIdentityVerificationRecordData>;
+
+/**
+ * NewPasswordIdentityVerification class is used for creating a new user using password + identifier.
+ *
+ * @remarks This verification record can only be used for new user registration.
+ * By default this verification record allows all types of identifiers, username, email, and phone.
+ * But in our current product design, only username + password registration is supported. The identifier type
+ * will be guarded at the API level.
+ */
+export class NewPasswordIdentityVerification
+  implements VerificationRecord<VerificationType.NewPasswordIdentity>
+{
+  /** Factory method to create a new `NewPasswordIdentityVerification` record using an identifier */
+  static create(libraries: Libraries, queries: Queries, identifier: InteractionIdentifier) {
+    return new NewPasswordIdentityVerification(libraries, queries, {
+      id: generateStandardId(),
+      type: VerificationType.NewPasswordIdentity,
+      identifier,
+    });
+  }
+
+  readonly type = VerificationType.NewPasswordIdentity;
+  readonly id: string;
+  readonly identifier: InteractionIdentifier;
+
+  private passwordEncrypted?: string;
+  private passwordEncryptionMethod?: UsersPasswordEncryptionMethod.Argon2i;
+
+  private readonly profileValidator: ProfileValidator;
+
+  constructor(
+    private readonly libraries: Libraries,
+    private readonly queries: Queries,
+    data: NewPasswordIdentityVerificationRecordData
+  ) {
+    const { id, identifier, passwordEncrypted, passwordEncryptionMethod } = data;
+
+    this.id = id;
+    this.identifier = identifier;
+    this.passwordEncrypted = passwordEncrypted;
+    this.passwordEncryptionMethod = passwordEncryptionMethod;
+    this.profileValidator = new ProfileValidator(libraries, queries);
+  }
+
+  get isVerified() {
+    return Boolean(this.passwordEncrypted) && Boolean(this.passwordEncryptionMethod);
+  }
+
+  /**
+   * Verify the new password identity
+   *
+   * - Check if the identifier is unique across users
+   * - Validate the password against the password policy
+   */
+  async verify(password: string, passwordPolicyChecker: PasswordPolicyChecker) {
+    const { identifier } = this;
+    const identifierProfile = interactionIdentifierToUserProfile(identifier);
+
+    await this.profileValidator.guardProfileUniquenessAcrossUsers(identifierProfile);
+
+    await this.profileValidator.validatePassword(
+      password,
+      passwordPolicyChecker,
+      profileToUserInfo(identifierProfile)
+    );
+
+    const { passwordEncrypted, passwordEncryptionMethod } = await encryptUserPassword(password);
+
+    this.passwordEncrypted = passwordEncrypted;
+    this.passwordEncryptionMethod = passwordEncryptionMethod;
+  }
+
+  toUserProfile() {
+    assertThat(
+      this.passwordEncrypted && this.passwordEncryptionMethod,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const { identifier, passwordEncrypted, passwordEncryptionMethod } = this;
+
+    const identifierProfile = interactionIdentifierToUserProfile(identifier);
+
+    return {
+      ...identifierProfile,
+      passwordEncrypted,
+      passwordEncryptionMethod,
+    };
+  }
+
+  toJson(): NewPasswordIdentityVerificationRecordData {
+    const { id, type, identifier, passwordEncrypted, passwordEncryptionMethod } = this;
+
+    return {
+      id,
+      type,
+      identifier,
+      passwordEncrypted,
+      passwordEncryptionMethod,
+    };
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/verifications/password-verification.ts b/packages/core/src/routes/experience/classes/verifications/password-verification.ts
index 60d25da7ec55..edfc5e953e82 100644
--- a/packages/core/src/routes/experience/classes/verifications/password-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/password-verification.ts
@@ -45,8 +45,8 @@ export class PasswordVerification
   }
 
   readonly type = VerificationType.Password;
-  public readonly identifier: InteractionIdentifier;
-  public readonly id: string;
+  readonly identifier: InteractionIdentifier;
+  readonly id: string;
   private verified: boolean;
 
   /**
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index 850ed02ef9ed..7a2fab5a508a 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -26,6 +26,7 @@ import koaExperienceInteraction, {
 } from './middleware/koa-experience-interaction.js';
 import backupCodeVerificationRoutes from './verification-routes/backup-code-verification.js';
 import enterpriseSsoVerificationRoutes from './verification-routes/enterprise-sso-verification.js';
+import newPasswordIdentityVerificationRoutes from './verification-routes/new-password-identity-verification.js';
 import passwordVerificationRoutes from './verification-routes/password-verification.js';
 import socialVerificationRoutes from './verification-routes/social-verification.js';
 import totpVerificationRoutes from './verification-routes/totp-verification.js';
@@ -145,4 +146,5 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
   enterpriseSsoVerificationRoutes(router, tenant);
   totpVerificationRoutes(router, tenant);
   backupCodeVerificationRoutes(router, tenant);
+  newPasswordIdentityVerificationRoutes(router, tenant);
 }
diff --git a/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts b/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts
new file mode 100644
index 000000000000..d6def4b28ab3
--- /dev/null
+++ b/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts
@@ -0,0 +1,52 @@
+import { newPasswordIdentityVerificationPayloadGuard } from '@logto/schemas';
+import type Router from 'koa-router';
+import { z } from 'zod';
+
+import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
+import koaGuard from '#src/middleware/koa-guard.js';
+import type TenantContext from '#src/tenants/TenantContext.js';
+
+import { NewPasswordIdentityVerification } from '../classes/verifications/new-password-identity-verification.js';
+import { experienceRoutes } from '../const.js';
+import { type WithExperienceInteractionContext } from '../middleware/koa-experience-interaction.js';
+
+export default function newPasswordIdentityVerificationRoutes<T extends WithLogContext>(
+  router: Router<unknown, WithExperienceInteractionContext<T>>,
+  { libraries, queries }: TenantContext
+) {
+  router.post(
+    `${experienceRoutes.verification}/new-password-identity`,
+    koaGuard({
+      body: newPasswordIdentityVerificationPayloadGuard,
+      status: [200, 400, 422],
+      response: z.object({
+        verificationId: z.string(),
+      }),
+    }),
+    async (ctx, next) => {
+      const { identifier, password } = ctx.guard.body;
+      const { experienceInteraction } = ctx;
+
+      const newPasswordIdentityVerification = NewPasswordIdentityVerification.create(
+        libraries,
+        queries,
+        identifier
+      );
+
+      const policyChecker =
+        await experienceInteraction.signInExperienceValidator.getPasswordPolicyChecker();
+
+      await newPasswordIdentityVerification.verify(password, policyChecker);
+
+      ctx.experienceInteraction.setVerificationRecord(newPasswordIdentityVerification);
+
+      await ctx.experienceInteraction.save();
+
+      ctx.body = { verificationId: newPasswordIdentityVerification.id };
+
+      ctx.status = 200;
+
+      return next();
+    }
+  );
+}
diff --git a/packages/integration-tests/src/client/experience/index.ts b/packages/integration-tests/src/client/experience/index.ts
index 1b5217616ed5..b52713e55232 100644
--- a/packages/integration-tests/src/client/experience/index.ts
+++ b/packages/integration-tests/src/client/experience/index.ts
@@ -2,6 +2,7 @@ import {
   type CreateExperienceApiPayload,
   type IdentificationApiPayload,
   type InteractionEvent,
+  type NewPasswordIdentityVerificationPayload,
   type PasswordVerificationPayload,
   type VerificationCodeIdentifier,
 } from '@logto/schemas';
@@ -184,4 +185,15 @@ export class ExperienceClient extends MockClient {
       })
       .json<{ verificationId: string }>();
   }
+
+  public async createNewPasswordIdentityVerification(
+    payload: NewPasswordIdentityVerificationPayload
+  ) {
+    return api
+      .post(`${experienceRoutes.verification}/new-password-identity`, {
+        headers: { cookie: this.interactionCookie },
+        json: payload,
+      })
+      .json<{ verificationId: string }>();
+  }
 }
diff --git a/packages/integration-tests/src/helpers/experience/index.ts b/packages/integration-tests/src/helpers/experience/index.ts
index 71926a4986ca..8aa7f6523b5e 100644
--- a/packages/integration-tests/src/helpers/experience/index.ts
+++ b/packages/integration-tests/src/helpers/experience/index.ts
@@ -227,3 +227,24 @@ export const signInWithEnterpriseSso = async (
 
   return userId;
 };
+
+export const registerNewUserUsernamePassword = async (username: string, password: string) => {
+  const client = await initExperienceClient();
+  await client.initInteraction({ interactionEvent: InteractionEvent.Register });
+
+  const { verificationId } = await client.createNewPasswordIdentityVerification({
+    identifier: {
+      type: SignInIdentifier.Username,
+      value: username,
+    },
+    password,
+  });
+
+  await client.identifyUser({ verificationId });
+
+  const { redirectTo } = await client.submitInteraction();
+  const userId = await processSession(client, redirectTo);
+  await logoutClient(client);
+
+  return userId;
+};
diff --git a/packages/integration-tests/src/tests/api/experience-api/register-interaction/username-password.test.ts b/packages/integration-tests/src/tests/api/experience-api/register-interaction/username-password.test.ts
new file mode 100644
index 000000000000..076cad733cd3
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/register-interaction/username-password.test.ts
@@ -0,0 +1,40 @@
+import { SignInIdentifier } from '@logto/schemas';
+
+import { deleteUser } from '#src/api/admin-user.js';
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
+import {
+  registerNewUserUsernamePassword,
+  signInWithPassword,
+} from '#src/helpers/experience/index.js';
+import { generateNewUserProfile } from '#src/helpers/user.js';
+import { devFeatureTest } from '#src/utils.js';
+
+devFeatureTest.describe('register new user with username and password', () => {
+  const { username, password } = generateNewUserProfile({ username: true, password: true });
+
+  beforeAll(async () => {
+    // Disable password policy here to make sure the test is not affected by the password policy.
+    await updateSignInExperience({
+      signUp: {
+        identifiers: [SignInIdentifier.Username],
+        password: true,
+        verify: false,
+      },
+      passwordPolicy: {},
+    });
+  });
+
+  it('should register new user with username and password and able to sign-in using the same credentials', async () => {
+    const userId = await registerNewUserUsernamePassword(username, password);
+
+    await signInWithPassword({
+      identifier: {
+        type: SignInIdentifier.Username,
+        value: username,
+      },
+      password,
+    });
+
+    await deleteUser(userId);
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/new-password-identity-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/new-password-identity-verification.test.ts
new file mode 100644
index 000000000000..48187b208bb8
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/new-password-identity-verification.test.ts
@@ -0,0 +1,127 @@
+import { SignInIdentifier } from '@logto/schemas';
+
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
+import { initExperienceClient } from '#src/helpers/client.js';
+import { expectRejects } from '#src/helpers/index.js';
+import { generateNewUser } from '#src/helpers/user.js';
+import { devFeatureTest, randomString } from '#src/utils.js';
+
+const invalidIdentifiers = Object.freeze([
+  {
+    type: SignInIdentifier.Email,
+    value: 'email',
+  },
+  {
+    type: SignInIdentifier.Phone,
+    value: 'phone',
+  },
+]);
+
+devFeatureTest.describe('password verifications', () => {
+  const username = 'test_' + randomString();
+
+  beforeAll(async () => {
+    await updateSignInExperience({
+      passwordPolicy: {
+        length: { min: 8, max: 32 },
+        characterTypes: { min: 3 },
+        rejects: {
+          pwned: true,
+          repetitionAndSequence: true,
+          userInfo: true,
+          words: [username],
+        },
+      },
+    });
+  });
+
+  afterAll(async () => {
+    await updateSignInExperience({
+      // Need to reset password policy to default value otherwise it will affect other tests.
+      passwordPolicy: {},
+    });
+  });
+
+  it.each(invalidIdentifiers)(
+    'should fail to verify with password using %p',
+    async (identifier) => {
+      const client = await initExperienceClient();
+
+      await expectRejects(
+        client.createNewPasswordIdentityVerification({
+          // @ts-expect-error
+          identifier,
+          password: 'password',
+        }),
+        {
+          code: 'guard.invalid_input',
+          status: 400,
+        }
+      );
+    }
+  );
+
+  it('should throw error if username is registered', async () => {
+    const { userProfile } = await generateNewUser({ username: true, password: true });
+    const { username } = userProfile;
+
+    const client = await initExperienceClient();
+
+    await expectRejects(
+      client.createNewPasswordIdentityVerification({
+        identifier: {
+          type: SignInIdentifier.Username,
+          value: username,
+        },
+        password: 'password',
+      }),
+      {
+        code: 'user.username_already_in_use',
+        status: 422,
+      }
+    );
+  });
+
+  describe('password policy check', () => {
+    const invalidPasswords: Array<[string, string | RegExp]> = [
+      ['123', 'minimum length'],
+      ['12345678', 'at least 3 types'],
+      ['123456aA', 'simple password'],
+      ['defghiZ@', 'sequential characters'],
+      ['TTTTTT@z', 'repeated characters'],
+      [username, 'userInfo'],
+    ];
+
+    it.each(invalidPasswords)('should reject invalid password %p', async (password) => {
+      const client = await initExperienceClient();
+
+      await expectRejects(
+        client.createNewPasswordIdentityVerification({
+          identifier: {
+            type: SignInIdentifier.Username,
+            value: username,
+          },
+          password,
+        }),
+        {
+          code: `password.rejected`,
+          status: 422,
+        }
+      );
+    });
+  });
+
+  it('should create new password identity verification successfully', async () => {
+    const client = await initExperienceClient();
+
+    const { verificationId } = await client.createNewPasswordIdentityVerification({
+      identifier: {
+        type: SignInIdentifier.Username,
+        value: username,
+      },
+      password: '?sy8Q3z3_G',
+    });
+
+    expect(verificationId).toBeTruthy();
+  });
+});
diff --git a/packages/schemas/src/types/interactions.ts b/packages/schemas/src/types/interactions.ts
index 82b77965b5ba..e7934eed7349 100644
--- a/packages/schemas/src/types/interactions.ts
+++ b/packages/schemas/src/types/interactions.ts
@@ -31,8 +31,8 @@ export enum InteractionEvent {
 // ====== Experience API payload guards and type definitions start ======
 
 /** Identifiers that can be used to uniquely identify a user. */
-export type InteractionIdentifier = {
-  type: SignInIdentifier;
+export type InteractionIdentifier<T extends SignInIdentifier = SignInIdentifier> = {
+  type: T;
   value: string;
 };
 
@@ -61,6 +61,7 @@ export enum VerificationType {
   TOTP = 'Totp',
   WebAuthn = 'WebAuthn',
   BackupCode = 'BackupCode',
+  NewPasswordIdentity = 'NewPasswordIdentity',
 }
 
 // REMARK: API payload guard
@@ -115,6 +116,26 @@ export const backupCodeVerificationVerifyPayloadGuard = z.object({
   code: z.string().min(1),
 }) satisfies ToZodObject<BackupCodeVerificationVerifyPayload>;
 
+/**
+ * Payload type for `POST /api/experience/verification/new-password-identity`.
+ * @remarks Currently we only support username identifier for new password identity registration.
+ * For email and phone new identity registration, a `CodeVerification` record is required.
+ */
+export type NewPasswordIdentityVerificationPayload = {
+  identifier: {
+    type: SignInIdentifier.Username;
+    value: string;
+  };
+  password: string;
+};
+export const newPasswordIdentityVerificationPayloadGuard = z.object({
+  identifier: z.object({
+    type: z.literal(SignInIdentifier.Username),
+    value: z.string(),
+  }),
+  password: z.string().min(1),
+}) satisfies ToZodObject<NewPasswordIdentityVerificationPayload>;
+
 /** Payload type for `POST /api/experience/identification`. */
 export type IdentificationApiPayload = {
   /** The ID of the verification record that is used to identify the user. */

From a84389da13c9f8c00e6c502177877bd5226a115a Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Tue, 16 Jul 2024 21:59:39 +0800
Subject: [PATCH 025/135] fix(experience): correct active state for input field
 (#6255)

---
 .../InputFields/InputField/index.tsx          | 49 ++++++++++---------
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/packages/experience/src/components/InputFields/InputField/index.tsx b/packages/experience/src/components/InputFields/InputField/index.tsx
index bdf5faf3ced9..78845f2b80aa 100644
--- a/packages/experience/src/components/InputFields/InputField/index.tsx
+++ b/packages/experience/src/components/InputFields/InputField/index.tsx
@@ -1,7 +1,15 @@
 import { type Nullable } from '@silverhand/essentials';
 import classNames from 'classnames';
-import type { HTMLProps, ReactElement, Ref } from 'react';
-import { forwardRef, cloneElement, useState, useImperativeHandle, useRef, useEffect } from 'react';
+import type { HTMLProps, ReactElement, Ref, AnimationEvent } from 'react';
+import {
+  forwardRef,
+  cloneElement,
+  useState,
+  useImperativeHandle,
+  useRef,
+  useEffect,
+  useCallback,
+} from 'react';
 
 import ErrorMessage from '@/components/ErrorMessage';
 
@@ -47,33 +55,25 @@ const InputField = (
 
   const [isFocused, setIsFocused] = useState(false);
   const [hasValue, setHasValue] = useState(false);
-  const hasContent =
-    Boolean(isPrefixVisible) ||
-    hasValue ||
-    // Handle the case when this filed have a default value
-    Boolean(value);
-
-  const isActive = hasContent || isFocused;
 
   useEffect(() => {
-    const inputDom = innerRef.current;
-    if (!inputDom) {
-      return;
-    }
-
     /**
-     * Use a timeout to check if the input field has autofill value.
-     * Fix the issue that the input field doesn't have the active style when the autofill value is set.
-     * see https://github.com/facebook/react/issues/1159#issuecomment-1025423604
+     * Should listen to the value prop to update the hasValue state.
      */
-    const checkAutoFillTimeout = setTimeout(() => {
-      setHasValue(inputDom.matches('*:-webkit-autofill'));
-    }, 200);
+    setHasValue(Boolean(value));
+  }, [value]);
+
+  /**
+   * Fix the issue that the input field doesn't have the active style when the autofill value is set.
+   * Modern browsers will trigger an animation event when the input field is autofilled.
+   */
+  const handleAnimationStart = useCallback((event: AnimationEvent<HTMLInputElement>) => {
+    if (event.animationName === 'onautofillstart') {
+      setHasValue(true);
+    }
+  }, []);
 
-    return () => {
-      clearTimeout(checkAutoFillTimeout);
-    };
-  }, [innerRef]);
+  const isActive = Boolean(isPrefixVisible) || hasValue || isFocused;
 
   return (
     <div className={className}>
@@ -97,6 +97,7 @@ const InputField = (
             {...props}
             ref={innerRef}
             value={value}
+            onAnimationStart={handleAnimationStart}
             onFocus={(event) => {
               setIsFocused(true);
               return onFocus?.(event);

From bc2ccf671e0dd04d633f3d7b43840633b080c434 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Wed, 17 Jul 2024 11:08:01 +0800
Subject: [PATCH 026/135] refactor(console): use button loading in experience
 flow if possible (#6234)

---
 .../Providers/LoadingLayerProvider/index.tsx  |  6 +-
 .../components/LoadingLayer/index.module.scss |  7 ---
 .../src/components/LoadingLayer/index.tsx     |  6 +-
 .../components/LoadingMask/index.module.scss  |  8 +++
 .../src/components/LoadingMask/index.tsx      | 13 +++++
 .../src/containers/SetPassword/Lite.tsx       | 15 +++--
 .../containers/SetPassword/SetPassword.tsx    | 15 +++--
 .../src/containers/SetPassword/index.tsx      |  2 +-
 .../TotpCodeVerification/index.module.scss    |  4 ++
 .../containers/TotpCodeVerification/index.tsx | 57 ++++++++++++++-----
 .../use-totp-code-verification.ts             |  4 +-
 .../VerificationCode/index.module.scss        |  3 +-
 .../src/containers/VerificationCode/index.tsx | 53 +++++++++++++----
 .../experience/src/pages/Consent/index.tsx    |  6 +-
 .../Continue/IdentifierProfileForm/index.tsx  |  6 +-
 .../ForgotPasswordForm/index.tsx              |  7 ++-
 .../MfaBinding/BackupCodeBinding/index.tsx    |  9 ++-
 .../MfaBinding/WebAuthnBinding/index.tsx      |  9 ++-
 .../BackupCodeVerification/index.tsx          | 10 +++-
 .../WebAuthnVerification/index.tsx            |  9 ++-
 .../Register/IdentifierRegisterForm/index.tsx |  3 +-
 .../SignIn/IdentifierSignInForm/index.tsx     |  3 +-
 .../pages/SignIn/PasswordSignInForm/index.tsx |  3 +-
 .../SignInPassword/PasswordForm/index.tsx     |  4 +-
 .../src/pages/SingleSignOnEmail/index.tsx     |  9 ++-
 25 files changed, 194 insertions(+), 77 deletions(-)
 create mode 100644 packages/experience/src/components/LoadingMask/index.module.scss
 create mode 100644 packages/experience/src/components/LoadingMask/index.tsx

diff --git a/packages/experience/src/Providers/LoadingLayerProvider/index.tsx b/packages/experience/src/Providers/LoadingLayerProvider/index.tsx
index eccc54c9bebd..2c3601ee0d04 100644
--- a/packages/experience/src/Providers/LoadingLayerProvider/index.tsx
+++ b/packages/experience/src/Providers/LoadingLayerProvider/index.tsx
@@ -1,18 +1,16 @@
 import { useContext } from 'react';
 import { Outlet } from 'react-router-dom';
-import { useDebouncedLoader } from 'use-debounced-loader';
 
 import PageContext from '@/Providers/PageContextProvider/PageContext';
-import LoadingLayer from '@/components/LoadingLayer';
+import LoadingMask from '@/components/LoadingMask';
 
 const LoadingLayerProvider = () => {
   const { loading } = useContext(PageContext);
-  const debouncedLoading = useDebouncedLoader(loading, 500);
 
   return (
     <>
       <Outlet />
-      {debouncedLoading && <LoadingLayer />}
+      {loading && <LoadingMask />}
     </>
   );
 };
diff --git a/packages/experience/src/components/LoadingLayer/index.module.scss b/packages/experience/src/components/LoadingLayer/index.module.scss
index 4f24e5e8b485..115c477e44a9 100644
--- a/packages/experience/src/components/LoadingLayer/index.module.scss
+++ b/packages/experience/src/components/LoadingLayer/index.module.scss
@@ -1,12 +1,5 @@
 @use '@/scss/underscore' as _;
 
-.overlay {
-  position: fixed;
-  inset: 0;
-  @include _.flex-column;
-  z-index: 300;
-}
-
 .loadingIcon {
   color: var(--color-type-primary);
   animation: rotating 1s steps(12, end) infinite;
diff --git a/packages/experience/src/components/LoadingLayer/index.tsx b/packages/experience/src/components/LoadingLayer/index.tsx
index 4db64f3a1e19..52b43e236bcf 100644
--- a/packages/experience/src/components/LoadingLayer/index.tsx
+++ b/packages/experience/src/components/LoadingLayer/index.tsx
@@ -1,14 +1,16 @@
+import LoadingMask from '../LoadingMask';
+
 import LoadingIcon from './LoadingIcon';
 import * as styles from './index.module.scss';
 
 export { default as LoadingIcon } from './LoadingIcon';
 
 const LoadingLayer = () => (
-  <div className={styles.overlay}>
+  <LoadingMask>
     <div className={styles.container}>
       <LoadingIcon />
     </div>
-  </div>
+  </LoadingMask>
 );
 
 export default LoadingLayer;
diff --git a/packages/experience/src/components/LoadingMask/index.module.scss b/packages/experience/src/components/LoadingMask/index.module.scss
new file mode 100644
index 000000000000..30e65e81855c
--- /dev/null
+++ b/packages/experience/src/components/LoadingMask/index.module.scss
@@ -0,0 +1,8 @@
+@use '@/scss/underscore' as _;
+
+.overlay {
+  position: fixed;
+  inset: 0;
+  @include _.flex-column;
+  z-index: 300;
+}
diff --git a/packages/experience/src/components/LoadingMask/index.tsx b/packages/experience/src/components/LoadingMask/index.tsx
new file mode 100644
index 000000000000..b77e4435113e
--- /dev/null
+++ b/packages/experience/src/components/LoadingMask/index.tsx
@@ -0,0 +1,13 @@
+import { type ReactNode } from 'react';
+
+import * as styles from './index.module.scss';
+
+type Props = {
+  readonly children?: ReactNode;
+};
+
+const LoadingMask = ({ children }: Props) => {
+  return <div className={styles.overlay}>{children}</div>;
+};
+
+export default LoadingMask;
diff --git a/packages/experience/src/containers/SetPassword/Lite.tsx b/packages/experience/src/containers/SetPassword/Lite.tsx
index aa1abd3b8a06..e3c831d76135 100644
--- a/packages/experience/src/containers/SetPassword/Lite.tsx
+++ b/packages/experience/src/containers/SetPassword/Lite.tsx
@@ -14,7 +14,7 @@ type Props = {
   readonly className?: string;
   // eslint-disable-next-line react/boolean-prop-naming
   readonly autoFocus?: boolean;
-  readonly onSubmit: (password: string) => void;
+  readonly onSubmit: (password: string) => Promise<void>;
   readonly errorMessage?: string;
   readonly clearErrorMessage?: () => void;
 };
@@ -29,7 +29,7 @@ const Lite = ({ className, autoFocus, onSubmit, errorMessage, clearErrorMessage
   const {
     register,
     handleSubmit,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FieldState>({
     reValidateMode: 'onBlur',
     defaultValues: { newPassword: '' },
@@ -45,8 +45,8 @@ const Lite = ({ className, autoFocus, onSubmit, errorMessage, clearErrorMessage
     (event?: React.FormEvent<HTMLFormElement>) => {
       clearErrorMessage?.();
 
-      void handleSubmit((data, event) => {
-        onSubmit(data.newPassword);
+      void handleSubmit(async (data) => {
+        await onSubmit(data.newPassword);
       })(event);
     },
     [clearErrorMessage, handleSubmit, onSubmit]
@@ -70,7 +70,12 @@ const Lite = ({ className, autoFocus, onSubmit, errorMessage, clearErrorMessage
 
       {errorMessage && <ErrorMessage className={styles.formErrors}>{errorMessage}</ErrorMessage>}
 
-      <Button name="submit" title="action.save_password" htmlType="submit" />
+      <Button
+        name="submit"
+        title="action.save_password"
+        htmlType="submit"
+        isLoading={isSubmitting}
+      />
 
       <input hidden type="submit" />
     </form>
diff --git a/packages/experience/src/containers/SetPassword/SetPassword.tsx b/packages/experience/src/containers/SetPassword/SetPassword.tsx
index e2e7d6ff0add..0505c7bcf4d7 100644
--- a/packages/experience/src/containers/SetPassword/SetPassword.tsx
+++ b/packages/experience/src/containers/SetPassword/SetPassword.tsx
@@ -17,7 +17,7 @@ type Props = {
   readonly className?: string;
   // eslint-disable-next-line react/boolean-prop-naming
   readonly autoFocus?: boolean;
-  readonly onSubmit: (password: string) => void;
+  readonly onSubmit: (password: string) => Promise<void>;
   readonly errorMessage?: string;
   readonly clearErrorMessage?: () => void;
 };
@@ -43,7 +43,7 @@ const SetPassword = ({
     watch,
     resetField,
     handleSubmit,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FieldState>({
     reValidateMode: 'onBlur',
     defaultValues: { newPassword: '', confirmPassword: '' },
@@ -59,8 +59,8 @@ const SetPassword = ({
     (event?: React.FormEvent<HTMLFormElement>) => {
       clearErrorMessage?.();
 
-      void handleSubmit((data, event) => {
-        onSubmit(data.newPassword);
+      void handleSubmit(async (data) => {
+        await onSubmit(data.newPassword);
       })(event);
     },
     [clearErrorMessage, handleSubmit, onSubmit]
@@ -119,7 +119,12 @@ const SetPassword = ({
 
       <TogglePassword isChecked={showPassword} onChange={setShowPassword} />
 
-      <Button name="submit" title="action.save_password" htmlType="submit" />
+      <Button
+        name="submit"
+        title="action.save_password"
+        htmlType="submit"
+        isLoading={isSubmitting}
+      />
 
       <input hidden type="submit" />
     </form>
diff --git a/packages/experience/src/containers/SetPassword/index.tsx b/packages/experience/src/containers/SetPassword/index.tsx
index 6d0c0b160fd8..e75450ce1dee 100644
--- a/packages/experience/src/containers/SetPassword/index.tsx
+++ b/packages/experience/src/containers/SetPassword/index.tsx
@@ -7,7 +7,7 @@ type Props = {
   readonly className?: string;
   // eslint-disable-next-line react/boolean-prop-naming
   readonly autoFocus?: boolean;
-  readonly onSubmit: (password: string) => void;
+  readonly onSubmit: (password: string) => Promise<void>;
   readonly errorMessage?: string;
   readonly clearErrorMessage?: () => void;
   readonly maxLength?: number;
diff --git a/packages/experience/src/containers/TotpCodeVerification/index.module.scss b/packages/experience/src/containers/TotpCodeVerification/index.module.scss
index d49751776310..5eada9f9f33e 100644
--- a/packages/experience/src/containers/TotpCodeVerification/index.module.scss
+++ b/packages/experience/src/containers/TotpCodeVerification/index.module.scss
@@ -3,3 +3,7 @@
 .totpCodeInput {
   margin-top: _.unit(4);
 }
+
+.continueButton {
+  margin-top: _.unit(6);
+}
diff --git a/packages/experience/src/containers/TotpCodeVerification/index.tsx b/packages/experience/src/containers/TotpCodeVerification/index.tsx
index 2216eb2eceba..16d9897ae521 100644
--- a/packages/experience/src/containers/TotpCodeVerification/index.tsx
+++ b/packages/experience/src/containers/TotpCodeVerification/index.tsx
@@ -1,5 +1,6 @@
 import { useCallback, useState } from 'react';
 
+import Button from '@/components/Button';
 import VerificationCodeInput from '@/components/VerificationCode';
 import { type UserMfaFlow } from '@/types';
 
@@ -8,32 +9,58 @@ import useTotpCodeVerification from './use-totp-code-verification';
 
 const totpCodeLength = 6;
 
+const isCodeReady = (code: string[]) => {
+  return code.length === totpCodeLength && code.every(Boolean);
+};
+
 type Props = {
   readonly flow: UserMfaFlow;
 };
 
 const TotpCodeVerification = ({ flow }: Props) => {
-  const [code, setCode] = useState<string[]>([]);
+  const [codeInput, setCodeInput] = useState<string[]>([]);
   const errorCallback = useCallback(() => {
-    setCode([]);
+    setCodeInput([]);
   }, []);
 
   const { errorMessage, onSubmit } = useTotpCodeVerification(flow, errorCallback);
 
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const handleSubmit = useCallback(
+    async (code: string[]) => {
+      setIsSubmitting(true);
+      await onSubmit(code.join(''));
+      setIsSubmitting(false);
+    },
+    [onSubmit]
+  );
+
   return (
-    <VerificationCodeInput
-      name="totpCode"
-      value={code}
-      className={styles.totpCodeInput}
-      error={errorMessage}
-      onChange={(code) => {
-        setCode(code);
-
-        if (code.length === totpCodeLength && code.every(Boolean)) {
-          onSubmit(code.join(''));
-        }
-      }}
-    />
+    <>
+      <VerificationCodeInput
+        name="totpCode"
+        value={codeInput}
+        className={styles.totpCodeInput}
+        error={errorMessage}
+        onChange={(code) => {
+          setCodeInput(code);
+          if (isCodeReady(code)) {
+            void handleSubmit(code);
+          }
+        }}
+      />
+      <Button
+        title="action.continue"
+        type="primary"
+        className={styles.continueButton}
+        isLoading={isSubmitting}
+        isDisabled={!isCodeReady(codeInput)}
+        onClick={() => {
+          void handleSubmit(codeInput);
+        }}
+      />
+    </>
   );
 };
 
diff --git a/packages/experience/src/containers/TotpCodeVerification/use-totp-code-verification.ts b/packages/experience/src/containers/TotpCodeVerification/use-totp-code-verification.ts
index 313aff5fcd97..3c05c6e93842 100644
--- a/packages/experience/src/containers/TotpCodeVerification/use-totp-code-verification.ts
+++ b/packages/experience/src/containers/TotpCodeVerification/use-totp-code-verification.ts
@@ -19,8 +19,8 @@ const useTotpCodeVerification = (flow: UserMfaFlow, errorCallback?: () => void)
   );
 
   const onSubmit = useCallback(
-    (code: string) => {
-      void sendMfaPayload(
+    async (code: string) => {
+      await sendMfaPayload(
         { flow, payload: { type: MfaFactor.TOTP, code } },
         invalidCodeErrorHandlers,
         errorCallback
diff --git a/packages/experience/src/containers/VerificationCode/index.module.scss b/packages/experience/src/containers/VerificationCode/index.module.scss
index 4876069e50b2..e7fce0f45e17 100644
--- a/packages/experience/src/containers/VerificationCode/index.module.scss
+++ b/packages/experience/src/containers/VerificationCode/index.module.scss
@@ -27,7 +27,8 @@
     align-self: start;
   }
 
-  .switch {
+  .switch,
+  .continueButton {
     margin-top: _.unit(6);
   }
 }
diff --git a/packages/experience/src/containers/VerificationCode/index.tsx b/packages/experience/src/containers/VerificationCode/index.tsx
index f086aea17fde..35e6c63414d1 100644
--- a/packages/experience/src/containers/VerificationCode/index.tsx
+++ b/packages/experience/src/containers/VerificationCode/index.tsx
@@ -1,8 +1,9 @@
 import { SignInIdentifier } from '@logto/schemas';
 import classNames from 'classnames';
-import { useState, useEffect, useCallback } from 'react';
+import { useState, useEffect, useCallback, useMemo } from 'react';
 import { useTranslation, Trans } from 'react-i18next';
 
+import Button from '@/components/Button';
 import TextLink from '@/components/TextLink';
 import VerificationCodeInput, { defaultLength } from '@/components/VerificationCode';
 import { UserFlow } from '@/types';
@@ -21,13 +22,18 @@ type Props = {
 };
 
 const VerificationCode = ({ flow, identifier, className, hasPasswordButton, target }: Props) => {
-  const [code, setCode] = useState<string[]>([]);
+  const [codeInput, setCodeInput] = useState<string[]>([]);
   const { t } = useTranslation();
 
+  const isCodeInputReady = useMemo(
+    () => codeInput.length === defaultLength && codeInput.every(Boolean),
+    [codeInput]
+  );
+
   const useVerificationCode = getCodeVerificationHookByFlow(flow);
 
   const errorCallback = useCallback(() => {
-    setCode([]);
+    setCodeInput([]);
   }, []);
 
   const { errorMessage, clearErrorMessage, onSubmit } = useVerificationCode(
@@ -42,24 +48,37 @@ const VerificationCode = ({ flow, identifier, className, hasPasswordButton, targ
     target
   );
 
-  useEffect(() => {
-    if (code.length === defaultLength && code.every(Boolean)) {
-      const payload =
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const handleSubmit = useCallback(
+    async (code: string[]) => {
+      setIsSubmitting(true);
+
+      await onSubmit(
         identifier === SignInIdentifier.Email
           ? { email: target, verificationCode: code.join('') }
-          : { phone: target, verificationCode: code.join('') };
-      void onSubmit(payload);
+          : { phone: target, verificationCode: code.join('') }
+      );
+
+      setIsSubmitting(false);
+    },
+    [identifier, onSubmit, target]
+  );
+
+  useEffect(() => {
+    if (isCodeInputReady) {
+      void handleSubmit(codeInput);
     }
-  }, [code, identifier, onSubmit, target]);
+  }, [codeInput, handleSubmit, isCodeInputReady]);
 
   return (
     <form className={classNames(styles.form, className)}>
       <VerificationCodeInput
         name="passcode"
         className={classNames(styles.inputField, errorMessage && styles.withError)}
-        value={code}
+        value={codeInput}
         error={errorMessage}
-        onChange={setCode}
+        onChange={setCodeInput}
       />
       <div className={styles.message}>
         {isRunning ? (
@@ -75,7 +94,7 @@ const VerificationCode = ({ flow, identifier, className, hasPasswordButton, targ
                   onClick={async () => {
                     clearErrorMessage();
                     await onResendVerificationCode();
-                    setCode([]);
+                    setCodeInput([]);
                   }}
                 />
               ),
@@ -88,6 +107,16 @@ const VerificationCode = ({ flow, identifier, className, hasPasswordButton, targ
       {flow === UserFlow.SignIn && hasPasswordButton && (
         <PasswordSignInLink className={styles.switch} />
       )}
+      <Button
+        title="action.continue"
+        type="primary"
+        isDisabled={!isCodeInputReady}
+        isLoading={isSubmitting}
+        className={styles.continueButton}
+        onClick={() => {
+          void handleSubmit(codeInput);
+        }}
+      />
     </form>
   );
 };
diff --git a/packages/experience/src/pages/Consent/index.tsx b/packages/experience/src/pages/Consent/index.tsx
index 0f5c012c8a7a..8052e11d8316 100644
--- a/packages/experience/src/pages/Consent/index.tsx
+++ b/packages/experience/src/pages/Consent/index.tsx
@@ -27,10 +27,14 @@ const Consent = () => {
   const [consentData, setConsentData] = useState<ConsentInfoResponse>();
   const [selectedOrganization, setSelectedOrganization] = useState<Organization>();
 
+  const [isConsentLoading, setIsConsentLoading] = useState(false);
+
   const asyncGetConsentInfo = useApi(getConsentInfo);
 
   const consentHandler = useCallback(async () => {
+    setIsConsentLoading(true);
     const [error, result] = await asyncConsent(selectedOrganization?.id);
+    setIsConsentLoading(false);
 
     if (error) {
       await handleError(error);
@@ -113,7 +117,7 @@ const Consent = () => {
             window.location.replace(consentData.redirectUri);
           }}
         />
-        <Button title="action.authorize" onClick={consentHandler} />
+        <Button title="action.authorize" isLoading={isConsentLoading} onClick={consentHandler} />
       </div>
       {!showTerms && (
         <div className={styles.redirectUri}>
diff --git a/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx b/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx
index 19e3b94486d3..b26484ed6493 100644
--- a/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx
+++ b/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx
@@ -43,7 +43,7 @@ const IdentifierProfileForm = ({
   const {
     handleSubmit,
     control,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
     defaultValues: {
@@ -61,7 +61,7 @@ const IdentifierProfileForm = ({
   }, [clearErrorMessage, isValid]);
 
   const onSubmitHandler = useCallback(
-    async (event?: React.FormEvent<HTMLFormElement>) => {
+    (event?: React.FormEvent<HTMLFormElement>) => {
       clearErrorMessage?.();
 
       void handleSubmit(async ({ identifier: { type, value } }) => {
@@ -115,7 +115,7 @@ const IdentifierProfileForm = ({
 
       {errorMessage && <ErrorMessage className={styles.formErrors}>{errorMessage}</ErrorMessage>}
 
-      <Button title="action.continue" htmlType="submit" />
+      <Button title="action.continue" htmlType="submit" isLoading={isSubmitting} />
 
       <input hidden type="submit" />
     </form>
diff --git a/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx b/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx
index 381bf12bd501..f05fd259bc58 100644
--- a/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx
+++ b/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx
@@ -42,12 +42,13 @@ const ForgotPasswordForm = ({
     UserFlow.ForgotPassword
   );
 
-  const { setForgotPasswordIdentifierInputValue } = useContext(UserInteractionContext);
+  const { setForgotPasswordIdentifierInputValue, setIdentifierInputValue } =
+    useContext(UserInteractionContext);
 
   const {
     handleSubmit,
     control,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
     defaultValues: {
@@ -122,7 +123,7 @@ const ForgotPasswordForm = ({
 
       {errorMessage && <ErrorMessage className={styles.formErrors}>{errorMessage}</ErrorMessage>}
 
-      <Button title="action.continue" htmlType="submit" />
+      <Button title="action.continue" htmlType="submit" isLoading={isSubmitting} />
 
       <input hidden type="submit" />
     </form>
diff --git a/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx b/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx
index 3d113036cbfb..bf5f29b3df08 100644
--- a/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx
+++ b/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx
@@ -1,5 +1,6 @@
 import { MfaFactor } from '@logto/schemas';
 import { t } from 'i18next';
+import { useState } from 'react';
 import { useLocation } from 'react-router-dom';
 import { validate } from 'superstruct';
 
@@ -18,6 +19,7 @@ import * as styles from './index.module.scss';
 const BackupCodeBinding = () => {
   const { copyText, downloadText } = useTextHandler();
   const sendMfaPayload = useSendMfaPayload();
+  const [isSubmitting, setIsSubmitting] = useState(false);
 
   const { state } = useLocation();
   const [, backupCodeBindingState] = validate(state, backupCodeBindingStateGuard);
@@ -64,11 +66,14 @@ const BackupCodeBinding = () => {
         </div>
         <Button
           title="action.continue"
-          onClick={() => {
-            void sendMfaPayload({
+          isLoading={isSubmitting}
+          onClick={async () => {
+            setIsSubmitting(true);
+            await sendMfaPayload({
               flow: UserMfaFlow.MfaBinding,
               payload: { type: MfaFactor.BackupCode },
             });
+            setIsSubmitting(false);
           }}
         />
       </div>
diff --git a/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx b/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx
index 1678b42b8b50..9eca7bc9889c 100644
--- a/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx
+++ b/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx
@@ -1,4 +1,5 @@
 import { conditional } from '@silverhand/essentials';
+import { useState } from 'react';
 import { useLocation } from 'react-router-dom';
 import { validate } from 'superstruct';
 
@@ -19,6 +20,7 @@ const WebAuthnBinding = () => {
   const [, webAuthnState] = validate(state, webAuthnStateGuard);
   const handleWebAuthn = useWebAuthnOperation();
   const skipMfa = useSkipMfa();
+  const [isCreatingPasskey, setIsCreatingPasskey] = useState(false);
 
   if (!webAuthnState) {
     return <ErrorPage title="error.invalid_session" />;
@@ -38,8 +40,11 @@ const WebAuthnBinding = () => {
     >
       <Button
         title="mfa.create_a_passkey"
-        onClick={() => {
-          void handleWebAuthn(options);
+        isLoading={isCreatingPasskey}
+        onClick={async () => {
+          setIsCreatingPasskey(true);
+          await handleWebAuthn(options);
+          setIsCreatingPasskey(false);
         }}
       />
       <SwitchMfaFactorsLink
diff --git a/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx b/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx
index c5b142cbda87..f7defbeb07c5 100644
--- a/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx
+++ b/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx
@@ -22,12 +22,16 @@ type FormState = {
 const BackupCodeVerification = () => {
   const flowState = useMfaFlowState();
   const sendMfaPayload = useSendMfaPayload();
-  const { register, handleSubmit } = useForm<FormState>({ defaultValues: { code: '' } });
+  const {
+    register,
+    handleSubmit,
+    formState: { isSubmitting },
+  } = useForm<FormState>({ defaultValues: { code: '' } });
 
   const onSubmitHandler = useCallback(
     (event?: FormEvent<HTMLFormElement>) => {
       void handleSubmit(async ({ code }) => {
-        void sendMfaPayload({
+        await sendMfaPayload({
           flow: UserMfaFlow.MfaVerification,
           payload: { type: MfaFactor.BackupCode, code },
         });
@@ -53,7 +57,7 @@ const BackupCodeVerification = () => {
             className={styles.backupCodeInput}
             {...register('code')}
           />
-          <Button title="action.continue" htmlType="submit" />
+          <Button title="action.continue" htmlType="submit" isLoading={isSubmitting} />
         </form>
       </SectionLayout>
       <SwitchMfaFactorsLink
diff --git a/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx b/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx
index 91bdf5af4db3..1f25f16f462d 100644
--- a/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx
+++ b/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx
@@ -1,3 +1,4 @@
+import { useState } from 'react';
 import { useLocation } from 'react-router-dom';
 import { validate } from 'superstruct';
 
@@ -17,6 +18,7 @@ const WebAuthnVerification = () => {
   const { state } = useLocation();
   const [, webAuthnState] = validate(state, webAuthnStateGuard);
   const handleWebAuthn = useWebAuthnOperation();
+  const [isVerifying, setIsVerifying] = useState(false);
 
   if (!webAuthnState) {
     return <ErrorPage title="error.invalid_session" />;
@@ -37,8 +39,11 @@ const WebAuthnVerification = () => {
         <Button
           title="action.verify_via_passkey"
           className={styles.verifyButton}
-          onClick={() => {
-            void handleWebAuthn(options);
+          isLoading={isVerifying}
+          onClick={async () => {
+            setIsVerifying(true);
+            await handleWebAuthn(options);
+            setIsVerifying(false);
           }}
         />
       </SectionLayout>
diff --git a/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx b/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx
index cc198194b9c5..3d03e1b1834f 100644
--- a/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx
+++ b/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx
@@ -40,7 +40,7 @@ const IdentifierRegisterForm = ({ className, autoFocus, signUpMethods }: Props)
   const {
     watch,
     handleSubmit,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
     control,
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
@@ -154,6 +154,7 @@ const IdentifierRegisterForm = ({ className, autoFocus, signUpMethods }: Props)
         title={showSingleSignOnForm ? 'action.single_sign_on' : 'action.create_account'}
         icon={showSingleSignOnForm ? <LockIcon /> : undefined}
         htmlType="submit"
+        isLoading={isSubmitting}
       />
 
       <input hidden type="submit" />
diff --git a/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx b/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx
index 39e2c2596969..5049b7f17d82 100644
--- a/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx
+++ b/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx
@@ -44,7 +44,7 @@ const IdentifierSignInForm = ({ className, autoFocus, signInMethods }: Props) =>
     watch,
     handleSubmit,
     control,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
   });
@@ -153,6 +153,7 @@ const IdentifierSignInForm = ({ className, autoFocus, signInMethods }: Props) =>
         title={showSingleSignOnForm ? 'action.single_sign_on' : 'action.sign_in'}
         icon={showSingleSignOnForm ? <LockIcon /> : undefined}
         htmlType="submit"
+        isLoading={isSubmitting}
       />
 
       <input hidden type="submit" />
diff --git a/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx b/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx
index 3ce300d5e5f0..47c91e213f4c 100644
--- a/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx
+++ b/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx
@@ -45,7 +45,7 @@ const PasswordSignInForm = ({ className, autoFocus, signInMethods }: Props) => {
     register,
     handleSubmit,
     control,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
     defaultValues: {
@@ -174,6 +174,7 @@ const PasswordSignInForm = ({ className, autoFocus, signInMethods }: Props) => {
         title={showSingleSignOnForm ? 'action.single_sign_on' : 'action.sign_in'}
         icon={showSingleSignOnForm ? <LockIcon /> : undefined}
         htmlType="submit"
+        isLoading={isSubmitting}
       />
 
       <input hidden type="submit" />
diff --git a/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx b/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx
index 2deb89de789e..207c3cb2b185 100644
--- a/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx
+++ b/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx
@@ -47,7 +47,7 @@ const PasswordForm = ({
     register,
     handleSubmit,
     control,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
     defaultValues: {
@@ -114,7 +114,7 @@ const PasswordForm = ({
         <ForgotPasswordLink className={styles.link} identifier={identifier} value={value} />
       )}
 
-      <Button title="action.continue" name="submit" htmlType="submit" />
+      <Button title="action.continue" name="submit" htmlType="submit" isLoading={isSubmitting} />
 
       {identifier !== SignInIdentifier.Username && isVerificationCodeEnabled && (
         <VerificationCodeLink className={styles.switch} identifier={identifier} value={value} />
diff --git a/packages/experience/src/pages/SingleSignOnEmail/index.tsx b/packages/experience/src/pages/SingleSignOnEmail/index.tsx
index 86437fe4dc2b..3abe821ff31d 100644
--- a/packages/experience/src/pages/SingleSignOnEmail/index.tsx
+++ b/packages/experience/src/pages/SingleSignOnEmail/index.tsx
@@ -26,7 +26,7 @@ const SingleSignOnEmail = () => {
   const {
     handleSubmit,
     control,
-    formState: { errors, isValid },
+    formState: { errors, isValid, isSubmitting },
   } = useForm<FormState>({
     reValidateMode: 'onBlur',
   });
@@ -82,7 +82,12 @@ const SingleSignOnEmail = () => {
 
         {errorMessage && <ErrorMessage className={styles.formErrors}>{errorMessage}</ErrorMessage>}
 
-        <Button title="action.single_sign_on" htmlType="submit" icon={<LockIcon />} />
+        <Button
+          title="action.single_sign_on"
+          htmlType="submit"
+          icon={<LockIcon />}
+          isLoading={isSubmitting}
+        />
 
         <input hidden type="submit" />
       </form>

From 6c4f051cfebf1bf021c7b3df2e30e63ef9c5cdbe Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Wed, 17 Jul 2024 11:56:31 +0800
Subject: [PATCH 027/135] refactor(experience): support and apply modal loading
 state (#6236)

* refactor(experience): support and apply modal loading state

* feat(experience): support cancel loading for modal
---
 .../Providers/ConfirmModalProvider/index.tsx  | 119 +++++++---
 .../ConfirmModalProvider/indext.test.tsx      | 210 +++++++++++++-----
 .../src/components/ConfirmModal/AcModal.tsx   |   4 +
 .../components/ConfirmModal/MobileModal.tsx   |  10 +-
 .../src/components/ConfirmModal/type.ts       |   2 +
 .../use-identifier-error-alert.ts             |   4 +-
 .../use-link-social-confirm-modal.ts          |  16 +-
 .../use-register-flow-code-verification.ts    |  36 ++-
 .../use-sign-in-flow-code-verification.ts     |  40 ++--
 .../experience/src/hooks/use-confirm-modal.ts |  47 +++-
 packages/experience/src/hooks/use-terms.ts    |   4 +-
 .../src/pages/Continue/SetPassword/index.tsx  |   4 +-
 .../src/pages/RegisterPassword/index.tsx      |   4 +-
 .../src/pages/ResetPassword/index.tsx         |   4 +-
 14 files changed, 348 insertions(+), 156 deletions(-)

diff --git a/packages/experience/src/Providers/ConfirmModalProvider/index.tsx b/packages/experience/src/Providers/ConfirmModalProvider/index.tsx
index 1a2bd1377c10..5836a5c87a87 100644
--- a/packages/experience/src/Providers/ConfirmModalProvider/index.tsx
+++ b/packages/experience/src/Providers/ConfirmModalProvider/index.tsx
@@ -6,30 +6,38 @@ import type { ModalProps } from '@/components/ConfirmModal';
 import { WebModal, MobileModal } from '@/components/ConfirmModal';
 import usePlatform from '@/hooks/use-platform';
 
-export type ModalContentRenderProps = {
-  confirm: (data?: unknown) => void;
-  cancel: (data?: unknown) => void;
-};
-
 type ConfirmModalType = 'alert' | 'confirm';
 
 type ConfirmModalState = Omit<ModalProps, 'onClose' | 'onConfirm' | 'children'> & {
-  ModalContent: string | ((props: ModalContentRenderProps) => Nullable<JSX.Element>);
+  ModalContent: string | (() => Nullable<JSX.Element>);
   type: ConfirmModalType;
+  isConfirmLoading?: boolean;
+  isCancelLoading?: boolean;
 };
 
-type ConfirmModalProps = Omit<ConfirmModalState, 'isOpen' | 'type'> & { type?: ConfirmModalType };
+/**
+ * Props for promise-based modal usage
+ */
+type PromiseConfirmModalProps = Omit<ConfirmModalState, 'isOpen' | 'type' | 'isConfirmLoading'> & {
+  type?: ConfirmModalType;
+};
+
+/**
+ * Props for callback-based modal usage
+ */
+export type CallbackConfirmModalProps = PromiseConfirmModalProps & {
+  onConfirm?: () => Promise<void> | void;
+  onCancel?: () => Promise<void> | void;
+};
 
 type ConfirmModalContextType = {
-  show: (props: ConfirmModalProps) => Promise<[boolean, unknown?]>;
-  confirm: (data?: unknown) => void;
-  cancel: (data?: unknown) => void;
+  showPromise: (props: PromiseConfirmModalProps) => Promise<[boolean, unknown?]>;
+  showCallback: (props: CallbackConfirmModalProps) => void;
 };
 
 export const ConfirmModalContext = createContext<ConfirmModalContextType>({
-  show: async () => [true],
-  confirm: noop,
-  cancel: noop,
+  showPromise: async () => [true],
+  showCallback: noop,
 });
 
 type Props = {
@@ -40,49 +48,90 @@ const defaultModalState: ConfirmModalState = {
   isOpen: false,
   type: 'confirm',
   ModalContent: () => null,
+  isConfirmLoading: false,
+  isCancelLoading: false,
 };
 
+/**
+ * ConfirmModalProvider component
+ *
+ * This component provides a context for managing confirm modals throughout the application.
+ * It supports both promise-based and callback-based usage patterns. see `usePromiseConfirmModal` and `useConfirmModal` hooks.
+ */
 const ConfirmModalProvider = ({ children }: Props) => {
   const [modalState, setModalState] = useState<ConfirmModalState>(defaultModalState);
 
   const resolver = useRef<(value: [result: boolean, data?: unknown]) => void>();
+  const callbackRef = useRef<{
+    onConfirm?: () => Promise<void> | void;
+    onCancel?: () => Promise<void> | void;
+  }>({});
 
   const { isMobile } = usePlatform();
 
   const ConfirmModal = isMobile ? MobileModal : WebModal;
 
-  const handleShow = useCallback(async ({ type = 'confirm', ...props }: ConfirmModalProps) => {
-    resolver.current?.([false]);
+  const handleShowPromise = useCallback(
+    async ({ type = 'confirm', ...props }: PromiseConfirmModalProps) => {
+      resolver.current?.([false]);
+
+      setModalState({
+        isOpen: true,
+        type,
+        isConfirmLoading: false,
+        isCancelLoading: false,
+        ...props,
+      });
+
+      return new Promise<[result: boolean, data?: unknown]>((resolve) => {
+        // eslint-disable-next-line @silverhand/fp/no-mutation
+        resolver.current = resolve;
+      });
+    },
+    []
+  );
+
+  const handleShowCallback = useCallback(
+    ({ type = 'confirm', onConfirm, onCancel, ...props }: CallbackConfirmModalProps) => {
+      resolver.current?.([false]);
 
-    setModalState({
-      isOpen: true,
-      type,
-      ...props,
-    });
+      setModalState({
+        isOpen: true,
+        type,
+        isConfirmLoading: false,
+        ...props,
+      });
 
-    return new Promise<[result: boolean, data?: unknown]>((resolve) => {
       // eslint-disable-next-line @silverhand/fp/no-mutation
-      resolver.current = resolve;
-    });
-  }, []);
+      callbackRef.current = { onConfirm, onCancel };
+    },
+    []
+  );
 
-  const handleConfirm = useCallback((data?: unknown) => {
+  const handleConfirm = useCallback(async (data?: unknown) => {
+    if (callbackRef.current.onConfirm) {
+      setModalState((previous) => ({ ...previous, isConfirmLoading: true }));
+      await callbackRef.current.onConfirm();
+    }
     resolver.current?.([true, data]);
     setModalState(defaultModalState);
   }, []);
 
-  const handleCancel = useCallback((data?: unknown) => {
+  const handleCancel = useCallback(async (data?: unknown) => {
+    if (callbackRef.current.onCancel) {
+      setModalState((previous) => ({ ...previous, isCancelLoading: true }));
+      await callbackRef.current.onCancel();
+    }
     resolver.current?.([false, data]);
     setModalState(defaultModalState);
   }, []);
 
   const contextValue = useMemo(
     () => ({
-      show: handleShow,
-      confirm: handleConfirm,
-      cancel: handleCancel,
+      showPromise: handleShowPromise,
+      showCallback: handleShowCallback,
     }),
-    [handleCancel, handleConfirm, handleShow]
+    [handleShowPromise, handleShowCallback]
   );
 
   const { ModalContent, type, ...restProps } = modalState;
@@ -95,19 +144,15 @@ const ConfirmModalProvider = ({ children }: Props) => {
         onConfirm={
           type === 'confirm'
             ? () => {
-                handleConfirm();
+                void handleConfirm();
               }
             : undefined
         }
         onClose={() => {
-          handleCancel();
+          void handleCancel();
         }}
       >
-        {typeof ModalContent === 'string' ? (
-          ModalContent
-        ) : (
-          <ModalContent confirm={handleConfirm} cancel={handleCancel} />
-        )}
+        {typeof ModalContent === 'string' ? ModalContent : <ModalContent />}
       </ConfirmModal>
     </ConfirmModalContext.Provider>
   );
diff --git a/packages/experience/src/Providers/ConfirmModalProvider/indext.test.tsx b/packages/experience/src/Providers/ConfirmModalProvider/indext.test.tsx
index 16072159eb36..acb80bd8064c 100644
--- a/packages/experience/src/Providers/ConfirmModalProvider/indext.test.tsx
+++ b/packages/experience/src/Providers/ConfirmModalProvider/indext.test.tsx
@@ -1,15 +1,15 @@
 import { render, fireEvent, waitFor } from '@testing-library/react';
 import { act } from 'react-dom/test-utils';
 
-import { useConfirmModal } from '@/hooks/use-confirm-modal';
+import { useConfirmModal, usePromiseConfirmModal } from '@/hooks/use-confirm-modal';
 
 import ConfirmModalProvider from '.';
 
 const confirmHandler = jest.fn();
 const cancelHandler = jest.fn();
 
-const ConfirmModalTestComponent = () => {
-  const { show } = useConfirmModal();
+const PromiseConfirmModalTestComponent = () => {
+  const { show } = usePromiseConfirmModal();
 
   const onClick = async () => {
     const [result] = await show({ ModalContent: 'confirm modal content' });
@@ -26,82 +26,178 @@ const ConfirmModalTestComponent = () => {
   return <button onClick={onClick}>show modal</button>;
 };
 
-describe('confirm modal provider', () => {
-  it('render confirm modal', async () => {
-    const { queryByText, getByText } = render(
-      <ConfirmModalProvider>
-        <ConfirmModalTestComponent />
-      </ConfirmModalProvider>
-    );
-
-    const trigger = getByText('show modal');
+const CallbackConfirmModalTestComponent = () => {
+  const { show } = useConfirmModal();
 
-    act(() => {
-      fireEvent.click(trigger);
+  const onClick = () => {
+    show({
+      ModalContent: 'confirm modal content',
+      onConfirm: confirmHandler,
+      onCancel: cancelHandler,
     });
+  };
+
+  return <button onClick={onClick}>show modal</button>;
+};
 
-    await waitFor(() => {
-      expect(queryByText('confirm modal content')).not.toBeNull();
-      expect(queryByText('action.confirm')).not.toBeNull();
-      expect(queryByText('action.cancel')).not.toBeNull();
+describe('confirm modal provider', () => {
+  describe('promise confirm modal', () => {
+    it('render confirm modal', async () => {
+      const { queryByText, getByText } = render(
+        <ConfirmModalProvider>
+          <PromiseConfirmModalTestComponent />
+        </ConfirmModalProvider>
+      );
+
+      const trigger = getByText('show modal');
+
+      act(() => {
+        fireEvent.click(trigger);
+      });
+
+      await waitFor(() => {
+        expect(queryByText('confirm modal content')).not.toBeNull();
+        expect(queryByText('action.confirm')).not.toBeNull();
+        expect(queryByText('action.cancel')).not.toBeNull();
+      });
     });
-  });
 
-  it('confirm callback of confirm modal', async () => {
-    const { queryByText, getByText } = render(
-      <ConfirmModalProvider>
-        <ConfirmModalTestComponent />
-      </ConfirmModalProvider>
-    );
+    it('confirm callback of confirm modal', async () => {
+      const { queryByText, getByText } = render(
+        <ConfirmModalProvider>
+          <PromiseConfirmModalTestComponent />
+        </ConfirmModalProvider>
+      );
 
-    const trigger = getByText('show modal');
+      const trigger = getByText('show modal');
 
-    act(() => {
-      fireEvent.click(trigger);
-    });
+      act(() => {
+        fireEvent.click(trigger);
+      });
 
-    await waitFor(() => {
-      expect(queryByText('confirm modal content')).not.toBeNull();
-      expect(queryByText('action.confirm')).not.toBeNull();
-    });
+      await waitFor(() => {
+        expect(queryByText('confirm modal content')).not.toBeNull();
+        expect(queryByText('action.confirm')).not.toBeNull();
+      });
 
-    const confirm = getByText('action.confirm');
+      const confirm = getByText('action.confirm');
 
-    act(() => {
-      fireEvent.click(confirm);
-    });
+      act(() => {
+        fireEvent.click(confirm);
+      });
 
-    await waitFor(() => {
-      expect(confirmHandler).toBeCalled();
+      await waitFor(() => {
+        expect(confirmHandler).toBeCalled();
+      });
     });
-  });
 
-  it('cancel callback of confirm modal', async () => {
-    const { queryByText, getByText } = render(
-      <ConfirmModalProvider>
-        <ConfirmModalTestComponent />
-      </ConfirmModalProvider>
-    );
+    it('cancel callback of confirm modal', async () => {
+      const { queryByText, getByText } = render(
+        <ConfirmModalProvider>
+          <PromiseConfirmModalTestComponent />
+        </ConfirmModalProvider>
+      );
+
+      const trigger = getByText('show modal');
 
-    const trigger = getByText('show modal');
+      act(() => {
+        fireEvent.click(trigger);
+      });
 
-    act(() => {
-      fireEvent.click(trigger);
+      await waitFor(() => {
+        expect(queryByText('confirm modal content')).not.toBeNull();
+        expect(queryByText('action.cancel')).not.toBeNull();
+      });
+
+      const cancel = getByText('action.cancel');
+
+      act(() => {
+        fireEvent.click(cancel);
+      });
+
+      await waitFor(() => {
+        expect(cancelHandler).toBeCalled();
+      });
     });
+  });
 
-    await waitFor(() => {
-      expect(queryByText('confirm modal content')).not.toBeNull();
-      expect(queryByText('action.cancel')).not.toBeNull();
+  describe('callback confirm modal', () => {
+    it('render confirm modal', async () => {
+      const { queryByText, getByText } = render(
+        <ConfirmModalProvider>
+          <CallbackConfirmModalTestComponent />
+        </ConfirmModalProvider>
+      );
+
+      const trigger = getByText('show modal');
+
+      act(() => {
+        fireEvent.click(trigger);
+      });
+
+      await waitFor(() => {
+        expect(queryByText('confirm modal content')).not.toBeNull();
+        expect(queryByText('action.confirm')).not.toBeNull();
+        expect(queryByText('action.cancel')).not.toBeNull();
+      });
     });
 
-    const cancel = getByText('action.cancel');
+    it('confirm callback of confirm modal', async () => {
+      const { queryByText, getByText } = render(
+        <ConfirmModalProvider>
+          <CallbackConfirmModalTestComponent />
+        </ConfirmModalProvider>
+      );
+
+      const trigger = getByText('show modal');
+
+      act(() => {
+        fireEvent.click(trigger);
+      });
+
+      await waitFor(() => {
+        expect(queryByText('confirm modal content')).not.toBeNull();
+        expect(queryByText('action.confirm')).not.toBeNull();
+      });
+
+      const confirm = getByText('action.confirm');
 
-    act(() => {
-      fireEvent.click(cancel);
+      act(() => {
+        fireEvent.click(confirm);
+      });
+
+      await waitFor(() => {
+        expect(confirmHandler).toBeCalled();
+      });
     });
 
-    await waitFor(() => {
-      expect(cancelHandler).toBeCalled();
+    it('cancel callback of confirm modal', async () => {
+      const { queryByText, getByText } = render(
+        <ConfirmModalProvider>
+          <CallbackConfirmModalTestComponent />
+        </ConfirmModalProvider>
+      );
+
+      const trigger = getByText('show modal');
+
+      act(() => {
+        fireEvent.click(trigger);
+      });
+
+      await waitFor(() => {
+        expect(queryByText('confirm modal content')).not.toBeNull();
+        expect(queryByText('action.cancel')).not.toBeNull();
+      });
+
+      const cancel = getByText('action.cancel');
+
+      act(() => {
+        fireEvent.click(cancel);
+      });
+
+      await waitFor(() => {
+        expect(cancelHandler).toBeCalled();
+      });
     });
   });
 });
diff --git a/packages/experience/src/components/ConfirmModal/AcModal.tsx b/packages/experience/src/components/ConfirmModal/AcModal.tsx
index 0f7ce45977ef..17c454783d68 100644
--- a/packages/experience/src/components/ConfirmModal/AcModal.tsx
+++ b/packages/experience/src/components/ConfirmModal/AcModal.tsx
@@ -16,6 +16,8 @@ import type { ModalProps } from './type';
 const AcModal = ({
   className,
   isOpen = false,
+  isConfirmLoading = false,
+  isCancelLoading = false,
   children,
   cancelText = 'action.cancel',
   confirmText = 'action.confirm',
@@ -62,6 +64,7 @@ const AcModal = ({
             type="secondary"
             i18nProps={cancelTextI18nProps}
             size="small"
+            isLoading={isCancelLoading}
             onClick={onClose}
           />
           {onConfirm && (
@@ -69,6 +72,7 @@ const AcModal = ({
               title={confirmText}
               i18nProps={confirmTextI18nProps}
               size="small"
+              isLoading={isConfirmLoading}
               onClick={onConfirm}
             />
           )}
diff --git a/packages/experience/src/components/ConfirmModal/MobileModal.tsx b/packages/experience/src/components/ConfirmModal/MobileModal.tsx
index 9b398da3cb7c..0e888fa5db29 100644
--- a/packages/experience/src/components/ConfirmModal/MobileModal.tsx
+++ b/packages/experience/src/components/ConfirmModal/MobileModal.tsx
@@ -11,6 +11,8 @@ import type { ModalProps } from './type';
 const MobileModal = ({
   className,
   isOpen = false,
+  isConfirmLoading = false,
+  isCancelLoading = false,
   children,
   cancelText = 'action.cancel',
   confirmText = 'action.confirm',
@@ -34,11 +36,17 @@ const MobileModal = ({
           <Button
             title={cancelText}
             i18nProps={cancelTextI18nProps}
+            isLoading={isCancelLoading}
             type="secondary"
             onClick={onClose}
           />
           {onConfirm && (
-            <Button title={confirmText} i18nProps={confirmTextI18nProps} onClick={onConfirm} />
+            <Button
+              title={confirmText}
+              i18nProps={confirmTextI18nProps}
+              isLoading={isConfirmLoading}
+              onClick={onConfirm}
+            />
           )}
         </div>
       </div>
diff --git a/packages/experience/src/components/ConfirmModal/type.ts b/packages/experience/src/components/ConfirmModal/type.ts
index a9a00577def7..5f10d301c92c 100644
--- a/packages/experience/src/components/ConfirmModal/type.ts
+++ b/packages/experience/src/components/ConfirmModal/type.ts
@@ -4,6 +4,8 @@ import type { ReactNode } from 'react';
 export type ModalProps = {
   className?: string;
   isOpen?: boolean;
+  isConfirmLoading?: boolean;
+  isCancelLoading?: boolean;
   children: ReactNode;
   cancelText?: TFuncKey;
   confirmText?: TFuncKey;
diff --git a/packages/experience/src/containers/VerificationCode/use-identifier-error-alert.ts b/packages/experience/src/containers/VerificationCode/use-identifier-error-alert.ts
index d92038ea3055..eadd214e8640 100644
--- a/packages/experience/src/containers/VerificationCode/use-identifier-error-alert.ts
+++ b/packages/experience/src/containers/VerificationCode/use-identifier-error-alert.ts
@@ -3,7 +3,7 @@ import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useNavigate } from 'react-router-dom';
 
-import { useConfirmModal } from '@/hooks/use-confirm-modal';
+import { usePromiseConfirmModal } from '@/hooks/use-confirm-modal';
 import type { VerificationCodeIdentifier } from '@/types';
 import { formatPhoneNumberWithCountryCallingCode } from '@/utils/country-code';
 
@@ -13,7 +13,7 @@ export enum IdentifierErrorType {
 }
 
 const useIdentifierErrorAlert = () => {
-  const { show } = useConfirmModal();
+  const { show } = usePromiseConfirmModal();
   const navigate = useNavigate();
   const { t } = useTranslation();
 
diff --git a/packages/experience/src/containers/VerificationCode/use-link-social-confirm-modal.ts b/packages/experience/src/containers/VerificationCode/use-link-social-confirm-modal.ts
index 39fb7dc04aa1..210ea554115e 100644
--- a/packages/experience/src/containers/VerificationCode/use-link-social-confirm-modal.ts
+++ b/packages/experience/src/containers/VerificationCode/use-link-social-confirm-modal.ts
@@ -16,7 +16,7 @@ const useLinkSocialConfirmModal = () => {
 
   return useCallback(
     async (method: VerificationCodeIdentifier, target: string, connectorId: string) => {
-      const [confirm] = await show({
+      show({
         confirmText: 'action.bind_and_continue',
         cancelText: 'action.change',
         cancelTextI18nProps: {
@@ -29,15 +29,13 @@ const useLinkSocialConfirmModal = () => {
               ? formatPhoneNumberWithCountryCallingCode(target)
               : target,
         }),
+        onConfirm: async () => {
+          await linkWithSocial(connectorId);
+        },
+        onCancel: () => {
+          navigate(-1);
+        },
       });
-
-      if (!confirm) {
-        navigate(-1);
-
-        return;
-      }
-
-      await linkWithSocial(connectorId);
     },
     [linkWithSocial, navigate, show, t]
   );
diff --git a/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts b/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts
index 1608c2336b00..0dec679a8466 100644
--- a/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts
+++ b/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts
@@ -50,7 +50,7 @@ const useRegisterFlowCodeVerification = (
       return;
     }
 
-    const [confirm] = await show({
+    show({
       confirmText: 'action.sign_in',
       ModalContent: t('description.create_account_id_exists', {
         type: t(`description.${method === SignInIdentifier.Email ? 'email' : 'phone_number'}`),
@@ -59,25 +59,23 @@ const useRegisterFlowCodeVerification = (
             ? formatPhoneNumberWithCountryCallingCode(target)
             : target,
       }),
+      onConfirm: async () => {
+        const [error, result] = await signInWithIdentifierAsync();
+
+        if (error) {
+          await handleError(error, preSignInErrorHandler);
+
+          return;
+        }
+
+        if (result?.redirectTo) {
+          redirectTo(result.redirectTo);
+        }
+      },
+      onCancel: () => {
+        navigate(-1);
+      },
     });
-
-    if (!confirm) {
-      navigate(-1);
-
-      return;
-    }
-
-    const [error, result] = await signInWithIdentifierAsync();
-
-    if (error) {
-      await handleError(error, preSignInErrorHandler);
-
-      return;
-    }
-
-    if (result?.redirectTo) {
-      redirectTo(result.redirectTo);
-    }
   }, [
     handleError,
     method,
diff --git a/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts b/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts
index 4c410e91f3c6..16a6e0f7f995 100644
--- a/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts
+++ b/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts
@@ -51,7 +51,7 @@ const useSignInFlowCodeVerification = (
       return;
     }
 
-    const [confirm] = await show({
+    show({
       confirmText: 'action.create',
       ModalContent: t('description.sign_in_id_does_not_exist', {
         type: t(`description.${method === SignInIdentifier.Email ? 'email' : 'phone_number'}`),
@@ -60,27 +60,25 @@ const useSignInFlowCodeVerification = (
             ? formatPhoneNumberWithCountryCallingCode(target)
             : target,
       }),
+      onConfirm: async () => {
+        const [error, result] = await registerWithIdentifierAsync(
+          method === SignInIdentifier.Email ? { email: target } : { phone: target }
+        );
+
+        if (error) {
+          await handleError(error, preSignInErrorHandler);
+
+          return;
+        }
+
+        if (result?.redirectTo) {
+          redirectTo(result.redirectTo);
+        }
+      },
+      onCancel: () => {
+        navigate(-1);
+      },
     });
-
-    if (!confirm) {
-      navigate(-1);
-
-      return;
-    }
-
-    const [error, result] = await registerWithIdentifierAsync(
-      method === SignInIdentifier.Email ? { email: target } : { phone: target }
-    );
-
-    if (error) {
-      await handleError(error, preSignInErrorHandler);
-
-      return;
-    }
-
-    if (result?.redirectTo) {
-      redirectTo(result.redirectTo);
-    }
   }, [
     signInMode,
     show,
diff --git a/packages/experience/src/hooks/use-confirm-modal.ts b/packages/experience/src/hooks/use-confirm-modal.ts
index 81521b481307..6ae139e77f26 100644
--- a/packages/experience/src/hooks/use-confirm-modal.ts
+++ b/packages/experience/src/hooks/use-confirm-modal.ts
@@ -2,6 +2,49 @@ import { useContext } from 'react';
 
 import { ConfirmModalContext } from '@/Providers/ConfirmModalProvider';
 
-export type { ModalContentRenderProps } from '@/Providers/ConfirmModalProvider';
+/**
+ * Hook for using the promise-based confirm modal
+ *
+ * @returns An object with a `show` method that returns a promise
+ *
+ * Example:
+ * ```ts
+ * const { show } = usePromiseConfirmModal();
+ * const [result] = await show({ ModalContent: 'Are you sure?' });
+ * if (result) {
+ *   // User confirmed
+ * }
+ *```
+ */
+export const usePromiseConfirmModal = () => {
+  const { showPromise } = useContext(ConfirmModalContext);
 
-export const useConfirmModal = () => useContext(ConfirmModalContext);
+  return { show: showPromise };
+};
+
+/**
+ * Hook for using the callback-based confirm modal
+ *
+ * @returns An object with a `show` method that accepts callbacks
+ *
+ * Example:
+ * ```ts
+ * const { show } = useConfirmModal();
+ * show({
+ *  ModalContent: 'Are you sure?',
+ *  onConfirm: async () => {
+ *    // This will automatically set the confirm button to loading state
+ *    await someAsyncOperation();
+ *  },
+ *  onCancel: async () => {
+ *    // This will automatically set the cancel button to loading state
+ *    await someAsyncOperation();
+ *  }
+ * });
+ * ```
+ */
+export const useConfirmModal = () => {
+  const { showCallback } = useContext(ConfirmModalContext);
+
+  return { show: showCallback };
+};
diff --git a/packages/experience/src/hooks/use-terms.ts b/packages/experience/src/hooks/use-terms.ts
index dd95c03aef99..c94ae23083d9 100644
--- a/packages/experience/src/hooks/use-terms.ts
+++ b/packages/experience/src/hooks/use-terms.ts
@@ -5,11 +5,11 @@ import { useCallback, useContext, useMemo } from 'react';
 import PageContext from '@/Providers/PageContextProvider/PageContext';
 import TermsAndPrivacyConfirmModalContent from '@/containers/TermsAndPrivacyConfirmModalContent';
 
-import { useConfirmModal } from './use-confirm-modal';
+import { usePromiseConfirmModal } from './use-confirm-modal';
 
 const useTerms = () => {
   const { termsAgreement, setTermsAgreement, experienceSettings } = useContext(PageContext);
-  const { show } = useConfirmModal();
+  const { show } = usePromiseConfirmModal();
 
   const { termsOfUseUrl, privacyPolicyUrl, isTermsDisabled, agreeToTermsPolicy } = useMemo(() => {
     const { termsOfUseUrl, privacyPolicyUrl, agreeToTermsPolicy } = experienceSettings ?? {};
diff --git a/packages/experience/src/pages/Continue/SetPassword/index.tsx b/packages/experience/src/pages/Continue/SetPassword/index.tsx
index a76f374d8e8b..64530f584ee7 100644
--- a/packages/experience/src/pages/Continue/SetPassword/index.tsx
+++ b/packages/experience/src/pages/Continue/SetPassword/index.tsx
@@ -4,7 +4,7 @@ import { useNavigate } from 'react-router-dom';
 import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
 import { addProfile } from '@/apis/interaction';
 import SetPasswordForm from '@/containers/SetPassword';
-import { useConfirmModal } from '@/hooks/use-confirm-modal';
+import { usePromiseConfirmModal } from '@/hooks/use-confirm-modal';
 import type { ErrorHandlers } from '@/hooks/use-error-handler';
 import useGlobalRedirectTo from '@/hooks/use-global-redirect-to';
 import usePasswordAction, { type SuccessHandler } from '@/hooks/use-password-action';
@@ -18,7 +18,7 @@ const SetPassword = () => {
   }, []);
 
   const navigate = useNavigate();
-  const { show } = useConfirmModal();
+  const { show } = usePromiseConfirmModal();
   const redirectTo = useGlobalRedirectTo();
 
   const preSignInErrorHandler = usePreSignInErrorHandler();
diff --git a/packages/experience/src/pages/RegisterPassword/index.tsx b/packages/experience/src/pages/RegisterPassword/index.tsx
index 0a9443c3fb3a..b276b2c4ea9f 100644
--- a/packages/experience/src/pages/RegisterPassword/index.tsx
+++ b/packages/experience/src/pages/RegisterPassword/index.tsx
@@ -5,7 +5,7 @@ import { useNavigate } from 'react-router-dom';
 import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
 import { setUserPassword } from '@/apis/interaction';
 import SetPassword from '@/containers/SetPassword';
-import { useConfirmModal } from '@/hooks/use-confirm-modal';
+import { usePromiseConfirmModal } from '@/hooks/use-confirm-modal';
 import { type ErrorHandlers } from '@/hooks/use-error-handler';
 import useGlobalRedirectTo from '@/hooks/use-global-redirect-to';
 import useMfaErrorHandler from '@/hooks/use-mfa-error-handler';
@@ -19,7 +19,7 @@ const RegisterPassword = () => {
 
   const navigate = useNavigate();
   const redirectTo = useGlobalRedirectTo();
-  const { show } = useConfirmModal();
+  const { show } = usePromiseConfirmModal();
   const [errorMessage, setErrorMessage] = useState<string>();
   const clearErrorMessage = useCallback(() => {
     setErrorMessage(undefined);
diff --git a/packages/experience/src/pages/ResetPassword/index.tsx b/packages/experience/src/pages/ResetPassword/index.tsx
index 26b415705d21..397566861502 100644
--- a/packages/experience/src/pages/ResetPassword/index.tsx
+++ b/packages/experience/src/pages/ResetPassword/index.tsx
@@ -6,7 +6,7 @@ import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
 import { setUserPassword } from '@/apis/interaction';
 import SetPassword from '@/containers/SetPassword';
-import { useConfirmModal } from '@/hooks/use-confirm-modal';
+import { usePromiseConfirmModal } from '@/hooks/use-confirm-modal';
 import { type ErrorHandlers } from '@/hooks/use-error-handler';
 import usePasswordAction, { type SuccessHandler } from '@/hooks/use-password-action';
 import { usePasswordPolicy } from '@/hooks/use-sie';
@@ -20,7 +20,7 @@ const ResetPassword = () => {
   const { t } = useTranslation();
   const { setToast } = useToast();
   const navigate = useNavigate();
-  const { show } = useConfirmModal();
+  const { show } = usePromiseConfirmModal();
   const { setForgotPasswordIdentifierInputValue } = useContext(UserInteractionContext);
   const errorHandlers: ErrorHandlers = useMemo(
     () => ({

From 49d357d9ecc90d6a4e91b1346497aae41a2effb7 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 17 Jul 2024 13:58:40 +0800
Subject: [PATCH 028/135] chore(elements): update readme

---
 packages/elements/README.md | 40 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/packages/elements/README.md b/packages/elements/README.md
index 3a7ddcdad42a..81b2c64644c6 100644
--- a/packages/elements/README.md
+++ b/packages/elements/README.md
@@ -1,3 +1,41 @@
 # Logto elements
 
-🚧 Work in progress
+A collection of Web Components for building better applications with Logto.
+
+> [!Warning]
+> This package is still under development and not yet published to npm.
+
+## Development
+
+- The standard `dev` script is useful for testing the Logto integration when you are working with the workspace's `dev` script. How ever, the dev integration has some issues like duplicate registration and stale element cache. It's not easy to overcome them at the moment.
+- Run the `start` script to start a quick development server that serves the elements via `index.html`.
+
+## Internationalization
+
+The elements are using `@lit/localize` for internationalization. The translations are stored in the `xliff` directory. There's no need to update that directory for new phrases, unless you can add the translations at the same time. See [Localization](https://lit.dev/docs/localization/overview/) for more information.
+
+### Update translations
+
+1. Run `lit-localize extract` to extract and sync the translations from the source code to the `xliff` directory.
+2. Translate the phrases in the `xliff` directory.
+3. Run `lit-localize build` to build the translations into the `src/generated` directory.
+
+> [!Important]
+> `lit-localize build` is required to build the bundle with the translations.
+
+### Convention
+
+Although `@lit/localize` gives us the flexibility to write localized strings in a casual way, we should follow a convention to keep the translations consistent.
+
+When using `msg()`, a human-readable ID should be used, and it is highly recommended to also write the description to give the translators (or LLMs) more context.
+
+```ts
+// ✅ Good
+msg('Not available', {
+  id: 'form-card.fallback-title',
+  desc: 'The fallback title of a form card when the title is not provided.',
+})
+
+// ❌ Bad
+msg('Not available')
+```

From 0a92bd2fdcb27cd81059f6ab5456caaab653a781 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Wed, 17 Jul 2024 14:39:20 +0800
Subject: [PATCH 029/135] feat(core): add the new user provision (#6253)

add the new user provision
---
 .../classes/experience-interaction.test.ts    | 119 +++++++++++
 .../classes/experience-interaction.ts         |  23 +-
 .../experience/classes/provision-library.ts   | 196 ++++++++++++++++++
 .../organization-jti.test.ts                  | 175 ++++++++++++++++
 .../api/interaction/organization-jit.test.ts  |   2 +-
 5 files changed, 509 insertions(+), 6 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/experience-interaction.test.ts
 create mode 100644 packages/core/src/routes/experience/classes/provision-library.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.test.ts b/packages/core/src/routes/experience/classes/experience-interaction.test.ts
new file mode 100644
index 000000000000..561df47d981d
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/experience-interaction.test.ts
@@ -0,0 +1,119 @@
+import {
+  adminConsoleApplicationId,
+  adminTenantId,
+  type CreateUser,
+  InteractionEvent,
+  SignInIdentifier,
+  SignInMode,
+  type User,
+  VerificationType,
+} from '@logto/schemas';
+import { createMockUtils, pickDefault } from '@logto/shared/esm';
+
+import { mockSignInExperience } from '#src/__mocks__/sign-in-experience.js';
+import { type InsertUserResult } from '#src/libraries/user.js';
+import { createMockLogContext } from '#src/test-utils/koa-audit-log.js';
+import { createMockProvider } from '#src/test-utils/oidc-provider.js';
+import { MockTenant } from '#src/test-utils/tenant.js';
+import { createContextWithRouteParameters } from '#src/utils/test-utils.js';
+
+import { CodeVerification } from './verifications/code-verification.js';
+
+const { jest } = import.meta;
+const { mockEsm } = createMockUtils(jest);
+
+mockEsm('#src/utils/tenant.js', () => ({
+  getTenantId: () => [adminTenantId],
+}));
+
+const mockEmail = 'foo@bar.com';
+const userQueries = {
+  hasActiveUsers: jest.fn().mockResolvedValue(false),
+  hasUserWithEmail: jest.fn().mockResolvedValue(false),
+  hasUserWithPhone: jest.fn().mockResolvedValue(false),
+  hasUserWithIdentity: jest.fn().mockResolvedValue(false),
+};
+const userLibraries = {
+  generateUserId: jest.fn().mockResolvedValue('uid'),
+  insertUser: jest.fn(async (user: CreateUser): Promise<InsertUserResult> => [user as User]),
+  provisionOrganizations: jest.fn(),
+};
+const ssoConnectors = {
+  getAvailableSsoConnectors: jest.fn().mockResolvedValue([]),
+};
+const signInExperiences = {
+  findDefaultSignInExperience: jest.fn().mockResolvedValue({
+    ...mockSignInExperience,
+    signUp: {
+      identifiers: [SignInIdentifier.Email],
+      password: false,
+      verify: true,
+    },
+  }),
+  updateDefaultSignInExperience: jest.fn(),
+};
+
+const mockProviderInteractionDetails = jest
+  .fn()
+  .mockResolvedValue({ params: { client_id: adminConsoleApplicationId } });
+
+const ExperienceInteraction = await pickDefault(import('./experience-interaction.js'));
+
+describe('ExperienceInteraction class', () => {
+  const tenant = new MockTenant(
+    createMockProvider(mockProviderInteractionDetails),
+    {
+      users: userQueries,
+      signInExperiences,
+    },
+    undefined,
+    { users: userLibraries, ssoConnectors }
+  );
+  const ctx = {
+    ...createContextWithRouteParameters(),
+    ...createMockLogContext(),
+  };
+  const { libraries, queries } = tenant;
+
+  const emailVerificationRecord = new CodeVerification(libraries, queries, {
+    id: 'mock_email_verification_id',
+    type: VerificationType.VerificationCode,
+    identifier: {
+      type: SignInIdentifier.Email,
+      value: mockEmail,
+    },
+    interactionEvent: InteractionEvent.Register,
+    verified: true,
+  });
+
+  beforeAll(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('new user registration', () => {
+    it('First admin user provisioning', async () => {
+      const experienceInteraction = new ExperienceInteraction(ctx, tenant);
+
+      await experienceInteraction.setInteractionEvent(InteractionEvent.Register);
+      experienceInteraction.setVerificationRecord(emailVerificationRecord);
+      await experienceInteraction.identifyUser(emailVerificationRecord.id);
+
+      expect(userLibraries.insertUser).toHaveBeenCalledWith(
+        {
+          id: 'uid',
+          primaryEmail: mockEmail,
+        },
+        ['user', 'default:admin']
+      );
+
+      expect(signInExperiences.updateDefaultSignInExperience).toHaveBeenCalledWith({
+        signInMode: SignInMode.SignIn,
+      });
+
+      expect(userLibraries.provisionOrganizations).toHaveBeenCalledWith({
+        userId: 'uid',
+        email: mockEmail,
+      });
+    });
+  });
+});
diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index a5632b99679c..210b1d79c025 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -11,6 +11,7 @@ import assertThat from '#src/utils/assert-that.js';
 
 import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
 
+import { ProvisionLibrary } from './provision-library.js';
 import { getNewUserProfileFromVerificationRecord, toUserSocialIdentityData } from './utils.js';
 import { ProfileValidator } from './validators/profile-validator.js';
 import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
@@ -44,13 +45,14 @@ const interactionStorageGuard = z.object({
 export default class ExperienceInteraction {
   public readonly signInExperienceValidator: SignInExperienceValidator;
   public readonly profileValidator: ProfileValidator;
+  public readonly provisionLibrary: ProvisionLibrary;
 
   /** The user verification record list for the current interaction. */
   private readonly verificationRecords = new Map<VerificationType, VerificationRecord>();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
   /** The user provided profile data in the current interaction that needs to be stored to database. */
-  private readonly profile?: Record<string, unknown>; // TODO: Fix the type
+  private readonly profile?: InteractionProfile;
   /** The interaction event for the current interaction. */
   #interactionEvent?: InteractionEvent;
 
@@ -63,11 +65,12 @@ export default class ExperienceInteraction {
   constructor(
     private readonly ctx: WithLogContext,
     private readonly tenant: TenantContext,
-    public interactionDetails?: Interaction
+    interactionDetails?: Interaction
   ) {
     const { libraries, queries } = tenant;
 
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
+    this.provisionLibrary = new ProvisionLibrary(tenant, ctx);
 
     if (!interactionDetails) {
       this.profileValidator = new ProfileValidator(libraries, queries);
@@ -294,19 +297,25 @@ export default class ExperienceInteraction {
 
     await this.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
 
-    // TODO: new user provisioning and hooks
-
     const { socialIdentity, enterpriseSsoIdentity, ...rest } = newProfile;
 
+    const { isCreatingFirstAdminUser, initialUserRoles, customData } =
+      await this.provisionLibrary.getUserProvisionContext(newProfile);
+
     const [user] = await insertUser(
       {
         id: await generateUserId(),
         ...rest,
         ...conditional(socialIdentity && { identities: toUserSocialIdentityData(socialIdentity) }),
+        ...conditional(customData && { customData }),
       },
-      []
+      initialUserRoles
     );
 
+    if (isCreatingFirstAdminUser) {
+      await this.provisionLibrary.adminUserProvision(user);
+    }
+
     if (enterpriseSsoIdentity) {
       await userSsoIdentitiesQueries.insert({
         id: generateStandardId(),
@@ -315,6 +324,10 @@ export default class ExperienceInteraction {
       });
     }
 
+    await this.provisionLibrary.newUserJtiOrganizationProvision(user.id, newProfile);
+
+    // TODO: new user hooks
+
     this.userId = user.id;
   }
 }
diff --git a/packages/core/src/routes/experience/classes/provision-library.ts b/packages/core/src/routes/experience/classes/provision-library.ts
new file mode 100644
index 000000000000..3a978bc56089
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/provision-library.ts
@@ -0,0 +1,196 @@
+import {
+  adminConsoleApplicationId,
+  adminTenantId,
+  AdminTenantRole,
+  defaultManagementApiAdminName,
+  defaultTenantId,
+  getTenantOrganizationId,
+  getTenantRole,
+  OrganizationInvitationStatus,
+  SignInMode,
+  TenantRole,
+  userOnboardingDataKey,
+  type User,
+  type UserOnboardingData,
+} from '@logto/schemas';
+import { conditionalArray } from '@silverhand/essentials';
+
+import { EnvSet } from '#src/env-set/index.js';
+import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
+import type TenantContext from '#src/tenants/TenantContext.js';
+import { getTenantId } from '#src/utils/tenant.js';
+
+import { type InteractionProfile } from '../types.js';
+
+type OrganizationProvisionPayload =
+  | {
+      userId: string;
+      email: string;
+    }
+  | {
+      userId: string;
+      ssoConnectorId: string;
+    };
+
+export class ProvisionLibrary {
+  constructor(
+    private readonly tenantContext: TenantContext,
+    private readonly ctx: WithLogContext
+  ) {}
+
+  /**
+   * This method is used to get the provision context for a new user registration.
+   * It will return the provision context based on the current tenant and the request context.
+   */
+  async getUserProvisionContext(profile: InteractionProfile): Promise<{
+    /** Admin user provisioning flag */
+    isCreatingFirstAdminUser: boolean;
+    /** Initial user roles for admin tenant users */
+    initialUserRoles: string[];
+    /** Skip onboarding flow if the new user has pending Cloud invitations */
+    customData?: { [userOnboardingDataKey]: UserOnboardingData };
+  }> {
+    const {
+      provider,
+      queries: {
+        users: { hasActiveUsers },
+        organizations: organizationsQueries,
+      },
+    } = this.tenantContext;
+
+    const { req, res, URL } = this.ctx;
+
+    const [interactionDetails, [currentTenantId]] = await Promise.all([
+      provider.interactionDetails(req, res),
+      getTenantId(URL),
+    ]);
+
+    const {
+      params: { client_id },
+    } = interactionDetails;
+
+    const isAdminTenant = currentTenantId === adminTenantId;
+    const isAdminConsoleApp = String(client_id) === adminConsoleApplicationId;
+
+    const { isCloud, isIntegrationTest } = EnvSet.values;
+
+    /**
+     * Only allow creating the first admin user when
+     *
+     * - it's in OSS or integration tests
+     * - it's in the admin tenant
+     * - the client_id is the admin console application
+     * - there are no active users in the tenant
+     */
+    const isCreatingFirstAdminUser =
+      (!isCloud || isIntegrationTest) &&
+      isAdminTenant &&
+      isAdminConsoleApp &&
+      !(await hasActiveUsers());
+
+    const invitations =
+      isCloud && profile.primaryEmail
+        ? await organizationsQueries.invitations.findEntities({
+            invitee: profile.primaryEmail,
+          })
+        : [];
+
+    const hasPendingInvitations = invitations.some(
+      (invitation) => invitation.status === OrganizationInvitationStatus.Pending
+    );
+
+    const initialUserRoles = this.getInitialUserRoles(
+      isAdminTenant,
+      isCreatingFirstAdminUser,
+      isCloud
+    );
+
+    // Skip onboarding flow if the new user has pending Cloud invitations
+    const customData = hasPendingInvitations
+      ? {
+          [userOnboardingDataKey]: {
+            isOnboardingDone: true,
+          } satisfies UserOnboardingData,
+        }
+      : undefined;
+
+    return {
+      isCreatingFirstAdminUser,
+      initialUserRoles,
+      customData,
+    };
+  }
+
+  /**
+   * First admin user provision
+   *
+   * - For OSS, update the default sign-in experience to "sign-in only" once the first admin has been created.
+   * - Add the user to the default organization and assign the admin role.
+   */
+  async adminUserProvision({ id }: User) {
+    const { isCloud } = EnvSet.values;
+    const {
+      queries: { signInExperiences, organizations },
+    } = this.tenantContext;
+
+    // In OSS, we need to limit sign-in experience to "sign-in only" once
+    // the first admin has been create since we don't want other unexpected registrations
+    await signInExperiences.updateDefaultSignInExperience({
+      signInMode: isCloud ? SignInMode.SignInAndRegister : SignInMode.SignIn,
+    });
+
+    const organizationId = getTenantOrganizationId(defaultTenantId);
+    await organizations.relations.users.insert({ organizationId, userId: id });
+    await organizations.relations.usersRoles.insert({
+      organizationId,
+      userId: id,
+      organizationRoleId: getTenantRole(TenantRole.Admin).id,
+    });
+  }
+
+  /**
+   * Provision the organization for a new user
+   *
+   * - If the user has an enterprise SSO identity, provision the organization based on the SSO connector
+   * - Otherwise, provision the organization based on the primary email
+   */
+  async newUserJtiOrganizationProvision(
+    userId: string,
+    { primaryEmail, enterpriseSsoIdentity }: InteractionProfile
+  ) {
+    if (enterpriseSsoIdentity) {
+      return this.jitOrganizationProvision({
+        userId,
+        ssoConnectorId: enterpriseSsoIdentity.ssoConnectorId,
+      });
+    }
+    if (primaryEmail) {
+      return this.jitOrganizationProvision({
+        userId,
+        email: primaryEmail,
+      });
+    }
+  }
+
+  private async jitOrganizationProvision(payload: OrganizationProvisionPayload) {
+    const {
+      libraries: { users: usersLibraries },
+    } = this.tenantContext;
+
+    const provisionedOrganizations = await usersLibraries.provisionOrganizations(payload);
+
+    // TODO: trigger hooks event
+
+    return provisionedOrganizations;
+  }
+
+  private readonly getInitialUserRoles = (
+    isInAdminTenant: boolean,
+    isCreatingFirstAdminUser: boolean,
+    isCloud: boolean
+  ) =>
+    conditionalArray<string>(
+      isInAdminTenant && AdminTenantRole.User,
+      isCreatingFirstAdminUser && !isCloud && defaultManagementApiAdminName // OSS uses the legacy Management API user role
+    );
+}
diff --git a/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts b/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts
new file mode 100644
index 000000000000..5cc2208411cd
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts
@@ -0,0 +1,175 @@
+import { ConnectorType } from '@logto/connector-kit';
+import { SignInIdentifier } from '@logto/schemas';
+
+import { deleteUser, getUserOrganizations } from '#src/api/admin-user.js';
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
+import { SsoConnectorApi } from '#src/api/sso-connector.js';
+import {
+  clearConnectorsByTypes,
+  setEmailConnector,
+  setSmsConnector,
+} from '#src/helpers/connector.js';
+import {
+  registerNewUserWithVerificationCode,
+  signInWithEnterpriseSso,
+  signInWithVerificationCode,
+} from '#src/helpers/experience/index.js';
+import { OrganizationApiTest } from '#src/helpers/organization.js';
+import { enableAllVerificationCodeSignInMethods } from '#src/helpers/sign-in-experience.js';
+import { devFeatureTest, generateEmail, randomString } from '#src/utils.js';
+
+devFeatureTest.describe('organization just-in-time provisioning', () => {
+  const organizationApi = new OrganizationApiTest();
+  const ssoConnectorApi = new SsoConnectorApi();
+
+  beforeAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Email]);
+    await Promise.all([setEmailConnector(), setSmsConnector()]);
+
+    await enableAllVerificationCodeSignInMethods({
+      identifiers: [SignInIdentifier.Email],
+      password: false,
+      verify: true,
+    });
+
+    await updateSignInExperience({
+      singleSignOnEnabled: true,
+    });
+  });
+
+  afterEach(async () => {
+    await Promise.all([organizationApi.cleanUp(), ssoConnectorApi.cleanUp()]);
+  });
+
+  const prepare = async (emailDomain = `foo-${randomString()}.com`, ssoConnectorId?: string) => {
+    const organizations = await Promise.all([
+      organizationApi.create({ name: 'foo' }),
+      organizationApi.create({ name: 'bar' }),
+      organizationApi.create({ name: 'baz' }),
+    ]);
+    const roles = await Promise.all([
+      organizationApi.roleApi.create({ name: randomString() }),
+      organizationApi.roleApi.create({ name: randomString() }),
+    ]);
+    await Promise.all(
+      organizations.map(async (organization) => {
+        if (emailDomain) {
+          await organizationApi.jit.addEmailDomain(organization.id, emailDomain);
+        }
+
+        if (ssoConnectorId) {
+          await organizationApi.jit.ssoConnectors.add(organization.id, [ssoConnectorId]);
+        }
+      })
+    );
+    await Promise.all([
+      organizationApi.jit.roles.add(organizations[0].id, [roles[0].id, roles[1].id]),
+      organizationApi.jit.roles.add(organizations[1].id, [roles[0].id]),
+    ]);
+    return {
+      organizations,
+      roles,
+      emailDomain,
+      expectOrganizations: () =>
+        expect.arrayContaining([
+          expect.objectContaining({
+            id: organizations[0].id,
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+            organizationRoles: expect.arrayContaining([
+              expect.objectContaining({ id: roles[0].id }),
+              expect.objectContaining({ id: roles[1].id }),
+            ]),
+          }),
+          expect.objectContaining({
+            id: organizations[1].id,
+            organizationRoles: [expect.objectContaining({ id: roles[0].id })],
+          }),
+          expect.objectContaining({
+            id: organizations[2].id,
+            organizationRoles: [],
+          }),
+        ]),
+    };
+  };
+
+  it('should automatically provision a user with matched email', async () => {
+    const { emailDomain, expectOrganizations } = await prepare();
+    const email = randomString() + '@' + emailDomain;
+
+    const userId = await registerNewUserWithVerificationCode({
+      type: SignInIdentifier.Email,
+      value: email,
+    });
+
+    const userOrganizations = await getUserOrganizations(userId);
+    expect(userOrganizations).toEqual(expectOrganizations());
+
+    await deleteUser(userId);
+  });
+
+  it('should not provision a user with the matched email from a SSO identity', async () => {
+    const organization = await organizationApi.create({ name: 'sso_foo' });
+    const domain = 'sso_example.com';
+    await organizationApi.jit.addEmailDomain(organization.id, domain);
+    const connector = await ssoConnectorApi.createMockOidcConnector([domain]);
+
+    const userId = await signInWithEnterpriseSso(
+      connector.id,
+      {
+        sub: randomString(),
+        email: generateEmail(domain),
+        email_verified: true,
+      },
+      true
+    );
+
+    const userOrganizations = await getUserOrganizations(userId);
+    expect(userOrganizations).toEqual([]);
+    await deleteUser(userId);
+  });
+
+  it('should not provision an existing user with the matched email when sign-in', async () => {
+    const emailDomain = `foo-${randomString()}.com`;
+    const email = randomString() + '@' + emailDomain;
+    const userId = await registerNewUserWithVerificationCode({
+      type: SignInIdentifier.Email,
+      value: email,
+    });
+
+    await prepare(emailDomain);
+
+    await signInWithVerificationCode({
+      type: SignInIdentifier.Email,
+      value: email,
+    });
+
+    const userOrganizations = await getUserOrganizations(userId);
+    expect(userOrganizations).toEqual([]);
+    await deleteUser(userId);
+  });
+
+  it('should provision a user with the matched sso connector', async () => {
+    const organization = await organizationApi.create({ name: 'sso_foo' });
+    const domain = 'sso_example.com';
+    const connector = await ssoConnectorApi.createMockOidcConnector([domain]);
+    await organizationApi.jit.ssoConnectors.add(organization.id, [connector.id]);
+
+    const userId = await signInWithEnterpriseSso(
+      connector.id,
+      {
+        sub: randomString(),
+        email: generateEmail(domain),
+        email_verified: true,
+      },
+      true
+    );
+
+    const userOrganizations = await getUserOrganizations(userId);
+
+    expect(userOrganizations).toEqual(
+      expect.arrayContaining([expect.objectContaining({ id: organization.id })])
+    );
+
+    await deleteUser(userId);
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/interaction/organization-jit.test.ts b/packages/integration-tests/src/tests/api/interaction/organization-jit.test.ts
index d315d08039f7..e78fd7ef327b 100644
--- a/packages/integration-tests/src/tests/api/interaction/organization-jit.test.ts
+++ b/packages/integration-tests/src/tests/api/interaction/organization-jit.test.ts
@@ -180,7 +180,7 @@ describe('organization just-in-time provisioning', () => {
     await deleteUser(userId);
   });
 
-  it('should not automatically provision an existing user when the user is an existing user', async () => {
+  it('should not automatically provision an existing user', async () => {
     const emailDomain = `foo-${randomString()}.com`;
     const email = randomString() + '@' + emailDomain;
     const { client } = await registerWithEmail(email);

From 6fca3fe3c4deb63171f1c697a5d5d530ef9992af Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Wed, 17 Jul 2024 15:16:54 +0800
Subject: [PATCH 030/135] feat(connector): enable custom headers for SMTP
 connector (#6256)

---
 .changeset/slow-boxes-greet.md                |  5 +++++
 .../connectors/connector-smtp/src/constant.ts |  9 ++++++++
 .../connector-smtp/src/index.test.ts          | 22 +++++++++++++++++++
 .../connectors/connector-smtp/src/index.ts    | 11 ++++++++--
 .../connectors/connector-smtp/src/mock.ts     |  1 +
 .../connectors/connector-smtp/src/types.ts    |  1 +
 6 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 .changeset/slow-boxes-greet.md

diff --git a/.changeset/slow-boxes-greet.md b/.changeset/slow-boxes-greet.md
new file mode 100644
index 000000000000..3114f181f659
--- /dev/null
+++ b/.changeset/slow-boxes-greet.md
@@ -0,0 +1,5 @@
+---
+"@logto/connector-smtp": minor
+---
+
+enable static custom headers for SMTP connector
diff --git a/packages/connectors/connector-smtp/src/constant.ts b/packages/connectors/connector-smtp/src/constant.ts
index d2078b048c0e..28d9a42761f6 100644
--- a/packages/connectors/connector-smtp/src/constant.ts
+++ b/packages/connectors/connector-smtp/src/constant.ts
@@ -198,5 +198,14 @@ export const defaultMetadata: ConnectorMetadata = {
       type: ConnectorConfigFormItemType.Switch,
       required: false,
     },
+    {
+      key: 'customHeaders',
+      label: 'Custom Headers',
+      type: ConnectorConfigFormItemType.Json,
+      required: false,
+      defaultValue: {},
+      description:
+        'Custom headers to be added to original email headers when sending messages. Both keys and values should be string-typed.',
+    },
   ],
 };
diff --git a/packages/connectors/connector-smtp/src/index.test.ts b/packages/connectors/connector-smtp/src/index.test.ts
index a28137dd32dd..b57ad02e1332 100644
--- a/packages/connectors/connector-smtp/src/index.test.ts
+++ b/packages/connectors/connector-smtp/src/index.test.ts
@@ -79,6 +79,28 @@ describe('SMTP connector', () => {
       to: 'baz',
     });
   });
+
+  it('should send mail with customer headers', async () => {
+    const connector = await createConnector({
+      getConfig: vi.fn().mockResolvedValue({
+        ...mockedConfig,
+        customHeaders: { 'X-Test': 'test', 'X-Test-Another': ['test1', 'test2', 'test3'] },
+      }),
+    });
+    await connector.sendMessage({
+      to: 'baz',
+      type: TemplateType.OrganizationInvitation,
+      payload: { code: '345678', link: 'https://example.com' },
+    });
+
+    expect(sendMail).toHaveBeenCalledWith({
+      from: '<notice@test.smtp>',
+      subject: 'Organization invitation',
+      text: 'This is for organization invitation. Your link is https://example.com.',
+      to: 'baz',
+      headers: { 'X-Test': 'test', 'X-Test-Another': ['test1', 'test2', 'test3'] },
+    });
+  });
 });
 
 describe('Test config guard', () => {
diff --git a/packages/connectors/connector-smtp/src/index.ts b/packages/connectors/connector-smtp/src/index.ts
index 8aed0e05dd65..f447f420e65c 100644
--- a/packages/connectors/connector-smtp/src/index.ts
+++ b/packages/connectors/connector-smtp/src/index.ts
@@ -1,4 +1,4 @@
-import { assert } from '@silverhand/essentials';
+import { assert, conditional } from '@silverhand/essentials';
 
 import type {
   GetConnectorConfig,
@@ -14,6 +14,7 @@ import {
   replaceSendMessageHandlebars,
 } from '@logto/connector-kit';
 import nodemailer from 'nodemailer';
+import type Mail from 'nodemailer/lib/mailer';
 import type SMTPTransport from 'nodemailer/lib/smtp-transport';
 
 import { defaultMetadata } from './constant.js';
@@ -44,11 +45,17 @@ const sendMessage =
       template.contentType
     );
 
-    const mailOptions = {
+    const mailOptions: Mail.Options = {
       to,
       from: config.fromEmail,
       replyTo: config.replyTo,
       subject: replaceSendMessageHandlebars(template.subject, payload),
+      ...conditional(
+        config.customHeaders &&
+          Object.entries(config.customHeaders).length > 0 && {
+            headers: config.customHeaders,
+          }
+      ),
       ...contentsObject,
     };
 
diff --git a/packages/connectors/connector-smtp/src/mock.ts b/packages/connectors/connector-smtp/src/mock.ts
index 87f2017d3b5f..bef4a38b1b1d 100644
--- a/packages/connectors/connector-smtp/src/mock.ts
+++ b/packages/connectors/connector-smtp/src/mock.ts
@@ -35,6 +35,7 @@ export const mockedConfig = {
       usageType: 'OrganizationInvitation',
     },
   ],
+  customHeaders: {},
 };
 
 export const mockedOauth2AuthWithToken = {
diff --git a/packages/connectors/connector-smtp/src/types.ts b/packages/connectors/connector-smtp/src/types.ts
index 263fe802807f..cf18622105f5 100644
--- a/packages/connectors/connector-smtp/src/types.ts
+++ b/packages/connectors/connector-smtp/src/types.ts
@@ -125,6 +125,7 @@ export const smtpConfigGuard = z.object({
   servername: z.string().optional(),
   ignoreTLS: z.boolean().optional(),
   requireTLS: z.boolean().optional(),
+  customHeaders: z.record(z.string().or(z.string().array())).optional(),
 });
 
 export type SmtpConfig = z.infer<typeof smtpConfigGuard>;

From 3aa7e57b3d481c4bc52386922476671a1f8875d9 Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Wed, 17 Jul 2024 15:17:37 +0800
Subject: [PATCH 031/135] fix(console): fix Google connector `scope` field can
 not be unset bug (#6254)

---
 .changeset/cool-otters-unite.md                              | 5 +++++
 .../src/pages/ConnectorDetails/ConnectorContent/index.tsx    | 2 +-
 packages/console/src/utils/connector-form.ts                 | 5 -----
 3 files changed, 6 insertions(+), 6 deletions(-)
 create mode 100644 .changeset/cool-otters-unite.md

diff --git a/.changeset/cool-otters-unite.md b/.changeset/cool-otters-unite.md
new file mode 100644
index 000000000000..b82659b6d7af
--- /dev/null
+++ b/.changeset/cool-otters-unite.md
@@ -0,0 +1,5 @@
+---
+"@logto/console": patch
+---
+
+fix Google connector `scope` field can not be reset bug
diff --git a/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx b/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx
index 5d56a1849bce..48541240f5ba 100644
--- a/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx
+++ b/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx
@@ -68,7 +68,7 @@ function ConnectorContent({ isDeleted, connectorData, onConnectorUpdated }: Prop
       const { syncProfile, name, logo, logoDark, target, rawConfig } = data;
       // Apply the raw config first to avoid losing data updated from other forms that are not
       // included in the form items.
-      const config = { ...rawConfig, ...configParser(data, formItems) };
+      const config = removeFalsyValues({ ...rawConfig, ...configParser(data, formItems) });
 
       const payload = isSocialConnector
         ? {
diff --git a/packages/console/src/utils/connector-form.ts b/packages/console/src/utils/connector-form.ts
index 237b0fa41a7b..762704cef949 100644
--- a/packages/console/src/utils/connector-form.ts
+++ b/packages/console/src/utils/connector-form.ts
@@ -27,11 +27,6 @@ export const parseFormConfig = (
   return Object.fromEntries(
     Object.entries(config)
       .map(([key, value]) => {
-        // Filter out empty input
-        if (value === '') {
-          return null;
-        }
-
         const formItem = formItems.find((item) => item.key === key);
 
         if (!formItem) {

From f73b698381d1aeb16729d6c40cb04eae746bfb81 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Wed, 17 Jul 2024 15:44:37 +0800
Subject: [PATCH 032/135] style(experience): improve input filed style (#6260)

---
 .../InputField/NotchedBorder/index.module.scss   | 16 +++++++++-------
 .../InputFields/InputField/index.module.scss     |  1 -
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
index 8e725c6b933e..371d9458c6c5 100644
--- a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
+++ b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
@@ -2,14 +2,14 @@
 
 .container {
   position: absolute;
-  inset: 0;
+  inset: -0.4px -2px 0;
   pointer-events: none;
 
   .border,
   .outline {
     text-align: left;
     position: absolute;
-    inset: -8px 0 0;
+    inset: -10px 0 -0.5px;
     border: _.border(var(--color-line-border));
     border-radius: var(--radius);
     pointer-events: none;
@@ -18,6 +18,8 @@
     legend {
       display: inline-block;
       visibility: hidden;
+      // To keep the label in the middle of the empty space
+      margin-left: 1px;
       padding: 0;
       // fix to the label font height to keep space for the input container
       height: 20px;
@@ -36,7 +38,7 @@
 
   .outline {
     display: none;
-    inset: -9px -2px -2px;
+    inset: -11.5px -2px -2.5px;
     border-radius: 10px;
     border: 3px outset var(--color-overlay-brand-focused);
   }
@@ -47,8 +49,8 @@
     font: var(--font-body-1);
     color: var(--color-type-secondary);
     pointer-events: none;
-    top: 50%;
-    transform: translateY(-46%);
+    top: 48%;
+    transform: translateY(-50%);
     transition: 0.2s ease-out;
     transition-property: position, font, top;
     background-color: transparent;
@@ -65,8 +67,8 @@
     }
 
     .label {
-      top: 0;
-      left: _.unit(3.25);
+      top: -1px;
+      left: _.unit(3.5);
       font: var(--font-body-3);
       color: var(--color-type-secondary);
       padding: 0 _.unit(1);
diff --git a/packages/experience/src/components/InputFields/InputField/index.module.scss b/packages/experience/src/components/InputFields/InputField/index.module.scss
index 3ccf92a02ae7..933740f08eaf 100644
--- a/packages/experience/src/components/InputFields/InputField/index.module.scss
+++ b/packages/experience/src/components/InputFields/InputField/index.module.scss
@@ -26,7 +26,6 @@
       color: var(--color-type-primary);
       outline: none;
       border-radius: var(--radius);
-      margin: -1px 1px 0;
 
       &::placeholder {
         color: var(--color-type-secondary);

From f8f14c0ba7cf13058ba25d160a7908a33d203e16 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Wed, 17 Jul 2024 17:33:47 +0800
Subject: [PATCH 033/135] feat(core): set up proxy to host custom ui assets if
 available (#6214)

* feat(core): set up proxy to host custom ui assets if available

* refactor: use object param for koa spa proxy middleware

* refactor: make queries param mandatory
---
 .../koa-serve-custom-ui-assets.test.ts        | 91 +++++++++++++++++++
 .../middleware/koa-serve-custom-ui-assets.ts  | 40 ++++++++
 .../core/src/middleware/koa-spa-proxy.test.ts | 34 ++++++-
 packages/core/src/middleware/koa-spa-proxy.ts | 27 +++++-
 packages/core/src/tenants/Tenant.ts           | 18 +++-
 5 files changed, 199 insertions(+), 11 deletions(-)
 create mode 100644 packages/core/src/middleware/koa-serve-custom-ui-assets.test.ts
 create mode 100644 packages/core/src/middleware/koa-serve-custom-ui-assets.ts

diff --git a/packages/core/src/middleware/koa-serve-custom-ui-assets.test.ts b/packages/core/src/middleware/koa-serve-custom-ui-assets.test.ts
new file mode 100644
index 000000000000..41621a06c376
--- /dev/null
+++ b/packages/core/src/middleware/koa-serve-custom-ui-assets.test.ts
@@ -0,0 +1,91 @@
+import { Readable } from 'node:stream';
+
+import { StorageProvider } from '@logto/schemas';
+import { createMockUtils, pickDefault } from '@logto/shared/esm';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import SystemContext from '#src/tenants/SystemContext.js';
+import createMockContext from '#src/test-utils/jest-koa-mocks/create-mock-context.js';
+
+const { jest } = import.meta;
+const { mockEsmWithActual } = createMockUtils(jest);
+
+const experienceBlobsProviderConfig = {
+  provider: StorageProvider.AzureStorage,
+  connectionString: 'connectionString',
+  container: 'container',
+} satisfies {
+  provider: StorageProvider.AzureStorage;
+  connectionString: string;
+  container: string;
+};
+
+// eslint-disable-next-line @silverhand/fp/no-mutation
+SystemContext.shared.experienceBlobsProviderConfig = experienceBlobsProviderConfig;
+
+const mockedIsFileExisted = jest.fn(async (filename: string) => true);
+const mockedDownloadFile = jest.fn();
+
+await mockEsmWithActual('#src/utils/storage/azure-storage.js', () => ({
+  buildAzureStorage: jest.fn(() => ({
+    uploadFile: jest.fn(async () => 'https://fake.url'),
+    downloadFile: mockedDownloadFile,
+    isFileExisted: mockedIsFileExisted,
+  })),
+}));
+
+await mockEsmWithActual('#src/utils/tenant.js', () => ({
+  getTenantId: jest.fn().mockResolvedValue(['default']),
+}));
+
+const koaServeCustomUiAssets = await pickDefault(import('./koa-serve-custom-ui-assets.js'));
+
+describe('koaServeCustomUiAssets middleware', () => {
+  const next = jest.fn();
+
+  it('should serve the file directly if the request path contains a dot', async () => {
+    const mockBodyStream = Readable.from('javascript content');
+    mockedDownloadFile.mockImplementation(async (objectKey: string) => {
+      if (objectKey.endsWith('/scripts.js')) {
+        return {
+          contentType: 'text/javascript',
+          readableStreamBody: mockBodyStream,
+        };
+      }
+      throw new Error('File not found');
+    });
+    const ctx = createMockContext({ url: '/scripts.js' });
+
+    await koaServeCustomUiAssets('custom-ui-asset-id')(ctx, next);
+
+    expect(ctx.type).toEqual('text/javascript');
+    expect(ctx.body).toEqual(mockBodyStream);
+  });
+
+  it('should serve the index.html', async () => {
+    const mockBodyStream = Readable.from('<html></html>');
+    mockedDownloadFile.mockImplementation(async (objectKey: string) => {
+      if (objectKey.endsWith('/index.html')) {
+        return {
+          contentType: 'text/html',
+          readableStreamBody: mockBodyStream,
+        };
+      }
+      throw new Error('File not found');
+    });
+    const ctx = createMockContext({ url: '/sign-in' });
+    await koaServeCustomUiAssets('custom-ui-asset-id')(ctx, next);
+
+    expect(ctx.type).toEqual('text/html');
+    expect(ctx.body).toEqual(mockBodyStream);
+  });
+
+  it('should return 404 if the file does not exist', async () => {
+    mockedIsFileExisted.mockResolvedValue(false);
+    const ctx = createMockContext({ url: '/fake.txt' });
+
+    await expect(koaServeCustomUiAssets('custom-ui-asset-id')(ctx, next)).rejects.toMatchError(
+      new RequestError({ code: 'entity.not_found', status: 404 })
+    );
+  });
+});
diff --git a/packages/core/src/middleware/koa-serve-custom-ui-assets.ts b/packages/core/src/middleware/koa-serve-custom-ui-assets.ts
new file mode 100644
index 000000000000..0232fedf97ec
--- /dev/null
+++ b/packages/core/src/middleware/koa-serve-custom-ui-assets.ts
@@ -0,0 +1,40 @@
+import type { MiddlewareType } from 'koa';
+
+import SystemContext from '#src/tenants/SystemContext.js';
+import assertThat from '#src/utils/assert-that.js';
+import { buildAzureStorage } from '#src/utils/storage/azure-storage.js';
+import { getTenantId } from '#src/utils/tenant.js';
+
+/**
+ * Middleware that serves custom UI assets user uploaded previously through sign-in experience settings.
+ * If the request path contains a dot, consider it as a file and will try to serve the file directly.
+ * Otherwise, redirect the request to the `index.html` page.
+ */
+export default function koaServeCustomUiAssets(customUiAssetId: string) {
+  const { experienceBlobsProviderConfig } = SystemContext.shared;
+  assertThat(experienceBlobsProviderConfig?.provider === 'AzureStorage', 'storage.not_configured');
+
+  const serve: MiddlewareType = async (ctx, next) => {
+    const [tenantId] = await getTenantId(ctx.URL);
+    assertThat(tenantId, 'session.not_found', 404);
+
+    const { container, connectionString } = experienceBlobsProviderConfig;
+    const { downloadFile, isFileExisted } = buildAzureStorage(connectionString, container);
+
+    const contextPath = `${tenantId}/${customUiAssetId}`;
+    const requestPath = ctx.request.path;
+    const isFileRequest = requestPath.includes('.');
+
+    const fileObjectKey = `${contextPath}${isFileRequest ? requestPath : '/index.html'}`;
+    const isExisted = await isFileExisted(fileObjectKey);
+    assertThat(isExisted, 'entity.not_found', 404);
+
+    const downloadResponse = await downloadFile(fileObjectKey);
+    ctx.type = downloadResponse.contentType ?? 'application/octet-stream';
+    ctx.body = downloadResponse.readableStreamBody;
+
+    return next();
+  };
+
+  return serve;
+}
diff --git a/packages/core/src/middleware/koa-spa-proxy.test.ts b/packages/core/src/middleware/koa-spa-proxy.test.ts
index 3216ea0b8c3c..23f003c419c9 100644
--- a/packages/core/src/middleware/koa-spa-proxy.test.ts
+++ b/packages/core/src/middleware/koa-spa-proxy.test.ts
@@ -10,6 +10,7 @@ const { mockEsmDefault } = createMockUtils(jest);
 
 const mockProxyMiddleware = jest.fn();
 const mockStaticMiddleware = jest.fn();
+const mockCustomUiAssetsMiddleware = jest.fn();
 const mountedApps = Object.values(UserApps);
 
 mockEsmDefault('node:fs/promises', () => ({
@@ -18,6 +19,17 @@ mockEsmDefault('node:fs/promises', () => ({
 
 mockEsmDefault('koa-proxies', () => jest.fn(() => mockProxyMiddleware));
 mockEsmDefault('#src/middleware/koa-serve-static.js', () => jest.fn(() => mockStaticMiddleware));
+mockEsmDefault('#src/middleware/koa-serve-custom-ui-assets.js', () =>
+  jest.fn(() => mockCustomUiAssetsMiddleware)
+);
+
+const mockFindDefaultSignInExperience = jest.fn().mockResolvedValue({ customUiAssets: null });
+const { MockQueries } = await import('#src/test-utils/tenant.js');
+const queries = new MockQueries({
+  signInExperiences: {
+    findDefaultSignInExperience: mockFindDefaultSignInExperience,
+  },
+});
 
 const koaSpaProxy = await pickDefault(import('./koa-spa-proxy.js'));
 
@@ -42,7 +54,7 @@ describe('koaSpaProxy middleware', () => {
         url: `/${app}/foo`,
       });
 
-      await koaSpaProxy(mountedApps)(ctx, next);
+      await koaSpaProxy({ mountedApps, queries })(ctx, next);
 
       expect(mockProxyMiddleware).not.toBeCalled();
     });
@@ -50,7 +62,7 @@ describe('koaSpaProxy middleware', () => {
 
   it('dev env should call dev proxy for SPA paths', async () => {
     const ctx = createContextWithRouteParameters();
-    await koaSpaProxy(mountedApps)(ctx, next);
+    await koaSpaProxy({ mountedApps, queries })(ctx, next);
     expect(mockProxyMiddleware).toBeCalled();
   });
 
@@ -64,7 +76,7 @@ describe('koaSpaProxy middleware', () => {
       url: '/foo',
     });
 
-    await koaSpaProxy(mountedApps)(ctx, next);
+    await koaSpaProxy({ mountedApps, queries })(ctx, next);
 
     expect(mockStaticMiddleware).toBeCalled();
     expect(ctx.request.path).toEqual('/');
@@ -81,8 +93,22 @@ describe('koaSpaProxy middleware', () => {
       url: '/sign-in',
     });
 
-    await koaSpaProxy(mountedApps)(ctx, next);
+    await koaSpaProxy({ mountedApps, queries })(ctx, next);
     expect(mockStaticMiddleware).toBeCalled();
     stub.restore();
   });
+
+  it('should serve custom UI assets if user uploaded them', async () => {
+    const customUiAssets = { id: 'custom-ui-assets', createdAt: Date.now() };
+    mockFindDefaultSignInExperience.mockResolvedValue({ customUiAssets });
+
+    const ctx = createContextWithRouteParameters({
+      url: '/sign-in',
+    });
+
+    await koaSpaProxy({ mountedApps, queries })(ctx, next);
+    expect(mockCustomUiAssetsMiddleware).toBeCalled();
+    expect(mockStaticMiddleware).not.toBeCalled();
+    expect(mockProxyMiddleware).not.toBeCalled();
+  });
 });
diff --git a/packages/core/src/middleware/koa-spa-proxy.ts b/packages/core/src/middleware/koa-spa-proxy.ts
index ede71a7ef4a2..6ec020135132 100644
--- a/packages/core/src/middleware/koa-spa-proxy.ts
+++ b/packages/core/src/middleware/koa-spa-proxy.ts
@@ -7,13 +7,25 @@ import type { IRouterParamContext } from 'koa-router';
 
 import { EnvSet } from '#src/env-set/index.js';
 import serveStatic from '#src/middleware/koa-serve-static.js';
+import type Queries from '#src/tenants/Queries.js';
 
-export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext, ResponseBodyT>(
-  mountedApps: string[],
+import serveCustomUiAssets from './koa-serve-custom-ui-assets.js';
+
+type Properties = {
+  readonly mountedApps: string[];
+  readonly queries: Queries;
+  readonly packagePath?: string;
+  readonly port?: number;
+  readonly prefix?: string;
+};
+
+export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext, ResponseBodyT>({
+  mountedApps,
   packagePath = 'experience',
   port = 5001,
-  prefix = ''
-): MiddlewareType<StateT, ContextT, ResponseBodyT> {
+  prefix = '',
+  queries,
+}: Properties): MiddlewareType<StateT, ContextT, ResponseBodyT> {
   type Middleware = MiddlewareType<StateT, ContextT, ResponseBodyT>;
 
   const distributionPath = path.join('node_modules/@logto', packagePath, 'dist');
@@ -43,6 +55,13 @@ export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext
       return next();
     }
 
+    const { customUiAssets } = await queries.signInExperiences.findDefaultSignInExperience();
+    // If user has uploaded custom UI assets, serve them instead of native experience UI
+    if (customUiAssets && packagePath === 'experience') {
+      const serve = serveCustomUiAssets(customUiAssets.id);
+      return serve(ctx, next);
+    }
+
     if (!EnvSet.values.isProduction) {
       return spaProxy(ctx, next);
     }
diff --git a/packages/core/src/tenants/Tenant.ts b/packages/core/src/tenants/Tenant.ts
index 092cfdeb77ba..6314b5bfda2c 100644
--- a/packages/core/src/tenants/Tenant.ts
+++ b/packages/core/src/tenants/Tenant.ts
@@ -147,7 +147,13 @@ export default class Tenant implements TenantContext {
         app.use(
           mount(
             '/' + AdminApps.Console,
-            koaSpaProxy(mountedApps, AdminApps.Console, 5002, AdminApps.Console)
+            koaSpaProxy({
+              mountedApps,
+              queries,
+              packagePath: AdminApps.Console,
+              port: 5002,
+              prefix: AdminApps.Console,
+            })
           )
         );
       }
@@ -162,7 +168,13 @@ export default class Tenant implements TenantContext {
       app.use(
         mount(
           '/' + UserApps.DemoApp,
-          koaSpaProxy(mountedApps, UserApps.DemoApp, 5003, UserApps.DemoApp)
+          koaSpaProxy({
+            mountedApps,
+            queries,
+            packagePath: UserApps.DemoApp,
+            port: 5003,
+            prefix: UserApps.DemoApp,
+          })
         )
       );
     }
@@ -173,7 +185,7 @@ export default class Tenant implements TenantContext {
         koaExperienceSsr(libraries, queries),
         koaSpaSessionGuard(provider, queries),
         mount(`/${experience.routes.consent}`, koaAutoConsent(provider, queries)),
-        koaSpaProxy(mountedApps),
+        koaSpaProxy({ mountedApps, queries }),
       ])
     );
 

From 4bd9a4a1afa4dae77b1059f1d52489fc66a051ed Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Thu, 18 Jul 2024 11:04:12 +0800
Subject: [PATCH 034/135] style(experience): remove autofill style from input
 component (#6261)

---
 .../InputFields/InputField/index.module.scss         | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/packages/experience/src/components/InputFields/InputField/index.module.scss b/packages/experience/src/components/InputFields/InputField/index.module.scss
index 933740f08eaf..967acc82ebcf 100644
--- a/packages/experience/src/components/InputFields/InputField/index.module.scss
+++ b/packages/experience/src/components/InputFields/InputField/index.module.scss
@@ -32,6 +32,18 @@
         transition: opacity 0.2s ease-out;
         opacity: 0%;
       }
+
+      &:-webkit-autofill,
+      &:-webkit-autofill:hover,
+      &:-webkit-autofill:focus {
+        -webkit-text-fill-color: var(--color-type-primary);
+        /*
+         * Create an extremely long (about 11.57 days) transition for background-color
+         * This is a "hack" to prevent the browser from applying its default autofill background color
+         */
+        transition: background-color 999999s ease-in-out 0s;
+        background-color: transparent;
+      }
     }
 
     .suffix {

From 9772392e6ae19679aa7fef2165d3a971f2df04a5 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Thu, 18 Jul 2024 12:20:35 +0800
Subject: [PATCH 035/135] fix(console): fix image upload in onboarding process
 (#6266)

---
 .../src/onboarding/pages/SignInExperience/index.tsx        | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/console/src/onboarding/pages/SignInExperience/index.tsx b/packages/console/src/onboarding/pages/SignInExperience/index.tsx
index 366e7127c14d..e0579ef891e3 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/index.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/index.tsx
@@ -175,7 +175,12 @@ function SignInExperience() {
                     name="logo"
                     control={control}
                     render={({ field: { onChange, value, name } }) => (
-                      <ImageUploaderField name={name} value={value ?? ''} onChange={onChange} />
+                      <ImageUploaderField
+                        apiInstance={api}
+                        name={name}
+                        value={value ?? ''}
+                        onChange={onChange}
+                      />
                     )}
                   />
                 ) : (

From ca73d3142f8697961f35d250038c934ec13d7095 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Thu, 18 Jul 2024 14:04:56 +0800
Subject: [PATCH 036/135] fix(console): fix grant data card height (#6264)

---
 .../MainContent/SettingsSection/InstructionTab/index.tsx        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
index 58455222e768..7fc7bedfe6c2 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
@@ -91,7 +91,7 @@ function InstructionTab({ isActive }: Props) {
             language="typescript"
             className={styles.sampleCode}
             value={jwtCustomizerGrantContextTypeDefinition}
-            height="400px"
+            height="180px"
             theme="logto-dark"
             options={typeDefinitionCodeEditorOptions}
           />

From 6963192ac5cf2285826799a34a20c9efaa1f343a Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Thu, 18 Jul 2024 15:53:48 +0800
Subject: [PATCH 037/135] fix(console): fix passwordless connector tester send
 failed bug (#6268)

---
 .../src/hooks/use-connector-form-config-parser.tsx        | 8 ++++++--
 .../src/pages/ConnectorDetails/ConnectorContent/index.tsx | 6 +++++-
 packages/console/src/utils/connector-form.ts              | 8 +++++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/packages/console/src/hooks/use-connector-form-config-parser.tsx b/packages/console/src/hooks/use-connector-form-config-parser.tsx
index 38ef40dcc0fb..d6e20f501ea1 100644
--- a/packages/console/src/hooks/use-connector-form-config-parser.tsx
+++ b/packages/console/src/hooks/use-connector-form-config-parser.tsx
@@ -31,9 +31,13 @@ const useJsonStringConfigParser = () => {
 export const useConnectorFormConfigParser = () => {
   const parseJsonConfig = useJsonStringConfigParser();
 
-  return (data: ConnectorFormType, formItems: ConnectorResponse['formItems']) => {
+  return (
+    data: ConnectorFormType,
+    formItems: ConnectorResponse['formItems'],
+    skipFalsyValuesRemoval = false
+  ) => {
     return formItems
-      ? parseFormConfig(data.formConfig, formItems)
+      ? parseFormConfig(data.formConfig, formItems, skipFalsyValuesRemoval)
       : parseJsonConfig(data.jsonConfig);
   };
 };
diff --git a/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx b/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx
index 48541240f5ba..da1c0dd9d325 100644
--- a/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx
+++ b/packages/console/src/pages/ConnectorDetails/ConnectorContent/index.tsx
@@ -68,7 +68,11 @@ function ConnectorContent({ isDeleted, connectorData, onConnectorUpdated }: Prop
       const { syncProfile, name, logo, logoDark, target, rawConfig } = data;
       // Apply the raw config first to avoid losing data updated from other forms that are not
       // included in the form items.
-      const config = removeFalsyValues({ ...rawConfig, ...configParser(data, formItems) });
+      // Explicitly SKIP falsy values removal logic (the last argument of `configParser()` method) for social connectors.
+      const config = removeFalsyValues({
+        ...rawConfig,
+        ...configParser(data, formItems, isSocialConnector),
+      });
 
       const payload = isSocialConnector
         ? {
diff --git a/packages/console/src/utils/connector-form.ts b/packages/console/src/utils/connector-form.ts
index 762704cef949..f0a7f423c50a 100644
--- a/packages/console/src/utils/connector-form.ts
+++ b/packages/console/src/utils/connector-form.ts
@@ -22,11 +22,17 @@ const initFormData = (formItems: ConnectorConfigFormItem[], config?: Record<stri
 
 export const parseFormConfig = (
   config: Record<string, unknown>,
-  formItems: ConnectorConfigFormItem[]
+  formItems: ConnectorConfigFormItem[],
+  skipFalsyValuesRemoval = false
 ) => {
   return Object.fromEntries(
     Object.entries(config)
       .map(([key, value]) => {
+        // Filter out empty input
+        if (!skipFalsyValuesRemoval && value === '') {
+          return null;
+        }
+
         const formItem = formItems.find((item) => item.key === key);
 
         if (!formItem) {

From 17d7be39924f1e464ffa04d52b031a3545700481 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Thu, 18 Jul 2024 15:56:09 +0800
Subject: [PATCH 038/135] feat(console): implement custom ui assets upload
 component (#6217)

---
 .../src/assets/images/blur-preview.svg        | 102 ++++++++++++++++++
 .../CustomUiAssetsUploader/index.module.scss  |  62 +++++++++++
 .../CustomUiAssetsUploader/index.tsx          |  89 +++++++++++++++
 .../console/src/components/FileIcon/index.tsx |  20 ++++
 .../src/components/ImageInputs/index.tsx      |   4 +-
 .../SignInExperiencePreview/index.module.scss |  24 +++++
 .../SignInExperiencePreview/index.tsx         |  74 +++++++++----
 packages/console/src/consts/user-assets.ts    |  17 ---
 .../Uploader/FileUploader/index.tsx           |  17 +--
 .../Uploader/ImageUploaderField/index.tsx     |   4 +-
 .../Experience/LogosUploader/index.tsx        |   8 +-
 .../index.module.scss                         |   0
 .../{CustomCssForm => CustomUiForm}/index.tsx |  48 +++++++--
 .../PageContent/Branding/index.tsx            |   4 +-
 .../SignInExperience/PageContent/index.tsx    |   1 +
 .../PageContent/utils/parser.ts               |   5 +-
 .../components/Preview/index.tsx              |   3 +
 .../src/pages/SignInExperience/types.ts       |  10 +-
 packages/console/src/utils/uploader.ts        |  19 +++-
 .../admin-console/sign-in-exp/index.ts        |  11 +-
 packages/schemas/src/types/user-assets.ts     |  18 ++++
 21 files changed, 471 insertions(+), 69 deletions(-)
 create mode 100644 packages/console/src/assets/images/blur-preview.svg
 create mode 100644 packages/console/src/components/CustomUiAssetsUploader/index.module.scss
 create mode 100644 packages/console/src/components/CustomUiAssetsUploader/index.tsx
 create mode 100644 packages/console/src/components/FileIcon/index.tsx
 delete mode 100644 packages/console/src/consts/user-assets.ts
 rename packages/console/src/pages/SignInExperience/PageContent/Branding/{CustomCssForm => CustomUiForm}/index.module.scss (100%)
 rename packages/console/src/pages/SignInExperience/PageContent/Branding/{CustomCssForm => CustomUiForm}/index.tsx (51%)

diff --git a/packages/console/src/assets/images/blur-preview.svg b/packages/console/src/assets/images/blur-preview.svg
new file mode 100644
index 000000000000..9d07235496a8
--- /dev/null
+++ b/packages/console/src/assets/images/blur-preview.svg
@@ -0,0 +1,102 @@
+<svg width="578" height="649" viewBox="0 0 578 649" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_587_32496)">
+<rect width="578" height="649" fill="#E5E1EC"/>
+<g filter="url(#filter0_d_587_32496)">
+<g clip-path="url(#clip1_587_32496)">
+<rect x="163" y="52" width="251.693" height="545" rx="12" fill="white"/>
+<path opacity="0.35" d="M389.159 65.4236C389.159 64.6205 389.81 63.9694 390.614 63.9694H401.8C402.603 63.9694 403.254 64.6205 403.254 65.4236V69.4507C403.254 70.2538 402.603 70.9049 401.8 70.9049H390.614C389.81 70.9049 389.159 70.2538 389.159 69.4507V65.4236Z" stroke="black" stroke-width="0.671182"/>
+<path opacity="0.4" d="M404.261 66.0947V68.7795C404.801 68.5521 405.152 68.0231 405.152 67.4371C405.152 66.8511 404.801 66.3221 404.261 66.0947Z" fill="black"/>
+<path d="M390.166 65.871C390.166 65.3767 390.567 64.9761 391.061 64.9761H401.352C401.847 64.9761 402.247 65.3767 402.247 65.871V69.0032C402.247 69.4974 401.847 69.8981 401.352 69.8981H391.061C390.567 69.8981 390.166 69.4974 390.166 69.0032V65.871Z" fill="black"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M380.32 65.1608C381.807 65.1609 383.238 65.7324 384.316 66.7571C384.397 66.8362 384.527 66.8352 384.607 66.7549L385.382 65.9718C385.423 65.9311 385.445 65.8759 385.445 65.8184C385.445 65.761 385.422 65.7061 385.381 65.6658C382.552 62.9545 378.088 62.9545 375.259 65.6658C375.218 65.706 375.195 65.7609 375.195 65.8184C375.194 65.8758 375.217 65.9311 375.257 65.9718L376.033 66.7549C376.113 66.8354 376.243 66.8364 376.324 66.7571C377.402 65.7323 378.833 65.1608 380.32 65.1608ZM380.32 67.7083C381.137 67.7083 381.925 68.012 382.531 68.5605C382.613 68.6384 382.742 68.6367 382.822 68.5567L383.597 67.7737C383.638 67.7326 383.66 67.6769 383.66 67.619C383.659 67.5611 383.635 67.5058 383.594 67.4656C381.749 65.7498 378.893 65.7498 377.048 67.4656C377.006 67.5058 376.983 67.5611 376.982 67.619C376.981 67.6769 377.004 67.7327 377.045 67.7737L377.82 68.5567C377.9 68.6367 378.029 68.6384 378.111 68.5605C378.716 68.0124 379.503 67.7087 380.32 67.7083ZM381.872 69.4226C381.874 69.4806 381.851 69.5366 381.809 69.5773L380.469 70.9302C380.43 70.9699 380.376 70.9923 380.32 70.9923C380.264 70.9923 380.211 70.9699 380.171 70.9302L378.83 69.5773C378.789 69.5366 378.766 69.4806 378.767 69.4225C378.769 69.3645 378.794 69.3095 378.837 69.2706C379.693 68.5464 380.947 68.5464 381.803 69.2706C381.846 69.3095 381.871 69.3645 381.872 69.4226Z" fill="black"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M371.149 63.8579H370.478C370.107 63.8579 369.807 64.1584 369.807 64.5291V70.346C369.807 70.7167 370.107 71.0172 370.478 71.0172H371.149C371.52 71.0172 371.82 70.7167 371.82 70.346V64.5291C371.82 64.1584 371.52 63.8579 371.149 63.8579ZM367.346 65.4241H368.017C368.388 65.4241 368.688 65.7246 368.688 66.0953V70.3461C368.688 70.7168 368.388 71.0173 368.017 71.0173H367.346C366.975 71.0173 366.675 70.7168 366.675 70.3461V66.0953C366.675 65.7246 366.975 65.4241 367.346 65.4241ZM364.885 66.99H364.214C363.843 66.99 363.542 67.2905 363.542 67.6612V70.3459C363.542 70.7166 363.843 71.0171 364.214 71.0171H364.885C365.256 71.0171 365.556 70.7166 365.556 70.3459V67.6612C365.556 67.2905 365.256 66.99 364.885 66.99ZM361.753 68.3323H361.082C360.711 68.3323 360.41 68.6328 360.41 69.0035V70.3459C360.41 70.7166 360.711 71.0171 361.082 71.0171H361.753C362.123 71.0171 362.424 70.7166 362.424 70.3459V69.0035C362.424 68.6328 362.123 68.3323 361.753 68.3323Z" fill="black"/>
+<path d="M188.049 70.9651C189.853 70.9651 190.925 69.5543 190.925 67.1651C190.925 66.2655 190.753 65.5085 190.423 64.9235C189.946 64.014 189.126 63.5225 188.088 63.5225C186.545 63.5225 185.453 64.5597 185.453 66.0148C185.453 67.3814 186.437 68.3744 187.788 68.3744C188.619 68.3744 189.293 67.9861 189.627 67.3126H189.642C189.642 67.3126 189.661 67.3126 189.666 67.3126C189.676 67.3126 189.711 67.3126 189.711 67.3126C189.711 68.9349 189.096 69.9033 188.059 69.9033C187.449 69.9033 186.977 69.569 186.815 69.0332H185.552C185.763 70.1982 186.751 70.9651 188.049 70.9651ZM188.093 67.3667C187.277 67.3667 186.697 66.7866 186.697 65.9755C186.697 65.184 187.307 64.5794 188.098 64.5794C188.89 64.5794 189.499 65.1939 189.499 65.9952C189.499 66.7866 188.904 67.3667 188.093 67.3667Z" fill="black"/>
+<path d="M192.999 70.8963C193.466 70.8963 193.786 70.562 193.786 70.1196C193.786 69.6722 193.466 69.3429 192.999 69.3429C192.537 69.3429 192.213 69.6722 192.213 70.1196C192.213 70.562 192.537 70.8963 192.999 70.8963ZM192.999 67.2094C193.466 67.2094 193.786 66.88 193.786 66.4376C193.786 65.9902 193.466 65.6609 192.999 65.6609C192.537 65.6609 192.213 65.9902 192.213 66.4376C192.213 66.88 192.537 67.2094 192.999 67.2094Z" fill="black"/>
+<path d="M198.387 70.7931H199.602V69.4707H200.56V68.399H199.602V63.6994H197.812C196.559 65.5871 195.561 67.1651 194.922 68.34V69.4707H198.387V70.7931ZM196.097 68.3548C196.923 66.8997 197.66 65.7346 198.338 64.7318H198.407V68.4285H196.097V68.3548Z" fill="black"/>
+<path d="M203.264 70.7931H204.533V63.6994H203.269L201.416 64.9972V66.2164L203.181 64.9776H203.264V70.7931Z" fill="black"/>
+<path d="M232 104C230.293 104 228.602 104.336 227.025 104.99C225.448 105.643 224.015 106.6 222.808 107.808C221.6 109.015 220.643 110.448 219.99 112.025C219.336 113.602 219 115.293 219 117C219 118.707 219.336 120.398 219.99 121.975C220.643 123.552 221.6 124.985 222.808 126.192C224.015 127.4 225.448 128.357 227.025 129.01C228.602 129.664 230.293 130 232 130V123.5C231.146 123.5 230.301 123.332 229.513 123.005C228.724 122.679 228.007 122.2 227.404 121.596C226.8 120.993 226.321 120.276 225.995 119.487C225.668 118.699 225.5 117.854 225.5 117C225.5 116.146 225.668 115.301 225.995 114.513C226.321 113.724 226.8 113.007 227.404 112.404C228.007 111.8 228.724 111.321 229.513 110.995C230.301 110.668 231.146 110.5 232 110.5V104Z" fill="#5D34F2"/>
+<path d="M232 121.333C234.393 121.333 236.333 119.393 236.333 117C236.333 114.607 234.393 112.667 232 112.667C229.607 112.667 227.667 114.607 227.667 117C227.667 119.393 229.607 121.333 232 121.333Z" fill="#5D34F2"/>
+<path d="M219 117C219 118.707 219.336 120.398 219.99 121.975C220.643 123.552 221.6 124.985 222.808 126.192C224.015 127.4 225.448 128.357 227.025 129.01C228.602 129.664 230.293 130 232 130C233.707 130 235.398 129.664 236.975 129.01C238.552 128.357 239.985 127.4 241.192 126.192C242.4 124.985 243.357 123.552 244.01 121.975C244.664 120.398 245 118.707 245 117H238.5C238.5 117.854 238.332 118.699 238.005 119.487C237.679 120.276 237.2 120.993 236.596 121.596C235.993 122.2 235.276 122.679 234.487 123.005C233.699 123.332 232.854 123.5 232 123.5C231.146 123.5 230.301 123.332 229.513 123.005C228.724 122.679 228.007 122.2 227.404 121.596C226.8 120.993 226.321 120.276 225.995 119.487C225.668 118.699 225.5 117.854 225.5 117H219Z" fill="#AF9EFF"/>
+<path d="M236.333 117C236.333 115.851 235.877 114.748 235.064 113.936C234.252 113.123 233.149 112.667 232 112.667C230.851 112.667 229.749 113.123 228.936 113.936C228.123 114.748 227.667 115.851 227.667 117H232H236.333Z" fill="#CABEFF"/>
+<path d="M255.025 106.869H252.15V122.842H255.025V106.869Z" fill="#5D34F2"/>
+<path d="M256.903 117.183C256.903 120.879 259.458 123.161 262.836 123.161C266.213 123.161 268.769 120.879 268.769 117.183C268.769 113.486 266.213 111.204 262.836 111.204C259.458 111.204 256.903 113.486 256.903 117.183ZM259.778 117.183C259.778 114.992 261.056 113.714 262.836 113.714C264.615 113.714 265.893 114.992 265.893 117.183C265.893 119.373 264.615 120.651 262.836 120.651C261.056 120.651 259.778 119.373 259.778 117.183Z" fill="#5D34F2"/>
+<path d="M279.043 111.524V113.052H278.815C278.131 112.071 277.035 111.204 275.073 111.204C272.38 111.204 269.961 113.486 269.961 117C269.961 120.514 272.38 122.796 275.073 122.796C277.035 122.796 278.131 121.906 278.77 121.016H278.998V122.112C278.998 124.302 277.72 125.306 275.849 125.306C273.978 125.306 273.019 124.302 272.631 123.002L270.053 124.12C270.646 125.831 272.38 127.725 275.894 127.725C279.5 127.725 281.873 125.831 281.873 122.18V111.524H279.043ZM275.94 120.332C274.16 120.332 272.837 119.054 272.837 117C272.837 114.946 274.16 113.669 275.94 113.669C277.72 113.669 279.043 114.946 279.043 117C279.043 119.054 277.72 120.332 275.94 120.332Z" fill="#5D34F2"/>
+<path d="M283.733 117.183C283.733 120.879 286.289 123.161 289.666 123.161C293.043 123.161 295.599 120.879 295.599 117.183C295.599 113.486 293.043 111.204 289.666 111.204C286.289 111.204 283.733 113.486 283.733 117.183ZM286.608 117.183C286.608 114.992 287.886 113.714 289.666 113.714C291.446 113.714 292.724 114.992 292.724 117.183C292.724 119.373 291.446 120.651 289.666 120.651C287.886 120.651 286.608 119.373 286.608 117.183Z" fill="#5D34F2"/>
+<path d="M297.856 108.237C297.856 109.401 298.746 110.2 299.888 110.2C301.028 110.2 301.918 109.401 301.918 108.237C301.918 107.074 301.028 106.275 299.888 106.275C298.746 106.275 297.856 107.074 297.856 108.237ZM301.324 111.523H298.45V122.842H301.324V111.523Z" fill="#CABEFF"/>
+<path d="M303.886 127.406H306.762V121.381H306.99C307.629 122.294 308.724 123.161 310.687 123.161C313.379 123.161 315.799 120.879 315.799 117.183C315.799 113.486 313.379 111.204 310.687 111.204C308.724 111.204 307.629 112.071 306.945 113.053H306.716V111.524H303.886V127.406ZM309.819 120.697C308.04 120.697 306.716 119.419 306.716 117.183C306.716 114.946 308.04 113.669 309.819 113.669C311.6 113.669 312.923 114.946 312.923 117.183C312.923 119.419 311.6 120.697 309.819 120.697Z" fill="#CABEFF"/>
+<path d="M317.476 114.695C317.476 116.932 319.347 117.753 321.72 118.21L322.314 118.324C323.728 118.598 324.367 118.94 324.367 119.67C324.367 120.4 323.728 120.971 322.405 120.971C321.081 120.971 320.009 120.423 319.712 118.78L317.065 119.465C317.454 121.838 319.438 123.161 322.405 123.161C325.28 123.161 327.151 121.815 327.151 119.442C327.151 117.069 325.235 116.43 322.679 115.928L322.085 115.814C320.898 115.585 320.259 115.266 320.259 114.513C320.259 113.828 320.853 113.395 321.949 113.395C323.044 113.395 323.819 113.851 324.093 115.083L326.695 114.285C326.147 112.459 324.482 111.204 321.949 111.204C319.255 111.204 317.476 112.459 317.476 114.695Z" fill="#CABEFF"/>
+<path d="M340.066 122.842V111.523H337.192V117.365C337.192 119.465 336.165 120.697 334.407 120.697C332.856 120.697 331.989 119.852 331.989 118.141V111.523H329.113V118.278C329.113 121.085 330.871 123.024 333.518 123.024C335.594 123.024 336.553 122.112 337.009 121.153H337.237V122.842H340.066Z" fill="#CABEFF"/>
+<path d="M342.617 111.523V122.842H345.493V116.087C345.493 114.536 346.223 113.668 347.546 113.668C348.687 113.668 349.371 114.307 349.371 115.54V122.842H352.247V116.087C352.247 114.536 352.977 113.668 354.3 113.668C355.442 113.668 356.126 114.307 356.126 115.54V122.842H359.002V115.403C359.002 112.664 357.312 111.341 355.213 111.341C353.365 111.341 352.521 112.162 351.973 113.121H351.744C351.219 112.048 350.284 111.341 348.641 111.341C346.998 111.341 346.108 112.071 345.675 112.938H345.446V111.523H342.617Z" fill="#CABEFF"/>
+<path d="M220.559 152.615C218.363 152.615 216.967 151.534 216.849 149.902L216.842 149.81H218.481L218.488 149.876C218.566 150.669 219.412 151.193 220.611 151.193C221.752 151.193 222.551 150.629 222.551 149.817V149.81C222.551 149.128 222.06 148.715 220.841 148.453L219.825 148.243C217.891 147.837 217.052 146.933 217.052 145.523V145.517C217.052 143.826 218.507 142.685 220.552 142.685C222.65 142.685 223.954 143.832 224.072 145.353L224.079 145.438H222.46L222.447 145.36C222.329 144.625 221.627 144.101 220.546 144.108C219.497 144.108 218.75 144.599 218.75 145.405V145.412C218.75 146.081 219.228 146.5 220.408 146.749L221.424 146.965C223.417 147.385 224.249 148.185 224.249 149.613V149.62C224.249 151.462 222.827 152.615 220.559 152.615ZM226.55 144.016C226.012 144.016 225.573 143.59 225.573 143.052C225.573 142.521 226.012 142.089 226.55 142.089C227.081 142.089 227.52 142.521 227.52 143.052C227.52 143.59 227.081 144.016 226.55 144.016ZM225.731 152.379V145.215H227.363V152.379H225.731ZM232.18 154.896C230.293 154.896 229.159 154.09 228.995 152.884L229.002 152.864H230.634L230.64 152.884C230.752 153.343 231.296 153.664 232.207 153.664C233.321 153.664 233.97 153.146 233.97 152.229V150.859H233.858C233.446 151.626 232.666 152.045 231.676 152.045C229.86 152.045 228.733 150.642 228.733 148.611V148.597C228.733 146.526 229.86 145.097 231.709 145.097C232.698 145.097 233.472 145.582 233.878 146.395H233.963V145.215H235.595V152.202C235.595 153.854 234.271 154.896 232.18 154.896ZM232.18 150.747C233.314 150.747 233.996 149.876 233.996 148.611V148.597C233.996 147.332 233.308 146.454 232.18 146.454C231.047 146.454 230.404 147.332 230.404 148.597V148.611C230.404 149.876 231.047 150.747 232.18 150.747ZM237.326 152.379V145.215H238.958V146.31H239.07C239.41 145.543 240.099 145.078 241.134 145.078C242.734 145.078 243.605 146.041 243.605 147.745V152.379H241.973V148.126C241.973 147.011 241.521 146.448 240.531 146.448C239.561 146.448 238.958 147.129 238.958 148.204V152.379H237.326ZM249.413 144.016C248.876 144.016 248.436 143.59 248.436 143.052C248.436 142.521 248.876 142.089 249.413 142.089C249.944 142.089 250.383 142.521 250.383 143.052C250.383 143.59 249.944 144.016 249.413 144.016ZM248.594 152.379V145.215H250.226V152.379H248.594ZM251.963 152.379V145.215H253.595V146.31H253.707C254.047 145.543 254.736 145.078 255.771 145.078C257.371 145.078 258.242 146.041 258.242 147.745V152.379H256.61V148.126C256.61 147.011 256.158 146.448 255.168 146.448C254.198 146.448 253.595 147.129 253.595 148.204V152.379H251.963ZM266.03 152.412C264.384 152.412 263.709 151.862 263.709 150.479V146.48H262.595V145.215H263.709V143.459H265.368V145.215H266.882V146.48H265.368V150.092C265.368 150.806 265.649 151.108 266.331 151.108C266.56 151.108 266.685 151.101 266.882 151.082V152.34C266.646 152.386 266.344 152.412 266.03 152.412ZM271.267 152.524C269.117 152.524 267.819 151.121 267.819 148.801V148.788C267.819 146.487 269.137 145.078 271.267 145.078C273.404 145.078 274.715 146.48 274.715 148.788V148.801C274.715 151.121 273.41 152.524 271.267 152.524ZM271.267 151.2C272.401 151.2 273.043 150.315 273.043 148.807V148.794C273.043 147.287 272.394 146.395 271.267 146.395C270.133 146.395 269.484 147.287 269.484 148.794V148.807C269.484 150.315 270.133 151.2 271.267 151.2ZM280.162 154.896C279.965 154.896 279.736 154.89 279.539 154.87V153.618C279.67 153.631 279.854 153.638 280.024 153.638C280.693 153.638 281.093 153.363 281.27 152.714L281.355 152.386L278.792 145.215H280.575L282.246 150.813H282.371L284.036 145.215H285.753L283.184 152.53C282.567 154.326 281.748 154.896 280.162 154.896ZM289.692 152.524C287.543 152.524 286.245 151.121 286.245 148.801V148.788C286.245 146.487 287.562 145.078 289.692 145.078C291.829 145.078 293.14 146.48 293.14 148.788V148.801C293.14 151.121 291.836 152.524 289.692 152.524ZM289.692 151.2C290.826 151.2 291.469 150.315 291.469 148.807V148.794C291.469 147.287 290.82 146.395 289.692 146.395C288.558 146.395 287.91 147.287 287.91 148.794V148.807C287.91 150.315 288.558 151.2 289.692 151.2ZM296.883 152.524C295.271 152.524 294.445 151.554 294.445 149.849V145.215H296.077V149.476C296.077 150.583 296.49 151.147 297.473 151.147C298.528 151.147 299.092 150.465 299.092 149.391V145.215H300.724V152.379H299.092V151.291H298.98C298.646 152.058 297.919 152.524 296.883 152.524ZM302.448 152.379V145.215H304.08V146.316H304.192C304.434 145.55 305.089 145.097 306.033 145.097C306.282 145.097 306.538 145.13 306.695 145.176V146.638C306.433 146.585 306.164 146.546 305.883 146.546C304.795 146.546 304.08 147.195 304.08 148.217V152.379H302.448ZM313.028 152.497C311.664 152.497 310.674 151.658 310.674 150.354V150.341C310.674 149.063 311.651 148.316 313.395 148.211L315.236 148.099V147.483C315.236 146.769 314.771 146.375 313.893 146.375C313.146 146.375 312.66 146.644 312.497 147.116L312.49 147.142H310.95L310.956 147.083C311.114 145.877 312.267 145.078 313.971 145.078C315.813 145.078 316.849 145.969 316.849 147.483V152.379H315.236V151.396H315.125C314.732 152.091 313.971 152.497 313.028 152.497ZM312.287 150.275C312.287 150.885 312.805 151.245 313.526 151.245C314.509 151.245 315.236 150.603 315.236 149.751V149.174L313.624 149.279C312.713 149.338 312.287 149.672 312.287 150.262V150.275ZM321.614 152.524C319.458 152.524 318.186 151.127 318.186 148.788V148.774C318.186 146.461 319.451 145.078 321.608 145.078C323.449 145.078 324.551 146.1 324.734 147.581V147.608H323.194L323.187 147.588C323.037 146.893 322.506 146.395 321.614 146.395C320.5 146.395 319.844 147.273 319.844 148.774V148.788C319.844 150.308 320.506 151.2 321.614 151.2C322.46 151.2 322.978 150.813 323.181 150.059L323.194 150.033L324.734 150.026L324.721 150.079C324.485 151.547 323.43 152.524 321.614 152.524ZM329.093 152.524C326.937 152.524 325.665 151.127 325.665 148.788V148.774C325.665 146.461 326.93 145.078 329.087 145.078C330.928 145.078 332.03 146.1 332.213 147.581V147.608H330.673L330.666 147.588C330.516 146.893 329.985 146.395 329.093 146.395C327.979 146.395 327.323 147.273 327.323 148.774V148.788C327.323 150.308 327.985 151.2 329.093 151.2C329.939 151.2 330.457 150.813 330.66 150.059L330.673 150.033L332.213 150.026L332.2 150.079C331.964 151.547 330.909 152.524 329.093 152.524ZM336.592 152.524C334.442 152.524 333.144 151.121 333.144 148.801V148.788C333.144 146.487 334.462 145.078 336.592 145.078C338.729 145.078 340.039 146.48 340.039 148.788V148.801C340.039 151.121 338.735 152.524 336.592 152.524ZM336.592 151.2C337.726 151.2 338.368 150.315 338.368 148.807V148.794C338.368 147.287 337.719 146.395 336.592 146.395C335.458 146.395 334.809 147.287 334.809 148.794V148.807C334.809 150.315 335.458 151.2 336.592 151.2ZM343.782 152.524C342.17 152.524 341.344 151.554 341.344 149.849V145.215H342.976V149.476C342.976 150.583 343.389 151.147 344.372 151.147C345.428 151.147 345.991 150.465 345.991 149.391V145.215H347.623V152.379H345.991V151.291H345.88C345.546 152.058 344.818 152.524 343.782 152.524ZM349.347 152.379V145.215H350.979V146.31H351.091C351.432 145.543 352.12 145.078 353.156 145.078C354.755 145.078 355.627 146.041 355.627 147.745V152.379H353.995V148.126C353.995 147.011 353.542 146.448 352.553 146.448C351.582 146.448 350.979 147.129 350.979 148.204V152.379H349.347ZM360.104 152.412C358.458 152.412 357.783 151.862 357.783 150.479V146.48H356.669V145.215H357.783V143.459H359.442V145.215H360.956V146.48H359.442V150.092C359.442 150.806 359.723 151.108 360.405 151.108C360.635 151.108 360.759 151.101 360.956 151.082V152.34C360.72 152.386 360.418 152.412 360.104 152.412Z" fill="#191C1D"/>
+<path d="M176.759 181.541C176.759 178.761 179.013 176.507 181.793 176.507H395.9C398.68 176.507 400.934 178.761 400.934 181.541V200.334C400.934 203.115 398.68 205.368 395.9 205.368H181.793C179.013 205.368 176.759 203.115 176.759 200.334V181.541Z" stroke="#C4C7C7" stroke-width="0.671182"/>
+<path d="M188.127 194.438V186.871H192.815V187.721H189.071V190.149H192.621V190.988H189.071V193.589H192.815V194.438H188.127ZM194.409 194.438V188.785H195.322V189.645H195.406C195.657 189.037 196.192 188.686 196.931 188.686C197.697 188.686 198.232 189.09 198.494 189.677H198.578C198.882 189.079 199.527 188.686 200.308 188.686C201.462 188.686 202.107 189.346 202.107 190.531V194.438H201.195V190.741C201.195 189.908 200.812 189.493 200.015 189.493C199.228 189.493 198.709 190.086 198.709 190.804V194.438H197.797V190.6C197.797 189.928 197.335 189.493 196.622 189.493C195.883 189.493 195.322 190.138 195.322 190.935V194.438H194.409ZM205.305 194.538C204.231 194.538 203.418 193.887 203.418 192.86V192.849C203.418 191.842 204.162 191.26 205.479 191.182L207.099 191.082V190.568C207.099 189.871 206.674 189.493 205.83 189.493C205.153 189.493 204.708 189.745 204.561 190.185L204.556 190.201H203.643L203.649 190.17C203.795 189.284 204.655 188.686 205.861 188.686C207.24 188.686 208.011 189.394 208.011 190.568V194.438H207.099V193.604H207.015C206.658 194.207 206.066 194.538 205.305 194.538ZM204.351 192.839C204.351 193.41 204.839 193.746 205.494 193.746C206.422 193.746 207.099 193.138 207.099 192.33V191.816L205.589 191.911C204.729 191.963 204.351 192.267 204.351 192.828V192.839ZM210.161 187.695C209.815 187.695 209.532 187.412 209.532 187.065C209.532 186.719 209.815 186.436 210.161 186.436C210.507 186.436 210.79 186.719 210.79 187.065C210.79 187.412 210.507 187.695 210.161 187.695ZM209.7 194.438V188.785H210.612V194.438H209.7ZM212.384 194.438V186.541H213.297V194.438H212.384Z" fill="#747778"/>
+<path d="M176.759 221.812C176.759 219.032 179.013 216.778 181.793 216.778H395.9C398.68 216.778 400.934 219.032 400.934 221.812V240.605C400.934 243.386 398.68 245.639 395.9 245.639H181.793C179.013 245.639 176.759 243.386 176.759 240.605V221.812Z" stroke="#C4C7C7" stroke-width="0.671182"/>
+<path d="M188.127 234.709V227.142H190.98C192.401 227.142 193.408 228.123 193.408 229.56V229.57C193.408 231.007 192.401 232.009 190.98 232.009H189.071V234.709H188.127ZM190.739 227.981H189.071V231.17H190.739C191.819 231.17 192.443 230.577 192.443 229.581V229.57C192.443 228.574 191.819 227.981 190.739 227.981ZM196.182 234.809C195.107 234.809 194.294 234.158 194.294 233.131V233.12C194.294 232.113 195.039 231.531 196.355 231.453L197.975 231.353V230.839C197.975 230.142 197.55 229.764 196.706 229.764C196.03 229.764 195.584 230.016 195.437 230.456L195.432 230.472H194.519L194.525 230.441C194.671 229.555 195.531 228.957 196.737 228.957C198.117 228.957 198.887 229.665 198.887 230.839V234.709H197.975V233.875H197.891C197.534 234.478 196.942 234.809 196.182 234.809ZM195.227 233.11C195.227 233.681 195.715 234.017 196.37 234.017C197.298 234.017 197.975 233.409 197.975 232.601V232.087L196.465 232.182C195.605 232.234 195.227 232.538 195.227 233.099V233.11ZM202.495 234.809C201.236 234.809 200.371 234.2 200.266 233.267H201.2C201.352 233.739 201.803 234.048 202.526 234.048C203.287 234.048 203.827 233.686 203.827 233.173V233.162C203.827 232.779 203.538 232.512 202.841 232.344L201.965 232.134C200.906 231.883 200.429 231.421 200.429 230.608V230.603C200.429 229.665 201.331 228.957 202.532 228.957C203.717 228.957 204.54 229.549 204.666 230.472H203.769C203.649 230.026 203.208 229.717 202.526 229.717C201.855 229.717 201.362 230.063 201.362 230.561V230.572C201.362 230.955 201.645 231.196 202.311 231.358L203.182 231.568C204.246 231.825 204.76 232.286 204.76 233.094V233.104C204.76 234.111 203.78 234.809 202.495 234.809ZM208.011 234.809C206.753 234.809 205.888 234.2 205.783 233.267H206.716C206.868 233.739 207.319 234.048 208.043 234.048C208.803 234.048 209.343 233.686 209.343 233.173V233.162C209.343 232.779 209.055 232.512 208.357 232.344L207.482 232.134C206.422 231.883 205.945 231.421 205.945 230.608V230.603C205.945 229.665 206.847 228.957 208.048 228.957C209.233 228.957 210.056 229.549 210.182 230.472H209.285C209.165 230.026 208.724 229.717 208.043 229.717C207.371 229.717 206.879 230.063 206.879 230.561V230.572C206.879 230.955 207.162 231.196 207.828 231.358L208.698 231.568C209.763 231.825 210.276 232.286 210.276 233.094V233.104C210.276 234.111 209.296 234.809 208.011 234.809ZM212.626 234.709L211.042 229.056H211.954L213.066 233.576H213.15L214.414 229.056H215.279L216.543 233.576H216.626L217.738 229.056H218.645L217.062 234.709H216.144L214.88 230.336H214.796L213.538 234.709H212.626ZM221.964 234.809C220.355 234.809 219.358 233.697 219.358 231.888V231.877C219.358 230.063 220.355 228.957 221.964 228.957C223.574 228.957 224.571 230.063 224.571 231.877V231.888C224.571 233.697 223.574 234.809 221.964 234.809ZM221.964 234.001C223.034 234.001 223.637 233.22 223.637 231.888V231.877C223.637 230.54 223.034 229.764 221.964 229.764C220.895 229.764 220.292 230.54 220.292 231.877V231.888C220.292 233.22 220.895 234.001 221.964 234.001ZM225.986 234.709V229.056H226.899V229.895H226.983C227.198 229.303 227.727 228.957 228.493 228.957C228.666 228.957 228.86 228.978 228.949 228.993V229.88C228.76 229.848 228.587 229.827 228.388 229.827C227.517 229.827 226.899 230.378 226.899 231.206V234.709H225.986ZM232.006 234.809C230.574 234.809 229.636 233.65 229.636 231.888V231.877C229.636 230.105 230.569 228.957 232.006 228.957C232.782 228.957 233.458 229.345 233.768 229.948H233.852V226.812H234.764V234.709H233.852V233.807H233.768C233.422 234.436 232.793 234.809 232.006 234.809ZM232.216 234.001C233.243 234.001 233.873 233.194 233.873 231.888V231.877C233.873 230.572 233.243 229.764 232.216 229.764C231.183 229.764 230.569 230.561 230.569 231.877V231.888C230.569 233.204 231.183 234.001 232.216 234.001Z" fill="#747778"/>
+<path d="M177.412 264.029V257.409H181.546V258.294H178.44V260.391H181.285V261.258H178.44V264.029H177.412ZM184.877 264.126C183.414 264.126 182.519 263.148 182.519 261.543V261.533C182.519 259.932 183.418 258.95 184.877 258.95C186.332 258.95 187.231 259.927 187.231 261.533V261.543C187.231 263.148 186.336 264.126 184.877 264.126ZM184.877 263.295C185.731 263.295 186.217 262.644 186.217 261.543V261.533C186.217 260.428 185.731 259.781 184.877 259.781C184.019 259.781 183.538 260.428 183.538 261.533V261.543C183.538 262.648 184.019 263.295 184.877 263.295ZM188.419 264.029V259.047H189.415V259.799H189.488C189.667 259.271 190.131 258.959 190.796 258.959C190.957 258.959 191.131 258.982 191.232 259.005V259.923C191.053 259.886 190.883 259.863 190.695 259.863C189.934 259.863 189.415 260.331 189.415 261.052V264.029H188.419ZM194.159 265.787C192.893 265.787 192.113 265.231 191.994 264.401L192.003 264.392H193.008L193.012 264.401C193.095 264.745 193.499 264.988 194.173 264.988C194.994 264.988 195.481 264.603 195.481 263.924V262.942H195.407C195.104 263.483 194.554 263.786 193.87 263.786C192.59 263.786 191.801 262.8 191.801 261.396V261.387C191.801 259.964 192.595 258.959 193.889 258.959C194.586 258.959 195.127 259.303 195.416 259.863H195.476V259.047H196.467V263.928C196.467 265.062 195.572 265.787 194.159 265.787ZM194.145 262.965C194.99 262.965 195.499 262.323 195.499 261.391V261.382C195.499 260.455 194.985 259.804 194.145 259.804C193.297 259.804 192.819 260.455 192.819 261.382V261.391C192.819 262.318 193.297 262.965 194.145 262.965ZM200.009 264.126C198.545 264.126 197.651 263.148 197.651 261.543V261.533C197.651 259.932 198.55 258.95 200.009 258.95C201.464 258.95 202.363 259.927 202.363 261.533V261.543C202.363 263.148 201.468 264.126 200.009 264.126ZM200.009 263.295C200.863 263.295 201.349 262.644 201.349 261.543V261.533C201.349 260.428 200.863 259.781 200.009 259.781C199.151 259.781 198.669 260.428 198.669 261.533V261.543C198.669 262.648 199.151 263.295 200.009 263.295ZM205.432 264.061C204.336 264.061 203.886 263.676 203.886 262.717V259.831H203.106V259.047H203.886V257.789H204.9V259.047H205.969V259.831H204.9V262.478C204.9 263.015 205.102 263.236 205.593 263.236C205.744 263.236 205.831 263.231 205.969 263.217V264.011C205.809 264.038 205.625 264.061 205.432 264.061ZM210.186 265.782C210.062 265.782 209.915 265.773 209.786 265.759V264.974C209.883 264.988 210.007 264.993 210.121 264.993C210.585 264.993 210.865 264.796 211.012 264.291L211.085 264.034L209.277 259.047H210.351L211.599 263.029H211.686L212.929 259.047H213.975L212.122 264.222C211.7 265.41 211.195 265.782 210.186 265.782ZM216.903 264.126C215.439 264.126 214.544 263.148 214.544 261.543V261.533C214.544 259.932 215.444 258.95 216.903 258.95C218.357 258.95 219.256 259.927 219.256 261.533V261.543C219.256 263.148 218.362 264.126 216.903 264.126ZM216.903 263.295C217.756 263.295 218.242 262.644 218.242 261.543V261.533C218.242 260.428 217.756 259.781 216.903 259.781C216.045 259.781 215.563 260.428 215.563 261.533V261.543C215.563 262.648 216.045 263.295 216.903 263.295ZM222.106 264.126C220.982 264.126 220.399 263.451 220.399 262.272V259.047H221.395V262.038C221.395 262.864 221.697 263.272 222.427 263.272C223.225 263.272 223.652 262.772 223.652 261.969V259.047H224.643V264.029H223.652V263.277H223.574C223.335 263.814 222.831 264.126 222.106 264.126ZM226.079 264.029V259.047H227.075V259.799H227.148C227.327 259.271 227.79 258.959 228.456 258.959C228.616 258.959 228.791 258.982 228.892 259.005V259.923C228.713 259.886 228.543 259.863 228.355 259.863C227.593 259.863 227.075 260.331 227.075 261.052V264.029H226.079ZM232.411 265.69V259.047H233.406V259.831H233.48C233.769 259.285 234.315 258.959 235.012 258.959C236.269 258.959 237.077 259.964 237.077 261.533V261.543C237.077 263.121 236.279 264.112 235.012 264.112C234.329 264.112 233.746 263.777 233.48 263.24H233.406V265.69H232.411ZM234.732 263.263C235.563 263.263 236.063 262.612 236.063 261.543V261.533C236.063 260.46 235.563 259.813 234.732 259.813C233.902 259.813 233.388 260.469 233.388 261.533V261.543C233.388 262.607 233.902 263.263 234.732 263.263ZM239.642 264.112C238.692 264.112 237.99 263.534 237.99 262.63V262.621C237.99 261.731 238.66 261.212 239.848 261.139L241.197 261.061V260.62C241.197 260.074 240.853 259.771 240.178 259.771C239.628 259.771 239.265 259.973 239.146 260.327L239.142 260.345H238.183L238.187 260.313C238.306 259.496 239.091 258.95 240.224 258.95C241.477 258.95 242.183 259.574 242.183 260.62V264.029H241.197V263.323H241.119C240.825 263.827 240.302 264.112 239.642 264.112ZM238.981 262.589C238.981 263.047 239.371 263.318 239.908 263.318C240.651 263.318 241.197 262.832 241.197 262.189V261.763L239.981 261.841C239.293 261.882 238.981 262.13 238.981 262.579V262.589ZM245.4 264.126C244.198 264.126 243.436 263.561 243.34 262.726V262.722H244.335L244.34 262.726C244.464 263.102 244.826 263.355 245.418 263.355C246.033 263.355 246.46 263.075 246.46 262.667V262.657C246.46 262.345 246.226 262.134 245.648 262.001L244.854 261.818C243.913 261.602 243.477 261.175 243.477 260.446V260.441C243.477 259.574 244.285 258.95 245.414 258.95C246.551 258.95 247.281 259.519 247.368 260.331V260.336H246.418V260.327C246.322 259.978 245.969 259.716 245.409 259.716C244.863 259.716 244.468 259.987 244.468 260.386V260.395C244.468 260.707 244.698 260.9 245.258 261.033L246.047 261.212C247.006 261.437 247.464 261.845 247.464 262.566V262.575C247.464 263.497 246.584 264.126 245.4 264.126ZM250.373 264.126C249.171 264.126 248.41 263.561 248.313 262.726V262.722H249.309L249.313 262.726C249.437 263.102 249.8 263.355 250.392 263.355C251.007 263.355 251.433 263.075 251.433 262.667V262.657C251.433 262.345 251.199 262.134 250.621 262.001L249.827 261.818C248.887 261.602 248.451 261.175 248.451 260.446V260.441C248.451 259.574 249.258 258.95 250.387 258.95C251.525 258.95 252.254 259.519 252.342 260.331V260.336H251.392V260.327C251.296 259.978 250.942 259.716 250.383 259.716C249.837 259.716 249.442 259.987 249.442 260.386V260.395C249.442 260.707 249.671 260.9 250.231 261.033L251.02 261.212C251.979 261.437 252.438 261.845 252.438 262.566V262.575C252.438 263.497 251.557 264.126 250.373 264.126ZM254.448 264.029L253.071 259.047H254.071L254.966 262.891H255.04L256.067 259.047H257.012L258.04 262.891H258.118L259.008 259.047H259.995L258.623 264.029H257.6L256.567 260.313H256.489L255.462 264.029H254.448ZM262.931 264.126C261.468 264.126 260.573 263.148 260.573 261.543V261.533C260.573 259.932 261.472 258.95 262.931 258.95C264.386 258.95 265.285 259.927 265.285 261.533V261.543C265.285 263.148 264.39 264.126 262.931 264.126ZM262.931 263.295C263.785 263.295 264.271 262.644 264.271 261.543V261.533C264.271 260.428 263.785 259.781 262.931 259.781C262.073 259.781 261.591 260.428 261.591 261.533V261.543C261.591 262.648 262.073 263.295 262.931 263.295ZM266.473 264.029V259.047H267.469V259.799H267.542C267.721 259.271 268.185 258.959 268.85 258.959C269.01 258.959 269.185 258.982 269.286 259.005V259.923C269.107 259.886 268.937 259.863 268.749 259.863C267.987 259.863 267.469 260.331 267.469 261.052V264.029H266.473ZM271.924 264.112C270.671 264.112 269.859 263.107 269.859 261.543V261.533C269.859 259.955 270.658 258.959 271.924 258.959C272.608 258.959 273.19 259.299 273.456 259.836H273.534V257.092H274.525V264.029H273.534V263.245H273.456C273.167 263.791 272.621 264.112 271.924 264.112ZM272.208 263.263C273.039 263.263 273.548 262.607 273.548 261.543V261.533C273.548 260.469 273.034 259.813 272.208 259.813C271.373 259.813 270.873 260.464 270.873 261.533V261.543C270.873 262.612 271.373 263.263 272.208 263.263ZM277.09 261.974L277.086 261.607C277.063 260.96 277.343 260.547 277.971 260.171C278.526 259.836 278.724 259.57 278.724 259.102V259.092C278.724 258.579 278.315 258.198 277.687 258.198C277.053 258.198 276.645 258.579 276.608 259.184H276.599L275.654 259.189V259.18C275.695 258.143 276.407 257.354 277.737 257.354C278.948 257.354 279.765 258.074 279.765 259.051V259.06C279.765 259.767 279.407 260.267 278.802 260.629C278.21 260.978 278.04 261.221 278.04 261.694V261.974H277.09ZM277.622 264.13C277.2 264.13 276.911 263.855 276.911 263.447C276.911 263.034 277.2 262.758 277.622 262.758C278.045 262.758 278.329 263.034 278.329 263.447C278.329 263.855 278.045 264.13 277.622 264.13Z" fill="#5D34F2"/>
+<path d="M176.424 284.138C176.424 281.172 178.828 278.768 181.793 278.768H395.9C398.866 278.768 401.27 281.172 401.27 284.138V303.822C401.27 306.788 398.866 309.192 395.9 309.192H181.793C178.828 309.192 176.424 306.788 176.424 303.822V284.138Z" fill="#5D34F2"/>
+<path d="M274.799 297.664C273.09 297.664 271.994 296.798 271.889 295.524L271.884 295.456H273.037L273.042 295.514C273.105 296.201 273.834 296.641 274.846 296.641C275.811 296.641 276.498 296.159 276.498 295.456V295.451C276.498 294.869 276.089 294.491 275.087 294.276L274.259 294.098C272.723 293.773 272.062 293.06 272.062 291.943V291.937C272.067 290.632 273.2 289.73 274.804 289.73C276.409 289.73 277.458 290.637 277.541 291.812L277.547 291.885H276.409L276.398 291.817C276.299 291.198 275.706 290.747 274.789 290.752C273.902 290.752 273.247 291.167 273.247 291.88V291.885C273.247 292.446 273.645 292.813 274.626 293.023L275.449 293.206C277.038 293.547 277.688 294.187 277.688 295.309V295.314C277.688 296.762 276.561 297.664 274.799 297.664ZM279.697 290.768C279.303 290.768 278.983 290.448 278.983 290.06C278.983 289.667 279.303 289.347 279.697 289.347C280.085 289.347 280.41 289.667 280.41 290.06C280.41 290.448 280.085 290.768 279.697 290.768ZM279.125 297.48V291.785H280.258V297.48H279.125ZM284.321 299.488C282.874 299.488 281.983 298.854 281.846 297.905L281.857 297.894H283.005L283.011 297.905C283.105 298.298 283.566 298.576 284.337 298.576C285.276 298.576 285.832 298.135 285.832 297.359V296.237H285.748C285.402 296.856 284.772 297.202 283.991 297.202C282.528 297.202 281.626 296.075 281.626 294.47V294.46C281.626 292.834 282.533 291.686 284.012 291.686C284.809 291.686 285.428 292.079 285.758 292.719H285.826V291.785H286.959V297.365C286.959 298.66 285.936 299.488 284.321 299.488ZM284.306 296.263C285.271 296.263 285.853 295.529 285.853 294.465V294.454C285.853 293.395 285.265 292.651 284.306 292.651C283.336 292.651 282.79 293.395 282.79 294.454V294.465C282.79 295.524 283.336 296.263 284.306 296.263ZM288.595 297.48V291.785H289.733V292.651H289.817C290.095 292.042 290.64 291.675 291.468 291.675C292.743 291.675 293.445 292.436 293.445 293.794V297.48H292.313V294.061C292.313 293.117 291.919 292.651 291.086 292.651C290.252 292.651 289.733 293.222 289.733 294.14V297.48H288.595ZM298.563 290.768C298.17 290.768 297.85 290.448 297.85 290.06C297.85 289.667 298.17 289.347 298.563 289.347C298.951 289.347 299.276 289.667 299.276 290.06C299.276 290.448 298.951 290.768 298.563 290.768ZM297.992 297.48V291.785H299.124V297.48H297.992ZM300.781 297.48V291.785H301.919V292.651H302.003C302.281 292.042 302.826 291.675 303.655 291.675C304.929 291.675 305.631 292.436 305.631 293.794V297.48H304.499V294.061C304.499 293.117 304.106 292.651 303.272 292.651C302.438 292.651 301.919 293.222 301.919 294.14V297.48H300.781Z" fill="white"/>
+<path d="M223.828 331.191V324.571H224.631L228.224 329.723H228.297V324.571H229.114V331.191H228.311L224.718 326.057H224.645V331.191H223.828ZM232.734 331.279C231.325 331.279 230.453 330.306 230.453 328.723V328.714C230.453 327.126 231.325 326.158 232.734 326.158C234.142 326.158 235.014 327.126 235.014 328.714V328.723C235.014 330.306 234.142 331.279 232.734 331.279ZM232.734 330.572C233.67 330.572 234.197 329.888 234.197 328.723V328.714C234.197 327.544 233.67 326.865 232.734 326.865C231.798 326.865 231.27 327.544 231.27 328.714V328.723C231.27 329.888 231.798 330.572 232.734 330.572ZM238.01 331.228C236.992 331.228 236.565 330.852 236.565 329.907V326.906H235.785V326.245H236.565V324.965H237.391V326.245H238.474V326.906H237.391V329.705C237.391 330.288 237.593 330.522 238.107 330.522C238.249 330.522 238.327 330.517 238.474 330.503V331.182C238.318 331.21 238.166 331.228 238.01 331.228ZM243.667 331.279C242.727 331.279 242.016 330.71 242.016 329.81V329.801C242.016 328.92 242.667 328.411 243.819 328.342L245.237 328.255V327.805C245.237 327.195 244.865 326.865 244.126 326.865C243.534 326.865 243.144 327.085 243.016 327.47L243.011 327.484H242.213L242.217 327.457C242.346 326.681 243.098 326.158 244.154 326.158C245.36 326.158 246.035 326.778 246.035 327.805V331.191H245.237V330.462H245.163C244.851 330.99 244.333 331.279 243.667 331.279ZM242.832 329.792C242.832 330.292 243.259 330.586 243.833 330.586C244.645 330.586 245.237 330.054 245.237 329.347V328.897L243.915 328.98C243.163 329.026 242.832 329.292 242.832 329.783V329.792ZM249.517 331.279C248.132 331.279 247.246 330.274 247.246 328.705V328.695C247.246 327.158 248.127 326.158 249.513 326.158C250.715 326.158 251.435 326.851 251.582 327.732L251.587 327.759H250.793L250.788 327.746C250.664 327.259 250.224 326.865 249.513 326.865C248.623 326.865 248.063 327.581 248.063 328.695V328.705C248.063 329.842 248.632 330.572 249.513 330.572C250.178 330.572 250.6 330.278 250.784 329.728L250.793 329.7L251.582 329.696L251.573 329.746C251.371 330.641 250.706 331.279 249.517 331.279ZM254.775 331.279C253.39 331.279 252.504 330.274 252.504 328.705V328.695C252.504 327.158 253.385 326.158 254.771 326.158C255.973 326.158 256.693 326.851 256.84 327.732L256.845 327.759H256.051L256.046 327.746C255.922 327.259 255.482 326.865 254.771 326.865C253.881 326.865 253.321 327.581 253.321 328.695V328.705C253.321 329.842 253.89 330.572 254.771 330.572C255.436 330.572 255.858 330.278 256.042 329.728L256.051 329.7L256.84 329.696L256.831 329.746C256.629 330.641 255.964 331.279 254.775 331.279ZM260.042 331.279C258.634 331.279 257.762 330.306 257.762 328.723V328.714C257.762 327.126 258.634 326.158 260.042 326.158C261.451 326.158 262.323 327.126 262.323 328.714V328.723C262.323 330.306 261.451 331.279 260.042 331.279ZM260.042 330.572C260.978 330.572 261.506 329.888 261.506 328.723V328.714C261.506 327.544 260.978 326.865 260.042 326.865C259.107 326.865 258.579 327.544 258.579 328.714V328.723C258.579 329.888 259.107 330.572 260.042 330.572ZM265.218 331.279C264.094 331.279 263.516 330.618 263.516 329.448V326.245H264.314V329.255C264.314 330.145 264.635 330.572 265.424 330.572C266.296 330.572 266.76 330.04 266.76 329.173V326.245H267.558V331.191H266.76V330.453H266.686C266.443 330.98 265.943 331.279 265.218 331.279ZM269.049 331.191V326.245H269.847V326.989H269.921C270.169 326.466 270.632 326.158 271.361 326.158C272.472 326.158 273.091 326.814 273.091 327.989V331.191H272.293V328.182C272.293 327.291 271.926 326.865 271.137 326.865C270.348 326.865 269.847 327.397 269.847 328.264V331.191H269.049ZM276.294 331.228C275.275 331.228 274.848 330.852 274.848 329.907V326.906H274.069V326.245H274.848V324.965H275.674V326.245H276.757V326.906H275.674V329.705C275.674 330.288 275.876 330.522 276.39 330.522C276.532 330.522 276.61 330.517 276.757 330.503V331.182C276.601 331.21 276.45 331.228 276.294 331.228ZM279.01 329.145V328.723C279.005 328.117 279.299 327.704 279.928 327.328C280.46 327.002 280.666 326.713 280.666 326.227V326.218C280.666 325.653 280.226 325.236 279.542 325.236C278.849 325.236 278.409 325.644 278.363 326.296L278.354 326.3L277.574 326.305V326.296C277.624 325.309 278.285 324.52 279.574 324.52C280.731 324.52 281.52 325.236 281.52 326.177V326.186C281.52 326.901 281.148 327.411 280.561 327.764C279.978 328.108 279.813 328.365 279.813 328.847V329.145H279.01ZM279.473 331.274C279.102 331.274 278.836 331.008 278.836 330.636C278.836 330.26 279.102 329.994 279.473 329.994C279.845 329.994 280.107 330.26 280.107 330.636C280.107 331.008 279.845 331.274 279.473 331.274Z" fill="#191C1D"/>
+<path d="M289.072 331.352C287.232 331.352 286.085 330.021 286.085 327.888V327.879C286.085 325.741 287.228 324.41 289.067 324.41C290.527 324.41 291.646 325.332 291.82 326.649L291.816 326.672H290.797V326.658C290.605 325.846 289.939 325.319 289.067 325.319C287.879 325.319 287.136 326.305 287.136 327.879V327.888C287.136 329.457 287.879 330.444 289.072 330.444C289.948 330.444 290.605 329.976 290.793 329.228L290.802 329.209H291.82V329.237C291.628 330.508 290.549 331.352 289.072 331.352ZM293.059 331.191V326.209H294.055V326.961H294.128C294.307 326.433 294.771 326.121 295.436 326.121C295.596 326.121 295.771 326.144 295.872 326.167V327.085C295.693 327.048 295.523 327.025 295.335 327.025C294.573 327.025 294.055 327.493 294.055 328.214V331.191H293.059ZM298.785 331.288C297.326 331.288 296.445 330.292 296.445 328.714V328.709C296.445 327.154 297.345 326.112 298.735 326.112C300.125 326.112 300.978 327.117 300.978 328.613V328.962H297.445C297.464 329.916 297.987 330.471 298.808 330.471C299.446 330.471 299.827 330.154 299.946 329.898L299.964 329.861L300.923 329.856L300.914 329.898C300.749 330.554 300.061 331.288 298.785 331.288ZM298.739 326.929C298.06 326.929 297.546 327.392 297.459 328.25H299.992C299.914 327.36 299.414 326.929 298.739 326.929ZM303.529 331.274C302.58 331.274 301.878 330.696 301.878 329.792V329.783C301.878 328.893 302.547 328.374 303.736 328.301L305.085 328.223V327.782C305.085 327.236 304.741 326.934 304.066 326.934C303.516 326.934 303.153 327.135 303.034 327.489L303.029 327.507H302.07L302.075 327.475C302.194 326.658 302.979 326.112 304.112 326.112C305.365 326.112 306.071 326.736 306.071 327.782V331.191H305.085V330.485H305.007C304.713 330.99 304.19 331.274 303.529 331.274ZM302.869 329.751C302.869 330.21 303.259 330.48 303.795 330.48C304.539 330.48 305.085 329.994 305.085 329.352V328.925L303.869 329.003C303.181 329.044 302.869 329.292 302.869 329.742V329.751ZM309.356 331.224C308.26 331.224 307.81 330.838 307.81 329.879V326.993H307.03V326.209H307.81V324.952H308.824V326.209H309.893V326.993H308.824V329.641C308.824 330.177 309.026 330.398 309.517 330.398C309.668 330.398 309.755 330.393 309.893 330.379V331.173C309.733 331.201 309.549 331.224 309.356 331.224ZM313.091 331.288C311.632 331.288 310.751 330.292 310.751 328.714V328.709C310.751 327.154 311.65 326.112 313.041 326.112C314.431 326.112 315.284 327.117 315.284 328.613V328.962H311.751C311.77 329.916 312.293 330.471 313.114 330.471C313.752 330.471 314.133 330.154 314.252 329.898L314.27 329.861L315.229 329.856L315.22 329.898C315.055 330.554 314.367 331.288 313.091 331.288ZM313.045 326.929C312.366 326.929 311.852 327.392 311.765 328.25H314.298C314.22 327.36 313.72 326.929 313.045 326.929ZM320.405 331.274C319.455 331.274 318.753 330.696 318.753 329.792V329.783C318.753 328.893 319.423 328.374 320.611 328.301L321.96 328.223V327.782C321.96 327.236 321.616 326.934 320.941 326.934C320.391 326.934 320.028 327.135 319.909 327.489L319.904 327.507H318.946L318.95 327.475C319.069 326.658 319.854 326.112 320.987 326.112C322.24 326.112 322.946 326.736 322.946 327.782V331.191H321.96V330.485H321.882C321.588 330.99 321.065 331.274 320.405 331.274ZM319.744 329.751C319.744 330.21 320.134 330.48 320.671 330.48C321.414 330.48 321.96 329.994 321.96 329.352V328.925L320.744 329.003C320.056 329.044 319.744 329.292 319.744 329.742V329.751ZM326.447 331.288C324.993 331.288 324.103 330.297 324.103 328.686V328.677C324.103 327.099 324.988 326.112 326.443 326.112C327.695 326.112 328.443 326.819 328.581 327.787V327.81L327.626 327.815L327.622 327.801C327.512 327.31 327.108 326.943 326.447 326.943C325.617 326.943 325.117 327.603 325.117 328.677V328.686C325.117 329.787 325.626 330.457 326.447 330.457C327.071 330.457 327.457 330.173 327.617 329.636L327.626 329.613H328.581L328.572 329.654C328.393 330.622 327.681 331.288 326.447 331.288ZM331.806 331.288C330.352 331.288 329.462 330.297 329.462 328.686V328.677C329.462 327.099 330.347 326.112 331.802 326.112C333.054 326.112 333.802 326.819 333.94 327.787V327.81L332.985 327.815L332.981 327.801C332.871 327.31 332.467 326.943 331.806 326.943C330.976 326.943 330.476 327.603 330.476 328.677V328.686C330.476 329.787 330.985 330.457 331.806 330.457C332.43 330.457 332.816 330.173 332.976 329.636L332.985 329.613H333.94L333.931 329.654C333.752 330.622 333.04 331.288 331.806 331.288ZM337.179 331.288C335.715 331.288 334.821 330.31 334.821 328.705V328.695C334.821 327.094 335.72 326.112 337.179 326.112C338.633 326.112 339.533 327.09 339.533 328.695V328.705C339.533 330.31 338.638 331.288 337.179 331.288ZM337.179 330.457C338.032 330.457 338.519 329.806 338.519 328.705V328.695C338.519 327.59 338.032 326.943 337.179 326.943C336.321 326.943 335.839 327.59 335.839 328.695V328.705C335.839 329.81 336.321 330.457 337.179 330.457ZM342.382 331.288C341.258 331.288 340.675 330.613 340.675 329.434V326.209H341.671V329.2C341.671 330.026 341.974 330.434 342.703 330.434C343.501 330.434 343.928 329.934 343.928 329.131V326.209H344.919V331.191H343.928V330.439H343.85C343.612 330.976 343.107 331.288 342.382 331.288ZM346.355 331.191V326.209H347.351V326.966H347.424C347.667 326.433 348.145 326.112 348.87 326.112C349.984 326.112 350.599 326.778 350.599 327.966V331.191H349.608V328.2C349.608 327.374 349.264 326.966 348.535 326.966C347.805 326.966 347.351 327.466 347.351 328.269V331.191H346.355ZM353.871 331.224C352.774 331.224 352.324 330.838 352.324 329.879V326.993H351.544V326.209H352.324V324.952H353.338V326.209H354.407V326.993H353.338V329.641C353.338 330.177 353.54 330.398 354.031 330.398C354.183 330.398 354.27 330.393 354.407 330.379V331.173C354.247 331.201 354.063 331.224 353.871 331.224Z" fill="#5D34F2"/>
+<rect x="176.424" y="356.541" width="96.6841" height="0.671182" fill="#191C1D" fill-opacity="0.12"/>
+<path d="M286.623 359.963C285.214 359.963 284.342 358.99 284.342 357.408V357.398C284.342 355.811 285.214 354.843 286.623 354.843C288.031 354.843 288.903 355.811 288.903 357.398V357.408C288.903 358.99 288.031 359.963 286.623 359.963ZM286.623 359.257C287.559 359.257 288.086 358.573 288.086 357.408V357.398C288.086 356.228 287.559 355.549 286.623 355.549C285.687 355.549 285.159 356.228 285.159 357.398V357.408C285.159 358.573 285.687 359.257 286.623 359.257ZM290.142 359.876V354.93H290.94V355.664H291.013C291.202 355.146 291.665 354.843 292.335 354.843C292.486 354.843 292.656 354.861 292.734 354.875V355.65C292.569 355.623 292.417 355.604 292.243 355.604C291.481 355.604 290.94 356.086 290.94 356.811V359.876H290.142Z" fill="#747778"/>
+<rect x="304.585" y="356.541" width="96.6841" height="0.671182" fill="#191C1D" fill-opacity="0.12"/>
+<path d="M176.759 383.93C176.759 381.15 179.013 378.897 181.793 378.897H395.9C398.68 378.897 400.934 381.15 400.934 383.93V402.724C400.934 405.504 398.68 407.757 395.9 407.757H181.793C179.013 407.757 176.759 405.504 176.759 402.724V383.93Z" stroke="#C4C7C7" stroke-width="0.671182"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M201.016 393.465C201.016 393.036 200.977 392.624 200.906 392.229H195.217V394.566H198.468C198.328 395.321 197.902 395.96 197.262 396.389V397.904H199.215C200.357 396.853 201.016 395.304 201.016 393.465Z" fill="#4285F4"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M195.217 399.368C196.848 399.368 198.215 398.827 199.215 397.904L197.262 396.388C196.721 396.751 196.029 396.965 195.217 396.965C193.643 396.965 192.312 395.902 191.837 394.475H189.819V396.04C190.813 398.014 192.855 399.368 195.217 399.368Z" fill="#34A853"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M191.837 394.475C191.716 394.112 191.647 393.725 191.647 393.327C191.647 392.929 191.716 392.542 191.837 392.179V390.614H189.819C189.409 391.43 189.176 392.352 189.176 393.327C189.176 394.302 189.409 395.224 189.819 396.04L191.837 394.475Z" fill="#FBBC05"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M195.217 389.689C196.104 389.689 196.9 389.994 197.526 390.592L199.258 388.86C198.212 387.885 196.845 387.287 195.217 387.287C192.855 387.287 190.813 388.64 189.819 390.614L191.837 392.18C192.312 390.752 193.643 389.689 195.217 389.689Z" fill="#EA4335"/>
+<path d="M236.159 397.456C234.056 397.456 232.745 395.936 232.745 393.498V393.487C232.745 391.044 234.051 389.523 236.153 389.523C237.821 389.523 239.1 390.577 239.3 392.082L239.294 392.108H238.13V392.092C237.91 391.164 237.15 390.561 236.153 390.561C234.795 390.561 233.946 391.689 233.946 393.487V393.498C233.946 395.291 234.795 396.418 236.159 396.418C237.16 396.418 237.91 395.883 238.125 395.029L238.135 395.008H239.3V395.039C239.079 396.492 237.847 397.456 236.159 397.456ZM243.127 397.383C241.455 397.383 240.432 396.266 240.432 394.431V394.42C240.432 392.59 241.46 391.468 243.127 391.468C244.79 391.468 245.817 392.585 245.817 394.42V394.431C245.817 396.266 244.795 397.383 243.127 397.383ZM243.127 396.434C244.103 396.434 244.659 395.689 244.659 394.431V394.42C244.659 393.157 244.103 392.417 243.127 392.417C242.147 392.417 241.596 393.157 241.596 394.42V394.431C241.596 395.695 242.147 396.434 243.127 396.434ZM247.175 397.273V391.578H248.313V392.444H248.397C248.675 391.835 249.22 391.468 250.049 391.468C251.323 391.468 252.026 392.229 252.026 393.587V397.273H250.893V393.854C250.893 392.91 250.5 392.444 249.666 392.444C248.832 392.444 248.313 393.015 248.313 393.933V397.273H247.175ZM255.765 397.31C254.511 397.31 253.997 396.869 253.997 395.773V392.475H253.106V391.578H253.997V390.142H255.156V391.578H256.378V392.475H255.156V395.501C255.156 396.114 255.387 396.366 255.948 396.366C256.121 396.366 256.221 396.361 256.378 396.345V397.252C256.194 397.283 255.985 397.31 255.765 397.31ZM258.297 390.561C257.904 390.561 257.584 390.241 257.584 389.853C257.584 389.46 257.904 389.14 258.297 389.14C258.685 389.14 259.01 389.46 259.01 389.853C259.01 390.241 258.685 390.561 258.297 390.561ZM257.726 397.273V391.578H258.858V397.273H257.726ZM260.515 397.273V391.578H261.653V392.444H261.737C262.015 391.835 262.56 391.468 263.389 391.468C264.663 391.468 265.366 392.229 265.366 393.587V397.273H264.233V393.854C264.233 392.91 263.84 392.444 263.006 392.444C262.172 392.444 261.653 393.015 261.653 393.933V397.273H260.515ZM268.853 397.383C267.568 397.383 266.902 396.612 266.902 395.265V391.578H268.04V394.997C268.04 395.941 268.386 396.408 269.22 396.408C270.132 396.408 270.62 395.836 270.62 394.919V391.578H271.752V397.273H270.62V396.413H270.531C270.258 397.026 269.681 397.383 268.853 397.383ZM275.785 397.383C274.117 397.383 273.11 396.245 273.11 394.441V394.436C273.11 392.659 274.138 391.468 275.727 391.468C277.316 391.468 278.291 392.617 278.291 394.326V394.725H274.253C274.274 395.815 274.872 396.45 275.811 396.45C276.54 396.45 276.975 396.088 277.111 395.794L277.132 395.752L278.228 395.747L278.218 395.794C278.029 396.544 277.242 397.383 275.785 397.383ZM275.732 392.402C274.956 392.402 274.369 392.931 274.269 393.912H277.164C277.075 392.895 276.503 392.402 275.732 392.402ZM283.676 397.273L282.103 391.578H283.246L284.269 395.973H284.353L285.527 391.578H286.607L287.782 395.973H287.871L288.888 391.578H290.016L288.448 397.273H287.279L286.099 393.026H286.01L284.835 397.273H283.676ZM291.772 390.561C291.379 390.561 291.059 390.241 291.059 389.853C291.059 389.46 291.379 389.14 291.772 389.14C292.16 389.14 292.486 389.46 292.486 389.853C292.486 390.241 292.16 390.561 291.772 390.561ZM291.201 397.273V391.578H292.333V397.273H291.201ZM296.14 397.31C294.887 397.31 294.373 396.869 294.373 395.773V392.475H293.482V391.578H294.373V390.142H295.532V391.578H296.754V392.475H295.532V395.501C295.532 396.114 295.763 396.366 296.324 396.366C296.497 396.366 296.597 396.361 296.754 396.345V397.252C296.57 397.283 296.361 397.31 296.14 397.31ZM298.133 397.273V389.345H299.271V392.444H299.355C299.633 391.835 300.178 391.468 301.006 391.468C302.281 391.468 302.983 392.229 302.983 393.587V397.273H301.851V393.854C301.851 392.91 301.457 392.444 300.624 392.444C299.79 392.444 299.271 393.015 299.271 393.933V397.273H298.133ZM310.828 397.456C308.683 397.456 307.33 395.925 307.33 393.492V393.482C307.33 391.08 308.699 389.523 310.817 389.523C312.537 389.523 313.759 390.498 314.032 391.961L314.042 392.014H312.867L312.852 391.961C312.579 391.065 311.855 390.561 310.817 390.561C309.417 390.561 308.531 391.694 308.531 393.477V393.487C308.531 395.296 309.422 396.418 310.843 396.418C312.081 396.418 312.925 395.637 312.936 394.473V394.305H310.99V393.356H314.094V394.295C314.094 396.214 312.81 397.456 310.828 397.456ZM317.996 397.383C316.323 397.383 315.3 396.266 315.3 394.431V394.42C315.3 392.59 316.328 391.468 317.996 391.468C319.658 391.468 320.686 392.585 320.686 394.42V394.431C320.686 396.266 319.663 397.383 317.996 397.383ZM317.996 396.434C318.971 396.434 319.527 395.689 319.527 394.431V394.42C319.527 393.157 318.971 392.417 317.996 392.417C317.015 392.417 316.465 393.157 316.465 394.42V394.431C316.465 395.695 317.015 396.434 317.996 396.434ZM324.456 397.383C322.783 397.383 321.761 396.266 321.761 394.431V394.42C321.761 392.59 322.788 391.468 324.456 391.468C326.118 391.468 327.146 392.585 327.146 394.42V394.431C327.146 396.266 326.123 397.383 324.456 397.383ZM324.456 396.434C325.431 396.434 325.987 395.689 325.987 394.431V394.42C325.987 393.157 325.431 392.417 324.456 392.417C323.475 392.417 322.925 393.157 322.925 394.42V394.431C322.925 395.695 323.475 396.434 324.456 396.434ZM330.911 399.281C329.463 399.281 328.572 398.647 328.436 397.698L328.446 397.687H329.595L329.6 397.698C329.694 398.091 330.156 398.369 330.926 398.369C331.865 398.369 332.421 397.928 332.421 397.152V396.03H332.337C331.991 396.649 331.362 396.995 330.58 396.995C329.117 396.995 328.215 395.868 328.215 394.263V394.253C328.215 392.627 329.123 391.479 330.601 391.479C331.398 391.479 332.017 391.872 332.347 392.512H332.416V391.578H333.548V397.158C333.548 398.453 332.526 399.281 330.911 399.281ZM330.895 396.056C331.86 396.056 332.442 395.322 332.442 394.258V394.247C332.442 393.188 331.855 392.444 330.895 392.444C329.925 392.444 329.38 393.188 329.38 394.247V394.258C329.38 395.317 329.925 396.056 330.895 396.056ZM335.237 397.273V389.345H336.375V397.273H335.237ZM340.459 397.383C338.792 397.383 337.785 396.245 337.785 394.441V394.436C337.785 392.659 338.813 391.468 340.402 391.468C341.99 391.468 342.966 392.617 342.966 394.326V394.725H338.928C338.949 395.815 339.547 396.45 340.486 396.45C341.214 396.45 341.65 396.088 341.786 395.794L341.807 395.752L342.903 395.747L342.892 395.794C342.704 396.544 341.917 397.383 340.459 397.383ZM340.407 392.402C339.631 392.402 339.044 392.931 338.944 393.912H341.838C341.749 392.895 341.178 392.402 340.407 392.402Z" fill="#191C1D"/>
+<path d="M176.759 423.463C176.759 420.683 179.013 418.429 181.793 418.429H395.9C398.68 418.429 400.934 420.683 400.934 423.463V442.256C400.934 445.036 398.68 447.29 395.9 447.29H181.793C179.013 447.29 176.759 445.036 176.759 442.256V423.463Z" stroke="#C4C7C7" stroke-width="0.671182"/>
+<path d="M201.929 432.859C201.929 429.152 198.924 426.147 195.217 426.147C191.509 426.147 188.505 429.152 188.505 432.859C188.505 436.21 190.959 438.986 194.168 439.49V434.799H192.464V432.859H194.168V431.381C194.168 429.699 195.17 428.769 196.703 428.769C197.437 428.769 198.206 428.9 198.206 428.9V430.552H197.359C196.525 430.552 196.265 431.07 196.265 431.601V432.859H198.127L197.829 434.799H196.265V439.49C199.475 438.986 201.929 436.21 201.929 432.859Z" fill="#1877F2"/>
+<path d="M197.829 434.799L198.127 432.859H196.265V431.601C196.265 431.07 196.525 430.552 197.359 430.552H198.206V428.9C198.206 428.9 197.437 428.769 196.703 428.769C195.17 428.769 194.168 429.698 194.168 431.38V432.859H192.464V434.799H194.168V439.49C194.51 439.543 194.86 439.571 195.217 439.571C195.573 439.571 195.923 439.543 196.265 439.49V434.799H197.829Z" fill="white"/>
+<path d="M230.02 436.989C227.918 436.989 226.607 435.468 226.607 433.03V433.019C226.607 430.576 227.912 429.055 230.015 429.055C231.682 429.055 232.962 430.109 233.161 431.614L233.156 431.64H231.992V431.624C231.772 430.696 231.011 430.093 230.015 430.093C228.657 430.093 227.807 431.221 227.807 433.019V433.03C227.807 434.823 228.657 435.95 230.02 435.95C231.022 435.95 231.772 435.416 231.987 434.561L231.997 434.54H233.161V434.571C232.941 436.024 231.709 436.989 230.02 436.989ZM236.989 436.915C235.316 436.915 234.294 435.798 234.294 433.963V433.953C234.294 432.123 235.322 431 236.989 431C238.651 431 239.679 432.117 239.679 433.953V433.963C239.679 435.798 238.656 436.915 236.989 436.915ZM236.989 435.966C237.964 435.966 238.52 435.222 238.52 433.963V433.953C238.52 432.689 237.964 431.95 236.989 431.95C236.008 431.95 235.458 432.689 235.458 433.953V433.963C235.458 435.227 236.008 435.966 236.989 435.966ZM241.037 436.805V431.111H242.175V431.976H242.259C242.537 431.368 243.082 431 243.911 431C245.185 431 245.887 431.761 245.887 433.119V436.805H244.755V433.386C244.755 432.442 244.362 431.976 243.528 431.976C242.694 431.976 242.175 432.547 242.175 433.465V436.805H241.037ZM249.626 436.842C248.373 436.842 247.859 436.401 247.859 435.306V432.007H246.968V431.111H247.859V429.674H249.018V431.111H250.24V432.007H249.018V435.033C249.018 435.646 249.249 435.898 249.81 435.898C249.983 435.898 250.082 435.893 250.24 435.877V436.784C250.056 436.816 249.846 436.842 249.626 436.842ZM252.159 430.093C251.765 430.093 251.446 429.773 251.446 429.385C251.446 428.992 251.765 428.672 252.159 428.672C252.547 428.672 252.872 428.992 252.872 429.385C252.872 429.773 252.547 430.093 252.159 430.093ZM251.587 436.805V431.111H252.72V436.805H251.587ZM254.377 436.805V431.111H255.515V431.976H255.599C255.876 431.368 256.422 431 257.25 431C258.525 431 259.227 431.761 259.227 433.119V436.805H258.095V433.386C258.095 432.442 257.701 431.976 256.868 431.976C256.034 431.976 255.515 432.547 255.515 433.465V436.805H254.377ZM262.714 436.915C261.429 436.915 260.764 436.144 260.764 434.797V431.111H261.901V434.529C261.901 435.473 262.247 435.94 263.081 435.94C263.994 435.94 264.481 435.368 264.481 434.451V431.111H265.614V436.805H264.481V435.945H264.392C264.119 436.559 263.543 436.915 262.714 436.915ZM269.646 436.915C267.979 436.915 266.972 435.777 266.972 433.974V433.968C266.972 432.191 268 431 269.589 431C271.177 431 272.153 432.149 272.153 433.858V434.257H268.115C268.136 435.347 268.734 435.982 269.672 435.982C270.401 435.982 270.837 435.62 270.973 435.326L270.994 435.285L272.09 435.279L272.079 435.326C271.89 436.076 271.104 436.915 269.646 436.915ZM269.594 431.934C268.818 431.934 268.23 432.463 268.131 433.444H271.025C270.936 432.427 270.365 431.934 269.594 431.934ZM277.538 436.805L275.965 431.111H277.108L278.13 435.505H278.214L279.389 431.111H280.469L281.644 435.505H281.733L282.75 431.111H283.877L282.31 436.805H281.14L279.96 432.558H279.871L278.697 436.805H277.538ZM285.634 430.093C285.241 430.093 284.921 429.773 284.921 429.385C284.921 428.992 285.241 428.672 285.634 428.672C286.022 428.672 286.347 428.992 286.347 429.385C286.347 429.773 286.022 430.093 285.634 430.093ZM285.062 436.805V431.111H286.195V436.805H285.062ZM290.002 436.842C288.749 436.842 288.235 436.401 288.235 435.306V432.007H287.343V431.111H288.235V429.674H289.394V431.111H290.615V432.007H289.394V435.033C289.394 435.646 289.624 435.898 290.185 435.898C290.358 435.898 290.458 435.893 290.615 435.877V436.784C290.432 436.816 290.222 436.842 290.002 436.842ZM291.994 436.805V428.877H293.132V431.976H293.216C293.494 431.368 294.039 431 294.868 431C296.142 431 296.845 431.761 296.845 433.119V436.805H295.712V433.386C295.712 432.442 295.319 431.976 294.485 431.976C293.651 431.976 293.132 432.547 293.132 433.465V436.805H291.994ZM301.501 436.805V429.239H306.226V430.251H302.676V432.647H305.927V433.638H302.676V436.805H301.501ZM308.847 436.9C307.762 436.9 306.96 436.239 306.96 435.206V435.195C306.96 434.178 307.725 433.586 309.083 433.502L310.625 433.413V432.909C310.625 432.285 310.232 431.939 309.461 431.939C308.832 431.939 308.417 432.17 308.281 432.574L308.276 432.595H307.18L307.185 432.558C307.322 431.624 308.218 431 309.513 431C310.945 431 311.752 431.714 311.752 432.909V436.805H310.625V435.998H310.536C310.2 436.574 309.603 436.9 308.847 436.9ZM308.092 435.159C308.092 435.683 308.538 435.992 309.152 435.992C310.001 435.992 310.625 435.437 310.625 434.702V434.215L309.235 434.304C308.449 434.351 308.092 434.634 308.092 435.148V435.159ZM315.753 436.915C314.091 436.915 313.074 435.783 313.074 433.942V433.932C313.074 432.128 314.086 431 315.748 431C317.18 431 318.034 431.808 318.192 432.914V432.941L317.101 432.946L317.096 432.93C316.97 432.369 316.508 431.95 315.753 431.95C314.804 431.95 314.233 432.705 314.233 433.932V433.942C314.233 435.201 314.815 435.966 315.753 435.966C316.466 435.966 316.907 435.641 317.09 435.028L317.101 435.001H318.192L318.181 435.049C317.977 436.155 317.164 436.915 315.753 436.915ZM321.873 436.915C320.205 436.915 319.198 435.777 319.198 433.974V433.968C319.198 432.191 320.226 431 321.815 431C323.404 431 324.379 432.149 324.379 433.858V434.257H320.341C320.362 435.347 320.96 435.982 321.899 435.982C322.628 435.982 323.063 435.62 323.199 435.326L323.22 435.285L324.316 435.279L324.306 435.326C324.117 436.076 323.33 436.915 321.873 436.915ZM321.82 431.934C321.044 431.934 320.457 432.463 320.357 433.444H323.252C323.163 432.427 322.591 431.934 321.82 431.934ZM328.757 436.9C327.96 436.9 327.336 436.533 327.006 435.909H326.922V436.805H325.784V428.877H326.922V432.013H327.006C327.31 431.399 327.976 431.011 328.757 431.011C330.205 431.011 331.117 432.149 331.117 433.953V433.963C331.117 435.751 330.194 436.9 328.757 436.9ZM328.438 435.929C329.387 435.929 329.958 435.185 329.958 433.963V433.953C329.958 432.731 329.387 431.986 328.438 431.986C327.488 431.986 326.901 432.736 326.901 433.953V433.963C326.901 435.18 327.488 435.929 328.438 435.929ZM334.887 436.915C333.215 436.915 332.192 435.798 332.192 433.963V433.953C332.192 432.123 333.22 431 334.887 431C336.549 431 337.577 432.117 337.577 433.953V433.963C337.577 435.798 336.555 436.915 334.887 436.915ZM334.887 435.966C335.863 435.966 336.418 435.222 336.418 433.963V433.953C336.418 432.689 335.863 431.95 334.887 431.95C333.907 431.95 333.356 432.689 333.356 433.953V433.963C333.356 435.227 333.907 435.966 334.887 435.966ZM341.347 436.915C339.675 436.915 338.652 435.798 338.652 433.963V433.953C338.652 432.123 339.68 431 341.347 431C343.01 431 344.037 432.117 344.037 433.953V433.963C344.037 435.798 343.015 436.915 341.347 436.915ZM341.347 435.966C342.323 435.966 342.878 435.222 342.878 433.963V433.953C342.878 432.689 342.323 431.95 341.347 431.95C340.367 431.95 339.816 432.689 339.816 433.953V433.963C339.816 435.227 340.367 435.966 341.347 435.966ZM345.448 436.805V428.877H346.586V433.512H346.67L348.93 431.111H350.261L347.886 433.512L350.419 436.805H349.034L347.073 434.246L346.586 434.734V436.805H345.448Z" fill="#191C1D"/>
+<path d="M231.365 477.103V472.065H229.536V471.428H233.901V472.065H232.073V477.103H231.365ZM235.852 477.178C234.641 477.178 233.909 476.328 233.909 474.999V474.995C233.909 473.686 234.656 472.789 235.809 472.789C236.961 472.789 237.661 473.646 237.661 474.913V475.18H234.609C234.629 476.057 235.113 476.568 235.868 476.568C236.442 476.568 236.796 476.297 236.91 476.041L236.926 476.006H237.61L237.602 476.037C237.457 476.611 236.851 477.178 235.852 477.178ZM235.805 473.398C235.176 473.398 234.696 473.827 234.621 474.633H236.965C236.894 473.796 236.43 473.398 235.805 473.398ZM238.723 477.103V472.864H239.407V473.493H239.47C239.631 473.048 240.029 472.789 240.603 472.789C240.733 472.789 240.878 472.805 240.945 472.816V473.481C240.803 473.457 240.674 473.442 240.524 473.442C239.871 473.442 239.407 473.855 239.407 474.476V477.103H238.723ZM241.869 477.103V472.864H242.553V473.509H242.616C242.805 473.052 243.206 472.789 243.761 472.789C244.335 472.789 244.736 473.092 244.933 473.532H244.996C245.224 473.084 245.707 472.789 246.293 472.789C247.159 472.789 247.642 473.284 247.642 474.173V477.103H246.958V474.33C246.958 473.705 246.671 473.394 246.073 473.394C245.483 473.394 245.094 473.839 245.094 474.378V477.103H244.41V474.224C244.41 473.721 244.064 473.394 243.529 473.394C242.974 473.394 242.553 473.878 242.553 474.476V477.103H241.869ZM250.332 477.178C249.388 477.178 248.739 476.722 248.661 476.022H249.361C249.475 476.375 249.813 476.608 250.356 476.608C250.926 476.608 251.331 476.336 251.331 475.951V475.943C251.331 475.656 251.115 475.455 250.592 475.329L249.935 475.172C249.141 474.983 248.783 474.637 248.783 474.028V474.024C248.783 473.32 249.459 472.789 250.36 472.789C251.249 472.789 251.866 473.233 251.96 473.925H251.288C251.197 473.591 250.867 473.359 250.356 473.359C249.852 473.359 249.483 473.619 249.483 473.992V474C249.483 474.287 249.695 474.468 250.195 474.59L250.847 474.747C251.646 474.94 252.031 475.286 252.031 475.892V475.9C252.031 476.655 251.296 477.178 250.332 477.178ZM257.1 477.178C255.893 477.178 255.146 476.344 255.146 474.987V474.979C255.146 473.619 255.893 472.789 257.1 472.789C258.308 472.789 259.055 473.619 259.055 474.979V474.987C259.055 476.344 258.308 477.178 257.1 477.178ZM257.1 476.572C257.903 476.572 258.355 475.986 258.355 474.987V474.979C258.355 473.977 257.903 473.394 257.1 473.394C256.298 473.394 255.846 473.977 255.846 474.979V474.987C255.846 475.986 256.298 476.572 257.1 476.572ZM260.4 477.103V473.43H259.696V472.864H260.4V472.392C260.4 471.546 260.825 471.141 261.631 471.141C261.796 471.141 261.946 471.153 262.087 471.18V471.727C262.005 471.711 261.89 471.707 261.769 471.707C261.281 471.707 261.084 471.947 261.084 472.411V472.864H262.048V473.43H261.084V477.103H260.4ZM267.636 477.237C266.228 477.237 265.379 476.387 265.379 475.152V471.428H266.087V475.105C266.087 475.978 266.653 476.584 267.636 476.584C268.619 476.584 269.178 475.978 269.178 475.105V471.428H269.886V475.152C269.886 476.387 269.044 477.237 267.636 477.237ZM272.694 477.178C271.75 477.178 271.101 476.722 271.022 476.022H271.722C271.836 476.375 272.175 476.608 272.717 476.608C273.287 476.608 273.693 476.336 273.693 475.951V475.943C273.693 475.656 273.476 475.455 272.953 475.329L272.296 475.172C271.502 474.983 271.144 474.637 271.144 474.028V474.024C271.144 473.32 271.821 472.789 272.721 472.789C273.61 472.789 274.227 473.233 274.322 473.925H273.649C273.559 473.591 273.228 473.359 272.717 473.359C272.214 473.359 271.844 473.619 271.844 473.992V474C271.844 474.287 272.057 474.468 272.556 474.59L273.209 474.747C274.007 474.94 274.393 475.286 274.393 475.892V475.9C274.393 476.655 273.657 477.178 272.694 477.178ZM277.185 477.178C275.974 477.178 275.242 476.328 275.242 474.999V474.995C275.242 473.686 275.989 472.789 277.142 472.789C278.294 472.789 278.994 473.646 278.994 474.913V475.18H275.942C275.962 476.057 276.445 476.568 277.201 476.568C277.775 476.568 278.129 476.297 278.243 476.041L278.258 476.006H278.943L278.935 476.037C278.789 476.611 278.184 477.178 277.185 477.178ZM277.138 473.398C276.508 473.398 276.029 473.827 275.954 474.633H278.298C278.227 473.796 277.763 473.398 277.138 473.398Z" fill="#191C1D"/>
+<line x1="288.182" y1="471.247" x2="288.182" y2="477.959" stroke="#191C1D" stroke-opacity="0.12" stroke-width="0.671182"/>
+<path d="M296.803 477.103V471.428H298.942C300.008 471.428 300.763 472.164 300.763 473.241V473.249C300.763 474.327 300.008 475.078 298.942 475.078H297.511V477.103H296.803ZM298.761 472.057H297.511V474.448H298.761C299.572 474.448 300.039 474.004 300.039 473.257V473.249C300.039 472.502 299.572 472.057 298.761 472.057ZM301.837 477.103V472.864H302.521V473.493H302.584C302.745 473.048 303.142 472.789 303.717 472.789C303.846 472.789 303.992 472.805 304.059 472.816V473.481C303.917 473.457 303.787 473.442 303.638 473.442C302.985 473.442 302.521 473.855 302.521 474.476V477.103H301.837ZM305.266 472.046C305.007 472.046 304.794 471.833 304.794 471.574C304.794 471.314 305.007 471.102 305.266 471.102C305.526 471.102 305.738 471.314 305.738 471.574C305.738 471.833 305.526 472.046 305.266 472.046ZM304.92 477.103V472.864H305.604V477.103H304.92ZM308.094 477.103L306.525 472.864H307.248L308.408 476.356H308.471L309.631 472.864H310.355L308.786 477.103H308.094ZM312.266 477.178C311.46 477.178 310.851 476.69 310.851 475.919V475.911C310.851 475.156 311.409 474.72 312.396 474.661L313.611 474.586V474.201C313.611 473.678 313.293 473.394 312.66 473.394C312.152 473.394 311.818 473.583 311.708 473.914L311.704 473.925H311.02L311.024 473.902C311.134 473.237 311.779 472.789 312.683 472.789C313.717 472.789 314.296 473.32 314.296 474.201V477.103H313.611V476.478H313.548C313.281 476.93 312.837 477.178 312.266 477.178ZM311.551 475.904C311.551 476.332 311.916 476.584 312.408 476.584C313.104 476.584 313.611 476.128 313.611 475.522V475.137L312.479 475.207C311.834 475.247 311.551 475.475 311.551 475.896V475.904ZM317.28 477.178C316.093 477.178 315.334 476.316 315.334 474.971V474.964C315.334 473.646 316.089 472.789 317.277 472.789C318.307 472.789 318.924 473.383 319.05 474.138L319.054 474.161H318.374L318.37 474.15C318.264 473.733 317.886 473.394 317.277 473.394C316.514 473.394 316.034 474.008 316.034 474.964V474.971C316.034 475.947 316.521 476.572 317.277 476.572C317.847 476.572 318.209 476.32 318.366 475.848L318.374 475.825L319.05 475.821L319.042 475.864C318.869 476.631 318.299 477.178 317.28 477.178ZM320.415 478.59C320.324 478.59 320.206 478.582 320.112 478.566V478.004C320.195 478.019 320.301 478.023 320.395 478.023C320.785 478.023 321.02 477.846 321.174 477.359L321.253 477.107L319.683 472.864H320.415L321.579 476.352H321.642L322.802 472.864H323.522L321.866 477.363C321.516 478.314 321.166 478.59 320.415 478.59ZM326.778 477.103V471.428H328.917C329.983 471.428 330.738 472.164 330.738 473.241V473.249C330.738 474.327 329.983 475.078 328.917 475.078H327.486V477.103H326.778ZM328.736 472.057H327.486V474.448H328.736C329.547 474.448 330.015 474.004 330.015 473.257V473.249C330.015 472.502 329.547 472.057 328.736 472.057ZM333.436 477.178C332.229 477.178 331.482 476.344 331.482 474.987V474.979C331.482 473.619 332.229 472.789 333.436 472.789C334.643 472.789 335.391 473.619 335.391 474.979V474.987C335.391 476.344 334.643 477.178 333.436 477.178ZM333.436 476.572C334.238 476.572 334.691 475.986 334.691 474.987V474.979C334.691 473.977 334.238 473.394 333.436 473.394C332.634 473.394 332.182 473.977 332.182 474.979V474.987C332.182 475.986 332.634 476.572 333.436 476.572ZM336.492 477.103V471.18H337.176V477.103H336.492ZM338.851 472.046C338.592 472.046 338.379 471.833 338.379 471.574C338.379 471.314 338.592 471.102 338.851 471.102C339.111 471.102 339.323 471.314 339.323 471.574C339.323 471.833 339.111 472.046 338.851 472.046ZM338.505 477.103V472.864H339.19V477.103H338.505ZM342.214 477.178C341.026 477.178 340.267 476.316 340.267 474.971V474.964C340.267 473.646 341.022 472.789 342.21 472.789C343.24 472.789 343.858 473.383 343.984 474.138L343.988 474.161H343.307L343.303 474.15C343.197 473.733 342.82 473.394 342.21 473.394C341.447 473.394 340.967 474.008 340.967 474.964V474.971C340.967 475.947 341.455 476.572 342.21 476.572C342.78 476.572 343.142 476.32 343.299 475.848L343.307 475.825L343.984 475.821L343.976 475.864C343.803 476.631 343.232 477.178 342.214 477.178ZM345.348 478.59C345.258 478.59 345.14 478.582 345.045 478.566V478.004C345.128 478.019 345.234 478.023 345.329 478.023C345.718 478.023 345.954 477.846 346.107 477.359L346.186 477.107L344.617 472.864H345.348L346.512 476.352H346.575L347.735 472.864H348.455L346.799 477.363C346.449 478.314 346.099 478.59 345.348 478.59Z" fill="#191C1D"/>
+<rect x="243.877" y="588.095" width="89.9384" height="3.35591" rx="1.67796" fill="black"/>
+<path d="M250.081 566.923V561.248H252.291C253.404 561.248 254.175 561.996 254.175 563.109V563.116C254.175 564.226 253.404 564.985 252.291 564.985H250.962V566.923H250.081ZM252.071 561.992H250.962V564.245H252.071C252.834 564.245 253.278 563.832 253.278 563.12V563.113C253.278 562.405 252.834 561.992 252.071 561.992ZM256.904 567.006C255.65 567.006 254.883 566.168 254.883 564.792V564.784C254.883 563.411 255.654 562.57 256.904 562.57C258.151 562.57 258.922 563.407 258.922 564.784V564.792C258.922 566.168 258.155 567.006 256.904 567.006ZM256.904 566.294C257.636 566.294 258.053 565.736 258.053 564.792V564.784C258.053 563.836 257.636 563.282 256.904 563.282C256.169 563.282 255.756 563.836 255.756 564.784V564.792C255.756 565.74 256.169 566.294 256.904 566.294ZM260.597 566.923L259.417 562.652H260.275L261.042 565.948H261.105L261.986 562.652H262.796L263.677 565.948H263.743L264.506 562.652H265.352L264.176 566.923H263.299L262.414 563.738H262.347L261.466 566.923H260.597ZM267.853 567.006C266.603 567.006 265.847 566.153 265.847 564.8V564.796C265.847 563.463 266.618 562.57 267.81 562.57C269.001 562.57 269.733 563.431 269.733 564.713V565.012H266.705C266.72 565.83 267.169 566.306 267.873 566.306C268.419 566.306 268.746 566.035 268.848 565.814L268.864 565.783L269.686 565.779L269.678 565.814C269.536 566.377 268.946 567.006 267.853 567.006ZM267.814 563.27C267.232 563.27 266.791 563.667 266.717 564.402H268.887C268.821 563.64 268.392 563.27 267.814 563.27ZM270.748 566.923V562.652H271.601V563.297H271.664C271.817 562.845 272.214 562.578 272.785 562.578C272.922 562.578 273.072 562.597 273.158 562.617V563.404C273.005 563.372 272.859 563.352 272.698 563.352C272.045 563.352 271.601 563.754 271.601 564.371V566.923H270.748ZM275.656 567.006C274.405 567.006 273.65 566.153 273.65 564.8V564.796C273.65 563.463 274.421 562.57 275.612 562.57C276.804 562.57 277.535 563.431 277.535 564.713V565.012H274.507C274.523 565.83 274.971 566.306 275.675 566.306C276.222 566.306 276.548 566.035 276.651 565.814L276.666 565.783L277.488 565.779L277.48 565.814C277.339 566.377 276.749 567.006 275.656 567.006ZM275.616 563.27C275.034 563.27 274.594 563.667 274.519 564.402H276.69C276.623 563.64 276.194 563.27 275.616 563.27ZM280.107 566.994C279.034 566.994 278.338 566.133 278.338 564.792V564.784C278.338 563.431 279.022 562.578 280.107 562.578C280.693 562.578 281.193 562.869 281.421 563.329H281.488V560.977H282.337V566.923H281.488V566.251H281.421C281.173 566.719 280.705 566.994 280.107 566.994ZM280.351 566.267C281.063 566.267 281.5 565.704 281.5 564.792V564.784C281.5 563.872 281.059 563.309 280.351 563.309C279.636 563.309 279.207 563.868 279.207 564.784V564.792C279.207 565.708 279.636 566.267 280.351 566.267ZM288.079 566.994C287.481 566.994 287.013 566.719 286.766 566.251H286.703V566.923H285.849V560.977H286.703V563.329H286.766C286.994 562.869 287.493 562.578 288.079 562.578C289.164 562.578 289.849 563.431 289.849 564.784V564.792C289.849 566.133 289.157 566.994 288.079 566.994ZM287.839 566.267C288.551 566.267 288.98 565.708 288.98 564.792V564.784C288.98 563.868 288.551 563.309 287.839 563.309C287.127 563.309 286.687 563.872 286.687 564.784V564.792C286.687 565.704 287.127 566.267 287.839 566.267ZM291.119 568.426C291.013 568.426 290.887 568.418 290.777 568.406V567.733C290.859 567.745 290.966 567.749 291.064 567.749C291.461 567.749 291.701 567.58 291.827 567.148L291.89 566.927L290.34 562.652H291.261L292.33 566.066H292.405L293.471 562.652H294.367L292.779 567.089C292.417 568.107 291.984 568.426 291.119 568.426Z" fill="#C9C5D0"/>
+<g opacity="0.8" clip-path="url(#clip2_587_32496)">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M297.979 561.757C297.979 561.534 297.979 561.423 298.02 561.333C298.056 561.254 298.114 561.187 298.187 561.14C298.27 561.087 298.38 561.071 298.601 561.039L301.742 560.588C302.027 560.547 302.169 560.527 302.28 560.57C302.377 560.608 302.459 560.678 302.51 560.769C302.568 560.873 302.568 561.017 302.568 561.306V567.542C302.568 567.83 302.568 567.975 302.51 568.078C302.459 568.169 302.377 568.24 302.28 568.278C302.169 568.321 302.027 568.3 301.742 568.259L298.601 567.808L298.601 567.808C298.38 567.777 298.27 567.761 298.187 567.708C298.114 567.661 298.056 567.594 298.02 567.515C297.979 567.425 297.979 567.314 297.979 567.091V561.757ZM301.146 563.869C301.146 563.803 301.146 563.769 301.159 563.743C301.17 563.72 301.188 563.7 301.21 563.687C301.235 563.673 301.268 563.67 301.335 563.663L301.632 563.636C301.71 563.629 301.749 563.626 301.779 563.639C301.806 563.65 301.828 563.67 301.842 563.696C301.857 563.725 301.857 563.764 301.857 563.842V565.005C301.857 565.084 301.857 565.123 301.842 565.152C301.828 565.177 301.806 565.197 301.779 565.209C301.749 565.222 301.71 565.218 301.632 565.211H301.632L301.335 565.184H301.335C301.268 565.178 301.235 565.175 301.21 565.16C301.188 565.147 301.17 565.128 301.159 565.105C301.146 565.078 301.146 565.045 301.146 564.978V563.869ZM303.46 561.192H303.021V567.655H303.46C303.714 567.655 303.84 567.655 303.937 567.606C304.022 567.563 304.091 567.493 304.135 567.408C304.184 567.312 304.184 567.185 304.184 566.931V561.916C304.184 561.663 304.184 561.536 304.135 561.439C304.091 561.354 304.022 561.285 303.937 561.241C303.84 561.192 303.714 561.192 303.46 561.192Z" fill="#C9C5D0"/>
+</g>
+<path d="M312.48 567.332C312.034 567.332 311.649 567.239 311.324 567.054C311 566.868 310.751 566.61 310.577 566.28C310.403 565.944 310.316 565.556 310.316 565.116C310.316 564.664 310.406 564.273 310.586 563.943C310.765 563.613 311.017 563.355 311.341 563.169C311.672 562.984 312.057 562.891 312.497 562.891C312.943 562.891 313.326 562.984 313.644 563.169C313.969 563.355 314.221 563.613 314.4 563.943C314.58 564.273 314.669 564.661 314.669 565.107C314.669 565.547 314.577 565.936 314.391 566.272C314.212 566.607 313.96 566.868 313.635 567.054C313.311 567.233 312.926 567.326 312.48 567.332ZM312.488 566.489C312.732 566.489 312.94 566.428 313.114 566.306C313.288 566.185 313.421 566.02 313.514 565.811C313.612 565.602 313.662 565.368 313.662 565.107C313.662 564.841 313.615 564.603 313.522 564.395C313.43 564.186 313.297 564.024 313.123 563.908C312.949 563.786 312.74 563.726 312.497 563.726C312.265 563.726 312.06 563.786 311.88 563.908C311.701 564.03 311.562 564.195 311.463 564.403C311.37 564.612 311.321 564.846 311.315 565.107C311.315 565.374 311.362 565.611 311.454 565.82C311.547 566.028 311.683 566.193 311.863 566.315C312.042 566.431 312.251 566.489 312.488 566.489Z" fill="#C9C5D0"/>
+<path d="M319.159 563.05C319.159 563.025 319.139 563.004 319.114 563.004H318.222C318.197 563.004 318.177 563.025 318.177 563.05V567.497C318.177 567.792 318.067 567.976 317.847 568.138C317.632 568.3 317.391 568.353 317.05 568.359C316.812 568.353 316.589 568.332 316.392 568.268C316.208 568.214 316.005 568.134 315.795 568.029C315.772 568.017 315.744 568.027 315.733 568.05L315.412 568.733C315.403 568.753 315.409 568.776 315.427 568.788C315.525 568.855 315.639 568.914 315.77 568.967C315.915 569.025 316.063 569.071 316.213 569.106C316.37 569.146 316.531 569.18 316.67 569.197C316.815 569.215 316.952 569.217 317.039 569.217C317.479 569.217 317.855 569.148 318.168 569.009C318.487 568.87 318.73 568.673 318.898 568.418C319.072 568.163 319.159 567.859 319.159 567.505V563.05ZM318.449 565.928C318.436 565.896 318.394 565.89 318.372 565.916C318.201 566.112 318.028 566.251 317.864 566.341C317.69 566.44 317.491 566.489 317.265 566.489C317.033 566.489 316.83 566.431 316.656 566.315C316.488 566.193 316.361 566.028 316.274 565.82C316.187 565.611 316.144 565.371 316.144 565.098C316.144 564.838 316.187 564.606 316.274 564.403C316.361 564.195 316.488 564.03 316.656 563.908C316.83 563.786 317.036 563.726 317.273 563.726C317.493 563.726 317.667 563.772 317.847 563.865C318.014 563.948 318.193 564.14 318.346 564.34C318.368 564.368 318.412 564.362 318.425 564.33L318.672 563.748C318.678 563.734 318.676 563.718 318.668 563.705C318.356 563.259 317.83 562.891 317.231 562.891C316.796 562.891 316.454 562.984 316.135 563.169C315.816 563.355 315.57 563.613 315.396 563.943C315.228 564.273 315.144 564.658 315.144 565.098C315.144 565.55 315.228 565.944 315.396 566.28C315.564 566.61 315.805 566.868 316.118 567.054C316.436 567.239 316.813 567.332 317.247 567.332C317.409 567.332 317.577 567.3 317.751 567.236C317.931 567.178 318.105 567.091 318.273 566.975C318.433 566.864 318.575 566.732 318.699 566.579C318.709 566.566 318.712 566.549 318.705 566.534L318.449 565.928Z" fill="#C9C5D0"/>
+<path d="M322.432 563.084C322.432 563.059 322.412 563.039 322.387 563.039H321.418C321.393 563.039 321.372 563.019 321.372 562.994V561.809C321.372 561.784 321.352 561.763 321.327 561.763H320.444C320.419 561.763 320.399 561.784 320.399 561.809V562.994C320.399 563.019 320.379 563.039 320.354 563.039H319.763C319.738 563.039 319.718 563.06 319.718 563.085L319.726 563.82C319.726 563.845 319.746 563.865 319.771 563.865H320.354C320.379 563.865 320.399 563.885 320.399 563.91V565.959C320.399 566.266 320.46 566.526 320.582 566.741C320.709 566.949 320.883 567.109 321.103 567.219C321.323 567.329 321.59 567.384 321.902 567.384C321.989 567.384 322.082 567.372 322.18 567.349C322.285 567.326 322.385 567.301 322.472 567.267C322.55 567.238 322.701 567.162 322.778 567.117C322.799 567.105 322.805 567.079 322.793 567.059L322.435 566.426C322.423 566.406 322.399 566.398 322.378 566.406C322.32 566.428 322.26 566.447 322.198 566.461C322.122 566.478 322.047 566.487 321.972 566.487C321.769 566.487 321.618 566.466 321.52 566.332C321.422 566.193 321.372 566.017 321.372 565.802V563.91C321.372 563.885 321.393 563.865 321.418 563.865H322.387C322.412 563.865 322.432 563.844 322.432 563.819V563.084Z" fill="#C9C5D0"/>
+<path d="M325.069 567.332C324.623 567.332 324.238 567.239 323.914 567.054C323.589 566.868 323.34 566.61 323.166 566.28C322.992 565.944 322.906 565.556 322.906 565.116C322.906 564.664 322.995 564.273 323.175 563.943C323.355 563.613 323.607 563.355 323.931 563.169C324.261 562.984 324.646 562.891 325.087 562.891C325.533 562.891 325.915 562.984 326.234 563.169C326.558 563.355 326.81 563.613 326.99 563.943C327.169 564.273 327.259 564.661 327.259 565.107C327.259 565.547 327.166 565.936 326.981 566.272C326.801 566.607 326.549 566.868 326.225 567.054C325.9 567.233 325.515 567.326 325.069 567.332ZM325.078 566.489C325.321 566.489 325.53 566.428 325.704 566.306C325.877 566.185 326.011 566.02 326.103 565.811C326.202 565.602 326.251 565.368 326.251 565.107C326.251 564.841 326.205 564.603 326.112 564.395C326.019 564.186 325.886 564.024 325.712 563.908C325.538 563.786 325.33 563.726 325.087 563.726C324.855 563.726 324.649 563.786 324.47 563.908C324.29 564.03 324.151 564.195 324.053 564.403C323.96 564.612 323.911 564.846 323.905 565.107C323.905 565.374 323.951 565.611 324.044 565.82C324.137 566.028 324.273 566.193 324.452 566.315C324.632 566.431 324.84 566.489 325.078 566.489Z" fill="#C9C5D0"/>
+<path d="M309.944 566.454C309.944 566.429 309.923 566.409 309.898 566.409H307.565C307.54 566.409 307.52 566.388 307.52 566.363V561.582C307.52 561.557 307.5 561.537 307.475 561.537H306.601C306.576 561.537 306.556 561.557 306.556 561.582V567.286C306.556 567.311 306.576 567.332 306.601 567.332H309.898C309.923 567.332 309.944 567.311 309.944 567.286V566.454Z" fill="#C9C5D0"/>
+</g>
+</g>
+<g filter="url(#filter1_b_587_32496)">
+<rect width="578" height="649" fill="url(#paint0_linear_587_32496)"/>
+</g>
+</g>
+<defs>
+<filter id="filter0_d_587_32496" x="155" y="48" width="267.693" height="561" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="4"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0.258824 0 0 0 0 0.160784 0 0 0 0 0.623529 0 0 0 0.08 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_587_32496"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_587_32496" result="shape"/>
+</filter>
+<filter id="filter1_b_587_32496" x="-50" y="-50" width="678" height="749" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feGaussianBlur in="BackgroundImageFix" stdDeviation="25"/>
+<feComposite in2="SourceAlpha" operator="in" result="effect1_backgroundBlur_587_32496"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_backgroundBlur_587_32496" result="shape"/>
+</filter>
+<linearGradient id="paint0_linear_587_32496" x1="289" y1="111" x2="289" y2="649" gradientUnits="userSpaceOnUse">
+<stop stop-opacity="0.6"/>
+<stop offset="1" stop-opacity="0.1"/>
+</linearGradient>
+<clipPath id="clip0_587_32496">
+<rect width="578" height="649" fill="white"/>
+</clipPath>
+<clipPath id="clip1_587_32496">
+<rect x="163" y="52" width="251.693" height="545" rx="12" fill="white"/>
+</clipPath>
+<clipPath id="clip2_587_32496">
+<rect width="6.20468" height="7.75585" fill="white" transform="translate(297.979 560.546)"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.module.scss b/packages/console/src/components/CustomUiAssetsUploader/index.module.scss
new file mode 100644
index 000000000000..34b5b4ae7b7b
--- /dev/null
+++ b/packages/console/src/components/CustomUiAssetsUploader/index.module.scss
@@ -0,0 +1,62 @@
+@use '@/scss/underscore' as _;
+
+.placeholder {
+  display: flex;
+  align-items: center;
+  padding: _.unit(5) _.unit(5) _.unit(5) _.unit(4);
+  border: 1px solid var(--color-border);
+  border-radius: 12px;
+  gap: _.unit(4);
+  position: relative;
+  overflow: hidden;
+
+  .main {
+    display: flex;
+    flex-direction: column;
+    gap: _.unit(0.5);
+    flex: 1;
+
+    .name {
+      font: var(--font-label-2);
+      color: var(--color-text-primary);
+    }
+
+    .secondaryInfo {
+      display: flex;
+      align-items: center;
+      gap: _.unit(3);
+    }
+
+    .info {
+      font: var(--font-body-3);
+      color: var(--color-text-secondary);
+    }
+
+    .error {
+      font: var(--font-body-3);
+      color: var(--color-error);
+    }
+  }
+
+  .icon {
+    width: 40px;
+    height: 40px;
+  }
+
+  // display a fake progress bar on the bottom with animations
+  .progressBar {
+    position: absolute;
+    bottom: 0;
+    left: 0;
+    width: 100%;
+    height: 4px;
+    background-color: var(--color-primary);
+    transform: scaleX(0);
+    transform-origin: left;
+    transition: transform 0.3s;
+  }
+
+  &.hasError {
+    border-color: var(--color-error);
+  }
+}
diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.tsx b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
new file mode 100644
index 000000000000..79b240d817a8
--- /dev/null
+++ b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
@@ -0,0 +1,89 @@
+import { type CustomUiAssets, maxUploadFileSize, type AllowedUploadMimeType } from '@logto/schemas';
+import { format } from 'date-fns/fp';
+import { useCallback, useState } from 'react';
+import { useTranslation } from 'react-i18next';
+
+import DeleteIcon from '@/assets/icons/delete.svg';
+import IconButton from '@/ds-components/IconButton';
+import FileUploader from '@/ds-components/Uploader/FileUploader';
+import { formatBytes } from '@/utils/uploader';
+
+import FileIcon from '../FileIcon';
+
+import * as styles from './index.module.scss';
+
+type Props = {
+  readonly value?: CustomUiAssets;
+  readonly onChange: (value: CustomUiAssets) => void;
+};
+
+const allowedMimeTypes: AllowedUploadMimeType[] = ['application/zip'];
+
+function CustomUiAssetsUploader({ value, onChange }: Props) {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+  const [file, setFile] = useState<File>();
+  const [error, setError] = useState<string>();
+  const showUploader = !value?.id && !file && !error;
+
+  const onComplete = useCallback(
+    (id: string) => {
+      setFile(undefined);
+      onChange({ id, createdAt: Date.now() });
+    },
+    [onChange]
+  );
+
+  const onErrorChange = useCallback(
+    (errorMessage?: string, files?: File[]) => {
+      if (errorMessage) {
+        setError(errorMessage);
+      }
+      if (files?.length) {
+        setFile(files[0]);
+      }
+    },
+    [setError, setFile]
+  );
+
+  if (showUploader) {
+    return (
+      <FileUploader<{ customUiAssetId: string }>
+        allowedMimeTypes={allowedMimeTypes}
+        maxSize={maxUploadFileSize}
+        uploadUrl="api/sign-in-exp/default/custom-ui-assets"
+        onCompleted={({ customUiAssetId }) => {
+          onComplete(customUiAssetId);
+        }}
+        onUploadErrorChange={onErrorChange}
+      />
+    );
+  }
+
+  return (
+    <div className={styles.placeholder}>
+      <FileIcon />
+      <div className={styles.main}>
+        <div className={styles.name}>{file?.name ?? t('sign_in_exp.custom_ui.title')}</div>
+        <div className={styles.secondaryInfo}>
+          {!!value?.createdAt && (
+            <span className={styles.info}>{format('yyyy/MM/dd HH:mm')(value.createdAt)}</span>
+          )}
+          {file && <span className={styles.info}>{formatBytes(file.size)}</span>}
+          {error && <span className={styles.error}>{error}</span>}
+        </div>
+      </div>
+      <IconButton
+        onClick={() => {
+          setFile(undefined);
+          setError(undefined);
+          onChange({ id: '', createdAt: 0 });
+        }}
+      >
+        <DeleteIcon />
+      </IconButton>
+      {file && <div className={styles.progressBar} />}
+    </div>
+  );
+}
+
+export default CustomUiAssetsUploader;
diff --git a/packages/console/src/components/FileIcon/index.tsx b/packages/console/src/components/FileIcon/index.tsx
new file mode 100644
index 000000000000..bab200d1d0fd
--- /dev/null
+++ b/packages/console/src/components/FileIcon/index.tsx
@@ -0,0 +1,20 @@
+import { Theme } from '@logto/schemas';
+import { type ReactNode } from 'react';
+
+import FileIconDark from '@/assets/icons/file-icon-dark.svg';
+import FileIconLight from '@/assets/icons/file-icon.svg';
+import useTheme from '@/hooks/use-theme';
+
+const themeToRoleIcon = Object.freeze({
+  [Theme.Light]: <FileIconLight />,
+  [Theme.Dark]: <FileIconDark />,
+} satisfies Record<Theme, ReactNode>);
+
+/** Render a role icon according to the current theme. */
+const FileIcon = () => {
+  const theme = useTheme();
+
+  return themeToRoleIcon[theme];
+};
+
+export default FileIcon;
diff --git a/packages/console/src/components/ImageInputs/index.tsx b/packages/console/src/components/ImageInputs/index.tsx
index a9f8d6f5e908..dcabc41d39a6 100644
--- a/packages/console/src/components/ImageInputs/index.tsx
+++ b/packages/console/src/components/ImageInputs/index.tsx
@@ -137,7 +137,9 @@ function ImageInputs<FormContext extends FieldValues>({
                 actionDescription={t(`sign_in_exp.branding.with_${field.theme}`, {
                   value: t(`sign_in_exp.branding_uploads.${field.type}.title`),
                 })}
-                onCompleted={onChange}
+                onCompleted={({ url }) => {
+                  onChange(url);
+                }}
                 // Noop fallback should not be necessary, but for TypeScript to be happy
                 onUploadErrorChange={uploadErrorChangeHandlers[field.name] ?? noop}
                 onDelete={() => {
diff --git a/packages/console/src/components/SignInExperiencePreview/index.module.scss b/packages/console/src/components/SignInExperiencePreview/index.module.scss
index 7f9457496653..4948109aad7c 100644
--- a/packages/console/src/components/SignInExperiencePreview/index.module.scss
+++ b/packages/console/src/components/SignInExperiencePreview/index.module.scss
@@ -85,4 +85,28 @@
       }
     }
   }
+
+  &.disabled {
+    background: url('raw:../../assets/images/blur-preview.svg') 0 0 / 100% auto no-repeat;
+  }
+
+  .placeholder {
+    width: 100%;
+    height: calc(_screenSize.$web-height + _.unit(20));
+    padding: _.unit(10);
+    backdrop-filter: blur(25px);
+    display: flex;
+    flex-direction: column;
+    color: var(--color-static-white);
+
+    .title {
+      font: var(--font-label-2);
+    }
+
+    .description {
+      margin-top: _.unit(1.5);
+      font: var(--font-body-2);
+      white-space: pre-wrap;
+    }
+  }
 }
diff --git a/packages/console/src/components/SignInExperiencePreview/index.tsx b/packages/console/src/components/SignInExperiencePreview/index.tsx
index ca0a61ac8a11..ef6ff41b2891 100644
--- a/packages/console/src/components/SignInExperiencePreview/index.tsx
+++ b/packages/console/src/components/SignInExperiencePreview/index.tsx
@@ -4,7 +4,15 @@ import type { ConnectorMetadata, SignInExperience, ConnectorResponse } from '@lo
 import { conditional } from '@silverhand/essentials';
 import classNames from 'classnames';
 import { format } from 'date-fns';
-import { useContext, useRef, useMemo, useCallback, useEffect, useState } from 'react';
+import {
+  useContext,
+  useRef,
+  useMemo,
+  useCallback,
+  useEffect,
+  useState,
+  type ReactNode,
+} from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
@@ -28,6 +36,16 @@ type Props = {
    * the `AppDataContext` will be used.
    */
   readonly endpoint?: URL;
+  /**
+   * Whether the preview is disabled. If `true`, the preview will be disabled and a placeholder will
+   * be shown instead. Defaults to `false`.
+   */
+  // eslint-disable-next-line react/boolean-prop-naming
+  readonly disabled?: boolean;
+  /**
+   * The placeholder to show when the preview is disabled.
+   */
+  readonly disabledPlaceholder?: ReactNode;
 };
 
 function SignInExperiencePreview({
@@ -36,6 +54,8 @@ function SignInExperiencePreview({
   language = 'en',
   signInExperience,
   endpoint: endpointInput,
+  disabled = false,
+  disabledPlaceholder,
 }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
@@ -97,6 +117,10 @@ function SignInExperiencePreview({
   }, []);
 
   useEffect(() => {
+    if (disabled) {
+      setIframeLoaded(false);
+      return;
+    }
     const iframe = previewRef.current;
 
     iframe?.addEventListener('load', iframeOnLoadEventHandler);
@@ -104,7 +128,7 @@ function SignInExperiencePreview({
     return () => {
       iframe?.removeEventListener('load', iframeOnLoadEventHandler);
     };
-  }, [iframeLoaded, iframeOnLoadEventHandler]);
+  }, [iframeLoaded, disabled, iframeOnLoadEventHandler]);
 
   useEffect(() => {
     if (!iframeLoaded) {
@@ -122,7 +146,8 @@ function SignInExperiencePreview({
     <div
       className={classNames(
         styles.preview,
-        platform === PreviewPlatform.DesktopWeb ? styles.web : styles.mobile
+        platform === PreviewPlatform.DesktopWeb ? styles.web : styles.mobile,
+        disabled && styles.disabled
       )}
       style={conditional(
         platform === PreviewPlatform.DesktopWeb && {
@@ -131,24 +156,33 @@ function SignInExperiencePreview({
         }
       )}
     >
-      <div className={styles.deviceWrapper}>
-        <div className={classNames(styles.device, styles[String(mode)])}>
-          {platform !== PreviewPlatform.DesktopWeb && (
-            <div className={styles.topBar}>
-              <div className={styles.time}>{format(Date.now(), 'HH:mm')}</div>
-              <PhoneInfo />
-            </div>
-          )}
-          <iframe
-            ref={previewRef}
-            // Allow all sandbox rules
-            sandbox={undefined}
-            src={new URL('/sign-in?preview=true', endpoint).toString()}
-            tabIndex={-1}
-            title={t('sign_in_exp.preview.title')}
-          />
+      {disabled ? (
+        <div className={styles.placeholder}>
+          <div className={styles.title}>{t('sign_in_exp.custom_ui.bring_your_ui_title')}</div>
+          <div className={styles.description}>
+            {t('sign_in_exp.custom_ui.preview_with_bring_your_ui_description')}
+          </div>
         </div>
-      </div>
+      ) : (
+        <div className={styles.deviceWrapper}>
+          <div className={classNames(styles.device, styles[String(mode)])}>
+            {platform !== PreviewPlatform.DesktopWeb && (
+              <div className={styles.topBar}>
+                <div className={styles.time}>{format(Date.now(), 'HH:mm')}</div>
+                <PhoneInfo />
+              </div>
+            )}
+            <iframe
+              ref={previewRef}
+              // Allow all sandbox rules
+              sandbox={undefined}
+              src={new URL('/sign-in?preview=true', endpoint).toString()}
+              tabIndex={-1}
+              title={t('sign_in_exp.preview.title')}
+            />
+          </div>
+        </div>
+      )}
     </div>
   );
 }
diff --git a/packages/console/src/consts/user-assets.ts b/packages/console/src/consts/user-assets.ts
deleted file mode 100644
index 2ecbdb524bf6..000000000000
--- a/packages/console/src/consts/user-assets.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-import type { AllowedUploadMimeType } from '@logto/schemas';
-
-type MimeTypeToFileExtensionMappings = {
-  [key in AllowedUploadMimeType]: readonly string[];
-};
-
-export const mimeTypeToFileExtensionMappings: MimeTypeToFileExtensionMappings = Object.freeze({
-  'image/jpeg': ['jpeg', 'jpg'],
-  'image/png': ['png'],
-  'image/gif': ['gif'],
-  'image/vnd.microsoft.icon': ['ico'],
-  'image/x-icon': ['ico'],
-  'image/svg+xml': ['svg'],
-  'image/tiff': ['tif', 'tiff'],
-  'image/webp': ['webp'],
-  'image/bmp': ['bmp'],
-} as const);
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
index edafb2d325dc..35d4383de6de 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
@@ -14,12 +14,12 @@ import { Ring } from '../../Spinner';
 
 import * as styles from './index.module.scss';
 
-export type Props = {
+export type Props<T extends Record<string, unknown> = UserAssets> = {
   readonly maxSize: number; // In bytes
   readonly allowedMimeTypes: AllowedUploadMimeType[];
   readonly actionDescription?: string;
-  readonly onCompleted: (fileUrl: string) => void;
-  readonly onUploadErrorChange: (errorMessage?: string) => void;
+  readonly onCompleted: (response: T) => void;
+  readonly onUploadErrorChange: (errorMessage?: string, files?: File[]) => void;
   readonly className?: string;
   /**
    * Specify which API instance to use for the upload request. For example, you can use admin tenant API instead.
@@ -32,7 +32,7 @@ export type Props = {
   readonly uploadUrl?: string;
 };
 
-function FileUploader({
+function FileUploader<T extends Record<string, unknown> = UserAssets>({
   maxSize,
   allowedMimeTypes,
   actionDescription,
@@ -41,7 +41,7 @@ function FileUploader({
   className,
   apiInstance,
   uploadUrl = 'api/user-assets',
-}: Props) {
+}: Props<T>) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const [isUploading, setIsUploading] = useState(false);
   const [uploadError, setUploadError] = useState<string>();
@@ -60,7 +60,8 @@ function FileUploader({
     async (acceptedFiles: File[] = [], fileRejection: FileRejection[] = []) => {
       setUploadError(undefined);
 
-      if (fileRejection.length > 1) {
+      // Do not support uploading multiple files
+      if (acceptedFiles.length + fileRejection.length > 1) {
         setUploadError(t('components.uploader.error_file_count'));
 
         return;
@@ -104,9 +105,9 @@ function FileUploader({
       try {
         setIsUploading(true);
         const uploadApi = apiInstance ?? api;
-        const { url } = await uploadApi.post(uploadUrl, { body: formData }).json<UserAssets>();
+        const response = await uploadApi.post(uploadUrl, { body: formData }).json<T>();
 
-        onCompleted(url);
+        onCompleted(response);
       } catch {
         setUploadError(t('components.uploader.error_upload'));
       } finally {
diff --git a/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx b/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
index faaccc9ce629..2b519a7f458a 100644
--- a/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
+++ b/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
@@ -23,7 +23,9 @@ function ImageUploaderField({ onChange, allowedMimeTypes: mimeTypes, ...rest }:
     <div>
       <ImageUploader
         allowedMimeTypes={allowedMimeTypes}
-        onCompleted={onChange}
+        onCompleted={({ url }) => {
+          onChange(url);
+        }}
         onUploadErrorChange={setUploadError}
         onDelete={() => {
           onChange('');
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
index e9bfc1c6adea..6bdb2ffada5b 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
@@ -44,7 +44,9 @@ function LogosUploader({ isDarkModeEnabled }: Props) {
                     : 'enterprise_sso_details.branding_logo_context'
                 )}
                 allowedMimeTypes={allowedMimeTypes}
-                onCompleted={onChange}
+                onCompleted={({ url }) => {
+                  onChange(url);
+                }}
                 onUploadErrorChange={setUploadLogoError}
                 onDelete={() => {
                   onChange('');
@@ -65,7 +67,9 @@ function LogosUploader({ isDarkModeEnabled }: Props) {
                   value={value ?? ''}
                   actionDescription={t('enterprise_sso_details.branding_dark_logo_context')}
                   allowedMimeTypes={allowedMimeTypes}
-                  onCompleted={onChange}
+                  onCompleted={({ url }) => {
+                    onChange(url);
+                  }}
                   onUploadErrorChange={setUploadDarkLogoError}
                   onDelete={() => {
                     onChange('');
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomCssForm/index.module.scss b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.module.scss
similarity index 100%
rename from packages/console/src/pages/SignInExperience/PageContent/Branding/CustomCssForm/index.module.scss
rename to packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.module.scss
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomCssForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
similarity index 51%
rename from packages/console/src/pages/SignInExperience/PageContent/Branding/CustomCssForm/index.tsx
rename to packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
index a25929b1798e..a5b82f6d0140 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomCssForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
@@ -1,6 +1,8 @@
-import { useFormContext, Controller } from 'react-hook-form';
+import { Controller, useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
 
+import CustomUiAssetsUploader from '@/components/CustomUiAssetsUploader';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import Card from '@/ds-components/Card';
 import CodeEditor from '@/ds-components/CodeEditor';
 import FormField from '@/ds-components/FormField';
@@ -12,19 +14,19 @@ import FormSectionTitle from '../../components/FormSectionTitle';
 
 import * as brandingStyles from './index.module.scss';
 
-function CustomCssForm() {
+function CustomUiForm() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { getDocumentationUrl } = useDocumentationUrl();
   const { control } = useFormContext<SignInExperienceForm>();
 
   return (
     <Card>
-      <FormSectionTitle title="custom_css.title" />
+      <FormSectionTitle title="custom_ui.title" />
       <FormField
-        title="sign_in_exp.custom_css.css_code_editor_title"
+        title="sign_in_exp.custom_ui.css_code_editor_title"
         tip={(closeTipHandler) => (
           <>
-            <div>{t('sign_in_exp.custom_css.css_code_editor_description1')}</div>
+            <div>{t('sign_in_exp.custom_ui.css_code_editor_description1')}</div>
             <div>
               <Trans
                 components={{
@@ -37,8 +39,8 @@ function CustomCssForm() {
                   ),
                 }}
               >
-                {t('sign_in_exp.custom_css.css_code_editor_description2', {
-                  link: t('sign_in_exp.custom_css.css_code_editor_description_link_content'),
+                {t('sign_in_exp.custom_ui.css_code_editor_description2', {
+                  link: t('sign_in_exp.custom_ui.css_code_editor_description_link_content'),
                 })}
               </Trans>
             </div>
@@ -53,14 +55,42 @@ function CustomCssForm() {
               className={brandingStyles.customCssCodeEditor}
               language="scss"
               value={value ?? undefined}
-              placeholder={t('sign_in_exp.custom_css.css_code_editor_content_placeholder')}
+              placeholder={t('sign_in_exp.custom_ui.css_code_editor_content_placeholder')}
               onChange={onChange}
             />
           )}
         />
       </FormField>
+      {isDevFeaturesEnabled && (
+        <FormField
+          title="sign_in_exp.custom_ui.bring_your_ui_title"
+          description={
+            <Trans
+              components={{
+                a: (
+                  <TextLink
+                    targetBlank="noopener"
+                    href={getDocumentationUrl('/docs/recipes/customize-sie/custom-css')}
+                  />
+                ),
+              }}
+            >
+              {t('sign_in_exp.custom_ui.bring_your_ui_description')}
+            </Trans>
+          }
+          descriptionPosition="top"
+        >
+          <Controller
+            name="customUiAssets"
+            control={control}
+            render={({ field: { onChange, value } }) => (
+              <CustomUiAssetsUploader value={value} onChange={onChange} />
+            )}
+          />
+        </FormField>
+      )}
     </Card>
   );
 }
 
-export default CustomCssForm;
+export default CustomUiForm;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/index.tsx
index 4a11479dbfa8..c300df3ed532 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/index.tsx
@@ -3,7 +3,7 @@ import PageMeta from '@/components/PageMeta';
 import SignInExperienceTabWrapper from '../components/SignInExperienceTabWrapper';
 
 import BrandingForm from './BrandingForm';
-import CustomCssForm from './CustomCssForm';
+import CustomUiForm from './CustomUiForm';
 
 type Props = {
   readonly isActive: boolean;
@@ -14,7 +14,7 @@ function Branding({ isActive }: Props) {
     <SignInExperienceTabWrapper isActive={isActive}>
       {isActive && <PageMeta titleKey={['sign_in_exp.tabs.branding', 'sign_in_exp.page_title']} />}
       <BrandingForm />
-      <CustomCssForm />
+      <CustomUiForm />
     </SignInExperienceTabWrapper>
   );
 }
diff --git a/packages/console/src/pages/SignInExperience/PageContent/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/index.tsx
index c119c22543e0..32eebcad02f1 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/index.tsx
@@ -137,6 +137,7 @@ function PageContent({ data, onSignInExperienceUpdated }: Props) {
             <Preview
               isLivePreviewDisabled={isDirty}
               signInExperience={previewConfigs}
+              isPreviewIframeDisabled={Boolean(data.customUiAssets)}
               className={styles.preview}
             />
           )}
diff --git a/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts b/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts
index b7b1a255acb8..7ccdca808fd7 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts
+++ b/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts
@@ -49,13 +49,14 @@ export const signUpFormDataParser = {
 
 export const sieFormDataParser = {
   fromSignInExperience: (data: SignInExperience): SignInExperienceForm => {
-    const { signUp, signInMode, customCss, branding, passwordPolicy } = data;
+    const { signUp, signInMode, customCss, customUiAssets, branding, passwordPolicy } = data;
 
     return {
       ...data,
       signUp: signUpFormDataParser.fromSignUp(signUp),
       createAccountEnabled: signInMode !== SignInMode.SignIn,
       customCss: customCss ?? undefined,
+      customUiAssets: customUiAssets ?? undefined,
       branding: {
         ...emptyBranding,
         ...branding,
@@ -74,6 +75,7 @@ export const sieFormDataParser = {
       createAccountEnabled,
       signUp,
       customCss,
+      customUiAssets,
       /** Remove the custom words related properties since they are not used in the remote model. */
       passwordPolicy: { isCustomWordsEnabled, customWords, ...passwordPolicy },
     } = formData;
@@ -84,6 +86,7 @@ export const sieFormDataParser = {
       signUp: signUpFormDataParser.toSignUp(signUp),
       signInMode: createAccountEnabled ? SignInMode.SignInAndRegister : SignInMode.SignIn,
       customCss: customCss?.length ? customCss : null,
+      customUiAssets: customUiAssets?.id ? customUiAssets : null,
       passwordPolicy: {
         ...passwordPolicy,
         rejects: {
diff --git a/packages/console/src/pages/SignInExperience/components/Preview/index.tsx b/packages/console/src/pages/SignInExperience/components/Preview/index.tsx
index 43fc61892ee6..9dfecb51db48 100644
--- a/packages/console/src/pages/SignInExperience/components/Preview/index.tsx
+++ b/packages/console/src/pages/SignInExperience/components/Preview/index.tsx
@@ -18,6 +18,7 @@ import * as styles from './index.module.scss';
 type Props = {
   readonly isLivePreviewDisabled?: boolean;
   readonly isLivePreviewEntryInvisible?: boolean;
+  readonly isPreviewIframeDisabled?: boolean;
   readonly signInExperience?: SignInExperience;
   readonly className?: string;
 };
@@ -25,6 +26,7 @@ type Props = {
 function Preview({
   isLivePreviewDisabled = false,
   isLivePreviewEntryInvisible = false,
+  isPreviewIframeDisabled = false,
   signInExperience,
   className,
 }: Props) {
@@ -124,6 +126,7 @@ function Preview({
         mode={mode}
         language={language}
         signInExperience={signInExperience}
+        disabled={isPreviewIframeDisabled}
       />
     </div>
   );
diff --git a/packages/console/src/pages/SignInExperience/types.ts b/packages/console/src/pages/SignInExperience/types.ts
index 0a3a1a943fb1..65d4bf000110 100644
--- a/packages/console/src/pages/SignInExperience/types.ts
+++ b/packages/console/src/pages/SignInExperience/types.ts
@@ -1,5 +1,10 @@
 import { type PasswordPolicy } from '@logto/core-kit';
-import { type SignUp, type SignInExperience, type SignInIdentifier } from '@logto/schemas';
+import {
+  type SignUp,
+  type SignInExperience,
+  type SignInIdentifier,
+  type CustomUiAssets,
+} from '@logto/schemas';
 
 export enum SignInExperienceTab {
   Branding = 'branding',
@@ -22,9 +27,10 @@ export type SignUpForm = Omit<SignUp, 'identifiers'> & {
 
 export type SignInExperienceForm = Omit<
   SignInExperience,
-  'signUp' | 'customCss' | 'passwordPolicy'
+  'signUp' | 'customCss' | 'customUiAssets' | 'passwordPolicy'
 > & {
   customCss?: string; // Code editor components can not properly handle null value, manually transform null to undefined instead.
+  customUiAssets?: CustomUiAssets;
   signUp: SignUpForm;
   /** The parsed password policy object. All properties are required. */
   passwordPolicy: PasswordPolicy & {
diff --git a/packages/console/src/utils/uploader.ts b/packages/console/src/utils/uploader.ts
index c4cb161e4d69..e17d1640be53 100644
--- a/packages/console/src/utils/uploader.ts
+++ b/packages/console/src/utils/uploader.ts
@@ -1,11 +1,24 @@
-import type { AllowedUploadMimeType } from '@logto/schemas';
+import { mimeTypeToFileExtensionMappings, type AllowedUploadMimeType } from '@logto/schemas';
 import { deduplicate } from '@silverhand/essentials';
 
-import { mimeTypeToFileExtensionMappings } from '@/consts/user-assets';
-
 export const convertToFileExtensionArray = (mimeTypes: AllowedUploadMimeType[]) =>
   deduplicate(
     mimeTypes
       .flatMap((type) => mimeTypeToFileExtensionMappings[type])
       .map((extension) => extension.toUpperCase())
   );
+
+// https://stackoverflow.com/a/18650828/12514940
+export const formatBytes = (bytes: number, decimals = 2) => {
+  if (bytes === 0) {
+    return '0 Bytes';
+  }
+
+  const k = 1024;
+  const dm = decimals < 0 ? 0 : decimals;
+  const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
+
+  const i = Math.floor(Math.log(bytes) / Math.log(k));
+
+  return Number.parseFloat((bytes / k ** i).toFixed(dm)) + ' ' + sizes[i];
+};
diff --git a/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
index e2b468febecf..26c3925a16c5 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
@@ -70,14 +70,19 @@ const sign_in_exp = {
       error: 'Favicon: {{error}}',
     },
   },
-  custom_css: {
-    title: 'Custom CSS',
-    css_code_editor_title: 'Personalize your UI with custom CSS',
+  custom_ui: {
+    title: 'Custom UI',
+    css_code_editor_title: 'Custom CSS',
     css_code_editor_description1: 'See the example of custom CSS.',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: 'Learn more',
     css_code_editor_content_placeholder:
       'Enter your custom CSS to tailor the styles of anything to your exact specifications. Express your creativity and make your UI stand out.',
+    bring_your_ui_title: 'Bring your UI',
+    bring_your_ui_description:
+      'Upload a compressed package (.zip) and replace the Logto prebuilt UI with your own code. <a>Learn more</a>',
+    preview_with_bring_your_ui_description:
+      'Your custom UI assets have been successfully uploaded and are now being served. Consequently, the built-in preview window has been disabled.\nTo test your personalized sign-in UI, click the "Live Preview" button to open it in a new browser tab.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/schemas/src/types/user-assets.ts b/packages/schemas/src/types/user-assets.ts
index 99e92bc8fb46..931e29480f7d 100644
--- a/packages/schemas/src/types/user-assets.ts
+++ b/packages/schemas/src/types/user-assets.ts
@@ -13,6 +13,7 @@ export const allowUploadMimeTypes = [
   'image/tiff',
   'image/webp',
   'image/bmp',
+  'application/zip',
 ] as const;
 
 const allowUploadMimeTypeGuard = z.enum(allowUploadMimeTypes);
@@ -39,3 +40,20 @@ export const uploadFileGuard = z.object({
   originalFilename: z.string(),
   size: z.number(),
 });
+
+type MimeTypeToFileExtensionMappings = {
+  [key in AllowedUploadMimeType]: readonly string[];
+};
+
+export const mimeTypeToFileExtensionMappings: MimeTypeToFileExtensionMappings = Object.freeze({
+  'image/jpeg': ['jpeg', 'jpg'],
+  'image/png': ['png'],
+  'image/gif': ['gif'],
+  'image/vnd.microsoft.icon': ['ico'],
+  'image/x-icon': ['ico'],
+  'image/svg+xml': ['svg'],
+  'image/tiff': ['tif', 'tiff'],
+  'image/webp': ['webp'],
+  'image/bmp': ['bmp'],
+  'application/zip': ['zip'],
+} as const);

From 97b0be48d5f4543ef681bee714392bad2a00b400 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 19 Jul 2024 11:22:51 +0800
Subject: [PATCH 039/135] ci: always set conclusion for alteration tests
 (#6276)

---
 .../alteration-compatibility-integration-test.yml         | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/alteration-compatibility-integration-test.yml b/.github/workflows/alteration-compatibility-integration-test.yml
index 4e82e5485c75..27d1454786c5 100644
--- a/.github/workflows/alteration-compatibility-integration-test.yml
+++ b/.github/workflows/alteration-compatibility-integration-test.yml
@@ -91,3 +91,11 @@ jobs:
           GH_TOKEN: ${{ github.token }}
           GH_DEBUG: api
         run: gh workflow run rerun.yml -F run_id=${{ github.run_id }}
+
+  alteration-compatibility-conclusion:
+    needs: run-logto
+    runs-on: ubuntu-latest
+    if: always() && (needs.run-logto.result == 'success' || needs.run-logto.result == 'skipped')
+    steps:
+      - name: Conclusion
+        run: echo "Alteration compatibility integration test completed successfully"

From e9a70ba6d92859ea62583c89646815ad396f8867 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 19 Jul 2024 11:53:50 +0800
Subject: [PATCH 040/135] style(experience): add transition for notched border
 (#6265)

---
 .../InputFields/InputField/NotchedBorder/index.module.scss     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
index 371d9458c6c5..8334a63121f3 100644
--- a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
+++ b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
@@ -14,6 +14,9 @@
     border-radius: var(--radius);
     pointer-events: none;
     display: block;
+    transition-property: outline, border;
+    transition-timing-function: ease-in-out;
+    transition-duration: 0.2s;
 
     legend {
       display: inline-block;

From 216859a9067821cd6a2ee0a3e733b55c534cb76b Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 19 Jul 2024 11:54:37 +0800
Subject: [PATCH 041/135] refactor(experience): avoid disabled button for
 continue button (#6271)

---
 .../containers/TotpCodeVerification/index.tsx | 20 ++++++++++++++--
 .../src/containers/VerificationCode/index.tsx | 23 ++++++++++++++-----
 .../experience/src/hooks/use-error-handler.ts |  1 +
 .../src/locales/de/error/index.ts             |  2 +-
 .../src/locales/en/error/index.ts             |  2 +-
 .../src/locales/es/error/index.ts             |  2 +-
 .../src/locales/fr/error/index.ts             |  2 +-
 .../src/locales/it/error/index.ts             |  2 +-
 .../src/locales/ja/error/index.ts             |  2 +-
 .../src/locales/pl-pl/error/index.ts          |  2 +-
 .../src/locales/pt-br/error/index.ts          |  2 +-
 .../src/locales/ru/error/index.ts             |  2 +-
 .../src/locales/tr-tr/error/index.ts          |  2 +-
 .../src/locales/zh-cn/error/index.ts          |  2 +-
 .../src/locales/zh-hk/error/index.ts          |  2 +-
 .../src/locales/zh-tw/error/index.ts          |  2 +-
 16 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/packages/experience/src/containers/TotpCodeVerification/index.tsx b/packages/experience/src/containers/TotpCodeVerification/index.tsx
index 16d9897ae521..6fb473000437 100644
--- a/packages/experience/src/containers/TotpCodeVerification/index.tsx
+++ b/packages/experience/src/containers/TotpCodeVerification/index.tsx
@@ -1,4 +1,5 @@
 import { useCallback, useState } from 'react';
+import { useTranslation } from 'react-i18next';
 
 import Button from '@/components/Button';
 import VerificationCodeInput from '@/components/VerificationCode';
@@ -18,17 +19,28 @@ type Props = {
 };
 
 const TotpCodeVerification = ({ flow }: Props) => {
+  const { t } = useTranslation();
+
   const [codeInput, setCodeInput] = useState<string[]>([]);
+  const [inputErrorMessage, setInputErrorMessage] = useState<string>();
+
   const errorCallback = useCallback(() => {
     setCodeInput([]);
+    setInputErrorMessage(undefined);
   }, []);
 
-  const { errorMessage, onSubmit } = useTotpCodeVerification(flow, errorCallback);
+  const { errorMessage: submitErrorMessage, onSubmit } = useTotpCodeVerification(
+    flow,
+    errorCallback
+  );
 
   const [isSubmitting, setIsSubmitting] = useState(false);
 
+  const errorMessage = inputErrorMessage ?? submitErrorMessage;
+
   const handleSubmit = useCallback(
     async (code: string[]) => {
+      setInputErrorMessage(undefined);
       setIsSubmitting(true);
       await onSubmit(code.join(''));
       setIsSubmitting(false);
@@ -55,8 +67,12 @@ const TotpCodeVerification = ({ flow }: Props) => {
         type="primary"
         className={styles.continueButton}
         isLoading={isSubmitting}
-        isDisabled={!isCodeReady(codeInput)}
         onClick={() => {
+          if (!isCodeReady(codeInput)) {
+            setInputErrorMessage(t('error.invalid_passcode'));
+            return;
+          }
+
           void handleSubmit(codeInput);
         }}
       />
diff --git a/packages/experience/src/containers/VerificationCode/index.tsx b/packages/experience/src/containers/VerificationCode/index.tsx
index 35e6c63414d1..f24bfd9276c3 100644
--- a/packages/experience/src/containers/VerificationCode/index.tsx
+++ b/packages/experience/src/containers/VerificationCode/index.tsx
@@ -23,6 +23,8 @@ type Props = {
 
 const VerificationCode = ({ flow, identifier, className, hasPasswordButton, target }: Props) => {
   const [codeInput, setCodeInput] = useState<string[]>([]);
+  const [inputErrorMessage, setInputErrorMessage] = useState<string>();
+
   const { t } = useTranslation();
 
   const isCodeInputReady = useMemo(
@@ -34,13 +36,16 @@ const VerificationCode = ({ flow, identifier, className, hasPasswordButton, targ
 
   const errorCallback = useCallback(() => {
     setCodeInput([]);
+    setInputErrorMessage(undefined);
   }, []);
 
-  const { errorMessage, clearErrorMessage, onSubmit } = useVerificationCode(
-    identifier,
-    target,
-    errorCallback
-  );
+  const {
+    errorMessage: submitErrorMessage,
+    clearErrorMessage,
+    onSubmit,
+  } = useVerificationCode(identifier, target, errorCallback);
+
+  const errorMessage = inputErrorMessage ?? submitErrorMessage;
 
   const { seconds, isRunning, onResendVerificationCode } = useResendVerificationCode(
     flow,
@@ -52,6 +57,8 @@ const VerificationCode = ({ flow, identifier, className, hasPasswordButton, targ
 
   const handleSubmit = useCallback(
     async (code: string[]) => {
+      setInputErrorMessage(undefined);
+
       setIsSubmitting(true);
 
       await onSubmit(
@@ -110,10 +117,14 @@ const VerificationCode = ({ flow, identifier, className, hasPasswordButton, targ
       <Button
         title="action.continue"
         type="primary"
-        isDisabled={!isCodeInputReady}
         isLoading={isSubmitting}
         className={styles.continueButton}
         onClick={() => {
+          if (!isCodeInputReady) {
+            setInputErrorMessage(t('error.invalid_passcode'));
+            return;
+          }
+
           void handleSubmit(codeInput);
         }}
       />
diff --git a/packages/experience/src/hooks/use-error-handler.ts b/packages/experience/src/hooks/use-error-handler.ts
index 6a1ac05ee4cc..ed21aed4830f 100644
--- a/packages/experience/src/hooks/use-error-handler.ts
+++ b/packages/experience/src/hooks/use-error-handler.ts
@@ -24,6 +24,7 @@ const useErrorHandler = () => {
           const logtoError = await error.response.json<RequestErrorBody>();
 
           const { code, message } = logtoError;
+
           const handler = errorHandlers?.[code] ?? errorHandlers?.global;
 
           if (handler) {
diff --git a/packages/phrases-experience/src/locales/de/error/index.ts b/packages/phrases-experience/src/locales/de/error/index.ts
index 668ee5a513aa..ea76b75fdd29 100644
--- a/packages/phrases-experience/src/locales/de/error/index.ts
+++ b/packages/phrases-experience/src/locales/de/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: 'Die Email ist ungültig',
   invalid_phone: 'Die Telefonnummer ist ungültig',
   passwords_do_not_match: 'Passwörter stimmen nicht überein',
-  invalid_passcode: 'Der Bestätigungscode ist ungültig',
+  invalid_passcode: 'Der Bestätigungscode ist ungültig.',
   invalid_connector_auth: 'Die Autorisierung ist ungültig',
   invalid_connector_request: 'Connector Daten sind ungültig',
   unknown: 'Unbekannter Fehler. Versuche es später noch einmal.',
diff --git a/packages/phrases-experience/src/locales/en/error/index.ts b/packages/phrases-experience/src/locales/en/error/index.ts
index 250036147c50..ed62ec1d3385 100644
--- a/packages/phrases-experience/src/locales/en/error/index.ts
+++ b/packages/phrases-experience/src/locales/en/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: 'The email is invalid',
   invalid_phone: 'The phone number is invalid',
   passwords_do_not_match: 'Your passwords don’t match. Please try again.',
-  invalid_passcode: 'The verification code is invalid',
+  invalid_passcode: 'The verification code is invalid.',
   invalid_connector_auth: 'The authorization is invalid',
   invalid_connector_request: 'The connector data is invalid',
   unknown: 'Unknown error. Please try again later.',
diff --git a/packages/phrases-experience/src/locales/es/error/index.ts b/packages/phrases-experience/src/locales/es/error/index.ts
index 65934cb0a4cd..9261b31186c7 100644
--- a/packages/phrases-experience/src/locales/es/error/index.ts
+++ b/packages/phrases-experience/src/locales/es/error/index.ts
@@ -12,7 +12,7 @@ const error = {
   invalid_email: 'El correo electrónico no es válido',
   invalid_phone: 'El número de teléfono no es válido',
   passwords_do_not_match: 'Las contraseñas no coinciden. Por favor intente de nuevo',
-  invalid_passcode: 'El código de verificación no es válido',
+  invalid_passcode: 'El código de verificación no es válido.',
   invalid_connector_auth: 'La autorización no es válida',
   invalid_connector_request: 'Los datos del conector no son válidos',
   unknown: 'Error desconocido. Por favor intente de nuevo más tarde.',
diff --git a/packages/phrases-experience/src/locales/fr/error/index.ts b/packages/phrases-experience/src/locales/fr/error/index.ts
index 4ec5bc5e99af..6eeab4743bb3 100644
--- a/packages/phrases-experience/src/locales/fr/error/index.ts
+++ b/packages/phrases-experience/src/locales/fr/error/index.ts
@@ -13,7 +13,7 @@ const error = {
   invalid_email: "L'email n'est pas valide",
   invalid_phone: "Le numéro de téléphone n'est pas valide",
   passwords_do_not_match: 'Les mots de passe ne correspondent pas',
-  invalid_passcode: 'Le code est invalide',
+  invalid_passcode: 'Le code est invalide.',
   invalid_connector_auth: "L'autorisation n'est pas valide",
   invalid_connector_request: 'Les données du connecteur ne sont pas valides',
   unknown: 'Erreur inconnue. Veuillez réessayer plus tard.',
diff --git a/packages/phrases-experience/src/locales/it/error/index.ts b/packages/phrases-experience/src/locales/it/error/index.ts
index def0a0571eb2..426eb5ef4acd 100644
--- a/packages/phrases-experience/src/locales/it/error/index.ts
+++ b/packages/phrases-experience/src/locales/it/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: "L'email non è valida",
   invalid_phone: 'Il numero di telefono non è valido',
   passwords_do_not_match: 'Le password non corrispondono. Per favore prova di nuovo.',
-  invalid_passcode: 'Il codice di verifica non è valido',
+  invalid_passcode: 'Il codice di verifica non è valido.',
   invalid_connector_auth: "L'autorizzazione è invalida",
   invalid_connector_request: 'I dati del connettore non sono validi',
   unknown: 'Errore sconosciuto. Si prega di riprovare più tardi.',
diff --git a/packages/phrases-experience/src/locales/ja/error/index.ts b/packages/phrases-experience/src/locales/ja/error/index.ts
index 7a245670d29d..bade42bbfdb6 100644
--- a/packages/phrases-experience/src/locales/ja/error/index.ts
+++ b/packages/phrases-experience/src/locales/ja/error/index.ts
@@ -12,7 +12,7 @@ const error = {
   invalid_email: 'メールアドレスが無効です',
   invalid_phone: '電話番号が無効です',
   passwords_do_not_match: 'パスワードが一致しません。もう一度お試しください。',
-  invalid_passcode: '検証コードが無効です',
+  invalid_passcode: '検証コードが無効です。',
   invalid_connector_auth: '認証が無効です',
   invalid_connector_request: 'コネクターデータが無効です',
   unknown: '不明なエラーが発生しました。後でもう一度お試しください。',
diff --git a/packages/phrases-experience/src/locales/pl-pl/error/index.ts b/packages/phrases-experience/src/locales/pl-pl/error/index.ts
index 9247b2f6728f..b559a30cd0ff 100644
--- a/packages/phrases-experience/src/locales/pl-pl/error/index.ts
+++ b/packages/phrases-experience/src/locales/pl-pl/error/index.ts
@@ -12,7 +12,7 @@ const error = {
   invalid_email: 'Nieprawidłowy adres e-mail',
   invalid_phone: 'Nieprawidłowy numer telefonu',
   passwords_do_not_match: 'Hasła nie pasują do siebie. Proszę spróbuj ponownie.',
-  invalid_passcode: 'Nieprawidłowy kod weryfikacyjny',
+  invalid_passcode: 'Nieprawidłowy kod weryfikacyjny.',
   invalid_connector_auth: 'Nieprawidłowa autoryzacja',
   invalid_connector_request: 'Nieprawidłowe dane konektora',
   unknown: 'Nieznany błąd. Proszę spróbuj ponownie później.',
diff --git a/packages/phrases-experience/src/locales/pt-br/error/index.ts b/packages/phrases-experience/src/locales/pt-br/error/index.ts
index 5641568c393c..355e477e2eac 100644
--- a/packages/phrases-experience/src/locales/pt-br/error/index.ts
+++ b/packages/phrases-experience/src/locales/pt-br/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: 'O e-mail é inválido',
   invalid_phone: 'O número de telefone é inválido',
   passwords_do_not_match: 'Suas senhas não correspondem. Por favor, tente novamente.',
-  invalid_passcode: 'O código de verificação é inválido',
+  invalid_passcode: 'O código de verificação é inválido.',
   invalid_connector_auth: 'A autorização é inválida',
   invalid_connector_request: 'Os dados do conector são inválidos',
   unknown: 'Erro desconhecido. Por favor, tente novamente mais tarde.',
diff --git a/packages/phrases-experience/src/locales/ru/error/index.ts b/packages/phrases-experience/src/locales/ru/error/index.ts
index 0291cebd2d99..f0a4f06f918e 100644
--- a/packages/phrases-experience/src/locales/ru/error/index.ts
+++ b/packages/phrases-experience/src/locales/ru/error/index.ts
@@ -12,7 +12,7 @@ const error = {
   invalid_email: 'Электронная почта указана неправильно',
   invalid_phone: 'Номер телефона указан неправильно',
   passwords_do_not_match: 'Пароли не совпадают. Пожалуйста, попробуйте еще раз.',
-  invalid_passcode: 'Неправильный код подтверждения',
+  invalid_passcode: 'Неправильный код подтверждения.',
   invalid_connector_auth: 'Авторизация недействительна',
   invalid_connector_request: 'Данные коннектора недействительны.',
   unknown: 'Неизвестная ошибка. Пожалуйста, повторите попытку позднее.',
diff --git a/packages/phrases-experience/src/locales/tr-tr/error/index.ts b/packages/phrases-experience/src/locales/tr-tr/error/index.ts
index f56095d066a3..4e4bd7df4dea 100644
--- a/packages/phrases-experience/src/locales/tr-tr/error/index.ts
+++ b/packages/phrases-experience/src/locales/tr-tr/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: 'E-posta adresi geçersiz',
   invalid_phone: 'Telefon numarası geçersiz',
   passwords_do_not_match: 'Şifreler eşleşmiyor',
-  invalid_passcode: 'Doğrulama kodu geçersiz',
+  invalid_passcode: 'Doğrulama kodu geçersiz.',
   invalid_connector_auth: 'Yetki geçersiz',
   invalid_connector_request: 'Bağlayıcı veri geçersiz',
   unknown: 'Bilinmeyen hata. Lütfen daha sonra tekrar deneyiniz.',
diff --git a/packages/phrases-experience/src/locales/zh-cn/error/index.ts b/packages/phrases-experience/src/locales/zh-cn/error/index.ts
index 783db30b5c0a..77ef4e470894 100644
--- a/packages/phrases-experience/src/locales/zh-cn/error/index.ts
+++ b/packages/phrases-experience/src/locales/zh-cn/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: '无效的邮箱',
   invalid_phone: '无效的手机号',
   passwords_do_not_match: '两次输入的密码不一致，请重试。',
-  invalid_passcode: '无效的验证码',
+  invalid_passcode: '无效的验证码。',
   invalid_connector_auth: '登录失败',
   invalid_connector_request: '无效的登录请求',
   unknown: '未知错误，请稍后重试。',
diff --git a/packages/phrases-experience/src/locales/zh-hk/error/index.ts b/packages/phrases-experience/src/locales/zh-hk/error/index.ts
index d9a124678026..233aee02a42d 100644
--- a/packages/phrases-experience/src/locales/zh-hk/error/index.ts
+++ b/packages/phrases-experience/src/locales/zh-hk/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: '無效的電子郵件',
   invalid_phone: '無效的手機號碼',
   passwords_do_not_match: '兩次輸入的密碼不一致，請重試。',
-  invalid_passcode: '無效的驗證碼',
+  invalid_passcode: '無效的驗證碼。',
   invalid_connector_auth: '登錄失敗',
   invalid_connector_request: '無效的登錄請求',
   unknown: '未知錯誤，請稍後重試。',
diff --git a/packages/phrases-experience/src/locales/zh-tw/error/index.ts b/packages/phrases-experience/src/locales/zh-tw/error/index.ts
index 7d25299776f6..31d0c3cef714 100644
--- a/packages/phrases-experience/src/locales/zh-tw/error/index.ts
+++ b/packages/phrases-experience/src/locales/zh-tw/error/index.ts
@@ -11,7 +11,7 @@ const error = {
   invalid_email: '無效的郵箱',
   invalid_phone: '無效的手機號',
   passwords_do_not_match: '兩次輸入的密碼不一致，請重試。',
-  invalid_passcode: '無效的驗證碼',
+  invalid_passcode: '無效的驗證碼。',
   invalid_connector_auth: '登錄失敗',
   invalid_connector_request: '無效的登錄請求',
   unknown: '未知錯誤，請稍後重試。',

From 64b022bdea70aa75e032c2ac98e5607d6e4e0165 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Fri, 19 Jul 2024 13:17:40 +0800
Subject: [PATCH 042/135] feat(core): add api quota guard for bring your ui
 feature (#6273)

---
 packages/core/package.json                    |   2 +-
 packages/core/src/libraries/quota.ts          |   1 +
 .../custom-ui-assets/index.ts                 |   9 +-
 pnpm-lock.yaml                                | 150 ++++++------------
 4 files changed, 60 insertions(+), 102 deletions(-)

diff --git a/packages/core/package.json b/packages/core/package.json
index 70dc802a874d..5b8789554435 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -93,7 +93,7 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-3046fa6",
+    "@logto/cloud": "0.2.5-3b703da",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/adm-zip": "^0.5.5",
diff --git a/packages/core/src/libraries/quota.ts b/packages/core/src/libraries/quota.ts
index a1030cf853a0..13f69429cb59 100644
--- a/packages/core/src/libraries/quota.ts
+++ b/packages/core/src/libraries/quota.ts
@@ -74,6 +74,7 @@ export const createQuotaLibrary = (
     builtInEmailConnectorEnabled: notNumber, // No limit for now
     customJwtEnabled: notNumber, // No limit for now
     subjectTokenEnabled: notNumber, // No limit for now
+    bringYourUiEnabled: notNumber,
   };
 
   const getTenantUsage = async (key: keyof FeatureQuota, queryKey?: string): Promise<number> => {
diff --git a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
index 16b7eca331ed..e8b685463b01 100644
--- a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
+++ b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
@@ -8,6 +8,7 @@ import { object, z } from 'zod';
 import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
+import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 import SystemContext from '#src/tenants/SystemContext.js';
 import assertThat from '#src/utils/assert-that.js';
 import { getConsoleLogFromContext } from '#src/utils/console.js';
@@ -20,7 +21,12 @@ import { type ManagementApiRouter, type RouterInitArgs } from '../../types.js';
 const maxRetryCount = 5;
 
 export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
-  ...[router]: RouterInitArgs<T>
+  ...[
+    router,
+    {
+      libraries: { quota },
+    },
+  ]: RouterInitArgs<T>
 ) {
   // TODO: Remove
   if (!EnvSet.values.isDevFeaturesEnabled) {
@@ -29,6 +35,7 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/sign-in-exp/default/custom-ui-assets',
+    koaQuotaGuard({ key: 'bringYourUiEnabled', quota }),
     koaGuard({
       files: object({
         file: uploadFileGuard.array().min(1).max(1),
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 591ce09c7819..78b77105ff12 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3357,8 +3357,8 @@ importers:
         version: 3.23.8
     devDependencies:
       '@logto/cloud':
-        specifier: 0.2.5-3046fa6
-        version: 0.2.5-3046fa6(zod@3.23.8)
+        specifier: 0.2.5-3b703da
+        version: 0.2.5-3b703da(zod@3.23.8)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
@@ -3427,7 +3427,7 @@ importers:
         version: 8.57.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.10.4)
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -3682,7 +3682,7 @@ importers:
         version: 3.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.12.7)
       jest-environment-jsdom:
         specifier: ^29.7.0
         version: 29.7.0
@@ -3691,7 +3691,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)))(react@18.2.0)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0)
       js-base64:
         specifier: ^3.7.5
         version: 3.7.5
@@ -3830,7 +3830,7 @@ importers:
         version: 10.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.10.4)
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -5223,8 +5223,8 @@ packages:
   '@logto/client@2.7.2':
     resolution: {integrity: sha512-jsmuDl9QpXfR3uLEMPE67tvYoL5XcjJi+4yGqucYPjd4GH6SUHp3N9skk8C/OyygnKDPLY+ttwD0LaIbpGvn+Q==}
 
-  '@logto/cloud@0.2.5-3046fa6':
-    resolution: {integrity: sha512-Q/UrDDUOIq3fIogArVLdWkaKVcalLrDyLF2UDEjr1WZ5+9GqyV3MVmG3KljxnRujamKK0bnQF+QAFAJTQJJUMg==}
+  '@logto/cloud@0.2.5-3b703da':
+    resolution: {integrity: sha512-VCevQnxP5910s/cDYAxoJRim9iH1yN/La0HAlOP6FhVGtZofYwTTfT9AQXC+dZScgydpcFWo4k/6MYOFRtZCLg==}
     engines: {node: ^20.9.0}
 
   '@logto/cloud@0.2.5-a7eedce':
@@ -14594,41 +14594,6 @@ snapshots:
       - supports-color
       - ts-node
 
-  '@jest/core@29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))':
-    dependencies:
-      '@jest/console': 29.7.0
-      '@jest/reporters': 29.7.0
-      '@jest/test-result': 29.7.0
-      '@jest/transform': 29.7.0
-      '@jest/types': 29.6.3
-      '@types/node': 20.12.7
-      ansi-escapes: 4.3.2
-      chalk: 4.1.2
-      ci-info: 3.8.0
-      exit: 0.1.2
-      graceful-fs: 4.2.11
-      jest-changed-files: 29.7.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
-      jest-haste-map: 29.7.0
-      jest-message-util: 29.7.0
-      jest-regex-util: 29.6.3
-      jest-resolve: 29.7.0
-      jest-resolve-dependencies: 29.7.0
-      jest-runner: 29.7.0
-      jest-runtime: 29.7.0
-      jest-snapshot: 29.7.0
-      jest-util: 29.7.0
-      jest-validate: 29.7.0
-      jest-watcher: 29.7.0
-      micromatch: 4.0.5
-      pretty-format: 29.7.0
-      slash: 3.0.0
-      strip-ansi: 6.0.1
-    transitivePeerDependencies:
-      - babel-plugin-macros
-      - supports-color
-      - ts-node
-
   '@jest/create-cache-key-function@27.5.1':
     dependencies:
       '@jest/types': 27.5.1
@@ -14881,7 +14846,7 @@ snapshots:
       camelcase-keys: 7.0.2
       jose: 5.6.3
 
-  '@logto/cloud@0.2.5-3046fa6(zod@3.23.8)':
+  '@logto/cloud@0.2.5-3b703da(zod@3.23.8)':
     dependencies:
       '@silverhand/essentials': 2.9.1
       '@withtyped/server': 0.13.6(zod@3.23.8)
@@ -17967,13 +17932,13 @@ snapshots:
     dependencies:
       lodash.get: 4.4.2
 
-  create-jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  create-jest@29.7.0(@types/node@20.10.4):
     dependencies:
       '@jest/types': 29.6.3
       chalk: 4.1.2
       exit: 0.1.2
       graceful-fs: 4.2.11
-      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.10.4)
       jest-util: 29.7.0
       prompts: 2.4.2
     transitivePeerDependencies:
@@ -20298,16 +20263,16 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-cli@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.10.4):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      create-jest: 29.7.0(@types/node@20.10.4)
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.10.4)
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -20317,7 +20282,7 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.12.7):
     dependencies:
       '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/test-result': 29.7.0
@@ -20336,38 +20301,26 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-config@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
     dependencies:
-      '@babel/core': 7.24.4
-      '@jest/test-sequencer': 29.7.0
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
-      babel-jest: 29.7.0(@babel/core@7.24.4)
       chalk: 4.1.2
-      ci-info: 3.8.0
-      deepmerge: 4.3.1
-      glob: 7.2.3
-      graceful-fs: 4.2.11
-      jest-circus: 29.7.0
-      jest-environment-node: 29.7.0
-      jest-get-type: 29.6.3
-      jest-regex-util: 29.6.3
-      jest-resolve: 29.7.0
-      jest-runner: 29.7.0
+      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      exit: 0.1.2
+      import-local: 3.1.0
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
-      micromatch: 4.0.5
-      parse-json: 5.2.0
-      pretty-format: 29.7.0
-      slash: 3.0.0
-      strip-json-comments: 3.1.1
-    optionalDependencies:
-      '@types/node': 20.10.4
-      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.3.3)
+      yargs: 17.7.2
     transitivePeerDependencies:
+      - '@types/node'
       - babel-plugin-macros
       - supports-color
+      - ts-node
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.10.4):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20392,13 +20345,12 @@ snapshots:
       slash: 3.0.0
       strip-json-comments: 3.1.1
     optionalDependencies:
-      '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+      '@types/node': 20.10.4
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20424,7 +20376,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20685,6 +20637,11 @@ snapshots:
       jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       react: 18.2.0
 
+  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0):
+    dependencies:
+      jest: 29.7.0(@types/node@20.12.7)
+      react: 18.2.0
+
   jest-util@29.5.0:
     dependencies:
       '@jest/types': 29.6.3
@@ -20737,12 +20694,24 @@ snapshots:
       merge-stream: 2.0.0
       supports-color: 8.1.1
 
-  jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3)):
+  jest@29.7.0(@types/node@20.10.4):
+    dependencies:
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/types': 29.6.3
+      import-local: 3.1.0
+      jest-cli: 29.7.0(@types/node@20.10.4)
+    transitivePeerDependencies:
+      - '@types/node'
+      - babel-plugin-macros
+      - supports-color
+      - ts-node
+
+  jest@29.7.0(@types/node@20.12.7):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3))
+      jest-cli: 29.7.0(@types/node@20.12.7)
     transitivePeerDependencies:
       - '@types/node'
       - babel-plugin-macros
@@ -24236,25 +24205,6 @@ snapshots:
     optionalDependencies:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
 
-  ts-node@10.9.2(@types/node@20.10.4)(typescript@5.3.3):
-    dependencies:
-      '@cspotcode/source-map-support': 0.8.1
-      '@tsconfig/node10': 1.0.9
-      '@tsconfig/node12': 1.0.11
-      '@tsconfig/node14': 1.0.3
-      '@tsconfig/node16': 1.0.4
-      '@types/node': 20.10.4
-      acorn: 8.10.0
-      acorn-walk: 8.2.0
-      arg: 4.1.3
-      create-require: 1.1.1
-      diff: 4.0.2
-      make-error: 1.3.6
-      typescript: 5.3.3
-      v8-compile-cache-lib: 3.0.1
-      yn: 3.1.1
-    optional: true
-
   tsconfig-paths@3.15.0:
     dependencies:
       '@types/json5': 0.0.29

From 4ac4f8cdb4947b2aa09544cfa097973bca415e80 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Fri, 19 Jul 2024 14:07:20 +0800
Subject: [PATCH 043/135] fix(console): should not toast invitation sent
 message when creating tenant w/o invitee (#6270)

fix(console): should not toast invitation sent message when creating tenant without invitee
---
 .../onboarding/pages/CreateTenant/index.tsx   | 28 ++++++++++---------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/packages/console/src/onboarding/pages/CreateTenant/index.tsx b/packages/console/src/onboarding/pages/CreateTenant/index.tsx
index 3c9ad0592a27..a06a9731f401 100644
--- a/packages/console/src/onboarding/pages/CreateTenant/index.tsx
+++ b/packages/console/src/onboarding/pages/CreateTenant/index.tsx
@@ -78,19 +78,21 @@ function CreateTenant() {
         tenantId: newTenant.id,
       });
 
-      // Should not block the onboarding flow if the invitation fails.
-      try {
-        await Promise.all(
-          collaboratorEmails.map(async (email) =>
-            tenantCloudApi.post('/api/tenants/:tenantId/invitations', {
-              params: { tenantId: newTenant.id },
-              body: { invitee: email.value, roleName: TenantRole.Collaborator },
-            })
-          )
-        );
-        toast.success(t('tenant_members.messages.invitation_sent'));
-      } catch {
-        toast.error(t('tenants.create_modal.invitation_failed', { duration: 5 }));
+      if (collaboratorEmails.length > 0) {
+        // Should not block the onboarding flow if the invitation fails.
+        try {
+          await Promise.all(
+            collaboratorEmails.map(async (email) =>
+              tenantCloudApi.post('/api/tenants/:tenantId/invitations', {
+                params: { tenantId: newTenant.id },
+                body: { invitee: email.value, roleName: TenantRole.Collaborator },
+              })
+            )
+          );
+          toast.success(t('tenant_members.messages.invitation_sent'));
+        } catch {
+          toast.error(t('tenants.create_modal.invitation_failed', { duration: 5 }));
+        }
       }
       navigate(joinPath(OnboardingRoute.Onboarding, newTenant.id, OnboardingPage.SignInExperience));
     })

From 156f5f5af457f42aa983df0e277f7ba9b1b7bced Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 19 Jul 2024 16:44:22 +0800
Subject: [PATCH 044/135] feat(console): add impersonation price item (#6269)

---
 .../TenantSettings/Subscription/PlanComparisonTable/index.tsx   | 2 ++
 .../en/translation/admin-console/subscription/quota-table.ts    | 1 +
 2 files changed, 3 insertions(+)

diff --git a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
index ca95510b7457..ab670ef5e457 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
@@ -102,6 +102,7 @@ function PlanComparisonTable() {
     const mfaPrice = t('monthly_price', { value: 48 });
     const orgPrice = t('monthly_price', { value: 48 });
     const adaptiveMfa = t('user_authn.adaptive_mfa');
+    const impersonation = t('user_authn.impersonation');
 
     // User management
     const userManagement = t('user_management.user_management');
@@ -203,6 +204,7 @@ function PlanComparisonTable() {
             name: adaptiveMfa,
             data: ['-', comingSoon, contact],
           },
+          { name: impersonation, data: ['-', '✓', '✓'] },
         ],
       },
       {
diff --git a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
index 035bcf4d6b47..0813277d1905 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
@@ -37,6 +37,7 @@ const quota_table = {
     mfa: 'Multi-factor authentication',
     sso: 'Enterprise SSO',
     adaptive_mfa: 'Adaptive MFA',
+    impersonation: 'Impersonation',
   },
   user_management: {
     title: 'User management',

From 210128094071d1d42ebbb4c0fdbe948983a93683 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 19 Jul 2024 16:45:01 +0800
Subject: [PATCH 045/135] fix(experience): shrink input field when autofilled
 by the browser (#6280)

---
 .../InputFields/InputField/index.module.scss  | 24 +++++++++++++++++++
 .../InputFields/InputField/index.tsx          |  9 +++++--
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/packages/experience/src/components/InputFields/InputField/index.module.scss b/packages/experience/src/components/InputFields/InputField/index.module.scss
index 967acc82ebcf..a63504c1fc15 100644
--- a/packages/experience/src/components/InputFields/InputField/index.module.scss
+++ b/packages/experience/src/components/InputFields/InputField/index.module.scss
@@ -44,6 +44,15 @@
         transition: background-color 999999s ease-in-out 0s;
         background-color: transparent;
       }
+
+      &:-webkit-autofill {
+        /*
+         * Define a void transition css rule on the desired <input> element once it is :-webkit-autofilled.
+         * JavaScript will then be able to hook onto the 'animationstart' event.
+         * see https://stackoverflow.com/questions/11708092/detecting-browser-autofill/41530164#41530164
+         */
+        animation-name: onAutoFillStart;
+      }
     }
 
     .suffix {
@@ -115,3 +124,18 @@
     }
   }
 }
+
+
+/*
+* Define a void transition css rule on the desired <input> element once it is :-webkit-autofilled.
+* JavaScript will then be able to hook onto the 'animationstart' event.
+* see https://stackoverflow.com/questions/11708092/detecting-browser-autofill/41530164#41530164
+*/
+@keyframes onAutoFillStart {
+  /* stylelint-disable-next-line block-no-empty */
+  from {}
+
+  /* stylelint-disable-next-line block-no-empty */
+  to {}
+}
+
diff --git a/packages/experience/src/components/InputFields/InputField/index.tsx b/packages/experience/src/components/InputFields/InputField/index.tsx
index 78845f2b80aa..a12c1d786d3e 100644
--- a/packages/experience/src/components/InputFields/InputField/index.tsx
+++ b/packages/experience/src/components/InputFields/InputField/index.tsx
@@ -65,10 +65,15 @@ const InputField = (
 
   /**
    * Fix the issue that the input field doesn't have the active style when the autofill value is set.
-   * Modern browsers will trigger an animation event when the input field is autofilled.
+   * We have define a void transition css rule on the input element once it is `:-webkit-autofill`ed.
+   * Hook onto this 'animationstart' event to detect the autofill start.
+   * see https://stackoverflow.com/questions/11708092/detecting-browser-autofill/41530164#41530164
    */
   const handleAnimationStart = useCallback((event: AnimationEvent<HTMLInputElement>) => {
-    if (event.animationName === 'onautofillstart') {
+    /**
+     * Because SCSS adds some random characters to the ‘onAutoFillStart’ animation name during the build process, we can’t use the exact name here.
+     */
+    if (event.animationName.includes('onAutoFillStart')) {
       setHasValue(true);
     }
   }, []);

From 477d8a73695c1eb54af54d1019dea8b171e45e7d Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 19 Jul 2024 17:00:00 +0800
Subject: [PATCH 046/135] feat(console): add impersonation tag to audit log
 (#6267)

---
 .../AuditLogTable/components/EventName/index.module.scss  | 1 +
 .../AuditLogTable/components/EventName/index.tsx          | 2 ++
 packages/console/src/consts/logs.ts                       | 1 +
 .../console/src/pages/AuditLogDetails/index.module.scss   | 3 +++
 packages/console/src/pages/AuditLogDetails/index.tsx      | 8 +++++++-
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/packages/console/src/components/AuditLogTable/components/EventName/index.module.scss b/packages/console/src/components/AuditLogTable/components/EventName/index.module.scss
index 1873794d6773..86794a94c988 100644
--- a/packages/console/src/components/AuditLogTable/components/EventName/index.module.scss
+++ b/packages/console/src/components/AuditLogTable/components/EventName/index.module.scss
@@ -4,6 +4,7 @@
   display: flex;
   align-items: center;
   white-space: nowrap;
+  gap: _.unit(2);
 
   .icon {
     flex-shrink: 0;
diff --git a/packages/console/src/components/AuditLogTable/components/EventName/index.tsx b/packages/console/src/components/AuditLogTable/components/EventName/index.tsx
index 95058d386411..46898ff3b362 100644
--- a/packages/console/src/components/AuditLogTable/components/EventName/index.tsx
+++ b/packages/console/src/components/AuditLogTable/components/EventName/index.tsx
@@ -4,6 +4,7 @@ import { Link } from 'react-router-dom';
 import Failed from '@/assets/icons/failed.svg';
 import Success from '@/assets/icons/success.svg';
 import { logEventTitle } from '@/consts/logs';
+import Tag from '@/ds-components/Tag';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
 import * as styles from './index.module.scss';
@@ -35,6 +36,7 @@ function EventName({ eventKey, isSuccess, to }: Props) {
         </Link>
       )}
       {!to && <div className={styles.title}>{title}</div>}
+      {eventKey === 'ExchangeTokenBy.TokenExchange' && <Tag status="alert">Impersonation</Tag>}
     </div>
   );
 }
diff --git a/packages/console/src/consts/logs.ts b/packages/console/src/consts/logs.ts
index 7bcc1cf74f4c..907b9d73ac0a 100644
--- a/packages/console/src/consts/logs.ts
+++ b/packages/console/src/consts/logs.ts
@@ -7,6 +7,7 @@ export const auditLogEventTitle: Record<string, Optional<string>> & {
   'ExchangeTokenBy.AuthorizationCode': 'Exchange token by Code',
   'ExchangeTokenBy.ClientCredentials': 'Exchange token by Client Credentials',
   'ExchangeTokenBy.RefreshToken': 'Exchange token by Refresh Token',
+  'ExchangeTokenBy.TokenExchange': 'Token exchange',
   'Interaction.Create': 'Interaction started',
   'Interaction.End': 'Interaction ended',
   'Interaction.ForgotPassword.Identifier.VerificationCode.Create':
diff --git a/packages/console/src/pages/AuditLogDetails/index.module.scss b/packages/console/src/pages/AuditLogDetails/index.module.scss
index f8255b20297a..b4911fc7a164 100644
--- a/packages/console/src/pages/AuditLogDetails/index.module.scss
+++ b/packages/console/src/pages/AuditLogDetails/index.module.scss
@@ -14,6 +14,9 @@
     .eventName {
       color: var(--color-text);
       font: var(--font-title-1);
+      display: flex;
+      align-items: center;
+      gap: _.unit(2);
     }
 
     .basicInfo {
diff --git a/packages/console/src/pages/AuditLogDetails/index.tsx b/packages/console/src/pages/AuditLogDetails/index.tsx
index a5eaa834fff2..d08c1a54f927 100644
--- a/packages/console/src/pages/AuditLogDetails/index.tsx
+++ b/packages/console/src/pages/AuditLogDetails/index.tsx
@@ -16,6 +16,7 @@ import CodeEditor from '@/ds-components/CodeEditor';
 import DangerousRaw from '@/ds-components/DangerousRaw';
 import FormField from '@/ds-components/FormField';
 import TabNav, { TabNavItem } from '@/ds-components/TabNav';
+import Tag from '@/ds-components/Tag';
 import type { RequestError } from '@/hooks/use-api';
 import { isWebhookEventLogKey } from '@/pages/WebhookDetails/utils';
 import { getUserTitle } from '@/utils/user';
@@ -84,7 +85,12 @@ function AuditLogDetails() {
           <Card className={styles.header}>
             <EventIcon isSuccess={data.payload.result === 'Success'} />
             <div className={styles.content}>
-              <div className={styles.eventName}>{logEventTitle[data.key]}</div>
+              <div className={styles.eventName}>
+                {logEventTitle[data.key]}
+                {data.key === 'ExchangeTokenBy.TokenExchange' && (
+                  <Tag status="alert">Impersonation</Tag>
+                )}
+              </div>
               <div className={styles.basicInfo}>
                 <div className={styles.infoItem}>
                   <div className={styles.label}>{t('log_details.event_key')}</div>

From c93ffb47600016b93c722d2c4a43e2b5c9b9efaf Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 19 Jul 2024 17:41:55 +0800
Subject: [PATCH 047/135] feat(core,schemas): implement social/sso link and
 sync logic (#6257)

* feat(core,schemas): implement social/sso link and sync logic

implement social/sso link and sync logic

* test(core): add intergration tests

add integration tests
---
 .../connector-mock-social/src/index.ts        |  2 +
 .../classes/experience-interaction.ts         | 83 +++++++++++++++----
 .../src/routes/experience/classes/utils.ts    | 67 +++++++++++++++
 .../enterprise-sso-verification.ts            | 25 +++++-
 .../verifications/social-verification.ts      | 34 ++++++--
 .../verifications/verification-record.ts      |  1 +
 packages/core/src/routes/experience/index.ts  |  4 +-
 .../src/api/sso-connector.ts                  |  1 +
 .../src/helpers/connector.ts                  |  1 +
 .../src/helpers/experience/index.ts           | 18 +++-
 .../organization-jti.test.ts                  | 30 ++++++-
 .../enterprise-sso.test.ts                    | 38 ++++++++-
 .../sign-in-interaction/social.test.ts        | 40 ++++++++-
 packages/schemas/src/types/interactions.ts    |  6 ++
 14 files changed, 310 insertions(+), 40 deletions(-)

diff --git a/packages/connectors/connector-mock-social/src/index.ts b/packages/connectors/connector-mock-social/src/index.ts
index 1c0f4ec17da9..f9751ba22e59 100644
--- a/packages/connectors/connector-mock-social/src/index.ts
+++ b/packages/connectors/connector-mock-social/src/index.ts
@@ -39,6 +39,8 @@ const getUserInfo: GetUserInfo = async (data, getSession) => {
     userId: z.optional(z.string()),
     email: z.string().optional(),
     phone: z.string().optional(),
+    name: z.string().optional(),
+    avatar: z.string().optional(),
   });
   const result = dataGuard.safeParse(data);
 
diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 210b1d79c025..f2e39cdffe4b 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -12,7 +12,11 @@ import assertThat from '#src/utils/assert-that.js';
 import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
 
 import { ProvisionLibrary } from './provision-library.js';
-import { getNewUserProfileFromVerificationRecord, toUserSocialIdentityData } from './utils.js';
+import {
+  getNewUserProfileFromVerificationRecord,
+  identifyUserByVerificationRecord,
+  toUserSocialIdentityData,
+} from './utils.js';
 import { ProfileValidator } from './validators/profile-validator.js';
 import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
@@ -52,7 +56,7 @@ export default class ExperienceInteraction {
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
   /** The user provided profile data in the current interaction that needs to be stored to database. */
-  private readonly profile?: InteractionProfile;
+  #profile?: InteractionProfile;
   /** The interaction event for the current interaction. */
   #interactionEvent?: InteractionEvent;
 
@@ -89,7 +93,7 @@ export default class ExperienceInteraction {
 
     this.#interactionEvent = interactionEvent;
     this.userId = userId;
-    this.profile = profile;
+    this.#profile = profile;
 
     // Profile validator requires the userId for existing user profile update validation
     this.profileValidator = new ProfileValidator(libraries, queries, userId);
@@ -146,7 +150,7 @@ export default class ExperienceInteraction {
    * @see {@link identifyExistingUser} for more exceptions that can be thrown in the SignIn and ForgotPassword events.
    * @see {@link createNewUser} for more exceptions that can be thrown in the Register event.
    **/
-  public async identifyUser(verificationId: string) {
+  public async identifyUser(verificationId: string, linkSocialIdentity?: boolean) {
     const verificationRecord = this.getVerificationRecordById(verificationId);
 
     assertThat(
@@ -169,7 +173,7 @@ export default class ExperienceInteraction {
       return;
     }
 
-    await this.identifyExistingUser(verificationRecord);
+    await this.identifyExistingUser(verificationRecord, linkSocialIdentity);
   }
 
   /**
@@ -210,18 +214,43 @@ export default class ExperienceInteraction {
   public async submit() {
     assertThat(this.userId, 'session.verification_session_not_found');
 
+    const {
+      queries: { users: userQueries, userSsoIdentities: userSsoIdentitiesQueries },
+    } = this.tenant;
+
+    const user = await userQueries.findUserById(this.userId);
+
     // TODO: mfa validation
+    // TODO: profile updates validation
     // TODO: missing profile fields validation
 
-    const {
-      queries: { users: userQueries },
-    } = this.tenant;
+    const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.#profile ?? {};
 
     // Update user profile
     await userQueries.updateUserById(this.userId, {
+      ...rest,
+      ...conditional(
+        socialIdentity && {
+          identities: {
+            ...user.identities,
+            ...toUserSocialIdentityData(socialIdentity),
+          },
+        }
+      ),
       lastSignInAt: Date.now(),
     });
 
+    if (enterpriseSsoIdentity) {
+      await userSsoIdentitiesQueries.insert({
+        id: generateStandardId(),
+        userId: user.id,
+        ...enterpriseSsoIdentity,
+      });
+      await this.provisionLibrary.newUserJtiOrganizationProvision(user.id, {
+        enterpriseSsoIdentity,
+      });
+    }
+
     const { provider } = this.tenant;
 
     const redirectTo = await provider.interactionResult(this.ctx.req, this.ctx.res, {
@@ -233,12 +262,12 @@ export default class ExperienceInteraction {
 
   /** Convert the current interaction to JSON, so that it can be stored as the OIDC provider interaction result */
   public toJson(): InteractionStorage {
-    const { interactionEvent, userId, profile } = this;
+    const { interactionEvent, userId } = this;
 
     return {
       interactionEvent,
       userId,
-      profile,
+      profile: this.#profile,
       verificationRecords: this.verificationRecordsArray.map((record) => record.toJson()),
     };
   }
@@ -250,21 +279,24 @@ export default class ExperienceInteraction {
   /**
    * Identify the existing user using the verification record.
    *
+   * @param linkSocialIdentity Applies only to the SocialIdentity verification record sign-in events only.
+   * If true, the social identity will be linked to related user.
+   *
    * @throws RequestError with 400 if the verification record is not verified or not valid for identifying a user
    * @throws RequestError with 404 if the user is not found
    * @throws RequestError with 401 if the user is suspended
    * @throws RequestError with 409 if the current session has already identified a different user
    */
-  private async identifyExistingUser(verificationRecord: VerificationRecord) {
-    // Check verification record can be used to identify a user using the `identifyUser` method.
-    // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
-    assertThat(
-      'identifyUser' in verificationRecord,
-      new RequestError({ code: 'session.verification_failed', status: 400 })
+  private async identifyExistingUser(
+    verificationRecord: VerificationRecord,
+    linkSocialIdentity?: boolean
+  ) {
+    const { user, syncedProfile } = await identifyUserByVerificationRecord(
+      verificationRecord,
+      linkSocialIdentity
     );
 
-    const { id, isSuspended } = await verificationRecord.identifyUser();
-
+    const { id, isSuspended } = user;
     assertThat(!isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
 
     // Throws an 409 error if the current session has already identified a different user
@@ -276,6 +308,11 @@ export default class ExperienceInteraction {
       return;
     }
 
+    // Sync social/enterprise SSO identity profile data
+    if (syncedProfile) {
+      this.setProfile(syncedProfile);
+    }
+
     this.userId = id;
   }
 
@@ -330,4 +367,14 @@ export default class ExperienceInteraction {
 
     this.userId = user.id;
   }
+
+  /**
+   * Private method to set the profile data without validation.
+   */
+  private setProfile(profile: InteractionProfile) {
+    this.#profile = {
+      ...this.#profile,
+      ...profile,
+    };
+  }
 }
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index 0a918ec8a5ec..9aebaf7b7673 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -5,9 +5,11 @@ import {
   type InteractionIdentifier,
   type User,
 } from '@logto/schemas';
+import { conditional } from '@silverhand/essentials';
 
 import RequestError from '#src/errors/RequestError/index.js';
 import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
 
 import type { InteractionProfile } from '../types.js';
 
@@ -55,6 +57,71 @@ export const getNewUserProfileFromVerificationRecord = async (
   }
 };
 
+/**
+ * @throws {RequestError} -400 if the verification record type is not supported for user identification.
+ * @throws {RequestError} -400 if the verification record is not verified.
+ * @throws {RequestError} -404 if the user is not found.
+ */
+export const identifyUserByVerificationRecord = async (
+  verificationRecord: VerificationRecord,
+  linkSocialIdentity?: boolean
+): Promise<{
+  user: User;
+  /**
+   * Returns the social/enterprise SSO synced profiled if the verification record is a social/enterprise SSO verification.
+   * - For new linked identity, the synced profile will includes the new social or enterprise SSO identity.
+   * - For existing social or enterprise SSO identity, the synced profile will return the synced user profile based on connector settings.
+   */
+  syncedProfile?: Pick<
+    InteractionProfile,
+    'enterpriseSsoIdentity' | 'socialIdentity' | 'avatar' | 'name'
+  >;
+}> => {
+  // Check verification record can be used to identify a user using the `identifyUser` method.
+  // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
+  assertThat(
+    'identifyUser' in verificationRecord,
+    new RequestError({ code: 'session.verification_failed', status: 400 })
+  );
+
+  switch (verificationRecord.type) {
+    case VerificationType.Password:
+    case VerificationType.VerificationCode: {
+      return { user: await verificationRecord.identifyUser() };
+    }
+    case VerificationType.Social: {
+      const user = linkSocialIdentity
+        ? await verificationRecord.identifyRelatedUser()
+        : await verificationRecord.identifyUser();
+
+      const syncedProfile = {
+        ...(await verificationRecord.toSyncedProfile()),
+        ...conditional(linkSocialIdentity && (await verificationRecord.toUserProfile())),
+      };
+
+      return { user, syncedProfile };
+    }
+    case VerificationType.EnterpriseSso: {
+      try {
+        const user = await verificationRecord.identifyUser();
+        const syncedProfile = await verificationRecord.toSyncedProfile();
+        return { user, syncedProfile };
+      } catch (error: unknown) {
+        // Auto fallback to identify the related user if the user does not exist for enterprise SSO.
+        if (error instanceof RequestError && error.code === 'user.identity_not_exist') {
+          const user = await verificationRecord.identifyRelatedUser();
+          const syncedProfile = {
+            ...(await verificationRecord.toUserProfile()),
+            ...(await verificationRecord.toSyncedProfile()),
+          };
+          return { user, syncedProfile };
+        }
+        throw error;
+      }
+    }
+  }
+};
+
 /**
  * Convert the interaction profile `socialIdentity` to `User['identities']` data format
  */
diff --git a/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts b/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
index 4a8db8cdaa92..db710ca690a3 100644
--- a/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
@@ -8,6 +8,7 @@ import {
   type UserSsoIdentity,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
+import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -151,6 +152,15 @@ export class EnterpriseSsoVerification
       return userSsoIdentityResult.user;
     }
 
+    throw new RequestError({ code: 'user.identity_not_exist', status: 404 });
+  }
+
+  async identifyRelatedUser(): Promise<User> {
+    assertThat(
+      this.isVerified,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
     const relatedUser = await this.findRelatedUserSsoIdentity();
 
     if (relatedUser) {
@@ -182,7 +192,7 @@ export class EnterpriseSsoVerification
   /**
    * Returns the synced profile from the enterprise SSO identity.
    *
-   * @param isNewUser - Whether the returned profile is for a new user. If true, the profile should contain the user's email.
+   * @param isNewUser - Whether the returned profile is for a new user. Only return the primary email if it is a new user.
    */
   async toSyncedProfile(
     isNewUser = false
@@ -195,12 +205,21 @@ export class EnterpriseSsoVerification
     const { name, avatar, email: primaryEmail } = this.enterpriseSsoUserInfo;
 
     if (isNewUser) {
-      return { name, avatar, primaryEmail };
+      return {
+        ...conditional(primaryEmail && { primaryEmail }),
+        ...conditional(name && { name }),
+        ...conditional(avatar && { avatar }),
+      };
     }
 
     const { syncProfile } = await this.getConnectorData();
 
-    return syncProfile ? { name, avatar } : {};
+    return syncProfile
+      ? {
+          ...conditional(name && { name }),
+          ...conditional(avatar && { avatar }),
+        }
+      : {};
   }
 
   toJson(): EnterpriseSsoVerificationRecordData {
diff --git a/packages/core/src/routes/experience/classes/verifications/social-verification.ts b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
index e20abd264898..4284f6436763 100644
--- a/packages/core/src/routes/experience/classes/verifications/social-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
@@ -6,6 +6,7 @@ import {
   type User,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
+import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -159,6 +160,19 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
     return user;
   }
 
+  async identifyRelatedUser(): Promise<User> {
+    assertThat(
+      this.isVerified,
+      new RequestError({ code: 'session.verification_failed', status: 400 })
+    );
+
+    const relatedUser = await this.findRelatedUserBySocialIdentity();
+
+    assertThat(relatedUser, new RequestError({ code: 'user.identity_not_exist', status: 404 }));
+
+    return relatedUser[1];
+  }
+
   /**
    * Returns the social identity as a new user profile.
    */
@@ -183,27 +197,37 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
   /**
    * Returns the synced profile from the social identity.
    *
-   * @param isNewUser - Whether the profile is for a new user. If set to true, the primary email will be included in the profile.
+   * @param isNewUser - Whether the profile is for a new user. Only return the primary email/phone if it is a new user.
    */
   async toSyncedProfile(
     isNewUser = false
-  ): Promise<Pick<InteractionProfile, 'avatar' | 'name' | 'primaryEmail'>> {
+  ): Promise<Pick<InteractionProfile, 'avatar' | 'name' | 'primaryEmail' | 'primaryPhone'>> {
     assertThat(
       this.socialUserInfo,
       new RequestError({ code: 'session.verification_failed', status: 400 })
     );
 
-    const { name, avatar, email: primaryEmail } = this.socialUserInfo;
+    const { name, avatar, email: primaryEmail, phone: primaryPhone } = this.socialUserInfo;
 
     if (isNewUser) {
-      return { name, avatar, primaryEmail };
+      return {
+        ...conditional(primaryEmail && { primaryEmail }),
+        ...conditional(primaryPhone && { primaryPhone }),
+        ...conditional(name && { name }),
+        ...conditional(avatar && { avatar }),
+      };
     }
 
     const {
       dbEntry: { syncProfile },
     } = await this.getConnectorData();
 
-    return syncProfile ? { name, avatar } : {};
+    return syncProfile
+      ? {
+          ...conditional(name && { name }),
+          ...conditional(avatar && { avatar }),
+        }
+      : {};
   }
 
   toJson(): SocialVerificationRecordData {
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-record.ts b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
index df64bb385dd4..6eff83275153 100644
--- a/packages/core/src/routes/experience/classes/verifications/verification-record.ts
+++ b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
@@ -33,5 +33,6 @@ export abstract class IdentifierVerificationRecord<
   T extends VerificationType = IdentifierVerificationType,
   Json extends Data<T> = Data<T>,
 > extends VerificationRecord<T, Json> {
+  /** Identify the user associated with the verification record. */
   abstract identifyUser(): Promise<User>;
 }
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index 7a2fab5a508a..7719100b735e 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -111,10 +111,10 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
       status: [201, 204, 400, 401, 404, 409, 422],
     }),
     async (ctx, next) => {
-      const { verificationId } = ctx.guard.body;
+      const { verificationId, linkSocialIdentity } = ctx.guard.body;
       const { experienceInteraction } = ctx;
 
-      await experienceInteraction.identifyUser(verificationId);
+      await experienceInteraction.identifyUser(verificationId, linkSocialIdentity);
 
       await experienceInteraction.save();
 
diff --git a/packages/integration-tests/src/api/sso-connector.ts b/packages/integration-tests/src/api/sso-connector.ts
index 8baf77c567d0..99bf96371ebf 100644
--- a/packages/integration-tests/src/api/sso-connector.ts
+++ b/packages/integration-tests/src/api/sso-connector.ts
@@ -54,6 +54,7 @@ export class SsoConnectorApi {
         clientSecret: 'bar',
         issuer: `${logtoUrl}/oidc`,
       },
+      syncProfile: true,
     });
 
     return connector;
diff --git a/packages/integration-tests/src/helpers/connector.ts b/packages/integration-tests/src/helpers/connector.ts
index 5789bc8f685f..c28240db1bce 100644
--- a/packages/integration-tests/src/helpers/connector.ts
+++ b/packages/integration-tests/src/helpers/connector.ts
@@ -40,6 +40,7 @@ export const setSocialConnector = async () =>
   postConnector({
     connectorId: mockSocialConnectorId,
     config: mockSocialConnectorConfig,
+    syncProfile: true,
   });
 
 export const resetPasswordlessConnectors = async () => {
diff --git a/packages/integration-tests/src/helpers/experience/index.ts b/packages/integration-tests/src/helpers/experience/index.ts
index 8aa7f6523b5e..f14dcf9786b3 100644
--- a/packages/integration-tests/src/helpers/experience/index.ts
+++ b/packages/integration-tests/src/helpers/experience/index.ts
@@ -141,7 +141,10 @@ export const registerNewUserWithVerificationCode = async (
 export const signInWithSocial = async (
   connectorId: string,
   socialUserInfo: SocialUserInfo,
-  registerNewUser = false
+  options?: {
+    registerNewUser?: boolean;
+    linkSocial?: boolean;
+  }
 ) => {
   const state = 'state';
   const redirectUri = 'http://localhost:3000';
@@ -154,6 +157,8 @@ export const signInWithSocial = async (
     state,
   });
 
+  const { id, ...rest } = socialUserInfo;
+
   await successFullyVerifySocialAuthorization(client, connectorId, {
     verificationId,
     connectorData: {
@@ -161,11 +166,11 @@ export const signInWithSocial = async (
       redirectUri,
       code: 'fake_code',
       userId: socialUserInfo.id,
-      email: socialUserInfo.email,
+      ...rest,
     },
   });
 
-  if (registerNewUser) {
+  if (options?.registerNewUser) {
     await expectRejects(client.identifyUser({ verificationId }), {
       code: 'user.identity_not_exist',
       status: 404,
@@ -173,6 +178,13 @@ export const signInWithSocial = async (
 
     await client.updateInteractionEvent({ interactionEvent: InteractionEvent.Register });
     await client.identifyUser({ verificationId });
+  } else if (options?.linkSocial) {
+    await expectRejects(client.identifyUser({ verificationId }), {
+      code: 'user.identity_not_exist',
+      status: 404,
+    });
+
+    await client.identifyUser({ verificationId, linkSocialIdentity: true });
   } else {
     await client.identifyUser({
       verificationId,
diff --git a/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts b/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts
index 5cc2208411cd..5cb0a0da9227 100644
--- a/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/register-interaction/organization-jti.test.ts
@@ -1,7 +1,7 @@
 import { ConnectorType } from '@logto/connector-kit';
 import { SignInIdentifier } from '@logto/schemas';
 
-import { deleteUser, getUserOrganizations } from '#src/api/admin-user.js';
+import { createUser, deleteUser, getUserOrganizations } from '#src/api/admin-user.js';
 import { updateSignInExperience } from '#src/api/sign-in-experience.js';
 import { SsoConnectorApi } from '#src/api/sso-connector.js';
 import {
@@ -148,7 +148,7 @@ devFeatureTest.describe('organization just-in-time provisioning', () => {
     await deleteUser(userId);
   });
 
-  it('should provision a user with the matched sso connector', async () => {
+  it('should provision a user with the matched sso connector registration', async () => {
     const organization = await organizationApi.create({ name: 'sso_foo' });
     const domain = 'sso_example.com';
     const connector = await ssoConnectorApi.createMockOidcConnector([domain]);
@@ -172,4 +172,30 @@ devFeatureTest.describe('organization just-in-time provisioning', () => {
 
     await deleteUser(userId);
   });
+
+  it('should provision a user with the matched linked SSO connector identity', async () => {
+    const organization = await organizationApi.create({ name: 'sso_foo' });
+    const domain = 'sso_example.com';
+    const email = generateEmail(domain);
+
+    const connector = await ssoConnectorApi.createMockOidcConnector([domain]);
+    await organizationApi.jit.ssoConnectors.add(organization.id, [connector.id]);
+
+    const user = await createUser({ primaryEmail: email });
+
+    const userId = await signInWithEnterpriseSso(connector.id, {
+      sub: randomString(),
+      email,
+      email_verified: true,
+    });
+
+    expect(userId).toBe(user.id);
+
+    const userOrganizations = await getUserOrganizations(userId);
+    expect(userOrganizations).toEqual(
+      expect.arrayContaining([expect.objectContaining({ id: organization.id })])
+    );
+
+    await deleteUser(userId);
+  });
 });
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
index e86cc54ec461..39cea62d3c6c 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
@@ -4,12 +4,13 @@ import { deleteUser, getUser } from '#src/api/admin-user.js';
 import { updateSignInExperience } from '#src/api/sign-in-experience.js';
 import { SsoConnectorApi } from '#src/api/sso-connector.js';
 import { signInWithEnterpriseSso } from '#src/helpers/experience/index.js';
+import { generateNewUser } from '#src/helpers/user.js';
 import { devFeatureTest, generateEmail } from '#src/utils.js';
 
 devFeatureTest.describe('enterprise sso sign-in and sign-up', () => {
   const ssoConnectorApi = new SsoConnectorApi();
   const domain = 'foo.com';
-  const socialUserId = generateStandardId();
+  const enterpriseSsoIdentityId = generateStandardId();
   const email = generateEmail(domain);
 
   beforeAll(async () => {
@@ -21,11 +22,11 @@ devFeatureTest.describe('enterprise sso sign-in and sign-up', () => {
     await ssoConnectorApi.cleanUp();
   });
 
-  it('should successfully sign-up with enterprise sso ans sync email', async () => {
+  it('should successfully sign-up with enterprise sso and sync email', async () => {
     const userId = await signInWithEnterpriseSso(
       ssoConnectorApi.firstConnectorId!,
       {
-        sub: socialUserId,
+        sub: enterpriseSsoIdentityId,
         email,
         email_verified: true,
       },
@@ -38,11 +39,40 @@ devFeatureTest.describe('enterprise sso sign-in and sign-up', () => {
 
   it('should successfully sign-in with enterprise sso', async () => {
     const userId = await signInWithEnterpriseSso(ssoConnectorApi.firstConnectorId!, {
-      sub: socialUserId,
+      sub: enterpriseSsoIdentityId,
       email,
       email_verified: true,
+      name: 'John Doe',
     });
 
+    const { name } = await getUser(userId);
+    expect(name).toBe('John Doe');
+
+    await deleteUser(userId);
+  });
+
+  it('should successfully sign-in and link new enterprise sso identity', async () => {
+    const { userProfile, user } = await generateNewUser({
+      primaryEmail: true,
+    });
+    const { primaryEmail } = userProfile;
+
+    const userId = await signInWithEnterpriseSso(ssoConnectorApi.firstConnectorId!, {
+      sub: enterpriseSsoIdentityId,
+      email: primaryEmail,
+      email_verified: true,
+      name: 'John Doe',
+    });
+
+    expect(userId).toBe(user.id);
+
+    const { name, ssoIdentities } = await getUser(userId, true);
+
+    expect(name).toBe('John Doe');
+    expect(ssoIdentities?.some((identity) => identity.identityId === enterpriseSsoIdentityId)).toBe(
+      true
+    );
+
     await deleteUser(userId);
   });
 });
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
index 6ae61112025a..c74ed4bd0e89 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@@ -1,10 +1,14 @@
 import { ConnectorType } from '@logto/connector-kit';
 import { generateStandardId } from '@logto/shared';
 
-import { mockSocialConnectorId } from '#src/__mocks__/connectors-mock.js';
+import {
+  mockSocialConnectorId,
+  mockSocialConnectorTarget,
+} from '#src/__mocks__/connectors-mock.js';
 import { deleteUser, getUser } from '#src/api/admin-user.js';
 import { clearConnectorsByTypes, setSocialConnector } from '#src/helpers/connector.js';
 import { signInWithSocial } from '#src/helpers/experience/index.js';
+import { generateNewUser } from '#src/helpers/user.js';
 import { devFeatureTest, generateEmail } from '#src/utils.js';
 
 devFeatureTest.describe('social sign-in and sign-up', () => {
@@ -30,19 +34,49 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
         id: socialUserId,
         email,
       },
-      true
+      {
+        registerNewUser: true,
+      }
     );
 
     const { primaryEmail } = await getUser(userId);
     expect(primaryEmail).toBe(email);
   });
 
-  it('should successfully sign-in with social', async () => {
+  it('should successfully sign-in with social and sync name', async () => {
     const userId = await signInWithSocial(connectorIdMap.get(mockSocialConnectorId)!, {
       id: socialUserId,
       email,
+      name: 'John Doe',
+    });
+
+    const { name } = await getUser(userId);
+
+    expect(name).toBe('John Doe');
+
+    await deleteUser(userId);
+  });
+
+  it('should successfully sign-in with linked email and sync name', async () => {
+    const { userProfile, user } = await generateNewUser({
+      primaryEmail: true,
     });
 
+    const userId = await signInWithSocial(
+      connectorIdMap.get(mockSocialConnectorId)!,
+      {
+        id: socialUserId,
+        email: userProfile.primaryEmail,
+        name: 'Foo Bar',
+      },
+      { linkSocial: true }
+    );
+
+    expect(userId).toBe(user.id);
+    const { identities, name } = await getUser(userId);
+    expect(identities[mockSocialConnectorTarget]).toBeTruthy();
+    expect(name).toBe('Foo Bar');
+
     await deleteUser(userId);
   });
 });
diff --git a/packages/schemas/src/types/interactions.ts b/packages/schemas/src/types/interactions.ts
index e7934eed7349..e833e2b3fe7f 100644
--- a/packages/schemas/src/types/interactions.ts
+++ b/packages/schemas/src/types/interactions.ts
@@ -140,9 +140,15 @@ export const newPasswordIdentityVerificationPayloadGuard = z.object({
 export type IdentificationApiPayload = {
   /** The ID of the verification record that is used to identify the user. */
   verificationId: string;
+  /**
+   * Link social identity to a related user account with the same email or phone.
+   * Only applicable for social verification records and a related user account is found.
+   */
+  linkSocialIdentity?: boolean;
 };
 export const identificationApiPayloadGuard = z.object({
   verificationId: z.string(),
+  linkSocialIdentity: z.boolean().optional(),
 }) satisfies ToZodObject<IdentificationApiPayload>;
 
 /** Payload type for `POST /api/experience`. */

From 7537c510f781d7ffa0504382d4383c3e1de823ca Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 19 Jul 2024 18:01:58 +0800
Subject: [PATCH 048/135] feat(core): add mfa verification guard (#6262)

add mfa verification guard
---
 .../classes/experience-interaction.ts         |  75 +++++++++--
 .../classes/validators/mfa-validator.ts       | 122 ++++++++++++++++++
 .../sign-in-experience-validator.ts           |   6 +
 .../verifications/totp-verification.ts        |   1 +
 packages/core/src/routes/experience/index.ts  |   2 +-
 .../backup-code-verification.ts               |   4 +-
 .../verifications/mfa-verification.ts         |   4 +-
 .../helpers/experience/totp-verification.ts   |   2 +-
 .../mfa-verification.test.ts                  |  95 ++++++++++++++
 .../verifications/totp-verification.test.ts   |   6 +-
 10 files changed, 299 insertions(+), 18 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/validators/mfa-validator.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index f2e39cdffe4b..16754d0f679c 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -1,5 +1,5 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import { InteractionEvent, type VerificationType } from '@logto/schemas';
+import { InteractionEvent, type User, type VerificationType } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
@@ -17,6 +17,7 @@ import {
   identifyUserByVerificationRecord,
   toUserSocialIdentityData,
 } from './utils.js';
+import { MfaValidator } from './validators/mfa-validator.js';
 import { ProfileValidator } from './validators/profile-validator.js';
 import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
@@ -55,6 +56,7 @@ export default class ExperienceInteraction {
   private readonly verificationRecords = new Map<VerificationType, VerificationRecord>();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
+  private userCache?: User;
   /** The user provided profile data in the current interaction that needs to be stored to database. */
   #profile?: InteractionProfile;
   /** The interaction event for the current interaction. */
@@ -190,6 +192,27 @@ export default class ExperienceInteraction {
     return this.verificationRecordsArray.find((record) => record.id === verificationId);
   }
 
+  /**
+   * Validate the interaction verification records against the sign-in experience and user MFA settings.
+   *
+   * The interaction is verified if at least one user enabled MFA verification record is present and verified.
+   */
+  public async guardMfaVerificationStatus() {
+    const user = await this.getIdentifiedUser();
+    const mfaSettings = await this.signInExperienceValidator.getMfaSettings();
+    const mfaValidator = new MfaValidator(mfaSettings, user);
+
+    const isVerified = mfaValidator.isMfaVerified(this.verificationRecordsArray);
+
+    assertThat(
+      isVerified,
+      new RequestError(
+        { code: 'session.mfa.require_mfa_verification', status: 403 },
+        { availableFactors: mfaValidator.availableMfaVerificationTypes }
+      )
+    );
+  }
+
   /** Save the current interaction result. */
   public async save() {
     const { provider } = this.tenant;
@@ -212,22 +235,30 @@ export default class ExperienceInteraction {
 
   /** Submit the current interaction result to the OIDC provider and clear the interaction data */
   public async submit() {
-    assertThat(this.userId, 'session.verification_session_not_found');
-
     const {
       queries: { users: userQueries, userSsoIdentities: userSsoIdentitiesQueries },
     } = this.tenant;
 
-    const user = await userQueries.findUserById(this.userId);
+    // Initiated
+    assertThat(
+      this.interactionEvent,
+      new RequestError({ code: 'session.interaction_not_found', status: 404 })
+    );
 
-    // TODO: mfa validation
-    // TODO: profile updates validation
-    // TODO: missing profile fields validation
+    // Identified
+    const user = await this.getIdentifiedUser();
+
+    // Verified
+    if (this.#interactionEvent !== InteractionEvent.ForgotPassword) {
+      await this.guardMfaVerificationStatus();
+    }
 
     const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.#profile ?? {};
 
+    // TODO: profile updates validation
+
     // Update user profile
-    await userQueries.updateUserById(this.userId, {
+    await userQueries.updateUserById(user.id, {
       ...rest,
       ...conditional(
         socialIdentity && {
@@ -240,6 +271,8 @@ export default class ExperienceInteraction {
       lastSignInAt: Date.now(),
     });
 
+    // TODO: missing profile fields validation
+
     if (enterpriseSsoIdentity) {
       await userSsoIdentitiesQueries.insert({
         id: generateStandardId(),
@@ -254,7 +287,7 @@ export default class ExperienceInteraction {
     const { provider } = this.tenant;
 
     const redirectTo = await provider.interactionResult(this.ctx.req, this.ctx.res, {
-      login: { accountId: this.userId },
+      login: { accountId: user.id },
     });
 
     this.ctx.body = { redirectTo };
@@ -377,4 +410,28 @@ export default class ExperienceInteraction {
       ...profile,
     };
   }
+
+  /**
+   * Assert the interaction is identified and return the identified user.
+   *
+   * @throws RequestError with 400 if the user is not identified
+   * @throws RequestError with 404 if the user is not found
+   */
+  private async getIdentifiedUser(): Promise<User> {
+    if (this.userCache) {
+      return this.userCache;
+    }
+
+    // Identified
+    assertThat(this.userId, 'session.identifier_not_found');
+
+    const {
+      queries: { users: userQueries },
+    } = this.tenant;
+
+    const user = await userQueries.findUserById(this.userId);
+
+    this.userCache = user;
+    return this.userCache;
+  }
 }
diff --git a/packages/core/src/routes/experience/classes/validators/mfa-validator.ts b/packages/core/src/routes/experience/classes/validators/mfa-validator.ts
new file mode 100644
index 000000000000..c1882b1d1474
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/validators/mfa-validator.ts
@@ -0,0 +1,122 @@
+import {
+  MfaFactor,
+  VerificationType,
+  type Mfa,
+  type MfaVerification,
+  type User,
+} from '@logto/schemas';
+
+import { type VerificationRecord } from '../verifications/index.js';
+
+const mfaVerificationTypes = Object.freeze([
+  VerificationType.TOTP,
+  VerificationType.BackupCode,
+  VerificationType.WebAuthn,
+]);
+
+type MfaVerificationType =
+  | VerificationType.TOTP
+  | VerificationType.BackupCode
+  | VerificationType.WebAuthn;
+
+const mfaVerificationTypeToMfaFactorMap = Object.freeze({
+  [VerificationType.TOTP]: MfaFactor.TOTP,
+  [VerificationType.BackupCode]: MfaFactor.BackupCode,
+  [VerificationType.WebAuthn]: MfaFactor.WebAuthn,
+}) satisfies Record<MfaVerificationType, MfaFactor>;
+
+const isMfaVerificationRecordType = (type: VerificationType): type is MfaVerificationType => {
+  return mfaVerificationTypes.includes(type);
+};
+
+export class MfaValidator {
+  constructor(
+    private readonly mfaSettings: Mfa,
+    private readonly user: User
+  ) {}
+
+  /**
+   * Get the enabled MFA factors for the user
+   * - Filter out MFA factors that are not configured in the sign-in experience
+   */
+  get userEnabledMfaVerifications() {
+    const { mfaVerifications } = this.user;
+
+    return mfaVerifications.filter((verification) =>
+      this.mfaSettings.factors.includes(verification.type)
+    );
+  }
+
+  /**
+   * For front-end display usage only
+   * Return the available MFA verifications for the user.
+   */
+  get availableMfaVerificationTypes() {
+    return (
+      this.userEnabledMfaVerifications
+        // Filter out backup codes if all the codes are used
+        .filter((verification) => {
+          if (verification.type !== MfaFactor.BackupCode) {
+            return true;
+          }
+          return verification.codes.some((code) => !code.usedAt);
+        })
+        // Filter out duplicated verifications with the same type
+        .reduce<MfaVerification[]>((verifications, verification) => {
+          if (verifications.some(({ type }) => type === verification.type)) {
+            return verifications;
+          }
+
+          return [...verifications, verification];
+        }, [])
+        .slice()
+        // Sort by last used time, the latest used factor is the first one, backup code is always the last one
+        .sort((verificationA, verificationB) => {
+          if (verificationA.type === MfaFactor.BackupCode) {
+            return 1;
+          }
+
+          if (verificationB.type === MfaFactor.BackupCode) {
+            return -1;
+          }
+
+          return (
+            new Date(verificationB.lastUsedAt ?? 0).getTime() -
+            new Date(verificationA.lastUsedAt ?? 0).getTime()
+          );
+        })
+        .map(({ type }) => type)
+    );
+  }
+
+  get isMfaEnabled() {
+    return this.userEnabledMfaVerifications.length > 0;
+  }
+
+  isMfaVerified(verificationRecords: VerificationRecord[]) {
+    // MFA validation is not enabled
+    if (!this.isMfaEnabled) {
+      return true;
+    }
+
+    const mfaVerificationRecords = this.filterVerifiedMfaVerificationRecords(verificationRecords);
+
+    return mfaVerificationRecords.length > 0;
+  }
+
+  filterVerifiedMfaVerificationRecords(verificationRecords: VerificationRecord[]) {
+    const enabledMfaFactors = this.userEnabledMfaVerifications;
+
+    // Filter out the verified MFA verification records
+    const mfaVerificationRecords = verificationRecords.filter(({ type, isVerified }) => {
+      return (
+        isVerified &&
+        isMfaVerificationRecordType(type) &&
+        // Check if the verification type is enabled in the user's MFA settings
+        enabledMfaFactors.some((factor) => factor.type === mfaVerificationTypeToMfaFactorMap[type])
+      );
+    });
+
+    return mfaVerificationRecords;
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
index 25de8357eaf1..9a22b63c21f1 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
@@ -111,6 +111,12 @@ export class SignInExperienceValidator {
     return availableSsoConnectors.filter(({ domains }) => domains.includes(domain));
   }
 
+  public async getMfaSettings() {
+    const { mfa } = await this.getSignInExperienceData();
+
+    return mfa;
+  }
+
   public async getSignInExperienceData() {
     this.signInExperienceDataCache ||=
       await this.queries.signInExperiences.findDefaultSignInExperience();
diff --git a/packages/core/src/routes/experience/classes/verifications/totp-verification.ts b/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
index 9cf65977ebfa..d2a2134aff0d 100644
--- a/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
@@ -124,6 +124,7 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
 
     const { mfaVerifications } = await findUserById(this.userId);
 
+    // User can only have one TOTP MFA record in the profile
     const totpVerification = findUserTotp(mfaVerifications);
 
     // Can not found totp verification, this is an invalid request, throw invalid code error anyway for security reason
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index 7719100b735e..db5d895d8f35 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -128,7 +128,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
   router.post(
     `${experienceRoutes.prefix}/submit`,
     koaGuard({
-      status: [200, 400],
+      status: [200, 400, 403, 422],
       response: z.object({
         redirectTo: z.string(),
       }),
diff --git a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
index b38b72cdb4e0..413681e2dced 100644
--- a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
@@ -32,8 +32,6 @@ export default function backupCodeVerificationRoutes<T extends WithLogContext>(
 
       assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
 
-      // TODO: Check if the MFA is enabled
-
       const backupCodeVerificationRecord = BackupCodeVerification.create(
         libraries,
         queries,
@@ -49,6 +47,8 @@ export default function backupCodeVerificationRoutes<T extends WithLogContext>(
       ctx.body = {
         verificationId: backupCodeVerificationRecord.id,
       };
+
+      return next();
     }
   );
 }
diff --git a/packages/core/src/routes/interaction/verifications/mfa-verification.ts b/packages/core/src/routes/interaction/verifications/mfa-verification.ts
index 51e83ded21aa..2504b6256c4d 100644
--- a/packages/core/src/routes/interaction/verifications/mfa-verification.ts
+++ b/packages/core/src/routes/interaction/verifications/mfa-verification.ts
@@ -16,10 +16,10 @@ import assertThat from '#src/utils/assert-that.js';
 import { type WithInteractionDetailsContext } from '../middleware/koa-interaction-details.js';
 import { type WithInteractionSieContext } from '../middleware/koa-interaction-sie.js';
 import {
-  type VerifiedSignInInteractionResult,
+  type AccountVerifiedInteractionResult,
   type VerifiedInteractionResult,
   type VerifiedRegisterInteractionResult,
-  type AccountVerifiedInteractionResult,
+  type VerifiedSignInInteractionResult,
 } from '../types/index.js';
 import { generateBackupCodes } from '../utils/backup-code-validation.js';
 import { storeInteractionResult } from '../utils/interaction.js';
diff --git a/packages/integration-tests/src/helpers/experience/totp-verification.ts b/packages/integration-tests/src/helpers/experience/totp-verification.ts
index f5fea42e3fff..ced40ce9aabd 100644
--- a/packages/integration-tests/src/helpers/experience/totp-verification.ts
+++ b/packages/integration-tests/src/helpers/experience/totp-verification.ts
@@ -10,7 +10,7 @@ export const successFullyCreateNewTotpSecret = async (client: ExperienceClient)
   return { secret, secretQrCode, verificationId };
 };
 
-export const successFullyVerifyTotp = async (
+export const successfullyVerifyTotp = async (
   client: ExperienceClient,
   payload: {
     code: string;
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts
new file mode 100644
index 000000000000..3de9e1e6be17
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts
@@ -0,0 +1,95 @@
+import { MfaFactor } from '@logto/schemas';
+import { authenticator } from 'otplib';
+
+import { createUserMfaVerification } from '#src/api/admin-user.js';
+import { initExperienceClient } from '#src/helpers/client.js';
+import { identifyUserWithUsernamePassword } from '#src/helpers/experience/index.js';
+import { successfullyVerifyTotp } from '#src/helpers/experience/totp-verification.js';
+import { expectRejects } from '#src/helpers/index.js';
+import {
+  enableAllPasswordSignInMethods,
+  enableMandatoryMfaWithTotpAndBackupCode,
+} from '#src/helpers/sign-in-experience.js';
+import { generateNewUserProfile, UserApiTest } from '#src/helpers/user.js';
+import { devFeatureTest } from '#src/utils.js';
+
+devFeatureTest.describe('mfa sign-in verification', () => {
+  const userApi = new UserApiTest();
+
+  beforeAll(async () => {
+    await enableAllPasswordSignInMethods();
+  });
+
+  afterAll(async () => {
+    await userApi.cleanUp();
+  });
+
+  describe('TOTP verification', () => {
+    beforeAll(async () => {
+      await enableMandatoryMfaWithTotpAndBackupCode();
+    });
+
+    it('should throw require_mfa_verification error when signing in without mfa verification', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+
+      const user = await userApi.create({ username, password });
+      await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      const client = await initExperienceClient();
+
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'session.mfa.require_mfa_verification',
+        status: 403,
+      });
+    });
+
+    it('should sign-in successfully with TOTP verification', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+
+      const response = await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      if (response.type !== MfaFactor.TOTP) {
+        throw new Error('unexpected mfa type');
+      }
+
+      const { secret } = response;
+
+      const client = await initExperienceClient();
+
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      const code = authenticator.generate(secret);
+
+      await successfullyVerifyTotp(client, { code });
+
+      await expect(client.submitInteraction()).resolves.not.toThrow();
+    });
+
+    it('should sign-in successfully with backup code with both TOTP and backup code enabled', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+
+      await createUserMfaVerification(user.id, MfaFactor.TOTP);
+      const response = await createUserMfaVerification(user.id, MfaFactor.BackupCode);
+
+      if (response.type !== MfaFactor.BackupCode) {
+        throw new Error('unexpected mfa type');
+      }
+
+      const { codes } = response;
+
+      const client = await initExperienceClient();
+
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      const code = codes[0]!;
+
+      await client.verifyBackupCode({ code });
+
+      await expect(client.submitInteraction()).resolves.not.toThrow();
+    });
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts
index c1fa2a76b38a..fc1a3cbf2019 100644
--- a/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/verifications/totp-verification.test.ts
@@ -6,7 +6,7 @@ import { initExperienceClient } from '#src/helpers/client.js';
 import { identifyUserWithUsernamePassword } from '#src/helpers/experience/index.js';
 import {
   successFullyCreateNewTotpSecret,
-  successFullyVerifyTotp,
+  successfullyVerifyTotp,
 } from '#src/helpers/experience/totp-verification.js';
 import { expectRejects } from '#src/helpers/index.js';
 import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
@@ -98,7 +98,7 @@ devFeatureTest.describe('TOTP verification APIs', () => {
       const { verificationId, secret } = await successFullyCreateNewTotpSecret(client);
       const code = authenticator.generate(secret);
 
-      await successFullyVerifyTotp(client, { code, verificationId });
+      await successfullyVerifyTotp(client, { code, verificationId });
     });
   });
 
@@ -157,7 +157,7 @@ devFeatureTest.describe('TOTP verification APIs', () => {
 
       const code = authenticator.generate(secret);
 
-      await successFullyVerifyTotp(client, { code });
+      await successfullyVerifyTotp(client, { code });
     });
   });
 });

From 3205e36e32cb362904d5e2544ef953cec377d389 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 19 Jul 2024 18:23:09 +0800
Subject: [PATCH 049/135] chore: remove feature guard for token exchange
 (#6246)

---
 .../MainContent/SettingsSection/InstructionTab/index.tsx     | 3 +--
 packages/core/src/routes/subject-token.openapi.json          | 3 +--
 packages/core/src/routes/subject-token.ts                    | 5 -----
 packages/core/src/routes/swagger/index.ts                    | 1 -
 .../src/tests/api/oidc/token-exchange.test.ts                | 3 ---
 packages/integration-tests/src/tests/api/security.test.ts    | 3 ---
 6 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
index 7fc7bedfe6c2..76003b617a41 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
@@ -5,7 +5,6 @@ import { useState } from 'react';
 import { useFormContext } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { type JwtCustomizerForm } from '@/pages/CustomizeJwtDetails/type';
 import {
   environmentVariablesCodeExample,
@@ -79,7 +78,7 @@ function InstructionTab({ isActive }: Props) {
           />
         </GuideCard>
       )}
-      {isDevFeaturesEnabled && tokenType === LogtoJwtTokenKeyType.AccessToken && (
+      {tokenType === LogtoJwtTokenKeyType.AccessToken && (
         <GuideCard
           name={CardType.GrantData}
           isExpanded={expendCard === CardType.GrantData}
diff --git a/packages/core/src/routes/subject-token.openapi.json b/packages/core/src/routes/subject-token.openapi.json
index 6f2384f0123b..e8edf511c3b0 100644
--- a/packages/core/src/routes/subject-token.openapi.json
+++ b/packages/core/src/routes/subject-token.openapi.json
@@ -3,8 +3,7 @@
     {
       "name": "Subject tokens",
       "description": "The subject token API provides the ability to create a new subject token for the use of impersonating the user."
-    },
-    { "name": "Dev feature" }
+    }
   ],
   "paths": {
     "/api/subject-tokens": {
diff --git a/packages/core/src/routes/subject-token.ts b/packages/core/src/routes/subject-token.ts
index 99cbcb84a5a9..d27247314762 100644
--- a/packages/core/src/routes/subject-token.ts
+++ b/packages/core/src/routes/subject-token.ts
@@ -4,7 +4,6 @@ import { addSeconds } from 'date-fns';
 import { object, string } from 'zod';
 
 import { subjectTokenExpiresIn, subjectTokenPrefix } from '#src/constants/index.js';
-import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 
@@ -24,10 +23,6 @@ export default function subjectTokenRoutes<T extends ManagementApiRouter>(
     subjectTokens: { insertSubjectToken },
   } = queries;
 
-  if (!EnvSet.values.isDevFeaturesEnabled) {
-    return;
-  }
-
   router.post(
     '/subject-tokens',
     koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
diff --git a/packages/core/src/routes/swagger/index.ts b/packages/core/src/routes/swagger/index.ts
index f79d26a02c71..b845ed0d72f5 100644
--- a/packages/core/src/routes/swagger/index.ts
+++ b/packages/core/src/routes/swagger/index.ts
@@ -155,7 +155,6 @@ const identifiableEntityNames = Object.freeze([
 const additionalTags = Object.freeze(
   condArray<string>(
     'Organization applications',
-    EnvSet.values.isDevFeaturesEnabled && 'Subject tokens',
     EnvSet.values.isDevFeaturesEnabled && 'Custom UI assets',
     'Organization users'
   )
diff --git a/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts b/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts
index a6ec845f421d..930729f88a27 100644
--- a/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts
+++ b/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts
@@ -22,7 +22,6 @@ import { createUserByAdmin } from '#src/helpers/index.js';
 import { OrganizationApiTest } from '#src/helpers/organization.js';
 import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
 import {
-  devFeatureTest,
   getAccessTokenPayload,
   randomString,
   generateName,
@@ -30,8 +29,6 @@ import {
   generateUsername,
 } from '#src/utils.js';
 
-const { describe, it } = devFeatureTest;
-
 describe('Token Exchange', () => {
   const username = generateUsername();
   const password = generatePassword();
diff --git a/packages/integration-tests/src/tests/api/security.test.ts b/packages/integration-tests/src/tests/api/security.test.ts
index bc906d85e147..c84b7e87d8f4 100644
--- a/packages/integration-tests/src/tests/api/security.test.ts
+++ b/packages/integration-tests/src/tests/api/security.test.ts
@@ -1,8 +1,5 @@
 import { createSubjectToken } from '#src/api/subject-token.js';
 import { createUserByAdmin } from '#src/helpers/index.js';
-import { devFeatureTest } from '#src/utils.js';
-
-const { describe, it } = devFeatureTest;
 
 describe('subject-tokens', () => {
   it('should create a subject token successfully', async () => {

From 18c8fdf015653ad887c8cfcdcf5c2a4c1f9ef2c5 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Fri, 19 Jul 2024 18:23:18 +0800
Subject: [PATCH 050/135] chore: add changeset for impersonation (#6251)

---
 .changeset/seven-comics-tan.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .changeset/seven-comics-tan.md

diff --git a/.changeset/seven-comics-tan.md b/.changeset/seven-comics-tan.md
new file mode 100644
index 000000000000..8ef9efa59f7b
--- /dev/null
+++ b/.changeset/seven-comics-tan.md
@@ -0,0 +1,26 @@
+---
+"@logto/core": minor
+---
+
+implement token exchange for user impersonation
+
+Added support for user impersonation via token exchange:
+
+1. New endpoint: `POST /subject-tokens` (Management API)
+   - Request body: `{ "userId": "<user-id>" }`
+   - Returns a subject token
+
+2. Enhanced `POST /oidc/token` endpoint (OIDC API)
+   - Supports new grant type: `urn:ietf:params:oauth:grant-type:token-exchange`
+   - Request body:
+     ```json
+     {
+       "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+       "subject_token": "<subject-token>",
+       "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
+       "client_id": "<client-id>"
+     }
+     ```
+   - Returns an impersonated access token
+
+Refer to documentation for usage examples and the [Token Exchange RFC](https://tools.ietf.org/html/rfc8693) for more details.

From 175d4274de6c93d7f3d47ea8fb0162a28ab9a914 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 19 Jul 2024 20:59:13 +0800
Subject: [PATCH 051/135] chore(elements): move check to build

---
 packages/elements/package.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/elements/package.json b/packages/elements/package.json
index a9bcfd3cdd54..ee405db27755 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -28,14 +28,13 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build": "lit-localize build && tsup",
+    "build": "pnpm check && lit-localize build && tsup",
     "start": "web-dev-server",
     "dev": "lit-localize build && tsup --watch --no-splitting",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "echo \"No tests yet.\"",
     "test:ci": "pnpm run test --silent --coverage",
-    "prepublishOnly": "pnpm check",
     "prepack": "pnpm build",
     "localize": "lit-localize",
     "check": "lit-localize extract && git add . -N && git diff --exit-code"

From b73452ceb3459f1396db4775f219bc54f1a40847 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sat, 20 Jul 2024 22:04:56 +0800
Subject: [PATCH 052/135] chore(deps): upgrade typescript

---
 packages/app-insights/package.json            |   2 +-
 packages/cli/package.json                     |   2 +-
 .../connector-alipay-native/package.json      |   2 +-
 .../connector-alipay-web/package.json         |   2 +-
 .../connector-aliyun-dm/package.json          |   2 +-
 .../connector-aliyun-sms/package.json         |   2 +-
 .../connectors/connector-apple/package.json   |   2 +-
 .../connectors/connector-aws-ses/package.json |   2 +-
 .../connectors/connector-azuread/package.json |   2 +-
 .../connector-dingtalk-web/package.json       |   2 +-
 .../connectors/connector-discord/package.json |   2 +-
 .../connector-facebook/package.json           |   2 +-
 .../connector-feishu-web/package.json         |   2 +-
 .../connectors/connector-github/package.json  |   2 +-
 .../connectors/connector-google/package.json  |   2 +-
 .../connector-huggingface/package.json        |   2 +-
 .../connectors/connector-kakao/package.json   |   2 +-
 .../connector-logto-email/package.json        |   2 +-
 .../connector-logto-sms/package.json          |   2 +-
 .../connector-logto-social-demo/package.json  |   2 +-
 .../connectors/connector-mailgun/package.json |   2 +-
 .../package.json                              |   2 +-
 .../connector-mock-email/package.json         |   2 +-
 .../connector-mock-sms/package.json           |   2 +-
 .../connector-mock-social/package.json        |   2 +-
 .../connectors/connector-naver/package.json   |   2 +-
 .../connectors/connector-oauth2/package.json  |   2 +-
 .../connectors/connector-oidc/package.json    |   2 +-
 .../connectors/connector-saml/package.json    |   2 +-
 .../connector-sendgrid-email/package.json     |   2 +-
 .../connectors/connector-smsaero/package.json |   2 +-
 .../connectors/connector-smtp/package.json    |   2 +-
 .../connector-tencent-sms/package.json        |   2 +-
 .../connector-twilio-sms/package.json         |   2 +-
 .../connector-wechat-native/package.json      |   2 +-
 .../connector-wechat-web/package.json         |   2 +-
 .../connectors/connector-wecom/package.json   |   2 +-
 packages/console/package.json                 |   2 +-
 packages/core/package.json                    |   2 +-
 packages/demo-app/package.json                |   2 +-
 packages/experience/package.json              |   2 +-
 packages/integration-tests/package.json       |   2 +-
 packages/phrases-experience/package.json      |   2 +-
 packages/phrases-experience/src/types.ts      |  10 +-
 packages/phrases/package.json                 |   2 +-
 packages/schemas/package.json                 |   2 +-
 packages/shared/package.json                  |   2 +-
 packages/toolkit/connector-kit/package.json   |   2 +-
 packages/toolkit/core-kit/package.json        |   2 +-
 packages/toolkit/language-kit/package.json    |   2 +-
 pnpm-lock.yaml                                | 731 +++++++++---------
 51 files changed, 424 insertions(+), 415 deletions(-)

diff --git a/packages/app-insights/package.json b/packages/app-insights/package.json
index aaaf49c98095..9591063d8af6 100644
--- a/packages/app-insights/package.json
+++ b/packages/app-insights/package.json
@@ -36,7 +36,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "engines": {
diff --git a/packages/cli/package.json b/packages/cli/package.json
index dd9d434bc3c0..2b402ba10e57 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -66,7 +66,7 @@
     "roarr": "^7.11.0",
     "semver": "^7.3.8",
     "tar": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "yargs": "^17.6.0",
     "zod": "^3.23.8"
   },
diff --git a/packages/connectors/connector-alipay-native/package.json b/packages/connectors/connector-alipay-native/package.json
index 621b8f821d9d..f93efb75b17d 100644
--- a/packages/connectors/connector-alipay-native/package.json
+++ b/packages/connectors/connector-alipay-native/package.json
@@ -30,7 +30,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-alipay-web/package.json b/packages/connectors/connector-alipay-web/package.json
index 8d1e1ab069e5..368fe61c95d9 100644
--- a/packages/connectors/connector-alipay-web/package.json
+++ b/packages/connectors/connector-alipay-web/package.json
@@ -29,7 +29,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-aliyun-dm/package.json b/packages/connectors/connector-aliyun-dm/package.json
index 21b2f3930944..e838c60ed654 100644
--- a/packages/connectors/connector-aliyun-dm/package.json
+++ b/packages/connectors/connector-aliyun-dm/package.json
@@ -67,7 +67,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-aliyun-sms/package.json b/packages/connectors/connector-aliyun-sms/package.json
index 4c6bef521194..d8b5428f50ac 100644
--- a/packages/connectors/connector-aliyun-sms/package.json
+++ b/packages/connectors/connector-aliyun-sms/package.json
@@ -67,7 +67,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-apple/package.json b/packages/connectors/connector-apple/package.json
index 4ca2caa5f0ca..a0bad5486976 100644
--- a/packages/connectors/connector-apple/package.json
+++ b/packages/connectors/connector-apple/package.json
@@ -69,7 +69,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-aws-ses/package.json b/packages/connectors/connector-aws-ses/package.json
index 2b474cc8601e..d04051f5156c 100644
--- a/packages/connectors/connector-aws-ses/package.json
+++ b/packages/connectors/connector-aws-ses/package.json
@@ -70,7 +70,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-azuread/package.json b/packages/connectors/connector-azuread/package.json
index 61cc428dd869..0df019229a58 100644
--- a/packages/connectors/connector-azuread/package.json
+++ b/packages/connectors/connector-azuread/package.json
@@ -69,7 +69,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-dingtalk-web/package.json b/packages/connectors/connector-dingtalk-web/package.json
index e150c113cf8b..40414cedde4e 100644
--- a/packages/connectors/connector-dingtalk-web/package.json
+++ b/packages/connectors/connector-dingtalk-web/package.json
@@ -29,7 +29,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-discord/package.json b/packages/connectors/connector-discord/package.json
index 1a0fdbcf6bef..fec191f425de 100644
--- a/packages/connectors/connector-discord/package.json
+++ b/packages/connectors/connector-discord/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-facebook/package.json b/packages/connectors/connector-facebook/package.json
index 23b9eb0c0307..ba0e6bdd3ce7 100644
--- a/packages/connectors/connector-facebook/package.json
+++ b/packages/connectors/connector-facebook/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-feishu-web/package.json b/packages/connectors/connector-feishu-web/package.json
index 0f04bb9c88d4..b15d0ec52db2 100644
--- a/packages/connectors/connector-feishu-web/package.json
+++ b/packages/connectors/connector-feishu-web/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-github/package.json b/packages/connectors/connector-github/package.json
index c2cd2db0fc9d..94ab3ac19697 100644
--- a/packages/connectors/connector-github/package.json
+++ b/packages/connectors/connector-github/package.json
@@ -69,7 +69,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-google/package.json b/packages/connectors/connector-google/package.json
index 195e4ce0e98a..d63c36aa97eb 100644
--- a/packages/connectors/connector-google/package.json
+++ b/packages/connectors/connector-google/package.json
@@ -69,7 +69,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-huggingface/package.json b/packages/connectors/connector-huggingface/package.json
index eadbe66d4ea6..b70c1c016061 100644
--- a/packages/connectors/connector-huggingface/package.json
+++ b/packages/connectors/connector-huggingface/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-kakao/package.json b/packages/connectors/connector-kakao/package.json
index f908fd8d7588..7d9c8a861c08 100644
--- a/packages/connectors/connector-kakao/package.json
+++ b/packages/connectors/connector-kakao/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index 488ebe6438b8..a3f2033fd514 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -69,7 +69,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-logto-sms/package.json b/packages/connectors/connector-logto-sms/package.json
index 91d5a7b565ed..dd737f5e76c2 100644
--- a/packages/connectors/connector-logto-sms/package.json
+++ b/packages/connectors/connector-logto-sms/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-logto-social-demo/package.json b/packages/connectors/connector-logto-social-demo/package.json
index e1befbb4417d..131f2c4925b9 100644
--- a/packages/connectors/connector-logto-social-demo/package.json
+++ b/packages/connectors/connector-logto-social-demo/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mailgun/package.json b/packages/connectors/connector-mailgun/package.json
index 820b682a8547..4528f9e32fe8 100644
--- a/packages/connectors/connector-mailgun/package.json
+++ b/packages/connectors/connector-mailgun/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-email-alternative/package.json b/packages/connectors/connector-mock-email-alternative/package.json
index b29a2523a27d..26d9d78027b3 100644
--- a/packages/connectors/connector-mock-email-alternative/package.json
+++ b/packages/connectors/connector-mock-email-alternative/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-email/package.json b/packages/connectors/connector-mock-email/package.json
index a3fa21e5da58..ab6abde4d4c2 100644
--- a/packages/connectors/connector-mock-email/package.json
+++ b/packages/connectors/connector-mock-email/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-sms/package.json b/packages/connectors/connector-mock-sms/package.json
index c3bbdfe261c3..c92b52fd9b2b 100644
--- a/packages/connectors/connector-mock-sms/package.json
+++ b/packages/connectors/connector-mock-sms/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-mock-social/package.json b/packages/connectors/connector-mock-social/package.json
index 651f9eba0204..50e50c8c0101 100644
--- a/packages/connectors/connector-mock-social/package.json
+++ b/packages/connectors/connector-mock-social/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-naver/package.json b/packages/connectors/connector-naver/package.json
index caa928855793..29a9f938c3cb 100644
--- a/packages/connectors/connector-naver/package.json
+++ b/packages/connectors/connector-naver/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-oauth2/package.json b/packages/connectors/connector-oauth2/package.json
index 4061396528a4..09980f248b2d 100644
--- a/packages/connectors/connector-oauth2/package.json
+++ b/packages/connectors/connector-oauth2/package.json
@@ -72,7 +72,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-oidc/package.json b/packages/connectors/connector-oidc/package.json
index c4bb7c6c2b7c..6d0e9a2c7cb0 100644
--- a/packages/connectors/connector-oidc/package.json
+++ b/packages/connectors/connector-oidc/package.json
@@ -71,7 +71,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-saml/package.json b/packages/connectors/connector-saml/package.json
index 226d63d98fe9..d735a6dae904 100644
--- a/packages/connectors/connector-saml/package.json
+++ b/packages/connectors/connector-saml/package.json
@@ -70,7 +70,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-sendgrid-email/package.json b/packages/connectors/connector-sendgrid-email/package.json
index 588f975a87da..9d0508f1ba52 100644
--- a/packages/connectors/connector-sendgrid-email/package.json
+++ b/packages/connectors/connector-sendgrid-email/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-smsaero/package.json b/packages/connectors/connector-smsaero/package.json
index 048dec4c564f..efebd12fb0c8 100644
--- a/packages/connectors/connector-smsaero/package.json
+++ b/packages/connectors/connector-smsaero/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-smtp/package.json b/packages/connectors/connector-smtp/package.json
index 739c4c61c92b..daf68ace22b4 100644
--- a/packages/connectors/connector-smtp/package.json
+++ b/packages/connectors/connector-smtp/package.json
@@ -29,7 +29,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "main": "./lib/index.js",
diff --git a/packages/connectors/connector-tencent-sms/package.json b/packages/connectors/connector-tencent-sms/package.json
index 4b731a87789a..e33707f6d730 100644
--- a/packages/connectors/connector-tencent-sms/package.json
+++ b/packages/connectors/connector-tencent-sms/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-twilio-sms/package.json b/packages/connectors/connector-twilio-sms/package.json
index 1ed341e65c29..0f4dd436b650 100644
--- a/packages/connectors/connector-twilio-sms/package.json
+++ b/packages/connectors/connector-twilio-sms/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-wechat-native/package.json b/packages/connectors/connector-wechat-native/package.json
index 56f0f6e1260a..5510f4175ab4 100644
--- a/packages/connectors/connector-wechat-native/package.json
+++ b/packages/connectors/connector-wechat-native/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-wechat-web/package.json b/packages/connectors/connector-wechat-web/package.json
index 6759b75865d9..1dd2f3b541db 100644
--- a/packages/connectors/connector-wechat-web/package.json
+++ b/packages/connectors/connector-wechat-web/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/connectors/connector-wecom/package.json b/packages/connectors/connector-wecom/package.json
index f83c74b1a590..ccc8e12b74b8 100644
--- a/packages/connectors/connector-wecom/package.json
+++ b/packages/connectors/connector-wecom/package.json
@@ -68,7 +68,7 @@
     "rollup": "^4.12.0",
     "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
 }
diff --git a/packages/console/package.json b/packages/console/package.json
index a93c6f63e17d..c2fe998a7fee 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -124,7 +124,7 @@
     "swr": "^2.2.0",
     "ts-node": "^10.9.2",
     "tslib": "^2.4.1",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "zod": "^3.23.8",
     "zod-to-ts": "^1.2.0"
   },
diff --git a/packages/core/package.json b/packages/core/package.json
index 5b8789554435..9321a779b160 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -126,7 +126,7 @@
     "prettier": "^3.0.0",
     "sinon": "^18.0.0",
     "supertest": "^7.0.0",
-    "typescript": "^5.3.3"
+    "typescript": "^5.5.3"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index 0546f88f802a..2873bab194a3 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -46,7 +46,7 @@
     "react-dom": "^18.0.0",
     "react-i18next": "^12.3.1",
     "stylelint": "^15.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "zod": "^3.23.8"
   },
   "engines": {
diff --git a/packages/experience/package.json b/packages/experience/package.json
index 46146440b16d..c286358a51f0 100644
--- a/packages/experience/package.json
+++ b/packages/experience/package.json
@@ -88,7 +88,7 @@
     "stylelint": "^15.0.0",
     "superstruct": "^2.0.0",
     "tiny-cookie": "^2.4.1",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "use-debounced-loader": "^0.1.1",
     "zod": "^3.23.8"
   },
diff --git a/packages/integration-tests/package.json b/packages/integration-tests/package.json
index 649d8264d7e6..4436bb969748 100644
--- a/packages/integration-tests/package.json
+++ b/packages/integration-tests/package.json
@@ -47,7 +47,7 @@
     "openapi-types": "^12.1.3",
     "prettier": "^3.0.0",
     "puppeteer": "^22.6.5",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "zod": "^3.23.8"
   },
   "engines": {
diff --git a/packages/phrases-experience/package.json b/packages/phrases-experience/package.json
index 2d3355421a84..4e9804a1c3ed 100644
--- a/packages/phrases-experience/package.json
+++ b/packages/phrases-experience/package.json
@@ -47,7 +47,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "typescript": "^5.3.3"
+    "typescript": "^5.5.3"
   },
   "engines": {
     "node": "^20.9.0"
diff --git a/packages/phrases-experience/src/types.ts b/packages/phrases-experience/src/types.ts
index 3e24bfff01ca..3468b92cec29 100644
--- a/packages/phrases-experience/src/types.ts
+++ b/packages/phrases-experience/src/types.ts
@@ -1,9 +1,11 @@
 import type en from './locales/en/index.js';
 
-type FlattenKeys<T, Prefix extends string = ''> = {
-  [K in keyof T]: T[K] extends Record<string, unknown>
-    ? `${Prefix}${string & K}.${FlattenKeys<T[K]>}`
-    : `${Prefix}${string & K}`;
+type FlattenKeys<T> = {
+  [K in keyof T]: K extends string
+    ? T[K] extends Record<string, unknown>
+      ? `${K}.${FlattenKeys<T[K]>}`
+      : `${K}`
+    : never;
 }[keyof T];
 
 export type LocalePhrase = typeof en;
diff --git a/packages/phrases/package.json b/packages/phrases/package.json
index dad5dab76b19..82b91306ef01 100644
--- a/packages/phrases/package.json
+++ b/packages/phrases/package.json
@@ -45,7 +45,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "typescript": "^5.3.3"
+    "typescript": "^5.5.3"
   },
   "eslintConfig": {
     "extends": "@silverhand",
diff --git a/packages/schemas/package.json b/packages/schemas/package.json
index fcd6df987849..8ae87b9d2fda 100644
--- a/packages/schemas/package.json
+++ b/packages/schemas/package.json
@@ -54,7 +54,7 @@
     "pluralize": "^8.0.0",
     "prettier": "^3.0.0",
     "roarr": "^7.11.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "eslintConfig": {
diff --git a/packages/shared/package.json b/packages/shared/package.json
index 8393d4e76288..90b6db8ef143 100644
--- a/packages/shared/package.json
+++ b/packages/shared/package.json
@@ -45,7 +45,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "engines": {
diff --git a/packages/toolkit/connector-kit/package.json b/packages/toolkit/connector-kit/package.json
index d8535a91a67a..9a03725d96fc 100644
--- a/packages/toolkit/connector-kit/package.json
+++ b/packages/toolkit/connector-kit/package.json
@@ -50,7 +50,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "engines": {
diff --git a/packages/toolkit/core-kit/package.json b/packages/toolkit/core-kit/package.json
index 9c0b5608fdfa..5b42b57644d4 100644
--- a/packages/toolkit/core-kit/package.json
+++ b/packages/toolkit/core-kit/package.json
@@ -67,7 +67,7 @@
     "postcss": "^8.4.31",
     "prettier": "^3.0.0",
     "stylelint": "^15.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "eslintConfig": {
diff --git a/packages/toolkit/language-kit/package.json b/packages/toolkit/language-kit/package.json
index e07b49a8ccf7..aea5e7b363bb 100644
--- a/packages/toolkit/language-kit/package.json
+++ b/packages/toolkit/language-kit/package.json
@@ -43,7 +43,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "typescript": "^5.3.3",
+    "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
   "eslintConfig": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 2d16cb6dc7d0..41e757065f07 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -54,10 +54,10 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.9.5
         version: 20.10.4
@@ -74,8 +74,8 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -155,8 +155,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.1
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       yargs:
         specifier: ^17.6.0
         version: 17.6.0
@@ -166,10 +166,10 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/inquirer':
         specifier: ^9.0.0
         version: 9.0.3
@@ -245,16 +245,16 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@shopify/jest-koa-mocks':
         specifier: ^5.0.0
         version: 5.0.0
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -286,8 +286,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -327,16 +327,16 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@shopify/jest-koa-mocks':
         specifier: ^5.0.0
         version: 5.0.0
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -368,8 +368,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -403,13 +403,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -441,8 +441,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -476,13 +476,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -514,8 +514,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -555,13 +555,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -593,8 +593,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -634,13 +634,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -672,8 +672,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -710,13 +710,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -748,8 +748,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -789,16 +789,16 @@ importers:
         version: 15.2.3(rollup@4.14.3)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.5.3)
       '@shopify/jest-koa-mocks':
         specifier: ^5.0.0
         version: 5.0.0
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.12.7
@@ -830,8 +830,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -865,13 +865,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -903,8 +903,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -938,13 +938,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -976,8 +976,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1011,13 +1011,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1049,8 +1049,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1087,13 +1087,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1125,8 +1125,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1163,13 +1163,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1201,8 +1201,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1236,13 +1236,13 @@ importers:
         version: 15.2.3(rollup@4.14.3)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.12.7
@@ -1274,8 +1274,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1309,13 +1309,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1347,8 +1347,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1385,13 +1385,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1423,8 +1423,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1458,13 +1458,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1496,8 +1496,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1531,13 +1531,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1569,8 +1569,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1604,13 +1604,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1642,8 +1642,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1677,13 +1677,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1715,8 +1715,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1750,13 +1750,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1788,8 +1788,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1823,13 +1823,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1861,8 +1861,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1896,13 +1896,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -1934,8 +1934,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -1969,13 +1969,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2007,8 +2007,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2051,13 +2051,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2089,8 +2089,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2136,13 +2136,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2174,8 +2174,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2215,13 +2215,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2253,8 +2253,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2288,13 +2288,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2326,8 +2326,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2361,13 +2361,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2399,8 +2399,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2437,13 +2437,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2478,8 +2478,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2513,13 +2513,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2551,8 +2551,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2586,13 +2586,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2624,8 +2624,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2659,13 +2659,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2697,8 +2697,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2732,13 +2732,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.11.20
         version: 20.11.20
@@ -2770,8 +2770,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2805,13 +2805,13 @@ importers:
         version: 15.2.3(rollup@4.12.0)
       '@rollup/plugin-typescript':
         specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)
+        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.10.4
         version: 20.10.4
@@ -2843,8 +2843,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -2913,19 +2913,19 @@ importers:
         version: 2.9.3(@parcel/core@2.9.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/eslint-config-react':
         specifier: 6.0.2
-        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.3.3))(typescript@5.3.3)
+        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@silverhand/ts-config-react':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@swc/core':
         specifier: ^1.3.52
         version: 1.3.52(@swc/helpers@0.5.1)
@@ -3018,7 +3018,7 @@ importers:
         version: 3.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+        version: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       jest-environment-jsdom:
         specifier: ^29.7.0
         version: 29.7.0
@@ -3027,7 +3027,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)))(react@18.2.0)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.2.0)
       just-kebab-case:
         specifier: ^4.2.0
         version: 4.2.0
@@ -3138,25 +3138,25 @@ importers:
         version: 4.0.0
       stylelint:
         specifier: ^15.0.0
-        version: 15.11.0(typescript@5.3.3)
+        version: 15.11.0(typescript@5.5.3)
       swr:
         specifier: ^2.2.0
         version: 2.2.0(react@18.2.0)
       ts-node:
         specifier: ^10.9.2
-        version: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+        version: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
       tslib:
         specifier: ^2.4.1
         version: 2.4.1
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       zod:
         specifier: ^3.23.8
         version: 3.23.8
       zod-to-ts:
         specifier: ^1.2.0
-        version: 1.2.0(typescript@5.3.3)(zod@3.23.8)
+        version: 1.2.0(typescript@5.5.3)(zod@3.23.8)
 
   packages/core:
     dependencies:
@@ -3364,10 +3364,10 @@ importers:
         version: 0.2.5-3b703da(zod@3.23.8)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/adm-zip':
         specifier: ^0.5.5
         version: 0.5.5
@@ -3459,8 +3459,8 @@ importers:
         specifier: ^7.0.0
         version: 7.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
 
   packages/create:
     dependencies:
@@ -3493,16 +3493,16 @@ importers:
         version: 2.9.3(@parcel/core@2.9.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/eslint-config-react':
         specifier: 6.0.2
-        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.3.3))(typescript@5.3.3)
+        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@silverhand/ts-config-react':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/react':
         specifier: ^18.0.31
         version: 18.0.31
@@ -3550,10 +3550,10 @@ importers:
         version: 12.3.1(i18next@22.4.15)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
       stylelint:
         specifier: ^15.0.0
-        version: 15.11.0(typescript@5.3.3)
+        version: 15.11.0(typescript@5.5.3)
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -3578,10 +3578,10 @@ importers:
         version: 0.7.2
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@web/dev-server':
         specifier: ^0.4.6
         version: 0.4.6
@@ -3599,7 +3599,7 @@ importers:
         version: 3.0.0
       tsup:
         specifier: ^8.1.0
-        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3))(typescript@5.3.3)
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3))(typescript@5.5.3)
 
   packages/experience:
     devDependencies:
@@ -3647,19 +3647,19 @@ importers:
         version: 9.6.1(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/eslint-config-react':
         specifier: 6.0.2
-        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.3.3))(typescript@5.3.3)
+        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@silverhand/ts-config-react':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@simplewebauthn/browser':
         specifier: ^10.0.0
         version: 10.0.0
@@ -3800,7 +3800,7 @@ importers:
         version: 2.3.1(react@18.2.0)
       stylelint:
         specifier: ^15.0.0
-        version: 15.11.0(typescript@5.3.3)
+        version: 15.11.0(typescript@5.5.3)
       superstruct:
         specifier: ^2.0.0
         version: 2.0.0
@@ -3808,8 +3808,8 @@ importers:
         specifier: ^2.4.1
         version: 2.4.1
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       use-debounced-loader:
         specifier: ^0.1.1
         version: 0.1.1(react@18.2.0)
@@ -3852,13 +3852,13 @@ importers:
         version: link:../shared
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/jest':
         specifier: ^29.4.0
         version: 29.4.0
@@ -3882,7 +3882,7 @@ importers:
         version: 1.0.0
       jest-puppeteer:
         specifier: ^10.0.1
-        version: 10.0.1(puppeteer@22.6.5(typescript@5.3.3))(typescript@5.3.3)
+        version: 10.0.1(puppeteer@22.6.5(typescript@5.5.3))(typescript@5.5.3)
       jose:
         specifier: ^5.6.3
         version: 5.6.3
@@ -3900,10 +3900,10 @@ importers:
         version: 3.0.0
       puppeteer:
         specifier: ^22.6.5
-        version: 22.6.5(typescript@5.3.3)
+        version: 22.6.5(typescript@5.5.3)
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -3922,10 +3922,10 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -3936,8 +3936,8 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
 
   packages/phrases-experience:
     dependencies:
@@ -3956,10 +3956,10 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       buffer:
         specifier: ^6.0.0
         version: 6.0.3
@@ -3973,8 +3973,8 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
 
   packages/schemas:
     dependencies:
@@ -4008,7 +4008,7 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
@@ -4017,7 +4017,7 @@ importers:
         version: 31.0.0-beta.2
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/inquirer':
         specifier: ^9.0.0
         version: 9.0.3
@@ -4052,8 +4052,8 @@ importers:
         specifier: ^7.11.0
         version: 7.11.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -4081,10 +4081,10 @@ importers:
         version: 29.7.0
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.9.5
         version: 20.10.4
@@ -4101,8 +4101,8 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -4128,10 +4128,10 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.9.5
         version: 20.10.4
@@ -4148,8 +4148,8 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -4175,16 +4175,16 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/eslint-config-react':
         specifier: 6.0.2
-        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.3.3))(typescript@5.3.3)
+        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@silverhand/ts-config-react':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/color':
         specifier: ^3.0.3
         version: 3.0.3
@@ -4211,10 +4211,10 @@ importers:
         version: 3.0.0
       stylelint:
         specifier: ^15.0.0
-        version: 15.11.0(typescript@5.3.3)
+        version: 15.11.0(typescript@5.5.3)
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -4227,10 +4227,10 @@ importers:
     devDependencies:
       '@silverhand/eslint-config':
         specifier: 6.0.1
-        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+        version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
-        version: 6.0.0(typescript@5.3.3)
+        version: 6.0.0(typescript@5.5.3)
       '@types/node':
         specifier: ^20.9.5
         version: 20.10.4
@@ -4247,8 +4247,8 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       typescript:
-        specifier: ^5.3.3
-        version: 5.3.3
+        specifier: ^5.5.3
+        version: 5.5.3
       vitest:
         specifier: ^2.0.0
         version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
@@ -13193,6 +13193,11 @@ packages:
     engines: {node: '>=14.17'}
     hasBin: true
 
+  typescript@5.5.3:
+    resolution: {integrity: sha512-/hreyEujaB0w76zKo6717l3L0o/qEUtRgdvUBvlkhoWeOVMjMuHNHk0BRBzikzuGDqNmPQbg5ifMEqsHLiIUcQ==}
+    engines: {node: '>=14.17'}
+    hasBin: true
+
   typical@4.0.0:
     resolution: {integrity: sha512-VAH4IvQ7BDFYglMd7BPRDfLgxZZX4O4TFcRDA6EN5X7erNJJq+McIEp8np9aVtxrCJ6qx4GTYVfOWNjcqwZgRw==}
     engines: {node: '>=8'}
@@ -15155,7 +15160,7 @@ snapshots:
       jest-util: 29.7.0
       slash: 3.0.0
 
-  '@jest/core@29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))':
+  '@jest/core@29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))':
     dependencies:
       '@jest/console': 29.7.0
       '@jest/reporters': 29.7.0
@@ -15169,7 +15174,7 @@ snapshots:
       exit: 0.1.2
       graceful-fs: 4.2.11
       jest-changed-files: 29.7.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       jest-haste-map: 29.7.0
       jest-message-util: 29.7.0
       jest-regex-util: 29.6.3
@@ -16379,20 +16384,20 @@ snapshots:
     optionalDependencies:
       rollup: 4.14.3
 
-  '@rollup/plugin-typescript@11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.3.3)':
+  '@rollup/plugin-typescript@11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)':
     dependencies:
       '@rollup/pluginutils': 5.1.0(rollup@4.12.0)
       resolve: 1.22.8
-      typescript: 5.3.3
+      typescript: 5.5.3
     optionalDependencies:
       rollup: 4.12.0
       tslib: 2.6.2
 
-  '@rollup/plugin-typescript@11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.3.3)':
+  '@rollup/plugin-typescript@11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.5.3)':
     dependencies:
       '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
       resolve: 1.22.8
-      typescript: 5.3.3
+      typescript: 5.5.3
     optionalDependencies:
       rollup: 4.14.3
       tslib: 2.6.2
@@ -16515,17 +16520,17 @@ snapshots:
 
   '@sideway/pinpoint@2.0.0': {}
 
-  '@silverhand/eslint-config-react@6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.3.3))(typescript@5.3.3)':
+  '@silverhand/eslint-config-react@6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)':
     dependencies:
-      '@silverhand/eslint-config': 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)
+      '@silverhand/eslint-config': 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       eslint-config-xo-react: 0.27.0(eslint-plugin-react-hooks@4.6.0(eslint@8.57.0))(eslint-plugin-react@7.34.1(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-jsx-a11y: 6.8.0(eslint@8.57.0)
       eslint-plugin-react: 7.34.1(eslint@8.57.0)
       eslint-plugin-react-hooks: 4.6.0(eslint@8.57.0)
       postcss-scss: 4.0.9(postcss@8.4.31)
-      stylelint: 15.11.0(typescript@5.3.3)
-      stylelint-config-xo: 0.22.0(stylelint@15.11.0(typescript@5.3.3))
-      stylelint-scss: 6.2.1(stylelint@15.11.0(typescript@5.3.3))
+      stylelint: 15.11.0(typescript@5.5.3)
+      stylelint-config-xo: 0.22.0(stylelint@15.11.0(typescript@5.5.3))
+      stylelint-scss: 6.2.1(stylelint@15.11.0(typescript@5.5.3))
     transitivePeerDependencies:
       - '@types/eslint'
       - eslint
@@ -16536,26 +16541,26 @@ snapshots:
       - supports-color
       - typescript
 
-  '@silverhand/eslint-config@6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.3.3)':
+  '@silverhand/eslint-config@6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)':
     dependencies:
       '@silverhand/eslint-plugin-fp': 2.5.0(eslint@8.57.0)
-      '@typescript-eslint/eslint-plugin': 7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/eslint-plugin': 7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
+      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
-      eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
       eslint-plugin-promise: 6.1.1(eslint@8.57.0)
       eslint-plugin-sql: 2.1.0(eslint@8.57.0)
       eslint-plugin-unicorn: 52.0.0(eslint@8.57.0)
-      eslint-plugin-unused-imports: 3.1.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)
+      eslint-plugin-unused-imports: 3.1.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)
       prettier: 3.0.0
     transitivePeerDependencies:
       - '@types/eslint'
@@ -16594,14 +16599,14 @@ snapshots:
     transitivePeerDependencies:
       - pg-native
 
-  '@silverhand/ts-config-react@6.0.0(typescript@5.3.3)':
+  '@silverhand/ts-config-react@6.0.0(typescript@5.5.3)':
     dependencies:
-      '@silverhand/ts-config': 6.0.0(typescript@5.3.3)
-      typescript: 5.3.3
+      '@silverhand/ts-config': 6.0.0(typescript@5.5.3)
+      typescript: 5.5.3
 
-  '@silverhand/ts-config@6.0.0(typescript@5.3.3)':
+  '@silverhand/ts-config@6.0.0(typescript@5.5.3)':
     dependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
 
   '@simplewebauthn/browser@10.0.0':
     dependencies:
@@ -17565,13 +17570,13 @@ snapshots:
       '@types/node': 20.12.7
     optional: true
 
-  '@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)':
+  '@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)':
     dependencies:
       '@eslint-community/regexpp': 4.10.0
-      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       '@typescript-eslint/scope-manager': 7.7.0
-      '@typescript-eslint/type-utils': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
-      '@typescript-eslint/utils': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/type-utils': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
+      '@typescript-eslint/utils': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       '@typescript-eslint/visitor-keys': 7.7.0
       debug: 4.3.4
       eslint: 8.57.0
@@ -17579,22 +17584,22 @@ snapshots:
       ignore: 5.3.1
       natural-compare: 1.4.0
       semver: 7.6.0
-      ts-api-utils: 1.3.0(typescript@5.3.3)
+      ts-api-utils: 1.3.0(typescript@5.5.3)
     optionalDependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3)':
+  '@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3)':
     dependencies:
       '@typescript-eslint/scope-manager': 7.7.0
       '@typescript-eslint/types': 7.7.0
-      '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.3.3)
+      '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.5.3)
       '@typescript-eslint/visitor-keys': 7.7.0
       debug: 4.3.4
       eslint: 8.57.0
     optionalDependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
     transitivePeerDependencies:
       - supports-color
 
@@ -17603,21 +17608,21 @@ snapshots:
       '@typescript-eslint/types': 7.7.0
       '@typescript-eslint/visitor-keys': 7.7.0
 
-  '@typescript-eslint/type-utils@7.7.0(eslint@8.57.0)(typescript@5.3.3)':
+  '@typescript-eslint/type-utils@7.7.0(eslint@8.57.0)(typescript@5.5.3)':
     dependencies:
-      '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.3.3)
-      '@typescript-eslint/utils': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.5.3)
+      '@typescript-eslint/utils': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       debug: 4.3.4
       eslint: 8.57.0
-      ts-api-utils: 1.3.0(typescript@5.3.3)
+      ts-api-utils: 1.3.0(typescript@5.5.3)
     optionalDependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
     transitivePeerDependencies:
       - supports-color
 
   '@typescript-eslint/types@7.7.0': {}
 
-  '@typescript-eslint/typescript-estree@7.7.0(typescript@5.3.3)':
+  '@typescript-eslint/typescript-estree@7.7.0(typescript@5.5.3)':
     dependencies:
       '@typescript-eslint/types': 7.7.0
       '@typescript-eslint/visitor-keys': 7.7.0
@@ -17626,20 +17631,20 @@ snapshots:
       is-glob: 4.0.3
       minimatch: 9.0.4
       semver: 7.6.0
-      ts-api-utils: 1.3.0(typescript@5.3.3)
+      ts-api-utils: 1.3.0(typescript@5.5.3)
     optionalDependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/utils@7.7.0(eslint@8.57.0)(typescript@5.3.3)':
+  '@typescript-eslint/utils@7.7.0(eslint@8.57.0)(typescript@5.5.3)':
     dependencies:
       '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0)
       '@types/json-schema': 7.0.15
       '@types/semver': 7.5.8
       '@typescript-eslint/scope-manager': 7.7.0
       '@typescript-eslint/types': 7.7.0
-      '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.3.3)
+      '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.5.3)
       eslint: 8.57.0
       semver: 7.6.0
     transitivePeerDependencies:
@@ -18664,23 +18669,23 @@ snapshots:
     optionalDependencies:
       typescript: 5.0.2
 
-  cosmiconfig@8.3.6(typescript@5.3.3):
+  cosmiconfig@8.3.6(typescript@5.5.3):
     dependencies:
       import-fresh: 3.3.0
       js-yaml: 4.1.0
       parse-json: 5.2.0
       path-type: 4.0.0
     optionalDependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
 
-  cosmiconfig@9.0.0(typescript@5.3.3):
+  cosmiconfig@9.0.0(typescript@5.5.3):
     dependencies:
       env-paths: 2.2.1
       import-fresh: 3.3.0
       js-yaml: 4.1.0
       parse-json: 5.2.0
     optionalDependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
 
   create-eslint-index@1.0.0:
     dependencies:
@@ -18701,13 +18706,13 @@ snapshots:
       - supports-color
       - ts-node
 
-  create-jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  create-jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
       '@jest/types': 29.6.3
       chalk: 4.1.2
       exit: 0.1.2
       graceful-fs: 4.2.11
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       jest-util: 29.7.0
       prompts: 2.4.2
     transitivePeerDependencies:
@@ -19516,12 +19521,12 @@ snapshots:
       eslint-plugin-react: 7.34.1(eslint@8.57.0)
       eslint-plugin-react-hooks: 4.6.0(eslint@8.57.0)
 
-  eslint-config-xo-typescript@4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3):
+  eslint-config-xo-typescript@4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3):
     dependencies:
-      '@typescript-eslint/eslint-plugin': 7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
-      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/eslint-plugin': 7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
+      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
-      typescript: 5.3.3
+      typescript: 5.5.3
 
   eslint-config-xo@0.44.0(eslint@8.57.0):
     dependencies:
@@ -19536,13 +19541,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -19553,14 +19558,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
-      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -19582,7 +19587,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -19592,7 +19597,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -19603,7 +19608,7 @@ snapshots:
       semver: 6.3.1
       tsconfig-paths: 3.15.0
     optionalDependencies:
-      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
     transitivePeerDependencies:
       - eslint-import-resolver-typescript
       - eslint-import-resolver-webpack
@@ -19720,12 +19725,12 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-plugin-unused-imports@3.1.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0):
+  eslint-plugin-unused-imports@3.1.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0):
     dependencies:
       eslint: 8.57.0
       eslint-rule-composer: 0.3.0
     optionalDependencies:
-      '@typescript-eslint/eslint-plugin': 7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.3.3))(eslint@8.57.0)(typescript@5.3.3)
+      '@typescript-eslint/eslint-plugin': 7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
 
   eslint-rule-composer@0.3.0: {}
 
@@ -21088,7 +21093,7 @@ snapshots:
 
   jest-cli@29.7.0(@types/node@20.10.4):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
@@ -21107,14 +21112,14 @@ snapshots:
 
   jest-cli@29.7.0(@types/node@20.12.7):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -21124,16 +21129,16 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -21173,7 +21178,7 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -21199,7 +21204,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -21260,10 +21265,10 @@ snapshots:
       jest-mock: 29.7.0
       jest-util: 29.7.0
 
-  jest-environment-puppeteer@10.0.1(typescript@5.3.3):
+  jest-environment-puppeteer@10.0.1(typescript@5.5.3):
     dependencies:
       chalk: 4.1.2
-      cosmiconfig: 8.3.6(typescript@5.3.3)
+      cosmiconfig: 8.3.6(typescript@5.5.3)
       deepmerge: 4.3.1
       jest-dev-server: 10.0.0
       jest-environment-node: 29.7.0
@@ -21342,11 +21347,11 @@ snapshots:
     optionalDependencies:
       jest-resolve: 29.7.0
 
-  jest-puppeteer@10.0.1(puppeteer@22.6.5(typescript@5.3.3))(typescript@5.3.3):
+  jest-puppeteer@10.0.1(puppeteer@22.6.5(typescript@5.5.3))(typescript@5.5.3):
     dependencies:
       expect-puppeteer: 10.0.0
-      jest-environment-puppeteer: 10.0.1(typescript@5.3.3)
-      puppeteer: 22.6.5(typescript@5.3.3)
+      jest-environment-puppeteer: 10.0.1(typescript@5.5.3)
+      puppeteer: 22.6.5(typescript@5.5.3)
     transitivePeerDependencies:
       - debug
       - supports-color
@@ -21455,9 +21460,9 @@ snapshots:
 
   jest-transform-stub@2.0.0: {}
 
-  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)))(react@18.2.0):
+  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.2.0):
     dependencies:
-      jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       react: 18.2.0
 
   jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0):
@@ -21519,7 +21524,7 @@ snapshots:
 
   jest@29.7.0(@types/node@20.10.4):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
       jest-cli: 29.7.0(@types/node@20.10.4)
@@ -21531,7 +21536,7 @@ snapshots:
 
   jest@29.7.0(@types/node@20.12.7):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
       jest-cli: 29.7.0(@types/node@20.12.7)
@@ -21541,12 +21546,12 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)):
+  jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3))
+      jest-cli: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
     transitivePeerDependencies:
       - '@types/node'
       - babel-plugin-macros
@@ -23540,13 +23545,13 @@ snapshots:
 
   possible-typed-array-names@1.0.0: {}
 
-  postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3)):
+  postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
       lilconfig: 3.1.2
       yaml: 2.4.5
     optionalDependencies:
       postcss: 8.4.39
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3)
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
 
   postcss-media-query-parser@0.2.3: {}
 
@@ -23770,10 +23775,10 @@ snapshots:
       - supports-color
       - utf-8-validate
 
-  puppeteer@22.6.5(typescript@5.3.3):
+  puppeteer@22.6.5(typescript@5.5.3):
     dependencies:
       '@puppeteer/browsers': 2.2.2
-      cosmiconfig: 9.0.0(typescript@5.3.3)
+      cosmiconfig: 9.0.0(typescript@5.5.3)
       devtools-protocol: 0.0.1262051
       puppeteer-core: 22.6.5
     transitivePeerDependencies:
@@ -24839,32 +24844,32 @@ snapshots:
     dependencies:
       inline-style-parser: 0.2.3
 
-  stylelint-config-xo@0.22.0(stylelint@15.11.0(typescript@5.3.3)):
+  stylelint-config-xo@0.22.0(stylelint@15.11.0(typescript@5.5.3)):
     dependencies:
-      stylelint: 15.11.0(typescript@5.3.3)
-      stylelint-declaration-block-no-ignored-properties: 2.8.0(stylelint@15.11.0(typescript@5.3.3))
-      stylelint-order: 6.0.4(stylelint@15.11.0(typescript@5.3.3))
+      stylelint: 15.11.0(typescript@5.5.3)
+      stylelint-declaration-block-no-ignored-properties: 2.8.0(stylelint@15.11.0(typescript@5.5.3))
+      stylelint-order: 6.0.4(stylelint@15.11.0(typescript@5.5.3))
 
-  stylelint-declaration-block-no-ignored-properties@2.8.0(stylelint@15.11.0(typescript@5.3.3)):
+  stylelint-declaration-block-no-ignored-properties@2.8.0(stylelint@15.11.0(typescript@5.5.3)):
     dependencies:
-      stylelint: 15.11.0(typescript@5.3.3)
+      stylelint: 15.11.0(typescript@5.5.3)
 
-  stylelint-order@6.0.4(stylelint@15.11.0(typescript@5.3.3)):
+  stylelint-order@6.0.4(stylelint@15.11.0(typescript@5.5.3)):
     dependencies:
       postcss: 8.4.38
       postcss-sorting: 8.0.2(postcss@8.4.38)
-      stylelint: 15.11.0(typescript@5.3.3)
+      stylelint: 15.11.0(typescript@5.5.3)
 
-  stylelint-scss@6.2.1(stylelint@15.11.0(typescript@5.3.3)):
+  stylelint-scss@6.2.1(stylelint@15.11.0(typescript@5.5.3)):
     dependencies:
       known-css-properties: 0.29.0
       postcss-media-query-parser: 0.2.3
       postcss-resolve-nested-selector: 0.1.1
       postcss-selector-parser: 6.0.16
       postcss-value-parser: 4.2.0
-      stylelint: 15.11.0(typescript@5.3.3)
+      stylelint: 15.11.0(typescript@5.5.3)
 
-  stylelint@15.11.0(typescript@5.3.3):
+  stylelint@15.11.0(typescript@5.5.3):
     dependencies:
       '@csstools/css-parser-algorithms': 2.6.1(@csstools/css-tokenizer@2.2.4)
       '@csstools/css-tokenizer': 2.2.4
@@ -24872,7 +24877,7 @@ snapshots:
       '@csstools/selector-specificity': 3.0.3(postcss-selector-parser@6.0.16)
       balanced-match: 2.0.0
       colord: 2.9.3
-      cosmiconfig: 8.3.6(typescript@5.3.3)
+      cosmiconfig: 8.3.6(typescript@5.5.3)
       css-functions-list: 3.2.1
       css-tree: 2.3.1
       debug: 4.3.4
@@ -25140,15 +25145,15 @@ snapshots:
 
   trough@2.1.0: {}
 
-  ts-api-utils@1.3.0(typescript@5.3.3):
+  ts-api-utils@1.3.0(typescript@5.5.3):
     dependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
 
   ts-dedent@2.2.0: {}
 
   ts-interface-checker@0.1.13: {}
 
-  ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.3.3):
+  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
       '@tsconfig/node10': 1.0.9
@@ -25162,7 +25167,7 @@ snapshots:
       create-require: 1.1.1
       diff: 4.0.2
       make-error: 1.3.6
-      typescript: 5.3.3
+      typescript: 5.5.3
       v8-compile-cache-lib: 3.0.1
       yn: 3.1.1
     optionalDependencies:
@@ -25185,7 +25190,7 @@ snapshots:
 
   tsscmp@1.0.6: {}
 
-  tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3))(typescript@5.3.3):
+  tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3))(typescript@5.5.3):
     dependencies:
       bundle-require: 4.2.1(esbuild@0.21.5)
       cac: 6.7.14
@@ -25195,7 +25200,7 @@ snapshots:
       execa: 5.1.1
       globby: 11.1.0
       joycon: 3.1.1
-      postcss-load-config: 4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.3.3))
+      postcss-load-config: 4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3))
       resolve-from: 5.0.0
       rollup: 4.14.3
       source-map: 0.8.0-beta.0
@@ -25204,7 +25209,7 @@ snapshots:
     optionalDependencies:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
       postcss: 8.4.39
-      typescript: 5.3.3
+      typescript: 5.5.3
     transitivePeerDependencies:
       - supports-color
       - ts-node
@@ -25288,6 +25293,8 @@ snapshots:
 
   typescript@5.3.3: {}
 
+  typescript@5.5.3: {}
+
   typical@4.0.0: {}
 
   typical@7.1.1: {}
@@ -25885,9 +25892,9 @@ snapshots:
 
   yocto-queue@1.1.1: {}
 
-  zod-to-ts@1.2.0(typescript@5.3.3)(zod@3.23.8):
+  zod-to-ts@1.2.0(typescript@5.5.3)(zod@3.23.8):
     dependencies:
-      typescript: 5.3.3
+      typescript: 5.5.3
       zod: 3.23.8
 
   zod@3.22.4: {}

From 520f43ca035bd4cb2c3ebcc599337ef09c5ffb91 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sat, 20 Jul 2024 22:10:28 +0800
Subject: [PATCH 053/135] chore(elements): add locale changes

---
 packages/elements/xliff/de.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/es.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/fr.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/it.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/ja.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/ko.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/pl-PL.xlf | 20 ++++++++++++++++++++
 packages/elements/xliff/pt-BR.xlf | 20 ++++++++++++++++++++
 packages/elements/xliff/pt-PT.xlf | 20 ++++++++++++++++++++
 packages/elements/xliff/ru.xlf    | 20 ++++++++++++++++++++
 packages/elements/xliff/tr-TR.xlf | 20 ++++++++++++++++++++
 packages/elements/xliff/zh-CN.xlf | 20 ++++++++++++++++++++
 packages/elements/xliff/zh-HK.xlf | 20 ++++++++++++++++++++
 packages/elements/xliff/zh-TW.xlf | 20 ++++++++++++++++++++
 14 files changed, 280 insertions(+)

diff --git a/packages/elements/xliff/de.xlf b/packages/elements/xliff/de.xlf
index 29226b9e3211..0e53b134a603 100644
--- a/packages/elements/xliff/de.xlf
+++ b/packages/elements/xliff/de.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/es.xlf b/packages/elements/xliff/es.xlf
index 27081c5ff4c9..53dd698c962a 100644
--- a/packages/elements/xliff/es.xlf
+++ b/packages/elements/xliff/es.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/fr.xlf b/packages/elements/xliff/fr.xlf
index d15883afb2f0..9df324b9c63f 100644
--- a/packages/elements/xliff/fr.xlf
+++ b/packages/elements/xliff/fr.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/it.xlf b/packages/elements/xliff/it.xlf
index 891dd2a0cc7d..ce400acd4303 100644
--- a/packages/elements/xliff/it.xlf
+++ b/packages/elements/xliff/it.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ja.xlf b/packages/elements/xliff/ja.xlf
index cd69abf18910..5e0fbaed5ee6 100644
--- a/packages/elements/xliff/ja.xlf
+++ b/packages/elements/xliff/ja.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ko.xlf b/packages/elements/xliff/ko.xlf
index 11d955e80cc0..6cd31a4bbba6 100644
--- a/packages/elements/xliff/ko.xlf
+++ b/packages/elements/xliff/ko.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pl-PL.xlf b/packages/elements/xliff/pl-PL.xlf
index 6773af30bcb5..8a65abb81adb 100644
--- a/packages/elements/xliff/pl-PL.xlf
+++ b/packages/elements/xliff/pl-PL.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pt-BR.xlf b/packages/elements/xliff/pt-BR.xlf
index d13410c2f0cc..e1574529fbd6 100644
--- a/packages/elements/xliff/pt-BR.xlf
+++ b/packages/elements/xliff/pt-BR.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pt-PT.xlf b/packages/elements/xliff/pt-PT.xlf
index 7c4554c56122..062a947844ca 100644
--- a/packages/elements/xliff/pt-PT.xlf
+++ b/packages/elements/xliff/pt-PT.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ru.xlf b/packages/elements/xliff/ru.xlf
index 04de783759fa..83f8a10cceee 100644
--- a/packages/elements/xliff/ru.xlf
+++ b/packages/elements/xliff/ru.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/tr-TR.xlf b/packages/elements/xliff/tr-TR.xlf
index 2a68b7f21454..0bb34a4557f0 100644
--- a/packages/elements/xliff/tr-TR.xlf
+++ b/packages/elements/xliff/tr-TR.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-CN.xlf b/packages/elements/xliff/zh-CN.xlf
index ddd4d329885c..38c7b3b592bf 100644
--- a/packages/elements/xliff/zh-CN.xlf
+++ b/packages/elements/xliff/zh-CN.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-HK.xlf b/packages/elements/xliff/zh-HK.xlf
index 010937564ab4..62bf69680c3d 100644
--- a/packages/elements/xliff/zh-HK.xlf
+++ b/packages/elements/xliff/zh-HK.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-TW.xlf b/packages/elements/xliff/zh-TW.xlf
index baff9eed8dcb..5a8191598f3a 100644
--- a/packages/elements/xliff/zh-TW.xlf
+++ b/packages/elements/xliff/zh-TW.xlf
@@ -13,6 +13,26 @@
 <trans-unit id="account.profile.personal-info.title">
   <source>Personal information</source>
 </trans-unit>
+<trans-unit id="general.title">
+  <source>Title</source>
+</trans-unit>
+<trans-unit id="general.content">
+  <source>Content</source>
+</trans-unit>
+<trans-unit id="general.actions">
+  <source>Actions</source>
+</trans-unit>
+<trans-unit id="general.change">
+  <source>Change</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.avatar">
+  <source>Avatar</source>
+  <note from="lit-localize">The avatar of the user.</note>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.name">
+  <source>Name</source>
+  <note from="lit-localize">The name of the user.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>

From e873b5d51ceee692da2e46a79c693b743498f492 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sat, 20 Jul 2024 22:20:37 +0800
Subject: [PATCH 054/135] chore(deps): upgrade react

---
 packages/console/package.json          |   8 +-
 packages/demo-app/package.json         |   8 +-
 packages/experience/package.json       |   8 +-
 packages/toolkit/core-kit/package.json |   2 +-
 pnpm-lock.yaml                         | 434 ++++++++++++-------------
 5 files changed, 227 insertions(+), 233 deletions(-)

diff --git a/packages/console/package.json b/packages/console/package.json
index c2fe998a7fee..11932c3a7561 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -57,9 +57,9 @@
     "@types/debug": "^4.1.7",
     "@types/jest": "^29.4.0",
     "@types/mdx": "^2.0.13",
-    "@types/react": "^18.0.31",
+    "@types/react": "^18.3.3",
     "@types/react-color": "^3.0.6",
-    "@types/react-dom": "^18.0.0",
+    "@types/react-dom": "^18.3.0",
     "@types/react-helmet": "^6.1.6",
     "@types/react-modal": "^3.13.1",
     "@types/react-syntax-highlighter": "^15.5.1",
@@ -99,13 +99,13 @@
     "process": "^0.11.10",
     "prop-types": "^15.8.1",
     "property-information": "^6.2.0",
-    "react": "^18.0.0",
+    "react": "^18.3.1",
     "react-animate-height": "^3.0.4",
     "react-color": "^2.19.3",
     "react-confetti": "^6.1.0",
     "react-dnd": "^16.0.0",
     "react-dnd-html5-backend": "^16.0.0",
-    "react-dom": "^18.0.0",
+    "react-dom": "^18.3.1",
     "react-dropzone": "^14.2.3",
     "react-helmet": "^6.1.0",
     "react-hook-form": "^7.43.9",
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index 2873bab194a3..33e7e2f8cadc 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -30,8 +30,8 @@
     "@silverhand/eslint-config-react": "6.0.2",
     "@silverhand/ts-config": "6.0.0",
     "@silverhand/ts-config-react": "6.0.0",
-    "@types/react": "^18.0.31",
-    "@types/react-dom": "^18.0.0",
+    "@types/react": "^18.3.3",
+    "@types/react-dom": "^18.3.0",
     "buffer": "^6.0.0",
     "cross-env": "^7.0.3",
     "eslint": "^8.56.0",
@@ -42,8 +42,8 @@
     "parcel": "2.9.3",
     "postcss": "^8.4.31",
     "prettier": "^3.0.0",
-    "react": "^18.0.0",
-    "react-dom": "^18.0.0",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
     "react-i18next": "^12.3.1",
     "stylelint": "^15.0.0",
     "typescript": "^5.5.3",
diff --git a/packages/experience/package.json b/packages/experience/package.json
index c286358a51f0..d71876be75b7 100644
--- a/packages/experience/package.json
+++ b/packages/experience/package.json
@@ -47,8 +47,8 @@
     "@testing-library/react-hooks": "^8.0.1",
     "@types/color": "^3.0.3",
     "@types/jest": "^29.4.0",
-    "@types/react": "^18.0.31",
-    "@types/react-dom": "^18.0.0",
+    "@types/react": "^18.3.3",
+    "@types/react-dom": "^18.3.0",
     "@types/react-helmet": "^6.1.6",
     "@types/react-modal": "^3.13.1",
     "@types/react-router-dom": "^5.3.2",
@@ -74,9 +74,9 @@
     "postcss": "^8.4.31",
     "postcss-modules": "^4.3.0",
     "prettier": "^3.0.0",
-    "react": "^18.0.0",
+    "react": "^18.3.1",
     "react-device-detect": "^2.2.3",
-    "react-dom": "^18.0.0",
+    "react-dom": "^18.3.1",
     "react-helmet": "^6.1.0",
     "react-hook-form": "^7.34.0",
     "react-i18next": "^12.3.1",
diff --git a/packages/toolkit/core-kit/package.json b/packages/toolkit/core-kit/package.json
index 5b42b57644d4..959a4be4e70d 100644
--- a/packages/toolkit/core-kit/package.json
+++ b/packages/toolkit/core-kit/package.json
@@ -60,7 +60,7 @@
     "@silverhand/ts-config-react": "6.0.0",
     "@types/color": "^3.0.3",
     "@types/node": "^20.9.5",
-    "@types/react": "^18.0.31",
+    "@types/react": "^18.3.3",
     "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 41e757065f07..7e3f8cd94bb5 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -2880,7 +2880,7 @@ importers:
         version: link:../phrases-experience
       '@logto/react':
         specifier: ^3.0.12
-        version: 3.0.13(react@18.2.0)
+        version: 3.0.13(react@18.3.1)
       '@logto/schemas':
         specifier: workspace:^1.18.0
         version: link:../schemas
@@ -2892,10 +2892,10 @@ importers:
         version: 3.0.1
       '@mdx-js/react':
         specifier: ^3.0.1
-        version: 3.0.1(@types/react@18.0.31)(react@18.2.0)
+        version: 3.0.1(@types/react@18.3.3)(react@18.3.1)
       '@monaco-editor/react':
         specifier: ^4.6.0
-        version: 4.6.0(monaco-editor@0.47.0)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 4.6.0(monaco-editor@0.47.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       '@parcel/compressor-brotli':
         specifier: 2.9.3
         version: 2.9.3(@parcel/core@2.9.3)
@@ -2934,7 +2934,7 @@ importers:
         version: 0.2.26(@swc/core@1.3.52(@swc/helpers@0.5.1))
       '@testing-library/react':
         specifier: ^16.0.0
-        version: 16.0.0(@testing-library/dom@10.0.0)(@types/react-dom@18.0.6)(@types/react@18.0.31)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 16.0.0(@testing-library/dom@10.0.0)(@types/react-dom@18.3.0)(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       '@types/color':
         specifier: ^3.0.3
         version: 3.0.3
@@ -2948,14 +2948,14 @@ importers:
         specifier: ^2.0.13
         version: 2.0.13
       '@types/react':
-        specifier: ^18.0.31
-        version: 18.0.31
+        specifier: ^18.3.3
+        version: 18.3.3
       '@types/react-color':
         specifier: ^3.0.6
         version: 3.0.6
       '@types/react-dom':
-        specifier: ^18.0.0
-        version: 18.0.6
+        specifier: ^18.3.0
+        version: 18.3.0
       '@types/react-helmet':
         specifier: ^6.1.6
         version: 6.1.6
@@ -3027,7 +3027,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.2.0)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.3.1)
       just-kebab-case:
         specifier: ^4.2.0
         version: 4.2.0
@@ -3051,7 +3051,7 @@ importers:
         version: 2.0.3
       overlayscrollbars-react:
         specifier: ^0.5.0
-        version: 0.5.0(overlayscrollbars@2.0.3)(react@18.2.0)
+        version: 0.5.0(overlayscrollbars@2.0.3)(react@18.3.1)
       parcel:
         specifier: 2.9.3
         version: 2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)
@@ -3074,62 +3074,62 @@ importers:
         specifier: ^6.2.0
         version: 6.2.0
       react:
-        specifier: ^18.0.0
-        version: 18.2.0
+        specifier: ^18.3.1
+        version: 18.3.1
       react-animate-height:
         specifier: ^3.0.4
-        version: 3.0.4(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 3.0.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-color:
         specifier: ^2.19.3
-        version: 2.19.3(react@18.2.0)
+        version: 2.19.3(react@18.3.1)
       react-confetti:
         specifier: ^6.1.0
-        version: 6.1.0(react@18.2.0)
+        version: 6.1.0(react@18.3.1)
       react-dnd:
         specifier: ^16.0.0
-        version: 16.0.0(@types/node@20.12.7)(@types/react@18.0.31)(react@18.2.0)
+        version: 16.0.0(@types/node@20.12.7)(@types/react@18.3.3)(react@18.3.1)
       react-dnd-html5-backend:
         specifier: ^16.0.0
         version: 16.0.0
       react-dom:
-        specifier: ^18.0.0
-        version: 18.2.0(react@18.2.0)
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
       react-dropzone:
         specifier: ^14.2.3
-        version: 14.2.3(react@18.2.0)
+        version: 14.2.3(react@18.3.1)
       react-helmet:
         specifier: ^6.1.0
-        version: 6.1.0(react@18.2.0)
+        version: 6.1.0(react@18.3.1)
       react-hook-form:
         specifier: ^7.43.9
-        version: 7.43.9(react@18.2.0)
+        version: 7.43.9(react@18.3.1)
       react-hot-toast:
         specifier: ^2.2.0
-        version: 2.2.0(csstype@3.0.11)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 2.2.0(csstype@3.0.11)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-i18next:
         specifier: ^12.3.1
-        version: 12.3.1(i18next@22.4.15)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 12.3.1(i18next@22.4.15)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-markdown:
         specifier: ^9.0.0
-        version: 9.0.0(@types/react@18.0.31)(react@18.2.0)
+        version: 9.0.0(@types/react@18.3.3)(react@18.3.1)
       react-modal:
         specifier: ^3.15.1
-        version: 3.15.1(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 3.15.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-paginate:
         specifier: ^8.1.3
-        version: 8.1.3(react@18.2.0)
+        version: 8.1.3(react@18.3.1)
       react-router-dom:
         specifier: ^6.10.0
-        version: 6.10.0(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 6.10.0(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-syntax-highlighter:
         specifier: ^15.5.0
-        version: 15.5.0(react@18.2.0)
+        version: 15.5.0(react@18.3.1)
       react-timer-hook:
         specifier: ^3.0.5
-        version: 3.0.5(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 3.0.5(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       recharts:
         specifier: ^2.1.13
-        version: 2.1.13(prop-types@15.8.1)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 2.1.13(prop-types@15.8.1)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       rehype-mdx-code-props:
         specifier: ^3.0.1
         version: 3.0.1
@@ -3141,7 +3141,7 @@ importers:
         version: 15.11.0(typescript@5.5.3)
       swr:
         specifier: ^2.2.0
-        version: 2.2.0(react@18.2.0)
+        version: 2.2.0(react@18.3.1)
       ts-node:
         specifier: ^10.9.2
         version: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
@@ -3481,7 +3481,7 @@ importers:
         version: link:../phrases
       '@logto/react':
         specifier: ^3.0.12
-        version: 3.0.13(react@18.2.0)
+        version: 3.0.13(react@18.3.1)
       '@logto/schemas':
         specifier: workspace:^1.18.0
         version: link:../schemas
@@ -3504,11 +3504,11 @@ importers:
         specifier: 6.0.0
         version: 6.0.0(typescript@5.5.3)
       '@types/react':
-        specifier: ^18.0.31
-        version: 18.0.31
+        specifier: ^18.3.3
+        version: 18.3.3
       '@types/react-dom':
-        specifier: ^18.0.0
-        version: 18.0.6
+        specifier: ^18.3.0
+        version: 18.3.0
       buffer:
         specifier: ^6.0.0
         version: 6.0.3
@@ -3540,14 +3540,14 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       react:
-        specifier: ^18.0.0
-        version: 18.2.0
+        specifier: ^18.3.1
+        version: 18.3.1
       react-dom:
-        specifier: ^18.0.0
-        version: 18.2.0(react@18.2.0)
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
       react-i18next:
         specifier: ^12.3.1
-        version: 12.3.1(i18next@22.4.15)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 12.3.1(i18next@22.4.15)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       stylelint:
         specifier: ^15.0.0
         version: 15.11.0(typescript@5.5.3)
@@ -3565,7 +3565,7 @@ importers:
         version: 0.12.1
       '@lit/react':
         specifier: ^1.0.5
-        version: 1.0.5(@types/react@18.0.31)
+        version: 1.0.5(@types/react@18.3.3)
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
@@ -3641,10 +3641,10 @@ importers:
         version: 2.9.3(@parcel/core@2.9.3)
       '@react-spring/shared':
         specifier: ^9.6.1
-        version: 9.6.1(react@18.2.0)
+        version: 9.6.1(react@18.3.1)
       '@react-spring/web':
         specifier: ^9.6.1
-        version: 9.6.1(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 9.6.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -3674,10 +3674,10 @@ importers:
         version: 0.2.26(@swc/core@1.3.52(@swc/helpers@0.5.1))
       '@testing-library/react':
         specifier: ^16.0.0
-        version: 16.0.0(@testing-library/dom@10.0.0)(@types/react-dom@18.0.6)(@types/react@18.0.31)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 16.0.0(@testing-library/dom@10.0.0)(@types/react-dom@18.3.0)(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       '@testing-library/react-hooks':
         specifier: ^8.0.1
-        version: 8.0.1(@types/react@18.0.31)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 8.0.1(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       '@types/color':
         specifier: ^3.0.3
         version: 3.0.3
@@ -3685,11 +3685,11 @@ importers:
         specifier: ^29.4.0
         version: 29.4.0
       '@types/react':
-        specifier: ^18.0.31
-        version: 18.0.31
+        specifier: ^18.3.3
+        version: 18.3.3
       '@types/react-dom':
-        specifier: ^18.0.0
-        version: 18.0.6
+        specifier: ^18.3.0
+        version: 18.3.0
       '@types/react-helmet':
         specifier: ^6.1.6
         version: 6.1.6
@@ -3737,7 +3737,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.3.1)
       js-base64:
         specifier: ^3.7.5
         version: 3.7.5
@@ -3766,38 +3766,38 @@ importers:
         specifier: ^3.0.0
         version: 3.0.0
       react:
-        specifier: ^18.0.0
-        version: 18.2.0
+        specifier: ^18.3.1
+        version: 18.3.1
       react-device-detect:
         specifier: ^2.2.3
-        version: 2.2.3(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 2.2.3(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-dom:
-        specifier: ^18.0.0
-        version: 18.2.0(react@18.2.0)
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
       react-helmet:
         specifier: ^6.1.0
-        version: 6.1.0(react@18.2.0)
+        version: 6.1.0(react@18.3.1)
       react-hook-form:
         specifier: ^7.34.0
-        version: 7.34.0(react@18.2.0)
+        version: 7.34.0(react@18.3.1)
       react-i18next:
         specifier: ^12.3.1
-        version: 12.3.1(i18next@22.4.15)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 12.3.1(i18next@22.4.15)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-modal:
         specifier: ^3.15.1
-        version: 3.15.1(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 3.15.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-router-dom:
         specifier: ^6.10.0
-        version: 6.10.0(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 6.10.0(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-string-replace:
         specifier: ^1.0.0
         version: 1.0.0
       react-timer-hook:
         specifier: ^3.0.5
-        version: 3.0.5(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+        version: 3.0.5(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-top-loading-bar:
         specifier: ^2.3.1
-        version: 2.3.1(react@18.2.0)
+        version: 2.3.1(react@18.3.1)
       stylelint:
         specifier: ^15.0.0
         version: 15.11.0(typescript@5.5.3)
@@ -3812,7 +3812,7 @@ importers:
         version: 5.5.3
       use-debounced-loader:
         specifier: ^0.1.1
-        version: 0.1.1(react@18.2.0)
+        version: 0.1.1(react@18.3.1)
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -4192,8 +4192,8 @@ importers:
         specifier: ^20.9.5
         version: 20.10.4
       '@types/react':
-        specifier: ^18.0.31
-        version: 18.0.31
+        specifier: ^18.3.3
+        version: 18.3.3
       '@vitest/coverage-v8':
         specifier: ^2.0.0
         version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
@@ -6852,8 +6852,8 @@ packages:
   '@types/react-color@3.0.6':
     resolution: {integrity: sha512-OzPIO5AyRmLA7PlOyISlgabpYUa3En74LP8mTMa0veCA719SvYQov4WLMsHvCgXP+L+KI9yGhYnqZafVGG0P4w==}
 
-  '@types/react-dom@18.0.6':
-    resolution: {integrity: sha512-/5OFZgfIPSwy+YuIBP/FgJnQnsxhZhjjrnxudMddeblOouIodEQ75X14Rr4wGSG/bknL+Omy9iWlLo1u/9GzAA==}
+  '@types/react-dom@18.3.0':
+    resolution: {integrity: sha512-EhwApuTmMBmXuFOikhQLIBUn6uFg81SwLMOAUgodJF14SOBOCMdU04gDoYi0WOJJHD144TL32z4yDqCW3dnkQg==}
 
   '@types/react-helmet@6.1.6':
     resolution: {integrity: sha512-ZKcoOdW/Tg+kiUbkFCBtvDw0k3nD4HJ/h/B9yWxN4uDO8OkRksWTO+EL+z/Qu3aHTeTll3Ro0Cc/8UhwBCMG5A==}
@@ -6870,8 +6870,8 @@ packages:
   '@types/react-syntax-highlighter@15.5.1':
     resolution: {integrity: sha512-+yD6D8y21JqLf89cRFEyRfptVMqo2ROHyAlysRvFwT28gT5gDo3KOiXHwGilHcq9y/OKTjlWK0f/hZUicrBFPQ==}
 
-  '@types/react@18.0.31':
-    resolution: {integrity: sha512-EEG67of7DsvRDU6BLLI0p+k1GojDLz9+lZsnCpCRTa/lOokvyPBvp8S5x+A24hME3yyQuIipcP70KJ6H7Qupww==}
+  '@types/react@18.3.3':
+    resolution: {integrity: sha512-hti/R0pS0q1/xx+TsI73XIqk26eBsISZ2R0wUijXIngRK9R/e7Xw/cXVxQK7R5JjW+SV4zGcn5hXjudkN/pLIw==}
 
   '@types/reactcss@1.2.6':
     resolution: {integrity: sha512-qaIzpCuXNWomGR1Xq8SCFTtF4v8V27Y6f+b9+bzHiv087MylI/nTCqqdChNeWS7tslgROmYB7yeiruWX7WnqNg==}
@@ -6885,9 +6885,6 @@ packages:
   '@types/retry@0.12.2':
     resolution: {integrity: sha512-XISRgDJ2Tc5q4TRqvgJtzsRkFYNJzZrhTdtMoGVBttwzzQJkPnS3WWTFc7kuDRoPtPakl+T+OfdEUjYJj7Jbow==}
 
-  '@types/scheduler@0.16.2':
-    resolution: {integrity: sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew==}
-
   '@types/semver@7.3.12':
     resolution: {integrity: sha512-WwA1MW0++RfXmCr12xeYOOC5baSC9mSb0ZqCquFzKhcoF4TvHu5MKOuXsncgZcpVFhB1pXd5hZmM0ryAoCp12A==}
 
@@ -11996,10 +11993,10 @@ packages:
       '@types/react':
         optional: true
 
-  react-dom@18.2.0:
-    resolution: {integrity: sha512-6IMTriUmvsjHUjNtEDudZfuDQUoWXVxKHhlEGSk81n4YFS+r/Kl99wXiwlVXtPBtJenozv2P+hxDsw9eA7Xo6g==}
+  react-dom@18.3.1:
+    resolution: {integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==}
     peerDependencies:
-      react: ^18.2.0
+      react: ^18.3.1
 
   react-dropzone@14.2.3:
     resolution: {integrity: sha512-O3om8I+PkFKbxCukfIR3QAGftYXDZfOE2N1mr/7qebQJHs7U+/RSL/9xomJNpRg9kM5h9soQSdf0Gc7OHF5Fug==}
@@ -12148,8 +12145,8 @@ packages:
       react: '>=15.0.0'
       react-dom: '>=15.0.0'
 
-  react@18.2.0:
-    resolution: {integrity: sha512-/3IjMdb2L9QbBdWiW5e3P2/npwMBaU9mHCSCUzNln0ZCYbcfTsGbTJrU/kGemdH2IWmB2ioZ+zkxtmq6g09fGQ==}
+  react@18.3.1:
+    resolution: {integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==}
     engines: {node: '>=0.10.0'}
 
   reactcss@1.2.3:
@@ -12439,8 +12436,8 @@ packages:
     resolution: {integrity: sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==}
     engines: {node: '>=v12.22.7'}
 
-  scheduler@0.23.0:
-    resolution: {integrity: sha512-CtuThmgHNg7zIZWAXi3AsyIzA3n4xx7aNyjwC2VJldO2LMVDhFK+63xGqq6CsJH4rTAt6/M+N4GhZiDYPx9eUw==}
+  scheduler@0.23.2:
+    resolution: {integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==}
 
   semver-compare@1.0.0:
     resolution: {integrity: sha512-YM3/ITh2MJ5MtzaM429anh+x2jiLVjqILF4m4oyQB18W7Ggea7BfqdH/wGMK7dDiMghv/6WG7znWMwUDzJiXow==}
@@ -15115,9 +15112,9 @@ snapshots:
 
   '@humanwhocodes/object-schema@2.0.3': {}
 
-  '@icons/material@0.2.4(react@18.2.0)':
+  '@icons/material@0.2.4(react@18.3.1)':
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
   '@isaacs/cliui@8.0.2':
     dependencies:
@@ -15431,9 +15428,9 @@ snapshots:
     dependencies:
       lit: 3.1.4
 
-  '@lit/react@1.0.5(@types/react@18.0.31)':
+  '@lit/react@1.0.5(@types/react@18.3.3)':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
   '@lit/reactive-element@2.0.4':
     dependencies:
@@ -15500,11 +15497,11 @@ snapshots:
       '@silverhand/essentials': 2.9.1
       js-base64: 3.7.5
 
-  '@logto/react@3.0.13(react@18.2.0)':
+  '@logto/react@3.0.13(react@18.3.1)':
     dependencies:
       '@logto/browser': 2.2.15
       '@silverhand/essentials': 2.9.1
-      react: 18.2.0
+      react: 18.3.1
 
   '@manypkg/find-root@1.1.0':
     dependencies:
@@ -15552,11 +15549,11 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@mdx-js/react@3.0.1(@types/react@18.0.31)(react@18.2.0)':
+  '@mdx-js/react@3.0.1(@types/react@18.3.3)(react@18.3.1)':
     dependencies:
       '@types/mdx': 2.0.13
-      '@types/react': 18.0.31
-      react: 18.2.0
+      '@types/react': 18.3.3
+      react: 18.3.1
 
   '@microsoft/applicationinsights-web-snippet@1.0.1': {}
 
@@ -15571,12 +15568,12 @@ snapshots:
       monaco-editor: 0.47.0
       state-local: 1.0.7
 
-  '@monaco-editor/react@4.6.0(monaco-editor@0.47.0)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)':
+  '@monaco-editor/react@4.6.0(monaco-editor@0.47.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
     dependencies:
       '@monaco-editor/loader': 1.4.0(monaco-editor@0.47.0)
       monaco-editor: 0.47.0
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
 
   '@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2':
     optional: true
@@ -16267,38 +16264,38 @@ snapshots:
 
   '@react-dnd/shallowequal@4.0.0': {}
 
-  '@react-spring/animated@9.6.1(react@18.2.0)':
+  '@react-spring/animated@9.6.1(react@18.3.1)':
     dependencies:
-      '@react-spring/shared': 9.6.1(react@18.2.0)
+      '@react-spring/shared': 9.6.1(react@18.3.1)
       '@react-spring/types': 9.6.1
-      react: 18.2.0
+      react: 18.3.1
 
-  '@react-spring/core@9.6.1(react@18.2.0)':
+  '@react-spring/core@9.6.1(react@18.3.1)':
     dependencies:
-      '@react-spring/animated': 9.6.1(react@18.2.0)
+      '@react-spring/animated': 9.6.1(react@18.3.1)
       '@react-spring/rafz': 9.6.1
-      '@react-spring/shared': 9.6.1(react@18.2.0)
+      '@react-spring/shared': 9.6.1(react@18.3.1)
       '@react-spring/types': 9.6.1
-      react: 18.2.0
+      react: 18.3.1
 
   '@react-spring/rafz@9.6.1': {}
 
-  '@react-spring/shared@9.6.1(react@18.2.0)':
+  '@react-spring/shared@9.6.1(react@18.3.1)':
     dependencies:
       '@react-spring/rafz': 9.6.1
       '@react-spring/types': 9.6.1
-      react: 18.2.0
+      react: 18.3.1
 
   '@react-spring/types@9.6.1': {}
 
-  '@react-spring/web@9.6.1(react-dom@18.2.0(react@18.2.0))(react@18.2.0)':
+  '@react-spring/web@9.6.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
     dependencies:
-      '@react-spring/animated': 9.6.1(react@18.2.0)
-      '@react-spring/core': 9.6.1(react@18.2.0)
-      '@react-spring/shared': 9.6.1(react@18.2.0)
+      '@react-spring/animated': 9.6.1(react@18.3.1)
+      '@react-spring/core': 9.6.1(react@18.3.1)
+      '@react-spring/shared': 9.6.1(react@18.3.1)
       '@react-spring/types': 9.6.1
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
 
   '@redis/bloom@1.2.0(@redis/client@1.5.16)':
     dependencies:
@@ -17125,24 +17122,24 @@ snapshots:
       lz-string: 1.5.0
       pretty-format: 27.5.1
 
-  '@testing-library/react-hooks@8.0.1(@types/react@18.0.31)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)':
+  '@testing-library/react-hooks@8.0.1(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
     dependencies:
       '@babel/runtime': 7.21.0
-      react: 18.2.0
-      react-error-boundary: 3.1.4(react@18.2.0)
+      react: 18.3.1
+      react-error-boundary: 3.1.4(react@18.3.1)
     optionalDependencies:
-      '@types/react': 18.0.31
-      react-dom: 18.2.0(react@18.2.0)
+      '@types/react': 18.3.3
+      react-dom: 18.3.1(react@18.3.1)
 
-  '@testing-library/react@16.0.0(@testing-library/dom@10.0.0)(@types/react-dom@18.0.6)(@types/react@18.0.31)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)':
+  '@testing-library/react@16.0.0(@testing-library/dom@10.0.0)(@types/react-dom@18.3.0)(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
     dependencies:
       '@babel/runtime': 7.24.4
       '@testing-library/dom': 10.0.0
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
     optionalDependencies:
-      '@types/react': 18.0.31
-      '@types/react-dom': 18.0.6
+      '@types/react': 18.3.3
+      '@types/react-dom': 18.3.0
 
   '@tootallnate/once@2.0.0': {}
 
@@ -17445,45 +17442,44 @@ snapshots:
 
   '@types/react-color@3.0.6':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
       '@types/reactcss': 1.2.6
 
-  '@types/react-dom@18.0.6':
+  '@types/react-dom@18.3.0':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
   '@types/react-helmet@6.1.6':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
   '@types/react-modal@3.13.1':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
   '@types/react-router-dom@5.3.2':
     dependencies:
       '@types/history': 4.7.11
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
       '@types/react-router': 5.1.17
 
   '@types/react-router@5.1.17':
     dependencies:
       '@types/history': 4.7.11
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
   '@types/react-syntax-highlighter@15.5.1':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
-  '@types/react@18.0.31':
+  '@types/react@18.3.3':
     dependencies:
       '@types/prop-types': 15.7.4
-      '@types/scheduler': 0.16.2
       csstype: 3.0.11
 
   '@types/reactcss@1.2.6':
     dependencies:
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
   '@types/request@2.48.12':
     dependencies:
@@ -17496,8 +17492,6 @@ snapshots:
 
   '@types/retry@0.12.2': {}
 
-  '@types/scheduler@0.16.2': {}
-
   '@types/semver@7.3.12': {}
 
   '@types/semver@7.5.0': {}
@@ -21460,15 +21454,15 @@ snapshots:
 
   jest-transform-stub@2.0.0: {}
 
-  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.2.0):
+  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.3.1):
     dependencies:
       jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
-      react: 18.2.0
+      react: 18.3.1
 
-  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.2.0):
+  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.3.1):
     dependencies:
       jest: 29.7.0(@types/node@20.12.7)
-      react: 18.2.0
+      react: 18.3.1
 
   jest-util@29.5.0:
     dependencies:
@@ -23224,10 +23218,10 @@ snapshots:
 
   outdent@0.5.0: {}
 
-  overlayscrollbars-react@0.5.0(overlayscrollbars@2.0.3)(react@18.2.0):
+  overlayscrollbars-react@0.5.0(overlayscrollbars@2.0.3)(react@18.3.1):
     dependencies:
       overlayscrollbars: 2.0.3
-      react: 18.2.0
+      react: 18.3.1
 
   overlayscrollbars@2.0.3: {}
 
@@ -23835,104 +23829,104 @@ snapshots:
       iconv-lite: 0.4.24
       unpipe: 1.0.0
 
-  react-animate-height@3.0.4(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-animate-height@3.0.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       classnames: 2.3.1
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
 
-  react-color@2.19.3(react@18.2.0):
+  react-color@2.19.3(react@18.3.1):
     dependencies:
-      '@icons/material': 0.2.4(react@18.2.0)
+      '@icons/material': 0.2.4(react@18.3.1)
       lodash: 4.17.21
       lodash-es: 4.17.21
       material-colors: 1.2.6
       prop-types: 15.8.1
-      react: 18.2.0
-      reactcss: 1.2.3(react@18.2.0)
+      react: 18.3.1
+      reactcss: 1.2.3(react@18.3.1)
       tinycolor2: 1.6.0
 
-  react-confetti@6.1.0(react@18.2.0):
+  react-confetti@6.1.0(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
       tween-functions: 1.2.0
 
-  react-device-detect@2.2.3(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-device-detect@2.2.3(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
       ua-parser-js: 1.0.37
 
   react-dnd-html5-backend@16.0.0:
     dependencies:
       dnd-core: 16.0.0
 
-  react-dnd@16.0.0(@types/node@20.12.7)(@types/react@18.0.31)(react@18.2.0):
+  react-dnd@16.0.0(@types/node@20.12.7)(@types/react@18.3.3)(react@18.3.1):
     dependencies:
       '@react-dnd/invariant': 4.0.0
       '@react-dnd/shallowequal': 4.0.0
       dnd-core: 16.0.0
       fast-deep-equal: 3.1.3
       hoist-non-react-statics: 3.3.2
-      react: 18.2.0
+      react: 18.3.1
     optionalDependencies:
       '@types/node': 20.12.7
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
 
-  react-dom@18.2.0(react@18.2.0):
+  react-dom@18.3.1(react@18.3.1):
     dependencies:
       loose-envify: 1.4.0
-      react: 18.2.0
-      scheduler: 0.23.0
+      react: 18.3.1
+      scheduler: 0.23.2
 
-  react-dropzone@14.2.3(react@18.2.0):
+  react-dropzone@14.2.3(react@18.3.1):
     dependencies:
       attr-accept: 2.2.2
       file-selector: 0.6.0
       prop-types: 15.8.1
-      react: 18.2.0
+      react: 18.3.1
 
-  react-error-boundary@3.1.4(react@18.2.0):
+  react-error-boundary@3.1.4(react@18.3.1):
     dependencies:
       '@babel/runtime': 7.24.4
-      react: 18.2.0
+      react: 18.3.1
 
   react-error-overlay@6.0.9: {}
 
   react-fast-compare@3.2.1: {}
 
-  react-helmet@6.1.0(react@18.2.0):
+  react-helmet@6.1.0(react@18.3.1):
     dependencies:
       object-assign: 4.1.1
       prop-types: 15.8.1
-      react: 18.2.0
+      react: 18.3.1
       react-fast-compare: 3.2.1
-      react-side-effect: 2.1.2(react@18.2.0)
+      react-side-effect: 2.1.2(react@18.3.1)
 
-  react-hook-form@7.34.0(react@18.2.0):
+  react-hook-form@7.34.0(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
-  react-hook-form@7.43.9(react@18.2.0):
+  react-hook-form@7.43.9(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
-  react-hot-toast@2.2.0(csstype@3.0.11)(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-hot-toast@2.2.0(csstype@3.0.11)(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       goober: 2.1.8(csstype@3.0.11)
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
     transitivePeerDependencies:
       - csstype
 
-  react-i18next@12.3.1(i18next@22.4.15)(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-i18next@12.3.1(i18next@22.4.15)(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       '@babel/runtime': 7.21.0
       html-parse-stringify: 3.0.1
       i18next: 22.4.15
-      react: 18.2.0
+      react: 18.3.1
     optionalDependencies:
-      react-dom: 18.2.0(react@18.2.0)
+      react-dom: 18.3.1(react@18.3.1)
 
   react-is@16.13.1: {}
 
@@ -23942,16 +23936,16 @@ snapshots:
 
   react-lifecycles-compat@3.0.4: {}
 
-  react-markdown@9.0.0(@types/react@18.0.31)(react@18.2.0):
+  react-markdown@9.0.0(@types/react@18.3.3)(react@18.3.1):
     dependencies:
       '@types/hast': 3.0.1
-      '@types/react': 18.0.31
+      '@types/react': 18.3.3
       devlop: 1.1.0
       hast-util-to-jsx-runtime: 2.2.0
       html-url-attributes: 3.0.0
       mdast-util-to-hast: 13.0.2
       micromark-util-sanitize-uri: 2.0.0
-      react: 18.2.0
+      react: 18.3.1
       remark-parse: 11.0.0
       remark-rehype: 11.0.0
       unified: 11.0.3
@@ -23960,89 +23954,89 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  react-modal@3.15.1(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-modal@3.15.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       exenv: 1.2.2
       prop-types: 15.8.1
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
       react-lifecycles-compat: 3.0.4
       warning: 4.0.3
 
-  react-paginate@8.1.3(react@18.2.0):
+  react-paginate@8.1.3(react@18.3.1):
     dependencies:
       prop-types: 15.8.1
-      react: 18.2.0
+      react: 18.3.1
 
   react-refresh@0.9.0: {}
 
-  react-resize-detector@7.1.2(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-resize-detector@7.1.2(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       lodash: 4.17.21
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
 
-  react-router-dom@6.10.0(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-router-dom@6.10.0(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       '@remix-run/router': 1.5.0
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
-      react-router: 6.10.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
+      react-router: 6.10.0(react@18.3.1)
 
-  react-router@6.10.0(react@18.2.0):
+  react-router@6.10.0(react@18.3.1):
     dependencies:
       '@remix-run/router': 1.5.0
-      react: 18.2.0
+      react: 18.3.1
 
-  react-side-effect@2.1.2(react@18.2.0):
+  react-side-effect@2.1.2(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
-  react-smooth@2.0.1(prop-types@15.8.1)(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-smooth@2.0.1(prop-types@15.8.1)(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       fast-equals: 2.0.4
       prop-types: 15.8.1
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
-      react-transition-group: 2.9.0(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
+      react-transition-group: 2.9.0(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
 
   react-string-replace@1.0.0: {}
 
-  react-syntax-highlighter@15.5.0(react@18.2.0):
+  react-syntax-highlighter@15.5.0(react@18.3.1):
     dependencies:
       '@babel/runtime': 7.17.9
       highlight.js: 10.7.3
       lowlight: 1.20.0
       prismjs: 1.27.0
-      react: 18.2.0
+      react: 18.3.1
       refractor: 3.6.0
 
-  react-timer-hook@3.0.5(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-timer-hook@3.0.5(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
 
-  react-top-loading-bar@2.3.1(react@18.2.0):
+  react-top-loading-bar@2.3.1(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
-  react-transition-group@2.9.0(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  react-transition-group@2.9.0(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       dom-helpers: 3.4.0
       loose-envify: 1.4.0
       prop-types: 15.8.1
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
       react-lifecycles-compat: 3.0.4
 
-  react@18.2.0:
+  react@18.3.1:
     dependencies:
       loose-envify: 1.4.0
 
-  reactcss@1.2.3(react@18.2.0):
+  reactcss@1.2.3(react@18.3.1):
     dependencies:
       lodash: 4.17.21
-      react: 18.2.0
+      react: 18.3.1
 
   read-pkg-up@7.0.1:
     dependencies:
@@ -24091,7 +24085,7 @@ snapshots:
     dependencies:
       decimal.js-light: 2.5.1
 
-  recharts@2.1.13(prop-types@15.8.1)(react-dom@18.2.0(react@18.2.0))(react@18.2.0):
+  recharts@2.1.13(prop-types@15.8.1)(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       classnames: 2.3.1
       d3-interpolate: 3.0.1
@@ -24100,11 +24094,11 @@ snapshots:
       eventemitter3: 4.0.7
       lodash: 4.17.21
       prop-types: 15.8.1
-      react: 18.2.0
-      react-dom: 18.2.0(react@18.2.0)
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
       react-is: 16.13.1
-      react-resize-detector: 7.1.2(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
-      react-smooth: 2.0.1(prop-types@15.8.1)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
+      react-resize-detector: 7.1.2(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      react-smooth: 2.0.1(prop-types@15.8.1)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       recharts-scale: 0.4.5
       reduce-css-calc: 2.1.8
 
@@ -24463,7 +24457,7 @@ snapshots:
     dependencies:
       xmlchars: 2.2.0
 
-  scheduler@0.23.0:
+  scheduler@0.23.2:
     dependencies:
       loose-envify: 1.4.0
 
@@ -24984,10 +24978,10 @@ snapshots:
       picocolors: 1.0.0
       stable: 0.1.8
 
-  swr@2.2.0(react@18.2.0):
+  swr@2.2.0(react@18.3.1):
     dependencies:
-      react: 18.2.0
-      use-sync-external-store: 1.2.0(react@18.2.0)
+      react: 18.3.1
+      use-sync-external-store: 1.2.0(react@18.3.1)
 
   symbol-tree@3.2.4: {}
 
@@ -25396,13 +25390,13 @@ snapshots:
 
   urlpattern-polyfill@10.0.0: {}
 
-  use-debounced-loader@0.1.1(react@18.2.0):
+  use-debounced-loader@0.1.1(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
-  use-sync-external-store@1.2.0(react@18.2.0):
+  use-sync-external-store@1.2.0(react@18.3.1):
     dependencies:
-      react: 18.2.0
+      react: 18.3.1
 
   util-deprecate@1.0.2: {}
 

From 3527848b67378cb968b8c55aeae501a41dffa071 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sat, 20 Jul 2024 23:01:58 +0800
Subject: [PATCH 055/135] chore(elements): check git existence

---
 packages/elements/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/elements/package.json b/packages/elements/package.json
index ee405db27755..3599cd569190 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -37,7 +37,7 @@
     "test:ci": "pnpm run test --silent --coverage",
     "prepack": "pnpm build",
     "localize": "lit-localize",
-    "check": "lit-localize extract && git add . -N && git diff --exit-code"
+    "check": "if command -v git &> /dev/null; then lit-localize extract && git add . -N && git diff --exit-code; fi"
   },
   "engines": {
     "node": "^20.9.0"

From ca7ee8c227c6158941bff485f8f616445d1490a0 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 21 Jul 2024 19:59:30 +0800
Subject: [PATCH 056/135] feat(schemas): init app_secrets table

---
 .scripts/compare-database.js                  |  4 +-
 .../next-1721483240-multiple-app-secrets.ts   | 77 +++++++++++++++++++
 packages/schemas/src/consts/system.ts         |  3 +
 .../schemas/tables/application_secrets.sql    | 17 ++++
 packages/schemas/tables/applications.sql      |  7 +-
 5 files changed, 104 insertions(+), 4 deletions(-)
 create mode 100644 packages/schemas/alterations/next-1721483240-multiple-app-secrets.ts
 create mode 100644 packages/schemas/tables/application_secrets.sql

diff --git a/.scripts/compare-database.js b/.scripts/compare-database.js
index b959db385336..f7afeaab6920 100644
--- a/.scripts/compare-database.js
+++ b/.scripts/compare-database.js
@@ -42,14 +42,14 @@ const queryDatabaseManifest = async (database) => {
   `);
 
   const { rows: constraints } = await pool.query(/* sql */`
-    select conrelid::regclass AS table, con.*, pg_get_constraintdef(con.oid)
+    select conrelid::regclass as r_table, con.*, pg_get_constraintdef(con.oid) as def
     from pg_catalog.pg_constraint con
     inner join pg_catalog.pg_class rel
     on rel.oid = con.conrelid
     inner join pg_catalog.pg_namespace nsp
     on nsp.oid = connamespace
     where nsp.nspname = 'public'
-    order by conname asc;
+    order by conname asc, def asc;
   `);
 
   const { rows: indexes } = await pool.query(/* sql */`
diff --git a/packages/schemas/alterations/next-1721483240-multiple-app-secrets.ts b/packages/schemas/alterations/next-1721483240-multiple-app-secrets.ts
new file mode 100644
index 000000000000..765d771f144a
--- /dev/null
+++ b/packages/schemas/alterations/next-1721483240-multiple-app-secrets.ts
@@ -0,0 +1,77 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      -- Remove existing constraint
+      alter table organization_application_relations drop constraint application_type;
+
+      -- Drop the function
+      drop function check_application_type;
+
+      -- Create a new function that accepts a variadic array of application types
+      create function check_application_type(
+        application_id varchar(21),
+        variadic target_type application_type[]
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = any(target_type);
+      end; $$ language plpgsql set search_path = public;
+
+      -- Add back the constraint
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+
+      -- Create the new table
+      create table application_secrets (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** The name of the secret. Should be unique within the application. */
+        name varchar(256) not null,
+        value varchar(64) not null,
+        expires_at timestamptz,
+        created_at timestamptz not null default now(),
+        primary key (tenant_id, application_id, name),
+        constraint application_type
+          check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))
+      );
+    `);
+    await applyTableRls(pool, 'application_secrets');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'application_secrets');
+    await pool.query(sql`
+      -- Remove the table
+      drop table application_secrets;
+
+      -- Remove the constraint
+      alter table organization_application_relations drop constraint application_type;
+
+      -- Drop the function
+      drop function check_application_type;
+
+      -- Restore the original function
+      create function check_application_type(
+        application_id varchar(21),
+        target_type application_type
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = target_type;
+      end; $$ language plpgsql set search_path = public;
+
+      -- Add back the constraint
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+    `);
+  },
+};
+
+export default alteration;
diff --git a/packages/schemas/src/consts/system.ts b/packages/schemas/src/consts/system.ts
index 153dddf849bc..f2f16b47243e 100644
--- a/packages/schemas/src/consts/system.ts
+++ b/packages/schemas/src/consts/system.ts
@@ -9,3 +9,6 @@
  * If we use `/default`, the URL will look ugly; thus we keep the old fashion `/console`.
  */
 export const ossConsolePath = '/console';
+
+/** The prefix for keys and values that need to be explicitly marked as internal. */
+export const internalPrefix = '#internal:';
diff --git a/packages/schemas/tables/application_secrets.sql b/packages/schemas/tables/application_secrets.sql
new file mode 100644
index 000000000000..406764f80184
--- /dev/null
+++ b/packages/schemas/tables/application_secrets.sql
@@ -0,0 +1,17 @@
+/* init_order = 2 */
+
+/** Application secrets for the `client_credentials` grant type and other confidential client use cases. Note that these secrets replace the `secret` column in the `applications` table, while the `secret` column is still used for the internal validation as `oidc-provider` does not support multiple secrets per client. */
+create table application_secrets (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  /** The name of the secret. Should be unique within the application. */
+  name varchar(256) not null,
+  value varchar(64) not null,
+  created_at timestamptz not null default now(),
+  expires_at timestamptz,
+  primary key (tenant_id, application_id, name),
+  constraint application_type
+    check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))
+);
diff --git a/packages/schemas/tables/applications.sql b/packages/schemas/tables/applications.sql
index bf51c8118283..ca7a70a6d004 100644
--- a/packages/schemas/tables/applications.sql
+++ b/packages/schemas/tables/applications.sql
@@ -34,7 +34,10 @@ create unique index applications__protected_app_metadata_custom_domain
     (protected_app_metadata->'customDomains'->0->>'domain')
   );
 
-create function check_application_type(application_id varchar(21), target_type application_type) returns boolean as
+create function check_application_type(
+  application_id varchar(21),
+  variadic target_type application_type[]
+) returns boolean as
 $$ begin
-  return (select type from applications where id = application_id) = target_type;
+  return (select type from applications where id = application_id) = any(target_type);
 end; $$ language plpgsql set search_path = public;

From 3a9a69381de5852bf010611ad19b994903e02927 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 21 Jul 2024 23:50:36 +0800
Subject: [PATCH 057/135] feat(core): multiple app secrets

---
 packages/core/package.json                    |   1 +
 packages/core/src/event-listeners/index.ts    |   9 +-
 .../koa-app-secret-transpilation.test.ts      | 154 +++++++++++++
 .../koa-app-secret-transpilation.ts           | 132 +++++++++++
 .../src/middleware/koa-oidc-error-handler.ts  |  14 +-
 .../middleware/koa-slonik-error-handler.ts    |  15 ++
 packages/core/src/oidc/init.ts                |  67 +++---
 .../core/src/queries/application-secrets.ts   |  55 +++++
 .../application-secret.openapi.json           |  80 +++++++
 .../routes/applications/application-secret.ts | 106 +++++++++
 .../routes/applications/application.test.ts   |   1 -
 .../src/routes/applications/application.ts    |  16 +-
 packages/core/src/routes/init.ts              |   4 +
 packages/core/src/tenants/Queries.ts          |   2 +
 .../integration-tests/src/api/application.ts  |  26 ++-
 .../application/application.secrets.test.ts   | 144 ++++++++++++
 .../tests/api/application/application.test.ts |   4 -
 .../api/oidc/client-authentication.test.ts    | 210 ++++++++++++++++++
 .../src/locales/en/errors/application.ts      |   2 +
 pnpm-lock.yaml                                | 164 ++++++++++----
 20 files changed, 1105 insertions(+), 101 deletions(-)
 create mode 100644 packages/core/src/middleware/koa-app-secret-transpilation.test.ts
 create mode 100644 packages/core/src/middleware/koa-app-secret-transpilation.ts
 create mode 100644 packages/core/src/queries/application-secrets.ts
 create mode 100644 packages/core/src/routes/applications/application-secret.openapi.json
 create mode 100644 packages/core/src/routes/applications/application-secret.ts
 create mode 100644 packages/integration-tests/src/tests/api/application/application.secrets.test.ts
 create mode 100644 packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts

diff --git a/packages/core/package.json b/packages/core/package.json
index 9321a779b160..92b45f9d6df7 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -84,6 +84,7 @@
     "pg-protocol": "^1.6.0",
     "pluralize": "^8.0.0",
     "qrcode": "^1.5.3",
+    "raw-body": "^2.5.2",
     "redis": "^4.6.14",
     "roarr": "^7.11.0",
     "samlify": "2.8.11",
diff --git a/packages/core/src/event-listeners/index.ts b/packages/core/src/event-listeners/index.ts
index 402d1c92930f..39df743222f9 100644
--- a/packages/core/src/event-listeners/index.ts
+++ b/packages/core/src/event-listeners/index.ts
@@ -1,15 +1,12 @@
-import { ConsoleLog } from '@logto/shared';
-import chalk from 'chalk';
 import type Provider from 'oidc-provider';
 
 import type Queries from '#src/tenants/Queries.js';
+import { getConsoleLogFromContext } from '#src/utils/console.js';
 
 import { grantListener, grantRevocationListener } from './grant.js';
 import { interactionEndedListener, interactionStartedListener } from './interaction.js';
 import { recordActiveUsers } from './record-active-users.js';
 
-const consoleLog = new ConsoleLog(chalk.magenta('oidc'));
-
 /**
  * @see {@link https://github.com/panva/node-oidc-provider/blob/v7.x/docs/README.md#im-getting-a-client-authentication-failed-error-with-no-details Getting auth error with no details?}
  * @see {@link https://github.com/panva/node-oidc-provider/blob/v7.x/docs/events.md OIDC Provider events}
@@ -29,8 +26,8 @@ export const addOidcEventListeners = (provider: Provider, queries: Queries) => {
   });
   provider.addListener('interaction.started', interactionStartedListener);
   provider.addListener('interaction.ended', interactionEndedListener);
-  provider.addListener('server_error', (_, error) => {
-    consoleLog.error('server_error:', error);
+  provider.addListener('server_error', (ctx, error) => {
+    getConsoleLogFromContext(ctx).error('server_error:', error);
   });
 
   // Record token usage.
diff --git a/packages/core/src/middleware/koa-app-secret-transpilation.test.ts b/packages/core/src/middleware/koa-app-secret-transpilation.test.ts
new file mode 100644
index 000000000000..ed2289e56e50
--- /dev/null
+++ b/packages/core/src/middleware/koa-app-secret-transpilation.test.ts
@@ -0,0 +1,154 @@
+import { type Context } from 'koa';
+import { type IRouterParamContext } from 'koa-router';
+
+import { MockQueries } from '#src/test-utils/tenant.js';
+import { createContextWithRouteParameters } from '#src/utils/test-utils.js';
+
+import koaAppSecretTranspilation from './koa-app-secret-transpilation.js';
+
+const { jest } = import.meta;
+
+describe('koaAppSecretTranspilation middleware', () => {
+  const next = jest.fn();
+  const findByCredentials = jest.fn();
+  const queries = new MockQueries({ applicationSecrets: { findByCredentials } });
+
+  type Values = {
+    authorization?: string;
+    body?: Record<string, unknown>;
+    query?: Record<string, unknown>;
+  };
+
+  const expectNothingChanged = (
+    ctx: Context & IRouterParamContext,
+    { authorization, body, query }: Values = {},
+    calledCount = 0
+  ) => {
+    expect(ctx.headers.authorization).toBe(authorization);
+    expect(ctx.request.body).toStrictEqual(body);
+    expect(ctx.query).toStrictEqual(query);
+    expect(findByCredentials).toHaveBeenCalledTimes(calledCount);
+  };
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should do nothing if no credentials are found', async () => {
+    const ctx = createContextWithRouteParameters();
+    await koaAppSecretTranspilation(queries)(ctx, next);
+    expectNothingChanged(ctx);
+  });
+
+  it('should do nothing if Authorization header is not valid', async () => {
+    const ctx = createContextWithRouteParameters();
+
+    for (const authorization of [
+      'Bearer',
+      'Bearer invalid',
+      'Basic invalid',
+      `Basic ${Buffer.from('\u0019:1').toString('base64')}`,
+    ]) {
+      ctx.headers.authorization = authorization;
+      // eslint-disable-next-line no-await-in-loop
+      await koaAppSecretTranspilation(queries)(ctx, next);
+      expectNothingChanged(ctx, { authorization });
+    }
+  });
+
+  it('should do nothing if params are not valid', async () => {
+    const ctx = createContextWithRouteParameters();
+
+    ctx.method = 'POST';
+    for (const body of [
+      {},
+      { client_id: 1 },
+      { client_secret: 1 },
+      { client_id: '1', client_secret: 1 },
+    ]) {
+      ctx.request.body = body;
+      // eslint-disable-next-line no-await-in-loop
+      await koaAppSecretTranspilation(queries)(ctx, next);
+      expectNothingChanged(ctx, { body });
+    }
+
+    ctx.method = 'GET';
+    for (const query of [
+      {},
+      { client_id: 1 },
+      { client_secret: 1 },
+      { client_id: '1', client_secret: 1 },
+    ]) {
+      ctx.request.body = undefined;
+      // @ts-expect-error
+      ctx.query = query;
+      // eslint-disable-next-line no-await-in-loop
+      await koaAppSecretTranspilation(queries)(ctx, next);
+      expectNothingChanged(ctx, { query });
+    }
+  });
+
+  it('should do nothing if client credentials have the wrong combination', async () => {
+    const ctx = createContextWithRouteParameters();
+
+    for (const [authorization, body] of [
+      ['Basic ' + Buffer.from('1:').toString('base64'), { client_id: '2', client_secret: '1' }],
+      ['Basic ' + Buffer.from('1:1').toString('base64'), { client_id: '1', client_secret: '1' }],
+    ] as const) {
+      ctx.headers.authorization = authorization;
+      ctx.method = 'POST';
+      ctx.request.body = body;
+      // eslint-disable-next-line no-await-in-loop
+      await koaAppSecretTranspilation(queries)(ctx, next);
+      expectNothingChanged(ctx, { authorization, body });
+    }
+  });
+
+  it('should do nothing if client credentials cannot be found', async () => {
+    const ctx = createContextWithRouteParameters();
+    const authorization = 'Basic ' + Buffer.from('1:1').toString('base64');
+    ctx.headers.authorization = authorization;
+    await koaAppSecretTranspilation(queries)(ctx, next);
+    expectNothingChanged(ctx, { authorization }, 1);
+  });
+
+  it('should throw an error if client credentials are expired', async () => {
+    const ctx = createContextWithRouteParameters();
+    const authorization = 'Basic ' + Buffer.from('1:1').toString('base64');
+    ctx.headers.authorization = authorization;
+    findByCredentials.mockResolvedValueOnce({ expiresAt: new Date(Date.now() - 1000) });
+    await expect(koaAppSecretTranspilation(queries)(ctx, next)).rejects.toThrowError(
+      'invalid_request'
+    );
+    expectNothingChanged(ctx, { authorization }, 1);
+  });
+
+  it('should rewrite the client secret in the header', async () => {
+    const ctx = createContextWithRouteParameters();
+    const authorization = 'Basic ' + Buffer.from('1:1').toString('base64');
+    ctx.headers.authorization = authorization;
+    findByCredentials.mockResolvedValueOnce({ originalSecret: '2' });
+    await koaAppSecretTranspilation(queries)(ctx, next);
+    expect(ctx.headers.authorization).toBe('Basic ' + Buffer.from('1:2').toString('base64'));
+  });
+
+  it('should rewrite the client secret in the body', async () => {
+    const ctx = createContextWithRouteParameters();
+    const body = { client_id: '1', client_secret: '1' };
+    ctx.method = 'POST';
+    ctx.request.body = body;
+    findByCredentials.mockResolvedValueOnce({ originalSecret: '2' });
+    await koaAppSecretTranspilation(queries)(ctx, next);
+    expect(ctx.request.body.client_secret).toBe('2');
+  });
+
+  it('should rewrite the client secret in the query', async () => {
+    const ctx = createContextWithRouteParameters();
+    const query = { client_id: '1', client_secret: '1' };
+    ctx.method = 'GET';
+    ctx.query = query;
+    findByCredentials.mockResolvedValueOnce({ originalSecret: '2' });
+    await koaAppSecretTranspilation(queries)(ctx, next);
+    expect(ctx.query.client_secret).toBe('2');
+  });
+});
diff --git a/packages/core/src/middleware/koa-app-secret-transpilation.ts b/packages/core/src/middleware/koa-app-secret-transpilation.ts
new file mode 100644
index 000000000000..19201383a629
--- /dev/null
+++ b/packages/core/src/middleware/koa-app-secret-transpilation.ts
@@ -0,0 +1,132 @@
+import type { Nullable } from '@silverhand/essentials';
+import type { MiddlewareType } from 'koa';
+import { errors } from 'oidc-provider';
+
+import type Queries from '#src/tenants/Queries.js';
+
+const noVSCHAR = /[^\u0020-\u007E]/;
+
+function decodeAuthToken(token: string) {
+  const authToken = decodeURIComponent(token.replaceAll('+', '%20'));
+  if (noVSCHAR.test(authToken)) {
+    return;
+  }
+  return authToken;
+}
+
+/** @import { getConstantClientMetadata } from '#src/oidc/utils.js'; */
+/**
+ * Create a middleware function that reads the app secret from the request and check if it matches
+ * the app secret in the `application_secrets` table. If it matches, the secret will be transpiled
+ * to the one in the `applications` table in order to be recognized by `oidc-provider`.
+ *
+ * If the app secret is not found in the `application_secrets` table, the middleware will keep
+ * everything as is and let the `oidc-provider` handle it.
+ *
+ * @remarks
+ * We have to transpile the app secret because the `oidc-provider` only accepts one secret per
+ * client.
+ *
+ * @remarks
+ * The way to read the app secret from the request is duplicated from the original `oidc-provider`
+ * implementation as the client should not be aware of this process. If we change the way to
+ * authenticate the client in the future, we should update this middleware accordingly.
+ *
+ * @see {@link getConstantClientMetadata} for client authentication method based on application
+ * type.
+ * @see {@link https://github.com/panva/node-oidc-provider/blob/v8.4.6/lib/shared/token_auth.js#L74 | oidc-provider} for
+ * the original implementation.
+ */
+export default function koaAppSecretTranspilation<StateT, ContextT, ResponseBodyT>(
+  queries: Queries
+): MiddlewareType<StateT, ContextT, Nullable<ResponseBodyT>> {
+  return async (ctx, next) => {
+    type ClientCredentials = Partial<{
+      clientId: string;
+      clientSecret: string;
+    }>;
+    const getCredentialsFromHeader = (): ClientCredentials => {
+      const parts = ctx.headers.authorization?.split(' ');
+
+      if (parts?.length !== 2 || parts[0]?.toLowerCase() !== 'basic' || !parts[1]) {
+        return {};
+      }
+
+      const [part0, part1] = Buffer.from(parts[1], 'base64').toString().split(':');
+
+      return {
+        clientId: part0 && decodeAuthToken(part0),
+        clientSecret: part1 && decodeAuthToken(part1),
+      };
+    };
+
+    const getCredentialsFromParams = (): ClientCredentials => {
+      const params: unknown = ctx.method === 'POST' ? ctx.request.body : ctx.query;
+
+      if (typeof params !== 'object' || params === null) {
+        return {};
+      }
+
+      const clientId =
+        'client_id' in params && typeof params.client_id === 'string'
+          ? params.client_id
+          : undefined;
+      const clientSecret =
+        'client_secret' in params && typeof params.client_secret === 'string'
+          ? params.client_secret
+          : undefined;
+      return { clientId, clientSecret };
+    };
+
+    const getCredentials = (
+      header: ClientCredentials,
+      params: ClientCredentials
+    ): ClientCredentials => {
+      if (header.clientId && params.clientId && header.clientId !== params.clientId) {
+        return {};
+      }
+
+      // Only authorization header is allowed to be used for client authentication if the client ID
+      // is provided in the header.
+      if (header.clientId && (!header.clientSecret || params.clientSecret)) {
+        return {};
+      }
+
+      const clientId = header.clientId ?? params.clientId;
+      const clientSecret = header.clientSecret ?? params.clientSecret;
+
+      return { clientId, clientSecret };
+    };
+
+    const header = getCredentialsFromHeader();
+    const params = getCredentialsFromParams();
+    const { clientId, clientSecret } = getCredentials(header, params);
+    if (!clientId || !clientSecret) {
+      return next();
+    }
+
+    const result = await queries.applicationSecrets.findByCredentials(clientId, clientSecret);
+
+    // Fall back to the original client secret logic to provide backward compatibility.
+    if (!result) {
+      return next();
+    }
+
+    if (result.expiresAt && result.expiresAt < Date.now()) {
+      throw new errors.InvalidRequest('client secret has expired');
+    }
+
+    // All checks passed. Rewrite the client secret to the one in the `applications` table.
+    if (header.clientSecret) {
+      ctx.headers.authorization = `Basic ${Buffer.from(
+        `${clientId}:${result.originalSecret}`
+      ).toString('base64')}`;
+    } else if (ctx.method === 'POST') {
+      ctx.request.body.client_secret = result.originalSecret;
+    } else {
+      ctx.query.client_secret = result.originalSecret;
+    }
+
+    return next();
+  };
+}
diff --git a/packages/core/src/middleware/koa-oidc-error-handler.ts b/packages/core/src/middleware/koa-oidc-error-handler.ts
index 52963026495b..898c946cd1f1 100644
--- a/packages/core/src/middleware/koa-oidc-error-handler.ts
+++ b/packages/core/src/middleware/koa-oidc-error-handler.ts
@@ -90,17 +90,10 @@ export default function koaOidcErrorHandler<StateT, ContextT>(): Middleware<Stat
         throw error;
       }
 
-      // Report oidc exceptions to ApplicationInsights
-      void appInsights.trackException(error, buildAppInsightsTelemetry(ctx));
-
       // Mimic oidc-provider's error handling, thus we can use the unified logic below.
       // See https://github.com/panva/node-oidc-provider/blob/37d0a6cfb3c618141a44cbb904ce45659438f821/lib/shared/error_handler.js
       ctx.status = error.statusCode || 500;
       ctx.body = errorOut(error);
-
-      if (!EnvSet.values.isUnitTest && (!EnvSet.values.isProduction || ctx.status >= 500)) {
-        getConsoleLogFromContext(ctx).error(error);
-      }
     }
 
     // This is the only way we can check if the error is handled by the oidc-provider, because
@@ -115,6 +108,7 @@ export default function koaOidcErrorHandler<StateT, ContextT>(): Middleware<Stat
 
       if (parsed.success) {
         const { data } = parsed;
+
         const code = isSessionNotFound(data.error_description)
           ? 'session.not_found'
           : `oidc.${data.error}`;
@@ -126,6 +120,12 @@ export default function koaOidcErrorHandler<StateT, ContextT>(): Middleware<Stat
           error_uri: uri,
           ...ctx.body,
         };
+
+        if (!EnvSet.values.isUnitTest && (!EnvSet.values.isProduction || ctx.status >= 500)) {
+          getConsoleLogFromContext(ctx).error(ctx.body);
+        }
+
+        void appInsights.trackException(ctx.body, buildAppInsightsTelemetry(ctx));
       }
     }
   };
diff --git a/packages/core/src/middleware/koa-slonik-error-handler.ts b/packages/core/src/middleware/koa-slonik-error-handler.ts
index 8d8dc5f1b41f..520e8a1bcc85 100644
--- a/packages/core/src/middleware/koa-slonik-error-handler.ts
+++ b/packages/core/src/middleware/koa-slonik-error-handler.ts
@@ -5,6 +5,7 @@ import {
   InvalidInputError,
   CheckIntegrityConstraintViolationError,
   UniqueIntegrityConstraintViolationError,
+  ForeignKeyIntegrityConstraintViolationError,
 } from '@silverhand/slonik';
 import type { Middleware } from 'koa';
 
@@ -42,6 +43,13 @@ export default function koaSlonikErrorHandler<StateT, ContextT>(): Middleware<St
             status: 422,
           });
         }
+
+        if (error.constraint === 'application_secrets_pkey') {
+          throw new RequestError({
+            code: 'application.secret_name_exists',
+            status: 422,
+          });
+        }
       }
 
       if (error instanceof CheckIntegrityConstraintViolationError) {
@@ -51,6 +59,13 @@ export default function koaSlonikErrorHandler<StateT, ContextT>(): Middleware<St
         });
       }
 
+      if (error instanceof ForeignKeyIntegrityConstraintViolationError) {
+        throw new RequestError({
+          code: 'entity.relation_foreign_key_not_found',
+          status: 404,
+        });
+      }
+
       if (error instanceof InsertionError) {
         throw new RequestError({
           code: 'entity.create_failed',
diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts
index 5ec7474ab56f..d17bc4fc9736 100644
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@@ -2,6 +2,7 @@
 /* istanbul ignore file */
 import assert from 'node:assert';
 import { readFileSync } from 'node:fs';
+import querystring from 'node:querystring';
 
 import { userClaims } from '@logto/core-kit';
 import type { I18nKey } from '@logto/phrases';
@@ -17,15 +18,15 @@ import {
 } from '@logto/schemas';
 import { removeUndefinedKeys, trySafe, tryThat } from '@silverhand/essentials';
 import i18next from 'i18next';
-import { koaBody } from 'koa-body';
 import Provider, { errors } from 'oidc-provider';
+import getRawBody from 'raw-body';
 import snakecaseKeys from 'snakecase-keys';
 
-import { type EnvSet } from '#src/env-set/index.js';
-import RequestError from '#src/errors/RequestError/index.js';
+import { EnvSet } from '#src/env-set/index.js';
 import { addOidcEventListeners } from '#src/event-listeners/index.js';
 import { type CloudConnectionLibrary } from '#src/libraries/cloud-connection.js';
 import { type LogtoConfigLibrary } from '#src/libraries/logto-config.js';
+import koaAppSecretTranspilation from '#src/middleware/koa-app-secret-transpilation.js';
 import koaAuditLog from '#src/middleware/koa-audit-log.js';
 import koaBodyEtag from '#src/middleware/koa-body-etag.js';
 import koaResourceParam from '#src/middleware/koa-resource-param.js';
@@ -363,27 +364,6 @@ export default function initOidc(
 
   // Provide audit log context for event listeners
   oidc.use(koaAuditLog(queries));
-  /**
-   * Create a middleware function that transpile requests with content type `application/json`
-   * since `oidc-provider` only accepts `application/x-www-form-urlencoded` for most of routes.
-   *
-   * Other parsers are explicitly disabled to keep it neat.
-   */
-  oidc.use(async (ctx, next) => {
-    // `koa-body` will throw `SyntaxError` if the request body is not a valid JSON
-    // By default any untracked server error will throw a `500` internal error. Instead of throwing 500 error
-    // we should throw a `400` RequestError for all the invalid request body input.
-
-    try {
-      await koaBody({ urlencoded: false, text: false })(ctx, next);
-    } catch (error: unknown) {
-      if (error instanceof SyntaxError) {
-        throw new RequestError({ code: 'guard.invalid_input', type: 'body' }, error);
-      }
-
-      throw error;
-    }
-  });
   /**
    * Check if the request URL contains comma separated `resource` query parameter. If yes, split the values and
    * reconstruct the URL with multiple `resource` query parameters.
@@ -394,19 +374,46 @@ export default function initOidc(
    * `oidc-provider` [strictly checks](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L11)
    * the `content-type` header for further processing.
    *
-   * It will [directly use the `ctx.req.body` for parsing](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L39)
-   * so there's no need to change the raw request body as we uses `koaBody()` above.
+   * It will [directly use the `ctx.req.body` or `ctx.request.body` for parsing](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L39)
+   * so there's no need to change the raw request body if we parse the JSON here.
    *
    * However, this is not recommended for other routes rather since it causes a header-body format mismatch.
    */
   oidc.use(async (ctx, next) => {
-    // WARNING: [Registration actions](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/actions/registration.js#L4) are using
-    // 'application/json' for body parsing. Update relatively when we enable that feature.
-    if (ctx.headers['content-type'] === 'application/json') {
-      ctx.headers['content-type'] = 'application/x-www-form-urlencoded';
+    const jsonContentType = 'application/json';
+    const formUrlEncodedContentType = 'application/x-www-form-urlencoded';
+
+    // Replicate the behavior of `oidc-provider` for parsing the request body
+    if (ctx.req.readable) {
+      const charset = ctx.headers['content-type']
+        ?.split(';')
+        .map((part) => part.trim().split('='))
+        .find(([key]) => key?.trim() === 'charset')?.[1];
+
+      const body = await getRawBody(ctx.req, {
+        length: ctx.request.length,
+        limit: '56kb',
+        encoding: charset ?? 'utf8',
+      });
+
+      // WARNING: [Registration actions](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/actions/registration.js#L4) are using
+      // 'application/json' for body parsing. Update relatively when we enable that feature.
+      if (ctx.is(jsonContentType)) {
+        ctx.headers['content-type'] = formUrlEncodedContentType;
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+        ctx.request.body = JSON.parse(body);
+      } else if (ctx.is(formUrlEncodedContentType)) {
+        ctx.request.body = querystring.parse(body);
+      }
     }
+
     return next();
   });
+
+  if (EnvSet.values.isDevFeaturesEnabled) {
+    oidc.use(koaAppSecretTranspilation(queries));
+  }
+
   oidc.use(koaBodyEtag());
 
   return oidc;
diff --git a/packages/core/src/queries/application-secrets.ts b/packages/core/src/queries/application-secrets.ts
new file mode 100644
index 000000000000..8124ee2211f6
--- /dev/null
+++ b/packages/core/src/queries/application-secrets.ts
@@ -0,0 +1,55 @@
+import { Applications, type ApplicationSecret, ApplicationSecrets } from '@logto/schemas';
+import { type CommonQueryMethods, sql } from '@silverhand/slonik';
+
+import { buildInsertIntoWithPool } from '#src/database/insert-into.js';
+import { DeletionError } from '#src/errors/SlonikError/index.js';
+import { convertToIdentifiers } from '#src/utils/sql.js';
+
+type ApplicationCredentials = ApplicationSecret & {
+  /** The original application secret that stored in the `applications` table. */
+  originalSecret: string;
+};
+
+const { table, fields } = convertToIdentifiers(ApplicationSecrets);
+
+export class ApplicationSecretQueries {
+  public readonly insert = buildInsertIntoWithPool(this.pool)(ApplicationSecrets, {
+    returning: true,
+  });
+
+  constructor(public readonly pool: CommonQueryMethods) {}
+
+  async findByCredentials(appId: string, appSecret: string) {
+    const applications = convertToIdentifiers(Applications, true);
+    const { table, fields } = convertToIdentifiers(ApplicationSecrets, true);
+
+    return this.pool.maybeOne<ApplicationCredentials>(sql`
+      select ${sql.join(Object.values(fields), sql`, `)}, ${
+        applications.fields.secret
+      } as "originalSecret"
+        from ${table}
+        join ${applications.table} on ${fields.applicationId} = ${applications.fields.id}
+        where ${fields.applicationId} = ${appId}
+        and ${fields.value}=${appSecret}
+    `);
+  }
+
+  async getSecretsByApplicationId(appId: string) {
+    return this.pool.any<ApplicationSecret>(sql`
+      select ${sql.join(Object.values(fields), sql`, `)}
+        from ${table}
+        where ${fields.applicationId} = ${appId}
+    `);
+  }
+
+  async deleteByName(appId: string, name: string) {
+    const { rowCount } = await this.pool.query(sql`
+      delete from ${table}
+        where ${fields.applicationId} = ${appId}
+        and ${fields.name} = ${name}
+    `);
+    if (rowCount < 1) {
+      throw new DeletionError(ApplicationSecrets.table, name);
+    }
+  }
+}
diff --git a/packages/core/src/routes/applications/application-secret.openapi.json b/packages/core/src/routes/applications/application-secret.openapi.json
new file mode 100644
index 000000000000..7b57dd71e7e3
--- /dev/null
+++ b/packages/core/src/routes/applications/application-secret.openapi.json
@@ -0,0 +1,80 @@
+{
+  "tags": [
+    {
+      "name": "Dev feature"
+    }
+  ],
+  "paths": {
+    "/api/applications/{id}/legacy-secret": {
+      "delete": {
+        "summary": "Delete application legacy secret",
+        "description": "Delete the legacy secret for the application and replace it with a new internal secret.\n\nNote: This operation does not \"really\" delete the legacy secret because it is still needed for internal validation. We may remove the display of the legacy secret (the `secret` field in the application response) in the future.",
+        "responses": {
+          "204": {
+            "description": "The legacy secret was deleted successfully."
+          },
+          "400": {
+            "description": "The application does not have a legacy secret."
+          }
+        }
+      }
+    },
+    "/api/applications/{id}/secrets": {
+      "get": {
+        "summary": "Get application secrets",
+        "description": "Get all the secrets for the application.",
+        "responses": {
+          "200": {
+            "description": "A list of secrets."
+          }
+        }
+      },
+      "post": {
+        "summary": "Add application secret",
+        "description": "Add a new secret for the application.",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "properties": {
+                  "name": {
+                    "description": "The secret name. Must be unique within the application."
+                  },
+                  "expiresAt": {
+                    "description": "The epoch time in milliseconds when the secret will expire. If not provided, the secret will never expire."
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "The secret was added successfully."
+          },
+          "422": {
+            "description": "The secret name is already in use."
+          }
+        }
+      }
+    },
+    "/api/applications/{id}/secrets/{name}": {
+      "delete": {
+        "summary": "Delete application secret",
+        "description": "Delete a secret for the application by name.",
+        "parameters": [
+          {
+            "name": "name",
+            "in": "path",
+            "description": "The name of the secret."
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "The secret was deleted successfully."
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/packages/core/src/routes/applications/application-secret.ts b/packages/core/src/routes/applications/application-secret.ts
new file mode 100644
index 000000000000..720afd7f50ae
--- /dev/null
+++ b/packages/core/src/routes/applications/application-secret.ts
@@ -0,0 +1,106 @@
+import { Applications, ApplicationSecrets, internalPrefix } from '@logto/schemas';
+import { generateStandardSecret } from '@logto/shared';
+import { z } from 'zod';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import koaGuard from '#src/middleware/koa-guard.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { type ManagementApiRouter, type RouterInitArgs } from '../types.js';
+
+export const generateInternalSecret = () => internalPrefix + generateStandardSecret();
+
+export default function applicationSecretRoutes<T extends ManagementApiRouter>(
+  ...[router, { queries }]: RouterInitArgs<T>
+) {
+  router.delete(
+    '/applications/:id/legacy-secret',
+    koaGuard({
+      params: z.object({ id: z.string().min(1) }),
+      response: Applications.guard,
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const {
+        params: { id },
+      } = ctx.guard;
+
+      const application = await queries.applications.findApplicationById(id);
+
+      if (!application.secret || application.secret.startsWith(internalPrefix)) {
+        throw new RequestError('application.no_legacy_secret_found');
+      }
+
+      const secret = generateInternalSecret();
+      ctx.body = await queries.applications.updateApplicationById(id, { secret });
+      return next();
+    }
+  );
+
+  router.get(
+    '/applications/:id/secrets',
+    koaGuard({
+      params: z.object({ id: z.string() }),
+      response: ApplicationSecrets.guard.array(),
+      status: [200, 404],
+    }),
+    async (ctx, next) => {
+      const { id } = ctx.guard.params;
+      // Ensure that the application exists.
+      await queries.applications.findApplicationById(id);
+      ctx.body = await queries.applicationSecrets.getSecretsByApplicationId(id);
+      return next();
+    }
+  );
+
+  router.post(
+    '/applications/:id/secrets',
+    koaGuard({
+      params: z.object({ id: z.string() }),
+      body: ApplicationSecrets.createGuard.pick({ name: true, expiresAt: true }),
+      response: ApplicationSecrets.guard,
+      status: [201, 400],
+    }),
+    async (ctx, next) => {
+      const {
+        params: { id: appId },
+        body,
+      } = ctx.guard;
+
+      assertThat(
+        !body.expiresAt || body.expiresAt > Date.now(),
+        new RequestError({
+          code: 'request.invalid_input',
+          details: 'The value of `expiresAt` must be in the future.',
+        })
+      );
+
+      ctx.body = await queries.applicationSecrets.insert({
+        ...body,
+        applicationId: appId,
+        value: generateStandardSecret(),
+      });
+      ctx.status = 201;
+
+      return next();
+    }
+  );
+
+  router.delete(
+    '/applications/:id/secrets/:name',
+    koaGuard({
+      params: z.object({ id: z.string(), name: z.string() }),
+      status: [204, 404],
+    }),
+    async (ctx, next) => {
+      const {
+        params: { id: appId, name },
+      } = ctx.guard;
+
+      await queries.applicationSecrets.deleteByName(appId, name);
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+}
diff --git a/packages/core/src/routes/applications/application.test.ts b/packages/core/src/routes/applications/application.test.ts
index f02353db2e10..a6c65d40b2eb 100644
--- a/packages/core/src/routes/applications/application.test.ts
+++ b/packages/core/src/routes/applications/application.test.ts
@@ -109,7 +109,6 @@ describe('application route', () => {
     expect(response.body).toEqual({
       ...mockApplication,
       id: mockId,
-      secret: mockId,
       name,
       description,
       type,
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 15328665e757..1b9ff571fe2c 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -10,6 +10,7 @@ import { generateStandardId, generateStandardSecret } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
 import { boolean, object, string, z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
@@ -19,6 +20,7 @@ import { parseSearchParamsForSearch } from '#src/utils/search.js';
 
 import type { ManagementApiRouter, RouterInitArgs } from '../types.js';
 
+import { generateInternalSecret } from './application-secret.js';
 import { applicationCreateGuard, applicationPatchGuard } from './types.js';
 
 const includesInternalAdminRole = (roles: Readonly<Array<{ role: Role }>>) =>
@@ -38,7 +40,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
   ...[
     router,
     {
-      queries,
+      queries: { applications, applicationsRoles, roles },
       id: tenantId,
       libraries: { quota, protectedApps },
     },
@@ -51,16 +53,14 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
     updateApplicationById,
     countApplications,
     findApplications,
-  } = queries.applications;
+  } = applications;
 
   const {
     findApplicationsRolesByApplicationId,
     insertApplicationsRoles,
     deleteApplicationRole,
     findApplicationsRolesByRoleId,
-  } = queries.applicationsRoles;
-
-  const { findRoleByRoleName } = queries.roles;
+  } = applicationsRoles;
 
   router.get(
     '/applications',
@@ -191,7 +191,9 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
 
       const application = await insertApplication({
         id: generateStandardId(),
-        secret: generateStandardSecret(),
+        secret: EnvSet.values.isDevFeaturesEnabled
+          ? generateStandardSecret()
+          : generateInternalSecret(),
         oidcClientMetadata: buildOidcClientMetadata(oidcClientMetadata),
         ...conditional(
           rest.type === ApplicationType.Protected &&
@@ -275,7 +277,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       if (isAdmin !== undefined) {
         const [applicationsRoles, internalAdminRole] = await Promise.all([
           findApplicationsRolesByApplicationId(id),
-          findRoleByRoleName(InternalRole.Admin),
+          roles.findRoleByRoleName(InternalRole.Admin),
         ]);
         const usedToBeAdmin = includesInternalAdminRole(applicationsRoles);
 
diff --git a/packages/core/src/routes/init.ts b/packages/core/src/routes/init.ts
index f166af765f66..868e6b30c6bb 100644
--- a/packages/core/src/routes/init.ts
+++ b/packages/core/src/routes/init.ts
@@ -15,6 +15,7 @@ import adminUserRoutes from './admin-user/index.js';
 import applicationOrganizationRoutes from './applications/application-organization.js';
 import applicationProtectedAppMetadataRoutes from './applications/application-protected-app-metadata.js';
 import applicationRoleRoutes from './applications/application-role.js';
+import applicationSecretRoutes from './applications/application-secret.js';
 import applicationSignInExperienceRoutes from './applications/application-sign-in-experience.js';
 import applicationUserConsentOrganizationRoutes from './applications/application-user-consent-organization.js';
 import applicationUserConsentScopeRoutes from './applications/application-user-consent-scope.js';
@@ -65,6 +66,9 @@ const createRouters = (tenant: TenantContext) => {
   applicationRoleRoutes(managementRouter, tenant);
   applicationProtectedAppMetadataRoutes(managementRouter, tenant);
   applicationOrganizationRoutes(managementRouter, tenant);
+  if (EnvSet.values.isDevFeaturesEnabled) {
+    applicationSecretRoutes(managementRouter, tenant);
+  }
 
   // Third-party application related routes
   applicationUserConsentScopeRoutes(managementRouter, tenant);
diff --git a/packages/core/src/tenants/Queries.ts b/packages/core/src/tenants/Queries.ts
index 70048b97c147..f7982b01437f 100644
--- a/packages/core/src/tenants/Queries.ts
+++ b/packages/core/src/tenants/Queries.ts
@@ -1,6 +1,7 @@
 import type { CommonQueryMethods } from '@silverhand/slonik';
 
 import { type WellKnownCache } from '#src/caches/well-known.js';
+import { ApplicationSecretQueries } from '#src/queries/application-secrets.js';
 import createApplicationSignInExperienceQueries from '#src/queries/application-sign-in-experience.js';
 import { createApplicationQueries } from '#src/queries/application.js';
 import { createApplicationsRolesQueries } from '#src/queries/applications-roles.js';
@@ -30,6 +31,7 @@ import { createVerificationStatusQueries } from '#src/queries/verification-statu
 
 export default class Queries {
   applications = createApplicationQueries(this.pool);
+  applicationSecrets = new ApplicationSecretQueries(this.pool);
   applicationSignInExperiences = createApplicationSignInExperienceQueries(this.pool);
   connectors = createConnectorQueries(this.pool, this.wellKnownCache);
   customPhrases = createCustomPhraseQueries(this.pool, this.wellKnownCache);
diff --git a/packages/integration-tests/src/api/application.ts b/packages/integration-tests/src/api/application.ts
index 4a2a96125fd0..522c71765ade 100644
--- a/packages/integration-tests/src/api/application.ts
+++ b/packages/integration-tests/src/api/application.ts
@@ -6,6 +6,8 @@ import {
   type Role,
   type ProtectedAppMetadata,
   type OrganizationWithRoles,
+  type CreateApplicationSecret,
+  type ApplicationSecret,
 } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
 
@@ -14,7 +16,12 @@ import { authedAdminApi, oidcApi } from './api.js';
 export const createApplication = async (
   name: string,
   type: ApplicationType,
-  rest?: Partial<CreateApplication>
+  rest?: Partial<
+    // Synced from packages/core/src/routes/applications/types.ts
+    Omit<CreateApplication, 'protectedAppMetadata'> & {
+      protectedAppMetadata: { origin: string; subDomain: string };
+    }
+  >
 ) =>
   authedAdminApi
     .post('applications', {
@@ -126,3 +133,20 @@ export const getOrganizations = async (applicationId: string, page?: number, pag
     })
     .json<OrganizationWithRoles[]>();
 };
+
+export const createApplicationSecret = async ({
+  applicationId,
+  ...body
+}: Omit<CreateApplicationSecret, 'value'>) =>
+  authedAdminApi
+    .post(`applications/${applicationId}/secrets`, { json: body })
+    .json<ApplicationSecret>();
+
+export const getApplicationSecrets = async (applicationId: string) =>
+  authedAdminApi.get(`applications/${applicationId}/secrets`).json<ApplicationSecret[]>();
+
+export const deleteApplicationSecret = async (applicationId: string, secretName: string) =>
+  authedAdminApi.delete(`applications/${applicationId}/secrets/${secretName}`);
+
+export const deleteLegacyApplicationSecret = async (applicationId: string) =>
+  authedAdminApi.delete(`applications/${applicationId}/legacy-secret`);
diff --git a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
new file mode 100644
index 000000000000..0d5e77f6e3f0
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
@@ -0,0 +1,144 @@
+import { ApplicationType, type Application } from '@logto/schemas';
+import { cond, noop } from '@silverhand/essentials';
+import { HTTPError } from 'ky';
+
+import {
+  createApplication as createApplicationApi,
+  createApplicationSecret,
+  deleteApplication,
+  deleteApplicationSecret,
+  getApplicationSecrets,
+} from '#src/api/application.js';
+import { devFeatureTest, randomString } from '#src/utils.js';
+
+devFeatureTest.describe('application secrets', () => {
+  const applications: Application[] = [];
+  const createApplication = async (...args: Parameters<typeof createApplicationApi>) => {
+    const created = await createApplicationApi(...args);
+    // eslint-disable-next-line @silverhand/fp/no-mutating-methods
+    applications.push(created);
+    return created;
+  };
+
+  afterAll(async () => {
+    await Promise.all(applications.map(async ({ id }) => deleteApplication(id).catch(noop)));
+  });
+
+  it.each(Object.values(ApplicationType))(
+    'should or not to create application secret for %s applications per type',
+    async (type) => {
+      const application = await createApplication(
+        'application',
+        type,
+        cond(
+          type === ApplicationType.Protected && {
+            protectedAppMetadata: {
+              origin: 'https://example.com',
+              subDomain: randomString(),
+            },
+          }
+        )
+      );
+      const secretName = randomString();
+      const secretPromise = createApplicationSecret({
+        applicationId: application.id,
+        name: secretName,
+      });
+
+      if (
+        [
+          ApplicationType.MachineToMachine,
+          ApplicationType.Protected,
+          ApplicationType.Traditional,
+        ].includes(type)
+      ) {
+        expect(await secretPromise).toEqual(
+          expect.objectContaining({ applicationId: application.id, name: secretName })
+        );
+      } else {
+        const response = await secretPromise.catch((error: unknown) => error);
+        expect(response).toBeInstanceOf(HTTPError);
+        expect(response).toHaveProperty('response.status', 422);
+        expect(await (response as HTTPError).response.json()).toHaveProperty(
+          'code',
+          'entity.db_constraint_violated'
+        );
+      }
+    }
+  );
+
+  it('should throw error when creating application secret with existing name', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
+    const secretName = randomString();
+    await createApplicationSecret({ applicationId: application.id, name: secretName });
+
+    const response = await createApplicationSecret({
+      applicationId: application.id,
+      name: secretName,
+    }).catch((error: unknown) => error);
+
+    expect(response).toBeInstanceOf(HTTPError);
+    expect(response).toHaveProperty('response.status', 422);
+    expect(await (response as HTTPError).response.json()).toHaveProperty(
+      'code',
+      'application.secret_name_exists'
+    );
+  });
+
+  it('should throw error when creating application secret with invalid application id', async () => {
+    const secretName = randomString();
+    const response = await createApplicationSecret({
+      applicationId: 'invalid',
+      name: secretName,
+    }).catch((error: unknown) => error);
+
+    expect(response).toBeInstanceOf(HTTPError);
+    expect(response).toHaveProperty('response.status', 404);
+  });
+
+  it('should throw error when creating application secret with empty name', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
+    const response = await createApplicationSecret({
+      applicationId: application.id,
+      name: '',
+    }).catch((error: unknown) => error);
+
+    expect(response).toBeInstanceOf(HTTPError);
+    expect(response).toHaveProperty('response.status', 400);
+  });
+
+  it('should throw error when creating application secret with invalid expiresAt', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
+    const secretName = randomString();
+    const response = await createApplicationSecret({
+      applicationId: application.id,
+      name: secretName,
+      expiresAt: Date.now() - 1000,
+    }).catch((error: unknown) => error);
+
+    expect(response).toBeInstanceOf(HTTPError);
+    expect(response).toHaveProperty('response.status', 400);
+  });
+
+  it('should be able to create, get, and delete multiple application secrets', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
+    const secretName1 = randomString();
+    const secretName2 = randomString();
+    const secret1 = await createApplicationSecret({
+      applicationId: application.id,
+      name: secretName1,
+      expiresAt: Date.now() + 1000,
+    });
+    const secret2 = await createApplicationSecret({
+      applicationId: application.id,
+      name: secretName2,
+    });
+
+    expect(await getApplicationSecrets(application.id)).toEqual(
+      expect.arrayContaining([secret1, secret2])
+    );
+    await deleteApplicationSecret(application.id, secretName1);
+    await deleteApplicationSecret(application.id, secretName2);
+    expect(await getApplicationSecrets(application.id)).toEqual([]);
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/application/application.test.ts b/packages/integration-tests/src/tests/api/application/application.test.ts
index 9508355dde95..346d9ba105e7 100644
--- a/packages/integration-tests/src/tests/api/application/application.test.ts
+++ b/packages/integration-tests/src/tests/api/application/application.test.ts
@@ -56,7 +56,6 @@ describe('application APIs', () => {
     };
 
     const application = await createApplication(applicationName, ApplicationType.Protected, {
-      // @ts-expect-error the create guard has been modified
       protectedAppMetadata: metadata,
     });
 
@@ -76,12 +75,10 @@ describe('application APIs', () => {
     };
 
     const application = await createApplication(applicationName, ApplicationType.Protected, {
-      // @ts-expect-error the create guard has been modified
       protectedAppMetadata: metadata,
     });
     await expectRejects(
       createApplication('test-create-app', ApplicationType.Protected, {
-        // @ts-expect-error the create guard has been modified
         protectedAppMetadata: metadata,
       }),
       {
@@ -133,7 +130,6 @@ describe('application APIs', () => {
     };
 
     const application = await createApplication('test-update-app', ApplicationType.Protected, {
-      // @ts-expect-error the create guard has been modified
       protectedAppMetadata: metadata,
     });
 
diff --git a/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts b/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts
new file mode 100644
index 000000000000..4b55473ea1b5
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts
@@ -0,0 +1,210 @@
+/**
+ * @fileoverview Integration tests for handling client authentication with multiple client secrets.
+ * This test suite will test both the client authentication middleware and the inner workings of the
+ * `oidc-provider` when handling client authentication.
+ *
+ * @see {@link file://./../../../../../core/src/middleware/koa-app-secret-transpilation.ts} for the middleware implementation.
+ */
+
+import assert from 'node:assert';
+
+import { ApplicationType } from '@logto/schemas';
+import { noop, removeUndefinedKeys } from '@silverhand/essentials';
+import { HTTPError } from 'ky';
+
+import { oidcApi } from '#src/api/api.js';
+import {
+  createApplication,
+  createApplicationSecret,
+  deleteApplication,
+} from '#src/api/application.js';
+import { createResource } from '#src/api/resource.js';
+import { devFeatureTest, randomString, waitFor } from '#src/utils.js';
+
+type TokenResponse = {
+  access_token: string;
+  token_type: string;
+  expires_in: number;
+  scope: string;
+};
+
+const [application, resource] = await Promise.all([
+  createApplication('application', ApplicationType.MachineToMachine),
+  createResource(),
+]);
+
+afterAll(async () => {
+  await deleteApplication(application.id).catch(noop);
+});
+
+devFeatureTest.describe('client authentication', () => {
+  type RequestOptions = {
+    authorization?: string;
+    body?: Record<string, string>;
+    charset?: BufferEncoding;
+  };
+
+  const post = async ({ authorization, body, charset }: RequestOptions) => {
+    const searchParams = new URLSearchParams({
+      grant_type: 'client_credentials',
+      ...body,
+    });
+    return oidcApi
+      .post('token', {
+        headers: removeUndefinedKeys({
+          Authorization: authorization,
+          'Content-Type': charset
+            ? `application/x-www-form-urlencoded; charset=${charset}`
+            : undefined,
+        }),
+        body: charset ? Buffer.from(searchParams.toString(), charset) : searchParams,
+      })
+      .json<TokenResponse>();
+  };
+
+  const expectError = async (
+    options: RequestOptions,
+    status: number,
+    json?: Record<string, unknown>
+  ) => {
+    const error = await post(options).catch((error: unknown) => error);
+    assert(error instanceof HTTPError);
+    expect(error.response.status).toBe(status);
+
+    if (json) {
+      expect(await error.response.json()).toMatchObject(json);
+    }
+  };
+
+  it('should respond with error when no client authentication is provided', async () => {
+    await expectError({}, 400, {
+      error: 'invalid_request',
+      error_description: 'no client authentication mechanism provided',
+    });
+  });
+
+  it('should respond with error when malformed client authentication is provided', async () => {
+    await expectError({ authorization: 'Basic invalid' }, 400, {
+      error: 'invalid_request',
+      error_description: 'invalid authorization header value format',
+    });
+  });
+
+  it('should respond with error when client ids do not match', async () => {
+    await expectError(
+      {
+        authorization: `Basic ${Buffer.from(`${application.id}:invalid`).toString('base64')}`,
+        body: { client_id: 'invalid' },
+      },
+      400,
+      {
+        error: 'invalid_request',
+        error_description: 'mismatch in body and authorization client ids',
+      }
+    );
+  });
+
+  it('should respond with error when the client secret is expired', async () => {
+    const secret = await createApplicationSecret({
+      applicationId: application.id,
+      name: randomString(),
+      expiresAt: Date.now() + 50,
+    });
+
+    await waitFor(50);
+    await expectError(
+      {
+        authorization: `Basic ${Buffer.from(`${application.id}:${secret.value}`).toString(
+          'base64'
+        )}`,
+        body: { resource: resource.indicator },
+      },
+      400,
+      {
+        error: 'invalid_request',
+        error_description: 'client secret has expired',
+      }
+    );
+  });
+
+  it('should pass when client credentials are valid in authorization header (legacy)', async () => {
+    await expect(
+      post({
+        authorization: `Basic ${Buffer.from(`${application.id}:${application.secret}`).toString(
+          'base64'
+        )}`,
+        body: { resource: resource.indicator },
+      })
+    ).resolves.toMatchObject({
+      token_type: 'Bearer',
+    });
+  });
+
+  it('should pass when client credentials are valid in body (legacy)', async () => {
+    await expect(
+      post({
+        body: {
+          client_id: application.id,
+          client_secret: application.secret,
+          resource: resource.indicator,
+        },
+      })
+    ).resolves.toMatchObject({
+      token_type: 'Bearer',
+    });
+  });
+
+  it('should pass when client credentials are valid in authorization header', async () => {
+    const secret = await createApplicationSecret({
+      applicationId: application.id,
+      name: randomString(),
+    });
+
+    await expect(
+      post({
+        authorization: `Basic ${Buffer.from(`${application.id}:${secret.value}`).toString(
+          'base64'
+        )}`,
+        body: { resource: resource.indicator },
+      })
+    ).resolves.toMatchObject({
+      token_type: 'Bearer',
+    });
+  });
+
+  it('should pass when client credentials are valid in body', async () => {
+    const secret = await createApplicationSecret({
+      applicationId: application.id,
+      name: randomString(),
+    });
+
+    await expect(
+      post({
+        body: {
+          client_id: application.id,
+          client_secret: secret.value,
+          resource: resource.indicator,
+        },
+      })
+    ).resolves.toMatchObject({
+      token_type: 'Bearer',
+    });
+
+    // Set another charset
+    for (const charset of ['utf16le', 'latin1'] as const) {
+      // eslint-disable-next-line no-await-in-loop
+      await expect(
+        post({
+          body: {
+            client_id: application.id,
+            client_secret: secret.value,
+            resource: resource.indicator,
+          },
+          charset,
+        })
+      ).resolves.toMatchObject({
+        token_type: 'Bearer',
+      });
+    }
+  });
+});
diff --git a/packages/phrases/src/locales/en/errors/application.ts b/packages/phrases/src/locales/en/errors/application.ts
index feabd176b1e7..40a67768ebde 100644
--- a/packages/phrases/src/locales/en/errors/application.ts
+++ b/packages/phrases/src/locales/en/errors/application.ts
@@ -18,6 +18,8 @@ const application = {
   invalid_subdomain: 'Invalid subdomain.',
   custom_domain_not_found: 'Custom domain not found.',
   should_delete_custom_domains_first: 'Should delete custom domains first.',
+  no_legacy_secret_found: 'The application does not have a legacy secret.',
+  secret_name_exists: 'Secret name already exists.',
 };
 
 export default Object.freeze(application);
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 7e3f8cd94bb5..843d1550a2ac 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3337,6 +3337,9 @@ importers:
       qrcode:
         specifier: ^1.5.3
         version: 1.5.3
+      raw-body:
+        specifier: ^2.5.2
+        version: 2.5.2
       redis:
         specifier: ^4.6.14
         version: 4.6.14
@@ -3430,7 +3433,7 @@ importers:
         version: 8.57.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)
+        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -3728,7 +3731,7 @@ importers:
         version: 3.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.12.7)
+        version: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       jest-environment-jsdom:
         specifier: ^29.7.0
         version: 29.7.0
@@ -3737,7 +3740,7 @@ importers:
         version: 2.0.0
       jest-transformer-svg:
         specifier: ^2.0.0
-        version: 2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.3.1)
+        version: 2.0.0(jest@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)))(react@18.3.1)
       js-base64:
         specifier: ^3.7.5
         version: 3.7.5
@@ -3876,7 +3879,7 @@ importers:
         version: 10.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)
+        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -15192,6 +15195,41 @@ snapshots:
       - supports-color
       - ts-node
 
+  '@jest/core@29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))':
+    dependencies:
+      '@jest/console': 29.7.0
+      '@jest/reporters': 29.7.0
+      '@jest/test-result': 29.7.0
+      '@jest/transform': 29.7.0
+      '@jest/types': 29.6.3
+      '@types/node': 20.12.7
+      ansi-escapes: 4.3.2
+      chalk: 4.1.2
+      ci-info: 3.8.0
+      exit: 0.1.2
+      graceful-fs: 4.2.11
+      jest-changed-files: 29.7.0
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      jest-haste-map: 29.7.0
+      jest-message-util: 29.7.0
+      jest-regex-util: 29.6.3
+      jest-resolve: 29.7.0
+      jest-resolve-dependencies: 29.7.0
+      jest-runner: 29.7.0
+      jest-runtime: 29.7.0
+      jest-snapshot: 29.7.0
+      jest-util: 29.7.0
+      jest-validate: 29.7.0
+      jest-watcher: 29.7.0
+      micromatch: 4.0.5
+      pretty-format: 29.7.0
+      slash: 3.0.0
+      strip-ansi: 6.0.1
+    transitivePeerDependencies:
+      - babel-plugin-macros
+      - supports-color
+      - ts-node
+
   '@jest/create-cache-key-function@27.5.1':
     dependencies:
       '@jest/types': 27.5.1
@@ -18685,13 +18723,13 @@ snapshots:
     dependencies:
       lodash.get: 4.4.2
 
-  create-jest@29.7.0(@types/node@20.10.4):
+  create-jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
       '@jest/types': 29.6.3
       chalk: 4.1.2
       exit: 0.1.2
       graceful-fs: 4.2.11
-      jest-config: 29.7.0(@types/node@20.10.4)
+      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       jest-util: 29.7.0
       prompts: 2.4.2
     transitivePeerDependencies:
@@ -21085,16 +21123,16 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-cli@29.7.0(@types/node@20.10.4):
+  jest-cli@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.10.4)
+      create-jest: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.10.4)
+      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -21104,7 +21142,7 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7):
+  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
       '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       '@jest/test-result': 29.7.0
@@ -21123,26 +21161,38 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-cli@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
+  jest-config@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
-      '@jest/test-result': 29.7.0
+      '@babel/core': 7.24.4
+      '@jest/test-sequencer': 29.7.0
       '@jest/types': 29.6.3
+      babel-jest: 29.7.0(@babel/core@7.24.4)
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
-      exit: 0.1.2
-      import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
+      ci-info: 3.8.0
+      deepmerge: 4.3.1
+      glob: 7.2.3
+      graceful-fs: 4.2.11
+      jest-circus: 29.7.0
+      jest-environment-node: 29.7.0
+      jest-get-type: 29.6.3
+      jest-regex-util: 29.6.3
+      jest-resolve: 29.7.0
+      jest-runner: 29.7.0
       jest-util: 29.7.0
       jest-validate: 29.7.0
-      yargs: 17.7.2
+      micromatch: 4.0.5
+      parse-json: 5.2.0
+      pretty-format: 29.7.0
+      slash: 3.0.0
+      strip-json-comments: 3.1.1
+    optionalDependencies:
+      '@types/node': 20.10.4
+      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.5.3)
     transitivePeerDependencies:
-      - '@types/node'
       - babel-plugin-macros
       - supports-color
-      - ts-node
 
-  jest-config@29.7.0(@types/node@20.10.4):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -21167,12 +21217,13 @@ snapshots:
       slash: 3.0.0
       strip-json-comments: 3.1.1
     optionalDependencies:
-      '@types/node': 20.10.4
+      '@types/node': 20.12.7
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -21198,7 +21249,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
+      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -21459,11 +21510,6 @@ snapshots:
       jest: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
       react: 18.3.1
 
-  jest-transformer-svg@2.0.0(jest@29.7.0(@types/node@20.12.7))(react@18.3.1):
-    dependencies:
-      jest: 29.7.0(@types/node@20.12.7)
-      react: 18.3.1
-
   jest-util@29.5.0:
     dependencies:
       '@jest/types': 29.6.3
@@ -21516,24 +21562,12 @@ snapshots:
       merge-stream: 2.0.0
       supports-color: 8.1.1
 
-  jest@29.7.0(@types/node@20.10.4):
+  jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.10.4)
-    transitivePeerDependencies:
-      - '@types/node'
-      - babel-plugin-macros
-      - supports-color
-      - ts-node
-
-  jest@29.7.0(@types/node@20.12.7):
-    dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3))
-      '@jest/types': 29.6.3
-      import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.12.7)
+      jest-cli: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
     transitivePeerDependencies:
       - '@types/node'
       - babel-plugin-macros
@@ -25147,6 +25181,27 @@ snapshots:
 
   ts-interface-checker@0.1.13: {}
 
+  ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3):
+    dependencies:
+      '@cspotcode/source-map-support': 0.8.1
+      '@tsconfig/node10': 1.0.9
+      '@tsconfig/node12': 1.0.11
+      '@tsconfig/node14': 1.0.3
+      '@tsconfig/node16': 1.0.4
+      '@types/node': 20.12.7
+      acorn: 8.10.0
+      acorn-walk: 8.2.0
+      arg: 4.1.3
+      create-require: 1.1.1
+      diff: 4.0.2
+      make-error: 1.3.6
+      typescript: 5.5.3
+      v8-compile-cache-lib: 3.0.1
+      yn: 3.1.1
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+    optional: true
+
   ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
@@ -25167,6 +25222,25 @@ snapshots:
     optionalDependencies:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
 
+  ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3):
+    dependencies:
+      '@cspotcode/source-map-support': 0.8.1
+      '@tsconfig/node10': 1.0.9
+      '@tsconfig/node12': 1.0.11
+      '@tsconfig/node14': 1.0.3
+      '@tsconfig/node16': 1.0.4
+      '@types/node': 20.10.4
+      acorn: 8.11.3
+      acorn-walk: 8.3.2
+      arg: 4.1.3
+      create-require: 1.1.1
+      diff: 4.0.2
+      make-error: 1.3.6
+      typescript: 5.5.3
+      v8-compile-cache-lib: 3.0.1
+      yn: 3.1.1
+    optional: true
+
   tsconfig-paths@3.15.0:
     dependencies:
       '@types/json5': 0.0.29

From de617353533ae447e1258bd8a81ba0d354a19186 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 22 Jul 2024 10:36:25 +0800
Subject: [PATCH 058/135] refactor(core,schemas): refactor `CodeVerification`
 (#6277)

* refactor(core,schemas): refactor the CodeVerification class

split the CodeVerification class into EmailCodeVerification and PhoneCodeVerification

* refactor(core,schemas): split CodeVerification type

split CodeVerification type

* fix(core): code review updates

code review updates
---
 .../classes/experience-interaction.test.ts    |   6 +-
 .../src/routes/experience/classes/utils.ts    |  12 +-
 .../sign-in-experience-validator.test.ts      |   6 +-
 .../sign-in-experience-validator.ts           |  15 +-
 .../verifications/code-verification.ts        | 214 ++++++++++++------
 .../experience/classes/verifications/index.ts |  22 +-
 .../verifications/verification-record.ts      |   3 +-
 .../verification-routes/verification-code.ts  |  13 +-
 packages/schemas/src/types/interactions.ts    |  12 +-
 9 files changed, 204 insertions(+), 99 deletions(-)

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.test.ts b/packages/core/src/routes/experience/classes/experience-interaction.test.ts
index 561df47d981d..43c2ce6073b7 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.test.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.test.ts
@@ -17,7 +17,7 @@ import { createMockProvider } from '#src/test-utils/oidc-provider.js';
 import { MockTenant } from '#src/test-utils/tenant.js';
 import { createContextWithRouteParameters } from '#src/utils/test-utils.js';
 
-import { CodeVerification } from './verifications/code-verification.js';
+import { EmailCodeVerification } from './verifications/code-verification.js';
 
 const { jest } = import.meta;
 const { mockEsm } = createMockUtils(jest);
@@ -75,9 +75,9 @@ describe('ExperienceInteraction class', () => {
   };
   const { libraries, queries } = tenant;
 
-  const emailVerificationRecord = new CodeVerification(libraries, queries, {
+  const emailVerificationRecord = new EmailCodeVerification(libraries, queries, {
     id: 'mock_email_verification_id',
-    type: VerificationType.VerificationCode,
+    type: VerificationType.EmailVerificationCode,
     identifier: {
       type: SignInIdentifier.Email,
       value: mockEmail,
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index 9aebaf7b7673..fe0011e52f45 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -4,6 +4,7 @@ import {
   VerificationType,
   type InteractionIdentifier,
   type User,
+  type VerificationCodeSignInIdentifier,
 } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
 
@@ -41,7 +42,8 @@ export const getNewUserProfileFromVerificationRecord = async (
 ): Promise<InteractionProfile> => {
   switch (verificationRecord.type) {
     case VerificationType.NewPasswordIdentity:
-    case VerificationType.VerificationCode: {
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
       return verificationRecord.toUserProfile();
     }
     case VerificationType.EnterpriseSso:
@@ -86,7 +88,8 @@ export const identifyUserByVerificationRecord = async (
 
   switch (verificationRecord.type) {
     case VerificationType.Password:
-    case VerificationType.VerificationCode: {
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
       return { user: await verificationRecord.identifyUser() };
     }
     case VerificationType.Social: {
@@ -171,3 +174,8 @@ export function profileToUserInfo(
     phoneNumber: primaryPhone ?? undefined,
   };
 }
+
+export const codeVerificationIdentifierRecordTypeMap = Object.freeze({
+  [SignInIdentifier.Email]: VerificationType.EmailVerificationCode,
+  [SignInIdentifier.Phone]: VerificationType.PhoneVerificationCode,
+}) satisfies Record<VerificationCodeSignInIdentifier, VerificationType>;
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
index 83adb6998428..44b3839bc6f2 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
@@ -11,7 +11,7 @@ import { mockSignInExperience } from '#src/__mocks__/sign-in-experience.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import { MockTenant } from '#src/test-utils/tenant.js';
 
-import { CodeVerification } from '../verifications/code-verification.js';
+import { createNewCodeVerificationRecord } from '../verifications/code-verification.js';
 import { EnterpriseSsoVerification } from '../verifications/enterprise-sso-verification.js';
 import { type VerificationRecord } from '../verifications/index.js';
 import { NewPasswordIdentityVerification } from '../verifications/new-password-identity-verification.js';
@@ -53,7 +53,7 @@ const passwordVerificationRecords = Object.fromEntries(
 ) as Record<SignInIdentifier, PasswordVerification>;
 
 const verificationCodeVerificationRecords = Object.freeze({
-  [SignInIdentifier.Email]: CodeVerification.create(
+  [SignInIdentifier.Email]: createNewCodeVerificationRecord(
     mockTenant.libraries,
     mockTenant.queries,
     {
@@ -62,7 +62,7 @@ const verificationCodeVerificationRecords = Object.freeze({
     },
     InteractionEvent.SignIn
   ),
-  [SignInIdentifier.Phone]: CodeVerification.create(
+  [SignInIdentifier.Phone]: createNewCodeVerificationRecord(
     mockTenant.libraries,
     mockTenant.queries,
     {
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
index 9a22b63c21f1..08b912ae2940 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
@@ -4,6 +4,7 @@ import { PasswordPolicyChecker } from '@logto/core-kit';
 import {
   InteractionEvent,
   type SignInExperience,
+  SignInIdentifier,
   SignInMode,
   VerificationType,
 } from '@logto/schemas';
@@ -18,12 +19,13 @@ import { type VerificationRecord } from '../verifications/index.js';
 const getEmailIdentifierFromVerificationRecord = (verificationRecord: VerificationRecord) => {
   switch (verificationRecord.type) {
     case VerificationType.Password:
-    case VerificationType.VerificationCode: {
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
       const {
         identifier: { type, value },
       } = verificationRecord;
 
-      return type === 'email' ? value : undefined;
+      return type === SignInIdentifier.Email ? value : undefined;
     }
     case VerificationType.Social: {
       const { socialUserInfo } = verificationRecord;
@@ -174,7 +176,8 @@ export class SignInExperienceValidator {
 
     switch (verificationRecord.type) {
       case VerificationType.Password:
-      case VerificationType.VerificationCode: {
+      case VerificationType.EmailVerificationCode:
+      case VerificationType.PhoneVerificationCode: {
         const {
           identifier: { type },
         } = verificationRecord;
@@ -224,7 +227,8 @@ export class SignInExperienceValidator {
         );
         break;
       }
-      case VerificationType.VerificationCode: {
+      case VerificationType.EmailVerificationCode:
+      case VerificationType.PhoneVerificationCode: {
         const {
           identifier: { type },
         } = verificationRecord;
@@ -255,7 +259,8 @@ export class SignInExperienceValidator {
   /** Forgot password only supports verification code type verification record */
   private guardForgotPasswordVerificationMethod(verificationRecord: VerificationRecord) {
     assertThat(
-      verificationRecord.type === VerificationType.VerificationCode,
+      verificationRecord.type === VerificationType.EmailVerificationCode ||
+        verificationRecord.type === VerificationType.PhoneVerificationCode,
       new RequestError({ code: 'session.not_supported_for_forgot_password', status: 422 })
     );
   }
diff --git a/packages/core/src/routes/experience/classes/verifications/code-verification.ts b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
index e9879c9726cd..0ccbc2f89712 100644
--- a/packages/core/src/routes/experience/classes/verifications/code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
@@ -1,12 +1,11 @@
-import { TemplateType } from '@logto/connector-kit';
+import { TemplateType, type ToZodObject } from '@logto/connector-kit';
 import {
   InteractionEvent,
+  SignInIdentifier,
   VerificationType,
-  verificationCodeIdentifierGuard,
   type User,
   type VerificationCodeIdentifier,
 } from '@logto/schemas';
-import { type ToZodObject } from '@logto/schemas/lib/utils/zod.js';
 import { generateStandardId } from '@logto/shared';
 import { z } from 'zod';
 
@@ -35,64 +34,47 @@ const eventToTemplateTypeMap: Record<InteractionEvent, TemplateType> = {
 const getTemplateTypeByEvent = (event: InteractionEvent): TemplateType =>
   eventToTemplateTypeMap[event];
 
-/** The JSON data type for the CodeVerification record */
-export type CodeVerificationRecordData = {
-  id: string;
-  type: VerificationType.VerificationCode;
-  identifier: VerificationCodeIdentifier;
-  interactionEvent: InteractionEvent;
-  verified: boolean;
-};
-
-export const codeVerificationRecordDataGuard = z.object({
-  id: z.string(),
-  type: z.literal(VerificationType.VerificationCode),
-  identifier: verificationCodeIdentifierGuard,
-  interactionEvent: z.nativeEnum(InteractionEvent),
-  verified: z.boolean(),
-}) satisfies ToZodObject<CodeVerificationRecordData>;
-
 /** This util method convert the interaction identifier to passcode library payload format */
 const getPasscodeIdentifierPayload = (
   identifier: VerificationCodeIdentifier
 ): Parameters<ReturnType<typeof createPasscodeLibrary>['createPasscode']>[2] =>
   identifier.type === 'email' ? { email: identifier.value } : { phone: identifier.value };
 
+type CodeVerificationType =
+  | VerificationType.EmailVerificationCode
+  | VerificationType.PhoneVerificationCode;
+
+type SinInIdentifierTypeOf = {
+  [VerificationType.EmailVerificationCode]: SignInIdentifier.Email;
+  [VerificationType.PhoneVerificationCode]: SignInIdentifier.Phone;
+};
+
+type VerificationCodeIdentifierOf<T extends CodeVerificationType> = VerificationCodeIdentifier<
+  SinInIdentifierTypeOf[T]
+>;
+
+type CodeVerificationIdentifierMap = {
+  [VerificationType.EmailVerificationCode]: { primaryEmail: string };
+  [VerificationType.PhoneVerificationCode]: { primaryPhone: string };
+};
+
+/** The JSON data type for the `CodeVerification` record */
+export type CodeVerificationRecordData<T extends CodeVerificationType = CodeVerificationType> = {
+  id: string;
+  type: T;
+  identifier: VerificationCodeIdentifierOf<T>;
+  interactionEvent: InteractionEvent;
+  verified: boolean;
+};
+
 /**
- * CodeVerification is a verification type that verifies a given identifier by sending a verification code
- * to the user's email or phone.
- *
- * @remark The verification code is sent to the user's email or phone and the user is required to enter the code to verify.
- * If the identifier is for a existing user, the userId will be set after the verification.
- *
- * To avoid the redundant naming, the `CodeVerification` is used instead of `VerificationCodeVerification`.
+ * This is the parent class for `EmailCodeVerification` and `PhoneCodeVerification`. Not publicly exposed.
  */
-export class CodeVerification
-  implements IdentifierVerificationRecord<VerificationType.VerificationCode>
+abstract class CodeVerification<T extends CodeVerificationType>
+  implements IdentifierVerificationRecord<T>
 {
-  /**
-   * Factory method to create a new CodeVerification record using the given identifier.
-   */
-  static create(
-    libraries: Libraries,
-    queries: Queries,
-    identifier: VerificationCodeIdentifier,
-    interactionEvent: InteractionEvent
-  ) {
-    const record = new CodeVerification(libraries, queries, {
-      id: generateStandardId(),
-      type: VerificationType.VerificationCode,
-      identifier,
-      interactionEvent,
-      verified: false,
-    });
-
-    return record;
-  }
-
   public readonly id: string;
-  public readonly type = VerificationType.VerificationCode;
-  public readonly identifier: VerificationCodeIdentifier;
+  public readonly identifier: VerificationCodeIdentifierOf<T>;
 
   /**
    * The interaction event that triggered the verification.
@@ -102,12 +84,13 @@ export class CodeVerification
    * `InteractionEvent.ForgotPassword` triggered verification results can not used as a verification record for other events.
    */
   public readonly interactionEvent: InteractionEvent;
-  private verified: boolean;
+  public abstract readonly type: T;
+  protected verified: boolean;
 
   constructor(
     private readonly libraries: Libraries,
     private readonly queries: Queries,
-    data: CodeVerificationRecordData
+    data: CodeVerificationRecordData<T>
   ) {
     const { id, identifier, verified, interactionEvent } = data;
 
@@ -144,7 +127,8 @@ export class CodeVerification
   /**
    * Verify the `identifier` with the given code
    *
-   * @remark The identifier and code will be verified in the passcode library.
+   * @remarks
+   * The identifier and code will be verified in the passcode library.
    * No need to verify the identifier before calling this method.
    *
    * - `isVerified` will be set to true if the code is verified successfully.
@@ -187,18 +171,7 @@ export class CodeVerification
     return user;
   }
 
-  toUserProfile(): { primaryEmail: string } | { primaryPhone: string } {
-    assertThat(
-      this.verified,
-      new RequestError({ code: 'session.verification_failed', status: 400 })
-    );
-
-    const { type, value } = this.identifier;
-
-    return type === 'email' ? { primaryEmail: value } : { primaryPhone: value };
-  }
-
-  toJson(): CodeVerificationRecordData {
+  toJson(): CodeVerificationRecordData<T> {
     const { id, type, identifier, interactionEvent, verified } = this;
 
     return {
@@ -209,4 +182,113 @@ export class CodeVerification
       verified,
     };
   }
+
+  abstract toUserProfile(): CodeVerificationIdentifierMap[T];
 }
+
+const basicCodeVerificationRecordDataGuard = z.object({
+  id: z.string(),
+  interactionEvent: z.nativeEnum(InteractionEvent),
+  verified: z.boolean(),
+});
+
+/**
+ * A verification code class that verifies a given email identifier.
+ *
+ * @remarks
+ * The verification code is sent to the user's email and the user is required to enter the exact same code to
+ * complete the process. If the identifier is for an existing user, the `userId` will be set after the verification.
+ */
+export class EmailCodeVerification extends CodeVerification<VerificationType.EmailVerificationCode> {
+  public readonly type = VerificationType.EmailVerificationCode;
+
+  toUserProfile(): { primaryEmail: string } {
+    assertThat(
+      this.verified,
+      new RequestError({
+        code: 'session.verification_failed',
+        state: 400,
+      })
+    );
+
+    const { value } = this.identifier;
+
+    return { primaryEmail: value };
+  }
+}
+
+export const emailCodeVerificationRecordDataGuard = basicCodeVerificationRecordDataGuard.extend({
+  type: z.literal(VerificationType.EmailVerificationCode),
+  identifier: z.object({
+    type: z.literal(SignInIdentifier.Email),
+    value: z.string(),
+  }),
+}) satisfies ToZodObject<CodeVerificationRecordData<VerificationType.EmailVerificationCode>>;
+
+/**
+ * A verification code class that verifies a given phone identifier.
+ *
+ * @remarks
+ * The verification code will be sent to the user's phone and the user is required to enter the exact same code to
+ * complete the process. If the identifier is for an existing user, the `userId` will be set after the verification.
+ */
+export class PhoneCodeVerification extends CodeVerification<VerificationType.PhoneVerificationCode> {
+  public readonly type = VerificationType.PhoneVerificationCode;
+
+  toUserProfile(): { primaryPhone: string } {
+    assertThat(
+      this.verified,
+      new RequestError({
+        code: 'session.verification_failed',
+        state: 400,
+      })
+    );
+
+    const { value } = this.identifier;
+
+    return { primaryPhone: value };
+  }
+}
+
+export const phoneCodeVerificationRecordDataGuard = basicCodeVerificationRecordDataGuard.extend({
+  type: z.literal(VerificationType.PhoneVerificationCode),
+  identifier: z.object({
+    type: z.literal(SignInIdentifier.Phone),
+    value: z.string(),
+  }),
+}) satisfies ToZodObject<CodeVerificationRecordData<VerificationType.PhoneVerificationCode>>;
+
+/**
+ * Factory method to create a new `EmailCodeVerification` / `PhoneCodeVerification` record using the given identifier.
+ */
+export const createNewCodeVerificationRecord = (
+  libraries: Libraries,
+  queries: Queries,
+  identifier:
+    | VerificationCodeIdentifier<SignInIdentifier.Email>
+    | VerificationCodeIdentifier<SignInIdentifier.Phone>,
+  interactionEvent: InteractionEvent
+) => {
+  const { type } = identifier;
+
+  switch (type) {
+    case SignInIdentifier.Email: {
+      return new EmailCodeVerification(libraries, queries, {
+        id: generateStandardId(),
+        type: VerificationType.EmailVerificationCode,
+        identifier,
+        interactionEvent,
+        verified: false,
+      });
+    }
+    case SignInIdentifier.Phone: {
+      return new PhoneCodeVerification(libraries, queries, {
+        id: generateStandardId(),
+        type: VerificationType.PhoneVerificationCode,
+        identifier,
+        interactionEvent,
+        verified: false,
+      });
+    }
+  }
+};
diff --git a/packages/core/src/routes/experience/classes/verifications/index.ts b/packages/core/src/routes/experience/classes/verifications/index.ts
index 8522de9a9cdf..bc1ac79bdb50 100644
--- a/packages/core/src/routes/experience/classes/verifications/index.ts
+++ b/packages/core/src/routes/experience/classes/verifications/index.ts
@@ -10,8 +10,10 @@ import {
   type BackupCodeVerificationRecordData,
 } from './backup-code-verification.js';
 import {
-  CodeVerification,
-  codeVerificationRecordDataGuard,
+  EmailCodeVerification,
+  emailCodeVerificationRecordDataGuard,
+  PhoneCodeVerification,
+  phoneCodeVerificationRecordDataGuard,
   type CodeVerificationRecordData,
 } from './code-verification.js';
 import {
@@ -42,7 +44,8 @@ import {
 
 export type VerificationRecordData =
   | PasswordVerificationRecordData
-  | CodeVerificationRecordData
+  | CodeVerificationRecordData<VerificationType.EmailVerificationCode>
+  | CodeVerificationRecordData<VerificationType.PhoneVerificationCode>
   | SocialVerificationRecordData
   | EnterpriseSsoVerificationRecordData
   | TotpVerificationRecordData
@@ -59,7 +62,8 @@ export type VerificationRecordData =
  */
 export type VerificationRecord =
   | PasswordVerification
-  | CodeVerification
+  | EmailCodeVerification
+  | PhoneCodeVerification
   | SocialVerification
   | EnterpriseSsoVerification
   | TotpVerification
@@ -68,7 +72,8 @@ export type VerificationRecord =
 
 export const verificationRecordDataGuard = z.discriminatedUnion('type', [
   passwordVerificationRecordDataGuard,
-  codeVerificationRecordDataGuard,
+  emailCodeVerificationRecordDataGuard,
+  phoneCodeVerificationRecordDataGuard,
   socialVerificationRecordDataGuard,
   enterPriseSsoVerificationRecordDataGuard,
   totpVerificationRecordDataGuard,
@@ -88,8 +93,11 @@ export const buildVerificationRecord = (
     case VerificationType.Password: {
       return new PasswordVerification(libraries, queries, data);
     }
-    case VerificationType.VerificationCode: {
-      return new CodeVerification(libraries, queries, data);
+    case VerificationType.EmailVerificationCode: {
+      return new EmailCodeVerification(libraries, queries, data);
+    }
+    case VerificationType.PhoneVerificationCode: {
+      return new PhoneCodeVerification(libraries, queries, data);
     }
     case VerificationType.Social: {
       return new SocialVerification(libraries, queries, data);
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-record.ts b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
index 6eff83275153..a9ff16fb8541 100644
--- a/packages/core/src/routes/experience/classes/verifications/verification-record.ts
+++ b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
@@ -19,7 +19,8 @@ export abstract class VerificationRecord<
 }
 
 type IdentifierVerificationType =
-  | VerificationType.VerificationCode
+  | VerificationType.EmailVerificationCode
+  | VerificationType.PhoneVerificationCode
   | VerificationType.Password
   | VerificationType.Social
   | VerificationType.EnterpriseSso;
diff --git a/packages/core/src/routes/experience/verification-routes/verification-code.ts b/packages/core/src/routes/experience/verification-routes/verification-code.ts
index 1e99894b51c3..6c9654ba4073 100644
--- a/packages/core/src/routes/experience/verification-routes/verification-code.ts
+++ b/packages/core/src/routes/experience/verification-routes/verification-code.ts
@@ -1,8 +1,4 @@
-import {
-  InteractionEvent,
-  VerificationType,
-  verificationCodeIdentifierGuard,
-} from '@logto/schemas';
+import { InteractionEvent, verificationCodeIdentifierGuard } from '@logto/schemas';
 import type Router from 'koa-router';
 import { z } from 'zod';
 
@@ -12,7 +8,8 @@ import koaGuard from '#src/middleware/koa-guard.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { CodeVerification } from '../classes/verifications/code-verification.js';
+import { codeVerificationIdentifierRecordTypeMap } from '../classes/utils.js';
+import { createNewCodeVerificationRecord } from '../classes/verifications/code-verification.js';
 import { experienceRoutes } from '../const.js';
 import { type WithExperienceInteractionContext } from '../middleware/koa-experience-interaction.js';
 
@@ -36,7 +33,7 @@ export default function verificationCodeRoutes<T extends WithLogContext>(
     async (ctx, next) => {
       const { identifier, interactionEvent } = ctx.guard.body;
 
-      const codeVerification = CodeVerification.create(
+      const codeVerification = createNewCodeVerificationRecord(
         libraries,
         queries,
         identifier,
@@ -80,7 +77,7 @@ export default function verificationCodeRoutes<T extends WithLogContext>(
       assertThat(
         codeVerificationRecord &&
           // Make the Verification type checker happy
-          codeVerificationRecord.type === VerificationType.VerificationCode,
+          codeVerificationRecord.type === codeVerificationIdentifierRecordTypeMap[identifier.type],
         new RequestError({ code: 'session.verification_session_not_found', status: 404 })
       );
 
diff --git a/packages/schemas/src/types/interactions.ts b/packages/schemas/src/types/interactions.ts
index e833e2b3fe7f..c58ab56f638f 100644
--- a/packages/schemas/src/types/interactions.ts
+++ b/packages/schemas/src/types/interactions.ts
@@ -41,12 +41,15 @@ export const interactionIdentifierGuard = z.object({
   value: z.string(),
 }) satisfies ToZodObject<InteractionIdentifier>;
 
+export type VerificationCodeSignInIdentifier = SignInIdentifier.Email | SignInIdentifier.Phone;
+
 /** Currently only email and phone are supported for verification code validation. */
-export type VerificationCodeIdentifier = {
-  type: SignInIdentifier.Email | SignInIdentifier.Phone;
+export type VerificationCodeIdentifier<
+  T extends VerificationCodeSignInIdentifier = VerificationCodeSignInIdentifier,
+> = {
+  type: T;
   value: string;
 };
-
 export const verificationCodeIdentifierGuard = z.object({
   type: z.enum([SignInIdentifier.Email, SignInIdentifier.Phone]),
   value: z.string(),
@@ -55,7 +58,8 @@ export const verificationCodeIdentifierGuard = z.object({
 /** Logto supported interaction verification types. */
 export enum VerificationType {
   Password = 'Password',
-  VerificationCode = 'VerificationCode',
+  EmailVerificationCode = 'EmailVerificationCode',
+  PhoneVerificationCode = 'PhoneVerificationCode',
   Social = 'Social',
   EnterpriseSso = 'EnterpriseSso',
   TOTP = 'Totp',

From adbf04e22ae283c7d408a7ae12711d5e7195a51b Mon Sep 17 00:00:00 2001
From: Mostafa Moradian <mstfmoradian@gmail.com>
Date: Mon, 22 Jul 2024 05:06:40 +0200
Subject: [PATCH 059/135] feat: add content schema to HTTP 201 CREATED messages
 (#6244)

feat: add content schema to 201 messages
---
 packages/core/src/routes/swagger/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/core/src/routes/swagger/index.ts b/packages/core/src/routes/swagger/index.ts
index b845ed0d72f5..cfaf39a9e58c 100644
--- a/packages/core/src/routes/swagger/index.ts
+++ b/packages/core/src/routes/swagger/index.ts
@@ -93,7 +93,7 @@ const buildOperation = (
         throw new Error(`Invalid status code ${status}.`);
       }
 
-      if (status === 200) {
+      if (status === 200 || status === 201) {
         return [
           status,
           {

From b21a417560ae1f6cd49b26b2fe03ff923c664dbd Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 11:09:12 +0800
Subject: [PATCH 060/135] feat(console,phrases): add bring your ui quota item
 to pricing table (#6274)

---
 .../connector-logto-email/package.json        |  2 +-
 packages/console/package.json                 |  2 +-
 .../console/src/consts/quota-item-phrases.ts  |  8 ++++++++
 packages/console/src/consts/tenants.ts        |  2 ++
 .../PlanComparisonTable/index.tsx             |  2 ++
 .../admin-console/subscription/quota-item.ts  | 12 ++++++++++++
 .../admin-console/subscription/quota-table.ts |  1 +
 pnpm-lock.yaml                                | 19 ++++---------------
 8 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index a3f2033fd514..0238bb59ab63 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -52,7 +52,7 @@
     "access": "public"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-a7eedce",
+    "@logto/cloud": "0.2.5-3b703da",
     "@rollup/plugin-commonjs": "^26.0.0",
     "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^15.2.3",
diff --git a/packages/console/package.json b/packages/console/package.json
index 11932c3a7561..e5075e13850e 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -27,7 +27,7 @@
   "devDependencies": {
     "@fontsource/roboto-mono": "^5.0.0",
     "@jest/types": "^29.5.0",
-    "@logto/cloud": "0.2.5-a7eedce",
+    "@logto/cloud": "0.2.5-3b703da",
     "@logto/connector-kit": "workspace:^4.0.0",
     "@logto/core-kit": "workspace:^2.5.0",
     "@logto/elements": "workspace:^0.0.0",
diff --git a/packages/console/src/consts/quota-item-phrases.ts b/packages/console/src/consts/quota-item-phrases.ts
index fb26ee59104d..3a6dec712f32 100644
--- a/packages/console/src/consts/quota-item-phrases.ts
+++ b/packages/console/src/consts/quota-item-phrases.ts
@@ -28,6 +28,8 @@ export const quotaItemPhrasesMap: Record<
   ssoEnabled: 'sso_enabled.name',
   tenantMembersLimit: 'tenant_members_limit.name',
   customJwtEnabled: 'custom_jwt_enabled.name',
+  subjectTokenEnabled: 'impersonation_enabled.name',
+  bringYourUiEnabled: 'bring_your_ui_enabled.name',
 };
 
 export const quotaItemUnlimitedPhrasesMap: Record<
@@ -56,6 +58,8 @@ export const quotaItemUnlimitedPhrasesMap: Record<
   ssoEnabled: 'sso_enabled.unlimited',
   tenantMembersLimit: 'tenant_members_limit.unlimited',
   customJwtEnabled: 'custom_jwt_enabled.unlimited',
+  subjectTokenEnabled: 'impersonation_enabled.unlimited',
+  bringYourUiEnabled: 'bring_your_ui_enabled.unlimited',
 };
 
 export const quotaItemLimitedPhrasesMap: Record<
@@ -84,6 +88,8 @@ export const quotaItemLimitedPhrasesMap: Record<
   ssoEnabled: 'sso_enabled.limited',
   tenantMembersLimit: 'tenant_members_limit.limited',
   customJwtEnabled: 'custom_jwt_enabled.limited',
+  subjectTokenEnabled: 'impersonation_enabled.limited',
+  bringYourUiEnabled: 'bring_your_ui_enabled.limited',
 };
 
 export const quotaItemNotEligiblePhrasesMap: Record<
@@ -112,4 +118,6 @@ export const quotaItemNotEligiblePhrasesMap: Record<
   ssoEnabled: 'sso_enabled.not_eligible',
   tenantMembersLimit: 'tenant_members_limit.not_eligible',
   customJwtEnabled: 'custom_jwt_enabled.not_eligible',
+  subjectTokenEnabled: 'impersonation_enabled.not_eligible',
+  bringYourUiEnabled: 'bring_your_ui_enabled.not_eligible',
 };
diff --git a/packages/console/src/consts/tenants.ts b/packages/console/src/consts/tenants.ts
index e3bfe16c81c8..05bc17173a05 100644
--- a/packages/console/src/consts/tenants.ts
+++ b/packages/console/src/consts/tenants.ts
@@ -71,6 +71,8 @@ export const defaultSubscriptionPlan: SubscriptionPlan = {
     thirdPartyApplicationsLimit: null,
     tenantMembersLimit: null,
     customJwtEnabled: true,
+    subjectTokenEnabled: true,
+    bringYourUiEnabled: true,
   },
 };
 
diff --git a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
index ab670ef5e457..be8dfb770cbc 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
@@ -85,6 +85,7 @@ function PlanComparisonTable() {
     // UI and branding
     const customDomain = t('branding.custom_domain');
     const customCss = t('branding.custom_css');
+    const bringYourUi = t('branding.bring_your_ui');
     const appLogoAndFavicon = t('branding.logo_and_favicon');
     const darkMode = t('branding.dark_mode');
     const i18n = t('branding.i18n');
@@ -187,6 +188,7 @@ function PlanComparisonTable() {
           { name: appLogoAndFavicon, data: ['✓', '✓', '✓'] },
           { name: darkMode, data: ['✓', '✓', '✓'] },
           { name: i18n, data: ['✓', '✓', '✓'] },
+          { name: bringYourUi, data: ['-', '✓', '✓'] },
         ],
       },
       {
diff --git a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-item.ts
index d7d49de8dc74..340d31e14799 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'Custom JWT',
     not_eligible: 'Remove your JWT claims customizer',
   },
+  impersonation_enabled: {
+    name: 'Impersonation',
+    limited: 'Impersonation',
+    unlimited: 'Impersonation',
+    not_eligible: 'No impersonation allowed',
+  },
+  bring_your_ui_enabled: {
+    name: 'Bring your UI',
+    limited: 'Bring your UI',
+    unlimited: 'Bring your UI',
+    not_eligible: 'Remove your custom UI assets',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
index 0813277d1905..b58127688b18 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/subscription/quota-table.ts
@@ -21,6 +21,7 @@ const quota_table = {
     custom_domain: 'Custom domain',
     custom_css: 'Custom CSS',
     logo_and_favicon: 'Logo and favicon',
+    bring_your_ui: 'Bring your UI',
     dark_mode: 'Dark mode',
     i18n: 'Internationalization',
   },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 7e3f8cd94bb5..5624de8d41f9 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -1372,8 +1372,8 @@ importers:
         version: 3.23.8
     devDependencies:
       '@logto/cloud':
-        specifier: 0.2.5-a7eedce
-        version: 0.2.5-a7eedce(zod@3.23.8)
+        specifier: 0.2.5-3b703da
+        version: 0.2.5-3b703da(zod@3.23.8)
       '@rollup/plugin-commonjs':
         specifier: ^26.0.0
         version: 26.0.1(rollup@4.12.0)
@@ -2858,8 +2858,8 @@ importers:
         specifier: ^29.5.0
         version: 29.5.0
       '@logto/cloud':
-        specifier: 0.2.5-a7eedce
-        version: 0.2.5-a7eedce(zod@3.23.8)
+        specifier: 0.2.5-3b703da
+        version: 0.2.5-3b703da(zod@3.23.8)
       '@logto/connector-kit':
         specifier: workspace:^4.0.0
         version: link:../toolkit/connector-kit
@@ -5433,10 +5433,6 @@ packages:
     resolution: {integrity: sha512-VCevQnxP5910s/cDYAxoJRim9iH1yN/La0HAlOP6FhVGtZofYwTTfT9AQXC+dZScgydpcFWo4k/6MYOFRtZCLg==}
     engines: {node: ^20.9.0}
 
-  '@logto/cloud@0.2.5-a7eedce':
-    resolution: {integrity: sha512-FFjkGjqUgn9PCZnSuCODm2FcjqBm4JfPxfHCiXlOkUjeUhTJLrj7C0gjKzSQ/B6IaWri4EXN/meuqi5z/AMIPg==}
-    engines: {node: ^20.9.0}
-
   '@logto/js@4.1.4':
     resolution: {integrity: sha512-6twud1nFBQmj89/aflzej6yD1QwXfPiYmRtyYuN4a7O9OaaW3X/kJBVwjKUn5NC9IUt+rd+jXsI3QJXENfaLAw==}
 
@@ -15479,13 +15475,6 @@ snapshots:
     transitivePeerDependencies:
       - zod
 
-  '@logto/cloud@0.2.5-a7eedce(zod@3.23.8)':
-    dependencies:
-      '@silverhand/essentials': 2.9.1
-      '@withtyped/server': 0.13.6(zod@3.23.8)
-    transitivePeerDependencies:
-      - zod
-
   '@logto/js@4.1.4':
     dependencies:
       '@silverhand/essentials': 2.9.1

From ead7c849730bf4b67d61e3dc89469f07bd2a1cf7 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 11:25:20 +0800
Subject: [PATCH 061/135] refactor(console,phrases,schemas): increase file
 upload size limit to 10mb (#6258)

refactor(console,phrases,schemas): increase file upload size limit to 10 mb
---
 .../src/ds-components/Uploader/FileUploader/index.tsx       | 6 ++++--
 .../src/locales/de/translation/admin-console/components.ts  | 2 +-
 .../src/locales/en/translation/admin-console/components.ts  | 2 +-
 .../src/locales/es/translation/admin-console/components.ts  | 2 +-
 .../src/locales/fr/translation/admin-console/components.ts  | 2 +-
 .../src/locales/it/translation/admin-console/components.ts  | 2 +-
 .../src/locales/ja/translation/admin-console/components.ts  | 2 +-
 .../src/locales/ko/translation/admin-console/components.ts  | 2 +-
 .../locales/pl-pl/translation/admin-console/components.ts   | 2 +-
 .../locales/pt-br/translation/admin-console/components.ts   | 2 +-
 .../locales/pt-pt/translation/admin-console/components.ts   | 2 +-
 .../src/locales/ru/translation/admin-console/components.ts  | 2 +-
 .../locales/tr-tr/translation/admin-console/components.ts   | 3 +--
 .../locales/zh-cn/translation/admin-console/components.ts   | 2 +-
 .../locales/zh-hk/translation/admin-console/components.ts   | 2 +-
 .../locales/zh-tw/translation/admin-console/components.ts   | 2 +-
 packages/schemas/src/types/user-assets.ts                   | 2 +-
 17 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
index 35d4383de6de..e9ea1415c119 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
@@ -8,7 +8,7 @@ import { useTranslation } from 'react-i18next';
 
 import UploaderIcon from '@/assets/icons/upload.svg';
 import useApi from '@/hooks/use-api';
-import { convertToFileExtensionArray } from '@/utils/uploader';
+import { convertToFileExtensionArray, formatBytes } from '@/utils/uploader';
 
 import { Ring } from '../../Spinner';
 
@@ -94,7 +94,9 @@ function FileUploader<T extends Record<string, unknown> = UserAssets>({
       const fileSizeLimit = Math.min(maxSize, maxUploadFileSize);
 
       if (acceptedFile.size > fileSizeLimit) {
-        setUploadError(t('components.uploader.error_file_size', { size: fileSizeLimit / 1024 }));
+        setUploadError(
+          t('components.uploader.error_file_size', { limitWithUnit: formatBytes(fileSizeLimit) })
+        );
 
         return;
       }
diff --git a/packages/phrases/src/locales/de/translation/admin-console/components.ts b/packages/phrases/src/locales/de/translation/admin-console/components.ts
index 3a7155352ff3..4c2c4d5dc34c 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       'Lade ein Bild unter {{size, number}}KB hoch, nur {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Etwas ist schiefgelaufen. Dateiupload fehlgeschlagen.',
-    error_file_size: 'Dateigröße ist zu groß. Bitte lade eine Datei unter {{size, number}}KB hoch.',
+    error_file_size: 'Dateigröße ist zu groß. Bitte lade eine Datei unter {{limitWithUnit}} hoch.',
     error_file_type:
       'Dateityp wird nicht unterstützt. Nur {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Sie können nur 1 Datei hochladen.',
diff --git a/packages/phrases/src/locales/en/translation/admin-console/components.ts b/packages/phrases/src/locales/en/translation/admin-console/components.ts
index 1bd087436e46..cd6be12a3d21 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       'Upload image under {{size, number}}KB, {{extensions, list(style: narrow; type: conjunction;)}} only.',
     error_upload: 'Something went wrong. File upload failed.',
-    error_file_size: 'File size is too large. Please upload a file under {{size, number}}KB.',
+    error_file_size: 'File size is too large. Please upload a file under {{limitWithUnit}}.',
     error_file_type:
       'File type is not supported. {{extensions, list(style: narrow; type: conjunction;)}} only.',
     error_file_count: 'You can only upload 1 file.',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/components.ts b/packages/phrases/src/locales/es/translation/admin-console/components.ts
index 3533f44a2f71..5f55a2f7c8c4 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/components.ts
@@ -6,7 +6,7 @@ const components = {
       'Sube imágenes de menos de {{size, number}}KB, solo {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Algo salió mal. La subida de archivos falló.',
     error_file_size:
-      'El archivo es demasiado grande. Por favor, sube un archivo de menos de {{size, number}}KB.',
+      'El archivo es demasiado grande. Por favor, sube un archivo de menos de {{limitWithUnit}}.',
     error_file_type:
       'El tipo de archivo no es compatible. Solo {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Solo puedes subir 1 archivo.',
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/components.ts b/packages/phrases/src/locales/fr/translation/admin-console/components.ts
index cd0b42fd2d34..e2c6c972606d 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/components.ts
@@ -6,7 +6,7 @@ const components = {
       'Téléchargez une image de moins de {{size, number}} Ko, uniquement {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: "Quelque chose s'est mal passé. La téléchargement de fichier a échoué.",
     error_file_size:
-      'La taille du fichier est trop grande. Veuillez télécharger un fichier de moins de {{size, number}}Ko.',
+      'La taille du fichier est trop grande. Veuillez télécharger un fichier de moins de {{limitWithUnit}}Ko.',
     error_file_type:
       "Le type de fichier n'est pas pris en charge. Uniquement {{extensions, list(style: narrow; type: conjunction;)}}.",
     error_file_count: 'Vous ne pouvez télécharger qu’un seul fichier.',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/components.ts b/packages/phrases/src/locales/it/translation/admin-console/components.ts
index 1034a2cb9d27..72a66aa6b3c6 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       'Carica immagini sotto i {{size, number}}KB, solo {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Qualcosa è andato storto. Caricamento fallito.',
-    error_file_size: 'Il file è troppo grande. Carica un file sotto i {{size, number}}KB.',
+    error_file_size: 'Il file è troppo grande. Carica un file sotto i {{limitWithUnit}}.',
     error_file_type:
       'Formato file non supportato. Sono accettati solo formati {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Puoi caricare solo 1 file.',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/components.ts b/packages/phrases/src/locales/ja/translation/admin-console/components.ts
index c43121cdb0a2..c571a7ba68e5 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       '{{size, number}}KB以下のイメージをアップロードし、{{extensions, list(style: narrow; type: conjunction;)}}のみ許可します。',
     error_upload: 'エラーが発生しました。ファイルのアップロードに失敗しました。',
-    error_file_size: '{{size, number}}KB以下のファイルをアップロードしてください。',
+    error_file_size: '{{limitWithUnit}} 以下のファイルをアップロードしてください。',
     error_file_type:
       '{{extensions, list(style: narrow; type: conjunction;)}}のみサポートされます。',
     error_file_count: '1つのファイルしかアップロードできません。',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/components.ts b/packages/phrases/src/locales/ko/translation/admin-console/components.ts
index c5285ccf9a9c..7d340624c38f 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       '{{size, number}}KB 미만의 {{extensions, list(style: narrow; type: conjunction;)}} 파일만 업로드하세요.',
     error_upload: '오류가 발생했습니다. 파일 업로드에 실패하였습니다.',
-    error_file_size: '파일 크기가 너무 커요. {{size, number}}KB 미만의 파일을 업로드해 주세요.',
+    error_file_size: '파일 크기가 너무 커요. {{limitWithUnit}} 미만의 파일을 업로드해 주세요.',
     error_file_type:
       '지원되지 않는 파일 유형이에요. {{extensions, list(style: narrow; type: conjunction;)}} 파일만 사용 가능해요.',
     error_file_count: '파일은 1개만 업로드 가능합니다.',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/components.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/components.ts
index 8b80588cdd0d..c767ab6954c4 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/components.ts
@@ -6,7 +6,7 @@ const components = {
       'Wyślij obraz o rozmiarze mniejszym niż {{size, number}}KB, tylko w formacie {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Coś poszło nie tak. Nie udało się wysłać pliku.',
     error_file_size:
-      'Plik jest zbyt duży. Wyślij plik o rozmiarze mniejszym niż {{size, number}}KB.',
+      'Plik jest zbyt duży. Wyślij plik o rozmiarze mniejszym niż {{limitWithUnit}}.',
     error_file_type:
       'Ten typ pliku nie jest obsługiwany. Obsługiwane formaty to {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Możesz przesłać tylko 1 plik.',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/components.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/components.ts
index 1335f16e2523..6ac1ec207baf 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/components.ts
@@ -6,7 +6,7 @@ const components = {
       'Carregue imagens abaixo de {{size, number}}KB, apenas {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Algo deu errado. Falha ao enviar arquivo.',
     error_file_size:
-      'Tamanho do arquivo é muito grande. Por favor, envie um arquivo abaixo de {{size, number}}KB.',
+      'Tamanho do arquivo é muito grande. Por favor, envie um arquivo abaixo de {{limitWithUnit}}.',
     error_file_type:
       'Tipo de arquivo não é suportado. Apenas {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Você só pode enviar 1 arquivo.',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/components.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/components.ts
index 84bbf5ab7961..172c0dc15ab7 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/components.ts
@@ -6,7 +6,7 @@ const components = {
       'Carregue imagens com menos de {{size, number}}KB, só {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Algo correu mal. O carregamento do ficheiro falhou.',
     error_file_size:
-      'O ficheiro é demasiado grande. Por favor carregue um ficheiro com menos de {{size, number}}KB.',
+      'O ficheiro é demasiado grande. Por favor carregue um ficheiro com menos de {{limitWithUnit}}.',
     error_file_type:
       'O tipo de ficheiro não é suportado. Apenas {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Só é possível carregar 1 ficheiro.',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/components.ts b/packages/phrases/src/locales/ru/translation/admin-console/components.ts
index cf59012a1f90..aa684daabecc 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/components.ts
@@ -6,7 +6,7 @@ const components = {
       'Загрузите изображение размером менее {{size, number}} КБ, только {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_upload: 'Что-то пошло не так. Загрузка файла не удалась.',
     error_file_size:
-      'Размер файла слишком большой. Пожалуйста, загрузите файл размером менее {{size, number}} КБ.',
+      'Размер файла слишком большой. Пожалуйста, загрузите файл размером менее {{limitWithUnit}}.',
     error_file_type:
       'Тип файла не поддерживается. Допустимы только файлы типа {{extensions, list(style: narrow; type: conjunction;)}}.',
     error_file_count: 'Вы можете загрузить только 1 файл.',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/components.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/components.ts
index b424ca5be003..93a37fa22af8 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/components.ts
@@ -5,8 +5,7 @@ const components = {
     image_limit:
       '{{size, number}}KB altındaki resimleri yükleyin, yalnızca {{extensions, list(style: narrow; type: conjunction;)}} dosyaları kabul edilir.',
     error_upload: 'Bir şeyler yanlış gitti. Dosya yüklenemedi.',
-    error_file_size:
-      'Dosya boyutu çok büyük. Lütfen {{size, number}}KB altında bir dosya yükleyin.',
+    error_file_size: 'Dosya boyutu çok büyük. Lütfen {{limitWithUnit}} altında bir dosya yükleyin.',
     error_file_type:
       'Dosya türü desteklenmiyor. Yalnızca {{extensions, list(style: narrow; type: conjunction;)}} dosyaları kabul edilir.',
     error_file_count: 'Sadece 1 dosya yükleyebilirsiniz.',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/components.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/components.ts
index 100a779a60f8..eb7c6c8db3e0 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       '上传图片大小不能超过 {{size, number}}KB，只支持 {{extensions, list(style: narrow; type: conjunction;)}} 格式的文件。',
     error_upload: '哎呀，出了些问题。文件上传失败。',
-    error_file_size: '文件太大了，请上传小于 {{size, number}}KB 的文件。',
+    error_file_size: '文件太大了，请上传小于 {{limitWithUnit}} 的文件。',
     error_file_type:
       '不支持该文件类型。只支持 {{extensions, list(style: narrow; type: conjunction;)}} 格式的文件。',
     error_file_count: '只能上传一个文件。',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/components.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/components.ts
index aa90ef96a21f..b7ddbb5d0145 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       '上傳圖片大小不能超過 {{size, number}}KB，只支援 {{extensions, list(style: narrow; type: conjunction;)}} 格式的檔案。',
     error_upload: '哎呀，出了些問題。檔案上傳失敗。',
-    error_file_size: '檔案太大了，請上傳小於 {{size, number}}KB 的檔案。',
+    error_file_size: '檔案太大了，請上傳小於 {{limitWithUnit}} 的檔案。',
     error_file_type:
       '不支援該檔案格式，只支援 {{extensions, list(style: narrow; type: conjunction;)}} 格式的檔案。',
     error_file_count: '你只能上載一個檔案。',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/components.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/components.ts
index 7a6341d48420..0a431ca0fa90 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/components.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/components.ts
@@ -5,7 +5,7 @@ const components = {
     image_limit:
       '上傳圖片大小不能超過 {{size, number}}KB，只支持 {{extensions, list(style: narrow; type: conjunction;)}} 格式的文件。',
     error_upload: '哎呀，出了些問題。文件上傳失敗。',
-    error_file_size: '文件太大了，請上傳小於 {{size, number}}KB 的文件。',
+    error_file_size: '文件太大了，請上傳小於 {{limitWithUnit}} 的文件。',
     error_file_type:
       '不支持該文件類型。只支持 {{extensions, list(style: narrow; type: conjunction;)}} 格式的文件。',
     error_file_count: '您只能上傳一個檔案。',
diff --git a/packages/schemas/src/types/user-assets.ts b/packages/schemas/src/types/user-assets.ts
index 931e29480f7d..95aa2d530f4b 100644
--- a/packages/schemas/src/types/user-assets.ts
+++ b/packages/schemas/src/types/user-assets.ts
@@ -1,6 +1,6 @@
 import { z } from 'zod';
 
-export const maxUploadFileSize = 8 * 1024 * 1024; // 8MB
+export const maxUploadFileSize = 10 * 1024 * 1024; // 10 MB
 
 // Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
 export const allowUploadMimeTypes = [

From 36ad49b90eab8001e7ba893aa7f73dd7fcdd4d93 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 19 Jul 2024 10:42:03 +0800
Subject: [PATCH 062/135] feat(elements): init modal and input

---
 packages/elements/README.md                   |  8 +-
 packages/elements/package.json                |  7 +-
 .../elements/src/components/logto-button.ts   |  2 +-
 .../src/components/logto-card-section.ts      |  6 +-
 .../src/components/logto-form-card.ts         |  6 +-
 .../src/components/logto-icon-button.ts       | 51 +++++++++++
 .../src/components/logto-modal-layout.ts      | 62 +++++++++++++
 .../src/components/logto-modal.context.ts     | 16 ++++
 .../elements/src/components/logto-modal.ts    | 88 +++++++++++++++++++
 .../src/components/logto-text-input.ts        | 85 ++++++++++++++++++
 .../src/elements/logto-profile-card.ts        | 36 +++++++-
 packages/elements/src/icons/close.svg         |  5 ++
 packages/elements/src/icons/index.d.ts        |  4 +
 packages/elements/src/index.ts                |  4 +
 packages/elements/src/utils/theme.ts          | 21 +++++
 packages/elements/tsup.config.ts              | 15 ++++
 packages/elements/web-dev-server.config.js    | 12 +++
 packages/elements/xliff/de.xlf                | 19 ++--
 packages/elements/xliff/es.xlf                | 19 ++--
 packages/elements/xliff/fr.xlf                | 19 ++--
 packages/elements/xliff/it.xlf                | 19 ++--
 packages/elements/xliff/ja.xlf                | 19 ++--
 packages/elements/xliff/ko.xlf                | 25 ++++--
 packages/elements/xliff/pl-PL.xlf             | 19 ++--
 packages/elements/xliff/pt-BR.xlf             | 19 ++--
 packages/elements/xliff/pt-PT.xlf             | 19 ++--
 packages/elements/xliff/ru.xlf                | 19 ++--
 packages/elements/xliff/tr-TR.xlf             | 19 ++--
 packages/elements/xliff/zh-CN.xlf             | 19 ++--
 packages/elements/xliff/zh-HK.xlf             | 19 ++--
 packages/elements/xliff/zh-TW.xlf             | 19 ++--
 pnpm-lock.yaml                                | 13 +++
 32 files changed, 627 insertions(+), 86 deletions(-)
 create mode 100644 packages/elements/src/components/logto-icon-button.ts
 create mode 100644 packages/elements/src/components/logto-modal-layout.ts
 create mode 100644 packages/elements/src/components/logto-modal.context.ts
 create mode 100644 packages/elements/src/components/logto-modal.ts
 create mode 100644 packages/elements/src/components/logto-text-input.ts
 create mode 100644 packages/elements/src/icons/close.svg
 create mode 100644 packages/elements/src/icons/index.d.ts

diff --git a/packages/elements/README.md b/packages/elements/README.md
index 81b2c64644c6..f52f12edb22e 100644
--- a/packages/elements/README.md
+++ b/packages/elements/README.md
@@ -31,11 +31,11 @@ When using `msg()`, a human-readable ID should be used, and it is highly recomme
 
 ```ts
 // ✅ Good
-msg('Not available', {
-  id: 'form-card.fallback-title',
-  desc: 'The fallback title of a form card when the title is not provided.',
+msg('Not set', {
+  id: 'general.fallback-title',
+  desc: 'A fallback title when the title or heading of a component is not provided.',
 })
 
 // ❌ Bad
-msg('Not available')
+msg('Not set')
 ```
diff --git a/packages/elements/package.json b/packages/elements/package.json
index 3599cd569190..d1bcbded3d7c 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -28,14 +28,15 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build": "pnpm check && lit-localize build && tsup",
+    "build:only": "lit-localize build && tsup",
+    "build": "pnpm check && pnpm build:only",
     "start": "web-dev-server",
     "dev": "lit-localize build && tsup --watch --no-splitting",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "echo \"No tests yet.\"",
     "test:ci": "pnpm run test --silent --coverage",
-    "prepack": "pnpm build",
+    "prepack": "pnpm build:only",
     "localize": "lit-localize",
     "check": "if command -v git &> /dev/null; then lit-localize extract && git add . -N && git diff --exit-code; fi"
   },
@@ -46,6 +47,7 @@
     "url": "https://github.com/logto-io/logto/issues"
   },
   "dependencies": {
+    "@lit/context": "^1.1.2",
     "@lit/localize": "^0.12.1",
     "@lit/react": "^1.0.5",
     "@silverhand/essentials": "^2.9.1",
@@ -55,6 +57,7 @@
     "@lit/localize-tools": "^0.7.2",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
+    "@types/node": "^20.9.5",
     "@web/dev-server": "^0.4.6",
     "@web/dev-server-esbuild": "^1.0.2",
     "eslint": "^8.56.0",
diff --git a/packages/elements/src/components/logto-button.ts b/packages/elements/src/components/logto-button.ts
index 78972cfbe7e0..5f6d7c4a01ff 100644
--- a/packages/elements/src/components/logto-button.ts
+++ b/packages/elements/src/components/logto-button.ts
@@ -32,7 +32,7 @@ export class LogtoButton extends LitElement {
 
     :host([type='text']) {
       background: none;
-      border-color: none;
+      border-color: transparent;
       font: ${vars.fontLabel2};
       color: ${vars.colorTextLink};
       padding: ${unit(0.5, 1)};
diff --git a/packages/elements/src/components/logto-card-section.ts b/packages/elements/src/components/logto-card-section.ts
index 3ce9da6af11f..2f3a365d11c8 100644
--- a/packages/elements/src/components/logto-card-section.ts
+++ b/packages/elements/src/components/logto-card-section.ts
@@ -21,9 +21,9 @@ export class LogtoCardSection extends LitElement {
   `;
 
   @property()
-  heading = msg('Not available', {
-    id: 'form-card.fallback-title',
-    desc: 'The fallback title of a form card when the title is not provided.',
+  heading = msg('Not set', {
+    id: 'general.fallback-title',
+    desc: 'A fallback title when the title or heading of a component is not provided.',
   });
 
   render() {
diff --git a/packages/elements/src/components/logto-form-card.ts b/packages/elements/src/components/logto-form-card.ts
index 6252d8393a31..329295ca2fed 100644
--- a/packages/elements/src/components/logto-form-card.ts
+++ b/packages/elements/src/components/logto-form-card.ts
@@ -57,9 +57,9 @@ export class LogtoFormCard extends LitElement {
   `;
 
   @property()
-  heading = msg('Not available', {
-    id: 'form-card.fallback-title',
-    desc: 'The fallback title of a form card when the title is not provided.',
+  heading = msg('Not set', {
+    id: 'general.fallback-title',
+    desc: 'A fallback title when the title or heading of a component is not provided.',
   });
 
   @property()
diff --git a/packages/elements/src/components/logto-icon-button.ts b/packages/elements/src/components/logto-icon-button.ts
new file mode 100644
index 000000000000..9f363bc51793
--- /dev/null
+++ b/packages/elements/src/components/logto-icon-button.ts
@@ -0,0 +1,51 @@
+import { LitElement, html, css } from 'lit';
+import { customElement } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-icon-button';
+
+@customElement(tagName)
+export class LogtoIconButton extends LitElement {
+  static tagName = tagName;
+
+  static styles = css`
+    :host {
+      all: unset;
+      border-radius: ${unit(1.5)};
+      transition: background 0.2s ease-in-out;
+      padding: ${unit(1)};
+      display: inline-flex;
+      justify-content: center;
+      align-items: center;
+      cursor: pointer;
+    }
+
+    :host(:disabled) {
+      cursor: not-allowed;
+    }
+
+    :host(:focus-visible) {
+      background: ${vars.colorFocused};
+    }
+
+    :host(:not(:disabled):hover) {
+      background: ${vars.colorHover};
+    }
+
+    ::slotted(svg) {
+      color: ${vars.colorTextSecondary};
+    }
+  `;
+
+  connectedCallback(): void {
+    super.connectedCallback();
+    this.role = 'button';
+    this.tabIndex = 0;
+  }
+
+  render() {
+    return html`<slot></slot>`;
+  }
+}
diff --git a/packages/elements/src/components/logto-modal-layout.ts b/packages/elements/src/components/logto-modal-layout.ts
new file mode 100644
index 000000000000..0035ffa86fe3
--- /dev/null
+++ b/packages/elements/src/components/logto-modal-layout.ts
@@ -0,0 +1,62 @@
+import { consume } from '@lit/context';
+import { localized, msg } from '@lit/localize';
+import { cond, noop } from '@silverhand/essentials';
+import { LitElement, html, css } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+import closeIcon from '../icons/close.svg';
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+import { ModalContext, type ModalContextType } from './logto-modal.context.js';
+
+const tagName = 'logto-modal-layout';
+
+/**
+ * A typical layout for a modal. It includes a header, a footer, and a slot for the content.
+ *
+ * Note: A consumable modal context ({@link ModalContext}) is required to use this component.
+ */
+@customElement(tagName)
+@localized()
+export class LogtoModalLayout extends LitElement {
+  static tagName = tagName;
+
+  static styles = css`
+    header {
+      font: ${vars.fontTitle1};
+      color: ${vars.colorTextPrimary};
+      display: flex;
+      justify-content: space-between;
+      align-items: flex-start;
+      margin-bottom: ${unit(6)};
+    }
+
+    h1 {
+      all: unset;
+    }
+  `;
+
+  @property({ reflect: true })
+  heading = msg('Not set', {
+    id: 'general.fallback-title',
+    desc: 'A fallback title when the title or heading of a component is not provided.',
+  });
+
+  @consume({ context: ModalContext })
+  context!: ModalContextType;
+
+  render() {
+    return html`
+      <header>
+        <h1>${this.heading}</h1>
+        ${cond(
+          this.context.onClose !== noop &&
+            html`<logto-icon-button @click=${this.context.onClose}>${closeIcon}</logto-icon-button>`
+        )}
+      </header>
+      <slot></slot>
+      <footer></footer>
+    `;
+  }
+}
diff --git a/packages/elements/src/components/logto-modal.context.ts b/packages/elements/src/components/logto-modal.context.ts
new file mode 100644
index 000000000000..099560e84144
--- /dev/null
+++ b/packages/elements/src/components/logto-modal.context.ts
@@ -0,0 +1,16 @@
+import { createContext } from '@lit/context';
+import { noop } from '@silverhand/essentials';
+
+/** @see {@link ModalContext} */
+export type ModalContextType = { onClose: () => void };
+
+/**
+ * Context for the modal component. It's useful for operating the modal from deep in the component
+ * tree. For example, closing the modal from a child component.
+ */
+export const ModalContext = createContext<ModalContextType>('modal-context');
+
+/** The default value for the modal context. */
+export const modalContext: ModalContextType = {
+  onClose: noop,
+};
diff --git a/packages/elements/src/components/logto-modal.ts b/packages/elements/src/components/logto-modal.ts
new file mode 100644
index 000000000000..925da1e67cb6
--- /dev/null
+++ b/packages/elements/src/components/logto-modal.ts
@@ -0,0 +1,88 @@
+import { provide } from '@lit/context';
+import { noop } from '@silverhand/essentials';
+import { LitElement, html, css, type PropertyValues } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+import { type Ref, createRef, ref } from 'lit/directives/ref.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+import { ModalContext, modalContext } from './logto-modal.context.js';
+
+const tagName = 'logto-modal';
+
+@customElement(tagName)
+export class LogtoModal extends LitElement {
+  static tagName = tagName;
+
+  static styles = css`
+    dialog {
+      padding: 0;
+      border: none;
+      color: ${vars.colorTextPrimary};
+      background: ${vars.colorLayer1};
+      border-radius: ${unit(4)};
+      padding: ${unit(6)};
+      width: 95%;
+      max-width: 600px;
+      min-width: 300px;
+    }
+
+    dialog::backdrop {
+      background-color: ${vars.colorOverlay};
+    }
+  `;
+
+  @property({ type: Boolean, reflect: true })
+  open = false;
+
+  @property()
+  onClose = noop;
+
+  @provide({ context: ModalContext })
+  context = modalContext;
+
+  protected dialogRef: Ref<HTMLDialogElement> = createRef();
+
+  render() {
+    return html`<dialog
+      ${ref(this.dialogRef)}
+      @keydown=${(event: KeyboardEvent) => {
+        // The "right" way should be to use the `@cancel` event, but it doesn't always work and the
+        // browser support is unknown. See: https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement/cancel_event#browser_compatibility
+        if (event.key === 'Escape') {
+          event.preventDefault();
+          this.onClose();
+        }
+      }}
+    >
+      <slot></slot>
+    </dialog> `;
+  }
+
+  protected toggleDialog() {
+    if (this.open) {
+      this.dialogRef.value?.showModal();
+    } else {
+      this.dialogRef.value?.close();
+    }
+  }
+
+  protected handlePropertiesChange(changedProperties: PropertyValues) {
+    if (changedProperties.has('open')) {
+      this.toggleDialog();
+    }
+
+    if (changedProperties.has('onClose')) {
+      this.context.onClose = this.onClose;
+    }
+  }
+
+  protected firstUpdated(changedProperties: PropertyValues): void {
+    this.handlePropertiesChange(changedProperties);
+  }
+
+  protected updated(changedProperties: PropertyValues): void {
+    this.handlePropertiesChange(changedProperties);
+  }
+}
diff --git a/packages/elements/src/components/logto-text-input.ts b/packages/elements/src/components/logto-text-input.ts
new file mode 100644
index 000000000000..e915648ce0bf
--- /dev/null
+++ b/packages/elements/src/components/logto-text-input.ts
@@ -0,0 +1,85 @@
+import { LitElement, css, html } from 'lit';
+import { customElement, property, queryAssignedElements } from 'lit/decorators.js';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+const tagName = 'logto-text-input';
+
+@customElement(tagName)
+export class LogtoTextInput extends LitElement {
+  static tagName = tagName;
+  static styles = css`
+    :host {
+      display: flex;
+      position: relative;
+      border-radius: ${unit(1.5)};
+      border: 1px solid ${vars.colorBorder};
+      outline: 3px solid transparent;
+      transition-property: outline, border;
+      transition-timing-function: ease-in-out;
+      transition-duration: 0.2s;
+      height: 36px;
+      background: ${vars.colorLayer1};
+      font: ${vars.fontBody2};
+      padding: 0 ${unit(3)};
+    }
+
+    :host(:focus-within) {
+      border-color: ${vars.colorPrimary};
+      outline-color: ${vars.colorFocusedVariant};
+    }
+
+    :host([disabled]) {
+      background: ${vars.colorDisabledBackground};
+      color: ${vars.colorTextSecondary};
+      border-color: ${vars.colorBorder};
+      cursor: not-allowed;
+    }
+
+    :host([readonly]) {
+      background: ${vars.colorLayer2};
+    }
+
+    :host([readonly]:focus-within) {
+      border-color: ${vars.colorBorder};
+      outline-color: transparent;
+    }
+
+    ::slotted(input) {
+      all: unset;
+      flex: 1;
+      color: ${vars.colorTextPrimary};
+    }
+
+    ::slotted(input::placeholder) {
+      color: ${vars.colorPlaceholder};
+    }
+
+    ::slotted(input:webkit-autofill) {
+      box-shadow: 0 0 0 ${unit(6)} ${vars.colorLayer1} inset;
+      -webkit-text-fill-color: ${vars.colorTextPrimary};
+      caret-color: ${vars.colorTextPrimary};
+    }
+  `;
+
+  @property({ type: Boolean, reflect: true })
+  disabled = false;
+
+  @property({ type: Boolean, reflect: true })
+  readonly = false;
+
+  @queryAssignedElements({ selector: 'input' })
+  slotInputs!: HTMLInputElement[];
+
+  render() {
+    return html`<slot @slotchange=${this.handleSlotChange}></slot>`;
+  }
+
+  protected handleSlotChange() {
+    if (this.slotInputs[0] && this.slotInputs.length === 1) {
+      this.disabled = this.slotInputs[0].disabled;
+      this.readonly = this.slotInputs[0].readOnly;
+    }
+  }
+}
diff --git a/packages/elements/src/elements/logto-profile-card.ts b/packages/elements/src/elements/logto-profile-card.ts
index 31fcc9bd3cf7..abe1baaa8298 100644
--- a/packages/elements/src/elements/logto-profile-card.ts
+++ b/packages/elements/src/elements/logto-profile-card.ts
@@ -1,6 +1,6 @@
 import { localized, msg } from '@lit/localize';
 import { LitElement, css, html } from 'lit';
-import { customElement } from 'lit/decorators.js';
+import { customElement, state } from 'lit/decorators.js';
 
 import { vars } from '../utils/theme.js';
 
@@ -16,6 +16,9 @@ export class LogtoProfileCard extends LitElement {
     }
   `;
 
+  @state()
+  updateNameOpened = false;
+
   render() {
     return html`
       <logto-form-card heading=${msg('Profile', { id: 'account.profile.title' })}>
@@ -49,14 +52,41 @@ export class LogtoProfileCard extends LitElement {
               </div>
               <div slot="content">John Doe</div>
               <div slot="actions">
-                <logto-button type="text">
-                  ${msg('Change', { id: 'general.change' })}
+                <logto-button
+                  type="text"
+                  @click=${() => {
+                    this.updateNameOpened = true;
+                  }}
+                >
+                  ${msg('Update', { id: 'general.update' })}
                 </logto-button>
               </div>
             </logto-list-row>
           </logto-list>
         </logto-card-section>
       </logto-form-card>
+      <logto-modal
+        ?open=${this.updateNameOpened}
+        .onClose=${() => {
+          this.updateNameOpened = false;
+        }}
+      >
+        <logto-modal-layout
+          heading=${msg('Update name', {
+            id: 'account.profile.personal-info.update-name',
+          })}
+        >
+          <logto-text-input>
+            <input
+              placeholder=${msg('Person Doe', {
+                id: 'account.profile.personal-info.name-placeholder',
+                desc: 'The placeholder for the name input field.',
+              })}
+              value=""
+            />
+          </logto-text-input>
+        </logto-modal-layout>
+      </logto-modal>
     `;
   }
 }
diff --git a/packages/elements/src/icons/close.svg b/packages/elements/src/icons/close.svg
new file mode 100644
index 000000000000..8311c5ecfde6
--- /dev/null
+++ b/packages/elements/src/icons/close.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path
+    d="M13.4099 12.0002L19.7099 5.71019C19.8982 5.52188 20.004 5.26649 20.004 5.00019C20.004 4.73388 19.8982 4.47849 19.7099 4.29019C19.5216 4.10188 19.2662 3.99609 18.9999 3.99609C18.7336 3.99609 18.4782 4.10188 18.2899 4.29019L11.9999 10.5902L5.70994 4.29019C5.52164 4.10188 5.26624 3.99609 4.99994 3.99609C4.73364 3.99609 4.47824 4.10188 4.28994 4.29019C4.10164 4.47849 3.99585 4.73388 3.99585 5.00019C3.99585 5.26649 4.10164 5.52188 4.28994 5.71019L10.5899 12.0002L4.28994 18.2902C4.19621 18.3831 4.12182 18.4937 4.07105 18.6156C4.02028 18.7375 3.99414 18.8682 3.99414 19.0002C3.99414 19.1322 4.02028 19.2629 4.07105 19.3848C4.12182 19.5066 4.19621 19.6172 4.28994 19.7102C4.3829 19.8039 4.4935 19.8783 4.61536 19.9291C4.73722 19.9798 4.86793 20.006 4.99994 20.006C5.13195 20.006 5.26266 19.9798 5.38452 19.9291C5.50638 19.8783 5.61698 19.8039 5.70994 19.7102L11.9999 13.4102L18.2899 19.7102C18.3829 19.8039 18.4935 19.8783 18.6154 19.9291C18.7372 19.9798 18.8679 20.006 18.9999 20.006C19.132 20.006 19.2627 19.9798 19.3845 19.9291C19.5064 19.8783 19.617 19.8039 19.7099 19.7102C19.8037 19.6172 19.8781 19.5066 19.9288 19.3848C19.9796 19.2629 20.0057 19.1322 20.0057 19.0002C20.0057 18.8682 19.9796 18.7375 19.9288 18.6156C19.8781 18.4937 19.8037 18.3831 19.7099 18.2902L13.4099 12.0002Z"
+    fill="currentColor" />
+</svg>
diff --git a/packages/elements/src/icons/index.d.ts b/packages/elements/src/icons/index.d.ts
new file mode 100644
index 000000000000..9348424371fb
--- /dev/null
+++ b/packages/elements/src/icons/index.d.ts
@@ -0,0 +1,4 @@
+declare module '*.svg' {
+  const value: string;
+  export default value;
+}
diff --git a/packages/elements/src/index.ts b/packages/elements/src/index.ts
index 9d2edf45a92e..3817fc0d7846 100644
--- a/packages/elements/src/index.ts
+++ b/packages/elements/src/index.ts
@@ -3,8 +3,12 @@ export * from './components/logto-button.js';
 export * from './components/logto-card-section.js';
 export * from './components/logto-card.js';
 export * from './components/logto-form-card.js';
+export * from './components/logto-icon-button.js';
 export * from './components/logto-list-row.js';
 export * from './components/logto-list.js';
+export * from './components/logto-modal-layout.js';
+export * from './components/logto-modal.js';
+export * from './components/logto-text-input.js';
 export * from './components/logto-theme-provider.js';
 export * from './elements/logto-profile-card.js';
 export * from './utils/locale.js';
diff --git a/packages/elements/src/utils/theme.ts b/packages/elements/src/utils/theme.ts
index 41a72810fd5f..a30d54c463e0 100644
--- a/packages/elements/src/utils/theme.ts
+++ b/packages/elements/src/utils/theme.ts
@@ -14,13 +14,21 @@ export type Color = {
   colorLayer2: string;
   colorLineDivider: string;
   colorDisabled: string;
+  colorDisabledBackground: string;
   colorHover: string;
   colorHoverVariant: string;
+  colorPressed: string;
+  colorFocused: string;
   colorFocusedVariant: string;
+  colorOverlay: string;
+  colorPlaceholder: string;
 };
 
 /** All the fonts to be used in the Logto components and elements. */
 export type Font = {
+  fontTitle1: string;
+  fontTitle2: string;
+  fontTitle3: string;
   fontLabel1: string;
   fontLabel2: string;
   fontLabel3: string;
@@ -38,6 +46,9 @@ export const defaultFontFamily =
   '-apple-system, system-ui, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Helvetica, Arial, sans-serif, Apple Color Emoji';
 
 export const defaultFont: Readonly<Font> = Object.freeze({
+  fontTitle1: `600 20px / 28px ${defaultFontFamily}`,
+  fontTitle2: `600 16px / 24px ${defaultFontFamily}`,
+  fontTitle3: `600 14px / 20px ${defaultFontFamily}`,
   fontLabel1: `500 16px / 24px ${defaultFontFamily}`,
   fontLabel2: `500 14px / 20px ${defaultFontFamily}`,
   fontLabel3: `500 12px / 16px ${defaultFontFamily}`,
@@ -60,9 +71,14 @@ export const defaultTheme: Readonly<Theme> = Object.freeze({
   colorLayer2: '#2d3132',
   colorLineDivider: '#191c1d1f',
   colorDisabled: '#5c5f60',
+  colorDisabledBackground: '#2d3132',
   colorHover: '#191c1d14',
   colorHoverVariant: '#5d34f214',
+  colorPressed: 'rgba(25, 28, 29, 12%)',
+  colorFocused: 'rgba(25, 28, 29, 16%)',
   colorFocusedVariant: '#5d34f229',
+  colorOverlay: '#000000b3',
+  colorPlaceholder: '#747778',
 });
 
 export const darkTheme: Readonly<Theme> = Object.freeze({
@@ -77,9 +93,14 @@ export const darkTheme: Readonly<Theme> = Object.freeze({
   colorLayer2: '#34353f',
   colorLineDivider: '#f7f8f824',
   colorDisabled: '#5c5f60',
+  colorDisabledBackground: '#2d3132',
   colorHover: '#f7f8f814',
   colorHoverVariant: '#cabeff14',
+  colorPressed: 'rgba(247, 248, 248, 12%)',
+  colorFocused: 'rgba(247, 248, 248, 16%)',
   colorFocusedVariant: '#cabeff29',
+  colorOverlay: '#0000003c',
+  colorPlaceholder: '#747778',
 });
 
 /**
diff --git a/packages/elements/tsup.config.ts b/packages/elements/tsup.config.ts
index 6bbc8ee650bb..dc8124aee592 100644
--- a/packages/elements/tsup.config.ts
+++ b/packages/elements/tsup.config.ts
@@ -1,3 +1,5 @@
+import fs from 'node:fs/promises';
+
 import { defineConfig } from 'tsup';
 
 export default defineConfig({
@@ -5,4 +7,17 @@ export default defineConfig({
   format: 'esm',
   dts: true,
   clean: true,
+  esbuildPlugins: [
+    {
+      name: 'transform-svg',
+      setup: (build) => {
+        build.onLoad({ filter: /\.svg$/ }, async (arguments_) => {
+          const text = await fs.readFile(arguments_.path, 'utf8');
+          return {
+            contents: `import { html } from 'lit';\nexport default html\`${text}\`;`,
+          };
+        });
+      },
+    },
+  ],
 });
diff --git a/packages/elements/web-dev-server.config.js b/packages/elements/web-dev-server.config.js
index ea305a4b8494..347bdf57e961 100644
--- a/packages/elements/web-dev-server.config.js
+++ b/packages/elements/web-dev-server.config.js
@@ -15,6 +15,18 @@ const config = {
       ts: true,
       tsconfig: fileURLToPath(new URL('tsconfig.json', import.meta.url)),
     }),
+    // Transform SVG files into Lit templates
+    {
+      name: 'transform-svg',
+      transform(context) {
+        if (context.path.endsWith('.svg')) {
+          return {
+            body: `import { html } from 'lit';\nexport default html\`${context.body}\`;`,
+            headers: { 'content-type': 'application/javascript' },
+          };
+        }
+      },
+    },
   ],
 };
 
diff --git a/packages/elements/xliff/de.xlf b/packages/elements/xliff/de.xlf
index 0e53b134a603..fc84a5153858 100644
--- a/packages/elements/xliff/de.xlf
+++ b/packages/elements/xliff/de.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="de" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Nicht verfügbar</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/es.xlf b/packages/elements/xliff/es.xlf
index 53dd698c962a..c8b08b928687 100644
--- a/packages/elements/xliff/es.xlf
+++ b/packages/elements/xliff/es.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="es" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>No disponible</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/fr.xlf b/packages/elements/xliff/fr.xlf
index 9df324b9c63f..3455ec9cb445 100644
--- a/packages/elements/xliff/fr.xlf
+++ b/packages/elements/xliff/fr.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="fr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Non disponible</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/it.xlf b/packages/elements/xliff/it.xlf
index ce400acd4303..9d77072d11b8 100644
--- a/packages/elements/xliff/it.xlf
+++ b/packages/elements/xliff/it.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="it" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Non disponibile</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ja.xlf b/packages/elements/xliff/ja.xlf
index 5e0fbaed5ee6..38967b6ff543 100644
--- a/packages/elements/xliff/ja.xlf
+++ b/packages/elements/xliff/ja.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="ja" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>利用できません</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ko.xlf b/packages/elements/xliff/ko.xlf
index 6cd31a4bbba6..efe708dd58f4 100644
--- a/packages/elements/xliff/ko.xlf
+++ b/packages/elements/xliff/ko.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="ko" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>사용할 수 없음</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,19 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+&lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD
+=======
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
+&gt;&gt;&gt;&gt;&gt;&gt;&gt; 70b24bb1b (feat(elements): init modal and input)
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +41,13 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+&lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD
+=======
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
+&gt;&gt;&gt;&gt;&gt;&gt;&gt; 70b24bb1b (feat(elements): init modal and input)
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pl-PL.xlf b/packages/elements/xliff/pl-PL.xlf
index 8a65abb81adb..262c41f15ff1 100644
--- a/packages/elements/xliff/pl-PL.xlf
+++ b/packages/elements/xliff/pl-PL.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="pl-PL" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Niedostępne</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pt-BR.xlf b/packages/elements/xliff/pt-BR.xlf
index e1574529fbd6..69b9a757bdc4 100644
--- a/packages/elements/xliff/pt-BR.xlf
+++ b/packages/elements/xliff/pt-BR.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="pt-BR" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Não disponível</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pt-PT.xlf b/packages/elements/xliff/pt-PT.xlf
index 062a947844ca..64a34ce90228 100644
--- a/packages/elements/xliff/pt-PT.xlf
+++ b/packages/elements/xliff/pt-PT.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="pt-PT" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Não disponível</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ru.xlf b/packages/elements/xliff/ru.xlf
index 83f8a10cceee..f124ce581a91 100644
--- a/packages/elements/xliff/ru.xlf
+++ b/packages/elements/xliff/ru.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="ru" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Недоступно</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/tr-TR.xlf b/packages/elements/xliff/tr-TR.xlf
index 0bb34a4557f0..858133e89fee 100644
--- a/packages/elements/xliff/tr-TR.xlf
+++ b/packages/elements/xliff/tr-TR.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="tr-TR" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>Mevcut değil</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-CN.xlf b/packages/elements/xliff/zh-CN.xlf
index 38c7b3b592bf..0ea3ef0f370c 100644
--- a/packages/elements/xliff/zh-CN.xlf
+++ b/packages/elements/xliff/zh-CN.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="zh-CN" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>不可用</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-HK.xlf b/packages/elements/xliff/zh-HK.xlf
index 62bf69680c3d..c445a2794dd6 100644
--- a/packages/elements/xliff/zh-HK.xlf
+++ b/packages/elements/xliff/zh-HK.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="zh-HK" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>不可用</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-TW.xlf b/packages/elements/xliff/zh-TW.xlf
index 5a8191598f3a..ba19a711cf3f 100644
--- a/packages/elements/xliff/zh-TW.xlf
+++ b/packages/elements/xliff/zh-TW.xlf
@@ -2,11 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="zh-TW" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="form-card.fallback-title">
-  <source>Not available</source>
-  <target>不可用</target>
-  <note from="lit-localize">The fallback title of a form card when the title is not provided.</note>
-</trans-unit>
 <trans-unit id="account.profile.title">
   <source>Profile</source>
 </trans-unit>
@@ -25,6 +20,16 @@
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
+<trans-unit id="general.update">
+  <source>Update</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.update-name">
+  <source>Update name</source>
+</trans-unit>
+<trans-unit id="general.fallback-title">
+  <source>Not set</source>
+  <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
+</trans-unit>
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -33,6 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
+<trans-unit id="account.profile.personal-info.name-placeholder">
+  <source>Person Doe</source>
+  <note from="lit-localize">The placeholder for the name input field.</note>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 5624de8d41f9..8593912e62de 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3560,6 +3560,9 @@ importers:
 
   packages/elements:
     dependencies:
+      '@lit/context':
+        specifier: ^1.1.2
+        version: 1.1.2
       '@lit/localize':
         specifier: ^0.12.1
         version: 0.12.1
@@ -3582,6 +3585,9 @@ importers:
       '@silverhand/ts-config':
         specifier: 6.0.0
         version: 6.0.0(typescript@5.5.3)
+      '@types/node':
+        specifier: ^20.9.5
+        version: 20.12.7
       '@web/dev-server':
         specifier: ^0.4.6
         version: 0.4.6
@@ -5374,6 +5380,9 @@ packages:
   '@lit-labs/ssr-dom-shim@1.2.0':
     resolution: {integrity: sha512-yWJKmpGE6lUURKAaIltoPIE/wrbY3TEkqQt+X0m+7fQNnAv0keydnYvbiJFP1PnMhizmIWRWOG5KLhYyc/xl+g==}
 
+  '@lit/context@1.1.2':
+    resolution: {integrity: sha512-S0nw2C6Tkm7fVX5TGYqeROGD+Z9Coa2iFpW+ysYBDH3YvCqOY3wVQvSgwbaliLJkjTnSEYCBe9qFqKV8WUFpVw==}
+
   '@lit/localize-tools@0.7.2':
     resolution: {integrity: sha512-d5tehVao3Hz1DlTq6jy7TUYrCeyFi/E4BkzWr8MuAMjIM8aoKCR9s3cUw6m++8ZIiqGm2z7+6aHaPc/p1FGHyA==}
     hasBin: true
@@ -15406,6 +15415,10 @@ snapshots:
 
   '@lit-labs/ssr-dom-shim@1.2.0': {}
 
+  '@lit/context@1.1.2':
+    dependencies:
+      '@lit/reactive-element': 2.0.4
+
   '@lit/localize-tools@0.7.2':
     dependencies:
       '@lit/localize': 0.12.1

From a5a8570d7a4c06c4ff58729eee2f5cae6b77583f Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 22 Jul 2024 11:42:22 +0800
Subject: [PATCH 063/135] refactor: fix phrases

---
 packages/elements/xliff/de.xlf    | 12 ++++++------
 packages/elements/xliff/es.xlf    | 12 ++++++------
 packages/elements/xliff/fr.xlf    | 12 ++++++------
 packages/elements/xliff/it.xlf    | 12 ++++++------
 packages/elements/xliff/ja.xlf    | 12 ++++++------
 packages/elements/xliff/ko.xlf    | 18 ++++++------------
 packages/elements/xliff/pl-PL.xlf | 12 ++++++------
 packages/elements/xliff/pt-BR.xlf | 12 ++++++------
 packages/elements/xliff/pt-PT.xlf | 12 ++++++------
 packages/elements/xliff/ru.xlf    | 12 ++++++------
 packages/elements/xliff/tr-TR.xlf | 12 ++++++------
 packages/elements/xliff/zh-CN.xlf | 12 ++++++------
 packages/elements/xliff/zh-HK.xlf | 12 ++++++------
 packages/elements/xliff/zh-TW.xlf | 12 ++++++------
 14 files changed, 84 insertions(+), 90 deletions(-)

diff --git a/packages/elements/xliff/de.xlf b/packages/elements/xliff/de.xlf
index fc84a5153858..44dc02786492 100644
--- a/packages/elements/xliff/de.xlf
+++ b/packages/elements/xliff/de.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="de" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/es.xlf b/packages/elements/xliff/es.xlf
index c8b08b928687..e523e4559e04 100644
--- a/packages/elements/xliff/es.xlf
+++ b/packages/elements/xliff/es.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="es" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/fr.xlf b/packages/elements/xliff/fr.xlf
index 3455ec9cb445..3abe2d129b49 100644
--- a/packages/elements/xliff/fr.xlf
+++ b/packages/elements/xliff/fr.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="fr" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/it.xlf b/packages/elements/xliff/it.xlf
index 9d77072d11b8..a80d9c2f926c 100644
--- a/packages/elements/xliff/it.xlf
+++ b/packages/elements/xliff/it.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="it" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/ja.xlf b/packages/elements/xliff/ja.xlf
index 38967b6ff543..f2d6614a95da 100644
--- a/packages/elements/xliff/ja.xlf
+++ b/packages/elements/xliff/ja.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="ja" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/ko.xlf b/packages/elements/xliff/ko.xlf
index efe708dd58f4..191b84845e34 100644
--- a/packages/elements/xliff/ko.xlf
+++ b/packages/elements/xliff/ko.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="ko" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,11 +11,15 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
-&lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD
-=======
 <trans-unit id="general.update">
   <source>Update</source>
 </trans-unit>
@@ -32,7 +30,6 @@
   <source>Not set</source>
   <note from="lit-localize">A fallback title when the title or heading of a component is not provided.</note>
 </trans-unit>
-&gt;&gt;&gt;&gt;&gt;&gt;&gt; 70b24bb1b (feat(elements): init modal and input)
 <trans-unit id="account.profile.personal-info.avatar">
   <source>Avatar</source>
   <note from="lit-localize">The avatar of the user.</note>
@@ -41,13 +38,10 @@
   <source>Name</source>
   <note from="lit-localize">The name of the user.</note>
 </trans-unit>
-&lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD
-=======
 <trans-unit id="account.profile.personal-info.name-placeholder">
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
-&gt;&gt;&gt;&gt;&gt;&gt;&gt; 70b24bb1b (feat(elements): init modal and input)
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pl-PL.xlf b/packages/elements/xliff/pl-PL.xlf
index 262c41f15ff1..b358ffe8a0ba 100644
--- a/packages/elements/xliff/pl-PL.xlf
+++ b/packages/elements/xliff/pl-PL.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="pl-PL" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/pt-BR.xlf b/packages/elements/xliff/pt-BR.xlf
index 69b9a757bdc4..5ee50f85206d 100644
--- a/packages/elements/xliff/pt-BR.xlf
+++ b/packages/elements/xliff/pt-BR.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="pt-BR" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/pt-PT.xlf b/packages/elements/xliff/pt-PT.xlf
index 64a34ce90228..c90939cafad0 100644
--- a/packages/elements/xliff/pt-PT.xlf
+++ b/packages/elements/xliff/pt-PT.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="pt-PT" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/ru.xlf b/packages/elements/xliff/ru.xlf
index f124ce581a91..ed631df88555 100644
--- a/packages/elements/xliff/ru.xlf
+++ b/packages/elements/xliff/ru.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="ru" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/tr-TR.xlf b/packages/elements/xliff/tr-TR.xlf
index 858133e89fee..14eddb6124da 100644
--- a/packages/elements/xliff/tr-TR.xlf
+++ b/packages/elements/xliff/tr-TR.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="tr-TR" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/zh-CN.xlf b/packages/elements/xliff/zh-CN.xlf
index 0ea3ef0f370c..b4b558b6e3a6 100644
--- a/packages/elements/xliff/zh-CN.xlf
+++ b/packages/elements/xliff/zh-CN.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="zh-CN" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/zh-HK.xlf b/packages/elements/xliff/zh-HK.xlf
index c445a2794dd6..ccec972b95f1 100644
--- a/packages/elements/xliff/zh-HK.xlf
+++ b/packages/elements/xliff/zh-HK.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="zh-HK" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>
diff --git a/packages/elements/xliff/zh-TW.xlf b/packages/elements/xliff/zh-TW.xlf
index ba19a711cf3f..718b58ddcc72 100644
--- a/packages/elements/xliff/zh-TW.xlf
+++ b/packages/elements/xliff/zh-TW.xlf
@@ -2,12 +2,6 @@
 <xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
 <file target-language="zh-TW" source-language="en" original="lit-localize-inputs" datatype="plaintext">
 <body>
-<trans-unit id="account.profile.title">
-  <source>Profile</source>
-</trans-unit>
-<trans-unit id="account.profile.personal-info.title">
-  <source>Personal information</source>
-</trans-unit>
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
@@ -17,6 +11,12 @@
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
+<trans-unit id="account.profile.title">
+  <source>Profile</source>
+</trans-unit>
+<trans-unit id="account.profile.personal-info.title">
+  <source>Personal information</source>
+</trans-unit>
 <trans-unit id="general.change">
   <source>Change</source>
 </trans-unit>

From 2c1e3269499873f0441b2d48734627de931c2d7e Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 19 Jul 2024 12:43:05 +0800
Subject: [PATCH 064/135] feat(elements): init user provider

---
 packages/elements/index.html                  |   7 +-
 packages/elements/package.json                |   1 +
 .../src/components/logto-button.styles.ts     | 106 ++++++++++++++++++
 .../elements/src/components/logto-button.ts   |  81 ++++++-------
 .../src/components/logto-card-section.ts      |   8 +-
 .../src/components/logto-form-card.ts         |   8 +-
 .../elements/src/components/logto-list-row.ts |  11 +-
 .../src/components/logto-modal-layout.ts      |  21 +++-
 .../src/elements/logto-profile-card.ts        |  31 ++++-
 packages/elements/src/index.ts                |   2 +-
 packages/elements/src/phrases/index.ts        |   6 +
 .../logto-theme-provider.ts                   |   0
 .../src/providers/logto-user-provider.ts      |  46 ++++++++
 packages/elements/src/utils/theme.ts          |   9 ++
 packages/elements/xliff/de.xlf                |   9 +-
 packages/elements/xliff/es.xlf                |   9 +-
 packages/elements/xliff/fr.xlf                |   9 +-
 packages/elements/xliff/it.xlf                |   9 +-
 packages/elements/xliff/ja.xlf                |   9 +-
 packages/elements/xliff/ko.xlf                |   9 +-
 packages/elements/xliff/pl-PL.xlf             |   9 +-
 packages/elements/xliff/pt-BR.xlf             |   9 +-
 packages/elements/xliff/pt-PT.xlf             |   9 +-
 packages/elements/xliff/ru.xlf                |   9 +-
 packages/elements/xliff/tr-TR.xlf             |   9 +-
 packages/elements/xliff/zh-CN.xlf             |   9 +-
 packages/elements/xliff/zh-HK.xlf             |   9 +-
 packages/elements/xliff/zh-TW.xlf             |   9 +-
 pnpm-lock.yaml                                |   3 +
 29 files changed, 355 insertions(+), 111 deletions(-)
 create mode 100644 packages/elements/src/components/logto-button.styles.ts
 create mode 100644 packages/elements/src/phrases/index.ts
 rename packages/elements/src/{components => providers}/logto-theme-provider.ts (100%)
 create mode 100644 packages/elements/src/providers/logto-user-provider.ts

diff --git a/packages/elements/index.html b/packages/elements/index.html
index 93d3782ab4bb..ecc395bd1204 100644
--- a/packages/elements/index.html
+++ b/packages/elements/index.html
@@ -1,14 +1,19 @@
 <!DOCTYPE html>
 <html lang="en">
+
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Logto elements dev page</title>
   <script type="module" src="./src/index.ts"></script>
 </head>
+
 <body style="background: #111;">
   <logto-theme-provider theme="dark">
-    <logto-profile-card></logto-profile-card>
+    <logto-user-provider user='{"name": "Johnny Silverhand", "avatar": "https://github.com/logto-io.png"}'>
+      <logto-profile-card></logto-profile-card>
+    </logto-user-provider>
   </logto-theme-provider>
 </body>
+
 </html>
diff --git a/packages/elements/package.json b/packages/elements/package.json
index d1bcbded3d7c..e08c8a5b294e 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -55,6 +55,7 @@
   },
   "devDependencies": {
     "@lit/localize-tools": "^0.7.2",
+    "@logto/schemas": "workspace:^1.18.0",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.9.5",
diff --git a/packages/elements/src/components/logto-button.styles.ts b/packages/elements/src/components/logto-button.styles.ts
new file mode 100644
index 000000000000..a3998cfc038c
--- /dev/null
+++ b/packages/elements/src/components/logto-button.styles.ts
@@ -0,0 +1,106 @@
+import { css } from 'lit';
+
+import { unit } from '../utils/css.js';
+import { vars } from '../utils/theme.js';
+
+export const buttonSizes = css`
+  :host([size='small']) {
+    height: 30px;
+    padding: ${unit(0, 3)};
+  }
+
+  :host([size='small'][type='text']) {
+    height: 24px;
+  }
+
+  :host([size='medium']) {
+    height: 36px;
+    padding: ${unit(0, 4)};
+  }
+
+  :host([size='medium'][type='text']) {
+    height: 28px;
+    font: ${vars.fontLabel1};
+  }
+
+  :host([size='large']) {
+    height: 44px;
+    padding: ${unit(0, 6)};
+  }
+
+  :host([size='large'][type='text']) {
+    height: 28px;
+    font: ${vars.fontLabel1};
+  }
+`;
+
+export const textButton = css`
+  :host([type='text']) {
+    background: none;
+    border-color: transparent;
+    font: ${vars.fontLabel2};
+    color: ${vars.colorTextLink};
+    padding: ${unit(0.5, 1)};
+    border-radius: ${unit(1)};
+  }
+
+  :host([type='text']:disabled) {
+    color: ${vars.colorDisabled};
+  }
+
+  :host([type='text']:focus-visible) {
+    outline: 2px solid ${vars.colorFocusedVariant};
+  }
+
+  :host([type='text']:not(:disabled):not(:active):hover) {
+    background: ${vars.colorHoverVariant};
+  }
+`;
+
+export const defaultButton = css`
+  :host([type='default']) {
+    background: ${vars.colorLayer1};
+    color: ${vars.colorTextPrimary};
+    border: 1px solid ${vars.colorBorder};
+  }
+
+  :host([type='default']:disabled) {
+    color: ${vars.colorPlaceholder};
+  }
+
+  :host([type='default']:focus-visible) {
+    outline: 3px solid ${vars.colorFocused};
+  }
+
+  :host([type='default']:active) {
+    background: ${vars.colorPressed};
+  }
+
+  :host([type='default']:not(:disabled):not(:active):hover) {
+    background: ${vars.colorHover};
+  }
+`;
+
+export const primaryButton = css`
+  :host([type='primary']) {
+    background: ${vars.colorPrimary};
+    color: ${vars.colorOnPrimary};
+  }
+
+  :host([type='primary']:disabled) {
+    background: ${vars.colorDisabledBackground};
+    color: ${vars.colorPlaceholder};
+  }
+
+  :host([type='primary']:focus-visible) {
+    outline: 3px solid ${vars.colorFocusedVariant};
+  }
+
+  :host([type='primary']:active) {
+    background: ${vars.colorPrimaryPressed};
+  }
+
+  :host([type='primary']:not(:disabled):not(:active):hover) {
+    background: ${vars.colorPrimaryHover};
+  }
+`;
diff --git a/packages/elements/src/components/logto-button.ts b/packages/elements/src/components/logto-button.ts
index 5f6d7c4a01ff..09b31ffb1417 100644
--- a/packages/elements/src/components/logto-button.ts
+++ b/packages/elements/src/components/logto-button.ts
@@ -4,56 +4,47 @@ import { customElement, property } from 'lit/decorators.js';
 import { unit } from '../utils/css.js';
 import { vars } from '../utils/theme.js';
 
+import { buttonSizes, defaultButton, primaryButton, textButton } from './logto-button.styles.js';
+
 const tagName = 'logto-button';
 
 @customElement(tagName)
 export class LogtoButton extends LitElement {
   static tagName = tagName;
-  static styles = css`
-    :host {
-      display: inline-flex;
-      align-items: center;
-      justify-content: center;
-      border: none;
-      outline: none;
-      font: ${vars.fontLabel2};
-      transition: background-color 0.2s ease-in-out;
-      white-space: nowrap;
-      user-select: none;
-      position: relative;
-      text-decoration: none;
-      gap: ${unit(2)};
-      cursor: pointer;
-    }
-
-    :host(:disabled) {
-      cursor: not-allowed;
-    }
-
-    :host([type='text']) {
-      background: none;
-      border-color: transparent;
-      font: ${vars.fontLabel2};
-      color: ${vars.colorTextLink};
-      padding: ${unit(0.5, 1)};
-      border-radius: ${unit(1)};
-    }
-
-    :host([type='text']:disabled) {
-      color: ${vars.colorDisabled};
-    }
-
-    :host([type='text']:focus-visible) {
-      outline: 2px solid ${vars.colorFocusedVariant};
-    }
-
-    :host([type='text']:not(:disabled):hover) {
-      background: ${vars.colorHoverVariant};
-    }
-  `;
-
-  @property()
-  type: 'default' | 'text' = 'default';
+  static styles = [
+    css`
+      :host {
+        display: inline-flex;
+        align-items: center;
+        justify-content: center;
+        border: none;
+        outline: none;
+        font: ${vars.fontLabel2};
+        transition: background-color 0.2s ease-in-out;
+        white-space: nowrap;
+        user-select: none;
+        position: relative;
+        text-decoration: none;
+        gap: ${unit(2)};
+        border-radius: ${unit(2)};
+        cursor: pointer;
+      }
+
+      :host(:disabled) {
+        cursor: not-allowed;
+      }
+    `,
+    buttonSizes,
+    textButton,
+    defaultButton,
+    primaryButton,
+  ];
+
+  @property({ reflect: true })
+  type: 'default' | 'text' | 'primary' = 'default';
+
+  @property({ reflect: true })
+  size: 'small' | 'medium' | 'large' = 'medium';
 
   connectedCallback(): void {
     super.connectedCallback();
diff --git a/packages/elements/src/components/logto-card-section.ts b/packages/elements/src/components/logto-card-section.ts
index 2f3a365d11c8..4fb57dfec62d 100644
--- a/packages/elements/src/components/logto-card-section.ts
+++ b/packages/elements/src/components/logto-card-section.ts
@@ -1,7 +1,8 @@
-import { localized, msg } from '@lit/localize';
+import { localized } from '@lit/localize';
 import { LitElement, css, html } from 'lit';
 import { customElement, property } from 'lit/decorators.js';
 
+import { notSet } from '../phrases/index.js';
 import { unit } from '../utils/css.js';
 import { vars } from '../utils/theme.js';
 
@@ -21,10 +22,7 @@ export class LogtoCardSection extends LitElement {
   `;
 
   @property()
-  heading = msg('Not set', {
-    id: 'general.fallback-title',
-    desc: 'A fallback title when the title or heading of a component is not provided.',
-  });
+  heading = notSet;
 
   render() {
     return html`
diff --git a/packages/elements/src/components/logto-form-card.ts b/packages/elements/src/components/logto-form-card.ts
index 329295ca2fed..776d32658f1c 100644
--- a/packages/elements/src/components/logto-form-card.ts
+++ b/packages/elements/src/components/logto-form-card.ts
@@ -1,8 +1,9 @@
-import { localized, msg } from '@lit/localize';
+import { localized } from '@lit/localize';
 import { cond } from '@silverhand/essentials';
 import { LitElement, css, html } from 'lit';
 import { customElement, property } from 'lit/decorators.js';
 
+import { notSet } from '../phrases/index.js';
 import { unit } from '../utils/css.js';
 import { vars } from '../utils/theme.js';
 
@@ -57,10 +58,7 @@ export class LogtoFormCard extends LitElement {
   `;
 
   @property()
-  heading = msg('Not set', {
-    id: 'general.fallback-title',
-    desc: 'A fallback title when the title or heading of a component is not provided.',
-  });
+  heading = notSet;
 
   @property()
   description = '';
diff --git a/packages/elements/src/components/logto-list-row.ts b/packages/elements/src/components/logto-list-row.ts
index 5faf2c45f994..866b6003b5ab 100644
--- a/packages/elements/src/components/logto-list-row.ts
+++ b/packages/elements/src/components/logto-list-row.ts
@@ -2,6 +2,7 @@ import { localized, msg } from '@lit/localize';
 import { LitElement, css, html } from 'lit';
 import { customElement } from 'lit/decorators.js';
 
+import { notSet } from '../phrases/index.js';
 import { unit } from '../utils/css.js';
 import { vars } from '../utils/theme.js';
 
@@ -38,13 +39,17 @@ export class LogtoListRow extends LitElement {
     slot[name='actions'] {
       text-align: right;
     }
+
+    span.not-set {
+      color: ${vars.colorTextSecondary};
+    }
   `;
 
   render() {
     return html`
-      <slot name="title">{${msg('Title', { id: 'general.title' })}}</slot>
-      <slot name="content">{${msg('Content', { id: 'general.content' })}}</slot>
-      <slot name="actions">{${msg('Actions', { id: 'general.actions' })}}</slot>
+      <slot name="title">${msg('Title', { id: 'general.title' })}</slot>
+      <slot name="content"><span class="not-set">${notSet}</span></slot>
+      <slot name="actions">${msg('Actions', { id: 'general.actions' })}</slot>
     `;
   }
 }
diff --git a/packages/elements/src/components/logto-modal-layout.ts b/packages/elements/src/components/logto-modal-layout.ts
index 0035ffa86fe3..04786f4fe50f 100644
--- a/packages/elements/src/components/logto-modal-layout.ts
+++ b/packages/elements/src/components/logto-modal-layout.ts
@@ -35,6 +35,14 @@ export class LogtoModalLayout extends LitElement {
     h1 {
       all: unset;
     }
+
+    footer:not(:empty) {
+      margin-top: ${unit(6)};
+      display: flex;
+      justify-content: flex-end;
+      gap: ${unit(4)};
+      align-items: center;
+    }
   `;
 
   @property({ reflect: true })
@@ -44,19 +52,24 @@ export class LogtoModalLayout extends LitElement {
   });
 
   @consume({ context: ModalContext })
-  context!: ModalContextType;
+  context?: ModalContextType;
 
   render() {
+    const { onClose } = this.context ?? {};
+
     return html`
       <header>
         <h1>${this.heading}</h1>
         ${cond(
-          this.context.onClose !== noop &&
-            html`<logto-icon-button @click=${this.context.onClose}>${closeIcon}</logto-icon-button>`
+          onClose &&
+            onClose !== noop &&
+            html`<logto-icon-button @click=${onClose}>${closeIcon}</logto-icon-button>`
         )}
       </header>
       <slot></slot>
-      <footer></footer>
+      <footer>
+        <slot name="footer"></slot>
+      </footer>
     `;
   }
 }
diff --git a/packages/elements/src/elements/logto-profile-card.ts b/packages/elements/src/elements/logto-profile-card.ts
index abe1baaa8298..568897f3d352 100644
--- a/packages/elements/src/elements/logto-profile-card.ts
+++ b/packages/elements/src/elements/logto-profile-card.ts
@@ -1,7 +1,10 @@
+import { consume } from '@lit/context';
 import { localized, msg } from '@lit/localize';
+import { cond } from '@silverhand/essentials';
 import { LitElement, css, html } from 'lit';
 import { customElement, state } from 'lit/decorators.js';
 
+import { UserContext, type UserContextType } from '../providers/logto-user-provider.js';
 import { vars } from '../utils/theme.js';
 
 const tagName = 'logto-profile-card';
@@ -16,10 +19,21 @@ export class LogtoProfileCard extends LitElement {
     }
   `;
 
+  @consume({ context: UserContext, subscribe: true })
+  userContext?: UserContextType;
+
   @state()
   updateNameOpened = false;
 
   render() {
+    const user = this.userContext?.user;
+
+    if (!user) {
+      return html`<logto-form-card heading=${msg('Profile', { id: 'account.profile.title' })}>
+        <p class="dev">⚠️ ${msg('No user provided.', { id: 'account.profile.no-user' })}</p>
+      </logto-form-card>`;
+    }
+
     return html`
       <logto-form-card heading=${msg('Profile', { id: 'account.profile.title' })}>
         <p class="dev">🚧 This section is a dev feature that is still working in progress.</p>
@@ -34,11 +48,14 @@ export class LogtoProfileCard extends LitElement {
                   desc: 'The avatar of the user.',
                 })}
               </div>
-              <div slot="content">
-                <logto-avatar size="large" src="https://github.com/logto-io.png"></logto-avatar>
-              </div>
+              ${cond(
+                user.avatar &&
+                  html`<div slot="content">
+                    <logto-avatar size="large" src=${user.avatar}></logto-avatar>
+                  </div>`
+              )}
               <div slot="actions">
-                <logto-button type="text">
+                <logto-button type="text" size="small">
                   ${msg('Change', { id: 'general.change' })}
                 </logto-button>
               </div>
@@ -50,10 +67,11 @@ export class LogtoProfileCard extends LitElement {
                   desc: 'The name of the user.',
                 })}
               </div>
-              <div slot="content">John Doe</div>
+              ${cond(user.name && html`<div slot="content">${user.name}</div>`)}
               <div slot="actions">
                 <logto-button
                   type="text"
+                  size="small"
                   @click=${() => {
                     this.updateNameOpened = true;
                   }}
@@ -85,6 +103,9 @@ export class LogtoProfileCard extends LitElement {
               value=""
             />
           </logto-text-input>
+          <logto-button slot="footer" size="large" type="primary">
+            ${msg('Save', { id: 'general.save' })}
+          </logto-button>
         </logto-modal-layout>
       </logto-modal>
     `;
diff --git a/packages/elements/src/index.ts b/packages/elements/src/index.ts
index 3817fc0d7846..566659ed93b4 100644
--- a/packages/elements/src/index.ts
+++ b/packages/elements/src/index.ts
@@ -9,6 +9,6 @@ export * from './components/logto-list.js';
 export * from './components/logto-modal-layout.js';
 export * from './components/logto-modal.js';
 export * from './components/logto-text-input.js';
-export * from './components/logto-theme-provider.js';
 export * from './elements/logto-profile-card.js';
 export * from './utils/locale.js';
+export * from './providers/logto-theme-provider.js';
diff --git a/packages/elements/src/phrases/index.ts b/packages/elements/src/phrases/index.ts
new file mode 100644
index 000000000000..ee1687f515f5
--- /dev/null
+++ b/packages/elements/src/phrases/index.ts
@@ -0,0 +1,6 @@
+import { msg } from '@lit/localize';
+
+export const notSet = msg('Not set', {
+  id: 'general.fallback-title',
+  desc: 'A fallback title when the title or heading of a component is not provided.',
+});
diff --git a/packages/elements/src/components/logto-theme-provider.ts b/packages/elements/src/providers/logto-theme-provider.ts
similarity index 100%
rename from packages/elements/src/components/logto-theme-provider.ts
rename to packages/elements/src/providers/logto-theme-provider.ts
diff --git a/packages/elements/src/providers/logto-user-provider.ts b/packages/elements/src/providers/logto-user-provider.ts
new file mode 100644
index 000000000000..08ad1b1b6325
--- /dev/null
+++ b/packages/elements/src/providers/logto-user-provider.ts
@@ -0,0 +1,46 @@
+import { createContext, provide } from '@lit/context';
+import { type UserInfo } from '@logto/schemas';
+import { LitElement, type PropertyValues, html } from 'lit';
+import { customElement, property } from 'lit/decorators.js';
+
+/** @see {@link UserContext} */
+export type UserContextType = { user?: UserInfo };
+
+/**
+ * Context for the current user. It's a fundamental context for the account-related elements.
+ */
+export const UserContext = createContext<UserContextType>('modal-context');
+
+/** The default value for the user context. */
+export const userContext: UserContextType = {};
+
+const tagName = 'logto-user-provider';
+
+@customElement(tagName)
+export class LogtoUserProvider extends LitElement {
+  static tagName = tagName;
+
+  @provide({ context: UserContext })
+  context = userContext;
+
+  @property({ type: Object })
+  user?: UserInfo;
+
+  render() {
+    return html`<slot></slot>`;
+  }
+
+  protected handlePropertiesChange(changedProperties: PropertyValues) {
+    if (changedProperties.has('user')) {
+      this.context.user = this.user;
+    }
+  }
+
+  protected firstUpdated(changedProperties: PropertyValues): void {
+    this.handlePropertiesChange(changedProperties);
+  }
+
+  protected updated(changedProperties: PropertyValues): void {
+    this.handlePropertiesChange(changedProperties);
+  }
+}
diff --git a/packages/elements/src/utils/theme.ts b/packages/elements/src/utils/theme.ts
index a30d54c463e0..48b8270115b0 100644
--- a/packages/elements/src/utils/theme.ts
+++ b/packages/elements/src/utils/theme.ts
@@ -5,6 +5,9 @@ import { type KebabCase, kebabCase } from './string.js';
 /** All the colors to be used in the Logto components and elements. */
 export type Color = {
   colorPrimary: string;
+  colorOnPrimary: string;
+  colorPrimaryPressed: string;
+  colorPrimaryHover: string;
   colorTextPrimary: string;
   colorTextLink: string;
   colorTextSecondary: string;
@@ -62,6 +65,9 @@ export const defaultFont: Readonly<Font> = Object.freeze({
 export const defaultTheme: Readonly<Theme> = Object.freeze({
   ...defaultFont,
   colorPrimary: '#5d34f2',
+  colorOnPrimary: '#000',
+  colorPrimaryPressed: '#e6deff',
+  colorPrimaryHover: '#af9eff',
   colorTextPrimary: '#191c1d',
   colorTextLink: '#5d34f2',
   colorTextSecondary: '#747778',
@@ -84,6 +90,9 @@ export const defaultTheme: Readonly<Theme> = Object.freeze({
 export const darkTheme: Readonly<Theme> = Object.freeze({
   ...defaultFont,
   colorPrimary: '#7958ff',
+  colorOnPrimary: '#fff',
+  colorPrimaryPressed: '#5d34f2',
+  colorPrimaryHover: '#947dff',
   colorTextPrimary: '#f7f8f8',
   colorTextLink: '#cabeff',
   colorTextSecondary: '#a9acac',
diff --git a/packages/elements/xliff/de.xlf b/packages/elements/xliff/de.xlf
index 44dc02786492..c04fcde9c65c 100644
--- a/packages/elements/xliff/de.xlf
+++ b/packages/elements/xliff/de.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/es.xlf b/packages/elements/xliff/es.xlf
index e523e4559e04..31ee1a63b8ca 100644
--- a/packages/elements/xliff/es.xlf
+++ b/packages/elements/xliff/es.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/fr.xlf b/packages/elements/xliff/fr.xlf
index 3abe2d129b49..5b421a45957d 100644
--- a/packages/elements/xliff/fr.xlf
+++ b/packages/elements/xliff/fr.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/it.xlf b/packages/elements/xliff/it.xlf
index a80d9c2f926c..9ce355697e3c 100644
--- a/packages/elements/xliff/it.xlf
+++ b/packages/elements/xliff/it.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ja.xlf b/packages/elements/xliff/ja.xlf
index f2d6614a95da..7e465f2963c2 100644
--- a/packages/elements/xliff/ja.xlf
+++ b/packages/elements/xliff/ja.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ko.xlf b/packages/elements/xliff/ko.xlf
index 191b84845e34..d019aaf27436 100644
--- a/packages/elements/xliff/ko.xlf
+++ b/packages/elements/xliff/ko.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pl-PL.xlf b/packages/elements/xliff/pl-PL.xlf
index b358ffe8a0ba..54efd13f281b 100644
--- a/packages/elements/xliff/pl-PL.xlf
+++ b/packages/elements/xliff/pl-PL.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pt-BR.xlf b/packages/elements/xliff/pt-BR.xlf
index 5ee50f85206d..7b323b0e0386 100644
--- a/packages/elements/xliff/pt-BR.xlf
+++ b/packages/elements/xliff/pt-BR.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/pt-PT.xlf b/packages/elements/xliff/pt-PT.xlf
index c90939cafad0..b2fbc483f3f7 100644
--- a/packages/elements/xliff/pt-PT.xlf
+++ b/packages/elements/xliff/pt-PT.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/ru.xlf b/packages/elements/xliff/ru.xlf
index ed631df88555..63ad3ac59f9e 100644
--- a/packages/elements/xliff/ru.xlf
+++ b/packages/elements/xliff/ru.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/tr-TR.xlf b/packages/elements/xliff/tr-TR.xlf
index 14eddb6124da..9cbaed6ca7bb 100644
--- a/packages/elements/xliff/tr-TR.xlf
+++ b/packages/elements/xliff/tr-TR.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-CN.xlf b/packages/elements/xliff/zh-CN.xlf
index b4b558b6e3a6..0f8b1a4bf4cd 100644
--- a/packages/elements/xliff/zh-CN.xlf
+++ b/packages/elements/xliff/zh-CN.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-HK.xlf b/packages/elements/xliff/zh-HK.xlf
index ccec972b95f1..823a36418b23 100644
--- a/packages/elements/xliff/zh-HK.xlf
+++ b/packages/elements/xliff/zh-HK.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/packages/elements/xliff/zh-TW.xlf b/packages/elements/xliff/zh-TW.xlf
index 718b58ddcc72..169de1214051 100644
--- a/packages/elements/xliff/zh-TW.xlf
+++ b/packages/elements/xliff/zh-TW.xlf
@@ -5,9 +5,6 @@
 <trans-unit id="general.title">
   <source>Title</source>
 </trans-unit>
-<trans-unit id="general.content">
-  <source>Content</source>
-</trans-unit>
 <trans-unit id="general.actions">
   <source>Actions</source>
 </trans-unit>
@@ -42,6 +39,12 @@
   <source>Person Doe</source>
   <note from="lit-localize">The placeholder for the name input field.</note>
 </trans-unit>
+<trans-unit id="account.profile.no-user">
+  <source>No user provided.</source>
+</trans-unit>
+<trans-unit id="general.save">
+  <source>Save</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 8593912e62de..ecdde142e7e1 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3579,6 +3579,9 @@ importers:
       '@lit/localize-tools':
         specifier: ^0.7.2
         version: 0.7.2
+      '@logto/schemas':
+        specifier: workspace:^1.18.0
+        version: link:../schemas
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)

From 85545d4cee4ca1b3eadc21c124b7e07f12ad8965 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 19 Jul 2024 17:46:55 +0800
Subject: [PATCH 065/135] feat(elements): update name

---
 packages/console/src/pages/Profile/index.tsx  | 106 +++++++++---------
 packages/core/src/middleware/koa-cors.ts      |   4 +
 packages/elements/index.html                  |   2 +-
 packages/elements/package.json                |   1 +
 .../src/elements/logto-profile-card.ts        |  20 +++-
 packages/elements/src/index.ts                |   6 +-
 .../src/providers/logto-user-provider.ts      |  37 ++++--
 packages/elements/src/react.ts                |   7 ++
 packages/elements/src/utils/api.ts            |  22 ++++
 pnpm-lock.yaml                                |   3 +
 10 files changed, 141 insertions(+), 67 deletions(-)
 create mode 100644 packages/elements/src/utils/api.ts

diff --git a/packages/console/src/pages/Profile/index.tsx b/packages/console/src/pages/Profile/index.tsx
index aa71c15acd8a..77e5e0676456 100644
--- a/packages/console/src/pages/Profile/index.tsx
+++ b/packages/console/src/pages/Profile/index.tsx
@@ -36,7 +36,7 @@ if (isDevFeaturesEnabled) {
   initLocalization();
 }
 
-const { LogtoProfileCard, LogtoThemeProvider } = createReactComponents(React);
+const { LogtoProfileCard, LogtoThemeProvider, LogtoUserProvider } = createReactComponents(React);
 
 function Profile() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
@@ -70,60 +70,62 @@ function Profile() {
   return (
     <AppBoundary>
       <LogtoThemeProvider theme="dark">
-        <div className={styles.pageContainer}>
-          <Topbar hideTenantSelector hideTitle />
-          <OverlayScrollbar className={styles.scrollable}>
-            <div className={styles.wrapper}>
-              <PageMeta titleKey="profile.page_title" />
-              <div className={pageLayout.headline}>
-                <CardTitle title="profile.title" subtitle="profile.description" />
-              </div>
-              {showLoadingSkeleton && <Skeleton />}
-              {isDevFeaturesEnabled && <LogtoProfileCard />}
-              {user && !showLoadingSkeleton && (
-                <div className={styles.content}>
-                  <BasicUserInfoSection user={user} onUpdate={reload} />
-                  {isCloud && (
-                    <LinkAccountSection user={user} connectors={connectors} onUpdate={reload} />
-                  )}
-                  <FormCard title="profile.password.title">
-                    <CardContent
-                      title="profile.password.password_setting"
-                      data={[
-                        {
-                          key: 'password',
-                          label: 'profile.password.password',
-                          value: user.hasPassword,
-                          renderer: (value) => (value ? <span>********</span> : <NotSet />),
-                          action: {
-                            name: 'profile.change',
-                            handler: () => {
-                              navigate(user.hasPassword ? 'verify-password' : 'change-password', {
-                                state: { email: user.primaryEmail, action: 'changePassword' },
-                              });
+        <LogtoUserProvider api={api}>
+          <div className={styles.pageContainer}>
+            <Topbar hideTenantSelector hideTitle />
+            <OverlayScrollbar className={styles.scrollable}>
+              <div className={styles.wrapper}>
+                <PageMeta titleKey="profile.page_title" />
+                <div className={pageLayout.headline}>
+                  <CardTitle title="profile.title" subtitle="profile.description" />
+                </div>
+                {showLoadingSkeleton && <Skeleton />}
+                {isDevFeaturesEnabled && <LogtoProfileCard />}
+                {user && !showLoadingSkeleton && (
+                  <div className={styles.content}>
+                    <BasicUserInfoSection user={user} onUpdate={reload} />
+                    {isCloud && (
+                      <LinkAccountSection user={user} connectors={connectors} onUpdate={reload} />
+                    )}
+                    <FormCard title="profile.password.title">
+                      <CardContent
+                        title="profile.password.password_setting"
+                        data={[
+                          {
+                            key: 'password',
+                            label: 'profile.password.password',
+                            value: user.hasPassword,
+                            renderer: (value) => (value ? <span>********</span> : <NotSet />),
+                            action: {
+                              name: 'profile.change',
+                              handler: () => {
+                                navigate(user.hasPassword ? 'verify-password' : 'change-password', {
+                                  state: { email: user.primaryEmail, action: 'changePassword' },
+                                });
+                              },
                             },
                           },
-                        },
-                      ]}
-                    />
-                  </FormCard>
-                  {isCloud && (
-                    <FormCard title="profile.delete_account.title">
-                      <div className={styles.deleteAccount}>
-                        <div className={styles.description}>
-                          {t('profile.delete_account.description')}
-                        </div>
-                        <Button title="profile.delete_account.button" onClick={show} />
-                      </div>
-                      <DeleteAccountModal isOpen={showDeleteAccountModal} onClose={hide} />
+                        ]}
+                      />
                     </FormCard>
-                  )}
-                </div>
-              )}
-            </div>
-          </OverlayScrollbar>
-          {childrenRoutes}
-        </div>
+                    {isCloud && (
+                      <FormCard title="profile.delete_account.title">
+                        <div className={styles.deleteAccount}>
+                          <div className={styles.description}>
+                            {t('profile.delete_account.description')}
+                          </div>
+                          <Button title="profile.delete_account.button" onClick={show} />
+                        </div>
+                        <DeleteAccountModal isOpen={showDeleteAccountModal} onClose={hide} />
+                      </FormCard>
+                    )}
+                  </div>
+                )}
+              </div>
+            </OverlayScrollbar>
+            {childrenRoutes}
+          </div>
+        </LogtoUserProvider>
       </LogtoThemeProvider>
     </AppBoundary>
   );
diff --git a/packages/core/src/middleware/koa-cors.ts b/packages/core/src/middleware/koa-cors.ts
index f67968fdc477..89c3c3493eaf 100644
--- a/packages/core/src/middleware/koa-cors.ts
+++ b/packages/core/src/middleware/koa-cors.ts
@@ -11,6 +11,10 @@ export default function koaCors<StateT, ContextT, ResponseBodyT>(
     origin: (ctx) => {
       const { origin } = ctx.request.headers;
 
+      if (!EnvSet.values.isProduction) {
+        return origin ?? '';
+      }
+
       if (
         origin &&
         urlSets.some((set) => {
diff --git a/packages/elements/index.html b/packages/elements/index.html
index ecc395bd1204..1f35da6f3376 100644
--- a/packages/elements/index.html
+++ b/packages/elements/index.html
@@ -10,7 +10,7 @@
 
 <body style="background: #111;">
   <logto-theme-provider theme="dark">
-    <logto-user-provider user='{"name": "Johnny Silverhand", "avatar": "https://github.com/logto-io.png"}'>
+    <logto-user-provider>
       <logto-profile-card></logto-profile-card>
     </logto-user-provider>
   </logto-theme-provider>
diff --git a/packages/elements/package.json b/packages/elements/package.json
index e08c8a5b294e..d98b92d1994c 100644
--- a/packages/elements/package.json
+++ b/packages/elements/package.json
@@ -51,6 +51,7 @@
     "@lit/localize": "^0.12.1",
     "@lit/react": "^1.0.5",
     "@silverhand/essentials": "^2.9.1",
+    "ky": "^1.2.3",
     "lit": "^3.1.4"
   },
   "devDependencies": {
diff --git a/packages/elements/src/elements/logto-profile-card.ts b/packages/elements/src/elements/logto-profile-card.ts
index 568897f3d352..6644aeb6f0c7 100644
--- a/packages/elements/src/elements/logto-profile-card.ts
+++ b/packages/elements/src/elements/logto-profile-card.ts
@@ -25,6 +25,9 @@ export class LogtoProfileCard extends LitElement {
   @state()
   updateNameOpened = false;
 
+  @state()
+  name = '';
+
   render() {
     const user = this.userContext?.user;
 
@@ -74,6 +77,7 @@ export class LogtoProfileCard extends LitElement {
                   size="small"
                   @click=${() => {
                     this.updateNameOpened = true;
+                    this.name = user.name ?? '';
                   }}
                 >
                   ${msg('Update', { id: 'general.update' })}
@@ -100,10 +104,22 @@ export class LogtoProfileCard extends LitElement {
                 id: 'account.profile.personal-info.name-placeholder',
                 desc: 'The placeholder for the name input field.',
               })}
-              value=""
+              .value=${this.name}
+              @input=${(event: InputEvent) => {
+                // eslint-disable-next-line no-restricted-syntax
+                this.name = (event.target as HTMLInputElement).value;
+              }}
             />
           </logto-text-input>
-          <logto-button slot="footer" size="large" type="primary">
+          <logto-button
+            slot="footer"
+            size="large"
+            type="primary"
+            @click=${async () => {
+              await this.userContext?.updateUser({ name: this.name });
+              this.updateNameOpened = false;
+            }}
+          >
             ${msg('Save', { id: 'general.save' })}
           </logto-button>
         </logto-modal-layout>
diff --git a/packages/elements/src/index.ts b/packages/elements/src/index.ts
index 566659ed93b4..fdd0920e89ef 100644
--- a/packages/elements/src/index.ts
+++ b/packages/elements/src/index.ts
@@ -10,5 +10,9 @@ export * from './components/logto-modal-layout.js';
 export * from './components/logto-modal.js';
 export * from './components/logto-text-input.js';
 export * from './elements/logto-profile-card.js';
-export * from './utils/locale.js';
+
 export * from './providers/logto-theme-provider.js';
+export * from './providers/logto-user-provider.js';
+
+export * from './utils/api.js';
+export * from './utils/locale.js';
diff --git a/packages/elements/src/providers/logto-user-provider.ts b/packages/elements/src/providers/logto-user-provider.ts
index 08ad1b1b6325..50b193dab922 100644
--- a/packages/elements/src/providers/logto-user-provider.ts
+++ b/packages/elements/src/providers/logto-user-provider.ts
@@ -1,10 +1,16 @@
 import { createContext, provide } from '@lit/context';
 import { type UserInfo } from '@logto/schemas';
+import { noop } from '@silverhand/essentials';
 import { LitElement, type PropertyValues, html } from 'lit';
 import { customElement, property } from 'lit/decorators.js';
 
+import { LogtoAccountApi } from '../utils/api.js';
+
 /** @see {@link UserContext} */
-export type UserContextType = { user?: UserInfo };
+export type UserContextType = Readonly<{
+  user?: UserInfo;
+  updateUser: (user: Partial<UserInfo>) => void | Promise<void>;
+}>;
 
 /**
  * Context for the current user. It's a fundamental context for the account-related elements.
@@ -12,7 +18,9 @@ export type UserContextType = { user?: UserInfo };
 export const UserContext = createContext<UserContextType>('modal-context');
 
 /** The default value for the user context. */
-export const userContext: UserContextType = {};
+export const userContext: UserContextType = Object.freeze({
+  updateUser: noop,
+});
 
 const tagName = 'logto-user-provider';
 
@@ -24,23 +32,30 @@ export class LogtoUserProvider extends LitElement {
   context = userContext;
 
   @property({ type: Object })
-  user?: UserInfo;
+  api!: LogtoAccountApi | ConstructorParameters<typeof LogtoAccountApi>[0];
 
   render() {
     return html`<slot></slot>`;
   }
 
-  protected handlePropertiesChange(changedProperties: PropertyValues) {
-    if (changedProperties.has('user')) {
-      this.context.user = this.user;
-    }
+  protected updateContext(context: Partial<UserContextType>) {
+    this.context = Object.freeze({ ...this.context, ...context });
   }
 
-  protected firstUpdated(changedProperties: PropertyValues): void {
-    this.handlePropertiesChange(changedProperties);
+  protected async handlePropertiesChange(changedProperties: PropertyValues) {
+    if (changedProperties.has('api')) {
+      const api = this.api instanceof LogtoAccountApi ? this.api : new LogtoAccountApi(this.api);
+      this.updateContext({
+        updateUser: async (user) => {
+          const updated = await api.updateUser(user);
+          this.updateContext({ user: updated });
+        },
+        user: await api.getUser(),
+      });
+    }
   }
 
-  protected updated(changedProperties: PropertyValues): void {
-    this.handlePropertiesChange(changedProperties);
+  protected firstUpdated(changedProperties: PropertyValues): void {
+    void this.handlePropertiesChange(changedProperties);
   }
 }
diff --git a/packages/elements/src/react.ts b/packages/elements/src/react.ts
index 28b363ae474b..1cf30681077b 100644
--- a/packages/elements/src/react.ts
+++ b/packages/elements/src/react.ts
@@ -6,9 +6,11 @@ import {
   LogtoFormCard,
   LogtoProfileCard,
   LogtoList,
+  LogtoUserProvider,
 } from './index.js';
 
 export * from './utils/locale.js';
+export * from './utils/api.js';
 
 export const createReactComponents = (react: Parameters<typeof createComponent>[0]['react']) => {
   return {
@@ -37,5 +39,10 @@ export const createReactComponents = (react: Parameters<typeof createComponent>[
       elementClass: LogtoThemeProvider,
       react,
     }),
+    LogtoUserProvider: createComponent({
+      tagName: LogtoUserProvider.tagName,
+      elementClass: LogtoUserProvider,
+      react,
+    }),
   };
 };
diff --git a/packages/elements/src/utils/api.ts b/packages/elements/src/utils/api.ts
new file mode 100644
index 000000000000..f912737962a5
--- /dev/null
+++ b/packages/elements/src/utils/api.ts
@@ -0,0 +1,22 @@
+import { type UserInfo } from '@logto/schemas';
+import originalKy, { type Options, type KyInstance } from 'ky';
+
+/**
+ * CAUTION: The current implementation is based on the admin tenant's `/me` API which is interim.
+ * The final implementation should be based on the Account API.
+ */
+export class LogtoAccountApi {
+  protected ky: KyInstance;
+
+  constructor(init: KyInstance | Options) {
+    this.ky = 'create' in init ? init : originalKy.create(init);
+  }
+
+  async getUser() {
+    return this.ky('me').json<UserInfo>();
+  }
+
+  async updateUser(user: Partial<UserInfo>) {
+    return this.ky.patch('me', { json: user }).json<UserInfo>();
+  }
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index ecdde142e7e1..d22e1a5a12f6 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3572,6 +3572,9 @@ importers:
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
+      ky:
+        specifier: ^1.2.3
+        version: 1.2.3
       lit:
         specifier: ^3.1.4
         version: 3.1.4

From def21c7bca51fdd32f85f9a29018f0345c155683 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 11:50:47 +0800
Subject: [PATCH 066/135] feat(console,phrases): add bring your UI feature
 paywall (#6275)

feat(console,phrases): add bring your ui feature paywall
---
 .../CustomUiAssetsUploader/index.tsx          |  5 +++-
 .../src/components/FeatureTag/index.tsx       |  2 +-
 .../ds-components/FormField/index.module.scss |  4 ++++
 .../src/ds-components/FormField/index.tsx     |  4 ++++
 .../Uploader/FileUploader/index.module.scss   | 16 +++++++++++--
 .../Uploader/FileUploader/index.tsx           |  6 ++++-
 .../Branding/CustomUiForm/index.module.scss   |  6 +++++
 .../Branding/CustomUiForm/index.tsx           | 23 ++++++++++++++++++-
 .../admin-console/upsell/paywall.ts           |  2 ++
 9 files changed, 62 insertions(+), 6 deletions(-)

diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.tsx b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
index 79b240d817a8..4a1e290b8c9a 100644
--- a/packages/console/src/components/CustomUiAssetsUploader/index.tsx
+++ b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
@@ -15,11 +15,13 @@ import * as styles from './index.module.scss';
 type Props = {
   readonly value?: CustomUiAssets;
   readonly onChange: (value: CustomUiAssets) => void;
+  // eslint-disable-next-line react/boolean-prop-naming
+  readonly disabled?: boolean;
 };
 
 const allowedMimeTypes: AllowedUploadMimeType[] = ['application/zip'];
 
-function CustomUiAssetsUploader({ value, onChange }: Props) {
+function CustomUiAssetsUploader({ value, onChange, disabled }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const [file, setFile] = useState<File>();
   const [error, setError] = useState<string>();
@@ -48,6 +50,7 @@ function CustomUiAssetsUploader({ value, onChange }: Props) {
   if (showUploader) {
     return (
       <FileUploader<{ customUiAssetId: string }>
+        disabled={disabled}
         allowedMimeTypes={allowedMimeTypes}
         maxSize={maxUploadFileSize}
         uploadUrl="api/sign-in-exp/default/custom-ui-assets"
diff --git a/packages/console/src/components/FeatureTag/index.tsx b/packages/console/src/components/FeatureTag/index.tsx
index 6363a58518ab..cfec1dc5288b 100644
--- a/packages/console/src/components/FeatureTag/index.tsx
+++ b/packages/console/src/components/FeatureTag/index.tsx
@@ -8,7 +8,7 @@ import * as styles from './index.module.scss';
 
 export { default as BetaTag } from './BetaTag';
 
-type Props = {
+export type Props = {
   /**
    * Whether the tag should be visible. It should be `true` if the tenant's subscription
    * plan has NO access to the feature (paywall), but it will always be visible for dev
diff --git a/packages/console/src/ds-components/FormField/index.module.scss b/packages/console/src/ds-components/FormField/index.module.scss
index 0a9a632540a6..ed38b54a941f 100644
--- a/packages/console/src/ds-components/FormField/index.module.scss
+++ b/packages/console/src/ds-components/FormField/index.module.scss
@@ -34,6 +34,10 @@
     font: var(--font-body-2);
     color: var(--color-text-secondary);
   }
+
+  .featureTag {
+    margin-left: _.unit(2);
+  }
 }
 
 .description {
diff --git a/packages/console/src/ds-components/FormField/index.tsx b/packages/console/src/ds-components/FormField/index.tsx
index d9ac103e7e1c..1a2ada001d1a 100644
--- a/packages/console/src/ds-components/FormField/index.tsx
+++ b/packages/console/src/ds-components/FormField/index.tsx
@@ -4,6 +4,7 @@ import type { ReactElement, ReactNode } from 'react';
 import { useTranslation } from 'react-i18next';
 
 import Tip from '@/assets/icons/tip.svg';
+import FeatureTag, { type Props as FeatureTagProps } from '@/components/FeatureTag';
 
 import type DangerousRaw from '../DangerousRaw';
 import DynamicT from '../DynamicT';
@@ -25,6 +26,7 @@ export type Props = {
   readonly headlineSpacing?: 'default' | 'large';
   readonly headlineClassName?: string;
   readonly tip?: ToggleTipProps['content'];
+  readonly featureTag?: FeatureTagProps;
 };
 
 function FormField({
@@ -37,6 +39,7 @@ function FormField({
   className,
   headlineSpacing = 'default',
   tip,
+  featureTag,
   headlineClassName,
 }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
@@ -63,6 +66,7 @@ function FormField({
             </IconButton>
           </ToggleTip>
         )}
+        {featureTag && <FeatureTag {...featureTag} className={styles.featureTag} />}
         <Spacer />
         {isRequired && <div className={styles.required}>{t('general.required')}</div>}
       </div>
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
index 77569e8821c2..4aaef09ab6b8 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
@@ -33,7 +33,19 @@
     }
   }
 
-  &:hover {
+  &.disabled {
+    cursor: not-allowed;
+    border-color: var(--color-disabled);
+    color: var(--color-disabled);
+
+    .placeholder {
+      .icon {
+        color: var(--color-disabled);
+      }
+    }
+  }
+
+  &:not(.disabled):hover {
     cursor: pointer;
     border-color: var(--color-primary);
 
@@ -44,7 +56,7 @@
     }
   }
 
-  &.dragActive {
+  &:not(.disabled).dragActive {
     cursor: copy;
     background-color: var(--color-hover-variant);
     border-color: var(--color-primary);
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
index e9ea1415c119..4e067723fbab 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
@@ -15,6 +15,8 @@ import { Ring } from '../../Spinner';
 import * as styles from './index.module.scss';
 
 export type Props<T extends Record<string, unknown> = UserAssets> = {
+  // eslint-disable-next-line react/boolean-prop-naming
+  readonly disabled?: boolean;
   readonly maxSize: number; // In bytes
   readonly allowedMimeTypes: AllowedUploadMimeType[];
   readonly actionDescription?: string;
@@ -33,6 +35,7 @@ export type Props<T extends Record<string, unknown> = UserAssets> = {
 };
 
 function FileUploader<T extends Record<string, unknown> = UserAssets>({
+  disabled,
   maxSize,
   allowedMimeTypes,
   actionDescription,
@@ -121,7 +124,7 @@ function FileUploader<T extends Record<string, unknown> = UserAssets>({
 
   const { getRootProps, getInputProps, isDragActive } = useDropzone({
     onDrop,
-    disabled: isUploading,
+    disabled: isUploading || disabled,
     multiple: false,
     accept: Object.fromEntries(allowedMimeTypes.map((mimeType) => [mimeType, []])),
   });
@@ -133,6 +136,7 @@ function FileUploader<T extends Record<string, unknown> = UserAssets>({
         styles.uploader,
         Boolean(uploadError) && styles.uploaderError,
         isDragActive && styles.dragActive,
+        disabled && styles.disabled,
         className
       )}
     >
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.module.scss b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.module.scss
index a423521c3cad..8ca9f7e321e3 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.module.scss
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.module.scss
@@ -1,4 +1,10 @@
+@use '@/scss/underscore' as _;
+
 .customCssCodeEditor {
   max-height: calc(100vh - 260px);
   min-height: 132px; // min-height to show three lines of code
 }
+
+.upsell {
+  margin-top: _.unit(3);
+}
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
index a5b82f6d0140..68185ef5e7e0 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
@@ -1,8 +1,12 @@
+import { ReservedPlanId } from '@logto/schemas';
+import { useContext } from 'react';
 import { Controller, useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
 
 import CustomUiAssetsUploader from '@/components/CustomUiAssetsUploader';
+import InlineUpsell from '@/components/InlineUpsell';
 import { isDevFeaturesEnabled } from '@/consts/env';
+import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Card from '@/ds-components/Card';
 import CodeEditor from '@/ds-components/CodeEditor';
 import FormField from '@/ds-components/FormField';
@@ -18,6 +22,8 @@ function CustomUiForm() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { getDocumentationUrl } = useDocumentationUrl();
   const { control } = useFormContext<SignInExperienceForm>();
+  const { currentPlan } = useContext(SubscriptionDataContext);
+  const isBringYourUiEnabled = currentPlan.quota.bringYourUiEnabled;
 
   return (
     <Card>
@@ -79,14 +85,29 @@ function CustomUiForm() {
             </Trans>
           }
           descriptionPosition="top"
+          featureTag={{
+            isVisible: !isBringYourUiEnabled,
+            plan: ReservedPlanId.Pro,
+          }}
         >
           <Controller
             name="customUiAssets"
             control={control}
             render={({ field: { onChange, value } }) => (
-              <CustomUiAssetsUploader value={value} onChange={onChange} />
+              <CustomUiAssetsUploader
+                disabled={!isBringYourUiEnabled}
+                value={value}
+                onChange={onChange}
+              />
             )}
           />
+          {!isBringYourUiEnabled && (
+            <InlineUpsell
+              className={brandingStyles.upsell}
+              for="bring_your_ui"
+              actionButtonText="upsell.view_plans"
+            />
+          )}
         </FormField>
       )}
     </Card>
diff --git a/packages/phrases/src/locales/en/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/en/translation/admin-console/upsell/paywall.ts
index e8cac1dfcc2c..ece1bf8e43a3 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       "Upgrade to a paid plan for custom JWT functionality and premium benefits. Don't hesitate to <a>contact us</a> if you have any questions.",
   },
+  bring_your_ui:
+    'Upgrade to a paid plan for bring your custom UI functionality and premium benefits.',
 };
 
 export default Object.freeze(paywall);

From a48b7cf91476d9b61d0d14dbce425e167198954f Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 22 Jul 2024 12:11:57 +0800
Subject: [PATCH 067/135] chore: update README.md (#6297)

* chore: update README.md

* chore: add awesome list
---
 AWESOME.md | 11 +++++++++++
 README.md  |  7 ++++---
 2 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 AWESOME.md

diff --git a/AWESOME.md b/AWESOME.md
new file mode 100644
index 000000000000..5b4a0dfb1045
--- /dev/null
+++ b/AWESOME.md
@@ -0,0 +1,11 @@
+# Logto awesome
+
+Here's the list of awesome community-contributed resources for Logto. Feel free to add yours by submitting a pull request.
+
+## Account
+
+- [Logto Account Dashboard](https://github.com/t2vee/Logto-Account-Dashboard) by @t2vee
+
+## API
+
+- [Go API client for logto](https://github.com/mostafa/go-api-client) by @mostafa
diff --git a/README.md b/README.md
index 35d061471780..889aa2d71a3e 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ Logto[^info] is an Auth0 alternative designed for modern apps and SaaS products.
 - Enables OIDC-based authentication with Logto SDKs.
 - Supports passwordless sign-in, along with various options like email, phone number, username, Google, Facebook, and other social sign-in methods.
 - Offers beautiful UI components with customizable CSS to suit your business needs.
+- Has an open community with many warm-hearted contributors and users. Check out our [awesome list](./AWESOME.md) of community-contributed resources.
 
 📦 **Out-of-the-box infrastructure**
 
@@ -37,12 +38,12 @@ Logto[^info] is an Auth0 alternative designed for modern apps and SaaS products.
 - Implements role-based access control (RBAC) for scalable role authorization, catering to a wide range of use cases.
 - Facilitates user management and provides audit logs for understanding identity-related user information and maintaining security.
 - Enables single sign-on (SSO) and multi-factor authentication (MFA) without extra coding.
-- Leverages Logto Organizations to build multi-tenancy apps with ease.
+- Leverages Logto organizations to build multi-tenancy apps with ease.
 
 In a more approachable way, we refer to this solution as "[Customer Identity Access Management (CIAM)](https://en.wikipedia.org/wiki/Customer_identity_access_management)" or simply, the "Customer Identity Solution."
 
-[Subscribe to us](https://logto.io/subscribe/?utm_source=github&utm_medium=repo_logto) now to stay updated with the latest information about the Logto Cloud (SaaS) and receive feature updates in real-time.
-
+> [!IMPORTANT]
+> [Subscribe to us](https://logto.io/subscribe/?utm_source=github&utm_medium=repo_logto) now to stay updated with the latest information about the Logto Cloud (SaaS) and receive feature updates in real-time.
 
 ## Get started
 

From 94e692aa979f30d513a4f14c68afe85349bdfb61 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Mon, 22 Jul 2024 13:16:00 +0800
Subject: [PATCH 068/135] style(experience): improve notched border animation
 (#6296)

---
 .../InputFields/InputField/NotchedBorder/index.module.scss | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
index 8334a63121f3..e063b0cfebcb 100644
--- a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
+++ b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.module.scss
@@ -48,15 +48,16 @@
 
   .label {
     position: absolute;
-    left: _.unit(4);
+    left: _.unit(3.5);
     font: var(--font-body-1);
     color: var(--color-type-secondary);
     pointer-events: none;
     top: 48%;
     transform: translateY(-50%);
     transition: 0.2s ease-out;
-    transition-property: position, font, top;
+    transition-property: position, font, top, color;
     background-color: transparent;
+    padding: 0 _.unit(1);
     z-index: 1;
   }
 
@@ -71,10 +72,8 @@
 
     .label {
       top: -1px;
-      left: _.unit(3.5);
       font: var(--font-body-3);
       color: var(--color-type-secondary);
-      padding: 0 _.unit(1);
     }
   }
 

From 3538b1efd7b9ef5f3d8e9e6c7a70968e753a591b Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 13:39:39 +0800
Subject: [PATCH 069/135] fix(console): sidebar width should not be shrunk
 (#6299)

---
 .../src/containers/ConsoleContent/Sidebar/index.module.scss      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss b/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
index 2fc004c1d528..c0d8e7ab7355 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
@@ -4,4 +4,5 @@
   width: 248px;
   overflow-y: auto;
   margin-bottom: _.unit(6);
+  flex-shrink: 0;
 }

From f56aeb850bc5d6c057d2a5fc145a904c08770537 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 22 Jul 2024 14:06:24 +0800
Subject: [PATCH 070/135] refactor(core): extract password-validator (#6282)

* refactor(core): extract password-validator

extract password validator

* fix(core): update comments and rename method name

update comment and rename method name
---
 .../classes/experience-interaction.ts         |  2 +-
 .../routes/experience/classes/utils.test.ts   | 16 +-----
 .../src/routes/experience/classes/utils.ts    | 18 ------
 .../classes/validators/password-validator.ts  | 57 +++++++++++++++++++
 .../classes/validators/profile-validator.ts   | 25 +-------
 .../sign-in-experience-validator.ts           | 19 ++-----
 .../new-password-identity-verification.ts     | 22 +++----
 .../new-password-identity-verification.ts     |  9 +--
 8 files changed, 80 insertions(+), 88 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/validators/password-validator.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 16754d0f679c..672d9bfc81ac 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -98,7 +98,7 @@ export default class ExperienceInteraction {
     this.#profile = profile;
 
     // Profile validator requires the userId for existing user profile update validation
-    this.profileValidator = new ProfileValidator(libraries, queries, userId);
+    this.profileValidator = new ProfileValidator(libraries, queries);
 
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
diff --git a/packages/core/src/routes/experience/classes/utils.test.ts b/packages/core/src/routes/experience/classes/utils.test.ts
index dbe1f3507546..02a146cbd01c 100644
--- a/packages/core/src/routes/experience/classes/utils.test.ts
+++ b/packages/core/src/routes/experience/classes/utils.test.ts
@@ -2,7 +2,7 @@ import { type InteractionIdentifier, SignInIdentifier } from '@logto/schemas';
 
 import { type InteractionProfile } from '../types.js';
 
-import { interactionIdentifierToUserProfile, profileToUserInfo } from './utils.js';
+import { interactionIdentifierToUserProfile } from './utils.js';
 
 const identifierToProfileTestCase = [
   {
@@ -35,18 +35,4 @@ describe('experience utils tests', () => {
       expect(interactionIdentifierToUserProfile(identifier)).toEqual(expected);
     }
   );
-  it('profileToUserInfo', () => {
-    expect(
-      profileToUserInfo({
-        username: 'username',
-        primaryEmail: 'email',
-        primaryPhone: 'phone',
-      })
-    ).toEqual({
-      name: undefined,
-      username: 'username',
-      email: 'email',
-      phoneNumber: 'phone',
-    });
-  });
 });
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index fe0011e52f45..e2949d8ec006 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -1,4 +1,3 @@
-import { type UserInfo } from '@logto/core-kit';
 import {
   SignInIdentifier,
   VerificationType,
@@ -158,23 +157,6 @@ export function interactionIdentifierToUserProfile(
   }
 }
 
-/**
- * This function is used to convert the interaction profile to the UserInfo format.
- * It will be used by the PasswordPolicyChecker to check the password policy against the user profile.
- */
-export function profileToUserInfo(
-  profile: Pick<InteractionProfile, 'name' | 'username' | 'primaryEmail' | 'primaryPhone'>
-): UserInfo {
-  const { name, username, primaryEmail, primaryPhone } = profile;
-
-  return {
-    name: name ?? undefined,
-    username: username ?? undefined,
-    email: primaryEmail ?? undefined,
-    phoneNumber: primaryPhone ?? undefined,
-  };
-}
-
 export const codeVerificationIdentifierRecordTypeMap = Object.freeze({
   [SignInIdentifier.Email]: VerificationType.EmailVerificationCode,
   [SignInIdentifier.Phone]: VerificationType.PhoneVerificationCode,
diff --git a/packages/core/src/routes/experience/classes/validators/password-validator.ts b/packages/core/src/routes/experience/classes/validators/password-validator.ts
new file mode 100644
index 000000000000..edc0693200ac
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/validators/password-validator.ts
@@ -0,0 +1,57 @@
+import { PasswordPolicyChecker, type UserInfo } from '@logto/core-kit';
+import { type SignInExperience, type User } from '@logto/schemas';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import { encryptUserPassword } from '#src/libraries/user.utils.js';
+
+import { type InteractionProfile } from '../../types.js';
+
+function getUserInfo({
+  user,
+  profile,
+}: {
+  user?: User;
+  profile?: Pick<InteractionProfile, 'name' | 'username' | 'primaryEmail' | 'primaryPhone'>;
+}): UserInfo {
+  return {
+    name: profile?.name ?? user?.name ?? undefined,
+    username: profile?.username ?? user?.username ?? undefined,
+    email: profile?.primaryEmail ?? user?.primaryEmail ?? undefined,
+    phoneNumber: profile?.primaryPhone ?? user?.primaryPhone ?? undefined,
+  };
+}
+
+export class PasswordValidator {
+  public readonly passwordPolicyChecker: PasswordPolicyChecker;
+
+  constructor(
+    private readonly passwordPolicy: SignInExperience['passwordPolicy'],
+    private readonly user?: User
+  ) {
+    this.passwordPolicyChecker = new PasswordPolicyChecker(passwordPolicy);
+  }
+
+  /**
+   * Validate password against the password policy
+   * @throws {RequestError} with status 422 if the password does not meet the policy
+   */
+  public async validatePassword(password: string, profile: InteractionProfile) {
+    const userInfo = getUserInfo({
+      user: this.user,
+      profile,
+    });
+
+    const issues = await this.passwordPolicyChecker.check(
+      password,
+      this.passwordPolicyChecker.policy.rejects.userInfo ? userInfo : {}
+    );
+
+    if (issues.length > 0) {
+      throw new RequestError({ code: 'password.rejected', status: 422 }, { issues });
+    }
+  }
+
+  public async createPasswordDigest(password: string) {
+    return encryptUserPassword(password);
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/validators/profile-validator.ts b/packages/core/src/routes/experience/classes/validators/profile-validator.ts
index dc6a5848981b..f5eb01d14667 100644
--- a/packages/core/src/routes/experience/classes/validators/profile-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/profile-validator.ts
@@ -1,5 +1,3 @@
-import { type PasswordPolicyChecker, type UserInfo } from '@logto/core-kit';
-
 import RequestError from '#src/errors/RequestError/index.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
@@ -10,9 +8,7 @@ import type { InteractionProfile } from '../../types.js';
 export class ProfileValidator {
   constructor(
     private readonly libraries: Libraries,
-    private readonly queries: Queries,
-    /** UserId is required for existing user profile update validation */
-    private readonly userId?: string
+    private readonly queries: Queries
   ) {}
 
   public async guardProfileUniquenessAcrossUsers(profile: InteractionProfile) {
@@ -82,23 +78,4 @@ export class ProfileValidator {
       );
     }
   }
-
-  /**
-   * Validate password against the given password policy
-   * throw a {@link RequestError} -422 if the password is invalid; otherwise, do nothing.
-   */
-  public async validatePassword(
-    password: string,
-    passwordPolicyChecker: PasswordPolicyChecker,
-    userInfo: UserInfo = {}
-  ) {
-    const issues = await passwordPolicyChecker.check(
-      password,
-      passwordPolicyChecker.policy.rejects.userInfo ? userInfo : {}
-    );
-
-    if (issues.length > 0) {
-      throw new RequestError({ code: 'password.rejected', status: 422 }, { issues });
-    }
-  }
 }
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
index 08b912ae2940..201db65a9ad7 100644
--- a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
+++ b/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
@@ -1,6 +1,3 @@
-import crypto from 'node:crypto';
-
-import { PasswordPolicyChecker } from '@logto/core-kit';
 import {
   InteractionEvent,
   type SignInExperience,
@@ -46,7 +43,6 @@ const getEmailIdentifierFromVerificationRecord = (verificationRecord: Verificati
  */
 export class SignInExperienceValidator {
   private signInExperienceDataCache?: SignInExperience;
-  #passwordPolicyChecker?: PasswordPolicyChecker;
 
   constructor(
     private readonly libraries: Libraries,
@@ -119,6 +115,12 @@ export class SignInExperienceValidator {
     return mfa;
   }
 
+  public async getPasswordPolicy() {
+    const { passwordPolicy } = await this.getSignInExperienceData();
+
+    return passwordPolicy;
+  }
+
   public async getSignInExperienceData() {
     this.signInExperienceDataCache ||=
       await this.queries.signInExperiences.findDefaultSignInExperience();
@@ -126,15 +128,6 @@ export class SignInExperienceValidator {
     return this.signInExperienceDataCache;
   }
 
-  public async getPasswordPolicyChecker() {
-    if (!this.#passwordPolicyChecker) {
-      const { passwordPolicy } = await this.getSignInExperienceData();
-      this.#passwordPolicyChecker = new PasswordPolicyChecker(passwordPolicy, crypto.subtle);
-    }
-
-    return this.#passwordPolicyChecker;
-  }
-
   /**
    * Guard the verification records contains email identifier with SSO enabled
    *
diff --git a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
index bb40c3b1284d..8b51787f87d6 100644
--- a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
@@ -1,5 +1,4 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import { type PasswordPolicyChecker } from '@logto/core-kit';
 import {
   type InteractionIdentifier,
   interactionIdentifierGuard,
@@ -10,13 +9,14 @@ import { generateStandardId } from '@logto/shared';
 import { z } from 'zod';
 
 import RequestError from '#src/errors/RequestError/index.js';
-import { encryptUserPassword } from '#src/libraries/user.utils.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { interactionIdentifierToUserProfile, profileToUserInfo } from '../utils.js';
+import { interactionIdentifierToUserProfile } from '../utils.js';
+import { PasswordValidator } from '../validators/password-validator.js';
 import { ProfileValidator } from '../validators/profile-validator.js';
+import { SignInExperienceValidator } from '../validators/sign-in-experience-validator.js';
 
 import { type VerificationRecord } from './verification-record.js';
 
@@ -68,6 +68,7 @@ export class NewPasswordIdentityVerification
   private passwordEncryptionMethod?: UsersPasswordEncryptionMethod.Argon2i;
 
   private readonly profileValidator: ProfileValidator;
+  private readonly signInExperienceValidator: SignInExperienceValidator;
 
   constructor(
     private readonly libraries: Libraries,
@@ -81,6 +82,7 @@ export class NewPasswordIdentityVerification
     this.passwordEncrypted = passwordEncrypted;
     this.passwordEncryptionMethod = passwordEncryptionMethod;
     this.profileValidator = new ProfileValidator(libraries, queries);
+    this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
   }
 
   get isVerified() {
@@ -93,19 +95,17 @@ export class NewPasswordIdentityVerification
    * - Check if the identifier is unique across users
    * - Validate the password against the password policy
    */
-  async verify(password: string, passwordPolicyChecker: PasswordPolicyChecker) {
+  async verify(password: string) {
     const { identifier } = this;
     const identifierProfile = interactionIdentifierToUserProfile(identifier);
-
     await this.profileValidator.guardProfileUniquenessAcrossUsers(identifierProfile);
 
-    await this.profileValidator.validatePassword(
-      password,
-      passwordPolicyChecker,
-      profileToUserInfo(identifierProfile)
-    );
+    const passwordPolicy = await this.signInExperienceValidator.getPasswordPolicy();
+    const passwordValidator = new PasswordValidator(passwordPolicy);
+    await passwordValidator.validatePassword(password, identifierProfile);
 
-    const { passwordEncrypted, passwordEncryptionMethod } = await encryptUserPassword(password);
+    const { passwordEncrypted, passwordEncryptionMethod } =
+      await passwordValidator.createPasswordDigest(password);
 
     this.passwordEncrypted = passwordEncrypted;
     this.passwordEncryptionMethod = passwordEncryptionMethod;
diff --git a/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts b/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts
index d6def4b28ab3..2d41e7549341 100644
--- a/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/new-password-identity-verification.ts
@@ -33,14 +33,11 @@ export default function newPasswordIdentityVerificationRoutes<T extends WithLogC
         identifier
       );
 
-      const policyChecker =
-        await experienceInteraction.signInExperienceValidator.getPasswordPolicyChecker();
+      await newPasswordIdentityVerification.verify(password);
 
-      await newPasswordIdentityVerification.verify(password, policyChecker);
+      experienceInteraction.setVerificationRecord(newPasswordIdentityVerification);
 
-      ctx.experienceInteraction.setVerificationRecord(newPasswordIdentityVerification);
-
-      await ctx.experienceInteraction.save();
+      await experienceInteraction.save();
 
       ctx.body = { verificationId: newPasswordIdentityVerification.id };
 

From 4459924d04cdcce60efe5647274d89aeed9f8109 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 14:07:09 +0800
Subject: [PATCH 071/135] refactor(console): update file uploader component to
 80px fixed height

---
 .../ds-components/Uploader/FileUploader/index.module.scss   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
index 4aaef09ab6b8..2169a078fe72 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
@@ -1,9 +1,13 @@
 @use '@/scss/underscore' as _;
 
 .uploader {
+  display: flex;
+  align-items: center;
+  justify-content: center;
   border: 1px dashed var(--color-border);
   border-radius: 8px;
-  padding: _.unit(3.25);
+  padding: _.unit(2);
+  height: 80px;
 
   > input {
     display: none;

From 9af38c9e5e5706b7f73bdb377218720fbd7a73c8 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 22 Jul 2024 15:35:04 +0800
Subject: [PATCH 072/135] fix(core): should not sync registered identifier from
 social (#6283)

should not sync registered identifier from social
---
 .../verifications/social-verification.ts      | 10 ++++++--
 .../sign-in-interaction/social.test.ts        | 25 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/packages/core/src/routes/experience/classes/verifications/social-verification.ts b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
index 4284f6436763..5027272c7024 100644
--- a/packages/core/src/routes/experience/classes/verifications/social-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
@@ -210,9 +210,15 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
     const { name, avatar, email: primaryEmail, phone: primaryPhone } = this.socialUserInfo;
 
     if (isNewUser) {
+      const {
+        users: { hasUserWithEmail, hasUserWithPhone },
+      } = this.queries;
+
       return {
-        ...conditional(primaryEmail && { primaryEmail }),
-        ...conditional(primaryPhone && { primaryPhone }),
+        // Sync the email only if the email is not used by other users
+        ...conditional(primaryEmail && !(await hasUserWithEmail(primaryEmail)) && { primaryEmail }),
+        // Sync the phone only if the phone is not used by other users
+        ...conditional(primaryPhone && !(await hasUserWithPhone(primaryPhone)) && { primaryPhone }),
         ...conditional(name && { name }),
         ...conditional(avatar && { avatar }),
       };
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
index c74ed4bd0e89..e74d9fd0e8b1 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@@ -43,6 +43,31 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
     expect(primaryEmail).toBe(email);
   });
 
+  it('should successfully sign-up with social but not sync email if the email is registered by another user', async () => {
+    const { userProfile, user } = await generateNewUser({
+      primaryEmail: true,
+    });
+
+    const { primaryEmail } = userProfile;
+
+    const userId = await signInWithSocial(
+      connectorIdMap.get(mockSocialConnectorId)!,
+      {
+        id: generateStandardId(),
+        email: primaryEmail,
+      },
+      {
+        registerNewUser: true,
+      }
+    );
+
+    expect(userId).not.toBe(user.id);
+    const { primaryEmail: newUserPrimaryEmail } = await getUser(userId);
+    expect(newUserPrimaryEmail).toBeNull();
+
+    await Promise.all([deleteUser(userId), deleteUser(user.id)]);
+  });
+
   it('should successfully sign-in with social and sync name', async () => {
     const userId = await signInWithSocial(connectorIdMap.get(mockSocialConnectorId)!, {
       id: socialUserId,

From 1d8a33e7602e4d15e139a3064ffe94f2203b5ef8 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Mon, 22 Jul 2024 15:43:34 +0800
Subject: [PATCH 073/135] style(experience): use brand loading color for
 buttons (#6302)

---
 .../experience/src/Providers/AppBoundary/use-color-theme.ts     | 2 ++
 .../src/components/Button/SocialLinkButton.module.scss          | 2 +-
 packages/experience/src/components/Button/index.module.scss     | 2 +-
 packages/experience/src/scss/_colors.scss                       | 2 ++
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/experience/src/Providers/AppBoundary/use-color-theme.ts b/packages/experience/src/Providers/AppBoundary/use-color-theme.ts
index 5fb4f45582f4..20c2e754f1df 100644
--- a/packages/experience/src/Providers/AppBoundary/use-color-theme.ts
+++ b/packages/experience/src/Providers/AppBoundary/use-color-theme.ts
@@ -9,6 +9,7 @@ const generateLightColorLibrary = (primaryColor: color) => ({
   [`--color-brand-default`]: primaryColor.hex(),
   [`--color-brand-hover`]: absoluteLighten(primaryColor, 10).string(),
   [`--color-brand-pressed`]: absoluteDarken(primaryColor, 10).string(),
+  [`--color-brand-loading`]: absoluteLighten(primaryColor, 15).string(),
   [`--color-overlay-brand-focused`]: primaryColor.alpha(0.16).string(),
   [`--color-overlay-brand-hover`]: primaryColor.alpha(0.08).string(),
   [`--color-overlay-brand-pressed`]: primaryColor.alpha(0.12).string(),
@@ -18,6 +19,7 @@ const generateDarkColorLibrary = (primaryColor: color) => ({
   [`--color-brand-default`]: primaryColor.hex(),
   [`--color-brand-hover`]: absoluteLighten(primaryColor, 10).string(),
   [`--color-brand-pressed`]: absoluteDarken(primaryColor, 10).string(),
+  [`--color-brand-loading`]: absoluteDarken(primaryColor, 10).string(),
   [`--color-overlay-brand-focused`]: absoluteLighten(primaryColor, 30).rgb().alpha(0.16).string(),
   [`--color-overlay-brand-hover`]: absoluteLighten(primaryColor, 30).rgb().alpha(0.08).string(),
   [`--color-overlay-brand-pressed`]: absoluteLighten(primaryColor, 30).rgb().alpha(0.12).string(),
diff --git a/packages/experience/src/components/Button/SocialLinkButton.module.scss b/packages/experience/src/components/Button/SocialLinkButton.module.scss
index 8ae94cfe7581..1f0a5a148a89 100644
--- a/packages/experience/src/components/Button/SocialLinkButton.module.scss
+++ b/packages/experience/src/components/Button/SocialLinkButton.module.scss
@@ -16,7 +16,7 @@
   display: block;
   // To avoid the layout shift, add padding manually (keep the same size as the icon)
   padding: 0 1.5px;
-  color: var(--color-brand-70);
+  color: var(--color-brand-loading);
   font-size: 0;
   line-height: normal;
 }
diff --git a/packages/experience/src/components/Button/index.module.scss b/packages/experience/src/components/Button/index.module.scss
index ed47d52953d3..770ec64ca6e5 100644
--- a/packages/experience/src/components/Button/index.module.scss
+++ b/packages/experience/src/components/Button/index.module.scss
@@ -65,7 +65,7 @@
   }
 
   &.loading {
-    background-color: var(--color-brand-70);
+    background-color: var(--color-brand-loading);
   }
 }
 
diff --git a/packages/experience/src/scss/_colors.scss b/packages/experience/src/scss/_colors.scss
index 2952cb3918fa..da069002d0f5 100644
--- a/packages/experience/src/scss/_colors.scss
+++ b/packages/experience/src/scss/_colors.scss
@@ -80,6 +80,7 @@
   --color-brand-default: var(--color-brand-40);
   --color-brand-hover: var(--color-brand-50);
   --color-brand-pressed: var(--color-brand-30);
+  --color-brand-loading: var(--color-brand-60);
 
   /* Danger */
   --color-danger-default: var(--color-danger-40);
@@ -199,6 +200,7 @@
   --color-brand-default: var(--color-brand-70);
   --color-brand-hover: var(--color-brand-50);
   --color-brand-pressed: var(--color-brand-30);
+  --color-brand-loading: var(--color-brand-60);
 
   /* Danger */
   --color-danger-default: var(--color-danger-70);

From 58aea3fb7fd73e3c01b5a1532ee70443a2a293ff Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Mon, 22 Jul 2024 16:20:22 +0800
Subject: [PATCH 074/135] chore(console): remove dev feature guard (#6303)

---
 .../src/pages/CustomizeJwtDetails/utils/config.tsx  | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx b/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
index f66d6a7fa84d..278292ada611 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
@@ -10,7 +10,6 @@ import { type EditorProps } from '@monaco-editor/react';
 import TokenFileIcon from '@/assets/icons/token-file-icon.svg';
 import UserFileIcon from '@/assets/icons/user-file-icon.svg';
 
-import { isDevFeaturesEnabled } from '../../../consts/env.js';
 import type { ModelSettings } from '../MainContent/MonacoCodeEditor/type.js';
 
 import {
@@ -210,14 +209,10 @@ const defaultGrantContext: Partial<JwtCustomizerGrantContext> = {
   },
 };
 
-export const defaultUserTokenContextData = isDevFeaturesEnabled
-  ? {
-      user: defaultUserContext,
-      grant: defaultGrantContext,
-    }
-  : {
-      user: defaultUserContext,
-    };
+export const defaultUserTokenContextData = {
+  user: defaultUserContext,
+  grant: defaultGrantContext,
+};
 
 export const accessTokenPayloadTestModel: ModelSettings = {
   language: 'json',

From 080632a74402f81429d58bf23ffe2a2fac7d6301 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 22 Jul 2024 16:25:08 +0800
Subject: [PATCH 075/135] refactor(core): extract helpers and provision methods
 (#6285)

extract helpers and provision methods
---
 .../classes/experience-interaction.ts         |  55 +-------
 .../src/routes/experience/classes/helpers.ts  | 108 +++++++++++++++
 .../src/routes/experience/classes/utils.ts    | 103 +-------------
 .../{ => validators}/provision-library.ts     | 127 ++++++++++++++----
 4 files changed, 214 insertions(+), 179 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/helpers.ts
 rename packages/core/src/routes/experience/classes/{ => validators}/provision-library.ts (69%)

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 672d9bfc81ac..9dd36d12f0e3 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -1,6 +1,5 @@
 import { type ToZodObject } from '@logto/connector-kit';
 import { InteractionEvent, type User, type VerificationType } from '@logto/schemas';
-import { generateStandardId } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
@@ -11,14 +10,14 @@ import assertThat from '#src/utils/assert-that.js';
 
 import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
 
-import { ProvisionLibrary } from './provision-library.js';
 import {
   getNewUserProfileFromVerificationRecord,
   identifyUserByVerificationRecord,
-  toUserSocialIdentityData,
-} from './utils.js';
+} from './helpers.js';
+import { toUserSocialIdentityData } from './utils.js';
 import { MfaValidator } from './validators/mfa-validator.js';
 import { ProfileValidator } from './validators/profile-validator.js';
+import { ProvisionLibrary } from './validators/provision-library.js';
 import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
   buildVerificationRecord,
@@ -274,14 +273,7 @@ export default class ExperienceInteraction {
     // TODO: missing profile fields validation
 
     if (enterpriseSsoIdentity) {
-      await userSsoIdentitiesQueries.insert({
-        id: generateStandardId(),
-        userId: user.id,
-        ...enterpriseSsoIdentity,
-      });
-      await this.provisionLibrary.newUserJtiOrganizationProvision(user.id, {
-        enterpriseSsoIdentity,
-      });
+      await this.provisionLibrary.provisionNewSsoIdentity(user.id, enterpriseSsoIdentity);
     }
 
     const { provider } = this.tenant;
@@ -356,47 +348,10 @@ export default class ExperienceInteraction {
    * @throws {RequestError} with 400 if the verification record is invalid for creating a new user or not verified
    */
   private async createNewUser(verificationRecord: VerificationRecord) {
-    const {
-      libraries: {
-        users: { generateUserId, insertUser },
-      },
-      queries: { userSsoIdentities: userSsoIdentitiesQueries },
-    } = this.tenant;
-
     const newProfile = await getNewUserProfileFromVerificationRecord(verificationRecord);
-
     await this.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
 
-    const { socialIdentity, enterpriseSsoIdentity, ...rest } = newProfile;
-
-    const { isCreatingFirstAdminUser, initialUserRoles, customData } =
-      await this.provisionLibrary.getUserProvisionContext(newProfile);
-
-    const [user] = await insertUser(
-      {
-        id: await generateUserId(),
-        ...rest,
-        ...conditional(socialIdentity && { identities: toUserSocialIdentityData(socialIdentity) }),
-        ...conditional(customData && { customData }),
-      },
-      initialUserRoles
-    );
-
-    if (isCreatingFirstAdminUser) {
-      await this.provisionLibrary.adminUserProvision(user);
-    }
-
-    if (enterpriseSsoIdentity) {
-      await userSsoIdentitiesQueries.insert({
-        id: generateStandardId(),
-        userId: user.id,
-        ...enterpriseSsoIdentity,
-      });
-    }
-
-    await this.provisionLibrary.newUserJtiOrganizationProvision(user.id, newProfile);
-
-    // TODO: new user hooks
+    const user = await this.provisionLibrary.provisionNewUser(newProfile);
 
     this.userId = user.id;
   }
diff --git a/packages/core/src/routes/experience/classes/helpers.ts b/packages/core/src/routes/experience/classes/helpers.ts
new file mode 100644
index 000000000000..c208f2be26e0
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/helpers.ts
@@ -0,0 +1,108 @@
+/**
+ * @overview This file contains helper functions for the main interaction class.
+ *
+ * To help reduce the complexity and code amount of the main interaction class,
+ * we have moved some of the standalone functions into this file.
+ */
+
+import { VerificationType, type User } from '@logto/schemas';
+import { conditional } from '@silverhand/essentials';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import type { InteractionProfile } from '../types.js';
+
+import { type VerificationRecord } from './verifications/index.js';
+
+/**
+ * @throws {RequestError} -400 if the verification record type is not supported for user creation.
+ * @throws {RequestError} -400 if the verification record is not verified.
+ */
+export const getNewUserProfileFromVerificationRecord = async (
+  verificationRecord: VerificationRecord
+): Promise<InteractionProfile> => {
+  switch (verificationRecord.type) {
+    case VerificationType.NewPasswordIdentity:
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
+      return verificationRecord.toUserProfile();
+    }
+    case VerificationType.EnterpriseSso:
+    case VerificationType.Social: {
+      const identityProfile = await verificationRecord.toUserProfile();
+      const syncedProfile = await verificationRecord.toSyncedProfile(true);
+      return { ...identityProfile, ...syncedProfile };
+    }
+    default: {
+      // Unsupported verification type for user creation, such as MFA verification.
+      throw new RequestError({ code: 'session.verification_failed', status: 400 });
+    }
+  }
+};
+
+/**
+ * @throws {RequestError} -400 if the verification record type is not supported for user identification.
+ * @throws {RequestError} -400 if the verification record is not verified.
+ * @throws {RequestError} -404 if the user is not found.
+ */
+export const identifyUserByVerificationRecord = async (
+  verificationRecord: VerificationRecord,
+  linkSocialIdentity?: boolean
+): Promise<{
+  user: User;
+  /**
+   * Returns the social/enterprise SSO synced profiled if the verification record is a social/enterprise SSO verification.
+   * - For new linked identity, the synced profile will includes the new social or enterprise SSO identity.
+   * - For existing social or enterprise SSO identity, the synced profile will return the synced user profile based on connector settings.
+   */
+  syncedProfile?: Pick<
+    InteractionProfile,
+    'enterpriseSsoIdentity' | 'socialIdentity' | 'avatar' | 'name'
+  >;
+}> => {
+  // Check verification record can be used to identify a user using the `identifyUser` method.
+  // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
+  assertThat(
+    'identifyUser' in verificationRecord,
+    new RequestError({ code: 'session.verification_failed', status: 400 })
+  );
+
+  switch (verificationRecord.type) {
+    case VerificationType.Password:
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
+      return { user: await verificationRecord.identifyUser() };
+    }
+    case VerificationType.Social: {
+      const user = linkSocialIdentity
+        ? await verificationRecord.identifyRelatedUser()
+        : await verificationRecord.identifyUser();
+
+      const syncedProfile = {
+        ...(await verificationRecord.toSyncedProfile()),
+        ...conditional(linkSocialIdentity && (await verificationRecord.toUserProfile())),
+      };
+
+      return { user, syncedProfile };
+    }
+    case VerificationType.EnterpriseSso: {
+      try {
+        const user = await verificationRecord.identifyUser();
+        const syncedProfile = await verificationRecord.toSyncedProfile();
+        return { user, syncedProfile };
+      } catch (error: unknown) {
+        // Auto fallback to identify the related user if the user does not exist for enterprise SSO.
+        if (error instanceof RequestError && error.code === 'user.identity_not_exist') {
+          const user = await verificationRecord.identifyRelatedUser();
+          const syncedProfile = {
+            ...(await verificationRecord.toUserProfile()),
+            ...(await verificationRecord.toSyncedProfile()),
+          };
+          return { user, syncedProfile };
+        }
+        throw error;
+      }
+    }
+  }
+};
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
index e2949d8ec006..25f98bb2ba36 100644
--- a/packages/core/src/routes/experience/classes/utils.ts
+++ b/packages/core/src/routes/experience/classes/utils.ts
@@ -5,16 +5,11 @@ import {
   type User,
   type VerificationCodeSignInIdentifier,
 } from '@logto/schemas';
-import { conditional } from '@silverhand/essentials';
 
-import RequestError from '#src/errors/RequestError/index.js';
 import type Queries from '#src/tenants/Queries.js';
-import assertThat from '#src/utils/assert-that.js';
 
 import type { InteractionProfile } from '../types.js';
 
-import { type VerificationRecord } from './verifications/index.js';
-
 export const findUserByIdentifier = async (
   userQuery: Queries['users'],
   { type, value }: InteractionIdentifier
@@ -32,98 +27,6 @@ export const findUserByIdentifier = async (
   }
 };
 
-/**
- * @throws {RequestError} -400 if the verification record type is not supported for user creation.
- * @throws {RequestError} -400 if the verification record is not verified.
- */
-export const getNewUserProfileFromVerificationRecord = async (
-  verificationRecord: VerificationRecord
-): Promise<InteractionProfile> => {
-  switch (verificationRecord.type) {
-    case VerificationType.NewPasswordIdentity:
-    case VerificationType.EmailVerificationCode:
-    case VerificationType.PhoneVerificationCode: {
-      return verificationRecord.toUserProfile();
-    }
-    case VerificationType.EnterpriseSso:
-    case VerificationType.Social: {
-      const identityProfile = await verificationRecord.toUserProfile();
-      const syncedProfile = await verificationRecord.toSyncedProfile(true);
-      return { ...identityProfile, ...syncedProfile };
-    }
-    default: {
-      // Unsupported verification type for user creation, such as MFA verification.
-      throw new RequestError({ code: 'session.verification_failed', status: 400 });
-    }
-  }
-};
-
-/**
- * @throws {RequestError} -400 if the verification record type is not supported for user identification.
- * @throws {RequestError} -400 if the verification record is not verified.
- * @throws {RequestError} -404 if the user is not found.
- */
-export const identifyUserByVerificationRecord = async (
-  verificationRecord: VerificationRecord,
-  linkSocialIdentity?: boolean
-): Promise<{
-  user: User;
-  /**
-   * Returns the social/enterprise SSO synced profiled if the verification record is a social/enterprise SSO verification.
-   * - For new linked identity, the synced profile will includes the new social or enterprise SSO identity.
-   * - For existing social or enterprise SSO identity, the synced profile will return the synced user profile based on connector settings.
-   */
-  syncedProfile?: Pick<
-    InteractionProfile,
-    'enterpriseSsoIdentity' | 'socialIdentity' | 'avatar' | 'name'
-  >;
-}> => {
-  // Check verification record can be used to identify a user using the `identifyUser` method.
-  // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
-  assertThat(
-    'identifyUser' in verificationRecord,
-    new RequestError({ code: 'session.verification_failed', status: 400 })
-  );
-
-  switch (verificationRecord.type) {
-    case VerificationType.Password:
-    case VerificationType.EmailVerificationCode:
-    case VerificationType.PhoneVerificationCode: {
-      return { user: await verificationRecord.identifyUser() };
-    }
-    case VerificationType.Social: {
-      const user = linkSocialIdentity
-        ? await verificationRecord.identifyRelatedUser()
-        : await verificationRecord.identifyUser();
-
-      const syncedProfile = {
-        ...(await verificationRecord.toSyncedProfile()),
-        ...conditional(linkSocialIdentity && (await verificationRecord.toUserProfile())),
-      };
-
-      return { user, syncedProfile };
-    }
-    case VerificationType.EnterpriseSso: {
-      try {
-        const user = await verificationRecord.identifyUser();
-        const syncedProfile = await verificationRecord.toSyncedProfile();
-        return { user, syncedProfile };
-      } catch (error: unknown) {
-        // Auto fallback to identify the related user if the user does not exist for enterprise SSO.
-        if (error instanceof RequestError && error.code === 'user.identity_not_exist') {
-          const user = await verificationRecord.identifyRelatedUser();
-          const syncedProfile = {
-            ...(await verificationRecord.toUserProfile()),
-            ...(await verificationRecord.toSyncedProfile()),
-          };
-          return { user, syncedProfile };
-        }
-        throw error;
-      }
-    }
-  }
-};
-
 /**
  * Convert the interaction profile `socialIdentity` to `User['identities']` data format
  */
@@ -140,9 +43,9 @@ export const toUserSocialIdentityData = (
   };
 };
 
-export function interactionIdentifierToUserProfile(
+export const interactionIdentifierToUserProfile = (
   identifier: InteractionIdentifier
-): { username: string } | { primaryEmail: string } | { primaryPhone: string } {
+): { username: string } | { primaryEmail: string } | { primaryPhone: string } => {
   const { type, value } = identifier;
   switch (type) {
     case SignInIdentifier.Username: {
@@ -155,7 +58,7 @@ export function interactionIdentifierToUserProfile(
       return { primaryPhone: value };
     }
   }
-}
+};
 
 export const codeVerificationIdentifierRecordTypeMap = Object.freeze({
   [SignInIdentifier.Email]: VerificationType.EmailVerificationCode,
diff --git a/packages/core/src/routes/experience/classes/provision-library.ts b/packages/core/src/routes/experience/classes/validators/provision-library.ts
similarity index 69%
rename from packages/core/src/routes/experience/classes/provision-library.ts
rename to packages/core/src/routes/experience/classes/validators/provision-library.ts
index 3a978bc56089..8d9e502acf13 100644
--- a/packages/core/src/routes/experience/classes/provision-library.ts
+++ b/packages/core/src/routes/experience/classes/validators/provision-library.ts
@@ -13,14 +13,16 @@ import {
   type User,
   type UserOnboardingData,
 } from '@logto/schemas';
-import { conditionalArray } from '@silverhand/essentials';
+import { generateStandardId } from '@logto/shared';
+import { conditional, conditionalArray } from '@silverhand/essentials';
 
 import { EnvSet } from '#src/env-set/index.js';
 import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import { getTenantId } from '#src/utils/tenant.js';
 
-import { type InteractionProfile } from '../types.js';
+import { type InteractionProfile } from '../../types.js';
+import { toUserSocialIdentityData } from '../utils.js';
 
 type OrganizationProvisionPayload =
   | {
@@ -38,11 +40,77 @@ export class ProvisionLibrary {
     private readonly ctx: WithLogContext
   ) {}
 
+  /**
+   * Insert a new user into the Logto database using the provided profile.
+   *
+   * - provision the organization for the new user based on the profile
+   * - OSS only, new user provisioning
+   */
+  async provisionNewUser(profile: InteractionProfile) {
+    const {
+      libraries: {
+        users: { generateUserId, insertUser },
+      },
+      queries: { userSsoIdentities: userSsoIdentitiesQueries },
+    } = this.tenantContext;
+
+    const { socialIdentity, enterpriseSsoIdentity, ...rest } = profile;
+
+    const { isCreatingFirstAdminUser, initialUserRoles, customData } =
+      await this.getUserProvisionContext(profile);
+
+    const [user] = await insertUser(
+      {
+        id: await generateUserId(),
+        ...rest,
+        ...conditional(socialIdentity && { identities: toUserSocialIdentityData(socialIdentity) }),
+        ...conditional(customData && { customData }),
+      },
+      initialUserRoles
+    );
+
+    if (enterpriseSsoIdentity) {
+      await userSsoIdentitiesQueries.insert({
+        id: generateStandardId(),
+        userId: user.id,
+        ...enterpriseSsoIdentity,
+      });
+    }
+
+    if (isCreatingFirstAdminUser) {
+      await this.provisionForFirstAdminUser(user);
+    }
+
+    await this.provisionNewUserJitOrganizations(user.id, profile);
+
+    // TODO: New user created hooks
+    // TODO: log
+
+    return user;
+  }
+
+  async provisionNewSsoIdentity(
+    userId: string,
+    enterpriseSsoIdentity: Required<InteractionProfile>['enterpriseSsoIdentity']
+  ) {
+    const {
+      queries: { userSsoIdentities: userSsoIdentitiesQueries },
+    } = this.tenantContext;
+
+    await userSsoIdentitiesQueries.insert({
+      id: generateStandardId(),
+      userId,
+      ...enterpriseSsoIdentity,
+    });
+
+    await this.provisionNewUserJitOrganizations(userId, { enterpriseSsoIdentity });
+  }
+
   /**
    * This method is used to get the provision context for a new user registration.
    * It will return the provision context based on the current tenant and the request context.
    */
-  async getUserProvisionContext(profile: InteractionProfile): Promise<{
+  private async getUserProvisionContext(profile: InteractionProfile): Promise<{
     /** Admin user provisioning flag */
     isCreatingFirstAdminUser: boolean;
     /** Initial user roles for admin tenant users */
@@ -121,14 +189,39 @@ export class ProvisionLibrary {
     };
   }
 
+  /**
+   * Provision the organization for a new user
+   *
+   * - If the user has an enterprise SSO identity, provision the organization based on the SSO connector
+   * - Otherwise, provision the organization based on the primary email
+   */
+  private async provisionNewUserJitOrganizations(
+    userId: string,
+    { primaryEmail, enterpriseSsoIdentity }: InteractionProfile
+  ) {
+    if (enterpriseSsoIdentity) {
+      return this.provisionJitOrganization({
+        userId,
+        ssoConnectorId: enterpriseSsoIdentity.ssoConnectorId,
+      });
+    }
+    if (primaryEmail) {
+      return this.provisionJitOrganization({
+        userId,
+        email: primaryEmail,
+      });
+    }
+  }
+
   /**
    * First admin user provision
    *
    * - For OSS, update the default sign-in experience to "sign-in only" once the first admin has been created.
    * - Add the user to the default organization and assign the admin role.
    */
-  async adminUserProvision({ id }: User) {
+  private async provisionForFirstAdminUser({ id }: User) {
     const { isCloud } = EnvSet.values;
+
     const {
       queries: { signInExperiences, organizations },
     } = this.tenantContext;
@@ -148,31 +241,7 @@ export class ProvisionLibrary {
     });
   }
 
-  /**
-   * Provision the organization for a new user
-   *
-   * - If the user has an enterprise SSO identity, provision the organization based on the SSO connector
-   * - Otherwise, provision the organization based on the primary email
-   */
-  async newUserJtiOrganizationProvision(
-    userId: string,
-    { primaryEmail, enterpriseSsoIdentity }: InteractionProfile
-  ) {
-    if (enterpriseSsoIdentity) {
-      return this.jitOrganizationProvision({
-        userId,
-        ssoConnectorId: enterpriseSsoIdentity.ssoConnectorId,
-      });
-    }
-    if (primaryEmail) {
-      return this.jitOrganizationProvision({
-        userId,
-        email: primaryEmail,
-      });
-    }
-  }
-
-  private async jitOrganizationProvision(payload: OrganizationProvisionPayload) {
+  private async provisionJitOrganization(payload: OrganizationProvisionPayload) {
     const {
       libraries: { users: usersLibraries },
     } = this.tenantContext;

From e8a55b38d0027ebbb59ab991ffab704ec2a446eb Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 22 Jul 2024 16:26:19 +0800
Subject: [PATCH 076/135] feat(console): support multiple app secrets

---
 .../CreateSecretModal.tsx                     | 148 ++++++++++++++++
 .../EndpointsAndCredentials.tsx               | 160 +++++++++++++++++-
 .../ProtectedAppSettings/index.tsx            |   2 +-
 .../index.module.scss                         |  14 ++
 .../ApplicationDetailsContent/index.tsx       |   6 +-
 .../admin-console/application-details.ts      |  22 ++-
 6 files changed, 340 insertions(+), 12 deletions(-)
 create mode 100644 packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx

diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
new file mode 100644
index 000000000000..4d3129096be5
--- /dev/null
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
@@ -0,0 +1,148 @@
+import { type ApplicationSecret } from '@logto/schemas';
+import { addDays, format } from 'date-fns';
+import { useCallback, useEffect, useState } from 'react';
+import { Controller, useForm } from 'react-hook-form';
+import { toast } from 'react-hot-toast';
+import { useTranslation } from 'react-i18next';
+import ReactModal from 'react-modal';
+
+import Button from '@/ds-components/Button';
+import DangerousRaw from '@/ds-components/DangerousRaw';
+import FormField from '@/ds-components/FormField';
+import ModalLayout from '@/ds-components/ModalLayout';
+import Select from '@/ds-components/Select';
+import TextInput from '@/ds-components/TextInput';
+import useApi from '@/hooks/use-api';
+import * as modalStyles from '@/scss/modal.module.scss';
+import { trySubmitSafe } from '@/utils/form';
+
+type FormData = { name: string; expiration: string };
+
+type Props = {
+  readonly appId: string;
+  readonly isOpen: boolean;
+  readonly onClose: (createdAppSecret?: ApplicationSecret) => void;
+};
+
+const days = Object.freeze([7, 30, 180, 365]);
+const neverExpires = '-1';
+
+function CreateSecretModal({ appId, isOpen, onClose }: Props) {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+  const {
+    register,
+    control,
+    watch,
+    formState: { errors, isSubmitting },
+    handleSubmit,
+    reset,
+  } = useForm<FormData>({ defaultValues: { name: '', expiration: String(days[0]) } });
+  const onCloseHandler = useCallback(
+    (created?: ApplicationSecret) => {
+      reset();
+      onClose(created);
+    },
+    [onClose, reset]
+  );
+  const api = useApi();
+  const expirationDays = watch('expiration');
+  const [expirationDate, setExpirationDate] = useState<Date>();
+
+  useEffect(() => {
+    const setDate = () => {
+      if (expirationDays === neverExpires) {
+        setExpirationDate(undefined);
+      } else {
+        setExpirationDate(addDays(new Date(), Number(expirationDays)));
+      }
+    };
+    const interval = setInterval(setDate, 1000);
+    setDate();
+
+    return () => {
+      clearInterval(interval);
+    };
+  }, [expirationDays]);
+
+  const submit = handleSubmit(
+    trySubmitSafe(async ({ expiration, ...rest }) => {
+      const createdData = await api
+        .post(`api/applications/${appId}/secrets`, {
+          json: { ...rest, expiresAt: expirationDate?.valueOf() },
+        })
+        .json<ApplicationSecret>();
+      toast.success(
+        t('organization_template.roles.create_modal.created', { name: createdData.name })
+      );
+      onCloseHandler(createdData);
+    })
+  );
+
+  return (
+    <ReactModal
+      isOpen={isOpen}
+      className={modalStyles.content}
+      overlayClassName={modalStyles.overlay}
+      onRequestClose={() => {
+        onCloseHandler();
+      }}
+    >
+      <ModalLayout
+        title="application_details.secrets.create_modal.title"
+        footer={
+          <Button type="primary" title="general.create" isLoading={isSubmitting} onClick={submit} />
+        }
+        onClose={onCloseHandler}
+      >
+        <FormField isRequired title="general.name">
+          <TextInput
+            // eslint-disable-next-line jsx-a11y/no-autofocus
+            autoFocus
+            placeholder="My secret"
+            error={Boolean(errors.name)}
+            {...register('name', { required: true })}
+          />
+        </FormField>
+        <Controller
+          control={control}
+          name="expiration"
+          render={({ field }) => (
+            <FormField
+              title="application_details.secrets.create_modal.expiration"
+              description={
+                expirationDate ? (
+                  <DangerousRaw>
+                    {t('application_details.secrets.create_modal.expiration_description', {
+                      date: format(expirationDate, 'Pp'),
+                    })}
+                  </DangerousRaw>
+                ) : (
+                  'application_details.secrets.create_modal.expiration_description_never'
+                )
+              }
+            >
+              <Select
+                options={[
+                  ...days.map((count) => ({
+                    title: t('application_details.secrets.create_modal.days', { count }),
+                    value: String(count),
+                  })),
+                  {
+                    title: t('application_details.secrets.never'),
+                    value: neverExpires,
+                  },
+                ]}
+                value={field.value}
+                onChange={(value) => {
+                  field.onChange(value);
+                }}
+              />
+            </FormField>
+          )}
+        />
+      </ModalLayout>
+    </ReactModal>
+  );
+}
+
+export default CreateSecretModal;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
index 32d09b097a2d..5f95080f5c01 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
@@ -1,39 +1,67 @@
 import {
+  type ApplicationSecret,
   ApplicationType,
   DomainStatus,
   type Application,
   type SnakeCaseOidcConfig,
+  internalPrefix,
 } from '@logto/schemas';
 import { appendPath } from '@silverhand/essentials';
-import { useCallback, useContext, useState } from 'react';
+import { useCallback, useContext, useMemo, useState } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
+import useSWR from 'swr';
 
 import CaretDown from '@/assets/icons/caret-down.svg';
 import CaretUp from '@/assets/icons/caret-up.svg';
+import CirclePlus from '@/assets/icons/circle-plus.svg';
+import Plus from '@/assets/icons/plus.svg';
+import ActionsButton from '@/components/ActionsButton';
 import FormCard from '@/components/FormCard';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { openIdProviderConfigPath, openIdProviderPath } from '@/consts/oidc';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import Button from '@/ds-components/Button';
 import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import DynamicT from '@/ds-components/DynamicT';
 import FormField from '@/ds-components/FormField';
+import Table from '@/ds-components/Table';
+import { type Column } from '@/ds-components/Table/types';
 import TextLink from '@/ds-components/TextLink';
+import useApi, { type RequestError } from '@/hooks/use-api';
 import useCustomDomain from '@/hooks/use-custom-domain';
 
+import CreateSecretModal from './CreateSecretModal';
 import * as styles from './index.module.scss';
 
+const isLegacySecret = (secret: string) => !secret.startsWith(internalPrefix);
+
+type ApplicationSecretRow = Pick<ApplicationSecret, 'name' | 'value' | 'expiresAt'> & {
+  isLegacy?: boolean;
+};
+
 type Props = {
   readonly app: Application;
   readonly oidcConfig: SnakeCaseOidcConfig;
+  readonly onApplicationUpdated: () => void;
 };
 
-function EndpointsAndCredentials({ app: { type, secret, id, isThirdParty }, oidcConfig }: Props) {
+function EndpointsAndCredentials({
+  app: { type, secret, id, isThirdParty },
+  oidcConfig,
+  onApplicationUpdated,
+}: Props) {
   const { tenantEndpoint } = useContext(AppDataContext);
   const [showMoreEndpoints, setShowMoreEndpoints] = useState(false);
-
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
-
   const { data: customDomain, applyDomain: applyCustomDomain } = useCustomDomain();
+  const [showCreateSecretModal, setShowCreateSecretModal] = useState(false);
+  const secrets = useSWR<ApplicationSecretRow[], RequestError>(`api/applications/${id}/secrets`);
+  const api = useApi();
+  const shouldShowAppSecrets = [
+    ApplicationType.Traditional,
+    ApplicationType.MachineToMachine,
+    ApplicationType.Protected,
+  ].includes(type);
 
   const toggleShowMoreEndpoints = useCallback(() => {
     setShowMoreEndpoints((previous) => !previous);
@@ -41,6 +69,73 @@ function EndpointsAndCredentials({ app: { type, secret, id, isThirdParty }, oidc
 
   const ToggleVisibleCaretIcon = showMoreEndpoints ? CaretUp : CaretDown;
 
+  const secretsData = useMemo(
+    () => [
+      ...(isLegacySecret(secret)
+        ? [
+            {
+              name: t('application_details.secrets.legacy_secret'),
+              value: secret,
+              expiresAt: null,
+              isLegacy: true,
+            },
+          ]
+        : []),
+      ...(secrets.data ?? []),
+    ],
+    [secret, secrets.data, t]
+  );
+  const tableColumns: Array<Column<ApplicationSecretRow>> = useMemo(
+    () => [
+      {
+        title: t('general.name'),
+        dataIndex: 'name',
+        colSpan: 3,
+        render: ({ name }) => <span>{name}</span>,
+      },
+      {
+        title: t('application_details.secrets.value'),
+        dataIndex: 'value',
+        colSpan: 6,
+        render: ({ value }) => (
+          <CopyToClipboard hasVisibilityToggle displayType="block" value={value} variant="text" />
+        ),
+      },
+      {
+        title: t('application_details.secrets.expires_at'),
+        dataIndex: 'expiresAt',
+        colSpan: 3,
+        render: ({ expiresAt }) => (
+          <span>
+            {expiresAt
+              ? new Date(expiresAt).toLocaleString()
+              : t('application_details.secrets.never')}
+          </span>
+        ),
+      },
+      {
+        title: '',
+        dataIndex: 'actions',
+        render: ({ name, isLegacy }) => (
+          <ActionsButton
+            fieldName="application_details.application_secret"
+            deleteConfirmation="application_details.secrets.delete_confirmation"
+            onDelete={async () => {
+              if (isLegacy) {
+                await api.delete(`api/applications/${id}/legacy-secret`);
+                onApplicationUpdated();
+              } else {
+                await api.delete(`api/applications/${id}/secrets/${encodeURIComponent(name)}`);
+                void secrets.mutate();
+              }
+            }}
+          />
+        ),
+      },
+    ],
+    [api, id, onApplicationUpdated, secrets, t]
+  );
+
   return (
     <FormCard
       title="application_details.endpoints_and_credentials"
@@ -148,11 +243,7 @@ function EndpointsAndCredentials({ app: { type, secret, id, isThirdParty }, oidc
       <FormField title="application_details.application_id">
         <CopyToClipboard displayType="block" value={id} variant="border" />
       </FormField>
-      {[
-        ApplicationType.Traditional,
-        ApplicationType.MachineToMachine,
-        ApplicationType.Protected,
-      ].includes(type) && (
+      {!isDevFeaturesEnabled && shouldShowAppSecrets && (
         <FormField title="application_details.application_secret">
           <CopyToClipboard
             hasVisibilityToggle
@@ -162,6 +253,57 @@ function EndpointsAndCredentials({ app: { type, secret, id, isThirdParty }, oidc
           />
         </FormField>
       )}
+      {isDevFeaturesEnabled && shouldShowAppSecrets && (
+        <FormField title="application_details.application_secret_other">
+          {secretsData.length === 0 && !secrets.error ? (
+            <>
+              <div className={styles.empty}>
+                {t('organizations.empty_placeholder', {
+                  entity: t('application_details.application_secret').toLowerCase(),
+                })}
+              </div>
+              <Button
+                icon={<Plus />}
+                title="general.add"
+                onClick={() => {
+                  setShowCreateSecretModal(true);
+                }}
+              />
+            </>
+          ) : (
+            <>
+              <Table
+                hasBorder
+                isRowHoverEffectDisabled
+                rowIndexKey="name"
+                isLoading={!secrets.data && !secrets.error}
+                errorMessage={secrets.error?.body?.message ?? secrets.error?.message}
+                rowGroups={[{ key: 'application_secrets', data: secretsData }]}
+                columns={tableColumns}
+                className={styles.table}
+              />
+              <Button
+                size="small"
+                type="text"
+                className={styles.add}
+                title="application_details.secrets.create_new_secret"
+                icon={<CirclePlus />}
+                onClick={() => {
+                  setShowCreateSecretModal(true);
+                }}
+              />
+            </>
+          )}
+          <CreateSecretModal
+            appId={id}
+            isOpen={showCreateSecretModal}
+            onClose={() => {
+              setShowCreateSecretModal(false);
+              void secrets.mutate();
+            }}
+          />
+        </FormField>
+      )}
     </FormCard>
   );
 }
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx
index f079e4c81e23..6fe5215b12d9 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx
@@ -287,7 +287,7 @@ function ProtectedAppSettings({ data }: Props) {
           </InlineNotification>
         </FormField>
       </FormCard>
-      <EndpointsAndCredentials app={data} oidcConfig={oidcConfig} />
+      <EndpointsAndCredentials app={data} oidcConfig={oidcConfig} onApplicationUpdated={mutate} />
       <SessionForm data={data} />
     </>
   );
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss
index 0b42009c7110..8d15c85ceedb 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss
@@ -37,3 +37,17 @@
     display: flex;
   }
 }
+
+button.add {
+  margin-top: _.unit(2);
+}
+
+.table {
+  margin-top: _.unit(2);
+}
+
+.empty {
+  font: var(--font-body-2);
+  color: var(--color-text-secondary);
+  margin: _.unit(3) 0;
+}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
index 45a8ef8eb343..f8186e9ad678 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
@@ -215,7 +215,11 @@ function ApplicationDetailsContent({ data, oidcConfig, onApplicationUpdated }: P
             <Settings data={data} />
             {/* Protected apps will reference this section in <ProtectedAppSettings /> component */}
             {data.type !== ApplicationType.Protected && (
-              <EndpointsAndCredentials app={data} oidcConfig={oidcConfig} />
+              <EndpointsAndCredentials
+                app={data}
+                oidcConfig={oidcConfig}
+                onApplicationUpdated={onApplicationUpdated}
+              />
             )}
             {![ApplicationType.MachineToMachine, ApplicationType.Protected].includes(data.type) && (
               <RefreshTokenSettings data={data} />
diff --git a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
index 9d651c3675fe..f47cd9687e01 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
@@ -32,7 +32,8 @@ const application_details = {
   application_id: 'App ID',
   application_id_tip:
     'The unique application identifier normally generated by Logto. It also stands for “<a>client_id</a>” in OpenID Connect.',
-  application_secret: 'App Secret',
+  application_secret: 'App secret',
+  application_secret_other: 'App secrets',
   redirect_uri: 'Redirect URI',
   redirect_uris: 'Redirect URIs',
   redirect_uri_placeholder: 'https://your.website.com/app',
@@ -162,6 +163,25 @@ const application_details = {
     search: 'Search by role name, description or ID',
     empty: 'No role available',
   },
+  secrets: {
+    value: 'Value',
+    created_at: 'Created at',
+    expires_at: 'Expires at',
+    never: 'Never',
+    create_new_secret: 'Create new secret',
+    delete_confirmation:
+      'This action cannot be undone. Are you sure you want to delete this secret?',
+    legacy_secret: 'Legacy secret',
+    create_modal: {
+      title: 'Create application secret',
+      expiration: 'Expiration',
+      expiration_description: 'The secret will expire at {{date}}.',
+      expiration_description_never:
+        'The secret will never expire. We strongly recommend setting an expiration date.',
+      days: '{{count}} day',
+      days_other: '{{count}} days',
+    },
+  },
 };
 
 export default Object.freeze(application_details);

From b8e1cb3a8f28071d348819dfb5e76480b2cc426c Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 14:07:45 +0800
Subject: [PATCH 077/135] refactor(phrases): improve bring your ui field
 description

---
 .../src/ds-components/Uploader/FileUploader/index.module.scss  | 3 +--
 .../locales/en/translation/admin-console/sign-in-exp/index.ts  | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
index 2169a078fe72..3ee0ada09589 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.module.scss
@@ -6,8 +6,7 @@
   justify-content: center;
   border: 1px dashed var(--color-border);
   border-radius: 8px;
-  padding: _.unit(2);
-  height: 80px;
+  padding: _.unit(5);
 
   > input {
     display: none;
diff --git a/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
index 26c3925a16c5..21c615ae159c 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/sign-in-exp/index.ts
@@ -80,7 +80,7 @@ const sign_in_exp = {
       'Enter your custom CSS to tailor the styles of anything to your exact specifications. Express your creativity and make your UI stand out.',
     bring_your_ui_title: 'Bring your UI',
     bring_your_ui_description:
-      'Upload a compressed package (.zip) and replace the Logto prebuilt UI with your own code. <a>Learn more</a>',
+      'Upload a compressed package (.zip) to replace the Logto prebuilt UI with your own code. <a>Learn more</a>',
     preview_with_bring_your_ui_description:
       'Your custom UI assets have been successfully uploaded and are now being served. Consequently, the built-in preview window has been disabled.\nTo test your personalized sign-in UI, click the "Live Preview" button to open it in a new browser tab.',
   },

From 708397361cf4864abd248a668ab10f9080a923df Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 17:53:56 +0800
Subject: [PATCH 078/135] fix(console): add cloud guard to bring your ui form
 field

---
 .../PageContent/Branding/CustomUiForm/index.tsx               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
index 68185ef5e7e0..961c40bbf817 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
@@ -5,7 +5,7 @@ import { Trans, useTranslation } from 'react-i18next';
 
 import CustomUiAssetsUploader from '@/components/CustomUiAssetsUploader';
 import InlineUpsell from '@/components/InlineUpsell';
-import { isDevFeaturesEnabled } from '@/consts/env';
+import { isDevFeaturesEnabled, isCloud } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Card from '@/ds-components/Card';
 import CodeEditor from '@/ds-components/CodeEditor';
@@ -67,7 +67,7 @@ function CustomUiForm() {
           )}
         />
       </FormField>
-      {isDevFeaturesEnabled && (
+      {isDevFeaturesEnabled && isCloud && (
         <FormField
           title="sign_in_exp.custom_ui.bring_your_ui_title"
           description={

From 05e31feecb7df60171249f1a0419d02d90d4acfa Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 22 Jul 2024 17:54:39 +0800
Subject: [PATCH 079/135] refactor(schemas): increase max upload file size
 limit to 20MB

---
 packages/schemas/src/types/user-assets.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/schemas/src/types/user-assets.ts b/packages/schemas/src/types/user-assets.ts
index 95aa2d530f4b..dbd83849eccd 100644
--- a/packages/schemas/src/types/user-assets.ts
+++ b/packages/schemas/src/types/user-assets.ts
@@ -1,6 +1,6 @@
 import { z } from 'zod';
 
-export const maxUploadFileSize = 10 * 1024 * 1024; // 10 MB
+export const maxUploadFileSize = 20 * 1024 * 1024; // 20 MB
 
 // Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
 export const allowUploadMimeTypes = [

From 27e0d36e64d80a958d5f3c6f0a8756374fbd72bc Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Tue, 23 Jul 2024 10:57:12 +0800
Subject: [PATCH 080/135] fix(core): disable bring your ui feature for admin
 tenant (#6300)

---
 .../routes/sign-in-experience/custom-ui-assets/index.ts  | 9 +++++----
 packages/phrases/src/locales/en/errors/guard.ts          | 1 +
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
index e8b685463b01..f11b48054979 100644
--- a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
+++ b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
@@ -1,6 +1,6 @@
 import { readFile } from 'node:fs/promises';
 
-import { uploadFileGuard, maxUploadFileSize } from '@logto/schemas';
+import { uploadFileGuard, maxUploadFileSize, adminTenantId } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import pRetry, { AbortError } from 'p-retry';
 import { object, z } from 'zod';
@@ -53,6 +53,10 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
       assertThat(file.size <= maxUploadFileSize, 'guard.file_size_exceeded');
       assertThat(file.mimetype === 'application/zip', 'guard.mime_type_not_allowed');
 
+      const [tenantId] = await getTenantId(ctx.URL);
+      assertThat(tenantId, 'guard.can_not_get_tenant_id');
+      assertThat(tenantId !== adminTenantId, 'guard.not_allowed_for_admin_tenant');
+
       const { experienceZipsProviderConfig } = SystemContext.shared;
       assertThat(
         experienceZipsProviderConfig?.provider === 'AzureStorage',
@@ -65,9 +69,6 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
         container
       );
 
-      const [tenantId] = await getTenantId(ctx.URL);
-      assertThat(tenantId, 'guard.can_not_get_tenant_id');
-
       const customUiAssetId = generateStandardId(8);
       const objectKey = `${tenantId}/${customUiAssetId}/assets.zip`;
       const errorLogObjectKey = `${tenantId}/${customUiAssetId}/error.log`;
diff --git a/packages/phrases/src/locales/en/errors/guard.ts b/packages/phrases/src/locales/en/errors/guard.ts
index 3461b4e0a6f7..6abfeb4aa73d 100644
--- a/packages/phrases/src/locales/en/errors/guard.ts
+++ b/packages/phrases/src/locales/en/errors/guard.ts
@@ -4,6 +4,7 @@ const guard = {
   can_not_get_tenant_id: 'Unable to get tenant id from request.',
   file_size_exceeded: 'File size exceeded.',
   mime_type_not_allowed: 'MIME type is not allowed.',
+  not_allowed_for_admin_tenant: 'Not allowed for admin tenant.',
 };
 
 export default Object.freeze(guard);

From 32e33487bdf3f7ade959bf4293957c1796517550 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Tue, 23 Jul 2024 10:57:29 +0800
Subject: [PATCH 081/135] fix(console): should be able to remove the zip on
 upload error (#6306)

---
 .../src/components/CustomUiAssetsUploader/index.tsx    |  9 +++++----
 .../pages/SignInExperience/PageContent/utils/parser.ts |  4 +---
 packages/console/src/pages/SignInExperience/types.ts   | 10 ++--------
 3 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.tsx b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
index 4a1e290b8c9a..a985b0a062bc 100644
--- a/packages/console/src/components/CustomUiAssetsUploader/index.tsx
+++ b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
@@ -1,4 +1,5 @@
 import { type CustomUiAssets, maxUploadFileSize, type AllowedUploadMimeType } from '@logto/schemas';
+import { type Nullable } from '@silverhand/essentials';
 import { format } from 'date-fns/fp';
 import { useCallback, useState } from 'react';
 import { useTranslation } from 'react-i18next';
@@ -13,15 +14,15 @@ import FileIcon from '../FileIcon';
 import * as styles from './index.module.scss';
 
 type Props = {
-  readonly value?: CustomUiAssets;
-  readonly onChange: (value: CustomUiAssets) => void;
   // eslint-disable-next-line react/boolean-prop-naming
   readonly disabled?: boolean;
+  readonly value: Nullable<CustomUiAssets>;
+  readonly onChange: (value: Nullable<CustomUiAssets>) => void;
 };
 
 const allowedMimeTypes: AllowedUploadMimeType[] = ['application/zip'];
 
-function CustomUiAssetsUploader({ value, onChange, disabled }: Props) {
+function CustomUiAssetsUploader({ disabled, value, onChange }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const [file, setFile] = useState<File>();
   const [error, setError] = useState<string>();
@@ -79,7 +80,7 @@ function CustomUiAssetsUploader({ value, onChange, disabled }: Props) {
         onClick={() => {
           setFile(undefined);
           setError(undefined);
-          onChange({ id: '', createdAt: 0 });
+          onChange(null);
         }}
       >
         <DeleteIcon />
diff --git a/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts b/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts
index 7ccdca808fd7..03c2119614d9 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts
+++ b/packages/console/src/pages/SignInExperience/PageContent/utils/parser.ts
@@ -49,14 +49,13 @@ export const signUpFormDataParser = {
 
 export const sieFormDataParser = {
   fromSignInExperience: (data: SignInExperience): SignInExperienceForm => {
-    const { signUp, signInMode, customCss, customUiAssets, branding, passwordPolicy } = data;
+    const { signUp, signInMode, customCss, branding, passwordPolicy } = data;
 
     return {
       ...data,
       signUp: signUpFormDataParser.fromSignUp(signUp),
       createAccountEnabled: signInMode !== SignInMode.SignIn,
       customCss: customCss ?? undefined,
-      customUiAssets: customUiAssets ?? undefined,
       branding: {
         ...emptyBranding,
         ...branding,
@@ -86,7 +85,6 @@ export const sieFormDataParser = {
       signUp: signUpFormDataParser.toSignUp(signUp),
       signInMode: createAccountEnabled ? SignInMode.SignInAndRegister : SignInMode.SignIn,
       customCss: customCss?.length ? customCss : null,
-      customUiAssets: customUiAssets?.id ? customUiAssets : null,
       passwordPolicy: {
         ...passwordPolicy,
         rejects: {
diff --git a/packages/console/src/pages/SignInExperience/types.ts b/packages/console/src/pages/SignInExperience/types.ts
index 65d4bf000110..0a3a1a943fb1 100644
--- a/packages/console/src/pages/SignInExperience/types.ts
+++ b/packages/console/src/pages/SignInExperience/types.ts
@@ -1,10 +1,5 @@
 import { type PasswordPolicy } from '@logto/core-kit';
-import {
-  type SignUp,
-  type SignInExperience,
-  type SignInIdentifier,
-  type CustomUiAssets,
-} from '@logto/schemas';
+import { type SignUp, type SignInExperience, type SignInIdentifier } from '@logto/schemas';
 
 export enum SignInExperienceTab {
   Branding = 'branding',
@@ -27,10 +22,9 @@ export type SignUpForm = Omit<SignUp, 'identifiers'> & {
 
 export type SignInExperienceForm = Omit<
   SignInExperience,
-  'signUp' | 'customCss' | 'customUiAssets' | 'passwordPolicy'
+  'signUp' | 'customCss' | 'passwordPolicy'
 > & {
   customCss?: string; // Code editor components can not properly handle null value, manually transform null to undefined instead.
-  customUiAssets?: CustomUiAssets;
   signUp: SignUpForm;
   /** The parsed password policy object. All properties are required. */
   passwordPolicy: PasswordPolicy & {

From ef325b25e405605dc38299ce3f1ad4f6f2c1b125 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Tue, 23 Jul 2024 11:40:54 +0800
Subject: [PATCH 082/135] refactor: generate application secret on creation

---
 .../EndpointsAndCredentials.tsx               |  8 +-
 packages/core/src/__mocks__/index.ts          |  3 +-
 .../routes/applications/application.test.ts   |  1 +
 .../src/routes/applications/application.ts    | 90 ++++++++-----------
 .../application/application.secrets.test.ts   | 36 +++++---
 packages/schemas/src/utils/application.ts     |  9 ++
 packages/schemas/src/utils/index.ts           |  1 +
 7 files changed, 79 insertions(+), 69 deletions(-)
 create mode 100644 packages/schemas/src/utils/application.ts

diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
index 5f95080f5c01..8fde0ff66789 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
@@ -1,10 +1,10 @@
 import {
   type ApplicationSecret,
-  ApplicationType,
   DomainStatus,
   type Application,
   type SnakeCaseOidcConfig,
   internalPrefix,
+  hasSecrets,
 } from '@logto/schemas';
 import { appendPath } from '@silverhand/essentials';
 import { useCallback, useContext, useMemo, useState } from 'react';
@@ -57,11 +57,7 @@ function EndpointsAndCredentials({
   const [showCreateSecretModal, setShowCreateSecretModal] = useState(false);
   const secrets = useSWR<ApplicationSecretRow[], RequestError>(`api/applications/${id}/secrets`);
   const api = useApi();
-  const shouldShowAppSecrets = [
-    ApplicationType.Traditional,
-    ApplicationType.MachineToMachine,
-    ApplicationType.Protected,
-  ].includes(type);
+  const shouldShowAppSecrets = hasSecrets(type);
 
   const toggleShowMoreEndpoints = useCallback(() => {
     setShowMoreEndpoints((previous) => !previous);
diff --git a/packages/core/src/__mocks__/index.ts b/packages/core/src/__mocks__/index.ts
index 603483c97852..bd093c9ebd05 100644
--- a/packages/core/src/__mocks__/index.ts
+++ b/packages/core/src/__mocks__/index.ts
@@ -17,6 +17,7 @@ import {
   LogtoOidcConfigKey,
   DomainStatus,
   LogtoJwtTokenKey,
+  internalPrefix,
 } from '@logto/schemas';
 
 import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
@@ -33,7 +34,7 @@ export * from './protected-app.js';
 export const mockApplication: Application = {
   tenantId: 'fake_tenant',
   id: 'foo',
-  secret: mockId,
+  secret: internalPrefix + mockId,
   name: 'foo',
   type: ApplicationType.SPA,
   description: null,
diff --git a/packages/core/src/routes/applications/application.test.ts b/packages/core/src/routes/applications/application.test.ts
index a6c65d40b2eb..e688d16356f2 100644
--- a/packages/core/src/routes/applications/application.test.ts
+++ b/packages/core/src/routes/applications/application.test.ts
@@ -53,6 +53,7 @@ const tenantContext = new MockTenant(
       ),
       updateApplicationById,
     },
+    applicationSecrets: { insert: jest.fn() },
   },
   undefined,
   {
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 1b9ff571fe2c..05d92c84c0e5 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -5,6 +5,7 @@ import {
   InternalRole,
   ApplicationType,
   Applications,
+  hasSecrets,
 } from '@logto/schemas';
 import { generateStandardId, generateStandardSecret } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
@@ -40,28 +41,12 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
   ...[
     router,
     {
-      queries: { applications, applicationsRoles, roles },
+      queries,
       id: tenantId,
       libraries: { quota, protectedApps },
     },
   ]: RouterInitArgs<T>
 ) {
-  const {
-    deleteApplicationById,
-    findApplicationById,
-    insertApplication,
-    updateApplicationById,
-    countApplications,
-    findApplications,
-  } = applications;
-
-  const {
-    findApplicationsRolesByApplicationId,
-    insertApplicationsRoles,
-    deleteApplicationRole,
-    findApplicationsRolesByRoleId,
-  } = applicationsRoles;
-
   router.get(
     '/applications',
     koaPagination({ isOptional: true }),
@@ -107,7 +92,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       const search = parseSearchParamsForSearch(searchParams);
 
       const excludeApplicationsRoles = excludeRoleId
-        ? await findApplicationsRolesByRoleId(excludeRoleId)
+        ? await queries.applicationsRoles.findApplicationsRolesByRoleId(excludeRoleId)
         : [];
 
       const excludeApplicationIds = excludeApplicationsRoles.map(
@@ -115,7 +100,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       );
 
       if (paginationDisabled) {
-        ctx.body = await findApplications({
+        ctx.body = await queries.applications.findApplications({
           search,
           excludeApplicationIds,
           excludeOrganizationId,
@@ -127,14 +112,14 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       }
 
       const [{ count }, applications] = await Promise.all([
-        countApplications({
+        queries.applications.countApplications({
           search,
           excludeApplicationIds,
           excludeOrganizationId,
           isThirdParty,
           types,
         }),
-        findApplications(
+        queries.applications.findApplications(
           {
             search,
             excludeApplicationIds,
@@ -164,24 +149,17 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
     async (ctx, next) => {
       const { oidcClientMetadata, protectedAppMetadata, ...rest } = ctx.guard.body;
 
-      // When creating a m2m app, should check both m2m limit and application limit.
-      if (rest.type === ApplicationType.MachineToMachine) {
-        await quota.guardKey('machineToMachineLimit');
-      }
-
-      // Guard third party application limit
-      if (rest.isThirdParty) {
-        await quota.guardKey('thirdPartyApplicationsLimit');
-      }
-
-      await quota.guardKey('applicationsLimit');
+      await Promise.all([
+        rest.type === ApplicationType.MachineToMachine && quota.guardKey('machineToMachineLimit'),
+        rest.isThirdParty && quota.guardKey('thirdPartyApplicationsLimit'),
+        quota.guardKey('applicationsLimit'),
+      ]);
 
       assertThat(
         rest.type !== ApplicationType.Protected || protectedAppMetadata,
         'application.protected_app_metadata_is_required'
       );
 
-      // Third party applications must be traditional type
       if (rest.isThirdParty) {
         assertThat(
           rest.type === ApplicationType.Traditional,
@@ -189,11 +167,11 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         );
       }
 
-      const application = await insertApplication({
+      const getSecret = () =>
+        EnvSet.values.isDevFeaturesEnabled ? generateInternalSecret() : generateStandardSecret();
+      const application = await queries.applications.insertApplication({
         id: generateStandardId(),
-        secret: EnvSet.values.isDevFeaturesEnabled
-          ? generateStandardSecret()
-          : generateInternalSecret(),
+        secret: getSecret(),
         oidcClientMetadata: buildOidcClientMetadata(oidcClientMetadata),
         ...conditional(
           rest.type === ApplicationType.Protected &&
@@ -203,18 +181,25 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         ...rest,
       });
 
+      if (EnvSet.values.isDevFeaturesEnabled && hasSecrets(application.type)) {
+        await queries.applicationSecrets.insert({
+          name: 'Default secret',
+          applicationId: application.id,
+          value: generateStandardSecret(),
+        });
+      }
+
       if (application.type === ApplicationType.Protected) {
         try {
           await protectedApps.syncAppConfigsToRemote(application.id);
         } catch (error: unknown) {
           // Delete the application if failed to sync to remote
-          await deleteApplicationById(application.id);
+          await queries.applications.deleteApplicationById(application.id);
           throw error;
         }
       }
 
       ctx.body = application;
-
       return next();
     }
   );
@@ -238,8 +223,9 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         return next();
       }
 
-      const application = await findApplicationById(id);
-      const applicationsRoles = await findApplicationsRolesByApplicationId(id);
+      const application = await queries.applications.findApplicationById(id);
+      const applicationsRoles =
+        await queries.applicationsRoles.findApplicationsRolesByApplicationId(id);
 
       ctx.body = {
         ...application,
@@ -276,8 +262,8 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       // This role is NOT intended for user assignment.
       if (isAdmin !== undefined) {
         const [applicationsRoles, internalAdminRole] = await Promise.all([
-          findApplicationsRolesByApplicationId(id),
-          roles.findRoleByRoleName(InternalRole.Admin),
+          queries.applicationsRoles.findApplicationsRolesByApplicationId(id),
+          queries.roles.findRoleByRoleName(InternalRole.Admin),
         ]);
         const usedToBeAdmin = includesInternalAdminRole(applicationsRoles);
 
@@ -291,17 +277,17 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         );
 
         if (isAdmin && !usedToBeAdmin) {
-          await insertApplicationsRoles([
+          await queries.applicationsRoles.insertApplicationsRoles([
             { id: generateStandardId(), applicationId: id, roleId: internalAdminRole.id },
           ]);
         } else if (!isAdmin && usedToBeAdmin) {
-          await deleteApplicationRole(id, internalAdminRole.id);
+          await queries.applicationsRoles.deleteApplicationRole(id, internalAdminRole.id);
         }
       }
 
       if (protectedAppMetadata) {
         const { type, protectedAppMetadata: originProtectedAppMetadata } =
-          await findApplicationById(id);
+          await queries.applications.findApplicationById(id);
         assertThat(type === ApplicationType.Protected, 'application.protected_application_only');
         assertThat(
           originProtectedAppMetadata,
@@ -310,7 +296,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
             status: 422,
           })
         );
-        await updateApplicationById(id, {
+        await queries.applications.updateApplicationById(id, {
           protectedAppMetadata: {
             ...originProtectedAppMetadata,
             ...protectedAppMetadata,
@@ -320,7 +306,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
           await protectedApps.syncAppConfigsToRemote(id);
         } catch (error: unknown) {
           // Revert changes on sync failure
-          await updateApplicationById(id, {
+          await queries.applications.updateApplicationById(id, {
             protectedAppMetadata: originProtectedAppMetadata,
           });
           throw error;
@@ -328,8 +314,8 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       }
 
       ctx.body = await (Object.keys(rest).length > 0
-        ? updateApplicationById(id, rest)
-        : findApplicationById(id));
+        ? queries.applications.updateApplicationById(id, rest)
+        : queries.applications.findApplicationById(id));
 
       return next();
     }
@@ -344,7 +330,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
     }),
     async (ctx, next) => {
       const { id } = ctx.guard.params;
-      const { type, protectedAppMetadata } = await findApplicationById(id);
+      const { type, protectedAppMetadata } = await queries.applications.findApplicationById(id);
       if (type === ApplicationType.Protected && protectedAppMetadata) {
         assertThat(
           !protectedAppMetadata.customDomains || protectedAppMetadata.customDomains.length === 0,
@@ -354,7 +340,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         await protectedApps.deleteRemoteAppConfigs(protectedAppMetadata.host);
       }
       // Note: will need delete cascade when application is joint with other tables
-      await deleteApplicationById(id);
+      await queries.applications.deleteApplicationById(id);
       ctx.status = 204;
 
       return next();
diff --git a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
index 0d5e77f6e3f0..3821be234012 100644
--- a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
+++ b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
@@ -1,4 +1,4 @@
-import { ApplicationType, type Application } from '@logto/schemas';
+import { ApplicationType, hasSecrets, internalPrefix, type Application } from '@logto/schemas';
 import { cond, noop } from '@silverhand/essentials';
 import { HTTPError } from 'ky';
 
@@ -11,6 +11,8 @@ import {
 } from '#src/api/application.js';
 import { devFeatureTest, randomString } from '#src/utils.js';
 
+const defaultSecretName = 'Default secret';
+
 devFeatureTest.describe('application secrets', () => {
   const applications: Application[] = [];
   const createApplication = async (...args: Parameters<typeof createApplicationApi>) => {
@@ -39,19 +41,29 @@ devFeatureTest.describe('application secrets', () => {
           }
         )
       );
+      expect(application.secret).toMatch(new RegExp(`^${internalPrefix}`));
+
+      // Check the default secret
+      const secrets = await getApplicationSecrets(application.id);
+      if (hasSecrets(type)) {
+        expect(secrets).toHaveLength(1);
+        expect(secrets[0]).toEqual(
+          expect.objectContaining({
+            applicationId: application.id,
+            name: defaultSecretName,
+          })
+        );
+      } else {
+        expect(secrets).toHaveLength(0);
+      }
+
       const secretName = randomString();
       const secretPromise = createApplicationSecret({
         applicationId: application.id,
         name: secretName,
       });
 
-      if (
-        [
-          ApplicationType.MachineToMachine,
-          ApplicationType.Protected,
-          ApplicationType.Traditional,
-        ].includes(type)
-      ) {
+      if (hasSecrets(type)) {
         expect(await secretPromise).toEqual(
           expect.objectContaining({ applicationId: application.id, name: secretName })
         );
@@ -137,8 +149,12 @@ devFeatureTest.describe('application secrets', () => {
     expect(await getApplicationSecrets(application.id)).toEqual(
       expect.arrayContaining([secret1, secret2])
     );
-    await deleteApplicationSecret(application.id, secretName1);
-    await deleteApplicationSecret(application.id, secretName2);
+
+    await Promise.all([
+      deleteApplicationSecret(application.id, secretName1),
+      deleteApplicationSecret(application.id, secretName2),
+      deleteApplicationSecret(application.id, defaultSecretName),
+    ]);
     expect(await getApplicationSecrets(application.id)).toEqual([]);
   });
 });
diff --git a/packages/schemas/src/utils/application.ts b/packages/schemas/src/utils/application.ts
new file mode 100644
index 000000000000..c42d65106960
--- /dev/null
+++ b/packages/schemas/src/utils/application.ts
@@ -0,0 +1,9 @@
+import { ApplicationType } from '../db-entries/custom-types.js';
+
+/** If the application type has (or can have) secrets. */
+export const hasSecrets = (type: ApplicationType) =>
+  [
+    ApplicationType.MachineToMachine,
+    ApplicationType.Protected,
+    ApplicationType.Traditional,
+  ].includes(type);
diff --git a/packages/schemas/src/utils/index.ts b/packages/schemas/src/utils/index.ts
index c135793daa0c..a3617a25f4d9 100644
--- a/packages/schemas/src/utils/index.ts
+++ b/packages/schemas/src/utils/index.ts
@@ -1,3 +1,4 @@
+export * from './application.js';
 export * from './role.js';
 export * from './management-api.js';
 export * from './domain.js';

From 5ee47af00cae62b2b7346544c81312a8c9c21a8d Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Tue, 23 Jul 2024 13:14:06 +0800
Subject: [PATCH 083/135] fix(console): fix loading and error handling for org
 details page (#6313)

---
 .../src/pages/OrganizationDetails/index.tsx        | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/packages/console/src/pages/OrganizationDetails/index.tsx b/packages/console/src/pages/OrganizationDetails/index.tsx
index ddf858181578..222998359eab 100644
--- a/packages/console/src/pages/OrganizationDetails/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/index.tsx
@@ -12,10 +12,8 @@ import useSWR from 'swr';
 import Delete from '@/assets/icons/delete.svg';
 import File from '@/assets/icons/file.svg';
 import OrganizationIcon from '@/assets/icons/organization-preview.svg';
-import AppError from '@/components/AppError';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
-import Skeleton from '@/components/DetailsPage/Skeleton';
 import Drawer from '@/components/Drawer';
 import PageMeta from '@/components/PageMeta';
 import ThemedIcon from '@/components/ThemedIcon';
@@ -31,7 +29,6 @@ import { OrganizationDetailsTabs, type OrganizationDetailsOutletContext } from '
 
 const pathname = '/organizations';
 
-// eslint-disable-next-line complexity
 function OrganizationDetails() {
   const { id } = useParams();
   const { navigate } = useTenantPathname();
@@ -70,14 +67,19 @@ function OrganizationDetails() {
     (!jitEmailDomains.data && !jitEmailDomains.error) ||
     (!jitRoles.data && !jitRoles.error) ||
     (!jitSsoConnectors.data && !jitSsoConnectors.error);
+
   const error =
     organization.error ?? jitEmailDomains.error ?? jitRoles.error ?? jitSsoConnectors.error;
 
   return (
-    <DetailsPage backLink={pathname} backLinkTitle="organizations.title" className={styles.page}>
+    <DetailsPage
+      backLink={pathname}
+      backLinkTitle="organizations.title"
+      className={styles.page}
+      isLoading={isLoading}
+      error={error}
+    >
       <PageMeta titleKey="organization_details.page_title" />
-      {isLoading && <Skeleton />}
-      {error && <AppError errorCode={error.body?.code} errorMessage={error.body?.message} />}
       {id &&
         organization.data &&
         jitEmailDomains.data &&

From 16c8d330f07a8e370f7f189189a3a3855d521ae3 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Tue, 23 Jul 2024 13:32:49 +0800
Subject: [PATCH 084/135] refactor(console): keep button loading before
 redirecting to sign-in success page (#6305)

---
 .../use-social-link-related-user.ts           |  2 +-
 .../use-continue-flow-code-verification.ts    |  2 +-
 .../use-register-flow-code-verification.ts    |  4 +--
 .../use-sign-in-flow-code-verification.ts     |  4 +--
 .../src/hooks/use-global-redirect-to.ts       | 30 +++++++++++++++----
 .../src/hooks/use-password-sign-in.ts         |  2 +-
 .../src/hooks/use-send-mfa-payload.ts         |  2 +-
 packages/experience/src/hooks/use-skip-mfa.ts |  2 +-
 .../src/hooks/use-social-link-account.ts      |  2 +-
 .../src/hooks/use-social-register.ts          |  2 +-
 .../experience/src/pages/Consent/index.tsx    |  2 +-
 .../src/pages/Continue/SetPassword/index.tsx  |  4 +--
 .../Continue/SetUsername/use-set-username.ts  |  2 +-
 .../src/pages/RegisterPassword/index.tsx      |  4 +--
 .../use-single-sign-on-listener.ts            |  4 +--
 15 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/packages/experience/src/containers/SocialLinkAccount/use-social-link-related-user.ts b/packages/experience/src/containers/SocialLinkAccount/use-social-link-related-user.ts
index 694772f3212a..dd035d4931e6 100644
--- a/packages/experience/src/containers/SocialLinkAccount/use-social-link-related-user.ts
+++ b/packages/experience/src/containers/SocialLinkAccount/use-social-link-related-user.ts
@@ -24,7 +24,7 @@ const useBindSocialRelatedUser = () => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncBindSocialRelatedUser, handleError, preSignInErrorHandler, redirectTo]
diff --git a/packages/experience/src/containers/VerificationCode/use-continue-flow-code-verification.ts b/packages/experience/src/containers/VerificationCode/use-continue-flow-code-verification.ts
index e500de483721..946d42cfa438 100644
--- a/packages/experience/src/containers/VerificationCode/use-continue-flow-code-verification.ts
+++ b/packages/experience/src/containers/VerificationCode/use-continue-flow-code-verification.ts
@@ -78,7 +78,7 @@ const useContinueFlowCodeVerification = (
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [
diff --git a/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts b/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts
index 0dec679a8466..5df3843d85fb 100644
--- a/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts
+++ b/packages/experience/src/containers/VerificationCode/use-register-flow-code-verification.ts
@@ -69,7 +69,7 @@ const useRegisterFlowCodeVerification = (
         }
 
         if (result?.redirectTo) {
-          redirectTo(result.redirectTo);
+          await redirectTo(result.redirectTo);
         }
       },
       onCancel: () => {
@@ -118,7 +118,7 @@ const useRegisterFlowCodeVerification = (
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [errorCallback, errorHandlers, handleError, redirectTo, verifyVerificationCode]
diff --git a/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts b/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts
index 16a6e0f7f995..68f9987cf0ed 100644
--- a/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts
+++ b/packages/experience/src/containers/VerificationCode/use-sign-in-flow-code-verification.ts
@@ -72,7 +72,7 @@ const useSignInFlowCodeVerification = (
         }
 
         if (result?.redirectTo) {
-          redirectTo(result.redirectTo);
+          await redirectTo(result.redirectTo);
         }
       },
       onCancel: () => {
@@ -119,7 +119,7 @@ const useSignInFlowCodeVerification = (
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncSignInWithVerificationCodeIdentifier, errorHandlers, handleError, redirectTo]
diff --git a/packages/experience/src/hooks/use-global-redirect-to.ts b/packages/experience/src/hooks/use-global-redirect-to.ts
index b6c83148b4d5..168d052d72db 100644
--- a/packages/experience/src/hooks/use-global-redirect-to.ts
+++ b/packages/experience/src/hooks/use-global-redirect-to.ts
@@ -1,27 +1,47 @@
+import { noop } from '@react-spring/shared';
 import { useCallback, useContext } from 'react';
 
 import PageContext from '@/Providers/PageContextProvider/PageContext';
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
 
 /**
- * This hook provides a function that process the app redirection after user successfully signs in.
- * Use window.location.replace to handle the redirection.
- * Set the global loading state to true before redirecting.
- * This is to prevent the user from interacting with the app while the redirection is in progress.
+ * Hook for global redirection after successful login.
+ *
+ * This hook provides an async function that represents the final step in the login process.
+ * It sets a global loading state, clears the interaction context, and then redirects the user.
+ *
+ * The returned async function will never resolve, as the page will be redirected before
+ * the Promise can settle. This behavior is intentional and serves to maintain the loading
+ * state on the interaction element (e.g., a button) that triggered the successful login.
  */
 function useGlobalRedirectTo() {
   const { setLoading } = useContext(PageContext);
   const { clearInteractionContextSessionStorage } = useContext(UserInteractionContext);
 
   const redirectTo = useCallback(
-    (url: string | URL) => {
+    async (url: string | URL): Promise<never> => {
+      /**
+       * Set global loading state to true
+       * This prevents further user interaction during the redirect process
+       */
       setLoading(true);
       /**
        * Clear all identifier input values from the storage once the interaction is submitted.
        * The Identifier cache should be session-isolated, so it should be cleared after the interaction is completed.
        */
       clearInteractionContextSessionStorage();
+      /**
+       * Perform the actual redirect
+       * This is a synchronous operation and will immediately unload the current page
+       */
       window.location.replace(url);
+
+      /**
+       * Return a Promise that never resolves
+       * This ensures that any async function awaiting this redirect will never continue
+       * Thus maintaining the loading state on the UI until the new page is loaded
+       */
+      return new Promise<never>(noop);
     },
     [clearInteractionContextSessionStorage, setLoading]
   );
diff --git a/packages/experience/src/hooks/use-password-sign-in.ts b/packages/experience/src/hooks/use-password-sign-in.ts
index 459cfa15c09a..23cce8bcb07f 100644
--- a/packages/experience/src/hooks/use-password-sign-in.ts
+++ b/packages/experience/src/hooks/use-password-sign-in.ts
@@ -53,7 +53,7 @@ const usePasswordSignIn = () => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncSignIn, checkSingleSignOn, errorHandlers, handleError, redirectTo]
diff --git a/packages/experience/src/hooks/use-send-mfa-payload.ts b/packages/experience/src/hooks/use-send-mfa-payload.ts
index 9d72a94719ce..e407bb3231f7 100644
--- a/packages/experience/src/hooks/use-send-mfa-payload.ts
+++ b/packages/experience/src/hooks/use-send-mfa-payload.ts
@@ -50,7 +50,7 @@ const useSendMfaPayload = () => {
       }
 
       if (result) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncSendMfaPayload, handleError, preSignInErrorHandler, redirectTo]
diff --git a/packages/experience/src/hooks/use-skip-mfa.ts b/packages/experience/src/hooks/use-skip-mfa.ts
index 233bfed1d32d..af480682b4a9 100644
--- a/packages/experience/src/hooks/use-skip-mfa.ts
+++ b/packages/experience/src/hooks/use-skip-mfa.ts
@@ -22,7 +22,7 @@ const useSkipMfa = () => {
     }
 
     if (result) {
-      redirectTo(result.redirectTo);
+      await redirectTo(result.redirectTo);
     }
   }, [asyncSkipMfa, handleError, preSignInErrorHandler, redirectTo]);
 };
diff --git a/packages/experience/src/hooks/use-social-link-account.ts b/packages/experience/src/hooks/use-social-link-account.ts
index 16c38e7f3cff..4e75ffbf1534 100644
--- a/packages/experience/src/hooks/use-social-link-account.ts
+++ b/packages/experience/src/hooks/use-social-link-account.ts
@@ -22,7 +22,7 @@ const useLinkSocial = () => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncLinkWithSocial, handleError, redirectTo]
diff --git a/packages/experience/src/hooks/use-social-register.ts b/packages/experience/src/hooks/use-social-register.ts
index 8d128f538576..601780077800 100644
--- a/packages/experience/src/hooks/use-social-register.ts
+++ b/packages/experience/src/hooks/use-social-register.ts
@@ -25,7 +25,7 @@ const useSocialRegister = (connectorId?: string, replace?: boolean) => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncRegisterWithSocial, handleError, preSignInErrorHandler, redirectTo]
diff --git a/packages/experience/src/pages/Consent/index.tsx b/packages/experience/src/pages/Consent/index.tsx
index 8052e11d8316..3c594989a168 100644
--- a/packages/experience/src/pages/Consent/index.tsx
+++ b/packages/experience/src/pages/Consent/index.tsx
@@ -43,7 +43,7 @@ const Consent = () => {
     }
 
     if (result?.redirectTo) {
-      redirectTo(result.redirectTo);
+      await redirectTo(result.redirectTo);
     }
   }, [asyncConsent, handleError, redirectTo, selectedOrganization?.id]);
 
diff --git a/packages/experience/src/pages/Continue/SetPassword/index.tsx b/packages/experience/src/pages/Continue/SetPassword/index.tsx
index 64530f584ee7..da72cd53d1d3 100644
--- a/packages/experience/src/pages/Continue/SetPassword/index.tsx
+++ b/packages/experience/src/pages/Continue/SetPassword/index.tsx
@@ -34,9 +34,9 @@ const SetPassword = () => {
     [navigate, preSignInErrorHandler, show]
   );
   const successHandler: SuccessHandler<typeof addProfile> = useCallback(
-    (result) => {
+    async (result) => {
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [redirectTo]
diff --git a/packages/experience/src/pages/Continue/SetUsername/use-set-username.ts b/packages/experience/src/pages/Continue/SetUsername/use-set-username.ts
index 4f51873f9c48..343ac0de6cb0 100644
--- a/packages/experience/src/pages/Continue/SetUsername/use-set-username.ts
+++ b/packages/experience/src/pages/Continue/SetUsername/use-set-username.ts
@@ -41,7 +41,7 @@ const useSetUsername = () => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [asyncAddProfile, errorHandlers, handleError, redirectTo]
diff --git a/packages/experience/src/pages/RegisterPassword/index.tsx b/packages/experience/src/pages/RegisterPassword/index.tsx
index b276b2c4ea9f..4c0c722aa702 100644
--- a/packages/experience/src/pages/RegisterPassword/index.tsx
+++ b/packages/experience/src/pages/RegisterPassword/index.tsx
@@ -40,9 +40,9 @@ const RegisterPassword = () => {
   );
 
   const successHandler: SuccessHandler<typeof setUserPassword> = useCallback(
-    (result) => {
+    async (result) => {
       if (result && 'redirectTo' in result) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [redirectTo]
diff --git a/packages/experience/src/pages/SocialSignInWebCallback/use-single-sign-on-listener.ts b/packages/experience/src/pages/SocialSignInWebCallback/use-single-sign-on-listener.ts
index 678b1872d34a..bfc0b8da19e4 100644
--- a/packages/experience/src/pages/SocialSignInWebCallback/use-single-sign-on-listener.ts
+++ b/packages/experience/src/pages/SocialSignInWebCallback/use-single-sign-on-listener.ts
@@ -41,7 +41,7 @@ const useSingleSignOnRegister = () => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [agreeToTermsPolicy, handleError, navigate, redirectTo, request, termsValidation]
@@ -104,7 +104,7 @@ const useSingleSignOnListener = (connectorId: string) => {
       }
 
       if (result?.redirectTo) {
-        redirectTo(result.redirectTo);
+        await redirectTo(result.redirectTo);
       }
     },
     [

From 536f242fcc0c7471ae53f6e1490c945611e12602 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Tue, 23 Jul 2024 14:52:45 +0800
Subject: [PATCH 085/135] refactor: use vite for demo app

---
 packages/core/src/middleware/koa-spa-proxy.ts |   6 +-
 packages/demo-app/.parcelrc.arm64             |   7 -
 packages/demo-app/{src => }/index.html        |   2 +-
 packages/demo-app/package.json                |  22 +-
 packages/demo-app/tsconfig.json               |   1 +
 packages/demo-app/vite.config.ts              |  47 +++
 pnpm-lock.yaml                                | 328 ++++++++++--------
 7 files changed, 244 insertions(+), 169 deletions(-)
 delete mode 100644 packages/demo-app/.parcelrc.arm64
 rename packages/demo-app/{src => }/index.html (86%)
 create mode 100644 packages/demo-app/vite.config.ts

diff --git a/packages/core/src/middleware/koa-spa-proxy.ts b/packages/core/src/middleware/koa-spa-proxy.ts
index 6ec020135132..ffccfe53893c 100644
--- a/packages/core/src/middleware/koa-spa-proxy.ts
+++ b/packages/core/src/middleware/koa-spa-proxy.ts
@@ -37,13 +37,15 @@ export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext
         changeOrigin: true,
         logs: true,
         rewrite: (requestPath) => {
+          const fullPath = '/' + path.join(prefix, requestPath);
           // Static files
           if (requestPath.includes('.')) {
-            return '/' + path.join(prefix, requestPath);
+            return fullPath;
           }
 
           // In-app routes
-          return requestPath;
+          // We'll gradually migrate our single-page apps to use vite, which can directly return the full path
+          return packagePath === 'demo-app' ? fullPath : requestPath;
         },
       });
 
diff --git a/packages/demo-app/.parcelrc.arm64 b/packages/demo-app/.parcelrc.arm64
deleted file mode 100644
index 0c8337cd82a8..000000000000
--- a/packages/demo-app/.parcelrc.arm64
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  "extends": "@parcel/config-default",
-  "optimizers": {
-    // Disable optimizers in arm64 arch https://github.com/parcel-bundler/parcel/issues/7402
-    "*.{jpg,jpeg,png}": []
-  }
-}
diff --git a/packages/demo-app/src/index.html b/packages/demo-app/index.html
similarity index 86%
rename from packages/demo-app/src/index.html
rename to packages/demo-app/index.html
index 0f1fb4dd4891..be606dcc0a20 100644
--- a/packages/demo-app/src/index.html
+++ b/packages/demo-app/index.html
@@ -11,7 +11,7 @@
 <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>
     <div id="app"></div>
-    <script type="module" src="index.tsx"></script>
+    <script type="module" src="src/index.tsx"></script>
 </body>
 
 </html>
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index 33e7e2f8cadc..e1ee104e5416 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -5,15 +5,16 @@
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "private": true,
+  "type": "module",
   "files": [
     "dist"
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "start": "parcel src/index.html",
-    "dev": "cross-env PORT=5003 parcel src/index.html --public-url /demo-app --no-cache --hmr-port 6003",
+    "start": "vite",
+    "dev": "vite",
     "check": "tsc --noEmit",
-    "build": "pnpm check && rm -rf dist && parcel build src/index.html --no-autoinstall --no-cache --public-url /demo-app",
+    "build": "pnpm check && vite build",
     "lint": "eslint --ext .ts --ext .tsx src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"src/**/*.scss\""
@@ -24,8 +25,6 @@
     "@logto/phrases": "workspace:^1.12.0",
     "@logto/react": "^3.0.12",
     "@logto/schemas": "workspace:^1.18.0",
-    "@parcel/core": "2.9.3",
-    "@parcel/transformer-sass": "2.9.3",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/eslint-config-react": "6.0.2",
     "@silverhand/ts-config": "6.0.0",
@@ -39,7 +38,6 @@
     "i18next-browser-languagedetector": "^8.0.0",
     "jose": "^5.6.3",
     "lint-staged": "^15.0.0",
-    "parcel": "2.9.3",
     "postcss": "^8.4.31",
     "prettier": "^3.0.0",
     "react": "^18.3.1",
@@ -47,22 +45,12 @@
     "react-i18next": "^12.3.1",
     "stylelint": "^15.0.0",
     "typescript": "^5.5.3",
+    "vite": "^5.3.4",
     "zod": "^3.23.8"
   },
   "engines": {
     "node": "^20.9.0"
   },
-  "//": "https://github.com/parcel-bundler/parcel/issues/7636",
-  "targets": {
-    "default": {
-      "engines": {
-        "browsers": "defaults"
-      }
-    }
-  },
-  "alias": {
-    "@/*": "./src/$1"
-  },
   "eslintConfig": {
     "extends": "@silverhand/react"
   },
diff --git a/packages/demo-app/tsconfig.json b/packages/demo-app/tsconfig.json
index d7f76d2899de..4cfcbeae7b9f 100644
--- a/packages/demo-app/tsconfig.json
+++ b/packages/demo-app/tsconfig.json
@@ -2,5 +2,6 @@
   "extends": "./tsconfig.base",
   "include": [
     "src",
+    "*.config.ts"
   ]
 }
diff --git a/packages/demo-app/vite.config.ts b/packages/demo-app/vite.config.ts
new file mode 100644
index 000000000000..2951f9635ff7
--- /dev/null
+++ b/packages/demo-app/vite.config.ts
@@ -0,0 +1,47 @@
+import { defineConfig } from 'vite';
+
+export default defineConfig({
+  base: '/demo-app',
+  server: {
+    port: 5003,
+    hmr: {
+      port: 6003,
+    },
+  },
+  resolve: {
+    alias: [
+      {
+        find: /^@\//,
+        replacement: '/src/',
+      },
+    ],
+  },
+  optimizeDeps: {
+    include: ['@logto/phrases', '@logto/phrases-experience', '@logto/schemas'],
+  },
+  build: {
+    sourcemap: process.env.NODE_ENV === 'production',
+    rollupOptions: {
+      output: {
+        manualChunks(id) {
+          if (/\/react[^/]*\//.test(id)) {
+            return 'react';
+          }
+
+          if (id.includes('/@logto/')) {
+            return 'logto';
+          }
+
+          if (id.includes('/node_modules/')) {
+            return 'vendors';
+          }
+
+          const match = /\/lib\/locales\/([^/]+)/.exec(id);
+          if (match?.[1]) {
+            return `phrases-${match[1]}`;
+          }
+        },
+      },
+    },
+  },
+});
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index d22e1a5a12f6..04c5a8524cad 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -63,7 +63,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -78,7 +78,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/cli:
     dependencies:
@@ -190,7 +190,7 @@ importers:
         version: 17.0.13
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       '@withtyped/server':
         specifier: ^0.13.6
         version: 0.13.6(zod@3.23.8)
@@ -208,7 +208,7 @@ importers:
         version: 18.0.0
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-alipay-native:
     dependencies:
@@ -263,7 +263,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -290,7 +290,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-alipay-web:
     dependencies:
@@ -345,7 +345,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -372,7 +372,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-aliyun-dm:
     dependencies:
@@ -418,7 +418,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -445,7 +445,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-aliyun-sms:
     dependencies:
@@ -491,7 +491,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -518,7 +518,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-apple:
     dependencies:
@@ -570,7 +570,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -597,7 +597,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-aws-ses:
     dependencies:
@@ -649,7 +649,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -676,7 +676,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-azuread:
     dependencies:
@@ -725,7 +725,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -752,7 +752,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-dingtalk-web:
     dependencies:
@@ -807,7 +807,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -834,7 +834,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-discord:
     dependencies:
@@ -880,7 +880,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -907,7 +907,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-facebook:
     dependencies:
@@ -953,7 +953,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -980,7 +980,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-feishu-web:
     dependencies:
@@ -1026,7 +1026,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1053,7 +1053,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-github:
     dependencies:
@@ -1102,7 +1102,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1129,7 +1129,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-google:
     dependencies:
@@ -1178,7 +1178,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1205,7 +1205,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-huggingface:
     dependencies:
@@ -1251,7 +1251,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1278,7 +1278,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-kakao:
     dependencies:
@@ -1324,7 +1324,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1351,7 +1351,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-logto-email:
     dependencies:
@@ -1400,7 +1400,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1427,7 +1427,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-logto-sms:
     dependencies:
@@ -1473,7 +1473,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1500,7 +1500,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-logto-social-demo:
     dependencies:
@@ -1546,7 +1546,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1573,7 +1573,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-mailgun:
     dependencies:
@@ -1619,7 +1619,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1646,7 +1646,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-mock-email:
     dependencies:
@@ -1692,7 +1692,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1719,7 +1719,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-mock-email-alternative:
     dependencies:
@@ -1765,7 +1765,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1792,7 +1792,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-mock-sms:
     dependencies:
@@ -1838,7 +1838,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1865,7 +1865,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-mock-social:
     dependencies:
@@ -1911,7 +1911,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1938,7 +1938,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-naver:
     dependencies:
@@ -1984,7 +1984,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2011,7 +2011,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-oauth2:
     dependencies:
@@ -2066,7 +2066,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2093,7 +2093,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-oidc:
     dependencies:
@@ -2151,7 +2151,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2178,7 +2178,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-saml:
     dependencies:
@@ -2230,7 +2230,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2257,7 +2257,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-sendgrid-email:
     dependencies:
@@ -2303,7 +2303,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2330,7 +2330,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-smsaero:
     dependencies:
@@ -2376,7 +2376,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2403,7 +2403,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-smtp:
     dependencies:
@@ -2455,7 +2455,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2482,7 +2482,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-tencent-sms:
     dependencies:
@@ -2528,7 +2528,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2555,7 +2555,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-twilio-sms:
     dependencies:
@@ -2601,7 +2601,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2628,7 +2628,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-wechat-native:
     dependencies:
@@ -2674,7 +2674,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2701,7 +2701,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-wechat-web:
     dependencies:
@@ -2747,7 +2747,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2774,7 +2774,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/connectors/connector-wecom:
     dependencies:
@@ -2820,7 +2820,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2847,7 +2847,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/console:
     devDependencies:
@@ -3485,12 +3485,6 @@ importers:
       '@logto/schemas':
         specifier: workspace:^1.18.0
         version: link:../schemas
-      '@parcel/core':
-        specifier: 2.9.3
-        version: 2.9.3
-      '@parcel/transformer-sass':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -3530,9 +3524,6 @@ importers:
       lint-staged:
         specifier: ^15.0.0
         version: 15.0.2
-      parcel:
-        specifier: 2.9.3
-        version: 2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)
       postcss:
         specifier: ^8.4.31
         version: 8.4.31
@@ -3554,6 +3545,9 @@ importers:
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
+      vite:
+        specifier: ^5.3.4
+        version: 5.3.4(@types/node@20.12.7)(sass@1.77.8)
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -4041,7 +4035,7 @@ importers:
         version: 0.0.33
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       camelcase:
         specifier: ^8.0.0
         version: 8.0.0
@@ -4068,7 +4062,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/shared:
     dependencies:
@@ -4102,7 +4096,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4117,7 +4111,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/toolkit/connector-kit:
     dependencies:
@@ -4149,7 +4143,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4164,7 +4158,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/toolkit/core-kit:
     dependencies:
@@ -4208,7 +4202,7 @@ importers:
         version: 18.3.3
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4229,7 +4223,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
   packages/toolkit/language-kit:
     optionalDependencies:
@@ -4248,7 +4242,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4263,7 +4257,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
 
 packages:
 
@@ -12440,6 +12434,11 @@ packages:
     engines: {node: '>=12.0.0'}
     hasBin: true
 
+  sass@1.77.8:
+    resolution: {integrity: sha512-4UHg6prsrycW20fqLGPShtEvo/WyHRVRHwOP4DzkUrObWoWI05QBSfzU71TVB7PFaL104TwNaHpjlWXAZbQiNQ==}
+    engines: {node: '>=14.0.0'}
+    hasBin: true
+
   sax@1.2.4:
     resolution: {integrity: sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==}
 
@@ -13381,6 +13380,34 @@ packages:
       terser:
         optional: true
 
+  vite@5.3.4:
+    resolution: {integrity: sha512-Cw+7zL3ZG9/NZBB8C+8QbQZmR54GwqIz+WMI4b3JgdYJvX+ny9AjJXqkGQlDXSXRP9rP0B4tbciRMOVEKulVOA==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': ^18.0.0 || >=20.0.0
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.4.0
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+
   vitest@2.0.0:
     resolution: {integrity: sha512-NvccE2tZhIoPSq3o3AoTBmItwhHNjzIxvOgfdzILIscyzSGOtw2+A1d/JJbS86HDVbc6TS5HnckQuCgTfp0HDQ==}
     engines: {node: ^18.0.0 || >=20.0.0}
@@ -14416,7 +14443,7 @@ snapshots:
       '@babel/traverse': 7.24.1
       '@babel/types': 7.24.0
       convert-source-map: 2.0.0
-      debug: 4.3.4
+      debug: 4.3.5
       gensync: 1.0.0-beta.2
       json5: 2.2.3
       semver: 6.3.1
@@ -14617,7 +14644,7 @@ snapshots:
       '@babel/helper-split-export-declaration': 7.22.6
       '@babel/parser': 7.24.4
       '@babel/types': 7.24.0
-      debug: 4.3.4
+      debug: 4.3.5
       globals: 11.12.0
     transitivePeerDependencies:
       - supports-color
@@ -15403,7 +15430,7 @@ snapshots:
 
   '@koa/router@12.0.1':
     dependencies:
-      debug: 4.3.4
+      debug: 4.3.5
       http-errors: 2.0.0
       koa-compose: 4.1.0
       methods: 1.1.2
@@ -17614,7 +17641,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.5.3)
       '@typescript-eslint/utils': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
-      debug: 4.3.4
+      debug: 4.3.5
       eslint: 8.57.0
       ts-api-utils: 1.3.0(typescript@5.5.3)
     optionalDependencies:
@@ -17628,7 +17655,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/types': 7.7.0
       '@typescript-eslint/visitor-keys': 7.7.0
-      debug: 4.3.4
+      debug: 4.3.5
       globby: 11.1.0
       is-glob: 4.0.3
       minimatch: 9.0.4
@@ -17660,7 +17687,7 @@ snapshots:
 
   '@ungap/structured-clone@1.2.0': {}
 
-  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
@@ -17675,11 +17702,11 @@ snapshots:
       std-env: 3.7.0
       strip-literal: 2.1.0
       test-exclude: 7.0.1
-      vitest: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+      vitest: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
@@ -17694,11 +17721,11 @@ snapshots:
       std-env: 3.7.0
       strip-literal: 2.1.0
       test-exclude: 7.0.1
-      vitest: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+      vitest: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
@@ -17713,7 +17740,7 @@ snapshots:
       std-env: 3.7.0
       strip-literal: 2.1.0
       test-exclude: 7.0.1
-      vitest: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1)
+      vitest: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
     transitivePeerDependencies:
       - supports-color
 
@@ -17896,13 +17923,13 @@ snapshots:
 
   agent-base@6.0.2:
     dependencies:
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
   agent-base@7.1.0:
     dependencies:
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
@@ -19914,7 +19941,7 @@ snapshots:
 
   extract-zip@2.0.1:
     dependencies:
-      debug: 4.3.4
+      debug: 4.3.5
       get-stream: 5.2.0
       yauzl: 2.10.0
     optionalDependencies:
@@ -20017,7 +20044,7 @@ snapshots:
     dependencies:
       chalk: 4.1.2
       commander: 5.1.0
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
@@ -20227,7 +20254,7 @@ snapshots:
     dependencies:
       basic-ftp: 5.0.3
       data-uri-to-buffer: 5.0.1
-      debug: 4.3.4
+      debug: 4.3.5
       fs-extra: 8.1.0
     transitivePeerDependencies:
       - supports-color
@@ -20588,14 +20615,14 @@ snapshots:
     dependencies:
       '@tootallnate/once': 2.0.0
       agent-base: 6.0.2
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
   http-proxy-agent@7.0.2:
     dependencies:
       agent-base: 7.1.0
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
@@ -20615,14 +20642,14 @@ snapshots:
   https-proxy-agent@5.0.1:
     dependencies:
       agent-base: 6.0.2
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
   https-proxy-agent@7.0.4:
     dependencies:
       agent-base: 7.1.0
-      debug: 4.3.4
+      debug: 4.3.5
     transitivePeerDependencies:
       - supports-color
 
@@ -21028,7 +21055,7 @@ snapshots:
 
   istanbul-lib-source-maps@4.0.1:
     dependencies:
-      debug: 4.3.4
+      debug: 4.3.5
       istanbul-lib-coverage: 3.2.2
       source-map: 0.6.1
     transitivePeerDependencies:
@@ -22775,7 +22802,7 @@ snapshots:
   micromark@3.2.0:
     dependencies:
       '@types/debug': 4.1.7
-      debug: 4.3.4
+      debug: 4.3.5
       decode-named-character-reference: 1.0.1
       micromark-core-commonmark: 1.1.0
       micromark-factory-space: 1.1.0
@@ -22797,7 +22824,7 @@ snapshots:
   micromark@4.0.0:
     dependencies:
       '@types/debug': 4.1.7
-      debug: 4.3.4
+      debug: 4.3.5
       decode-named-character-reference: 1.0.1
       devlop: 1.1.0
       micromark-core-commonmark: 2.0.0
@@ -23303,7 +23330,7 @@ snapshots:
     dependencies:
       '@tootallnate/quickjs-emscripten': 0.23.0
       agent-base: 7.1.0
-      debug: 4.3.4
+      debug: 4.3.5
       get-uri: 6.0.1
       http-proxy-agent: 7.0.2
       https-proxy-agent: 7.0.4
@@ -23738,7 +23765,7 @@ snapshots:
   proxy-agent@6.4.0:
     dependencies:
       agent-base: 7.1.0
-      debug: 4.3.4
+      debug: 4.3.5
       http-proxy-agent: 7.0.2
       https-proxy-agent: 7.0.4
       lru-cache: 7.18.3
@@ -24236,7 +24263,7 @@ snapshots:
 
   require-in-the-middle@7.2.0:
     dependencies:
-      debug: 4.3.4
+      debug: 4.3.5
       module-details-from-path: 1.0.3
       resolve: 1.22.8
     transitivePeerDependencies:
@@ -24459,6 +24486,13 @@ snapshots:
       immutable: 4.1.0
       source-map-js: 1.0.2
 
+  sass@1.77.8:
+    dependencies:
+      chokidar: 3.5.3
+      immutable: 4.1.0
+      source-map-js: 1.2.0
+    optional: true
+
   sax@1.2.4: {}
 
   saxes@6.0.0:
@@ -24599,7 +24633,7 @@ snapshots:
   socks-proxy-agent@8.0.2:
     dependencies:
       agent-base: 7.1.0
-      debug: 4.3.4
+      debug: 4.3.5
       socks: 2.7.1
     transitivePeerDependencies:
       - supports-color
@@ -25385,7 +25419,7 @@ snapshots:
     dependencies:
       browserslist: 4.23.0
       escalade: 3.1.1
-      picocolors: 1.0.0
+      picocolors: 1.0.1
 
   uri-js@4.4.1:
     dependencies:
@@ -25447,13 +25481,13 @@ snapshots:
       unist-util-stringify-position: 4.0.0
       vfile-message: 4.0.2
 
-  vite-node@2.0.0(@types/node@20.10.4)(sass@1.56.1):
+  vite-node@2.0.0(@types/node@20.10.4)(sass@1.77.8):
     dependencies:
       cac: 6.7.14
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.3.3(@types/node@20.10.4)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.10.4)(sass@1.77.8)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -25464,13 +25498,13 @@ snapshots:
       - supports-color
       - terser
 
-  vite-node@2.0.0(@types/node@20.11.20)(sass@1.56.1):
+  vite-node@2.0.0(@types/node@20.11.20)(sass@1.77.8):
     dependencies:
       cac: 6.7.14
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.3.3(@types/node@20.11.20)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.11.20)(sass@1.77.8)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -25481,13 +25515,13 @@ snapshots:
       - supports-color
       - terser
 
-  vite-node@2.0.0(@types/node@20.12.7)(sass@1.56.1):
+  vite-node@2.0.0(@types/node@20.12.7)(sass@1.77.8):
     dependencies:
       cac: 6.7.14
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.3.3(@types/node@20.12.7)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.12.7)(sass@1.77.8)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -25498,7 +25532,7 @@ snapshots:
       - supports-color
       - terser
 
-  vite@5.3.3(@types/node@20.10.4)(sass@1.56.1):
+  vite@5.3.3(@types/node@20.10.4)(sass@1.77.8):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.4.39
@@ -25506,9 +25540,9 @@ snapshots:
     optionalDependencies:
       '@types/node': 20.10.4
       fsevents: 2.3.3
-      sass: 1.56.1
+      sass: 1.77.8
 
-  vite@5.3.3(@types/node@20.11.20)(sass@1.56.1):
+  vite@5.3.3(@types/node@20.11.20)(sass@1.77.8):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.4.39
@@ -25516,9 +25550,9 @@ snapshots:
     optionalDependencies:
       '@types/node': 20.11.20
       fsevents: 2.3.3
-      sass: 1.56.1
+      sass: 1.77.8
 
-  vite@5.3.3(@types/node@20.12.7)(sass@1.56.1):
+  vite@5.3.3(@types/node@20.12.7)(sass@1.77.8):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.4.39
@@ -25526,9 +25560,19 @@ snapshots:
     optionalDependencies:
       '@types/node': 20.12.7
       fsevents: 2.3.3
-      sass: 1.56.1
+      sass: 1.77.8
+
+  vite@5.3.4(@types/node@20.12.7)(sass@1.77.8):
+    dependencies:
+      esbuild: 0.21.5
+      postcss: 8.4.39
+      rollup: 4.14.3
+    optionalDependencies:
+      '@types/node': 20.12.7
+      fsevents: 2.3.3
+      sass: 1.77.8
 
-  vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
+  vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8):
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@vitest/expect': 2.0.0
@@ -25545,8 +25589,8 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.3.3(@types/node@20.10.4)(sass@1.56.1)
-      vite-node: 2.0.0(@types/node@20.10.4)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.10.4)(sass@1.77.8)
+      vite-node: 2.0.0(@types/node@20.10.4)(sass@1.77.8)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.10.4
@@ -25561,7 +25605,7 @@ snapshots:
       - supports-color
       - terser
 
-  vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
+  vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8):
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@vitest/expect': 2.0.0
@@ -25578,8 +25622,8 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.3.3(@types/node@20.11.20)(sass@1.56.1)
-      vite-node: 2.0.0(@types/node@20.11.20)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.11.20)(sass@1.77.8)
+      vite-node: 2.0.0(@types/node@20.11.20)(sass@1.77.8)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.11.20
@@ -25594,7 +25638,7 @@ snapshots:
       - supports-color
       - terser
 
-  vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.56.1):
+  vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8):
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@vitest/expect': 2.0.0
@@ -25611,8 +25655,8 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.3.3(@types/node@20.12.7)(sass@1.56.1)
-      vite-node: 2.0.0(@types/node@20.12.7)(sass@1.56.1)
+      vite: 5.3.3(@types/node@20.12.7)(sass@1.77.8)
+      vite-node: 2.0.0(@types/node@20.12.7)(sass@1.77.8)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.12.7

From f773957ad4ef64e9fb3ceac3b97bbf8538249846 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Tue, 23 Jul 2024 14:57:54 +0800
Subject: [PATCH 086/135] refactor(core): log app secret name

---
 packages/core/src/event-listeners/grant.ts    |  3 +-
 packages/core/src/event-listeners/utils.ts    |  4 ++-
 .../koa-app-secret-transpilation.ts           | 13 +++++--
 .../api/oidc/client-authentication.test.ts    | 34 ++++++++++++++++++-
 4 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/packages/core/src/event-listeners/grant.ts b/packages/core/src/event-listeners/grant.ts
index b12b591b5ea6..d767eea03655 100644
--- a/packages/core/src/event-listeners/grant.ts
+++ b/packages/core/src/event-listeners/grant.ts
@@ -1,6 +1,7 @@
 import { GrantType, LogResult, token } from '@logto/schemas';
 import type { errors, KoaContextWithOIDC } from 'oidc-provider';
 
+import { type WithAppSecretContext } from '#src/middleware/koa-app-secret-transpilation.js';
 import type { WithLogContext } from '#src/middleware/koa-audit-log.js';
 
 import { stringifyError } from '../utils/format.js';
@@ -13,7 +14,7 @@ import { extractInteractionContext } from './utils.js';
  * @see {@link https://github.com/panva/node-oidc-provider/blob/v7.x/lib/shared/error_handler.js OIDC Provider error handler}
  */
 export const grantListener = (
-  ctx: KoaContextWithOIDC & WithLogContext & { body: GrantBody },
+  ctx: KoaContextWithOIDC & WithLogContext & WithAppSecretContext & { body: GrantBody },
   error?: errors.OIDCProviderError
 ) => {
   const { params } = ctx.oidc;
diff --git a/packages/core/src/event-listeners/utils.ts b/packages/core/src/event-listeners/utils.ts
index 1cdb6676322f..7359ae0e8992 100644
--- a/packages/core/src/event-listeners/utils.ts
+++ b/packages/core/src/event-listeners/utils.ts
@@ -1,10 +1,11 @@
 import type { IRouterParamContext } from 'koa-router';
 import type { KoaContextWithOIDC } from 'oidc-provider';
 
+import { type WithAppSecretContext } from '#src/middleware/koa-app-secret-transpilation.js';
 import type { LogPayload } from '#src/middleware/koa-audit-log.js';
 
 export const extractInteractionContext = (
-  ctx: IRouterParamContext & KoaContextWithOIDC
+  ctx: IRouterParamContext & KoaContextWithOIDC & WithAppSecretContext
 ): LogPayload => {
   const {
     entities: { Account, Session, Client, Interaction },
@@ -13,6 +14,7 @@ export const extractInteractionContext = (
 
   return {
     applicationId: Client?.clientId,
+    applicationSecret: ctx.appSecret,
     sessionId: Session?.jti,
     interactionId: Interaction?.jti,
     userId: Account?.accountId,
diff --git a/packages/core/src/middleware/koa-app-secret-transpilation.ts b/packages/core/src/middleware/koa-app-secret-transpilation.ts
index 19201383a629..1e852a4b6e6a 100644
--- a/packages/core/src/middleware/koa-app-secret-transpilation.ts
+++ b/packages/core/src/middleware/koa-app-secret-transpilation.ts
@@ -1,5 +1,5 @@
 import type { Nullable } from '@silverhand/essentials';
-import type { MiddlewareType } from 'koa';
+import type { Context, MiddlewareType } from 'koa';
 import { errors } from 'oidc-provider';
 
 import type Queries from '#src/tenants/Queries.js';
@@ -14,6 +14,14 @@ function decodeAuthToken(token: string) {
   return authToken;
 }
 
+export type WithAppSecretContext<ContextT = Context> = ContextT & {
+  /** The application secret that has been transpiled during the middleware execution. */
+  appSecret?: {
+    /** The application secret name of the application (client). */
+    name: string;
+  };
+};
+
 /** @import { getConstantClientMetadata } from '#src/oidc/utils.js'; */
 /**
  * Create a middleware function that reads the app secret from the request and check if it matches
@@ -39,7 +47,7 @@ function decodeAuthToken(token: string) {
  */
 export default function koaAppSecretTranspilation<StateT, ContextT, ResponseBodyT>(
   queries: Queries
-): MiddlewareType<StateT, ContextT, Nullable<ResponseBodyT>> {
+): MiddlewareType<StateT, WithAppSecretContext<ContextT>, Nullable<ResponseBodyT>> {
   return async (ctx, next) => {
     type ClientCredentials = Partial<{
       clientId: string;
@@ -127,6 +135,7 @@ export default function koaAppSecretTranspilation<StateT, ContextT, ResponseBody
       ctx.query.client_secret = result.originalSecret;
     }
 
+    ctx.appSecret = { name: result.name };
     return next();
   };
 }
diff --git a/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts b/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts
index 4b55473ea1b5..88fe9e4e3e02 100644
--- a/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts
+++ b/packages/integration-tests/src/tests/api/oidc/client-authentication.test.ts
@@ -8,7 +8,7 @@
 
 import assert from 'node:assert';
 
-import { ApplicationType } from '@logto/schemas';
+import { ApplicationType, token } from '@logto/schemas';
 import { noop, removeUndefinedKeys } from '@silverhand/essentials';
 import { HTTPError } from 'ky';
 
@@ -18,6 +18,7 @@ import {
   createApplicationSecret,
   deleteApplication,
 } from '#src/api/application.js';
+import { getAuditLogs } from '#src/api/index.js';
 import { createResource } from '#src/api/resource.js';
 import { devFeatureTest, randomString, waitFor } from '#src/utils.js';
 
@@ -33,6 +34,23 @@ const [application, resource] = await Promise.all([
   createResource(),
 ]);
 
+const getLogs = async () =>
+  getAuditLogs(
+    new URLSearchParams({
+      logKey: `${token.Type.ExchangeTokenBy}.${token.ExchangeByType.ClientCredentials}`,
+    })
+  );
+
+const expectLog = (applicationId: string, secretName: string) =>
+  expect.objectContaining({
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    payload: expect.objectContaining({
+      applicationId,
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+      applicationSecret: expect.objectContaining({ name: secretName }),
+    }),
+  });
+
 afterAll(async () => {
   await deleteApplication(application.id).catch(noop);
 });
@@ -155,11 +173,14 @@ devFeatureTest.describe('client authentication', () => {
   });
 
   it('should pass when client credentials are valid in authorization header', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
     const secret = await createApplicationSecret({
       applicationId: application.id,
       name: randomString(),
     });
+    const beforeLogs = await getLogs();
 
+    expect(beforeLogs).not.toContainEqual(expectLog(application.id, secret.name));
     await expect(
       post({
         authorization: `Basic ${Buffer.from(`${application.id}:${secret.value}`).toString(
@@ -170,14 +191,21 @@ devFeatureTest.describe('client authentication', () => {
     ).resolves.toMatchObject({
       token_type: 'Bearer',
     });
+
+    const logs = await getLogs();
+    expect(logs).toContainEqual(expectLog(application.id, secret.name));
+    await deleteApplication(application.id);
   });
 
   it('should pass when client credentials are valid in body', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
     const secret = await createApplicationSecret({
       applicationId: application.id,
       name: randomString(),
     });
+    const beforeLogs = await getLogs();
 
+    expect(beforeLogs).not.toContainEqual(expectLog(application.id, secret.name));
     await expect(
       post({
         body: {
@@ -206,5 +234,9 @@ devFeatureTest.describe('client authentication', () => {
         token_type: 'Bearer',
       });
     }
+
+    const logs = await getLogs();
+    expect(logs).toContainEqual(expectLog(application.id, secret.name));
+    await deleteApplication(application.id);
   });
 });

From b16de4b38c54af2ca283df1c47f1e341cfd17be1 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Tue, 23 Jul 2024 16:20:59 +0800
Subject: [PATCH 087/135] chore(phrases): sync keys and translate (#6315)

---
 .../phrases/src/locales/de/errors/session.ts  |  3 +
 .../admin-console/application-details.ts      | 28 +++++--
 .../de/translation/admin-console/cloud.ts     |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 50 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../de/translation/admin-console/profile.ts   | 38 +++++++++
 .../translation/admin-console/role-details.ts |  3 +-
 .../de/translation/admin-console/roles.ts     |  6 ++
 .../admin-console/sign-in-exp/index.ts        | 53 +++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  5 +-
 .../de/translation/admin-console/tenants.ts   | 11 +++
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/de/translation/demo-app.ts    |  1 +
 .../phrases/src/locales/es/errors/session.ts  |  3 +
 .../admin-console/application-details.ts      | 25 +++++-
 .../es/translation/admin-console/cloud.ts     |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 50 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../es/translation/admin-console/profile.ts   | 38 +++++++++
 .../es/translation/admin-console/roles.ts     |  5 ++
 .../admin-console/sign-in-exp/index.ts        | 51 ++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../es/translation/admin-console/tenants.ts   | 11 +++
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/es/translation/demo-app.ts    |  1 +
 .../phrases/src/locales/fr/errors/session.ts  |  3 +
 .../admin-console/application-details.ts      | 27 ++++++-
 .../fr/translation/admin-console/cloud.ts     |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 50 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../fr/translation/admin-console/profile.ts   | 38 +++++++++
 .../fr/translation/admin-console/roles.ts     |  6 ++
 .../admin-console/sign-in-exp/index.ts        | 51 ++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 36 ++++++---
 .../admin-console/subscription/quota-table.ts |  3 +
 .../fr/translation/admin-console/tenants.ts   | 11 +++
 .../admin-console/upsell/paywall.ts           | 14 ++--
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/fr/translation/demo-app.ts    |  1 +
 .../phrases/src/locales/it/errors/session.ts  |  3 +
 .../admin-console/application-details.ts      | 25 +++++-
 .../it/translation/admin-console/cloud.ts     |  7 ++
 .../admin-console/connector-details.ts        | 14 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  7 +-
 .../admin-console/organization-details.ts     | 49 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../it/translation/admin-console/profile.ts   | 38 +++++++++
 .../it/translation/admin-console/roles.ts     |  6 ++
 .../admin-console/sign-in-exp/index.ts        | 53 +++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../it/translation/admin-console/tenants.ts   | 11 +++
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/it/translation/demo-app.ts    |  1 +
 .../phrases/src/locales/ja/errors/session.ts  | 36 +++++----
 .../admin-console/application-details.ts      | 79 +++++++++++--------
 .../ja/translation/admin-console/cloud.ts     | 17 ++--
 .../admin-console/connector-details.ts        | 27 +++++--
 .../translation/admin-console/connectors.ts   | 34 ++++----
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 48 ++++++++++-
 .../admin-console/organization-template.ts    |  7 +-
 .../admin-console/organizations.ts            | 25 +++---
 .../ja/translation/admin-console/profile.ts   | 33 ++++++++
 .../ja/translation/admin-console/roles.ts     | 10 ++-
 .../admin-console/sign-in-exp/index.ts        | 63 ++++++++++++---
 .../sign-in-exp/sign-up-and-sign-in.ts        |  9 ++-
 .../admin-console/subscription/quota-item.ts  | 28 +++++--
 .../admin-console/subscription/quota-table.ts | 13 +--
 .../ja/translation/admin-console/tenants.ts   | 15 +++-
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts | 13 ++-
 .../src/locales/ja/translation/demo-app.ts    |  1 +
 .../phrases/src/locales/ko/errors/session.ts  | 28 ++++---
 .../admin-console/application-details.ts      | 24 +++++-
 .../ko/translation/admin-console/cloud.ts     |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 48 ++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../ko/translation/admin-console/profile.ts   | 33 ++++++++
 .../ko/translation/admin-console/roles.ts     |  5 ++
 .../admin-console/sign-in-exp/index.ts        | 53 +++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts | 19 +++--
 .../ko/translation/admin-console/tenants.ts   | 10 +++
 .../admin-console/upsell/paywall.ts           |  1 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/ko/translation/demo-app.ts    |  1 +
 .../src/locales/pl-pl/errors/session.ts       |  3 +
 .../admin-console/application-details.ts      | 24 +++++-
 .../pl-pl/translation/admin-console/cloud.ts  |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 49 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../translation/admin-console/profile.ts      | 34 ++++++++
 .../pl-pl/translation/admin-console/roles.ts  |  6 ++
 .../admin-console/sign-in-exp/index.ts        | 49 +++++++++++-
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../translation/admin-console/tenants.ts      | 17 +++-
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/pl-pl/translation/demo-app.ts |  1 +
 .../src/locales/pt-br/errors/session.ts       |  3 +
 .../admin-console/application-details.ts      | 25 +++++-
 .../pt-br/translation/admin-console/cloud.ts  |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 49 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  3 +-
 .../translation/admin-console/profile.ts      | 36 +++++++++
 .../pt-br/translation/admin-console/roles.ts  |  5 ++
 .../admin-console/sign-in-exp/index.ts        | 49 +++++++++++-
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../translation/admin-console/tenants.ts      | 11 +++
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/pt-br/translation/demo-app.ts |  1 +
 .../src/locales/pt-pt/errors/session.ts       |  3 +
 .../admin-console/application-details.ts      | 27 +++++--
 .../pt-pt/translation/admin-console/cloud.ts  |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 49 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../translation/admin-console/profile.ts      | 36 +++++++++
 .../pt-pt/translation/admin-console/roles.ts  |  5 ++
 .../admin-console/sign-in-exp/index.ts        | 51 ++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 14 +++-
 .../admin-console/subscription/quota-table.ts |  3 +
 .../translation/admin-console/tenants.ts      | 13 ++-
 .../admin-console/upsell/paywall.ts           |  2 +
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/pt-pt/translation/demo-app.ts |  1 +
 .../phrases/src/locales/ru/errors/session.ts  |  3 +
 .../admin-console/application-details.ts      | 25 +++++-
 .../ru/translation/admin-console/cloud.ts     |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 49 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../ru/translation/admin-console/profile.ts   | 37 +++++++++
 .../ru/translation/admin-console/roles.ts     |  6 ++
 .../admin-console/sign-in-exp/index.ts        | 54 +++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../ru/translation/admin-console/tenants.ts   | 13 ++-
 .../admin-console/upsell/paywall.ts           |  4 +-
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/ru/translation/demo-app.ts    |  1 +
 .../src/locales/tr-tr/errors/session.ts       | 29 ++++---
 .../admin-console/application-details.ts      | 26 ++++--
 .../tr-tr/translation/admin-console/cloud.ts  |  7 ++
 .../admin-console/connector-details.ts        | 15 ++++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  5 ++
 .../admin-console/organization-details.ts     | 49 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  1 +
 .../translation/admin-console/profile.ts      | 35 ++++++++
 .../tr-tr/translation/admin-console/roles.ts  |  5 ++
 .../admin-console/sign-in-exp/index.ts        | 55 +++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../translation/admin-console/tenants.ts      | 11 +++
 .../admin-console/upsell/paywall.ts           |  6 +-
 .../translation/admin-console/user-details.ts |  7 ++
 .../src/locales/tr-tr/translation/demo-app.ts |  1 +
 .../src/locales/zh-cn/errors/session.ts       | 29 +++----
 .../admin-console/application-details.ts      | 25 ++++--
 .../zh-cn/translation/admin-console/cloud.ts  |  6 ++
 .../admin-console/connector-details.ts        | 13 +++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  6 +-
 .../admin-console/organization-details.ts     | 47 ++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            | 23 +++---
 .../translation/admin-console/profile.ts      | 27 +++++++
 .../zh-cn/translation/admin-console/roles.ts  | 10 ++-
 .../admin-console/sign-in-exp/index.ts        | 51 ++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  5 +-
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts | 23 +++---
 .../translation/admin-console/tenants.ts      |  9 +++
 .../admin-console/upsell/paywall.ts           |  1 +
 .../translation/admin-console/user-details.ts | 19 +++--
 .../src/locales/zh-cn/translation/demo-app.ts |  1 +
 .../src/locales/zh-hk/errors/session.ts       |  2 +
 .../admin-console/application-details.ts      | 24 ++++--
 .../zh-hk/translation/admin-console/cloud.ts  |  6 ++
 .../admin-console/connector-details.ts        | 13 +++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   | 12 ++-
 .../admin-console/organization-details.ts     | 47 ++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            |  5 +-
 .../translation/admin-console/profile.ts      | 27 +++++++
 .../zh-hk/translation/admin-console/roles.ts  | 10 ++-
 .../admin-console/sign-in-exp/index.ts        | 59 +++++++++++---
 .../sign-in-exp/sign-up-and-sign-in.ts        |  5 +-
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts |  3 +
 .../translation/admin-console/tenants.ts      | 39 +++++----
 .../admin-console/upsell/paywall.ts           |  1 +
 .../translation/admin-console/user-details.ts | 15 +++-
 .../src/locales/zh-hk/translation/demo-app.ts |  1 +
 .../src/locales/zh-tw/errors/session.ts       |  2 +
 .../admin-console/application-details.ts      | 26 ++++--
 .../zh-tw/translation/admin-console/cloud.ts  |  6 ++
 .../admin-console/connector-details.ts        | 13 +++
 .../translation/admin-console/connectors.ts   |  2 +
 .../translation/admin-console/jwt-claims.ts   |  8 +-
 .../admin-console/organization-details.ts     | 51 +++++++++++-
 .../admin-console/organization-template.ts    |  5 +-
 .../admin-console/organizations.ts            | 63 +++++++--------
 .../translation/admin-console/profile.ts      | 27 +++++++
 .../zh-tw/translation/admin-console/roles.ts  | 10 ++-
 .../admin-console/sign-in-exp/index.ts        | 51 ++++++++++--
 .../sign-in-exp/sign-up-and-sign-in.ts        |  3 +
 .../admin-console/subscription/quota-item.ts  | 12 +++
 .../admin-console/subscription/quota-table.ts | 19 +++--
 .../translation/admin-console/tenants.ts      |  9 +++
 .../admin-console/upsell/paywall.ts           |  1 +
 .../translation/admin-console/user-details.ts | 13 ++-
 .../src/locales/zh-tw/translation/demo-app.ts |  1 +
 267 files changed, 3488 insertions(+), 483 deletions(-)

diff --git a/packages/phrases/src/locales/de/errors/session.ts b/packages/phrases/src/locales/de/errors/session.ts
index 2caefd3c7992..ecdd850a6fe3 100644
--- a/packages/phrases/src/locales/de/errors/session.ts
+++ b/packages/phrases/src/locales/de/errors/session.ts
@@ -19,12 +19,15 @@ const session = {
     'Die Verifizierung war nicht erfolgreich. Starte die Verifizierung neu und versuche es erneut.',
   connector_validation_session_not_found:
     'Die Connector-Sitzung zur Token-Validierung wurde nicht gefunden.',
+  csrf_token_mismatch: 'CSRF-Token stimmt nicht überein.',
   identifier_not_found:
     'Benutzerkennung nicht gefunden. Bitte gehen Sie zurück und melden Sie sich erneut an.',
   interaction_not_found:
     'Interaktionssitzung nicht gefunden. Bitte gehen Sie zurück und starten Sie die Sitzung erneut.',
   not_supported_for_forgot_password:
     'Diese Operation wird für das vergessene Passwort nicht unterstützt.',
+  identity_conflict:
+    'Identitätskonflikt festgestellt. Bitte starten Sie eine neue Sitzung, um mit einer anderen Identität fortzufahren.',
   mfa: {
     require_mfa_verification: 'MFA-Verifizierung ist erforderlich, um sich anzumelden.',
     mfa_sign_in_only: 'MFA ist nur für die Anmeldeinteraktion verfügbar.',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/application-details.ts b/packages/phrases/src/locales/de/translation/admin-console/application-details.ts
index 2f0f99d3173a..f0291b872cb4 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/application-details.ts
@@ -24,6 +24,7 @@ const application_details = {
   description: 'Beschreibung',
   description_placeholder: 'Gib eine Beschreibung ein',
   config_endpoint: 'OpenID Provider Konfigurations-Endpunkt',
+  issuer_endpoint: 'Issuer-Endpunkt',
   authorization_endpoint: 'Autorisierungs-Endpoint',
   authorization_endpoint_tip:
     'Der Endpunkt, der für die Authentifizierung und <a>Authorisierung</a> über OpenID Connect verwendet wird.',
@@ -63,6 +64,13 @@ const application_details = {
   rotate_refresh_token: 'Auffrischungstoken drehen',
   rotate_refresh_token_label:
     'Wenn diese Option aktiviert ist, wird Logto ein neues Auffrischungstoken für Tokenanfragen ausgeben, wenn 70% der ursprünglichen Zeit bis zum Ablauf (TTL) verstrichen sind oder bestimmte Bedingungen erfüllt sind. <a>Erfahren Sie mehr</a>',
+  backchannel_logout: 'Backchannel-Logout',
+  backchannel_logout_description:
+    'Konfigurieren Sie den OpenID Connect-Backchannel-Logout-Endpunkt und ob eine Sitzung für diese Anwendung erforderlich ist.',
+  backchannel_logout_uri: 'Backchannel-Logout-URI',
+  backchannel_logout_uri_session_required: 'Ist eine Sitzung erforderlich?',
+  backchannel_logout_uri_session_required_description:
+    'Wenn aktiviert, erfordert der RP, dass ein `sid`- (Sitzungs-ID) Anspruch im Logout-Token enthalten ist, um die RP-Sitzung mit dem OP zu identifizieren, wenn die `backchannel_logout_uri` verwendet wird.',
   delete_description:
     'Diese Aktion ist nicht umkehrbar. Die Anwendung wird dauerhaft gelöscht. Bitte geben Sie den Anwendungsnamen <span>{{name}}</span> zur Bestätigung ein.',
   enter_your_application_name: 'Geben Sie einen Anwendungsnamen ein',
@@ -86,16 +94,25 @@ const application_details = {
     'Stellen Sie sicher, dass Ihr Herkunftsserver vor direktem Zugriff geschützt ist. Beachten Sie die Anleitung für weitere <a>detaillierte Anweisungen</a>.',
   session_duration: 'Sitzungsdauer (Tage)',
   try_it: 'Probieren Sie es aus',
+  no_organization_placeholder: 'Keine Organisation gefunden. <a>Zu den Organisationen</a>',
   branding: {
     name: 'Branding',
     description:
       'Passen Sie den Anzeigenamen und das Logo Ihrer Anwendung auf dem Einwilligungsbildschirm an.',
+    description_third_party:
+      'Passen Sie den Anzeigenamen und das Logo Ihrer Anwendung auf dem Einwilligungsbildschirm an.',
+    app_logo: 'App-Logo',
+    app_level_sie: 'Anmeldeerfahrung auf App-Ebene',
+    app_level_sie_switch:
+      'Aktivieren Sie die Anmeldeerfahrung auf App-Ebene und richten Sie app-spezifisches Branding ein. Wenn deaktiviert, wird die Omni-Anmeldeerfahrung verwendet.',
     more_info: 'Mehr Infos',
     more_info_description:
       'Bieten Sie den Benutzern auf dem Einwilligungsbildschirm weitere Informationen über Ihre Anwendung.',
     display_name: 'Anzeigenamen',
-    display_logo: 'Logo anzeigen',
-    display_logo_dark: 'Logo anzeigen (dunkel)',
+    application_logo: 'Anwendungslogo',
+    application_logo_dark: 'Anwendungslogo (dunkel)',
+    brand_color: 'Markenfarbe',
+    brand_color_dark: 'Markenfarbe (dunkel)',
     terms_of_use_url: 'URL der Anwendungsbedingungen',
     privacy_policy_url: 'URL der Anwendungsdatenschutzbestimmungen',
   },
@@ -107,7 +124,7 @@ const application_details = {
     organization_permissions: 'Zugriff auf Organisation',
     table_name: 'Berechtigungen erteilen',
     field_name: 'Berechtigung',
-    field_description: 'Ersccheint auf dem Einwilligungsbildschirm',
+    field_description: 'Erscheint auf dem Einwilligungsbildschirm',
     delete_text: 'Berechtigung entfernen',
     permission_delete_confirm:
       'Diese Aktion hebt die der Drittanbieter-App erteilten Berechtigungen auf, was sie daran hindert, Benutzerberechtigung für bestimmte Datentypen anzufragen. Sind Sie sicher, dass Sie fortfahren möchten?',
@@ -136,12 +153,13 @@ const application_details = {
     grant_organization_level_permissions: 'Berechtigungen für Organisationdaten erteilen',
   },
   roles: {
-    name_column: 'Rolle von Maschine zu Maschine',
-    description_column: 'Beschreibung',
     assign_button: 'Rollen von Maschine zu Maschine zuweisen',
     delete_description:
       'Diese Aktion entfernt diese Rolle von dieser Maschinen-zu-Maschinen-App. Die Rolle existiert zwar weiterhin, ist jedoch nicht mehr mit dieser Maschinen-zu-Maschinen-App verknüpft.',
     deleted: '{{name}} wurde erfolgreich von diesem Benutzer entfernt.',
+    assign_title: 'Rollen an {{name}} zuweisen',
+    assign_subtitle:
+      'Machine-to-Machine-Apps müssen Rollen vom Typ Machine-to-Machine haben, um auf verwandte API-Ressourcen zuzugreifen.',
     assign_role_field: 'Rollen von Maschine zu Maschine zuweisen',
     role_search_placeholder: 'Nach Rollennamen suchen',
     added_text: '{{value, number}} hinzugefügt',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/cloud.ts b/packages/phrases/src/locales/de/translation/admin-console/cloud.ts
index 2aa77f370a58..b06ce584b000 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Keines der oben genannten',
     },
   },
+  create_tenant: {
+    page_title: 'Mandant erstellen',
+    title: 'Erstellen Sie Ihren ersten Mandanten',
+    description:
+      'Ein Mandant ist eine isolierte Umgebung, in der Sie Benutzeridentitäten, Anwendungen und alle anderen Logto-Ressourcen verwalten können.',
+    invite_collaborators: 'Laden Sie Ihre Mitarbeiter per E-Mail ein',
+  },
   sie: {
     page_title: 'Meldeeinrichtung anpassen',
     title: 'Passen Sie zuerst Ihre Anmeldungserfahrung mit Leichtigkeit an',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/de/translation/admin-console/connector-details.ts
index f3b4f62ef07b..75b04d2a5d0a 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'Zeigen Sie den Firmennamen, die Adresse oder die Postleitzahl am Ende der E-Mails an, um die Authentizität zu erhöhen.',
     company_information_placeholder: 'Die grundlegenden Informationen Ihres Unternehmens',
+    email_logo_field: 'E-Mail-Logo',
+    email_logo_tip:
+      'Zeigen Sie Ihr Markenlogo oben in den E-Mails an. Verwenden Sie dasselbe Bild für den Lichtmodus und den Dunkelmodus.',
     urls_not_allowed: 'URLs sind nicht erlaubt',
     test_notes: 'Logto verwendet die "Generic"-Vorlage zum Testen.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap ist eine sichere und einfache Möglichkeit für Benutzer, sich auf Ihrer Website anzumelden.',
+    enable_google_one_tap: 'Google One Tap aktivieren',
+    enable_google_one_tap_description:
+      'Aktivieren Sie Google One Tap in Ihrem Anmeldeerlebnis: Lassen Sie Benutzer sich schnell mit ihrem Google-Konto registrieren oder anmelden, wenn sie bereits auf ihrem Gerät angemeldet sind.',
+    configure_google_one_tap: 'Google One Tap konfigurieren',
+    auto_select: 'Anmeldeinformationen automatisch auswählen, wenn möglich',
+    close_on_tap_outside: 'Aufforderung abbrechen, wenn Benutzer außerhalb klicken/tippen',
+    itp_support: '<a>Erweiterten One Tap UX auf ITP-Browsern</a> aktivieren',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/de/translation/admin-console/connectors.ts b/packages/phrases/src/locales/de/translation/admin-console/connectors.ts
index 3f2fe717234b..00bd6c67af4b 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/connectors.ts
@@ -45,6 +45,8 @@ const connectors = {
     name_placeholder: 'Geben Sie den Namen für den Social-Sign-In-Button ein',
     name_tip:
       'Der Name des Connector-Buttons wird als "Weiter mit {{name}}" angezeigt. Achten Sie darauf, dass der Name nicht zu lang wird.',
+    connector_logo: 'Connector-Logo',
+    connector_logo_tip: 'Das Logo wird auf dem Connector-Anmeldebutton angezeigt.',
     target: 'Identity Provider Name',
     target_placeholder: 'Geben Sie den Namen des Connector Identity Providers ein',
     target_tip:
diff --git a/packages/phrases/src/locales/de/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/de/translation/admin-console/jwt-claims.ts
index dde13429467f..03608ff34436 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/jwt-claims.ts
@@ -35,6 +35,11 @@ const jwt_claims = {
     subtitle:
       'Verwenden Sie den `data.user` Eingabeparameter, um wichtige Benutzerinformationen bereitzustellen.',
   },
+  grant_data: {
+    title: 'Zugriffsdaten',
+    subtitle:
+      'Verwenden Sie den `data.grant` Eingabeparameter, um wichtige Informationen zu gewähren, nur für den Token-Austausch verfügbar.',
+  },
   token_data: {
     title: 'Token-Daten',
     subtitle: 'Verwenden Sie den `token` Eingabeparameter für die aktuelle Zugriffstoken-Payload.',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/de/translation/admin-console/organization-details.ts
index e5b0e5f83799..194b81f18d74 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/organization-details.ts
@@ -14,18 +14,66 @@ const organization_details = {
     'Suchen Sie nach geeigneten Benutzern, indem Sie nach Name, E-Mail, Telefon oder Benutzer-ID suchen. In den Suchergebnissen werden keine bereits vorhandenen Mitglieder angezeigt.',
   add_with_organization_role: 'Mit Organisation Rollen hinzufügen',
   user: 'Benutzer',
+  application: 'Anwendung',
+  application_other: 'Anwendungen',
+  add_applications_to_organization: 'Anwendungen zur Organisation {{name}} hinzufügen',
+  add_applications_to_organization_description:
+    'Suchen Sie nach passenden Anwendungen, indem Sie nach App-ID, Name oder Beschreibung suchen. Bereits vorhandene Anwendungen werden in den Suchergebnissen nicht angezeigt.',
+  at_least_one_application: 'Mindestens eine Anwendung ist erforderlich.',
+  remove_application_from_organization: 'Anwendung aus der Organisation entfernen',
+  remove_application_from_organization_description:
+    'Nach dem Entfernen verliert die Anwendung ihre Zuordnung und Rollen in dieser Organisation. Diese Aktion kann nicht rückgängig gemacht werden.',
+  search_application_placeholder: 'Suche nach App-ID, Name oder Beschreibung',
+  roles: 'Organisationsrollen',
   authorize_to_roles: 'Berechtige {{name}} auf die folgenden Rollen zuzugreifen:',
   edit_organization_roles: 'Organisationsrollen bearbeiten',
-  edit_organization_roles_of_user: 'Organisationsrollen von {{name}} bearbeiten',
+  edit_organization_roles_title: 'Organisationsrollen von {{name}} bearbeiten',
   remove_user_from_organization: 'Benutzer von der Organisation entfernen',
   remove_user_from_organization_description:
     'Wenn entfernt, verliert der Benutzer seine Mitgliedschaft und Rollen in dieser Organisation. Diese Aktion kann nicht rückgängig gemacht werden.',
   search_user_placeholder: 'Nach Name, E-Mail, Telefon oder Benutzer-ID suchen',
   at_least_one_user: 'Mindestens ein Benutzer ist erforderlich.',
+  organization_roles_tooltip:
+    'Die Rollen, die dem {{type}} innerhalb dieser Organisation zugewiesen sind.',
   custom_data: 'Benutzerdefinierte Daten',
   custom_data_tip:
     'Benutzerdefinierte Daten sind ein JSON-Objekt, das verwendet werden kann, um zusätzliche Daten zu speichern, die mit der Organisation verbunden sind.',
   invalid_json_object: 'Ungültiges JSON-Objekt.',
+  branding: {
+    logo: 'Organisationslogos',
+    logo_tooltip:
+      'Sie können die Organisations-ID übergeben, um dieses Logo im Anmeldeerlebnis anzuzeigen; die dunkle Version des Logos wird benötigt, wenn der Dunkelmodus in den Omni-Anmeldeerlebniseinstellungen aktiviert ist. <a>Mehr erfahren</a>',
+  },
+  jit: {
+    title: 'Just-in-Time-Bereitstellung',
+    description:
+      'Benutzer können der Organisation automatisch beitreten und bei ihrer ersten Anmeldung über einige Authentifizierungsmethoden Rollen zugewiesen bekommen. Sie können Anforderungen festlegen, die für die Just-in-Time-Bereitstellung erfüllt werden müssen.',
+    email_domain: 'E-Mail-Domain-Bereitstellung',
+    email_domain_description:
+      'Neue Benutzer, die sich mit ihren verifizierten E-Mail-Adressen oder über die soziale Anmeldung mit verifizierten E-Mail-Adressen anmelden, treten automatisch der Organisation bei. <a>Mehr erfahren</a>',
+    email_domain_placeholder: 'E-Mail-Domains für die Just-in-Time-Bereitstellung eingeben',
+    invalid_domain: 'Ungültige Domain',
+    domain_already_added: 'Domain bereits hinzugefügt',
+    sso_enabled_domain_warning:
+      'Sie haben eine oder mehrere E-Mail-Domains eingegeben, die mit dem Enterprise SSO verknüpft sind. Benutzer mit diesen E-Mails folgen dem Standard-SSO-Fluss und werden dieser Organisation nicht bereitgestellt, es sei denn, das Enterprise SSO ist konfiguriert.',
+    enterprise_sso: 'Enterprise SSO Bereitstellung',
+    no_enterprise_connector_set:
+      'Sie haben noch keinen Enterprise SSO-Connector eingerichtet. Fügen Sie zuerst Connectors hinzu, um die Enterprise SSO-Bereitstellung zu aktivieren. <a>Einrichten</a>',
+    add_enterprise_connector: 'Enterprise-Connector hinzufügen',
+    enterprise_sso_description:
+      'Neue Benutzer oder bestehende Benutzer, die sich zum ersten Mal über Enterprise SSO anmelden, treten automatisch der Organisation bei. <a>Mehr erfahren</a>',
+    organization_roles: 'Standard-Organisationsrollen',
+    organization_roles_description:
+      'Weisen Sie Benutzerrollen zu, wenn sie der Organisation durch die Just-in-Time-Bereitstellung beitreten.',
+  },
+  mfa: {
+    title: 'Multi-Faktor-Authentifizierung (MFA)',
+    tip: 'Wenn MFA erforderlich ist, werden Benutzer ohne MFA-Konfiguration abgelehnt, wenn sie versuchen, ein Organisationstoken auszutauschen. Diese Einstellung wirkt sich nicht auf die Benutzerauthentifizierung aus.',
+    description:
+      'Erfordern Sie, dass Benutzer die Multi-Faktor-Authentifizierung konfigurieren, um auf diese Organisation zuzugreifen.',
+    no_mfa_warning:
+      'Für Ihren Mandanten sind keine Multi-Faktor-Authentifizierungsmethoden aktiviert. Benutzer können nicht auf diese Organisation zugreifen, bis mindestens eine <a>Multi-Faktor-Authentifizierungsmethode</a> aktiviert ist.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/de/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/de/translation/admin-console/organization-template.ts
index d3ced3deb263..09b07f01855f 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Rolle der Organisation erstellen',
       create: 'Rolle erstellen',
-      name_field: 'Rollenname',
-      description_field: 'Beschreibung',
+      name: 'Rollenname',
+      description: 'Beschreibung',
+      type: 'Rollentyp',
       created: 'Die Organisationsrolle {{name}} wurde erfolgreich erstellt.',
     },
   },
diff --git a/packages/phrases/src/locales/de/translation/admin-console/organizations.ts b/packages/phrases/src/locales/de/translation/admin-console/organizations.ts
index 210b922ea870..3b77e3ec8940 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Organisationsvorlage',
   organization_id: 'Organisations-ID',
   members: 'Mitglieder',
+  machine_to_machine: 'Maschine-zu-Maschine-Apps',
   create_organization: 'Organisation erstellen',
   setup_organization: 'Richten Sie Ihre Organisation ein',
   organization_list_placeholder_title: 'Organisation',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/profile.ts b/packages/phrases/src/locales/de/translation/admin-console/profile.ts
index eb56e2fda207..3b52a736d472 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/profile.ts
@@ -52,6 +52,44 @@ const profile = {
     description:
       'Wenn Sie Ihr Konto löschen, werden alle Ihre persönlichen Informationen, Benutzerdaten und Konfigurationen entfernt. Diese Aktion kann nicht rückgängig gemacht werden.',
     button: 'Konto löschen',
+    p: {
+      has_issue:
+        'Es tut uns leid zu hören, dass du dein Konto löschen möchtest. Bevor du dein Konto löschen kannst, musst du die folgenden Probleme lösen.',
+      after_resolved:
+        'Sobald du die Probleme gelöst hast, kannst du dein Konto löschen. Bitte zögere nicht, uns zu kontaktieren, wenn du Hilfe benötigst.',
+      check_information:
+        'Es tut uns leid zu hören, dass du dein Konto löschen möchtest. Bitte überprüfe die folgenden Informationen sorgfältig, bevor du fortfährst.',
+      remove_all_data:
+        'Das Löschen deines Kontos wird alle Daten über dich in der Logto Cloud dauerhaft entfernen. Bitte stelle sicher, dass du alle wichtigen Daten sicherst, bevor du fortfährst.',
+      confirm_information:
+        'Bitte bestätige, dass die oben stehenden Informationen deinen Erwartungen entsprechen. Sobald du dein Konto löschst, können wir es nicht wiederherstellen.',
+      has_admin_role:
+        'Da du die Admin-Rolle im folgenden Mandanten hast, wird dieser zusammen mit deinem Konto gelöscht:',
+      has_admin_role_other:
+        'Da du die Admin-Rolle in den folgenden Mandanten hast, werden diese zusammen mit deinem Konto gelöscht:',
+      quit_tenant: 'Du bist dabei, den folgenden Mandanten zu verlassen:',
+      quit_tenant_other: 'Du bist dabei, die folgenden Mandanten zu verlassen:',
+    },
+    issues: {
+      paid_plan:
+        'Der folgende Mandant hat einen kostenpflichtigen Plan, bitte kündige das Abonnement zuerst:',
+      paid_plan_other:
+        'Die folgenden Mandanten haben kostenpflichtige Pläne, bitte kündige das Abonnement zuerst:',
+      subscription_status: 'Der folgende Mandant hat ein Abonnementstatus-Problem:',
+      subscription_status_other: 'Die folgenden Mandanten haben Abonnementstatus-Probleme:',
+      open_invoice: 'Der folgende Mandant hat eine offene Rechnung:',
+      open_invoice_other: 'Die folgenden Mandanten haben offene Rechnungen:',
+    },
+    error_occurred: 'Ein Fehler ist aufgetreten',
+    error_occurred_description:
+      'Entschuldigung, beim Löschen deines Kontos ist ein Fehler aufgetreten:',
+    request_id: 'Anfrage-ID: {{requestId}}',
+    try_again_later:
+      'Bitte versuche es später erneut. Wenn das Problem weiterhin besteht, kontaktiere bitte das Logto-Team mit der Anfrage-ID.',
+    final_confirmation: 'Endgültige Bestätigung',
+    about_to_start_deletion:
+      'Du bist dabei, den Löschvorgang zu starten und diese Aktion kann nicht rückgängig gemacht werden.',
+    permanently_delete: 'Dauerhaft löschen',
   },
   set: 'Festlegen',
   change: 'Ändern',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/role-details.ts b/packages/phrases/src/locales/de/translation/admin-console/role-details.ts
index db670a6c2c61..c36549945d2f 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/role-details.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/role-details.ts
@@ -62,8 +62,9 @@ const role_details = {
     delete_description:
       'Es bleibt in Ihrem Anwendungspool, verliert jedoch die Autorisierung für diese Rolle.',
     deleted: '{{name}} wurde erfolgreich aus dieser Rolle entfernt',
+    assign_title: 'Maschinen-zu-Maschinen-Apps zu {{name}} zuweisen',
     assign_subtitle:
-      'Finden Sie geeignete Maschine-zu-Maschine-Anwendungen, indem Sie nach Name, Beschreibung oder App-ID suchen.',
+      'Finden Sie geeignete Maschinen-zu-Maschinen-Apps, indem Sie nach Name, Beschreibung oder App-ID suchen.',
     assign_field: 'Maschine-zu-Maschine-Anwendungen zuweisen',
     confirm_assign: 'Maschine-zu-Maschine-Anwendungen zuweisen',
     assigned_toast_text: 'Die ausgewählten Anwendungen wurden erfolgreich dieser Rolle zugewiesen',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/roles.ts b/packages/phrases/src/locales/de/translation/admin-console/roles.ts
index f70bd94c3dcc..8d8435b0477d 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Rolle erstellen',
   role_name: 'Rollenname',
   role_type: 'Rollenart',
+  type_user: 'Benutzer',
+  type_machine_to_machine: 'Maschine-zu-Maschine',
   role_description: 'Beschreibung',
   role_name_placeholder: 'Geben Sie Ihren Rollennamen ein',
   role_description_placeholder: 'Geben Sie Ihre Rollenbeschreibung ein',
@@ -19,16 +21,20 @@ const roles = {
   application_count: '{{count}} App',
   assign_permissions: 'Berechtigungen zuweisen',
   create_role_title: 'Rolle erstellen',
+  create_role_description:
+    'Verwenden Sie Rollen, um Berechtigungen zu organisieren und sie Benutzern zuzuweisen.',
   create_role_button: 'Rolle erstellen',
   role_created: 'Die Rolle {{name}} wurde erfolgreich erstellt.',
   search: 'Nach Rollennamen, Beschreibung oder ID suchen',
   placeholder_title: 'Rollen',
   placeholder_description:
     'Rollen sind eine Gruppierung von Berechtigungen, die Benutzern zugewiesen werden können. Stellen Sie sicher, dass Sie zuerst Berechtigungen hinzufügen, bevor Sie Rollen erstellen.',
+  assign_roles: 'Rollen zuweisen',
   management_api_access_notification:
     'Für den Zugriff auf die Logto-Verwaltungs-API wählen Sie Rollen mit Verwaltungs-API-Berechtigungen <flag/> aus.',
   with_management_api_access_tip:
     'Diese Maschinenrollen umfassen Berechtigungen für die Logto-Verwaltungs-API',
+  role_creation_hint: 'Können Sie die richtige Rolle nicht finden? <a>Erstellen Sie eine Rolle</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/index.ts
index cc1655c26ca4..d3d238c376a1 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/index.ts
@@ -34,15 +34,56 @@ const sign_in_exp = {
   branding: {
     title: 'BRANDING',
     ui_style: 'Stil',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: 'App-Logo und Favicon',
+    company_logo_and_favicon: 'Firmenlogo und Favicon',
   },
-  custom_css: {
-    title: 'Benutzerdefiniertes CSS',
-    css_code_editor_title: 'Personalisiere dein UI mit Benutzerdefiniertem CSS',
-    css_code_editor_description1: 'Beispiele für benutzerdefiniertes CSS anzeigen.',
-    css_code_editor_description2: '<a>{{link}}</a>.',
+  branding_uploads: {
+    app_logo: {
+      title: 'App-Logo',
+      url: 'App-Logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'App-Logo: {{error}}',
+    },
+    company_logo: {
+      title: 'Firmenlogo',
+      url: 'Firmenlogo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Firmenlogo: {{error}}',
+    },
+    organization_logo: {
+      title: 'Bild hochladen',
+      url: 'Organisations-Logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Organisations-Logo: {{error}}',
+    },
+    connector_logo: {
+      title: 'Bild hochladen',
+      url: 'Konnektor-Logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Konnektor-Logo: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'Favicon URL',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'Benutzerdefinierte UI',
+    css_code_editor_title: 'Benutzerdefiniertes CSS',
+    css_code_editor_description1: 'Siehe das Beispiel für benutzerdefiniertes CSS.',
+    css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: 'Erfahre mehr',
     css_code_editor_content_placeholder:
-      'Gib dein benutzerdefiniertes CSS ein, um den Stil von allem genau nach deinen Vorgaben zu gestalten. Gib deiner Kreativität Ausdruck und hebe dein UI hervor.',
+      'Geben Sie Ihr benutzerdefiniertes CSS ein, um die Stile nach Ihren exakten Spezifikationen anzupassen. Drücken Sie Ihre Kreativität aus und heben Sie Ihre Benutzeroberfläche hervor.',
+    bring_your_ui_title: 'Bringen Sie Ihr UI',
+    bring_your_ui_description:
+      'Laden Sie ein komprimiertes Paket (.zip) hoch, um die vorgefertigte Benutzeroberfläche von Logto durch Ihren eigenen Code zu ersetzen. <a>Erfahren Sie mehr</a>',
+    preview_with_bring_your_ui_description:
+      'Ihre benutzerdefinierten UI-Assets wurden erfolgreich hochgeladen und werden jetzt bereitgestellt. Daher wurde das eingebaute Vorschaufenster deaktiviert.\nUm Ihre personalisierte Anmelde-Benutzeroberfläche zu testen, klicken Sie auf die Schaltfläche "Live-Vorschau", um sie in einem neuen Browser-Tab zu öffnen.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index ddc1522236de..ff5f3205ca03 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -41,6 +41,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Einrichten',
       go_to: 'andere Social Connectors jetzt.',
     },
+    automatic_account_linking: 'Automatische Kontoverknüpfung',
+    automatic_account_linking_label:
+      'Wenn diese Option aktiviert ist und sich ein Benutzer mit einer dem System neuen sozialen Identität anmeldet und genau ein vorhandenes Konto mit demselben Identifier (z. B. E-Mail) vorhanden ist, wird Logto das Konto automatisch mit der sozialen Identität verknüpfen, anstatt den Benutzer zur Kontoverknüpfung aufzufordern.',
   },
   tip: {
     set_a_password: 'Ein einmaliges Passwort für Ihren Benutzernamen ist ein Muss.',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-item.ts
index b31e80bd5850..81df3f7b84fb 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'Benutzerdefiniertes JWT',
     not_eligible: 'Remove your JWT claims customizer',
   },
+  impersonation_enabled: {
+    name: 'Impersonation',
+    limited: 'Impersonation',
+    unlimited: 'Impersonation',
+    not_eligible: 'Keine Impersonation erlaubt',
+  },
+  bring_your_ui_enabled: {
+    name: 'Bring your UI',
+    limited: 'Bring your UI',
+    unlimited: 'Bring your UI',
+    not_eligible: 'Entferne deine benutzerdefinierten UI-Assets',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts
index 020c226c33ee..4b4427517b7b 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/subscription/quota-table.ts
@@ -9,7 +9,7 @@ const quota_table = {
     title: 'Anwendungen',
     total: 'Gesamtzahl der Anwendungen',
     m2m: 'Maschine-zu-Maschine',
-    third_party: 'Third-party apps',
+    third_party: 'Drittanbieter-Apps',
   },
   resource: {
     title: 'API-Ressourcen',
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Benutzeroberfläche und Branding',
     custom_domain: 'Benutzerdefinierte Domain',
     custom_css: 'Benutzerdefiniertes CSS',
+    logo_and_favicon: 'Logo und Favicon',
+    bring_your_ui: 'Bringe deine Benutzeroberfläche',
     dark_mode: 'Dunkler Modus',
     i18n: 'Internationalisierung',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Multi-Faktor-Authentifizierung',
     sso: 'Unternehmens-SSO',
     adaptive_mfa: 'Adaptive MFA',
+    impersonation: 'Stellvertretung',
   },
   user_management: {
     title: 'Benutzerverwaltung',
diff --git a/packages/phrases/src/locales/de/translation/admin-console/tenants.ts b/packages/phrases/src/locales/de/translation/admin-console/tenants.ts
index 49ce09ccf236..033cec3f2c6f 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/tenants.ts
@@ -15,6 +15,8 @@ const tenants = {
     tenant_id: 'Mieter-ID',
     tenant_name: 'Mietername',
     tenant_region: 'Gehostete Region der Daten',
+    tenant_region_description:
+      'Der physische Ort, an dem Ihre Mandantenressourcen (Benutzer, Apps, usw.) gehostet werden. Dies kann nach Erstellung nicht mehr geändert werden.',
     tenant_region_tip:
       'Ihre Mandantenressourcen werden in {{region}} gehostet. <a>Mehr erfahren</a>',
     environment_tag_development: 'Entw',
@@ -47,6 +49,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Mieter erstellen',
+    subtitle: 'Erstellen Sie einen neuen Mandanten, der isolierte Ressourcen und Benutzer hat.',
     tenant_usage_purpose: 'Wofür möchten Sie diesen Mieter verwenden?',
     development_description:
       'Nur für Tests und sollte nicht in der Produktion verwendet werden. Es ist kein Abonnement erforderlich.',
@@ -57,6 +60,10 @@ const tenants = {
     available_plan: 'Verfügbare Pläne:',
     create_button: 'Mieter erstellen',
     tenant_name_placeholder: 'Mein Mieter',
+    tenant_created: 'Mieter erfolgreich erstellt.',
+    invitation_failed:
+      'Einige Einladungen konnten nicht gesendet werden. Bitte versuchen Sie es später erneut unter Einstellungen -> Mitglieder.',
+    tenant_type_description: 'Dies kann nach Erstellung nicht geändert werden.',
   },
   dev_tenant_migration: {
     title:
@@ -104,6 +111,10 @@ const tenants = {
     description_2:
       'Wenn Sie weitere Informationen wünschen, Bedenken haben oder die volle Funktionalität wiederherstellen und Ihre Mieter entsperren möchten, zögern Sie nicht, uns umgehend zu kontaktieren.',
   },
+  production_tenant_notification: {
+    text: 'Sie befinden sich in einem Entwicklungsmieter für kostenlose Tests. Erstellen Sie einen Produktionsmandanten, um live zu gehen.',
+    action: 'Mieter erstellen',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/de/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/de/translation/admin-console/upsell/paywall.ts
index 71af9c0fd997..02d557db04fb 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Upgrade auf einen kostenpflichtigen Plan für benutzerdefinierte JWT-Funktionalität und Premium-Vorteile. Wenn Sie Fragen haben, zögern Sie nicht, uns zu <a>kontaktieren</a>.',
   },
+  bring_your_ui:
+    'Upgrade auf einen kostenpflichtigen Plan für benutzerdefinierte UI-Funktionalität und Premium-Vorteile.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/de/translation/admin-console/user-details.ts b/packages/phrases/src/locales/de/translation/admin-console/user-details.ts
index a4cb3703b229..a205dbeb0371 100644
--- a/packages/phrases/src/locales/de/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/de/translation/admin-console/user-details.ts
@@ -36,9 +36,13 @@ const user_details = {
   field_custom_data: 'Benutzerdefinierte Daten',
   field_custom_data_tip:
     'Zusätzliche Benutzerinformationen, die nicht in den vordefinierten Benutzereigenschaften aufgeführt sind, wie z. B. die vom Benutzer bevorzugte Farbe und Sprache.',
+  field_profile: 'Profil',
+  field_profile_tip:
+    'Zusätzliche OpenID Connect-Ansprüche, die nicht in den Benutzereigenschaften enthalten sind. Beachten Sie, dass alle unbekannten Eigenschaften entfernt werden. Weitere Informationen finden Sie in der <a>Profil-Eigenschaftsreferenz</a>.',
   field_connectors: 'Soziale Verbindungen',
   field_sso_connectors: 'Unternehmensverbindungen',
   custom_data_invalid: 'Benutzerdefinierte Daten müssen ein gültiges JSON-Objekt sein.',
+  profile_invalid: 'Profil muss ein gültiges JSON-Objekt sein',
   connectors: {
     connectors: 'Verbindungen',
     user_id: 'Benutzer ID',
@@ -79,15 +83,18 @@ const user_details = {
   roles: {
     name_column: 'Benutzerrolle',
     description_column: 'Beschreibung',
+    assign_button: 'Rollen zuweisen',
     delete_description:
       'Diese Aktion entfernt diese Rolle von diesem Benutzer. Die Rolle selbst bleibt erhalten, aber sie wird nicht mehr mit diesem Benutzer verknüpft sein.',
     deleted: '{{name}} wurde erfolgreich von diesem Benutzer entfernt.',
+    assign_title: 'Rollen zuweisen zu {{name}}',
     assign_subtitle:
       'Finden Sie die passenden Benutzerrollen, indem Sie nach Name, Beschreibung oder Rollen-ID suchen.',
     assign_role_field: 'Rollen zuweisen',
     role_search_placeholder: 'Nach Rollennamen suchen',
     added_text: '{{value, number}} hinzugefügt',
     assigned_user_count: '{{value, number}} Benutzer',
+    confirm_assign: 'Rollen zuweisen',
     role_assigned: 'Rolle(n) erfolgreich zugewiesen',
     search: 'Nach Rollennamen, Beschreibung oder ID suchen',
     empty: 'Keine Rolle verfügbar',
diff --git a/packages/phrases/src/locales/de/translation/demo-app.ts b/packages/phrases/src/locales/de/translation/demo-app.ts
index c029a2031a75..7b838552c420 100644
--- a/packages/phrases/src/locales/de/translation/demo-app.ts
+++ b/packages/phrases/src/locales/de/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'Sie haben sich erfolgreich bei der Live-Vorschau angemeldet!',
+  subtitle: 'Hier sind Ihre Benutzerinformationen:',
   username: 'Benutzername: ',
   user_id: 'Benutzer ID: ',
   sign_out: 'Abmeldung von der Live-Vorschau',
diff --git a/packages/phrases/src/locales/es/errors/session.ts b/packages/phrases/src/locales/es/errors/session.ts
index 665a352756cd..8e29658e90d6 100644
--- a/packages/phrases/src/locales/es/errors/session.ts
+++ b/packages/phrases/src/locales/es/errors/session.ts
@@ -20,12 +20,15 @@ const session = {
     'La verificación no se completó correctamente. Reinicie el flujo de verificación e intente de nuevo.',
   connector_validation_session_not_found:
     'No se encuentra la sesión del conector para la validación del token.',
+  csrf_token_mismatch: 'Desajuste de token CSRF.',
   identifier_not_found:
     'Identificador de usuario no encontrado. Vuelva atrás e inicie sesión nuevamente.',
   interaction_not_found:
     'No se encuentra la sesión de interacción. Vuelva atrás y vuelva a iniciar la sesión.',
   not_supported_for_forgot_password:
     'Esta operación no es compatible para restablecer la contraseña.',
+  identity_conflict:
+    'Se detectó un conflicto de identidad. Por favor, inicie una nueva sesión para continuar con una identidad diferente.',
   mfa: {
     require_mfa_verification: 'Se requiere verificación de MFA para iniciar sesión.',
     mfa_sign_in_only: 'MFA solo está disponible para la interacción de inicio de sesión.',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/application-details.ts b/packages/phrases/src/locales/es/translation/admin-console/application-details.ts
index 81892c262e9e..358d9118f742 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Descripción',
   description_placeholder: 'Ingresa la descripción de tu aplicación',
   config_endpoint: 'Endpoint de configuración del proveedor OpenID',
+  issuer_endpoint: 'Punto de emisión',
   authorization_endpoint: 'Endpoint de Autorización',
   authorization_endpoint_tip:
     'El endpoint para la autenticación y autorización. Se utiliza para OpenID Connect <a>Autenticación</a>.',
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Rotar el token de refresco',
   rotate_refresh_token_label:
     'Cuando está habilitado, Logto emitirá un nuevo token de refresco para las solicitudes de token cuando ha pasado el 70 % del tiempo de vida útil (TTL) original o se cumplen ciertas condiciones. <a>Más información</a>',
+  backchannel_logout: 'Cierre de sesión por backchannel',
+  backchannel_logout_description:
+    'Configure el punto de cierre de sesión por backchannel de OpenID Connect y si la sesión es requerida para esta aplicación.',
+  backchannel_logout_uri: 'URI de cierre de sesión por backchannel',
+  backchannel_logout_uri_session_required: '¿Es necesaria la sesión?',
+  backchannel_logout_uri_session_required_description:
+    'Cuando está habilitado, el RP requiere que una reclamación `sid` (ID de sesión) se incluya en el token de cierre de sesión para identificar la sesión del RP con el OP cuando se usa el `backchannel_logout_uri`.',
   delete_description:
     'Esta acción no se puede deshacer. Eliminará permanentemente la aplicación. Ingresa el nombre de la aplicación <span>{{name}}</span> para confirmar.',
   enter_your_application_name: 'Ingresa el nombre de tu aplicación',
@@ -85,16 +93,25 @@ const application_details = {
     'Asegúrate de proteger tu servidor de origen contra el acceso directo. Consulta la guía para obtener más <a>instrucciones detalladas</a>.',
   session_duration: 'Duración de la sesión (días)',
   try_it: 'Probar',
+  no_organization_placeholder: 'No se encontró organización. <a>Ir a organizaciones</a>',
   branding: {
     name: 'Marca',
     description:
       'Personaliza el nombre y el logotipo de tu aplicación en la pantalla de consentimiento.',
+    description_third_party:
+      'Personaliza el nombre y el logotipo de exhibición de tu aplicación en la pantalla de consentimiento.',
+    app_logo: 'Logotipo de la aplicación',
+    app_level_sie: 'Experiencia de inicio de sesión a nivel de aplicación',
+    app_level_sie_switch:
+      'Habilita la experiencia de inicio de sesión a nivel de aplicación y configura el branding específico de la aplicación. Si está deshabilitado, se utilizará la experiencia de inicio de sesión omni.',
     more_info: 'Más información',
     more_info_description:
       'Ofrece a los usuarios más detalles sobre tu aplicación en la pantalla de consentimiento.',
     display_name: 'Nombre a Mostrar',
-    display_logo: 'Logotipo a Mostrar',
-    display_logo_dark: 'Logotipo a Mostrar (oscuro)',
+    application_logo: 'Logotipo de la aplicación',
+    application_logo_dark: 'Logotipo de la aplicación (oscuro)',
+    brand_color: 'Color de la marca',
+    brand_color_dark: 'Color de la marca (oscuro)',
     terms_of_use_url: 'URL de Términos de Uso de la Aplicación',
     privacy_policy_url: 'URL de Política de Privacidad de la Aplicación',
   },
@@ -132,13 +149,13 @@ const application_details = {
     grant_organization_level_permissions: 'Conceder permisos de datos de organización',
   },
   roles: {
-    name_column: 'Rol de máquina a máquina',
-    description_column: 'Descripción',
     assign_button: 'Asignar roles de máquina a máquina',
     delete_description:
       'Esta acción eliminará este rol de esta aplicación de máquina a máquina. El rol seguirá existiendo, pero ya no estará asociado con esta aplicación de máquina a máquina.',
     deleted: 'Se ha eliminado correctamente {{name}} de este usuario.',
     assign_title: 'Asignar roles de máquina a máquina a {{name}}',
+    assign_subtitle:
+      'Las aplicaciones de máquina a máquina deben tener roles de tipo máquina a máquina para acceder a los recursos relacionados con la API.',
     assign_role_field: 'Asignar roles de máquina a máquina',
     role_search_placeholder: 'Buscar por nombre de rol',
     added_text: '{{value, number}} añadido',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/cloud.ts b/packages/phrases/src/locales/es/translation/admin-console/cloud.ts
index af89ef7e61b5..5edf4f3c7fca 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Ninguna de las anteriores',
     },
   },
+  create_tenant: {
+    page_title: 'Crear inquilino',
+    title: 'Crea tu primer inquilino',
+    description:
+      'Un inquilino es un entorno aislado donde puedes gestionar identidades de usuarios, aplicaciones y todos los demás recursos de Logto.',
+    invite_collaborators: 'Invita a tus colaboradores por correo electrónico',
+  },
   sie: {
     page_title: 'Personalización de la experiencia de inicio de sesión',
     title: 'Primero personalicemos su experiencia de inicio de sesión con facilidad',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/es/translation/admin-console/connector-details.ts
index b0bd3b31ec16..d2c463301ac5 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'Muestre el nombre de su empresa, dirección o código postal en la parte inferior de los correos electrónicos para mejorar la autenticidad.',
     company_information_placeholder: 'Información básica de su empresa',
+    email_logo_field: 'Logo del correo electrónico',
+    email_logo_tip:
+      'Muestre el logotipo de su marca en la parte superior de los correos electrónicos. Use la misma imagen tanto para el modo claro como para el modo oscuro.',
     urls_not_allowed: 'Las URL no están permitidas',
     test_notes: 'Logto utiliza la plantilla "Generic" para realizar pruebas.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap es una forma segura y fácil para que los usuarios inicien sesión en tu sitio web.',
+    enable_google_one_tap: 'Habilitar Google One Tap',
+    enable_google_one_tap_description:
+      'Habilita Google One Tap en tu experiencia de inicio de sesión: Permite que los usuarios se registren o inicien sesión rápidamente con su cuenta de Google si ya han iniciado sesión en su dispositivo.',
+    configure_google_one_tap: 'Configurar Google One Tap',
+    auto_select: 'Seleccionar credencial automáticamente si es posible',
+    close_on_tap_outside: 'Cancelar el aviso si el usuario hace clic/toca fuera',
+    itp_support: 'Habilitar <a>UX de One Tap mejorado en navegadores ITP</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/es/translation/admin-console/connectors.ts b/packages/phrases/src/locales/es/translation/admin-console/connectors.ts
index e653d87875b1..a402f6285494 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/connectors.ts
@@ -45,6 +45,8 @@ const connectors = {
     name_placeholder: 'Ingrese el nombre para el botón de inicio de sesión social',
     name_tip:
       'El nombre del botón del conector se mostrará como "Continuar con {{name}}". Siempre tenga en cuenta la longitud del nombre en caso de que sea demasiado largo.',
+    connector_logo: 'Logotipo del conector',
+    connector_logo_tip: 'El logotipo se mostrará en el botón de inicio de sesión del conector.',
     target: 'Nombre del proveedor de identidad',
     target_placeholder: 'Ingrese el nombre del proveedor de identidad del conector',
     target_tip:
diff --git a/packages/phrases/src/locales/es/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/es/translation/admin-console/jwt-claims.ts
index d1d210d6640a..f287d1587b4a 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/jwt-claims.ts
@@ -33,6 +33,11 @@ const jwt_claims = {
     subtitle:
       'Utilice el parámetro de entrada `data.user` para proporcionar información vital del usuario.',
   },
+  grant_data: {
+    title: 'Datos de concesión',
+    subtitle:
+      'Use el parámetro de entrada `data.grant` para proporcionar información vital de la concesión, solo disponible para el intercambio de tokens.',
+  },
   token_data: {
     title: 'Datos del token',
     subtitle:
diff --git a/packages/phrases/src/locales/es/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/es/translation/admin-console/organization-details.ts
index 5ac23bcf955a..2ffab166e4c4 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/organization-details.ts
@@ -14,18 +14,66 @@ const organization_details = {
     'Encuentra usuarios apropiados buscando nombre, correo electrónico, teléfono o ID de usuario. Los miembros existentes no se muestran en los resultados de búsqueda.',
   add_with_organization_role: 'Agregar con rol(es) de organización',
   user: 'Usuario',
+  application: 'Aplicación',
+  application_other: 'Aplicaciones',
+  add_applications_to_organization: 'Agregar aplicaciones a la organización {{name}}',
+  add_applications_to_organization_description:
+    'Encuentra aplicaciones apropiadas buscando ID de la aplicación, nombre o descripción. Las aplicaciones existentes no se muestran en los resultados de búsqueda.',
+  at_least_one_application: 'Se requiere al menos una aplicación.',
+  remove_application_from_organization: 'Eliminar aplicación de la organización',
+  remove_application_from_organization_description:
+    'Una vez eliminada, la aplicación perderá su asociación y roles en esta organización. Esta acción no se puede deshacer.',
+  search_application_placeholder: 'Buscar por ID de la aplicación, nombre o descripción',
+  roles: 'Roles de la organización',
   authorize_to_roles: 'Autorizar a {{name}} para acceder a los siguientes roles:',
   edit_organization_roles: 'Editar roles de organización',
-  edit_organization_roles_of_user: 'Editar roles de organización de {{name}}',
+  edit_organization_roles_title: 'Editar roles de organización de {{name}}',
   remove_user_from_organization: 'Eliminar usuario de la organización',
   remove_user_from_organization_description:
     'Una vez eliminado, el usuario perderá su membresía y roles en esta organización. Esta acción no se puede deshacer.',
   search_user_placeholder: 'Buscar por nombre, correo electrónico, teléfono o ID de usuario',
   at_least_one_user: 'Se requiere al menos un usuario.',
+  organization_roles_tooltip: 'Los roles asignados al {{type}} dentro de esta organización.',
   custom_data: 'Datos personalizados',
   custom_data_tip:
     'Los datos personalizados son un objeto JSON que se puede usar para almacenar datos adicionales asociados con la organización.',
   invalid_json_object: 'Objeto JSON no válido.',
+  branding: {
+    logo: 'Logotipos de la organización',
+    logo_tooltip:
+      'Puedes pasar el ID de la organización para mostrar este logotipo en la experiencia de inicio de sesión; se necesita la versión oscura del logotipo si se habilita el modo oscuro en la configuración de la experiencia de inicio de sesión omni. <a>Aprende más</a>',
+  },
+  jit: {
+    title: 'Aprovisionamiento justo a tiempo',
+    description:
+      'Los usuarios pueden unirse automáticamente a la organización y recibir roles en su primer inicio de sesión a través de algunos métodos de autenticación. Puedes establecer requisitos para el aprovisionamiento justo a tiempo.',
+    email_domain: 'Aprovisionamiento de dominio de correo electrónico',
+    email_domain_description:
+      'Los nuevos usuarios que se registren con sus direcciones de correo electrónico verificadas o a través de inicio de sesión social con direcciones de correo electrónico verificadas se unirán automáticamente a la organización. <a>Aprende más</a>',
+    email_domain_placeholder:
+      'Ingresa dominios de correo electrónico para aprovisionamiento justo a tiempo',
+    invalid_domain: 'Dominio no válido',
+    domain_already_added: 'Dominio ya agregado',
+    sso_enabled_domain_warning:
+      'Has ingresado uno o más dominios de correo electrónico asociados con SSO empresarial. Los usuarios con estos correos electrónicos seguirán el flujo estándar de SSO y no serán aprovisionados a esta organización a menos que se configure el aprovisionamiento SSO empresarial.',
+    enterprise_sso: 'Aprovisionamiento SSO empresarial',
+    no_enterprise_connector_set:
+      'Aún no has configurado ningún conector SSO empresarial. Añade conectores primero para habilitar el aprovisionamiento SSO empresarial. <a>Configurar</a>',
+    add_enterprise_connector: 'Añadir conector empresarial',
+    enterprise_sso_description:
+      'Los nuevos usuarios o los usuarios existentes que inicien sesión a través de SSO empresarial por primera vez se unirán automáticamente a la organización. <a>Aprende más</a>',
+    organization_roles: 'Roles predeterminados de la organización',
+    organization_roles_description:
+      'Asignar roles a los usuarios al unirse a la organización a través del aprovisionamiento justo a tiempo.',
+  },
+  mfa: {
+    title: 'Autenticación multifactor (MFA)',
+    tip: 'Cuando se requiere MFA, los usuarios sin MFA configurada serán rechazados al intentar intercambiar un token de organización. Esta configuración no afecta la autenticación del usuario.',
+    description:
+      'Requiere que los usuarios configuren la autenticación multifactor para acceder a esta organización.',
+    no_mfa_warning:
+      'No hay métodos de autenticación multifactor habilitados para tu inquilino. Los usuarios no podrán acceder a esta organización hasta que se habilite al menos un <a>método de autenticación multifactor</a>.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/es/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/es/translation/admin-console/organization-template.ts
index 4c005db72c56..82b89d9db24b 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Crear rol de organización',
       create: 'Crear rol',
-      name_field: 'Nombre del rol',
-      description_field: 'Descripción',
+      name: 'Nombre del rol',
+      description: 'Descripción',
+      type: 'Tipo de rol',
       created: 'El rol de organización {{name}} se ha creado correctamente.',
     },
   },
diff --git a/packages/phrases/src/locales/es/translation/admin-console/organizations.ts b/packages/phrases/src/locales/es/translation/admin-console/organizations.ts
index 36ca8301ccf8..b830db014d06 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Plantilla de organización',
   organization_id: 'ID de la organización',
   members: 'Miembros',
+  machine_to_machine: 'Aplicaciones máquina a máquina',
   create_organization: 'Crear organización',
   setup_organization: 'Configurar su organización',
   organization_list_placeholder_title: 'Organización',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/profile.ts b/packages/phrases/src/locales/es/translation/admin-console/profile.ts
index d028cc572dcf..89d09d74b8b7 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/profile.ts
@@ -53,6 +53,44 @@ const profile = {
     description:
       'La eliminación de su cuenta eliminará toda su información personal, datos de usuario y configuración. Esta acción no se puede deshacer.',
     button: 'Eliminar cuenta',
+    p: {
+      has_issue:
+        'Lamentamos escuchar que deseas eliminar tu cuenta. Antes de poder eliminar tu cuenta, necesitas resolver los siguientes problemas.',
+      after_resolved:
+        'Una vez que hayas resuelto los problemas, podrás eliminar tu cuenta. No dudes en contactarnos si necesitas ayuda.',
+      check_information:
+        'Lamentamos escuchar que deseas eliminar tu cuenta. Por favor, revisa la siguiente información cuidadosamente antes de proceder.',
+      remove_all_data:
+        'Eliminar tu cuenta eliminará permanentemente todos tus datos en Logto Cloud. Así que asegura respaldar cualquier dato importante antes de proceder.',
+      confirm_information:
+        'Por favor, confirma que la información anterior es lo que esperabas. Una vez que elimines tu cuenta, no podremos recuperarla.',
+      has_admin_role:
+        'Dado que tienes el rol de administrador en el siguiente inquilino, será eliminado junto con tu cuenta:',
+      has_admin_role_other:
+        'Dado que tienes el rol de administrador en los siguientes inquilinos, serán eliminados junto con tu cuenta:',
+      quit_tenant: 'Estás a punto de salir del siguiente inquilino:',
+      quit_tenant_other: 'Estás a punto de salir de los siguientes inquilinos:',
+    },
+    issues: {
+      paid_plan:
+        'El siguiente inquilino tiene un plan pagado, por favor cancela la suscripción primero:',
+      paid_plan_other:
+        'Los siguientes inquilinos tienen planes pagados, por favor cancela la suscripción primero:',
+      subscription_status: 'El siguiente inquilino tiene un problema de estado de suscripción:',
+      subscription_status_other:
+        'Los siguientes inquilinos tienen problemas de estado de suscripción:',
+      open_invoice: 'El siguiente inquilino tiene una factura abierta:',
+      open_invoice_other: 'Los siguientes inquilinos tienen facturas abiertas:',
+    },
+    error_occurred: 'Ocurrió un error',
+    error_occurred_description: 'Lo siento, algo salió mal al eliminar tu cuenta:',
+    request_id: 'ID de solicitud: {{requestId}}',
+    try_again_later:
+      'Por favor, inténtalo nuevamente más tarde. Si el problema persiste, contacta al equipo de Logto con el ID de solicitud.',
+    final_confirmation: 'Confirmación final',
+    about_to_start_deletion:
+      'Estás a punto de iniciar el proceso de eliminación y esta acción no se puede deshacer.',
+    permanently_delete: 'Eliminar permanentemente',
   },
   set: 'Establecer',
   change: 'Cambiar',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/roles.ts b/packages/phrases/src/locales/es/translation/admin-console/roles.ts
index c8d9670dd1c9..abe780c1f389 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Crear Rol',
   role_name: 'Nombre de rol',
   role_type: 'Tipo de rol',
+  type_user: 'Usuario',
+  type_machine_to_machine: 'Máquina a máquina',
   role_description: 'Descripción',
   role_name_placeholder: 'Ingrese el nombre de su rol',
   role_description_placeholder: 'Ingrese la descripción de su rol',
@@ -19,16 +21,19 @@ const roles = {
   application_count: '{{count}} aplicación',
   assign_permissions: 'Asignar permisos',
   create_role_title: 'Crear Rol',
+  create_role_description: 'Usa roles para organizar permisos y asignarlos a los usuarios.',
   create_role_button: 'Crear Rol',
   role_created: 'El rol {{name}} se ha creado satisfactoriamente.',
   search: 'Buscar por nombre de rol, descripción o ID',
   placeholder_title: 'Roles',
   placeholder_description:
     'Los roles son un grupo de permisos que se pueden asignar a los usuarios. Asegúrese de agregar permisos antes de crear roles.',
+  assign_roles: 'Asignar roles',
   management_api_access_notification:
     'Para acceder a la API de gestión de Logto, seleccione roles con permisos de API de gestión <flag/>.',
   with_management_api_access_tip:
     'Este rol de máquina a máquina incluye permisos para la API de gestión de Logto',
+  role_creation_hint: '¿No encuentras el rol adecuado? <a>Crear un rol</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/index.ts
index d38eeb3bfd92..aa51cdbeee53 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/index.ts
@@ -35,15 +35,56 @@ const sign_in_exp = {
   branding: {
     title: 'ÁREA DE BRANDING',
     ui_style: 'Estilo',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (oscuro)',
+    app_logo_and_favicon: 'Logotipo y favicon de la aplicación',
+    company_logo_and_favicon: 'Logotipo y favicon de la empresa',
   },
-  custom_css: {
-    title: 'CSS personalizado',
-    css_code_editor_title: 'Personalice su IU con CSS personalizado',
+  branding_uploads: {
+    app_logo: {
+      title: 'Logotipo de la aplicación',
+      url: 'URL del logotipo de la aplicación',
+      url_placeholder: 'https://tu.cdn.dominio/logo.png',
+      error: 'Logotipo de la aplicación: {{error}}',
+    },
+    company_logo: {
+      title: 'Logotipo de la empresa',
+      url: 'URL del logotipo de la empresa',
+      url_placeholder: 'https://tu.cdn.dominio/logo.png',
+      error: 'Logotipo de la empresa: {{error}}',
+    },
+    organization_logo: {
+      title: 'Subir imagen',
+      url: 'URL del logotipo de la organización',
+      url_placeholder: 'https://tu.cdn.dominio/logo.png',
+      error: 'Logotipo de la organización: {{error}}',
+    },
+    connector_logo: {
+      title: 'Subir imagen',
+      url: 'URL del logotipo del conector',
+      url_placeholder: 'https://tu.cdn.dominio/logo.png',
+      error: 'Logotipo del conector: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'URL del favicon',
+      url_placeholder: 'https://tu.cdn.dominio/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'Interfaz personalizada',
+    css_code_editor_title: 'CSS personalizado',
     css_code_editor_description1: 'Vea el ejemplo de CSS personalizado.',
     css_code_editor_description2: '<a>{{link}}</a>',
-    css_code_editor_description_link_content: 'Más información',
+    css_code_editor_description_link_content: 'Aprende más',
     css_code_editor_content_placeholder:
-      'Ingrese su CSS personalizado para adaptar los estilos de cualquier cosa a sus especificaciones exactas. Expresa tu creatividad y haz que tu IU se destaque.',
+      'Introduce tu CSS personalizado para adaptar los estilos de cualquier cosa a tus especificaciones exactas. Expresa tu creatividad y haz que tu interfaz de usuario destaque.',
+    bring_your_ui_title: 'Trae tu interfaz de usuario',
+    bring_your_ui_description:
+      'Sube un paquete comprimido (.zip) para reemplazar la interfaz de usuario preconstruida de Logto con tu propio código. <a>Aprende más</a>',
+    preview_with_bring_your_ui_description:
+      'Tus activos de la interfaz de usuario personalizada se han subido con éxito y ahora se están sirviendo. En consecuencia, la ventana de vista previa incorporada se ha deshabilitado.\nPara probar tu interfaz de inicio de sesión personalizada, haz clic en el botón "Vista previa en vivo" para abrirla en una nueva pestaña del navegador.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index f63f47df6a54..e5c11194cc9a 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -43,6 +43,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Configura',
       go_to: 'otros conectores sociales ahora.',
     },
+    automatic_account_linking: 'Vinculación automática de cuenta',
+    automatic_account_linking_label:
+      'Cuando está activada, si un usuario inicia sesión con una identidad social que es nueva para el sistema y hay exactamente una cuenta existente con el mismo identificador (por ejemplo, correo electrónico), Logto vinculará automáticamente la cuenta con la identidad social en lugar de solicitar al usuario la vinculación de la cuenta.',
   },
   tip: {
     set_a_password:
diff --git a/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-item.ts
index 369ac7f87315..5430e0aee3ca 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'JWT personalizado',
     not_eligible: 'Elimine su personalizador de reclamos JWT',
   },
+  impersonation_enabled: {
+    name: 'Suplantación',
+    limited: 'Suplantación',
+    unlimited: 'Suplantación',
+    not_eligible: 'No se permite la suplantación',
+  },
+  bring_your_ui_enabled: {
+    name: 'Trae tu propia interfaz de usuario',
+    limited: 'Trae tu propia interfaz de usuario',
+    unlimited: 'Trae tu propia interfaz de usuario',
+    not_eligible: 'Elimina tus recursos de interfaz de usuario personalizados',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts
index 622b98464eed..c018c3828e8c 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Interfaz de usuario y branding',
     custom_domain: 'Dominio personalizado',
     custom_css: 'CSS personalizado',
+    logo_and_favicon: 'Logo y favicon',
+    bring_your_ui: 'Trae tu UI',
     dark_mode: 'Modo oscuro',
     i18n: 'Internacionalización',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Autenticación multifactor',
     sso: 'SSO empresarial',
     adaptive_mfa: 'MFA adaptativo',
+    impersonation: 'Suplantación de identidad',
   },
   user_management: {
     title: 'Gestión de usuarios',
diff --git a/packages/phrases/src/locales/es/translation/admin-console/tenants.ts b/packages/phrases/src/locales/es/translation/admin-console/tenants.ts
index efdf14788cb2..68d456251b30 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/tenants.ts
@@ -15,6 +15,8 @@ const tenants = {
     tenant_id: 'ID del inquilino',
     tenant_name: 'Nombre del inquilino',
     tenant_region: 'Región de alojamiento de datos',
+    tenant_region_description:
+      'La ubicación física donde se alojan sus recursos de inquilino (usuarios, aplicaciones, etc.). Esto no se puede cambiar después de la creación.',
     tenant_region_tip:
       'Sus recursos de inquilino se alojan en {{region}}. <a>Obtener más información</a>',
     environment_tag_development: 'Desarrollo',
@@ -47,6 +49,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Crear inquilino',
+    subtitle: 'Crea un nuevo inquilino que tenga recursos y usuarios aislados.',
     tenant_usage_purpose: '¿Para qué desea usar este inquilino?',
     development_description:
       'Solo para pruebas y no debe usarse en producción. No se requiere suscripción.',
@@ -56,6 +59,10 @@ const tenants = {
     available_plan: 'Plan disponible:',
     create_button: 'Crear inquilino',
     tenant_name_placeholder: 'Mi inquilino',
+    tenant_created: 'Inquilino creado con éxito.',
+    invitation_failed:
+      'Algunas invitaciones no se pudieron enviar. Inténtalo de nuevo en Configuraciones -> Miembros más tarde.',
+    tenant_type_description: 'Esto no se puede cambiar después de la creación.',
   },
   dev_tenant_migration: {
     title:
@@ -103,6 +110,10 @@ const tenants = {
     description_2:
       'Si necesita aclaraciones adicionales, tiene alguna inquietud o desea restaurar la funcionalidad completa y desbloquear sus inquilinos, no dude en contactarnos de inmediato.',
   },
+  production_tenant_notification: {
+    text: 'Estás en un inquilino de desarrollo para pruebas gratuitas. Crea un inquilino de producción para ponerlo en marcha.',
+    action: 'Crear inquilino',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/es/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/es/translation/admin-console/upsell/paywall.ts
index 14c7569e248b..6a7da2f0b4b2 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Actualiza a un plan de pago para obtener funcionalidades personalizadas de JWT y beneficios premium. No dudes en <a>contactarnos</a> si tienes alguna pregunta.',
   },
+  bring_your_ui:
+    'Actualiza a un plan de pago para traer tu funcionalidad UI personalizada y beneficios premium.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/es/translation/admin-console/user-details.ts b/packages/phrases/src/locales/es/translation/admin-console/user-details.ts
index afb990ad0131..401711fdde9a 100644
--- a/packages/phrases/src/locales/es/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/es/translation/admin-console/user-details.ts
@@ -36,9 +36,13 @@ const user_details = {
   field_custom_data: 'Datos personalizados',
   field_custom_data_tip:
     'Información adicional del usuario no incluida en las propiedades de usuario predefinidas, como el color y el idioma preferidos del usuario.',
+  field_profile: 'Perfil',
+  field_profile_tip:
+    "Additional OpenID Connect standard claims that are not included in user's properties. Note that all unknown properties will be stripped. Please refer to <a>profile property reference</a> for more information.",
   field_connectors: 'Conexiones sociales',
   field_sso_connectors: 'Conexiones empresariales',
   custom_data_invalid: 'Los datos personalizados deben ser un objeto JSON válido',
+  profile_invalid: 'Profile must be a valid JSON object',
   connectors: {
     connectors: 'Conectores',
     user_id: 'ID de usuario',
@@ -78,15 +82,18 @@ const user_details = {
   roles: {
     name_column: 'Rol de usuario',
     description_column: 'Descripción',
+    assign_button: 'Asignar roles',
     delete_description:
       'Esta acción eliminará este rol de este usuario. El rol en sí seguirá existiendo, pero ya no estará asociado con este usuario.',
     deleted: 'Se eliminó "{{name}}" correctamente de este usuario.',
+    assign_title: 'Asignar roles a {{name}}',
     assign_subtitle:
       'Encuentra roles de usuario apropiados buscando por nombre, descripción o ID de rol.',
     assign_role_field: 'Asignar roles',
     role_search_placeholder: 'Buscar por nombre de rol',
     added_text: '{{value, number}} agregados',
     assigned_user_count: '{{value, number}} usuarios',
+    confirm_assign: 'Asignar roles',
     role_assigned: 'Rol(es) asignado(s) con éxito',
     search: 'Buscar por nombre de rol, descripción o ID',
     empty: 'No hay roles disponibles',
diff --git a/packages/phrases/src/locales/es/translation/demo-app.ts b/packages/phrases/src/locales/es/translation/demo-app.ts
index 007e52626a46..c7b74b993fad 100644
--- a/packages/phrases/src/locales/es/translation/demo-app.ts
+++ b/packages/phrases/src/locales/es/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: '¡Ha iniciado sesión correctamente en la vista previa en vivo!',
+  subtitle: 'Aquí está su información de usuario:',
   username: 'Nombre de usuario: ',
   user_id: 'ID de usuario: ',
   sign_out: 'Cerrar sesión en la vista previa en vivo',
diff --git a/packages/phrases/src/locales/fr/errors/session.ts b/packages/phrases/src/locales/fr/errors/session.ts
index 6f3234da26b4..bd9c664a7c53 100644
--- a/packages/phrases/src/locales/fr/errors/session.ts
+++ b/packages/phrases/src/locales/fr/errors/session.ts
@@ -21,12 +21,15 @@ const session = {
     "La vérification n'a pas réussi. Veuillez recommencer le processus de vérification.",
   connector_validation_session_not_found:
     'La session de validation de jeton de connecteur est introuvable.',
+  csrf_token_mismatch: 'Jeton CSRF non valide.',
   identifier_not_found:
     'Identifiant utilisateur introuvable. Veuillez retourner en arrière et vous connecter à nouveau.',
   interaction_not_found:
     "Session d'interaction introuvable. Veuillez retourner en arrière et recommencer la session.",
   not_supported_for_forgot_password:
     "Cette opération n'est pas prise en charge pour la réinitialisation du mot de passe.",
+  identity_conflict:
+    "Conflit d'identité détecté. Veuillez initier une nouvelle session pour continuer avec une identité différente.",
   mfa: {
     require_mfa_verification: 'La vérification MFA est requise pour vous connecter.',
     mfa_sign_in_only: "MFA est uniquement disponible pour l'interaction de connexion.",
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts b/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts
index 9b55a90a504e..04ff427b5a80 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Description',
   description_placeholder: 'Entrez la description de votre application',
   config_endpoint: 'Point de configuration du fournisseur OpenID',
+  issuer_endpoint: 'Point de terminaison de l’émetteur',
   authorization_endpoint: "Point de terminaison d'autorisation",
   authorization_endpoint_tip:
     "Le point de terminaison pour effectuer l'authentification et l'autorisation. Il est utilisé pour <a>l'authentification</a> OpenID Connect.",
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Tourner le Refresh Token',
   rotate_refresh_token_label:
     "Lorsqu'elle est activée, Logto émettra un nouveau Refresh Token pour les demandes de jeton lorsque 70% de la durée de vie (TTL) d'origine est écoulée ou que certaines conditions sont remplies. <a>En savoir plus</a>",
+  backchannel_logout: 'Déconnexion en backchannel',
+  backchannel_logout_description:
+    'Configurez le point de terminaison de déconnexion en backchannel OpenID Connect et si une session est requise pour cette application.',
+  backchannel_logout_uri: 'URI de déconnexion en backchannel',
+  backchannel_logout_uri_session_required: 'La session est-elle requise ?',
+  backchannel_logout_uri_session_required_description:
+    "Lorsqu'elle est activée, le RP exige qu'une réclamation `sid` (ID de session) soit incluse dans le jeton de déconnexion pour identifier la session RP avec l'OP lorsque l'`URI de déconnexion en backchannel` est utilisé.",
   delete_description:
     "Cette action ne peut être annulée. Elle supprimera définitivement l'application. Veuillez entrer le nom de l'application <span>{{nom}}</span> pour confirmer.",
   enter_your_application_name: 'Entrez le nom de votre application',
@@ -85,16 +93,25 @@ const application_details = {
     "Assurez-vous de protéger votre serveur d'origine contre un accès direct. Référez-vous au guide pour plus de <a>instructions détaillées</a>.",
   session_duration: 'Durée de la session (jours)',
   try_it: 'Essayez',
+  no_organization_placeholder: 'Aucune organisation trouvée. <a>Aller aux organisations</a>',
   branding: {
     name: 'Marque',
     description:
       "Personnalisez le nom d'affichage et le logo de votre application sur l'écran de consentement.",
+    description_third_party:
+      "Personnalisez le nom d'affichage et le logo de votre application sur l'écran de consentement.",
+    app_logo: 'Logo de l’application',
+    app_level_sie: 'Expérience de connexion au niveau de l’application',
+    app_level_sie_switch:
+      'Activez l’expérience de connexion au niveau de l’application et configurez le branding spécifique à l’application. Si désactivée, l’expérience de connexion omni sera utilisée.',
     more_info: "Plus d'informations",
     more_info_description:
       "Offrez aux utilisateurs plus de détails sur votre application sur l'écran de consentement.",
     display_name: "Nom d'affichage",
-    display_logo: "Logo d'affichage",
-    display_logo_dark: "Logo d'affichage (sombre)",
+    application_logo: 'Logo de l’application',
+    application_logo_dark: 'Logo de l’application (sombre)',
+    brand_color: 'Couleur de la marque',
+    brand_color_dark: 'Couleur de la marque (sombre)',
     terms_of_use_url: "URL des conditions d'utilisation de l'application",
     privacy_policy_url: "URL de la politique de confidentialité de l'application",
   },
@@ -108,6 +125,8 @@ const application_details = {
     field_name: 'Permission',
     field_description: "Affiché à l'écran de consentement",
     delete_text: 'Supprimer la permission',
+    permission_delete_confirm:
+      'Cette action retirera les autorisations accordées à l’application tierce, l’empêchant de demander l’autorisation de l’utilisateur pour des types de données spécifiques. Êtes-vous sûr de vouloir continuer ?',
     permissions_assignment_description:
       "Sélectionnez les permissions demandées par l'application tierce pour l'autorisation de l'utilisateur afin d'accéder à des types de données spécifiques.",
     user_profile: 'Données utilisateur',
@@ -130,13 +149,13 @@ const application_details = {
     grant_organization_level_permissions: "Accorder des permissions des données d'organisation",
   },
   roles: {
-    name_column: 'Rôle de machine à machine',
-    description_column: 'Description',
     assign_button: 'Attribuer des rôles de machine à machine',
     delete_description:
       'Cette action supprimera ce rôle de cette application machine-to-machine. Le rôle lui-même existera toujours, mais il ne sera plus associé à cette application machine-to-machine.',
     deleted: '{{name}} a été supprimé(e) avec succès de cet utilisateur.',
     assign_title: 'Attribuer des rôles de machine à machine à {{name}}',
+    assign_subtitle:
+      'Les applications entre machines doivent avoir des rôles de type machine à machine pour accéder aux ressources API associées.',
     assign_role_field: 'Attribuer des rôles de machine à machine',
     role_search_placeholder: 'Rechercher par nom de rôle',
     added_text: '{{value, number}} ajouté(s)',
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/cloud.ts b/packages/phrases/src/locales/fr/translation/admin-console/cloud.ts
index 9dfd0e3d86cf..ccfcfbed0461 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/cloud.ts
@@ -35,6 +35,13 @@ const cloud = {
       others: 'Aucun de ceux mentionnés ci-dessus',
     },
   },
+  create_tenant: {
+    page_title: 'Créer un locataire',
+    title: 'Créez votre premier locataire',
+    description:
+      'Un locataire est un environnement isolé où vous pouvez gérer les identités des utilisateurs, les applications et toutes les autres ressources Logto.',
+    invite_collaborators: 'Invitez vos collaborateurs par e-mail',
+  },
   sie: {
     page_title: "Personnalisez l'expérience de connexion",
     title: "Personnalisons d'abord votre expérience de connexion en toute simplicité",
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/fr/translation/admin-console/connector-details.ts
index 7c3dac61e130..165393c23706 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       "Affichez le nom de votre entreprise, votre adresse ou votre code postal en bas des emails pour renforcer l'authenticité.",
     company_information_placeholder: 'Les informations de base de votre entreprise',
+    email_logo_field: "Logo de l'email",
+    email_logo_tip:
+      'Affichez le logo de votre marque en haut des emails. Utilisez la même image pour le mode clair et le mode sombre.',
     urls_not_allowed: 'Les URLs ne sont pas autorisées',
     test_notes: 'Logto utilise le modèle "Generic" pour les tests.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap est un moyen sécurisé et facile pour les utilisateurs de se connecter à votre site web.',
+    enable_google_one_tap: 'Activer Google One Tap',
+    enable_google_one_tap_description:
+      "Activez Google One Tap dans votre expérience de connexion : Permettez aux utilisateurs de s'inscrire ou de se connecter rapidement avec leur compte Google s'ils sont déjà connectés sur leur appareil.",
+    configure_google_one_tap: 'Configurer Google One Tap',
+    auto_select: 'Sélection automatique des identifiants si possible',
+    close_on_tap_outside: "Annuler l'invite si l'utilisateur clique/tape en dehors",
+    itp_support: 'Activer <a>UX One Tap amélioré sur les navigateurs ITP</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/connectors.ts b/packages/phrases/src/locales/fr/translation/admin-console/connectors.ts
index a9ed300ef136..cb5fd9deafec 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/connectors.ts
@@ -46,6 +46,8 @@ const connectors = {
     name_placeholder: 'Entrez un nom pour le bouton de connexion sociale',
     name_tip:
       'Le nom du bouton de connexion s\'affichera comme "Continuer avec {{name}}". Tenez compte de la longueur du nom si celui-ci devient trop long.',
+    connector_logo: 'Logo du connecteur',
+    connector_logo_tip: 'Le logo sera affiché sur le bouton de connexion du connecteur.',
     target: "Nom du fournisseur d'identité",
     target_placeholder: "Entrez le nom du fournisseur d'identité du connecteur",
     target_tip:
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/fr/translation/admin-console/jwt-claims.ts
index b74b26645960..cb5aaede772c 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/jwt-claims.ts
@@ -34,6 +34,11 @@ const jwt_claims = {
     subtitle:
       "Utilisez le paramètre d'entrée `data.user` pour fournir des informations vitales sur l'utilisateur.",
   },
+  grant_data: {
+    title: 'Données de subvention',
+    subtitle:
+      'Utilisez le paramètre d’entrée `data.grant` pour fournir des informations cruciales sur les subventions, uniquement disponibles pour l’échange de jetons.',
+  },
   token_data: {
     title: 'Données du jeton',
     subtitle: "Utilisez le paramètre d'entrée `token` pour le payload du jeton d'accès actuel. ",
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/fr/translation/admin-console/organization-details.ts
index b95231fad523..4ba2c3243f88 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/organization-details.ts
@@ -14,18 +14,66 @@ const organization_details = {
     "Trouvez les utilisateurs appropriés en recherchant leur nom, e-mail, téléphone ou identifiant d'utilisateur. Les membres existants ne sont pas affichés dans les résultats de la recherche.",
   add_with_organization_role: "Ajouter avec le(s) rôle(s) dans l'organisation",
   user: 'Utilisateur',
+  application: 'Application',
+  application_other: 'Applications',
+  add_applications_to_organization: "Ajouter des applications à l'organisation {{name}}",
+  add_applications_to_organization_description:
+    "Trouvez les applications appropriées en recherchant l'ID de l'application, le nom ou la description. Les applications existantes ne sont pas affichées dans les résultats de la recherche.",
+  at_least_one_application: 'Au moins une application est requise.',
+  remove_application_from_organization: "Supprimer l'application de l'organisation",
+  remove_application_from_organization_description:
+    "Une fois supprimée, l'application perdra son association et ses rôles dans cette organisation. Cette action ne peut pas être annulée.",
+  search_application_placeholder: "Rechercher par ID, nom ou description de l'application",
+  roles: "Rôles de l'organisation",
   authorize_to_roles: 'Autoriser {{name}} à accéder aux rôles suivants :',
   edit_organization_roles: "Modifier les rôles de l'organisation",
-  edit_organization_roles_of_user: "Modifier les rôles de l'organisation de {{name}}",
+  edit_organization_roles_title: "Modifier les rôles de l'organisation de {{name}}",
   remove_user_from_organization: "Retirer l'utilisateur de l'organisation",
   remove_user_from_organization_description:
     "Une fois retiré, l'utilisateur perdra son adhésion et ses rôles dans cette organisation. Cette action ne peut pas être annulée.",
   search_user_placeholder: "Rechercher par nom, e-mail, téléphone ou identifiant d'utilisateur",
   at_least_one_user: 'Au moins un utilisateur est requis.',
+  organization_roles_tooltip: 'Les rôles attribués au {{type}} au sein de cette organisation.',
   custom_data: 'Données personnalisées',
   custom_data_tip:
     "Les données personnalisées sont un objet JSON qui peut être utilisé pour stocker des données supplémentaires associées à l'organisation.",
   invalid_json_object: 'Objet JSON non valide.',
+  branding: {
+    logo: "Logos de l'organisation",
+    logo_tooltip:
+      "Vous pouvez passer l'ID de l'organisation pour afficher ce logo dans l'expérience de connexion ; la version sombre du logo est nécessaire si le mode sombre est activé dans les paramètres de l'expérience de connexion omni. <a>Apprenez-en plus</a>",
+  },
+  jit: {
+    title: 'Supply de juste-à-temps',
+    description:
+      "Les utilisateurs peuvent automatiquement rejoindre l'organisation et se voir attribuer des rôles dès leur première connexion via certaines méthodes d'authentification. Vous pouvez définir des exigences à remplir pour le supply de juste-à-temps.",
+    email_domain: 'Approvisionnement de domaine de courrier électronique',
+    email_domain_description:
+      "Les nouveaux utilisateurs qui s'inscrivent avec leur adresse e-mail vérifiée ou via une connexion sociale avec des adresses e-mail vérifiées rejoindront automatiquement l'organisation. <a>Apprenez-en plus</a>",
+    email_domain_placeholder:
+      'Entrez des domaines de courrier électronique pour le supply de juste-à-temps',
+    invalid_domain: 'Domaine non valide',
+    domain_already_added: 'Domaine déjà ajouté',
+    sso_enabled_domain_warning:
+      "Vous avez saisi un ou plusieurs domaines de courrier électronique associés à un SSO d'entreprise. Les utilisateurs avec ces e-mails suivront le flux SSO standard et ne seront pas provisionnés pour cette organisation à moins que le provisionnement SSO d'entreprise ne soit configuré.",
+    enterprise_sso: "Provisionnement SSO d'entreprise",
+    no_enterprise_connector_set:
+      "Vous n'avez encore configuré aucun connecteur SSO d'entreprise. Ajoutez d'abord des connecteurs pour activer le provisionnement SSO d'entreprise. <a>Configurer</a>",
+    add_enterprise_connector: "Ajouter un connecteur d'entreprise",
+    enterprise_sso_description:
+      "Les nouveaux utilisateurs ou les utilisateurs existants se connectant via le SSO d'entreprise pour la première fois rejoindront automatiquement l'organisation. <a>Apprenez-en plus</a>",
+    organization_roles: "Rôles d'organisation par défaut",
+    organization_roles_description:
+      "Attribuez des rôles aux utilisateurs lors de leur adhésion à l'organisation via le supply de juste-à-temps.",
+  },
+  mfa: {
+    title: 'Authentification multi-facteurs (MFA)',
+    tip: "Lorsque la MFA est requise, les utilisateurs sans MFA configurée seront rejetés lorsqu'ils essaient d'échanger un jeton d'organisation. Ce paramètre n'a pas d'incidence sur l'authentification des utilisateurs.",
+    description:
+      'Exigez que les utilisateurs configurent une authentification multi-facteurs pour accéder à cette organisation.',
+    no_mfa_warning:
+      "Aucune méthode d'authentification multi-facteurs n'est activée pour votre locataire. Les utilisateurs ne pourront pas accéder à cette organisation tant qu'au moins une <a>méthode d'authentification multi-facteurs</a> n'est pas activée.",
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/fr/translation/admin-console/organization-template.ts
index 595cb5d83854..e8dcf1f4bb46 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: "Créer un rôle d'organisation",
       create: 'Créer un rôle',
-      name_field: 'Nom du rôle',
-      description_field: 'Description',
+      name: 'Nom du rôle',
+      description: 'Description',
+      type: 'Type de rôle',
       created: "Le rôle d'organisation {{name}} a été créé avec succès.",
     },
   },
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/organizations.ts b/packages/phrases/src/locales/fr/translation/admin-console/organizations.ts
index 8c09ee210400..0277fe0680b5 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: "Modèle d'organisation",
   organization_id: "ID de l'organisation",
   members: 'Membres',
+  machine_to_machine: 'Applications machine-à-machine',
   create_organization: 'Créer une organisation',
   setup_organization: 'Configurer votre organisation',
   organization_list_placeholder_title: 'Organisation',
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/profile.ts b/packages/phrases/src/locales/fr/translation/admin-console/profile.ts
index 25306f9d7a01..5dde03e5265f 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/profile.ts
@@ -52,6 +52,44 @@ const profile = {
     description:
       "La suppression de votre compte supprimera toutes vos informations personnelles, vos données d'utilisateur et votre configuration. Cette action ne peut pas être annulée.",
     button: 'Supprimer le compte',
+    p: {
+      has_issue:
+        "Nous sommes désolés d'apprendre que vous souhaitez supprimer votre compte. Avant de pouvoir supprimer votre compte, vous devez résoudre les problèmes suivants.",
+      after_resolved:
+        "Une fois que vous avez résolu les problèmes, vous pouvez supprimer votre compte. N'hésitez pas à nous contacter si vous avez besoin d'aide.",
+      check_information:
+        "Nous sommes désolés d'apprendre que vous souhaitez supprimer votre compte. Veuillez vérifier les informations ci-dessous avant de continuer.",
+      remove_all_data:
+        'La suppression de votre compte supprimera définitivement toutes les données vous concernant dans Logto Cloud. Assurez-vous donc de sauvegarder toutes les données importantes avant de continuer.',
+      confirm_information:
+        'Veuillez confirmer que les informations ci-dessus correspondent à vos attentes. Une fois que vous aurez supprimé votre compte, nous ne pourrons pas le récupérer.',
+      has_admin_role:
+        'Étant donné que vous avez un rôle d’administrateur dans le locataire suivant, il sera supprimé en même temps que votre compte :',
+      has_admin_role_other:
+        'Étant donné que vous avez un rôle d’administrateur dans les locataires suivants, ils seront supprimés en même temps que votre compte :',
+      quit_tenant: 'Vous êtes sur le point de quitter le locataire suivant :',
+      quit_tenant_other: 'Vous êtes sur le point de quitter les locataires suivants :',
+    },
+    issues: {
+      paid_plan: 'Le locataire suivant a un plan payant, veuillez d’abord annuler l’abonnement :',
+      paid_plan_other:
+        'Les locataires suivants ont des plans payants, veuillez d’abord annuler l’abonnement :',
+      subscription_status: 'Le locataire suivant a un problème de statut d’abonnement :',
+      subscription_status_other:
+        'Les locataires suivants ont des problèmes de statut d’abonnement :',
+      open_invoice: 'Le locataire suivant a une facture ouverte :',
+      open_invoice_other: 'Les locataires suivants ont des factures ouvertes :',
+    },
+    error_occurred: 'Une erreur est survenue',
+    error_occurred_description:
+      "Désolé, quelque chose s'est mal passé lors de la suppression de votre compte :",
+    request_id: 'ID de la demande : {{requestId}}',
+    try_again_later:
+      "Veuillez réessayer plus tard. Si le problème persiste, veuillez contacter l'équipe Logto avec l'ID de la demande.",
+    final_confirmation: 'Confirmation finale',
+    about_to_start_deletion:
+      'Vous êtes sur le point de commencer le processus de suppression et cette action ne peut pas être annulée.',
+    permanently_delete: 'Supprimer définitivement',
   },
   set: 'Définir',
   change: 'Modifier',
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/roles.ts b/packages/phrases/src/locales/fr/translation/admin-console/roles.ts
index b0103b0a9687..e09c260937c0 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Créer un rôle',
   role_name: 'Nom du rôle',
   role_type: 'Type de rôle',
+  type_user: 'Utilisateur',
+  type_machine_to_machine: 'Machine-à-machine',
   role_description: 'Description',
   role_name_placeholder: 'Entrez le nom de votre rôle',
   role_description_placeholder: 'Entrez la description de votre rôle',
@@ -19,16 +21,20 @@ const roles = {
   application_count: '{{count}} application',
   assign_permissions: 'Assigner des autorisations',
   create_role_title: 'Créer un rôle',
+  create_role_description:
+    'Utilisez les rôles pour organiser les autorisations et les assigner aux utilisateurs.',
   create_role_button: 'Créer un rôle',
   role_created: 'Le rôle {{name}} a été créé avec succès.',
   search: 'Rechercher par nom de rôle, description ou ID',
   placeholder_title: 'Rôles',
   placeholder_description:
     "Les rôles sont un regroupement d'autorisations qui peuvent être assignées aux utilisateurs. Assurez-vous d'ajouter d'abord des autorisations avant de créer des rôles.",
+  assign_roles: 'Assigner des rôles',
   management_api_access_notification:
     "Pour accéder à l'API de gestion de Logto, sélectionnez des rôles avec les autorisations de l'API de gestion <flag/>.",
   with_management_api_access_tip:
     "Ce rôle machine à machine inclut les autorisations de l'API de gestion de Logto",
+  role_creation_hint: 'Vous ne trouvez pas le bon rôle ? <a>Créer un rôle</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/index.ts
index 21cc12858a48..a9a6bface69e 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/index.ts
@@ -35,15 +35,56 @@ const sign_in_exp = {
   branding: {
     title: 'ZONE DE MARQUE',
     ui_style: 'Style',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: "Logo de l'app et favicon",
+    company_logo_and_favicon: 'Logo de la société et favicon',
   },
-  custom_css: {
-    title: 'CSS personnalisé',
-    css_code_editor_title: 'Personnalisez votre interface utilisateur avec CSS personnalisé',
-    css_code_editor_description1: 'Voici un exemple de CSS personnalisé.',
+  branding_uploads: {
+    app_logo: {
+      title: "Logo de l'app",
+      url: "URL du logo de l'app",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: "Logo de l'app: {{error}}",
+    },
+    company_logo: {
+      title: 'Logo de la société',
+      url: 'URL du logo de la société',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo de la société: {{error}}',
+    },
+    organization_logo: {
+      title: "Télécharger l'image",
+      url: "URL du logo de l'organisation",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: "Logo de l'organisation: {{error}}",
+    },
+    connector_logo: {
+      title: "Télécharger l'image",
+      url: 'URL du logo du connecteur',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo du connecteur: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'URL du favicon',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon : {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'UI personnalisée',
+    css_code_editor_title: 'CSS personnalisé',
+    css_code_editor_description1: "Voir l'exemple de CSS personnalisé.",
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: 'En savoir plus',
     css_code_editor_content_placeholder:
-      'Entrez votre propre CSS pour adapter les styles de tout élément à vos spécifications exactes. Exprimez votre créativité et faites sortir votre interface utilisateur.',
+      'Entrez votre CSS personnalisé pour adapter les styles de tout à vos spécifications exactes. Exprimez votre créativité et faites ressortir votre interface utilisateur.',
+    bring_your_ui_title: 'Apportez votre UI',
+    bring_your_ui_description:
+      "Téléchargez un package compressé (.zip) pour remplacer l'UI préconstruite de Logto par votre propre code. <a>En savoir plus</a>",
+    preview_with_bring_your_ui_description:
+      'Vos ressources UI personnalisées ont été téléchargées avec succès et sont maintenant servies. En conséquence, la fenêtre de prévisualisation intégrée a été désactivée.\nPour tester votre UI de connexion personnalisée, cliquez sur le bouton "Aperçu en direct" pour l\'ouvrir dans un nouvel onglet du navigateur.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index e24b522f3781..cc5413a5489b 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -43,6 +43,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Configurer',
       go_to: "d'autres connecteurs sociaux maintenant.",
     },
+    automatic_account_linking: 'Lien automatique de compte',
+    automatic_account_linking_label:
+      "Lorsqu'elle est activée, si un utilisateur se connecte avec une identité sociale nouvelle pour le système, et qu'il existe exactement un compte existant avec le même identificateur (par exemple, l'adresse e-mail), Logto liera automatiquement le compte à l'identité sociale au lieu d'inviter l'utilisateur à lier son compte.",
   },
   tip: {
     set_a_password:
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-item.ts
index 44ce7baf295b..19dc34e70db6 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-item.ts
@@ -16,8 +16,8 @@ const quota_item = {
     name: 'Tokens',
     limited: '{{count, number}} token',
     limited_other: '{{count, number}} tokens',
-    unlimited: 'Unlimited tokens',
-    not_eligible: 'Remove your all users to prevent new tokens',
+    unlimited: 'Tokens illimités',
+    not_eligible: 'Supprimez tous vos utilisateurs pour éviter de nouveaux tokens',
   },
   applications_limit: {
     name: 'Applications',
@@ -37,8 +37,8 @@ const quota_item = {
     name: 'Applications tierces',
     limited: '{{count, number}} application tierce',
     limited_other: '{{count, number}} applications tierces',
-    unlimited: 'Unlimited third-party apps',
-    not_eligible: 'Remove your third-party apps',
+    unlimited: 'Applications tierces illimitées',
+    not_eligible: 'Supprimez vos applications tierces',
   },
   resources_limit: {
     name: 'Ressources API',
@@ -97,8 +97,8 @@ const quota_item = {
     name: 'Roles Machine à machine',
     limited: '{{count, number}} rôle machine à machine',
     limited_other: '{{count, number}} rôles machine à machine',
-    unlimited: 'Unlimited machine to machine roles',
-    not_eligible: 'Remove your machine to machine roles',
+    unlimited: 'Rôles machine à machine illimités',
+    not_eligible: 'Supprimez vos rôles machine à machine',
   },
   scopes_per_role_limit: {
     name: 'Permissions de rôle',
@@ -118,7 +118,7 @@ const quota_item = {
     name: 'Organisations',
     limited: 'Organisations',
     unlimited: 'Organisations',
-    not_eligible: 'Remove your organizations',
+    not_eligible: 'Supprimez vos organisations',
   },
   audit_logs_retention_days: {
     name: "Conservation des journaux d'audit",
@@ -150,14 +150,26 @@ const quota_item = {
     name: 'Membres du locataires',
     limited: '{{count, number}} membre du locataire',
     limited_other: '{{count, number}} membres du locataire',
-    unlimited: 'Unlimited tenant members',
-    not_eligible: 'Remove your tenant members',
+    unlimited: 'Membres du locataire illimités',
+    not_eligible: 'Supprimez vos membres du locataire',
   },
   custom_jwt_enabled: {
     name: 'JWT personnalisé',
-    limited: 'Custom JWT',
-    unlimited: 'Custom JWT',
-    not_eligible: 'Remove your JWT claims customizer',
+    limited: 'JWT personnalisé',
+    unlimited: 'JWT personnalisé',
+    not_eligible: 'Supprimez votre personnaliseur de revendications JWT',
+  },
+  impersonation_enabled: {
+    name: 'Usurpation',
+    limited: 'Usurpation',
+    unlimited: 'Usurpation',
+    not_eligible: 'Aucune usurpation autorisée',
+  },
+  bring_your_ui_enabled: {
+    name: 'Apportez votre UI',
+    limited: 'Apportez votre UI',
+    unlimited: 'Apportez votre UI',
+    not_eligible: 'Supprimez vos ressources UI personnalisées',
   },
 };
 
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts
index f113d1f812ef..97c751f0fa2a 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Interface utilisateur et branding',
     custom_domain: 'Domaine personnalisé',
     custom_css: 'CSS personnalisé',
+    logo_and_favicon: 'Logo et favicon',
+    bring_your_ui: 'Apportez votre interface utilisateur',
     dark_mode: 'Mode sombre',
     i18n: 'Internationalisation',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Authentification multi-facteurs',
     sso: 'SSO entreprise',
     adaptive_mfa: 'MFA adaptative',
+    impersonation: "Usurpation d'identité",
   },
   user_management: {
     title: 'Gestion des utilisateurs',
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/tenants.ts b/packages/phrases/src/locales/fr/translation/admin-console/tenants.ts
index d229050b2924..683636896cb8 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/tenants.ts
@@ -15,6 +15,8 @@ const tenants = {
     tenant_id: 'ID du locataire',
     tenant_name: 'Nom du locataire',
     tenant_region: "Région d'hébergement des données",
+    tenant_region_description:
+      'Le lieu physique où vos ressources de locataire (utilisateurs, applications, etc.) sont hébergées. Cela ne peut pas être changé après la création.',
     tenant_region_tip:
       'Vos ressources de locataire sont hébergées dans {{region}}. <a>En savoir plus</a>',
     environment_tag_development: 'Dev',
@@ -47,6 +49,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Créer un locataire',
+    subtitle: "Créer un nouveau locataire qui dispose de ressources et d'utilisateurs isolés.",
     tenant_usage_purpose: 'Dans quel but souhaitez-vous utiliser ce locataire?',
     development_description:
       "Uniquement pour les tests et ne devrait pas être utilisé en production. Aucune souscription n'est requise.",
@@ -57,6 +60,10 @@ const tenants = {
     available_plan: 'Plan disponible :',
     create_button: 'Créer un locataire',
     tenant_name_placeholder: 'Mon locataire',
+    tenant_created: 'Locataire créé avec succès.',
+    invitation_failed:
+      "Certaines invitations n'ont pas pu être envoyées. Veuillez réessayer plus tard dans Paramètres -> Membres.",
+    tenant_type_description: 'Cela ne peut pas être changé après la création.',
   },
   dev_tenant_migration: {
     title:
@@ -104,6 +111,10 @@ const tenants = {
     description_2:
       "Si vous avez besoin de clarifications supplémentaires, si vous avez des préoccupations ou si vous souhaitez restaurer la fonctionnalité complète et débloquer vos locataires, n'hésitez pas à nous contacter immédiatement.",
   },
+  production_tenant_notification: {
+    text: 'Vous êtes dans un locataire de développement pour les tests gratuits. Créez un locataire de production pour passer en direct.',
+    action: 'Créer un locataire',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/fr/translation/admin-console/upsell/paywall.ts
index 2b9fb9e37ee1..2e699958d2f2 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/upsell/paywall.ts
@@ -53,18 +53,20 @@ const paywall = {
   organizations:
     "Débloquez les organisations en passant à un plan payant. N’hésitez pas à <a>nous contacter</a> si vous avez besoin d'aide.",
   third_party_apps:
-    'Unlock Logto as IdP for third-party apps by upgrading to a paid plan. For any assistance, feel free to <a>contact us</a>.',
+    "Débloquez Logto en tant qu'IdP pour les applications tierces en passant à un plan payant. Pour toute assistance, n'hésitez pas à <a>nous contacter</a>.",
   sso_connectors:
-    'Unlock enterprise sso by upgrading to a paid plan. For any assistance, feel free to <a>contact us</a>.',
+    "Débloquez le SSO d'entreprise en passant à un plan payant. Pour toute assistance, n'hésitez pas à <a>nous contacter</a>.",
   tenant_members:
-    'Unlock collaboration feature by upgrading to a paid plan. For any assistance, feel free to <a>contact us</a>.',
+    "Débloquez la fonctionnalité de collaboration en passant à un plan payant. Pour toute assistance, n'hésitez pas à <a>nous contacter</a>.",
   tenant_members_dev_plan:
-    "You've reached your {{limit}}-member limit. Release a member or revoke a pending invitation to add someone new. Need more seats? Feel free to contact us.",
+    "Vous avez atteint votre limite de {{limit}} membres. Libérez un membre ou révoquez une invitation en attente pour en ajouter un nouveau. Besoin de plus de places? N'hésitez pas à nous contacter.",
   custom_jwt: {
-    title: 'Add custom claims',
+    title: 'Ajouter des revendications personnalisées',
     description:
-      "Upgrade to a paid plan for custom JWT functionality and premium benefits. Don't hesitate to <a>contact us</a> if you have any questions.",
+      "Passez à un plan payant pour obtenir la fonctionnalité JWT personnalisée et des avantages premium. N'hésitez pas à <a>nous contacter</a> si vous avez des questions.",
   },
+  bring_your_ui:
+    "Passez à un plan payant pour obtenir des fonctionnalités de personnalisation de l'interface utilisateur ainsi que des avantages premium.",
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/fr/translation/admin-console/user-details.ts b/packages/phrases/src/locales/fr/translation/admin-console/user-details.ts
index 7847de15fedb..7f5138495cc2 100644
--- a/packages/phrases/src/locales/fr/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/fr/translation/admin-console/user-details.ts
@@ -36,9 +36,13 @@ const user_details = {
   field_custom_data: 'Données personnalisées',
   field_custom_data_tip:
     "Informations supplémentaires sur l'utilisateur qui ne figurent pas dans les propriétés prédéfinies de l'utilisateur, telles que la couleur et la langue préférées de l'utilisateur.",
+  field_profile: 'Profil',
+  field_profile_tip:
+    "Informations supplémentaires selon les normes OpenID Connect qui ne sont pas incluses dans les propriétés de l'utilisateur. Notez que toutes les propriétés inconnues seront supprimées. Veuillez vous référer à la <a>référence des propriétés du profil</a> pour plus d'informations.",
   field_connectors: 'Connecteurs sociaux',
   field_sso_connectors: "Connexions d'entreprise",
   custom_data_invalid: 'Les données personnalisées doivent être un objet JSON valide.',
+  profile_invalid: 'Le profil doit être un objet JSON valide.',
   connectors: {
     connectors: 'Connecteurs',
     user_id: 'ID utilisateur',
@@ -79,15 +83,18 @@ const user_details = {
   roles: {
     name_column: 'Rôle utilisateur',
     description_column: 'Description',
+    assign_button: 'Attribuer des rôles',
     delete_description:
       'Cette action supprimera ce rôle de cet utilisateur. Le rôle lui-même existera toujours, mais il ne sera plus associé à cet utilisateur.',
     deleted: '{{name}} a été retiré de cet utilisateur.',
+    assign_title: 'Attribuer des rôles à {{name}}',
     assign_subtitle:
       'Trouvez les rôles utilisateur appropriés en recherchant par nom, description ou ID de rôle.',
     assign_role_field: 'Attribuer des rôles',
     role_search_placeholder: 'Recherche par nom de rôle',
     added_text: '{{value, number}} ajouté',
     assigned_user_count: '{{value, number}} utilisateurs',
+    confirm_assign: 'Attribuer des rôles',
     role_assigned: 'Rôle(s) attribué(s) avec succès',
     search: 'Recherche par nom de rôle, description ou ID',
     empty: 'Aucun rôle disponible',
diff --git a/packages/phrases/src/locales/fr/translation/demo-app.ts b/packages/phrases/src/locales/fr/translation/demo-app.ts
index 9513c7c0e1d8..b8b2b63ad446 100644
--- a/packages/phrases/src/locales/fr/translation/demo-app.ts
+++ b/packages/phrases/src/locales/fr/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: "Vous vous êtes connecté avec succès à l'aperçu en direct !",
+  subtitle: 'Voici vos informations utilisateur :',
   username: "Nom d'utilisateur :",
   user_id: "ID de l'utilisateur :",
   sign_out: "Se déconnecter de l'aperçu en direct",
diff --git a/packages/phrases/src/locales/it/errors/session.ts b/packages/phrases/src/locales/it/errors/session.ts
index 22e1131be994..e9924a868fc0 100644
--- a/packages/phrases/src/locales/it/errors/session.ts
+++ b/packages/phrases/src/locales/it/errors/session.ts
@@ -20,10 +20,13 @@ const session = {
     'La verifica non è stata completata con successo. Riavvia il processo di verifica e riprova.',
   connector_validation_session_not_found:
     'Sessione del connettore per la convalida del token non trovata.',
+  csrf_token_mismatch: 'Token CSRF non corrisponde.',
   identifier_not_found: 'Identificativo utente non trovato. Torna indietro e accedi nuovamente.',
   interaction_not_found:
     'Sessione di interazione non trovata. Torna indietro e avvia la sessione nuovamente.',
   not_supported_for_forgot_password: 'Questa operazione non è supportata per il recupero password.',
+  identity_conflict:
+    "Rilevato conflitto di identità. Si prega di avviare una nuova sessione per procedere con un'altra identità.",
   mfa: {
     require_mfa_verification: 'La verifica MFA è richiesta per accedere.',
     mfa_sign_in_only: "MFA è disponibile solo per l'interazione di accesso.",
diff --git a/packages/phrases/src/locales/it/translation/admin-console/application-details.ts b/packages/phrases/src/locales/it/translation/admin-console/application-details.ts
index 28e192bc55b0..bb337c7b065b 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Descrizione',
   description_placeholder: 'Inserisci la descrizione della tua applicazione',
   config_endpoint: 'Endpoint di configurazione OpenID Provider',
+  issuer_endpoint: 'Endpoint dell’emittente',
   authorization_endpoint: 'Endpoint di autorizzazione',
   authorization_endpoint_tip:
     "L'endpoint per effettuare l'autenticazione e l'autorizzazione. Viene utilizzato per la connessione OpenID <a>autenticazione</a>.",
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Ruota token di aggiornamento',
   rotate_refresh_token_label:
     'Quando abilitato, Logto emetterà un nuovo token di aggiornamento per le richieste di token quando è passato il 70% del Tempo di vita (TTL) originale o sono soddisfatte determinate condizioni. <a>Ulteriori informazioni</a>',
+  backchannel_logout: 'Logout backchannel',
+  backchannel_logout_description:
+    'Configura l’endpoint di logout backchannel OpenID Connect e se la sessione è richiesta per questa applicazione.',
+  backchannel_logout_uri: 'URI di logout backchannel',
+  backchannel_logout_uri_session_required: 'La sessione è necessaria?',
+  backchannel_logout_uri_session_required_description:
+    'Quando abilitato, l’RP richiede che un’istanza `sid` (ID sessione) sia inclusa nel token di logout per identificare la sessione RP con l’OP quando viene usato il `backchannel_logout_uri`.',
   delete_description:
     "Questa azione non può essere annullata. Eliminerà definitivamente l'applicazione. Inserisci il nome dell'applicazione <span>{{name}}</span> per confermare.",
   enter_your_application_name: 'Inserisci il nome della tua applicazione',
@@ -85,15 +93,24 @@ const application_details = {
     "Assicurati di proteggere il tuo server di origine dall'accesso diretto. Fai riferimento alla guida per ulteriori <a>istruzioni dettagliate</a>.",
   session_duration: 'Durata della sessione (giorni)',
   try_it: 'Provalo',
+  no_organization_placeholder: 'Nessuna organizzazione trovata. <a>Vai alle organizzazioni</a>',
   branding: {
     name: 'Marchio',
     description: "Personalizza il nome e il logo dell'applicazione sullo schermo del consenso.",
+    description_third_party:
+      "Personalizza il nome dell'applicazione e il logo sullo schermo del consenso.",
+    app_logo: 'Logo dell’app',
+    app_level_sie: 'Esperienza di accesso a livello di app',
+    app_level_sie_switch:
+      'Abilita l’esperienza di accesso a livello di app e configura il branding specifico dell’app. Se disabilitato, verrà utilizzata l’esperienza di accesso omni.',
     more_info: 'Maggiori informazioni',
     more_info_description:
       "Offri agli utenti ulteriori dettagli sull'applicazione sullo schermo del consenso.",
     display_name: 'Nome visualizzato',
-    display_logo: 'Logo visualizzato',
-    display_logo_dark: 'Logo visualizzato (scuro)',
+    application_logo: 'Logo dell’applicazione',
+    application_logo_dark: 'Logo dell’applicazione (scuro)',
+    brand_color: 'Colore del marchio',
+    brand_color_dark: 'Colore del marchio (scuro)',
     terms_of_use_url: "URL termini d'uso dell'applicazione",
     privacy_policy_url: "URL politica sulla privacy dell'applicazione",
   },
@@ -132,13 +149,13 @@ const application_details = {
     grant_organization_level_permissions: 'Concedi autorizzazioni dei dati organizzazione',
   },
   roles: {
-    name_column: 'Ruolo da macchina a macchina',
-    description_column: 'Descrizione',
     assign_button: 'Assegna ruoli da macchina a macchina',
     delete_description:
       'Questa azione rimuoverà questo ruolo da questa applicazione tra macchine. Il ruolo stesso esisterà ancora, ma non sarà più associato a questa applicazione tra macchine.',
     deleted: '{{name}} è stato rimosso con successo da questo utente.',
     assign_title: 'Assegna ruoli da macchina a macchina a {{name}}',
+    assign_subtitle:
+      'Le app da macchina a macchina devono avere ruoli di tipo macchina a macchina per accedere alle risorse API correlate.',
     assign_role_field: 'Assegna ruoli da macchina a macchina',
     role_search_placeholder: 'Cerca per nome ruolo',
     added_text: '{{value, number}} aggiunti',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/cloud.ts b/packages/phrases/src/locales/it/translation/admin-console/cloud.ts
index f4b0ebc0e2ce..5b82dc08f146 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Nessuna delle opzioni sopra',
     },
   },
+  create_tenant: {
+    page_title: 'Crea tenant',
+    title: 'Crea il tuo primo tenant',
+    description:
+      'Un tenant è un ambiente isolato in cui puoi gestire identità degli utenti, applicazioni e tutte le altre risorse di Logto.',
+    invite_collaborators: 'Invita i tuoi collaboratori via email',
+  },
   sie: {
     page_title: "Personalizza l'esperienza di accesso",
     title: 'Personalizziamo insieme la tua esperienza di accesso',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/it/translation/admin-console/connector-details.ts
index 853a4f6f6136..42674ec1c19b 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/connector-details.ts
@@ -48,9 +48,23 @@ const connector_details = {
     company_information_description:
       "Mostra il nome dell'azienda, l'indirizzo o il codice postale in fondo alle email per migliorare l'autenticità.",
     company_information_placeholder: 'Le informazioni di base della tua azienda',
+    email_logo_field: 'Logo email',
+    email_logo_tip:
+      'Mostra il logo del tuo marchio in cima alle email. Usa la stessa immagine sia per la modalità chiara che per la modalità scura.',
     urls_not_allowed: 'URL non sono ammessi',
     test_notes: 'Logto utilizza il modello "Generico" per i test.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description: 'Google One Tap è un modo sicuro e facile per gli utenti di accedere al tuo sito.',
+    enable_google_one_tap: 'Abilita Google One Tap',
+    enable_google_one_tap_description:
+      'Abilita Google One Tap nella tua esperienza di accesso: consenti agli utenti di registrarsi o accedere rapidamente con il loro account Google se sono già connessi sul loro dispositivo.',
+    configure_google_one_tap: 'Configura Google One Tap',
+    auto_select: 'Seleziona automaticamente le credenziali, se possibile',
+    close_on_tap_outside: "Annulla il prompt se l'utente clicca/tocca all'esterno",
+    itp_support: 'Abilita <a>UX One Tap migliorato sui browser ITP</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/it/translation/admin-console/connectors.ts b/packages/phrases/src/locales/it/translation/admin-console/connectors.ts
index 51fb53a25b35..7286021325e9 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/connectors.ts
@@ -45,6 +45,8 @@ const connectors = {
     name_placeholder: 'Inserisci il nome per il pulsante di accesso tramite social media',
     name_tip:
       'Il nome del pulsante del connettore verrà visualizzato come "Continua con {{name}}." Presta attenzione alla lunghezza del nome in caso risulti troppo lungo.',
+    connector_logo: 'Logo del connettore',
+    connector_logo_tip: 'Il logo verrà visualizzato sul pulsante di accesso del connettore.',
     target: 'Nome del provider di identità',
     target_placeholder: 'Inserisci il nome del provider di identità del connettore',
     target_tip:
diff --git a/packages/phrases/src/locales/it/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/it/translation/admin-console/jwt-claims.ts
index 3dd3529bf59f..537d3c0f4b78 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/jwt-claims.ts
@@ -33,10 +33,15 @@ const jwt_claims = {
     subtitle:
       "Utilizza il parametro di input `data.user` per fornire informazioni vitali sull'utente.",
   },
+  grant_data: {
+    title: 'Dati concessione',
+    subtitle:
+      'Usa il parametro di input `data.grant` per fornire informazioni vitali sulla concessione, disponibile solo per lo scambio di token.',
+  },
   token_data: {
     title: 'Dati token',
     subtitle:
-      'Utilizza il parametro di input `token` per il payload corrente del token di accesso. ',
+      'Utilizza il parametro di input `token` per il payload corrente del token di accesso.',
   },
   fetch_external_data: {
     title: 'Recupera dati esterni',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/it/translation/admin-console/organization-details.ts
index 8936053177b4..ddff3edc0a12 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/organization-details.ts
@@ -14,18 +14,65 @@ const organization_details = {
     'Trova gli utenti appropriati cercando per nome, email, telefono o ID utente. Gli utenti già esistenti non vengono mostrati nei risultati della ricerca.',
   add_with_organization_role: "Aggiungi con ruolo(i) dell'organizzazione",
   user: 'Utente',
+  application: 'Applicazione',
+  application_other: 'Applicazioni',
+  add_applications_to_organization: "Aggiungi applicazioni all'organizzazione {{name}}",
+  add_applications_to_organization_description:
+    'Trova applicazioni appropriate cercando per ID app, nome o descrizione. Le applicazioni esistenti non vengono mostrate nei risultati della ricerca.',
+  at_least_one_application: 'È richiesta almeno una applicazione.',
+  remove_application_from_organization: "Rimuovi applicazione dall'organizzazione",
+  remove_application_from_organization_description:
+    "Una volta rimossa, l'applicazione perderà la sua associazione e ruoli in questa organizzazione. Quest'azione non può essere annullata.",
+  search_application_placeholder: 'Cerca per ID app, nome o descrizione',
+  roles: "Ruoli dell'organizzazione",
   authorize_to_roles: 'Autorizza {{name}} ad accedere ai seguenti ruoli:',
   edit_organization_roles: "Modifica ruoli dell'organizzazione",
-  edit_organization_roles_of_user: "Modifica ruoli dell'organizzazione di {{name}}",
+  edit_organization_roles_title: "Modifica ruoli dell'organizzazione di {{name}}",
   remove_user_from_organization: "Rimuovi utente dall'organizzazione",
   remove_user_from_organization_description:
     "Una volta rimosso, l'utente perderà la sua iscrizione e i ruoli in questa organizzazione. Quest'azione non può essere annullata.",
   search_user_placeholder: 'Cerca per nome, email, telefono o ID utente',
   at_least_one_user: 'È richiesto almeno un utente.',
+  organization_roles_tooltip: "I ruoli assegnati al {{type}} all'interno di questa organizzazione.",
   custom_data: 'Dati personalizzati',
   custom_data_tip:
     "I dati personalizzati sono un oggetto JSON che può essere utilizzato per archiviare dati aggiuntivi associati all'organizzazione.",
   invalid_json_object: 'Oggetto JSON non valido.',
+  branding: {
+    logo: "Loghi dell'organizzazione",
+    logo_tooltip:
+      "Puoi passare l'ID dell'organizzazione per visualizzare questo logo nell'esperienza di accesso; è necessaria la versione scura del logo se la modalità scura è abilitata nelle impostazioni dell'esperienza di accesso omni. <a>Scopri di più</a>",
+  },
+  jit: {
+    title: 'Provisioning just-in-time',
+    description:
+      "Gli utenti possono unirsi automaticamente all'organizzazione e ricevere ruoli al primo accesso attraverso alcuni metodi di autenticazione. Puoi impostare i requisiti da soddisfare per il provisioning just-in-time.",
+    email_domain: 'Provisioning dominio email',
+    email_domain_description:
+      "I nuovi utenti che si iscrivono con i loro indirizzi email verificati o tramite accesso sociale con indirizzi email verificati si uniranno automaticamente all'organizzazione. <a>Scopri di più</a>",
+    email_domain_placeholder: 'Inserisci domini email per il provisioning just-in-time',
+    invalid_domain: 'Dominio non valido',
+    domain_already_added: 'Dominio già aggiunto',
+    sso_enabled_domain_warning:
+      'Hai inserito uno o più domini email associati a SSO aziendale. Gli utenti con queste email seguiranno il flusso SSO standard e non verranno provisionati in questa organizzazione a meno che il provisioning SSO aziendale non sia configurato.',
+    enterprise_sso: 'Provisioning SSO aziendale',
+    no_enterprise_connector_set:
+      'Non hai ancora configurato alcun connettore SSO aziendale. Aggiungi prima i connettori per abilitare il provisioning SSO aziendale. <a>Imposta</a>',
+    add_enterprise_connector: 'Aggiungi connettore aziendale',
+    enterprise_sso_description:
+      "I nuovi utenti o gli utenti esistenti che accedono tramite SSO aziendale per la prima volta si uniranno automaticamente all'organizzazione. <a>Scopri di più</a>",
+    organization_roles: 'Ruoli organizzazione predefiniti',
+    organization_roles_description:
+      "Assegna ruoli agli utenti all'atto dell'iscrizione all'organizzazione tramite il provisioning just-in-time.",
+  },
+  mfa: {
+    title: 'Autenticazione multifattore (MFA)',
+    tip: "Quando è richiesta l'MFA, agli utenti senza MFA configurata verrà negato l'accesso quando tenteranno di scambiare un token dell'organizzazione. Questa impostazione non influisce sull'autenticazione dell'utente.",
+    description:
+      "Richiedi agli utenti di configurare l'autenticazione multifattore per accedere a questa organizzazione.",
+    no_mfa_warning:
+      'Nessun metodo di autenticazione multifattore è abilitato per il tuo tenant. Gli utenti non potranno accedere a questa organizzazione finché non viene abilitato almeno un <a>metodo di autenticazione multifattore</a>.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/it/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/it/translation/admin-console/organization-template.ts
index 0458ae65ac92..3daae4fb341d 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: "Crea ruolo dell'organizzazione",
       create: 'Crea ruolo',
-      name_field: 'Nome del ruolo',
-      description_field: 'Descrizione',
+      name: 'Nome del ruolo',
+      description: 'Descrizione',
+      type: 'Tipo di ruolo',
       created: "Il ruolo dell'organizzazione {{name}} è stato creato con successo.",
     },
   },
diff --git a/packages/phrases/src/locales/it/translation/admin-console/organizations.ts b/packages/phrases/src/locales/it/translation/admin-console/organizations.ts
index 2671ce95fc8f..e4a4d29fbc20 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Modello organizzazione',
   organization_id: 'ID organizzazione',
   members: 'Membri',
+  machine_to_machine: 'Applicazioni da macchina a macchina',
   create_organization: 'Crea organizzazione',
   setup_organization: 'Configura la tua organizzazione',
   organization_list_placeholder_title: 'Organizzazione',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/profile.ts b/packages/phrases/src/locales/it/translation/admin-console/profile.ts
index 18e802c46078..66154e07161d 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/profile.ts
@@ -51,6 +51,44 @@ const profile = {
     description:
       'Eliminando il tuo account, verranno rimossi tutti i tuoi dati personali, le informazioni utente, la configurazione. Questa operazione non può essere annullata.',
     button: 'Elimina account',
+    p: {
+      has_issue:
+        'Siamo spiacenti di sapere che vuoi eliminare il tuo account. Prima di poter eliminare il tuo account, devi risolvere i seguenti problemi.',
+      after_resolved:
+        'Una volta risolti i problemi, puoi eliminare il tuo account. Non esitare a contattarci se hai bisogno di assistenza.',
+      check_information:
+        'Siamo spiacenti di sapere che vuoi eliminare il tuo account. Per favore controlla attentamente le seguenti informazioni prima di procedere.',
+      remove_all_data:
+        'Eliminando il tuo account, verranno permanentemente rimossi tutti i dati su di te in Logto Cloud. Per favore assicurati di fare un backup dei dati importanti prima di procedere.',
+      confirm_information:
+        'Per favore conferma che le informazioni sopra sono quelle che ti aspettavi. Una volta eliminato il tuo account, non saremo in grado di recuperarlo.',
+      has_admin_role:
+        'Poiché hai il ruolo di amministratore nel seguente tenant, verrà eliminato insieme al tuo account:',
+      has_admin_role_other:
+        'Poiché hai il ruolo di amministratore nei seguenti tenant, verranno eliminati insieme al tuo account:',
+      quit_tenant: 'Stai per lasciare il seguente tenant:',
+      quit_tenant_other: 'Stai per lasciare i seguenti tenant:',
+    },
+    issues: {
+      paid_plan:
+        "Il seguente tenant ha un piano a pagamento, per favore annulla prima l'abbonamento:",
+      paid_plan_other:
+        "I seguenti tenant hanno piani a pagamento, per favore annulla prima l'abbonamento:",
+      subscription_status: 'Il seguente tenant ha un problema di stato di abbonamento:',
+      subscription_status_other: 'I seguenti tenant hanno problemi di stato di abbonamento:',
+      open_invoice: 'Il seguente tenant ha una fattura aperta:',
+      open_invoice_other: 'I seguenti tenant hanno fatture aperte:',
+    },
+    error_occurred: 'Si è verificato un errore',
+    error_occurred_description:
+      "Spiacenti, si è verificato un problema durante l'eliminazione del tuo account:",
+    request_id: 'ID richiesta: {{requestId}}',
+    try_again_later:
+      "Per favore riprova più tardi. Se il problema persiste, contatta il team Logto con l'ID richiesta.",
+    final_confirmation: 'Conferma finale',
+    about_to_start_deletion:
+      'Stai per iniziare il processo di eliminazione e questa azione non può essere annullata.',
+    permanently_delete: 'Elimina definitivamente',
   },
   set: 'Imposta',
   change: 'Cambia',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/roles.ts b/packages/phrases/src/locales/it/translation/admin-console/roles.ts
index e289775e10f4..b9601de36c96 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Crea Ruolo',
   role_name: 'Nome ruolo',
   role_type: 'Tipo ruolo',
+  type_user: 'Utente',
+  type_machine_to_machine: 'Da macchina a macchina',
   role_description: 'Descrizione',
   role_name_placeholder: 'Inserisci il nome del tuo ruolo',
   role_description_placeholder: 'Inserisci la descrizione del tuo ruolo',
@@ -19,16 +21,20 @@ const roles = {
   application_count: '{{count}} app',
   assign_permissions: 'Assegna autorizzazioni',
   create_role_title: 'Crea Ruolo',
+  create_role_description:
+    'Usa i ruoli per organizzare le autorizzazioni e assegnarle agli utenti.',
   create_role_button: 'Crea Ruolo',
   role_created: 'Il ruolo {{name}} è stato creato con successo.',
   search: 'Cerca per nome, descrizione o ID del ruolo',
   placeholder_title: 'Ruoli',
   placeholder_description:
     'I ruoli sono un raggruppamento di autorizzazioni che possono essere assegnati agli utenti. Assicurati di aggiungere le autorizzazioni prima di creare i ruoli.',
+  assign_roles: 'Assegna ruoli',
   management_api_access_notification:
     "Per accedere all'API di gestione di Logto, seleziona ruoli con autorizzazioni API di gestione <flag/>.",
   with_management_api_access_tip:
     "Questo ruolo da macchina a macchina include autorizzazioni per l'API di gestione di Logto",
+  role_creation_hint: 'Non trovi il ruolo giusto? <a>Crea un ruolo</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/index.ts
index 25cacc4392a1..c108f0a59a41 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/index.ts
@@ -34,15 +34,56 @@ const sign_in_exp = {
   branding: {
     title: 'AREA DI BRANDIZZO',
     ui_style: 'Stile',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (scuro)',
+    app_logo_and_favicon: "Logo dell'app e favicon",
+    company_logo_and_favicon: 'Logo aziendale e favicon',
   },
-  custom_css: {
-    title: 'CSS personalizzato',
-    css_code_editor_title: 'Personalizza la tua interfaccia utente con CSS personalizzato',
-    css_code_editor_description1: "Guarda l'esempio di CSS personalizzato.",
+  branding_uploads: {
+    app_logo: {
+      title: "Logo dell'app",
+      url: "URL del logo dell'app",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: "Logo dell'app: {{error}}",
+    },
+    company_logo: {
+      title: 'Logo aziendale',
+      url: 'URL del logo aziendale',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo aziendale: {{error}}',
+    },
+    organization_logo: {
+      title: 'Carica immagine',
+      url: "URL del logo dell'organizzazione",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: "Logo dell'organizzazione: {{error}}",
+    },
+    connector_logo: {
+      title: 'Carica immagine',
+      url: 'URL del logo del connettore',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo del connettore: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'URL della favicon',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'UI personalizzata',
+    css_code_editor_title: 'CSS personalizzato',
+    css_code_editor_description1: "Vedi l'esempio di CSS personalizzato.",
     css_code_editor_description2: '<a>{{link}}</a>',
-    css_code_editor_description_link_content: 'Ulteriori informazioni',
+    css_code_editor_description_link_content: 'Scopri di più',
     css_code_editor_content_placeholder:
-      'Inserisci il tuo CSS personalizzato per adattare lo stile di qualsiasi cosa alle tue specifiche. Esprimi la tua creatività e fai risaltare la tua interfaccia utente.',
+      'Inserisci il tuo CSS personalizzato per adattare gli stili di qualsiasi cosa alle tue specifiche esatte. Esprimi la tua creatività e fai risaltare la tua UI.',
+    bring_your_ui_title: 'Porta la tua UI',
+    bring_your_ui_description:
+      'Carica un pacchetto compresso (.zip) per sostituire la UI precaricata di Logto con il tuo codice. <a>Scopri di più</a>',
+    preview_with_bring_your_ui_description:
+      'I tuoi asset della UI personalizzata sono stati caricati con successo e ora vengono serviti. Di conseguenza, la finestra di anteprima integrata è stata disabilitata.\nPer testare la tua UI di accesso personalizzata, fai clic sul pulsante "Live Preview" per aprirla in una nuova scheda del browser.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 5aa25fa3dd2e..c7f8111faada 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -41,6 +41,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Imposta',
       go_to: 'altri connettori social ora.',
     },
+    automatic_account_linking: "Collegamento automatico dell'account",
+    automatic_account_linking_label:
+      "Quando attivato, se un utente accede con un'identità sociale nuova per il sistema, e c'è esattamente un account esistente con lo stesso identificatore (ad esempio, email), Logto collegherà automaticamente l'account con l'identità sociale invece di richiedere all'utente il collegamento dell'account.",
   },
   tip: {
     set_a_password: 'Un set unico di password per il tuo nome utente è un must.',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-item.ts
index 3886f1115c91..0cbd79534944 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'JWT personalizzato',
     not_eligible: 'Rimuovi il tuo personalizzatore di claim JWT',
   },
+  impersonation_enabled: {
+    name: 'Impersonazione',
+    limited: 'Impersonazione',
+    unlimited: 'Impersonazione',
+    not_eligible: 'Nessuna impersonazione permessa',
+  },
+  bring_your_ui_enabled: {
+    name: 'Portare la tua UI',
+    limited: 'Portare la tua UI',
+    unlimited: 'Portare la tua UI',
+    not_eligible: 'Rimuova le risorse della tua UI personalizzata',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts
index de806d884e04..032d7d468fce 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'UI e branding',
     custom_domain: 'Dominio personalizzato',
     custom_css: 'CSS personalizzato',
+    logo_and_favicon: 'Logo e favicon',
+    bring_your_ui: 'Porta la tua interfaccia',
     dark_mode: 'Modalità scura',
     i18n: 'Internazionalizzazione',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Autenticazione a più fattori',
     sso: 'SSO aziendale',
     adaptive_mfa: 'MFA adattativa',
+    impersonation: 'Impersonificazione',
   },
   user_management: {
     title: 'Gestione utenti',
diff --git a/packages/phrases/src/locales/it/translation/admin-console/tenants.ts b/packages/phrases/src/locales/it/translation/admin-console/tenants.ts
index e37d58803a2e..624efeeeecfe 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/tenants.ts
@@ -16,6 +16,8 @@ const tenants = {
     tenant_id: 'ID Inquilino',
     tenant_name: 'Nome Inquilino',
     tenant_region: 'Regione di hosting',
+    tenant_region_description:
+      'La posizione fisica in cui sono ospitate le risorse del tuo inquilino (utenti, app, ecc.). Questo non può essere cambiato dopo la creazione.',
     tenant_region_tip:
       'Le risorse del tuo inquilino sono ospitate in {{region}}. <a>Scopri di più</a>',
     environment_tag_development: 'Svil',
@@ -48,6 +50,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Crea nuovo inquilino',
+    subtitle: 'Crea un nuovo inquilino che ha risorse e utenti isolati.',
     tenant_usage_purpose: 'Per cosa desideri utilizzare questo inquilino?',
     development_description:
       'Solo per scopi di test e non dovrebbe essere utilizzato in produzione. Non è richiesto alcun abbonamento.',
@@ -58,6 +61,10 @@ const tenants = {
     available_plan: 'Piano disponibile:',
     create_button: 'Crea inquilino',
     tenant_name_placeholder: 'Il mio inquilino',
+    tenant_created: 'Inquilino creato con successo.',
+    invitation_failed:
+      'Alcuni inviti non sono riusciti a essere inviati. Prova di nuovo in Impostazioni -> Membri più tardi.',
+    tenant_type_description: 'Questo non può essere cambiato dopo la creazione.',
   },
   dev_tenant_migration: {
     title:
@@ -105,6 +112,10 @@ const tenants = {
     description_2:
       'Se necessiti ulteriori chiarimenti, hai qualche preoccupazione o desideri ripristinare la funzionalità completa e sbloccare i tuoi inquilini, ti preghiamo di contattarci immediatamente.',
   },
+  production_tenant_notification: {
+    text: 'Sei in un inquilino di sviluppo per test gratuiti. Crea un inquilino di produzione per andare in diretta.',
+    action: 'Crea inquilino',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/it/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/it/translation/admin-console/upsell/paywall.ts
index 276854c8a1a4..68015f9580dd 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Aggiorna a un piano a pagamento per la funzionalità JWT personalizzata e benefici premium. Non esitare a <a>contattarci</a> se hai domande.',
   },
+  bring_your_ui:
+    'Aggiorna a un piano a pagamento per portare la tua funzionalità di interfaccia utente personalizzata e beneficiare dei vantaggi premium.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/it/translation/admin-console/user-details.ts b/packages/phrases/src/locales/it/translation/admin-console/user-details.ts
index efdcf63d2145..de8025271a5a 100644
--- a/packages/phrases/src/locales/it/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/it/translation/admin-console/user-details.ts
@@ -36,9 +36,13 @@ const user_details = {
   field_custom_data: 'Dati personalizzati',
   field_custom_data_tip:
     "Ulteriori informazioni sull'utente non elencate nelle proprietà utente predefinite, come il colore e la lingua preferiti dall'utente.",
+  field_profile: 'Profilo',
+  field_profile_tip:
+    "Ulteriori dichiarazioni standard OpenID Connect che non sono incluse nelle proprietà dell'utente. Si noti che tutte le proprietà sconosciute verranno eliminate. Fare riferimento a <a>riferimento delle proprietà del profilo</a> per ulteriori informazioni.",
   field_connectors: 'Connessioni sociali',
   field_sso_connectors: 'Connessioni enterprise',
   custom_data_invalid: 'I dati personalizzati devono essere un oggetto JSON valido',
+  profile_invalid: 'Il profilo deve essere un oggetto JSON valido',
   connectors: {
     connectors: 'Connettori',
     user_id: 'ID utente',
@@ -79,14 +83,17 @@ const user_details = {
   roles: {
     name_column: 'Ruolo utente',
     description_column: 'Descrizione',
+    assign_button: 'Assegna ruoli',
     delete_description:
       'Questa azione rimuoverà questo ruolo da questo utente. Il ruolo stesso esisterà ancora, ma non sarà più associato a questo utente.',
     deleted: '{{nome}} è stato rimosso con successo da questo utente.',
+    assign_title: 'Assegna ruoli a {{name}}',
     assign_subtitle: 'Trova i ruoli utente appropriati cercando per nome, descrizione o ID ruolo.',
     assign_role_field: 'Assegna ruoli',
     role_search_placeholder: 'Cerca per nome ruolo',
     added_text: '{{value, number}} aggiunti',
     assigned_user_count: '{{value, number}} utenti',
+    confirm_assign: 'Assegna ruoli',
     role_assigned: 'Ruolo(ruoli) assegnati con successo',
     search: 'Cerca per nome ruolo, descrizione o ID',
     empty: 'Nessun ruolo disponibile',
diff --git a/packages/phrases/src/locales/it/translation/demo-app.ts b/packages/phrases/src/locales/it/translation/demo-app.ts
index dd8abf5a1a50..ef7bbef7acc5 100644
--- a/packages/phrases/src/locales/it/translation/demo-app.ts
+++ b/packages/phrases/src/locales/it/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: "Hai effettuato l'accesso anteprima live con successo!",
+  subtitle: 'Ecco le informazioni sul tuo utente:',
   username: 'Nome utente: ',
   user_id: 'ID utente: ',
   sign_out: "Esci dall'anteprima live",
diff --git a/packages/phrases/src/locales/ja/errors/session.ts b/packages/phrases/src/locales/ja/errors/session.ts
index f4c666cd9d6b..c37ce60e12b6 100644
--- a/packages/phrases/src/locales/ja/errors/session.ts
+++ b/packages/phrases/src/locales/ja/errors/session.ts
@@ -2,7 +2,7 @@ const session = {
   not_found: 'セッションが見つかりません。戻って再度サインインしてください。',
   invalid_credentials: 'アカウントまたはパスワードが正しくありません。入力内容を確認してください。',
   invalid_sign_in_method: '現在のサインイン方法は利用できません。',
-  invalid_connector_id: '利用可能なid {{connectorId}} のコネクタが見つかりません。',
+  invalid_connector_id: '利用可能な id {{connectorId}} のコネクタが見つかりません。',
   insufficient_info: '十分なサインイン情報がありません。',
   connector_id_mismatch: 'コネクタIDがセッションレコードと一致しません。',
   connector_session_not_found:
@@ -12,31 +12,35 @@ const session = {
   verification_expired:
     '接続がタイムアウトしました。アカウントの安全性を確保するために再度検証してください。',
   verification_blocked_too_many_attempts:
-    'Too many attempts in a short time. Please try again {{relativeTime}}.',
+    '試行回数が多すぎます。{{relativeTime}}後に再度試してください。',
   unauthorized: '最初にサインインしてください。',
   unsupported_prompt_name: 'サポートされていないプロンプト名です。',
   forgot_password_not_enabled: 'パスワードを忘れた場合の対処が有効になっていません。',
   verification_failed: '検証が成功しませんでした。検証フローを再開してもう一度やり直してください。',
   connector_validation_session_not_found: 'トークン検証用のコネクタセッションが見つかりません。',
-  identifier_not_found: 'ユーザーIDが見つかりません。戻って再度サインインしてください。',
+  csrf_token_mismatch: 'CSRF トークンの不一致。',
+  identifier_not_found: 'ユーザー ID が見つかりません。戻って再度サインインしてください。',
   interaction_not_found:
     'インタラクションセッションが見つかりません。戻ってセッションを開始してください。',
-  not_supported_for_forgot_password: 'This operation is not supported for forgot password.',
+  not_supported_for_forgot_password:
+    'この操作は パスワードを忘れた 場合にはサポートされていません。',
+  identity_conflict:
+    'ID の不一致が検出されました。別の ID を使用して新しいセッションを開始してください。',
   mfa: {
-    require_mfa_verification: 'Mfa verification is required to sign in.',
-    mfa_sign_in_only: 'Mfa is only available for sign-in interaction.',
-    pending_info_not_found: 'Pending MFA info not found, please initiate MFA first.',
-    invalid_totp_code: 'Invalid TOTP code.',
-    webauthn_verification_failed: 'WebAuthn verification failed.',
-    webauthn_verification_not_found: 'WebAuthn verification not found.',
-    bind_mfa_existed: 'MFA already exists.',
-    backup_code_can_not_be_alone: 'Backup code can not be the only MFA.',
-    backup_code_required: 'Backup code is required.',
-    invalid_backup_code: 'Invalid backup code.',
-    mfa_policy_not_user_controlled: 'MFA policy is not user controlled.',
+    require_mfa_verification: 'サインインするには MFA 検証が必要です。',
+    mfa_sign_in_only: 'MFA はサインイン操作のみに使用できます。',
+    pending_info_not_found: '保留中の MFA 情報が見つかりません。まず MFA を開始してください。',
+    invalid_totp_code: '無効な TOTP コード。',
+    webauthn_verification_failed: 'WebAuthn 検証に失敗しました。',
+    webauthn_verification_not_found: 'WebAuthn 検証が見つかりません。',
+    bind_mfa_existed: 'MFA は既に存在します。',
+    backup_code_can_not_be_alone: 'バックアップコードは唯一の MFA にはできません。',
+    backup_code_required: 'バックアップコードが必要です。',
+    invalid_backup_code: '無効なバックアップコード。',
+    mfa_policy_not_user_controlled: 'MFA ポリシーはユーザーによって管理されていません。',
   },
   sso_enabled:
-    'このメールアドレスではシングルサインオンが有効になっています。SSOでサインインしてください。',
+    'このメールアドレスではシングルサインオンが有効になっています。SSO でサインインしてください。',
 };
 
 export default Object.freeze(session);
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts b/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts
index c25ca722414d..ef4ce8836afa 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts
@@ -13,7 +13,7 @@ const application_details = {
   session: 'セッション',
   endpoints_and_credentials: 'エンドポイントと資格情報',
   endpoints_and_credentials_description:
-    '次のエンドポイントと資格情報を使用して、アプリケーションでOIDC接続を設定します。',
+    '次のエンドポイントと資格情報を使用して、アプリケーションで OIDC 接続を設定します。',
   refresh_token_settings: 'リフレッシュトークン',
   refresh_token_settings_description:
     'このアプリケーションのリフレッシュトークン規則を管理します。',
@@ -22,51 +22,59 @@ const application_details = {
   application_name_placeholder: '私のアプリ',
   description: '説明',
   description_placeholder: 'アプリケーションの説明を入力してください',
-  config_endpoint: 'OpenIDプロバイダ構成エンドポイント',
+  config_endpoint: 'OpenID プロバイダ構成エンドポイント',
+  issuer_endpoint: '発行者エンドポイント',
   authorization_endpoint: '認可エンドポイント',
   authorization_endpoint_tip:
-    '認証と認可を実行するエンドポイントです。OpenID Connectの<a>認証</a>に使用されます。',
+    '認証と認可を実行するエンドポイントです。OpenID Connect の<a>認証</a>に使用されます。',
   show_endpoint_details: 'エンドポイントの詳細を表示',
   hide_endpoint_details: 'エンドポイントの詳細を非表示',
   logto_endpoint: 'Logto エンドポイント',
-  application_id: 'アプリID',
+  application_id: 'アプリ ID',
   application_id_tip:
-    '通常Logtoによって生成される一意のアプリケーション識別子です。OpenID Connectでは「<a>client_id</a>」とも呼ばれます。',
+    '通常 Logto によって生成される一意のアプリケーション識別子です。OpenID Connect では「<a>client_id</a>」とも呼ばれます。',
   application_secret: 'アプリのシークレット',
-  redirect_uri: 'リダイレクトURI',
-  redirect_uris: 'リダイレクトURI',
+  redirect_uri: 'リダイレクト URI',
+  redirect_uris: 'リダイレクト URI',
   redirect_uri_placeholder: 'https://your.website.com/app',
   redirect_uri_placeholder_native: 'io.logto://callback',
   redirect_uri_tip:
-    'ユーザーがサインイン（成功した場合も失敗した場合も）した後にリダイレクトされるURIです。詳細については、OpenID Connectの<a>AuthRequest</a>を参照してください。',
-  post_sign_out_redirect_uri: 'サインアウト後のリダイレクトURI',
-  post_sign_out_redirect_uris: 'サインアウト後のリダイレクトURI',
+    'ユーザーがサインイン（成功した場合も失敗した場合も）した後にリダイレクトされる URI です。詳細については、OpenID Connect の<a>AuthRequest</a>を参照してください。',
+  post_sign_out_redirect_uri: 'サインアウト後のリダイレクト URI',
+  post_sign_out_redirect_uris: 'サインアウト後のリダイレクト URI',
   post_sign_out_redirect_uri_placeholder: 'https://your.website.com/home',
   post_sign_out_redirect_uri_tip:
-    'ユーザーのサインアウト後にリダイレクトされるURIです（オプション）。一部のアプリケーションタイプでは実質的な効果がない可能性があります。',
-  cors_allowed_origins: 'CORS許可されたオリジン',
+    'ユーザーのサインアウト後にリダイレクトされる URI です（オプション）。一部のアプリケーションタイプでは実質的な効果がない可能性があります。',
+  cors_allowed_origins: 'CORS 許可されたオリジン',
   cors_allowed_origins_placeholder: 'https://your.website.com',
   cors_allowed_origins_tip:
-    'デフォルトでは、リダイレクトURIのすべてのオリジンが許可されます。通常、このフィールドでは何も行動を必要としません。これについての詳細情報は<a>MDN doc</a>を参照してください。',
+    'デフォルトでは、リダイレクト URI のすべてのオリジンが許可されます。通常、このフィールドでは何も行動を必要としません。これについての詳細情報は<a>MDN doc</a>を参照してください。',
   token_endpoint: 'トークンエンドポイント',
   user_info_endpoint: 'ユーザー情報エンドポイント',
   enable_admin_access: '管理者アクセスを有効にする',
   enable_admin_access_label:
-    '管理APIへのアクセスを有効または無効にします。有効にすると、アクセストークンを使用してこのアプリケーションを代表して管理APIを呼び出すことができます。',
-  always_issue_refresh_token: '常にRefresh Tokenを発行する',
+    '管理 API へのアクセスを有効または無効にします。有効にすると、アクセストークンを使用してこのアプリケーションを代表して管理 API を呼び出すことができます。',
+  always_issue_refresh_token: '常に Refresh Token を発行する',
   always_issue_refresh_token_label:
-    'この設定を有効にすると、Logtoは、認証要求に「prompt = consent」が提示されたかどうかにかかわらず、常にRefresh Tokenを発行することができます。ただし、OpenID Connectと互換性がないため、必要でない限りこのプラクティスは推奨されず、問題が発生する可能性があります。',
+    'この設定を有効にすると、Logto は、認証要求に「prompt = consent」が提示されたかどうかにかかわらず、常に Refresh Token を発行することができます。ただし、OpenID Connect と互換性がないため、必要でない限りこのプラクティスは推奨されず、問題が発生する可能性があります。',
   refresh_token_ttl: 'リフレッシュトークンの有効期限（日単位）',
   refresh_token_ttl_tip:
-    'リフレッシュトークンが期限切れになるまでの期間です。トークンリクエストは、リフレッシュトークンのTTLをこの値に延長します。',
-  rotate_refresh_token: 'Refresh Tokenを切り替える',
+    'リフレッシュトークンが期限切れになるまでの期間です。トークンリクエストは、リフレッシュトークンの TTL をこの値に延長します。',
+  rotate_refresh_token: 'Refresh Token を切り替える',
   rotate_refresh_token_label:
-    '有効にすると、Logtoは、元のTTLの70％が経過したときまたは特定の条件が満たされた場合、トークン要求で新しいRefresh Tokenを発行します。<a>詳細を見る</a>',
+    '有効にすると、Logto は、元の TTL の 70％ が経過したときまたは特定の条件が満たされた場合、トークン要求で新しい Refresh Token を発行します。<a>詳細を見る</a>',
+  backchannel_logout: 'バックチャネルログアウト',
+  backchannel_logout_description:
+    'OpenID Connect バックチャネルログアウトエンドポイントを構成し、このアプリケーションにセッションが必要かどうかを設定します。',
+  backchannel_logout_uri: 'バックチャネルログアウト URI',
+  backchannel_logout_uri_session_required: 'セッションが必要ですか？',
+  backchannel_logout_uri_session_required_description:
+    '有効にすると、RP は、`sid` （セッション ID）クレームをログアウトトークンに含めて、`backchannel_logout_uri` が使用されるときに RP セッションが OP と一致するように要求します。',
   delete_description:
     'この操作は元に戻すことはできません。アプリケーション名「<span>{{name}}</span>」を入力して確認してください。',
   enter_your_application_name: 'アプリケーション名を入力してください',
   application_deleted: 'アプリケーション{{name}}が正常に削除されました',
-  redirect_uri_required: 'リダイレクトURIを少なくとも1つ入力する必要があります',
+  redirect_uri_required: 'リダイレクト URI を少なくとも 1 つ入力する必要があります',
   app_domain_description_1:
     'Feel free to use your domain with {{domain}} powered by Logto, which is permanently valid.',
   app_domain_description_2:
@@ -85,16 +93,25 @@ const application_details = {
     'Ensure to protect your origin server from direct access. Refer to the guide for more <a>detailed instructions</a>.',
   session_duration: 'セッション期間（日単位）',
   try_it: 'お試しください',
+  no_organization_placeholder: 'No organization found. <a>Go to organizations</a>',
   branding: {
     name: 'ブランディング',
-    description: 'Consent画面上でアプリケーションの表示名とロゴをカスタマイズします。',
+    description: 'Consent 画面上でアプリケーションの表示名とロゴをカスタマイズします。',
+    description_third_party:
+      'アプリケーションの同意画面に表示される名前とロゴをカスタマイズします。',
+    app_logo: 'アプリのロゴ',
+    app_level_sie: 'アプリレベルのサインインエクスペリエンス',
+    app_level_sie_switch:
+      'アプリレベルのサインインエクスペリエンスを有効にし、アプリ固有のブランディングを設定します。無効にすると、全体的なサインインエクスペリエンスが使用されます。',
     more_info: '詳細',
-    more_info_description: 'Consent画面上でアプリケーションに関する追加情報を提供します。',
+    more_info_description: 'Consent 画面上でアプリケーションに関する追加情報を提供します。',
     display_name: '表示名',
-    display_logo: '表示ロゴ',
-    display_logo_dark: '表示ロゴ（ダーク）',
-    terms_of_use_url: 'アプリケーション利用規約URL',
-    privacy_policy_url: 'アプリケーションプライバシーポリシーURL',
+    application_logo: 'アプリケーションのロゴ',
+    application_logo_dark: 'アプリケーションのロゴ（ダーク）',
+    brand_color: 'ブランドカラー',
+    brand_color_dark: 'ブランドカラー（ダーク）',
+    terms_of_use_url: 'アプリケーション利用規約 URL',
+    privacy_policy_url: 'アプリケーションプライバシーポリシー URL',
   },
   permissions: {
     name: '権限',
@@ -111,15 +128,15 @@ const application_details = {
     permissions_assignment_description:
       'ユーザーが特定のデータタイプにアクセスするためにサードパーティアプリケーションが要求している権限を選択します。',
     user_profile: 'ユーザーデータ',
-    api_permissions: 'API権限',
+    api_permissions: 'API 権限',
     organization: '組織権限',
     user_permissions_assignment_form_title: 'ユーザープロファイル権限を追加',
     organization_permissions_assignment_form_title: '組織権限を追加',
-    api_resource_permissions_assignment_form_title: 'APIリソース権限を追加',
+    api_resource_permissions_assignment_form_title: 'API リソース権限を追加',
     user_data_permission_description_tips:
       '個人ユーザーデータ権限の説明を「サインイン体験 > コンテンツ > 言語管理」を介して変更できます',
     permission_description_tips:
-      'Logtoがサードパーティアプリケーションの認証プロバイダ（IdP）として使用され、ユーザーに承認を要求される場合、この説明が同意画面に表示されます。',
+      'Logto がサードパーティアプリケーションの認証プロバイダ（IdP）として使用され、ユーザーに承認を要求される場合、この説明が同意画面に表示されます。',
     user_title: 'ユーザー',
     user_description:
       '特定のユーザーデータにアクセスするためにサードパーティアプリケーションが要求する権限を選択します。',
@@ -130,13 +147,13 @@ const application_details = {
     grant_organization_level_permissions: '組織データの権限を付与する',
   },
   roles: {
-    name_column: 'マシン間の役割',
-    description_column: '説明',
     assign_button: 'マシン間の役割を割り当てる',
     delete_description:
       'この操作は、このマシン対マシンアプリからこの役割を削除します。役割自体はまだ存在しますが、もはやマシン対マシンアプリに関連付けられていません。',
     deleted: '{{name}} がこのユーザーから正常に削除されました。',
     assign_title: '{{name}}にマシン間の役割を割り当てる',
+    assign_subtitle:
+      'マシン対マシンアプリは、関連する API リソースにアクセスするためにマシン対マシンタイプの役割が必要です。',
     assign_role_field: 'マシン間の役割を割り当てる',
     role_search_placeholder: '役割名で検索',
     added_text: '{{value, number}} 件追加',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/cloud.ts b/packages/phrases/src/locales/ja/translation/admin-console/cloud.ts
index 1b2a55d64659..fcf2aaa24e38 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/cloud.ts
@@ -6,7 +6,7 @@ const cloud = {
     page_title: 'ようこそ',
     title: 'Logto Cloud へようこそ！あなたについて少し学びたいです。',
     description:
-      'あなたの情報を知ることで、あなたにユニークなLogtoエクスペリエンスを提供します。あなたの情報は安全に保管されます。',
+      'あなたの情報を知ることで、あなたにユニークな Logto エクスペリエンスを提供します。あなたの情報は安全に保管されます。',
     project_field: 'ログトを使用しています',
     project_options: {
       personal: '個人プロジェクト',
@@ -25,13 +25,20 @@ const cloud = {
     additional_features_options: {
       customize_ui_and_flow:
         '自分の UI を構築および管理し、Logto の事前に構築されたカスタマイズ可能なソリューションだけではなく使用する',
-      compliance: 'SOC2とGDPRは必須です',
-      export_user_data: 'Logtoからユーザーデータをエクスポートする機能が必要です',
+      compliance: 'SOC2 と GDPR は必須です',
+      export_user_data: 'Logto からユーザーデータをエクスポートする機能が必要です',
       budget_control: '予算管理が非常に厳しいです',
-      bring_own_auth: '独自の認証サービスを持っており、Logtoの機能が必要な場合',
+      bring_own_auth: '独自の認証サービスを持っており、Logto の機能が必要な場合',
       others: '上記のどれにも該当しません',
     },
   },
+  create_tenant: {
+    page_title: 'テナントを作成',
+    title: '最初のテナントを作成',
+    description:
+      'テナントはユーザーアイデンティティ、アプリケーション、およびその他すべての Logto リソースを管理するための独立した環境です。',
+    invite_collaborators: 'メールでコラボレーターを招待',
+  },
   sie: {
     page_title: 'サインインエクスペリエンスのカスタマイズ',
     title: 'まずは簡単にサインインエクスペリエンスをカスタマイズしましょう',
@@ -71,7 +78,7 @@ const cloud = {
   socialCallback: {
     title: 'ログインが成功しました',
     description:
-      'ソーシャルアカウントを使用して正常にサインインしました。Logtoのすべての機能にシームレスにアクセスできるようにするために、独自のソーシャルコネクタを設定することをお勧めします。',
+      'ソーシャルアカウントを使用して正常にサインインしました。Logto のすべての機能にシームレスにアクセスできるようにするために、独自のソーシャルコネクタを設定することをお勧めします。',
   },
   tenant: {
     create_tenant: 'テナントを作成する',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/ja/translation/admin-console/connector-details.ts
index e2ce1c7b4841..db58a749c934 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/connector-details.ts
@@ -4,7 +4,7 @@ const connector_details = {
   check_readme: 'READMEを確認する',
   settings: '一般設定',
   settings_description:
-    'コネクタはLogtoに不可欠です。Logtoはコネクタのおかげでエンドユーザーがパスワードレス登録またはサインインを利用し、ソーシャルアカウントでサインインすることができる機能を提供することができます。',
+    'コネクタは Logto に不可欠です。Logto はコネクタのおかげでエンドユーザーがパスワードレス登録またはサインインを利用し、ソーシャルアカウントでサインインすることができる機能を提供することができます。',
   parameter_configuration: 'パラメーター設定',
   test_connection: 'テスト',
   save_error_empty_config: '設定を入力してください',
@@ -12,17 +12,17 @@ const connector_details = {
   send_error_invalid_format: '入力が無効です',
   edit_config_label: 'JSONを入力してください',
   test_email_sender: 'メールコネクタのテスト',
-  test_sms_sender: 'SMSコネクタのテスト',
+  test_sms_sender: 'SMS コネクタのテスト',
   test_email_placeholder: 'john.doe@example.com',
   test_sms_placeholder: '+1 555-123-4567',
   test_message_sent: 'テストメッセージが送信されました',
   test_sender_description:
-    'Logtoはテストのために「共通」テンプレートを使用しています。コネクタが正しく構成されている場合、メッセージを受信します。',
+    'Logto はテストのために「共通」テンプレートを使用しています。コネクタが正しく構成されている場合、メッセージを受信します。',
   options_change_email: 'メールコネクタの変更',
-  options_change_sms: 'SMSコネクタの変更',
+  options_change_sms: 'SMS コネクタの変更',
   connector_deleted: 'コネクタが正常に削除されました',
   type_email: 'メールコネクタ',
-  type_sms: 'SMSコネクタ',
+  type_sms: 'SMS コネクタ',
   type_social: 'ソーシャルコネクタ',
   in_used_social_deletion_description:
     'このコネクタはあなたのサインイン体験で使用されています。削除すると、サインイン体験設定のサインイン体験が削除されます。再追加する場合は再設定する必要があります。',
@@ -48,8 +48,23 @@ const connector_details = {
     company_information_description:
       'メールの下部に会社名、住所、郵便番号などを表示して、真正性を高めます。',
     company_information_placeholder: '会社の基本情報を入力してください',
+    email_logo_field: 'メール ロゴ',
+    email_logo_tip:
+      'メールの上部にブランドロゴを表示します。ライトモードとダークモードの両方で同じ画像を使用します。',
     urls_not_allowed: 'URLは許可されません',
-    test_notes: 'Logtoはテストのために「共通」テンプレートを使用しています。',
+    test_notes: 'Logto はテストのために「共通」テンプレートを使用しています。',
+  },
+  google_one_tap: {
+    title: 'Google ワンタップ',
+    description:
+      'Google ワンタップは、ユーザーがあなたのウェブサイトにサインインするための安全で簡単な方法です。',
+    enable_google_one_tap: 'Google ワンタップを有効にする',
+    enable_google_one_tap_description:
+      'サインインエクスペリエンスでGoogle ワンタップを有効にします。ユーザーがデバイスにサインインしている場合、Google アカウントを使用してすぐにサインアップまたはサインインできます。',
+    configure_google_one_tap: 'Google ワンタップを設定する',
+    auto_select: '可能であれば資格情報を自動選択',
+    close_on_tap_outside: '外側をクリック／タップした場合にプロンプトをキャンセル',
+    itp_support: '<a>ITP ブラウザでアップグレードされたワンタップ UX</a> を有効にする',
   },
 };
 
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/connectors.ts b/packages/phrases/src/locales/ja/translation/admin-console/connectors.ts
index 91ca92747cfe..2587936701da 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/connectors.ts
@@ -5,11 +5,11 @@ const connectors = {
   create: 'ソーシャルコネクタを追加',
   config_sie_notice: 'コネクタを設定しました。<a>{{link}}</a>で設定を確認してください。',
   config_sie_link_text: 'サインイン体験',
-  tab_email_sms: 'メールとSMSのコネクタ',
+  tab_email_sms: 'メールと SMS のコネクタ',
   tab_social: 'ソーシャルコネクタ',
   connector_name: 'コネクタ名',
   demo_tip:
-    'このデモコネクタの許容される最大メッセージ数は100件に限定されており、本番環境での展開は推奨されません。',
+    'このデモコネクタの許容される最大メッセージ数は 100 件に限定されており、本番環境での展開は推奨されません。',
   social_demo_tip:
     'このデモコネクタは実演目的にのみ使用するように設計されており、本番環境での展開は推奨されません。',
   connector_type: 'タイプ',
@@ -23,16 +23,16 @@ const connectors = {
   },
   placeholder_title: 'ソーシャルコネクタ',
   placeholder_description:
-    'Logtoは、標準プロトコルを使用して独自のソーシャルサインインコネクタを作成できるとともに、多くの一般的に使用されているソーシャルサインインコネクタを提供しています。',
+    'Logto は、標準プロトコルを使用して独自のソーシャルサインインコネクタを作成できるとともに、多くの一般的に使用されているソーシャルサインインコネクタを提供しています。',
   save_and_done: '保存して完了',
   type: {
     email: 'メールコネクタ',
-    sms: 'SMSコネクタ',
+    sms: 'SMS コネクタ',
     social: 'ソーシャルコネクタ',
   },
   setup_title: {
     email: 'メールコネクタの設定',
-    sms: 'SMSコネクタの設定',
+    sms: 'SMS コネクタの設定',
     social: 'ソーシャルコネクタを追加',
   },
   guide: {
@@ -44,20 +44,22 @@ const connectors = {
     name_placeholder: 'ソーシャルサインインボタンの名前を入力',
     name_tip:
       'コネクタボタンの名前は「{{name}}で続ける」で表示されます。名前が長くなりすぎないように注意してください。',
-    target: 'Identity Providerの名前',
-    target_placeholder: 'コネクタIdentity Providerの名前を入力',
-    target_tip: '「IdP名」として、ソーシャルIDを識別するための一意の識別子文字列を指定します。',
+    connector_logo: 'コネクタロゴ',
+    connector_logo_tip: 'ロゴはコネクタサインインボタンに表示されます。',
+    target: 'Identity Provider の名前',
+    target_placeholder: 'コネクタ Identity Provider の名前を入力',
+    target_tip: '「IdP 名」として、ソーシャル ID を識別するための一意の識別子文字列を指定します。',
     target_tip_standard:
-      '「IdP名」として、ソーシャルIDを識別するための一意の識別子文字列を指定します。この設定は、コネクタが作成された後に変更できません。',
+      '「IdP 名」として、ソーシャル ID を識別するための一意の識別子文字列を指定します。この設定は、コネクタが作成された後に変更できません。',
     target_tooltip:
-      'Logtoのソーシャルコネクタでの「IdP名」とは、ソーシャルIDの「ソース」を指します。「IdP名」は、Plat formごとに一意でなければならず、同じ名前は許可されません。「IdP名」は一度作成されたコネクタで変更することはできません。<a>詳細を見る</a>',
+      'Logto のソーシャルコネクタでの「IdP 名」とは、ソーシャル ID の「ソース」を指します。「IdP 名」は、Platform ごとに一意でなければならず、同じ名前は許可されません。「IdP 名」は一度作成されたコネクタで変更することはできません。<a>詳細を見る</a>',
     target_conflict:
-      '入力されたIdP名は、既存の<span>name</span>コネクタと一致します。同じIdP名を使用すると、ユーザーが2つの異なるコネクタを通じて同じアカウントにアクセスする予期しないサインイン動作が発生する可能性があります。',
+      '入力された IdP 名は、既存の<span>name</span>コネクタと一致します。同じ IdP 名を使用すると、ユーザーが 2 つの異なるコネクタを通じて同じアカウントにアクセスする予期しないサインイン動作が発生する可能性があります。',
     target_conflict_line2:
-      '以前のユーザーが再登録せずにサインインできるように、同じIdentity Providerを持つ現在のコネクタを削除し、新しいコネクタを "IdP名" と同じで作成する場合は、前のユーザーが再登録せずにサインインできるように、同じIdentity Providerを持つ現在のコネクタを削除し、新しいコネクタを "IdP名" で作成してください。',
+      '以前のユーザーが再登録せずにサインインできるように、同じ Identity Provider を持つ現在のコネクタを削除し、新しいコネクタを "IdP 名" と同じで作成する場合は、前のユーザーが再登録せずにサインインできるように、同じ Identity Provider を持つ現在のコネクタを削除し、新しいコネクタを "IdP 名" で作成してください。',
     target_conflict_line3:
-      '別のIdentity Providerに接続する場合は、「IdP名」を変更して続行してください。',
-    config: '構成JSONを入力してください',
+      '別の Identity Provider に接続する場合は、「IdP 名」を変更して続行してください。',
+    config: '構成 JSON を入力してください',
     sync_profile: 'プロファイル情報の同期',
     sync_profile_only_at_sign_up: 'サインアップ時にのみ同期する',
     sync_profile_each_sign_in: 'サインインごとに同期する',
@@ -65,8 +67,8 @@ const connectors = {
       '基本プロファイル（ユーザーの名前やアバターなど）をソーシャルプロバイダから同期します。',
     callback_uri: 'Callback URI',
     callback_uri_description:
-      'Redirect URIもしくはコールバックURIとも呼ばれ、Logtoに戻るURIです。コピーしてソーシャルプロバイダの構成ページに貼り付けてください。',
-    acs_url: 'アサーションコンシューマーサービスURL',
+      'Redirect URI もしくはコールバック URI とも呼ばれ、Logto に戻る URI です。コピーしてソーシャルプロバイダの構成ページに貼り付けてください。',
+    acs_url: 'アサーションコンシューマーサービス URL',
   },
   platform: {
     universal: 'ユニバーサル',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/ja/translation/admin-console/jwt-claims.ts
index beca3aa8e6cc..41dd2b22312e 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/jwt-claims.ts
@@ -30,6 +30,11 @@ const jwt_claims = {
     title: 'ユーザーデータ',
     subtitle: '`data.user`入力パラメータを使用して重要なユーザー情報を提供します。',
   },
+  grant_data: {
+    title: 'グラントデータ',
+    subtitle:
+      '`data.grant`入力パラメータを使用して重要なグラント情報を提供します。これはトークン交換のためにのみ使用できます。',
+  },
   token_data: {
     title: 'トークンデータ',
     subtitle: '現在のアクセストークンペイロードに対して`token`入力パラメータを使用します。',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/ja/translation/admin-console/organization-details.ts
index 744247c8f44a..0c9b79f3f526 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/organization-details.ts
@@ -14,18 +14,64 @@ const organization_details = {
     '名前、メール、電話、またはユーザーIDで検索して適切なユーザーを見つけます。検索結果には既存のメンバーは表示されません。',
   add_with_organization_role: '組織の役割付きで追加',
   user: 'ユーザー',
+  application: 'アプリケーション',
+  application_other: 'アプリケーション',
+  add_applications_to_organization: '組織 {{name}} にアプリケーションを追加',
+  add_applications_to_organization_description:
+    'アプリID、名前、または説明を検索して適切なアプリケーションを見つけます。検索結果には既存のアプリケーションは表示されません。',
+  at_least_one_application: '少なくとも1つのアプリケーションが必要です。',
+  remove_application_from_organization: '組織からアプリケーションを削除',
+  remove_application_from_organization_description:
+    '削除されると、このアプリケーションは組織の関連付けとロールを失います。この操作は元に戻せません。',
+  search_application_placeholder: 'アプリID、名前、または説明で検索',
+  roles: '組織ロール',
   authorize_to_roles: '{{name}} に以下の役割へのアクセスを許可',
   edit_organization_roles: '組織の役割を編集',
-  edit_organization_roles_of_user: '{{name}} の組織の役割を編集',
+  edit_organization_roles_title: '{{name}} の組織役割を編集',
   remove_user_from_organization: '組織からユーザーを削除',
   remove_user_from_organization_description:
     '削除すると、ユーザーは組織内のメンバーシップとロールを失います。この操作は元に戻せません。',
   search_user_placeholder: '名前、メール、電話番号、またはユーザーIDで検索',
   at_least_one_user: '少なくとも1人のユーザーが必要です。',
+  organization_roles_tooltip: 'この組織内で {{type}} に割り当てられた役割。',
   custom_data: 'カスタムデータ',
   custom_data_tip:
     'カスタムデータは、組織に関連付けられた追加データを格納するために使用できるJSONオブジェクトです。',
   invalid_json_object: '無効なJSONオブジェクト。',
+  branding: {
+    logo: '組織ロゴ',
+    logo_tooltip:
+      '組織IDを渡してサインイン画面でこのロゴを表示できます。ダークモードが有効になっている場合は、ダークバージョンのロゴが必要です。<a>詳細</a>',
+  },
+  jit: {
+    title: 'ジャストインタイムプロビジョニング',
+    description:
+      'ユーザーは、いくつかの認証方法を使って初めてサインインするときに自動的に組織に参加し、役割が割り当てられます。ジャストインタイムプロビジョニングの要件を設定できます。',
+    email_domain: 'メールドメインプロビジョニング',
+    email_domain_description:
+      '検証済みのメールアドレスでサインアップする新しいユーザー、または検証済みのメールアドレスを使ってソーシャルサインインする新しいユーザーは、自動的に組織に参加します。<a>詳細</a>',
+    email_domain_placeholder: 'ジャストインタイムプロビジョニング用のメールドメインを入力',
+    invalid_domain: '無効なドメイン',
+    domain_already_added: '既に追加されたドメイン',
+    sso_enabled_domain_warning:
+      'エンタープライズSSOに関連付けられたメールドメインを1つ以上入力しました。これらのメールを持つユーザーは標準的なSSOフローに従います。エンタープライズSSOプロビジョニングが設定されていない限り、この組織にプロビジョニングされません。',
+    enterprise_sso: 'エンタープライズSSOプロビジョニング',
+    no_enterprise_connector_set:
+      'エンタープライズSSOコネクタがまだ設定されていません。エンタープライズSSOプロビジョニングを有効にするには、まずコネクタを追加してください。<a>セットアップ</a>',
+    add_enterprise_connector: 'エンタープライズコネクタを追加',
+    enterprise_sso_description:
+      'エンタープライズSSOを使用して初めてサインインする新しいユーザーまたは既存のユーザーは、自動的に組織に参加します。<a>詳細</a>',
+    organization_roles: 'デフォルトの組織ロール',
+    organization_roles_description:
+      'ジャストインタイムプロビジョニングを通じて組織に参加したユーザーに役割を割り当てます。',
+  },
+  mfa: {
+    title: '多要素認証 (MFA)',
+    tip: 'MFAが必要な場合、MFAが設定されていないユーザーは組織トークンを取得しようとすると拒否されます。この設定はユーザー認証には影響しません。',
+    description: 'この組織にアクセスするために必要な多要素認証を設定してください。',
+    no_mfa_warning:
+      'テナントに多要素認証のメソッドが有効になっていません。少なくとも1つの<a>多要素認証メソッド</a>が有効になるまで、ユーザーはこの組織にアクセスできません。',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/ja/translation/admin-console/organization-template.ts
index 5a0e3e875d81..5726200a7d9c 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/organization-template.ts
@@ -1,7 +1,7 @@
 const organization_template = {
   title: '組織テンプレート',
   subtitle:
-    'マルチテナントSaaSアプリケーションでは、組織テンプレートが複数の組織の共有アクセス制御ポリシー（権限と役割）を定義します。',
+    'マルチテナント SaaS アプリケーションでは、組織テンプレートが複数の組織の共有アクセス制御ポリシー（権限と役割）を定義します。',
   roles: {
     tab_name: '組織の役割',
     search_placeholder: '役割名で検索',
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: '組織の役割を作成する',
       create: '役割を作成する',
-      name_field: '役割名',
-      description_field: '説明',
+      name: '役割名',
+      description: '説明',
+      type: '役割の種類',
       created: '組織の役割{{name}}が正常に作成されました。',
     },
   },
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/organizations.ts b/packages/phrases/src/locales/ja/translation/admin-console/organizations.ts
index 5a3eddb6e8f5..1e12f45fbc86 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/organizations.ts
@@ -3,15 +3,16 @@ const organizations = {
   page_title: '組織',
   title: '組織',
   subtitle:
-    '組織は通常、SaaSや類似したマルチテナントアプリで使用され、お客様（チーム、組織、または企業全体）を代表します。 組織はB2B認証および承認の基本的な要素として機能します。',
+    '組織は通常、SaaSや類似したマルチテナントアプリで使用され、お客様（チーム、組織、または企業全体）を代表します。 組織は B2B 認証および承認の基本的な要素として機能します。',
   organization_template: '組織テンプレート',
-  organization_id: '組織ID',
+  organization_id: '組織 ID',
   members: 'メンバー',
+  machine_to_machine: 'マシン間アプリ',
   create_organization: '組織を作成',
   setup_organization: '組織を設定',
   organization_list_placeholder_title: '組織',
   organization_list_placeholder_text:
-    '組織はSaaSや類似したマルチテナントアプリでよく使用され、クライアントが組織を作成・管理し、メンバーを招待し、役割を割り当てるようなアプリを開発できるようにします。',
+    '組織は SaaS や類似したマルチテナントアプリでよく使用され、クライアントが組織を作成・管理し、メンバーを招待し、役割を割り当てるようなアプリを開発できるようにします。',
   organization_name_placeholder: '私の組織',
   organization_description_placeholder: '組織の簡単な説明',
   organization_permission: '組織権限',
@@ -22,7 +23,7 @@ const organizations = {
   organization_role_description:
     '組織役割は、ユーザーに割り当てることができる権限のグループ化です。権限は事前に定義された組織権限から取得する必要があります。',
   role: '役割',
-  search_placeholder: '組織名またはIDで検索',
+  search_placeholder: '組織名または ID で検索',
   search_role_placeholder: '検索して役割を選択',
   empty_placeholder: '🤔 あなたはまだ{{entity}}を設定していません。',
   organization_and_member: '組織とメンバー',
@@ -32,30 +33,30 @@ const organizations = {
     title: 'ガイドで始める',
     subtitle: 'ガイドを使って組織設定をスタートしましょう',
     introduction: {
-      title: 'Logtoで組織がどのように機能するかを理解しましょう',
+      title: 'Logto で組織がどのように機能するかを理解しましょう',
       section_1: {
         title: '組織はユーザー（アイデンティティ）のグループです',
       },
       section_2: {
         title: '組織テンプレートはマルチテナントアプリのアクセス制御向けに設計されています',
         description:
-          'マルチテナントSaaSアプリケーションでは、複数の組織がしばしば同じアクセス制御テンプレートを共有します。これには権限や役割が含まれます。Logtoではこれを「組織テンプレート」と呼びます。',
+          'マルチテナント SaaS アプリケーションでは、複数の組織がしばしば同じアクセス制御テンプレートを共有します。これには権限や役割が含まれます。Logto ではこれを「組織テンプレート」と呼びます。',
         permission_description:
           '組織権限とは、組織のコンテキストでリソースにアクセスするための承認です。',
         role_description_deprecated:
           '組織役割は、ユーザーに割り当てることができる権限のグループ化です。権限は事前に定義された組織権限から取得する必要があります。',
         role_description:
-          '組織の役割は、メンバーに割り当てることができる組織の権限またはAPIの権限のグループです。',
+          '組織の役割は、メンバーに割り当てることができる組織の権限または API の権限のグループです。',
       },
       section_3: {
-        title: '組織の役割にAPI権限を割り当てることはできますか？',
+        title: '組織の役割に API 権限を割り当てることはできますか？',
         description:
-          'はい、組織の役割にAPI権限を割り当てることができます。 Logtoは組織の役割を効果的に管理する柔軟性を提供し、それらの役割に組織権限とAPI権限の両方を含めることができます。',
+          'はい、組織の役割に API 権限を割り当てることができます。 Logto は組織の役割を効果的に管理する柔軟性を提供し、それらの役割に組織権限と API 権限の両方を含めることができます。',
       },
       section_4: {
         title: 'イラストを操作して、接続方法を確認してください',
         description:
-          '例として、John、Sarahは異なる組織に所属し、それぞれ異なる組織のコンテキストで異なる役割を担っています。 異なるモジュールにカーソルを合わせて、それぞれの動作を確認しましょう。',
+          '例として、John、Sarah は異なる組織に所属し、それぞれ異なる組織のコンテキストで異なる役割を担っています。 異なるモジュールにカーソルを合わせて、それぞれの動作を確認しましょう。',
       },
     },
     organization_permissions: '組織権限',
@@ -66,10 +67,10 @@ const organizations = {
     role_description: '役割「{{role}}」は、異なる組織で同じ組織テンプレートを共有しています。',
     john: 'John',
     john_tip:
-      'Johnは、異なる組織に所属し、単一の識別子として「john@email.com」のメールアドレスを持っています。 彼は組織Aの管理者であり、組織Bのゲストでもあります。',
+      'John は、異なる組織に所属し、単一の識別子として「john@email.com」のメールアドレスを持っています。 彼は組織 A の管理者であり、組織 B のゲストでもあります。',
     sarah: 'Sarah',
     sarah_tip:
-      'Sarahは、単一の識別子として「sarah@email.com」のメールアドレスを持つ1つの組織に属しています。 彼女は組織Bの管理者です。',
+      'Sarah は、単一の識別子として「sarah@email.com」のメールアドレスを持つ 1 つの組織に属しています。 彼女は組織 B の管理者です。',
   },
 };
 
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/profile.ts b/packages/phrases/src/locales/ja/translation/admin-console/profile.ts
index 432612d076d0..ae0d7074615d 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/profile.ts
@@ -50,6 +50,39 @@ const profile = {
     description:
       'アカウントの削除は、すべての個人情報、ユーザーデータ、および設定が削除されます。このアクションは元に戻せません。',
     button: 'アカウントを削除',
+    p: {
+      has_issue:
+        'アカウントを削除したいということで申し訳ありません。アカウントを削除する前に、以下の問題を解決する必要があります。',
+      after_resolved:
+        '問題が解決したら、アカウントを削除できます。サポートが必要な場合は、ご連絡ください。',
+      check_information:
+        'アカウントを削除したいということで申し訳ありません。続行する前に、以下の情報を注意深く確認してください。',
+      remove_all_data:
+        'アカウントを削除すると、Logto Cloud に関するすべてのデータが永久に削除されます。続行する前に、重要なデータをバックアップしてください。',
+      confirm_information:
+        '上記の情報が期待通りであることを確認してください。アカウントを削除すると、復元できなくなります。',
+      has_admin_role: '次のテナントでは管理者権限があるため、アカウントと共に削除されます：',
+      has_admin_role_other: '次のテナントでは管理者権限があるため、アカウントと共に削除されます：',
+      quit_tenant: '次のテナントを退出しようとしています：',
+      quit_tenant_other: '次のテナントを退出しようとしています：',
+    },
+    issues: {
+      paid_plan: '次のテナントは有料プランです。まずサブスクリプションをキャンセルしてください：',
+      paid_plan_other:
+        '次のテナントは有料プランです。まずサブスクリプションをキャンセルしてください：',
+      subscription_status: '次のテナントにサブスクリプションの問題があります：',
+      subscription_status_other: '次のテナントにサブスクリプションの問題があります：',
+      open_invoice: '次のテナントに未払いの請求書があります：',
+      open_invoice_other: '次のテナントに未払いの請求書があります：',
+    },
+    error_occurred: 'エラーが発生しました',
+    error_occurred_description: '申し訳ありませんが、アカウントの削除中に問題が発生しました：',
+    request_id: 'リクエスト ID：{{requestId}}',
+    try_again_later:
+      '後でもう一度試してください。問題が解決しない場合は、リクエスト ID を持って Logto チームに連絡してください。',
+    final_confirmation: '最終確認',
+    about_to_start_deletion: '削除プロセスを開始しようとしています。この操作は元に戻せません。',
+    permanently_delete: '完全に削除',
   },
   set: '設定する',
   change: '変更する',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/roles.ts b/packages/phrases/src/locales/ja/translation/admin-console/roles.ts
index 61196006448c..52779ee234d1 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'ロールを作成する',
   role_name: '役割名',
   role_type: '役割タイプ',
+  type_user: 'ユーザー',
+  type_machine_to_machine: 'マシン間',
   role_description: '説明',
   role_name_placeholder: 'ロールの名前を入力してください',
   role_description_placeholder: 'ロールの説明を入力してください',
@@ -19,15 +21,19 @@ const roles = {
   application_count: '{{count}} アプリ',
   assign_permissions: '権限の割り当て',
   create_role_title: 'ロールを作成する',
+  create_role_description: 'ロールを使用して権限を整理し、ユーザーに割り当てます。',
   create_role_button: 'ロールを作成する',
   role_created: '{{name}}ロールが正常に作成されました。',
   search: 'ロール名、説明、またはIDで検索',
   placeholder_title: 'ロール',
   placeholder_description:
     'ロールは、ユーザーに割り当てられる権限のグループです。ロールを作成する前に、まず権限を追加してください。',
+  assign_roles: 'ロールを割り当てる',
   management_api_access_notification:
-    'Logto管理APIへのアクセスには、管理API権限を持つ役割を選択してください<flag/>。',
-  with_management_api_access_tip: 'このマシン間役割には、Logto管理APIのアクセス権が含まれています',
+    'Logto 管理 API へのアクセスには、管理 API 権限を持つ役割を選択してください<flag/>。',
+  with_management_api_access_tip:
+    'このマシン間役割には、Logto 管理 API のアクセス権が含まれています',
+  role_creation_hint: '適切なロールが見つかりませんか？<a>ロール を作成する</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/index.ts
index 94ad7e1fd400..d9e0d433e505 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/index.ts
@@ -5,7 +5,7 @@ import sign_up_and_sign_in from './sign-up-and-sign-in.js';
 const sign_in_exp = {
   page_title: 'サインインエクスペリエンス',
   title: 'サインインエクスペリエンス',
-  description: 'ブランドに合わせてサインインUIをカスタマイズし、リアルタイムで表示できます。',
+  description: 'ブランドに合わせてサインイン UI をカスタマイズし、リアルタイムで表示できます。',
   tabs: {
     branding: 'ブランディング',
     sign_up_and_sign_in: 'サインアップとサインイン',
@@ -26,29 +26,70 @@ const sign_in_exp = {
     dark_primary_color: 'ブランドカラー（ダーク）',
     dark_mode: 'ダークモードを有効にする',
     dark_mode_description:
-      'あなたのアプリは、ブランドカラーとLogtoアルゴリズムに基づいて自動生成されたダークモードのテーマを持っています。自由にカスタマイズしてください。',
+      'あなたのアプリは、ブランドカラーと Logto アルゴリズムに基づいて自動生成されたダークモードのテーマを持っています。自由にカスタマイズしてください。',
     dark_mode_reset_tip: 'ブランドカラーに基づいてダークモードの色を再計算します。',
     reset: 'リセット',
   },
   branding: {
     title: 'ブランディングエリア',
     ui_style: 'スタイル',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (ダーク)',
+    app_logo_and_favicon: 'アプリロゴとファビコン',
+    company_logo_and_favicon: '企業ロゴとファビコン',
   },
-  custom_css: {
-    title: 'カスタムCSS',
-    css_code_editor_title: 'カスタムCSSでUIをパーソナライズ',
-    css_code_editor_description1: 'カスタムCSSの例を見てください。',
+  branding_uploads: {
+    app_logo: {
+      title: 'アプリロゴ',
+      url: 'アプリロゴ URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'アプリロゴ: {{error}}',
+    },
+    company_logo: {
+      title: '企業ロゴ',
+      url: '企業ロゴ URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '企業ロゴ: {{error}}',
+    },
+    organization_logo: {
+      title: '画像をアップロード',
+      url: '組織ロゴ URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '組織ロゴ: {{error}}',
+    },
+    connector_logo: {
+      title: '画像をアップロード',
+      url: 'コネクタロゴ URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'コネクタロゴ: {{error}}',
+    },
+    favicon: {
+      title: 'ファビコン',
+      url: 'ファビコン URL',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'ファビコン: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'カスタム UI',
+    css_code_editor_title: 'カスタム CSS',
+    css_code_editor_description1: 'カスタム CSS の例をご覧ください。',
     css_code_editor_description2: '<a>{{link}}</a>',
-    css_code_editor_description_link_content: 'さらに詳しく',
+    css_code_editor_description_link_content: '詳しくはこちら',
     css_code_editor_content_placeholder:
-      'カスタムCSSを入力して、すべてのスタイルをあなたの仕様に合わせて調整します。クリエイティビティを発揮して、UIを際立たせましょう。',
+      'カスタム CSS を入力して、あらゆるスタイルを精確に調整してください。創造性を発揮して、あなたの UI を際立たせましょう。',
+    bring_your_ui_title: 'あなたの UI を持参',
+    bring_your_ui_description:
+      '圧縮パッケージ (.zip) をアップロードして、Logto のビルトイン UI を独自のコードで置き換えます。<a>詳しくはこちら</a>',
+    preview_with_bring_your_ui_description:
+      'カスタム UI のアセットは正常にアップロードされ、現在提供されています。したがって、組み込みのプレビューウィンドウは無効になりました。\nパーソナライズされたサインイン UI をテストするには、「ライブプレビュー」ボタンをクリックして新しいブラウザタブで開きます。',
   },
   sign_up_and_sign_in,
   content,
   password_policy,
   setup_warning: {
     no_connector_sms:
-      'まだSMSコネクタが設定されていません。構成を完了する前に、この方法でのサインインはできません。<a>{{link}}</a>「コネクタ」に移動してください',
+      'まだ SMS コネクタが設定されていません。構成を完了する前に、この方法でのサインインはできません。<a>{{link}}</a>「コネクタ」に移動してください',
     no_connector_email:
       'まだメールコネクタが設定されていません。構成を完了する前に、この方法でのサインインはできません。<a>{{link}}</a>「コネクタ」に移動してください',
     no_connector_social:
@@ -69,8 +110,8 @@ const sign_in_exp = {
     live_preview: 'ライブプレビュー',
     live_preview_tip: '変更を保存してプレビュー',
     native: 'ネイティブ',
-    desktop_web: 'デスクトップWeb',
-    mobile_web: 'モバイルWeb',
+    desktop_web: 'デスクトップ Web',
+    mobile_web: 'モバイル Web',
     desktop: 'デスクトップ',
     mobile: 'モバイル',
   },
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 3146befb819c..b5cce9c7d01e 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -27,7 +27,7 @@ const sign_up_and_sign_in = {
     password_auth: 'パスワード',
     verification_code_auth: '確認コード',
     auth_swap_tip: '以下のオプションを交換して、フローで最初に表示されるオプションを決定します。',
-    require_auth_factor: '少なくとも1つの認証要素を選択する必要があります。',
+    require_auth_factor: '少なくとも 1 つの認証要素を選択する必要があります。',
   },
   social_sign_in: {
     title: 'ソーシャルサインイン',
@@ -40,6 +40,9 @@ const sign_up_and_sign_in = {
       set_up_more: '設定',
       go_to: '他のソーシャルコネクタに移動します。',
     },
+    automatic_account_linking: '自動アカウントリンク',
+    automatic_account_linking_label:
+      'オンにすると、ユーザーがシステムに新しいソーシャルアイデンティティでサインインし、同じ識別子 (例：メールアドレス) を持つ既存のアカウントが 1 つだけ存在する場合、Logto はアカウントリンクのプロンプトを表示する代わりに、そのアカウントをソーシャルアイデンティティに自動的にリンクします。',
   },
   tip: {
     set_a_password: 'ユーザー名にユニークなパスワードを設定することが重要です。',
@@ -49,11 +52,11 @@ const sign_up_and_sign_in = {
       'これは、サインアッププロセス中にパスワードを設定するオプションを有効にした場合に必要です。',
     verification_code_auth:
       'これは、サインアップ時に確認コードの提供オプションのみを有効にした場合に必要です。サインアッププロセスでパスワード設定を許可する場合は、ボックスのチェックを外してもかまいません。',
-    delete_sign_in_method: 'これは{{identifier}}を必須の識別子として選択した場合に必要です。',
+    delete_sign_in_method: 'これは {{identifier}} を必須の識別子として選択した場合に必要です。',
   },
   advanced_options: {
     title: '高度なオプション',
-    enable_single_sign_on: '企業向けシングルサインオン（SSO）を有効にする',
+    enable_single_sign_on: '企業向けシングルサインオン (SSO) を有効にする',
     enable_single_sign_on_description:
       'ユーザーが企業のアイデンティティを使用してアプリケーションにサインインできるようにします。',
     single_sign_on_hint: {
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-item.ts
index ab0bafdcd1f7..4f115662c1af 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-item.ts
@@ -141,10 +141,10 @@ const quota_item = {
     not_eligible: '二要素認証を削除',
   },
   sso_enabled: {
-    name: 'エンタープライズSSO',
-    limited: 'エンタープライズSSO',
-    unlimited: 'エンタープライズSSO',
-    not_eligible: 'エンタープライズSSOを削除してください',
+    name: 'エンタープライズ SSO',
+    limited: 'エンタープライズ SSO',
+    unlimited: 'エンタープライズ SSO',
+    not_eligible: 'エンタープライズ SSO を削除してください',
   },
   tenant_members_limit: {
     name: 'テナントメンバー',
@@ -154,10 +154,22 @@ const quota_item = {
     not_eligible: 'テナントメンバーを削除してください',
   },
   custom_jwt_enabled: {
-    name: 'カスタムJWT',
-    limited: 'カスタムJWT',
-    unlimited: 'カスタムJWT',
-    not_eligible: 'JWTクレームカスタマイザーを削除してください',
+    name: 'カスタム JWT',
+    limited: 'カスタム JWT',
+    unlimited: 'カスタム JWT',
+    not_eligible: 'JWT クレームカスタマイザーを削除してください',
+  },
+  impersonation_enabled: {
+    name: 'インパーソネーション',
+    limited: 'インパーソネーション',
+    unlimited: 'インパーソネーション',
+    not_eligible: 'インパーソネーションを許可しません',
+  },
+  bring_your_ui_enabled: {
+    name: 'カスタム UI',
+    limited: 'カスタム UI',
+    unlimited: 'カスタム UI',
+    not_eligible: 'カスタム UI を削除してください',
   },
 };
 
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts
index 0f4489942605..38b1b7712b9d 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'UIとブランディング',
     custom_domain: 'カスタムドメイン',
     custom_css: 'カスタムCSS',
+    logo_and_favicon: 'ロゴとファビコン',
+    bring_your_ui: '自分のUIを持ち込む',
     dark_mode: 'ダークモード',
     i18n: '国際化',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: '多要素認証',
     sso: 'エンタープライズ SSO',
     adaptive_mfa: '適応型MFA',
+    impersonation: 'なりすまし',
   },
   user_management: {
     title: 'ユーザー管理',
@@ -79,20 +82,20 @@ const quota_table = {
   add_on: 'アドオン',
   tier: 'レベル{{value, number}}: ',
   paid_token_limit_tip:
-    'Logtoは、クォータ制限を超える機能に対して料金を追加します。2024年第2四半期ごろから課金を開始するまで無料でご利用いただけます。トークンがさらに必要な場合は、お問い合わせください。デフォルトでは、100万トークンごとに月額80ドルを請求します。',
+    'Logtoは、クォータ制限を超える機能に対して料金を追加します。2024年第2四半期ごろから課金を開始するまで無料でご利用いただけます。トークンがさらに必要な場合は、お問い合わせください。デフォルトでは、100万トークンごとに月額 80 ドルを請求します。',
   paid_quota_limit_tip:
     'Logtoはクォータ制限を超える機能に対して料金を追加します。2024年第2四半期ごろまでは無料でご利用いただけます。',
   paid_add_on_feature_tip:
     'これはアドオン機能です。2024年第2四半期ごろまでは無料でご利用いただけます。',
   million: '{{value, number}} 万',
   mau_tip:
-    'MAU（月間アクティブユーザー）は、請求サイクルでLogtoと少なくとも1つのトークンを交換したユニークユーザーの数を指します。',
+    'MAU（月間アクティブユーザー）は、請求サイクルで Logto と少なくとも 1 つのトークンを交換したユニークユーザーの数を指します。',
   tokens_tip:
-    'Logtoによって発行されたすべての種類のトークン、アクセストークン、リフレッシュトークンなどを含みます。',
+    'Logto によって発行されたすべての種類のトークン、アクセストークン、リフレッシュトークンなどを含みます。',
   mao_tip:
-    'MAO（月間アクティブ組織）は、請求サイクル内で少なくとも1つのMAU（月間アクティブユーザー）を持つユニークな組織の数を意味します。',
+    'MAO（月間アクティブ組織）は、請求サイクル内で少なくとも 1 つの MAU（月間アクティブユーザー）を持つユニークな組織の数を意味します。',
   third_party_tip:
-    'LogtoをOIDCアイデンティティプロバイダーとして使用して、サードパーティーアプリケーションのサインインや権限の付与を行います。',
+    'Logto を OIDC アイデンティティプロバイダーとして使用して、サードパーティーアプリケーションのサインインや権限の付与を行います。',
   included: '{{value, number}} 込み',
   included_mao: '{{value, number}} MAO込み',
   extra_quota_price: 'その後、各${{value, number}} / 月ごと',
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/tenants.ts b/packages/phrases/src/locales/ja/translation/admin-console/tenants.ts
index 1ae4e02e135b..b55fc7c38c08 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/tenants.ts
@@ -14,6 +14,8 @@ const tenants = {
     tenant_id: 'テナントID',
     tenant_name: 'テナント名',
     tenant_region: 'データがホストされている地域',
+    tenant_region_description:
+      'テナントリソース（ユーザー、アプリなど）がホストされている物理的な場所です。作成後に変更することはできません。',
     tenant_region_tip: 'テナントのリソースは{{region}}にホストされています。 <a>詳細</a>',
     environment_tag_development: '開発',
     environment_tag_production: '本番',
@@ -45,6 +47,7 @@ const tenants = {
   },
   create_modal: {
     title: 'テナントを作成する',
+    subtitle: '隔離されたリソースとユーザーを持つ新しいテナントを作成します。',
     tenant_usage_purpose: 'このテナントを使用する目的は何ですか？',
     development_description:
       'テスト用であり、本番で使用すべきではありません。サブスクリプションは必要ありません。',
@@ -54,14 +57,18 @@ const tenants = {
     available_plan: '利用可能なプラン:',
     create_button: 'テナントを作成する',
     tenant_name_placeholder: '私のテナント',
+    tenant_created: 'テナントが正常に作成されました。',
+    invitation_failed:
+      '一部の招待を送信できませんでした。後で設定 -> メンバーで再試行してください。',
+    tenant_type_description: '作成後に変更することはできません。',
   },
   dev_tenant_migration: {
     title: '新しい「開発テナント」を作成して、プロの機能を無料でお試しできます！',
     affect_title: 'これはあなたにどのように影響しますか？',
     hint_1:
-      '古い<strong>環境タグ</strong>が2つの新しいテナントタイプ<strong>「開発」</strong>および<strong>「本番」</strong>に置き換えられます。',
+      '古い<strong> 環境タグ </strong>が2つの新しいテナントタイプ<strong> 「開発」</strong>および<strong> 「本番」</strong>に置き換えられます。',
     hint_2:
-      'シームレスな移行と機能の連続性を保証するため、すべての早期に作成されたテナントは、前のサブスクリプションとともに<strong>「本番」</strong>テナントタイプに昇格されます。',
+      'シームレスな移行と機能の連続性を保証するため、すべての早期に作成されたテナントは、前のサブスクリプションとともに<strong> 本番 </strong>テナントタイプに昇格されます。',
     hint_3: 'ご安心ください、他のすべての設定は変わりません。',
     about_tenant_type: 'テナントタイプについて',
   },
@@ -100,6 +107,10 @@ const tenants = {
     description_2:
       '詳細な説明や懸念事項がある場合、または機能を完全に復元しテナントをアンブロックする場合は、直ちにお問い合わせください。',
   },
+  production_tenant_notification: {
+    text: '無料テスト用の開発テナントにいます。本番テナントを作成して本稼働に移行してください。',
+    action: 'テナントを作成する',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/ja/translation/admin-console/upsell/paywall.ts
index 113637b7399d..6560e8f41a0a 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       "Upgrade to a paid plan for custom JWT functionality and premium benefits. Don't hesitate to <a>contact us</a> if you have any questions.",
   },
+  bring_your_ui:
+    'カスタム UI 機能とプレミアム特典を利用するには、有料プランにアップグレードしてください。',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/ja/translation/admin-console/user-details.ts b/packages/phrases/src/locales/ja/translation/admin-console/user-details.ts
index c86f0e0ea3eb..aef915f5be7e 100644
--- a/packages/phrases/src/locales/ja/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/ja/translation/admin-console/user-details.ts
@@ -34,9 +34,13 @@ const user_details = {
   field_custom_data: 'カスタムデータ',
   field_custom_data_tip:
     'プリディフィンドされたユーザープロパティにリストされていない、追加のユーザー情報（ユーザーが好みの色や言語など）。',
+  field_profile: 'プロフィール',
+  field_profile_tip:
+    'ユーザーのプロパティに含まれていないオープン ID コネクト標準クレーム。すべての不明なプロパティは削除される点に注意してください。詳細については、<a>プロフィールプロパティリファレンス</a> を参照してください。',
   field_connectors: 'ソーシャル接続',
   field_sso_connectors: 'エンタープライズ接続',
-  custom_data_invalid: 'カスタムデータは有効なJSONオブジェクトである必要があります',
+  custom_data_invalid: 'カスタムデータは有効な JSON オブジェクトである必要があります',
+  profile_invalid: 'プロフィールは有効な JSON オブジェクトである必要があります',
   connectors: {
     connectors: 'コネクタ',
     user_id: 'ユーザーID',
@@ -74,20 +78,23 @@ const user_details = {
   roles: {
     name_column: 'ユーザー役割',
     description_column: '説明',
+    assign_button: '役割を割り当てる',
     delete_description:
       'この操作により、このユーザーからこの役割が削除されます。役割自体はまだ存在しますが、このユーザーに関連付けられなくなります。',
     deleted: '役割 {{name}} はこのユーザーから正常に削除されました。',
-    assign_subtitle: '名前、説明、または役割IDで検索して適切なユーザー役割を見つけます。',
+    assign_title: '{{name}} に役割を割り当てる',
+    assign_subtitle: '名前、説明、または役割 ID で検索して適切なユーザー役割を見つけます。',
     assign_role_field: '役割を割り当てる',
     role_search_placeholder: '役割名で検索',
     added_text: '{{value, number}} 追加しました',
     assigned_user_count: '{{value, number}} ユーザー',
+    confirm_assign: '役割を割り当てる',
     role_assigned: '役割が正常に割り当てられました',
     search: 'ロール名、説明、または ID で検索',
     empty: '利用可能な役割はありません',
   },
   warning_no_sign_in_identifier:
-    'ユーザーは、サインインに少なくとも1つの識別子（ユーザー名、メールアドレス、電話番号、またはソーシャル）を持っている必要があります。続行してよろしいですか？',
+    'ユーザーは、サインインに少なくとも 1 つの識別子（ユーザー名、メールアドレス、電話番号、またはソーシャル）を持っている必要があります。続行してよろしいですか？',
 };
 
 export default Object.freeze(user_details);
diff --git a/packages/phrases/src/locales/ja/translation/demo-app.ts b/packages/phrases/src/locales/ja/translation/demo-app.ts
index 6166e0ef471a..00811f0fd369 100644
--- a/packages/phrases/src/locales/ja/translation/demo-app.ts
+++ b/packages/phrases/src/locales/ja/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'ライブプレビューへのサインインに成功しました！',
+  subtitle: 'ここにユーザー情報があります：',
   username: 'ユーザー名：',
   user_id: 'ユーザーID：',
   sign_out: 'ライブプレビューからサインアウトする',
diff --git a/packages/phrases/src/locales/ko/errors/session.ts b/packages/phrases/src/locales/ko/errors/session.ts
index 289f16ed81da..0865e3d2ecf1 100644
--- a/packages/phrases/src/locales/ko/errors/session.ts
+++ b/packages/phrases/src/locales/ko/errors/session.ts
@@ -11,28 +11,30 @@ const session = {
   verification_expired:
     '연결 시간이 초과되었어요. 검증을 다시 시작하고, 계정이 안전한지 확인해 주세요.',
   verification_blocked_too_many_attempts:
-    'Too many attempts in a short time. Please try again {{relativeTime}}.',
+    '짧은 시간 안에 너무 많은 시도가 있었어요. {{relativeTime}} 후에 다시 시도해 주세요.',
   unauthorized: '로그인을 먼저 해 주세요.',
   unsupported_prompt_name: '지원하지 않는 Prompt 이름이에요.',
   forgot_password_not_enabled: '비밀번호 찾기가 활성화되어있지 않아요.',
   verification_failed:
     '인증이 성공적으로 완료되지 않았어요. 처음부터 다시 인증 과정을 거쳐 주세요.',
   connector_validation_session_not_found: '연동 세션 유효성 검증을 위한 토큰을 찾을 수 없어요.',
+  csrf_token_mismatch: 'CSRF 토큰이 일치하지 않아요.',
   identifier_not_found: '사용자 식별자를 찾을 수 없어요. 처음부터 다시 로그인을 시도해 주세요.',
   interaction_not_found: '인터랙션 세션을 찾을 수 없어요. 처음부터 다시 세션을 시작해 주세요.',
-  not_supported_for_forgot_password: 'This operation is not supported for forgot password.',
+  not_supported_for_forgot_password: '이 작업은 비밀번호 찾기를 지원하지 않아요.',
+  identity_conflict: 'ID 불일치가 감지되었어요. 다른 ID로 진행하기 위해 새 세션을 시작해 주세요.',
   mfa: {
-    require_mfa_verification: 'Mfa verification is required to sign in.',
-    mfa_sign_in_only: 'Mfa is only available for sign-in interaction.',
-    pending_info_not_found: 'Pending MFA info not found, please initiate MFA first.',
-    invalid_totp_code: 'Invalid TOTP code.',
-    webauthn_verification_failed: 'WebAuthn verification failed.',
-    webauthn_verification_not_found: 'WebAuthn verification not found.',
-    bind_mfa_existed: 'MFA already exists.',
-    backup_code_can_not_be_alone: 'Backup code can not be the only MFA.',
-    backup_code_required: 'Backup code is required.',
-    invalid_backup_code: 'Invalid backup code.',
-    mfa_policy_not_user_controlled: 'MFA policy is not user controlled.',
+    require_mfa_verification: 'MFA 인증이 필요해요.',
+    mfa_sign_in_only: 'MFA는 로그인 인터랙션에서만 사용할 수 있어요.',
+    pending_info_not_found: '대기 중인 MFA 정보를 찾을 수 없어요. 먼저 MFA를 시작해 주세요.',
+    invalid_totp_code: '유효하지 않은 TOTP 코드예요.',
+    webauthn_verification_failed: 'WebAuthn 인증에 실패했어요.',
+    webauthn_verification_not_found: 'WebAuthn 인증 정보를 찾을 수 없어요.',
+    bind_mfa_existed: 'MFA가 이미 존재해요.',
+    backup_code_can_not_be_alone: '백업 코드는 단독으로 존재할 수 없어요.',
+    backup_code_required: '백업 코드가 필요해요.',
+    invalid_backup_code: '유효하지 않은 백업 코드예요.',
+    mfa_policy_not_user_controlled: 'MFA 정책은 사용자가 제어할 수 없어요.',
   },
   sso_enabled: '이 이메일로는 SSO가 활성화되어 있어요. SSO로 로그인해 주세요.',
 };
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts b/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts
index 30c98e46ed50..051c5f289219 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts
@@ -22,6 +22,7 @@ const application_details = {
   description: '설명',
   description_placeholder: '어플리케이션 설명을 적어주세요.',
   config_endpoint: 'OpenID Provider 구성 엔드포인트',
+  issuer_endpoint: '발급자 엔드포인트',
   authorization_endpoint: '인증 엔드포인트',
   authorization_endpoint_tip:
     '인증 및 권한 부여를 진행할 엔드포인트입니다. OpenID Connect <a>인증</a>에서 사용되었던 값입니다.',
@@ -61,6 +62,13 @@ const application_details = {
   rotate_refresh_token: 'Refresh 토큰 회전',
   rotate_refresh_token_label:
     '활성화하면, 원래 TTL 중 70%가 지난 후 또는 특정 조건이 충족되면 Refresh 토큰 요청에 대해 새로운 Refresh 토큰을 발행합니다. <a>자세히 보기</a>',
+  backchannel_logout: '백채널 로그아웃',
+  backchannel_logout_description:
+    '애플리케이션에 세션이 필요한 경우 OpenID Connect 백채널 로그아웃 엔드포인트를 구성하세요.',
+  backchannel_logout_uri: '백채널 로그아웃 URI',
+  backchannel_logout_uri_session_required: '세션이 필요합니까?',
+  backchannel_logout_uri_session_required_description:
+    '활성화되면, RP는 `sid` (세션 ID) 클레임이 로그아웃 토큰에 포함되어 `backchannel_logout_uri` 사용 시 OP와 RP 세션을 식별하도록 요구합니다.',
   delete_description:
     '이 행동은 취소할 수 없습니다. 애플리케이션을 영구적으로 삭제할 것입니다. 삭제를 진행하려면 <span>{{name}}</span>를 입력하세요.',
   enter_your_application_name: '어플리케이션 이름을 입력하세요.',
@@ -84,14 +92,22 @@ const application_details = {
     '원본 서버를 직접 액세스로부터 보호하세요. 더 많은 <a>자세한 지침</a>을 위해 안내서를 참조하세요.',
   session_duration: '세션 기간 (일)',
   try_it: '해보기',
+  no_organization_placeholder: '조직을 찾을 수 없습니다. <a>조직으로 이동</a>',
   branding: {
     name: '브랜딩',
     description: '동의 화면에서 앱의 표시 이름과 로고를 사용자 정의하세요.',
+    description_third_party: '동의 화면에서 애플리케이션의 표시 이름과 로고를 사용자 정의하세요.',
+    app_logo: '앱 로고',
+    app_level_sie: '앱 수준 로그인 경험',
+    app_level_sie_switch:
+      '앱 수준 로그인 경험을 활성화하고 앱별 브랜딩을 설정하세요. 비활성화되면 전체 로그인 경험이 사용됩니다.',
     more_info: '추가 정보',
     more_info_description: '동의 화면에서 사용자에게 앱에 대한 자세한 정보를 제공하세요.',
     display_name: '표시 이름',
-    display_logo: '표시 로고',
-    display_logo_dark: '표시 로고 (어두운 버전)',
+    application_logo: '애플리케이션 로고',
+    application_logo_dark: '애플리케이션 로고 (다크)',
+    brand_color: '브랜드 색상',
+    brand_color_dark: '브랜드 색상 (다크)',
     terms_of_use_url: '애플리케이션 이용 약관 URL',
     privacy_policy_url: '애플리케이션 개인정보 보호정책 URL',
   },
@@ -127,13 +143,13 @@ const application_details = {
     grant_organization_level_permissions: '조직 데이터의 권한 부여',
   },
   roles: {
-    name_column: '머신 간 역할',
-    description_column: '설명',
     assign_button: '머신 간 역할 할당',
     delete_description:
       '이 작업은 이 장치 간 앱에서이 역할을 제거합니다. 역할 자체는 여전히 존재하지만 이 장치 간 앱과 관련이 없어집니다.',
     deleted: '{{name}} 가 성공적으로 삭제되었습니다.',
     assign_title: '{{name}}에게 머신 간 역할 할당',
+    assign_subtitle:
+      '머신 간 애플리케이션은 관련 API 리소스에 액세스하기 위해 머신 간 유형의 역할을 가져야 합니다.',
     assign_role_field: '머신 간 역할 할당',
     role_search_placeholder: '역할 이름으로 검색',
     added_text: '{{value, number}} 추가됨',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/cloud.ts b/packages/phrases/src/locales/ko/translation/admin-console/cloud.ts
index 141714f484d3..65df5ae02429 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/cloud.ts
@@ -31,6 +31,13 @@ const cloud = {
       others: '위에 나열된 것 중에 없어요',
     },
   },
+  create_tenant: {
+    page_title: '테넌트 만들기',
+    title: '첫 번째 테넌트 만들기',
+    description:
+      '테넌트는 사용자 신원, 애플리케이션 및 기타 모든 Logto 리소스를 관리할 수 있는 독립된 환경입니다.',
+    invite_collaborators: '이메일로 협력자를 초대하세요',
+  },
   sie: {
     page_title: '로그인 환경 변경하기',
     title: '먼저 로그인 환경을 간편하게 사용자화해 보세요.',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/ko/translation/admin-console/connector-details.ts
index 8c74087d6605..36e2201f888f 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       '이메일 하단에 회사 이름, 주소 또는 우편번호를 표시하여 신뢰성을 높입니다.',
     company_information_placeholder: '회사의 기본 정보',
+    email_logo_field: '이메일 로고',
+    email_logo_tip:
+      '이메일 상단에 브랜드 로고를 표시하세요. 라이트 모드와 다크 모드 모두에 동일한 이미지를 사용하세요.',
     urls_not_allowed: 'URL은 허용되지 않습니다.',
     test_notes: 'Logto는 "Generic" 템플릿을 사용하여 테스트합니다.',
   },
+  google_one_tap: {
+    title: 'Google 원탭',
+    description:
+      'Google 원탭은 사용자들이 당신의 웹사이트에 쉽게 로그인할 수 있는 안전한 방법입니다.',
+    enable_google_one_tap: 'Google 원탭 활성화',
+    enable_google_one_tap_description:
+      '로그인 경험에서 Google 원탭을 활성화하세요: 사용자가 이미 자신의 기기에서 Google 계정에 로그인한 경우 빠르게 가입 또는 로그인할 수 있게 합니다.',
+    configure_google_one_tap: 'Google 원탭 구성',
+    auto_select: '가능한 경우 자격 증명 자동 선택',
+    close_on_tap_outside: '사용자가 외부 클릭/탭 시 프롬프트 취소',
+    itp_support: '<a>ITP 브라우저에서 업그레이드된 원탭 UX</a> 활성화',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/connectors.ts b/packages/phrases/src/locales/ko/translation/admin-console/connectors.ts
index 3051e1cbef89..1a6c48a5afae 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/connectors.ts
@@ -44,6 +44,8 @@ const connectors = {
     name: '소셜 로그인 버튼 이름',
     name_placeholder: '소셜 로그인 버튼 이름을 입력하세요',
     name_tip: '다음과 같이 연동 이름이 출력돼요. "{{name}}으로 계속하기".',
+    connector_logo: '연동 로고',
+    connector_logo_tip: '로고는 연동 로그인 버튼에 표시됩니다.',
     target: '연동 ID 공급자',
     target_placeholder: '연동 ID 공급자 이름을 입력하세요',
     target_tip: '"IdP 이름"의 값은 소셜 식별자를 구분하기 위한 고유 식별자 문자열이 될 수 있어요.',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/ko/translation/admin-console/jwt-claims.ts
index 3735dde4742d..7e4d8c2fe2af 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/jwt-claims.ts
@@ -30,6 +30,11 @@ const jwt_claims = {
     title: '사용자 데이터',
     subtitle: '`data.user` 입력 매개변수를 사용하여 중요한 사용자 정보 제공.',
   },
+  grant_data: {
+    title: 'Grant 데이터',
+    subtitle:
+      '`data.grant` 입력 매개변수를 사용하여 중요한 Grant 정보를 제공하고, 이 정보는 오직 토큰 교환에만 사용할 수 있습니다.',
+  },
   token_data: {
     title: '토큰 데이터',
     subtitle: '현재 액세스 토큰 페이로드에 대한 `token` 입력 매개변수 사용.',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/ko/translation/admin-console/organization-details.ts
index 23442d2b5486..e298acde38f9 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/organization-details.ts
@@ -14,18 +14,64 @@ const organization_details = {
     '이름, 이메일, 전화 또는 사용자 ID를 검색하여 적절한 사용자를 찾습니다. 기존 멤버는 검색 결과에 표시되지 않습니다.',
   add_with_organization_role: '조직 역할로 추가',
   user: '사용자',
+  application: '응용 프로그램',
+  application_other: '응용 프로그램들',
+  add_applications_to_organization: '조직 {{name}}에 응용 프로그램 추가',
+  add_applications_to_organization_description:
+    '앱 ID, 이름 또는 설명을 검색하여 적절한 응용 프로그램을 찾습니다. 기존 응용 프로그램은 검색 결과에 표시되지 않습니다.',
+  at_least_one_application: '최소한 하나의 응용 프로그램이 필요합니다.',
+  remove_application_from_organization: '조직에서 응용 프로그램 제거',
+  remove_application_from_organization_description:
+    '제거하면 응용 프로그램은 이 조직에서의 연관성과 역할을 잃게 됩니다. 이 작업은 취소할 수 없습니다.',
+  search_application_placeholder: '앱 ID, 이름 또는 설명으로 검색',
+  roles: '조직 역할',
   authorize_to_roles: '{{name}}에게 다음 역할에 대한 액세스 권한 부여:',
   edit_organization_roles: '조직 역할 편집',
-  edit_organization_roles_of_user: '{{name}}의 조직 역할 편집',
+  edit_organization_roles_title: '{{name}} 의 조직 역할 편집',
   remove_user_from_organization: '사용자를 조직에서 제거',
   remove_user_from_organization_description:
     '제거하면 사용자가 이 조직에서 멤버십과 역할을 잃습니다. 이 작업은 취소할 수 없습니다.',
   search_user_placeholder: '이름, 이메일, 전화 또는 사용자 ID로 검색',
   at_least_one_user: '최소한 한 명의 사용자가 필요합니다.',
+  organization_roles_tooltip: '이 조직 내의 {{type}} 에 할당된 역할입니다.',
   custom_data: '사용자 정의 데이터',
   custom_data_tip:
     '사용자 정의 데이터는 조직과 관련된 추가 데이터를 저장하는 데 사용할 수 있는 JSON 객체입니다.',
   invalid_json_object: '잘못된 JSON 객체입니다.',
+  branding: {
+    logo: '조직 로고',
+    logo_tooltip:
+      '조직 ID를 전달하여 로그인 경험에서 이 로고를 표시할 수 있습니다. 어두운 모드가 활성화되어 있는 경우 어두운 버전의 로고가 필요합니다. <a>자세히 알아보기</a>',
+  },
+  jit: {
+    title: '즉시 프로비저닝',
+    description:
+      '일부 인증 방법을 통해 처음으로 로그인할 때 사용자가 자동으로 조직에 가입되고 역할이 할당될 수 있습니다. 즉시 프로비저닝을 위한 요구 사항을 설정할 수 있습니다.',
+    email_domain: '이메일 도메인 프로비저닝',
+    email_domain_description:
+      '확인된 이메일 주소를 사용하여 회원가입하거나 확인된 이메일 주소를 사용하여 소셜 로그인을 하는 신규 사용자는 자동으로 조직에 가입됩니다. <a>자세히 알아보기</a>',
+    email_domain_placeholder: '즉시 프로비저닝을 위한 이메일 도메인을 입력하세요',
+    invalid_domain: '잘못된 도메인',
+    domain_already_added: '도메인이 이미 추가되었습니다',
+    sso_enabled_domain_warning:
+      '엔터프라이즈 SSO와 연관된 하나 이상의 이메일 도메인을 입력했습니다. 이 이메일을 가진 사용자는 표준 SSO 흐름을 따르게 되며, 엔터프라이즈 SSO 프로비저닝이 설정되지 않은 한 이 조직에 프로비저닝되지 않습니다.',
+    enterprise_sso: '엔터프라이즈 SSO 프로비저닝',
+    no_enterprise_connector_set:
+      '아직 엔터프라이즈 SSO 커넥터를 설정하지 않았습니다. 먼저 커넥터를 추가하여 엔터프라이즈 SSO 프로비저닝을 활성화하십시오. <a>설정</a>',
+    add_enterprise_connector: '엔터프라이즈 커넥터 추가',
+    enterprise_sso_description:
+      '처음으로 엔터프라이즈 SSO를 통해 로그인하는 신규 사용자나 기존 사용자는 자동으로 조직에 가입됩니다. <a>자세히 알아보기</a>',
+    organization_roles: '기본 조직 역할',
+    organization_roles_description:
+      '즉시 프로비저닝을 통해 조직에 가입할 때 사용자에게 할당할 역할입니다.',
+  },
+  mfa: {
+    title: '다중 인증 (MFA)',
+    tip: 'MFA가 필요할 때, MFA가 설정되지 않은 사용자는 조직 토큰을 교환하려고 시도할 때 거부됩니다. 이 설정은 사용자 인증에 영향을 미치지 않습니다.',
+    description: '이 조직에 액세스하기 위해 사용자가 다중 인증을 설정해야 합니다.',
+    no_mfa_warning:
+      '테넌트에 다중 인증 방법이 활성화되어 있지 않습니다. 하나 이상의 <a>다중 인증 방법</a>이 활성화될 때까지 사용자는 이 조직에 액세스할 수 없습니다.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/ko/translation/admin-console/organization-template.ts
index ce30d882a870..95bd89faee9d 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: '조직 역할 만들기',
       create: '역할 만들기',
-      name_field: '역할 이름',
-      description_field: '설명',
+      name: '역할 이름',
+      description: '설명',
+      type: '역할 유형',
       created: '조직 역할 {{name}}이(가) 성공적으로 만들어졌습니다.',
     },
   },
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/organizations.ts b/packages/phrases/src/locales/ko/translation/admin-console/organizations.ts
index 948fe34410a0..4c4bc85d87f6 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: '조직 템플릿',
   organization_id: '조직 ID',
   members: '회원',
+  machine_to_machine: '기계 대 기계 앱',
   create_organization: '조직 만들기',
   setup_organization: '조직 설정',
   organization_list_placeholder_title: '조직',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/profile.ts b/packages/phrases/src/locales/ko/translation/admin-console/profile.ts
index 8665b40d4ad7..43545f980d5a 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/profile.ts
@@ -49,6 +49,39 @@ const profile = {
     description:
       '계정을 삭제하면 모든 개인 정보, 사용자 데이터 및 설정이 삭제돼요. 이 작업은 되돌릴 수 없어요.',
     button: '계정 삭제',
+    p: {
+      has_issue:
+        '계정을 삭제하려고 하신다니 유감이에요. 계정을 삭제하기 전에 다음 문제를 해결해야 해요.',
+      after_resolved:
+        '문제를 해결한 후 계정을 삭제할 수 있어요. 도움이 필요하면 주저하지 말고 연락 주세요.',
+      check_information:
+        '계정을 삭제하려고 하신다니 유감이에요. 진행하기 전에 다음 정보를 주의 깊게 확인해주세요.',
+      remove_all_data:
+        '계정을 삭제하면 Logto Cloud 에서 당신에 대한 모든 데이터가 영구적으로 삭제돼요. 중요한 데이터를 백업해주세요.',
+      confirm_information:
+        '위의 정보가 예상한 것인지 확인해주세요. 계정을 삭제하면 복구할 수 없어요.',
+      has_admin_role: '다음 테넌트에서 관리자로 지정되어 있기 때문에, 계정과 함께 삭제될 거예요:',
+      has_admin_role_other:
+        '다음 테넌트에서 관리자로 지정되어 있기 때문에, 계정과 함께 삭제될 거예요:',
+      quit_tenant: '다음 테넌트를 나가려고 합니다:',
+      quit_tenant_other: '다음 테넌트를 나가려고 합니다:',
+    },
+    issues: {
+      paid_plan: '다음 테넌트는 유료 플랜을 가지고 있으므로, 구독을 먼저 취소해야 해요:',
+      paid_plan_other: '다음 테넌트들은 유료 플랜을 가지고 있으므로, 구독을 먼저 취소해야 해요:',
+      subscription_status: '다음 테넌트는 구독 상태에 문제가 있어요:',
+      subscription_status_other: '다음 테넌트들은 구독 상태에 문제가 있어요:',
+      open_invoice: '다음 테넌트는 미결제 청구서가 있어요:',
+      open_invoice_other: '다음 테넌트들은 미결제 청구서가 있어요:',
+    },
+    error_occurred: '오류가 발생했어요',
+    error_occurred_description: '계정을 삭제하는 동안 문제가 발생했어요:',
+    request_id: '요청 ID: {{requestId}}',
+    try_again_later:
+      '나중에 다시 시도해주세요. 문제가 지속되면 요청 ID 와 함께 Logto 팀에 문의하세요.',
+    final_confirmation: '최종 확인',
+    about_to_start_deletion: '삭제 과정을 시작하려하고 있으며 이 작업은 되돌릴 수 없어요.',
+    permanently_delete: '영구적으로 삭제',
   },
   set: '설정',
   change: '변경',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/roles.ts b/packages/phrases/src/locales/ko/translation/admin-console/roles.ts
index 6319655bb358..fa50bdf56c80 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: '역할 생성',
   role_name: '역할 이름',
   role_type: '역할 유형',
+  type_user: '사용자',
+  type_machine_to_machine: '기계 대 기계',
   role_description: '설명',
   role_name_placeholder: '역할 이름을 입력하세요',
   role_description_placeholder: '역할 설명을 입력하세요',
@@ -19,15 +21,18 @@ const roles = {
   application_count: '{{count}} 개의 앱',
   assign_permissions: '권한 할당',
   create_role_title: '역할 생성',
+  create_role_description: '권한을 조직하고 사용자에게 할당하기 위해 역할을 사용하세요.',
   create_role_button: '역할 생성',
   role_created: '역할 {{name}}이 성공적으로 생성되었어요.',
   search: '역할 이름, 설명, ID로 검색',
   placeholder_title: '역할',
   placeholder_description:
     '역할은 사용자에게 할당할 수 있는 권한의 모임이에요. 역할을 만들기 전에 먼저 권한을 추가해야 해요.',
+  assign_roles: '역할 할당',
   management_api_access_notification:
     'Logto 관리 API 액세스를 위해 관리 API 권한이있는 역할을 선택하십시오 <flag/>.',
   with_management_api_access_tip: '이 기계 간 역할에는 Logto 관리 API 권한이 포함되어 있습니다',
+  role_creation_hint: '적절한 역할을 찾을 수 없습니까? <a>역할 생성</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/index.ts
index a0add160836b..c8609b121fb1 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/index.ts
@@ -24,22 +24,63 @@ const sign_in_exp = {
     primary_color: '브랜드 색상',
     dark_primary_color: '브랜드 색상 (다크 모드)',
     dark_mode: '다크 모드 활성화',
-    dark_mode_description: 'Logto가 브랜드 색상에 알맞게 자동으로 다크 모드 테마를 생성해요.',
+    dark_mode_description: 'Logto 가 브랜드 색상에 알맞게 자동으로 다크 모드 테마를 생성해요.',
     dark_mode_reset_tip: '브랜드 색상에 알맞게 다크 모드 색상',
     reset: '재생성',
   },
   branding: {
     title: '브랜딩 영역',
     ui_style: '스타일',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (다크)',
+    app_logo_and_favicon: '앱 로고 및 파비콘',
+    company_logo_and_favicon: '회사 로고 및 파비콘',
   },
-  custom_css: {
-    title: '사용자 정의 CSS',
-    css_code_editor_title: '사용자 정의 CSS로 UI 개인화',
-    css_code_editor_description1: '사용자 정의 CSS의 예시를 확인하세요.',
+  branding_uploads: {
+    app_logo: {
+      title: '앱 로고',
+      url: '앱 로고 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '앱 로고: {{error}}',
+    },
+    company_logo: {
+      title: '회사 로고',
+      url: '회사 로고 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '회사 로고: {{error}}',
+    },
+    organization_logo: {
+      title: '이미지 업로드',
+      url: '조직 로고 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '조직 로고: {{error}}',
+    },
+    connector_logo: {
+      title: '이미지 업로드',
+      url: '커넥터 로고 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '커넥터 로고: {{error}}',
+    },
+    favicon: {
+      title: '파비콘',
+      url: '파비콘 URL',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: '파비콘: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: '커스텀 UI',
+    css_code_editor_title: '커스텀 CSS',
+    css_code_editor_description1: '커스텀 CSS 예제를 확인하세요.',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: '더 알아보기',
     css_code_editor_content_placeholder:
-      '사용자 정의 CSS를 입력하여 원하는 대로 스타일을 조정할 수 있어요. 창의성을 표현하고 UI를 돋보이게 만드세요.',
+      '커스텀 CSS 를 입력하여 스타일을 정확한 사양에 맞게 조정하세요. 창의력을 발휘하여 UI 를 돋보이게 만드세요.',
+    bring_your_ui_title: 'UI 가져오기',
+    bring_your_ui_description:
+      'Logto 가미리 제공하는 UI 를 나만의 코드로 대체하기 위해 압축 패키지 (.zip)를 업로드하세요. <a>더 알아보기</a>',
+    preview_with_bring_your_ui_description:
+      '커스텀 UI 자산이 성공적으로 업로드되어 현재 제공되고 있습니다. 따라서 기본 제공 미리보기 창이 비활성화되었습니다.\n개인화된 로그인 UI 를 테스트하려면 "실시간 미리보기" 버튼을 클릭하여 새 브라우저 탭에서 엽니다.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 32451155f7d2..8e343a47c637 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -39,6 +39,9 @@ const sign_up_and_sign_in = {
       set_up_more: '다른 소셜 연동',
       go_to: '을 설정해 보세요.',
     },
+    automatic_account_linking: '자동 계정 연결',
+    automatic_account_linking_label:
+      '활성화되면 사용자가 새 시스템에서 소셜 ID로 로그인할 때 동일한 식별자(예: 이메일)를 가지고 있는 기존 계정이 하나만 있을 경우 Logto가 사용자에게 계정 연결을 요청하는 대신 자동으로 소셜 ID와 계정을 연결합니다.',
   },
   tip: {
     set_a_password: '사용자 이름에 대한 고유한 암호 집합은 필수예요.',
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-item.ts
index 0d93670ce790..8d0f712fdcd5 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: '사용자 정의 JWT',
     not_eligible: '사용자 정의 JWT 클레임 사용자를 제거하십시오',
   },
+  impersonation_enabled: {
+    name: '임퍼소네이션',
+    limited: '임퍼소네이션',
+    unlimited: '임퍼소네이션',
+    not_eligible: '임퍼소네이션 허용 안 됨',
+  },
+  bring_your_ui_enabled: {
+    name: '맞춤 UI 사용',
+    limited: '맞춤 UI 사용',
+    unlimited: '맞춤 UI 사용',
+    not_eligible: '맞춤 UI 자산을 제거하십시오',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts
index b851fff7f52a..e84f9755c2d1 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'UI 및 브랜딩',
     custom_domain: '사용자 정의 도메인',
     custom_css: '사용자 정의 CSS',
+    logo_and_favicon: '로고 및 파비콘',
+    bring_your_ui: '자신의 UI 가져오기',
     dark_mode: '다크 모드',
     i18n: '국제화',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: '다중 인증',
     sso: '기업 SSO',
     adaptive_mfa: '적응형 MFA',
+    impersonation: '가장하기',
   },
   user_management: {
     title: '사용자 관리',
@@ -79,23 +82,23 @@ const quota_table = {
   add_on: '부가 기능',
   tier: '레벨{{value, number}}: ',
   paid_token_limit_tip:
-    'Logto는 할당량 한도를 초과하는 기능에 대해 요금을 부과할 것입니다. 2024년 제2분기부터 요금이 부과될 때까지 무료로 사용할 수 있습니다. 더 많은 토큰이 필요한 경우 저희에게 문의하십시오. 기본적으로 100만 토큰 당 월 $80을 청구합니다.',
+    'Logto 는 할당량 한도를 초과하는 기능에 대해 요금을 부과할 것입니다. 2024년 제 2분기부터 요금이 부과될 때까지 무료로 사용할 수 있습니다. 더 많은 토큰이 필요한 경우 저희에게 문의하십시오. 기본적으로 100만 토큰 당 월 $80 을 청구합니다.',
   paid_quota_limit_tip:
-    'Logto는 할당량 제한을 초과하는 기능에 대해 요금을 부과할 것입니다. 2024년 제2분기까지는 무료로 사용할 수 있습니다.',
+    'Logto 는 할당량 제한을 초과하는 기능에 대해 요금을 부과할 것입니다. 2024년 제 2분기까지는 무료로 사용할 수 있습니다.',
   paid_add_on_feature_tip:
-    '이것은 부가 기능입니다. 2024년 제2분기까지는 무료로 사용할 수 있습니다.',
+    '이것은 부가 기능입니다. 2024년 제 2분기까지는 무료로 사용할 수 있습니다.',
   million: '{{value, number}} 백만',
   mau_tip:
-    'MAU (월간 활성 사용자)는 청구 주기 동안 Logto와 적어도 하나의 토큰을 교환한 고유 사용자 수를 의미합니다.',
-  tokens_tip: 'Logto에서 발행한 모든 종류의 토큰, 액세스 토큰, 리프레시 토큰 등을 포함합니다.',
+    'MAU (월간 활성 사용자) 는 청구 주기 동안 Logto 와 적어도 하나의 토큰을 교환한 고유 사용자 수를 의미합니다.',
+  tokens_tip: 'Logto 에서 발행한 모든 종류의 토큰, 액세스 토큰, 리프레시 토큰 등을 포함합니다.',
   mao_tip:
-    'MAO (월간 활성 조직)는 빌링 주기 내에서 적어도 하나의 MAU (월간 활성 사용자)를 가진 고유한 조직의 수를 의미합니다.',
-  third_party_tip: '타사 앱의 로그인 및 권한 부여에 대해 OIDC ID 공급자로서 Logto를 사용합니다.',
+    'MAO (월간 활성 조직) 는 빌링 주기 내에서 적어도 하나의 MAU (월간 활성 사용자) 를 가진 고유한 조직의 수를 의미합니다.',
+  third_party_tip: '타사 앱의 로그인 및 권한 부여에 대해 OIDC ID 공급자로서 Logto 를 사용합니다.',
   included: '{{value, number}} 포함',
   included_mao: '{{value, number}} MAO 포함',
   extra_quota_price: '이후 월당 ${{value, number}} / 각각',
   per_month_each: '월당 ${{value, number}} / 각각',
-  extra_mao_price: '이후 MAO당 ${{value, number}}',
+  extra_mao_price: '이후 MAO 당 ${{value, number}}',
   per_month: '월당 ${{value, number}}',
   per_member: '그런 다음 ${{value, number}} / 회원',
 };
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/tenants.ts b/packages/phrases/src/locales/ko/translation/admin-console/tenants.ts
index 6b8cae62c0ff..f2b75f5cdd03 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/tenants.ts
@@ -14,6 +14,8 @@ const tenants = {
     tenant_id: '테넌트 ID',
     tenant_name: '테넌트 이름',
     tenant_region: '데이터 호스팅 영역',
+    tenant_region_description:
+      '테넌트 리소스 (사용자, 앱 등) 가 호스팅되는 물리적 위치입니다. 생성 후에는 변경할 수 없습니다.',
     tenant_region_tip: '당신의 테넌트 자원은 {{region}}에 호스팅됩니다. <a>자세히 알아보기</a>',
     environment_tag_development: '개발',
     environment_tag_production: '프로드',
@@ -44,6 +46,7 @@ const tenants = {
   },
   create_modal: {
     title: '테넌트 만들기',
+    subtitle: '분리된 리소스와 사용자를 가지는 새 테넌트를 만듭니다.',
     tenant_usage_purpose: '이 테넌트를 사용하는 목적은 무엇입니까?',
     development_description:
       '테스트 용으로만 사용하고 프로덕션에서 사용하지 마십시오. 구독이 필요하지 않습니다.',
@@ -52,6 +55,9 @@ const tenants = {
     available_plan: '사용 가능한 요금제:',
     create_button: '테넌트 만들기',
     tenant_name_placeholder: '내 테넌트',
+    tenant_created: '테넌트가 성공적으로 생성되었습니다.',
+    invitation_failed: '초대 전송에 실패했습니다. 나중에 설정 -> 멤버에서 다시 시도하십시오.',
+    tenant_type_description: '생성 후에는 변경할 수 없습니다.',
   },
   dev_tenant_migration: {
     title: '사용자 정의 테넌트로 전환하여 Pro 기능을 무료로 이용할 수 있습니다!',
@@ -97,6 +103,10 @@ const tenants = {
     description_2:
       '자세한 설명이 필요한 경우, 우려 사항이 있거나 기능을 완전히 복원하고 테넌트를 차단 해제하려면 바로 연락 주시기 바랍니다.',
   },
+  production_tenant_notification: {
+    text: '무료 테스트를 위한 개발 테넌트에 있습니다. 라이브로 전환하려면 프로덕션 테넌트를 만드세요.',
+    action: '테넌트 만들기',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/ko/translation/admin-console/upsell/paywall.ts
index 8d39230dc4ee..f2c8539abeab 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,7 @@ const paywall = {
     description:
       '사용자 정의 JWT 기능 및 프리미엄 혜택을 위해 유료 플랜으로 업그레이드하세요. 궁금한 점이 있으면 <a>문의하세요</a>.',
   },
+  bring_your_ui: '사용자 정의 UI 기능과 프리미엄 혜택을 위해 유료 플랜으로 업그레이드하세요.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/ko/translation/admin-console/user-details.ts b/packages/phrases/src/locales/ko/translation/admin-console/user-details.ts
index 574999679f00..778aad672c63 100644
--- a/packages/phrases/src/locales/ko/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/ko/translation/admin-console/user-details.ts
@@ -34,9 +34,13 @@ const user_details = {
   field_custom_data: '사용자 정의 데이터',
   field_custom_data_tip:
     '사용자 정의 색상 및 언어와 같은 미리 정의되지 않은 추가적인 사용자의 정보를 의미해요.',
+  field_profile: '프로필',
+  field_profile_tip:
+    '사용자 속성에 포함되지 않은 추가 OpenID Connect 표준 클레임입니다. 모든 알 수 없는 속성은 제거됩니다. 자세한 내용은 <a>프로필 속성 참조</a>를 참조하세요.',
   field_connectors: '연동된 소셜',
   field_sso_connectors: '기업 연결',
   custom_data_invalid: '사용자 정의 데이터는 반드시 유효한 JSON 객체여야 해요.',
+  profile_invalid: '프로필은 유효한 JSON 객체여야 해요',
   connectors: {
     connectors: '연동',
     user_id: '사용자 ID',
@@ -73,14 +77,17 @@ const user_details = {
   roles: {
     name_column: '사용자 역할',
     description_column: '설명',
+    assign_button: '역할 할당',
     delete_description:
       '이 행동은 사용자에게서 이 역할을 삭제할 거예요. 역할은 그대로 존재하지만, 이 사용자에게 더 이상 할당되지 않아요.',
     deleted: '{{name}}이/가 성공적으로 이 사용자에게서 제거되었어요.',
+    assign_title: '{{name}}에게 역할 할당',
     assign_subtitle: '이름, 설명 또는 역할 ID로 검색하여 적절한 사용자 역할을 찾으세요.',
     assign_role_field: '역할 할당',
     role_search_placeholder: '역할 이름으로 검색',
     added_text: '{{value, number}}이/가 추가되었어요',
     assigned_user_count: '사용자 {{value, number}}명',
+    confirm_assign: '역할 할당',
     role_assigned: '역할을 성공적으로 할당했어요',
     search: '역할 이름, 설명, ID로 검색',
     empty: '역할 없음',
diff --git a/packages/phrases/src/locales/ko/translation/demo-app.ts b/packages/phrases/src/locales/ko/translation/demo-app.ts
index 2089c0d18631..e103418bcead 100644
--- a/packages/phrases/src/locales/ko/translation/demo-app.ts
+++ b/packages/phrases/src/locales/ko/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'Live Preview에 성공적으로 로그인했습니다!',
+  subtitle: '여기 당신의 사용자 정보가 있습니다:',
   username: '사용자 이름: ',
   user_id: '사용자 ID: ',
   sign_out: 'Live Preview에서 로그아웃',
diff --git a/packages/phrases/src/locales/pl-pl/errors/session.ts b/packages/phrases/src/locales/pl-pl/errors/session.ts
index 91a80deaccb2..44ba723dc330 100644
--- a/packages/phrases/src/locales/pl-pl/errors/session.ts
+++ b/packages/phrases/src/locales/pl-pl/errors/session.ts
@@ -18,11 +18,14 @@ const session = {
   verification_failed:
     'Weryfikacja nie powiodła się. Uruchom proces weryfikacji ponownie i spróbuj ponownie.',
   connector_validation_session_not_found: 'Nie znaleziono sesji łącznika dla weryfikacji tokena.',
+  csrf_token_mismatch: 'Nieprawidłowy token CSRF.',
   identifier_not_found:
     'Nie znaleziono identyfikatora użytkownika. Proszę wróć i zaloguj się ponownie.',
   interaction_not_found:
     'Nie znaleziono sesji interakcji. Proszę wróć i rozpocznij sesję ponownie.',
   not_supported_for_forgot_password: 'Ta operacja nie jest obsługiwana dla zapomnienia hasła.',
+  identity_conflict:
+    'Wykryto konflikt tożsamości. Proszę zainicjuj nową sesję, aby kontynuować przy użyciu innej tożsamości.',
   mfa: {
     require_mfa_verification: 'Wymagana jest weryfikacja MFA, aby się zalogować.',
     mfa_sign_in_only: 'MFA jest dostępne tylko dla interakcji logowania.',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts
index dae543304ee9..83ce0a1cc165 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Opis',
   description_placeholder: 'Wpisz opis swojej aplikacji',
   config_endpoint: 'Konfiguracja punktu końcowego OpenID Provider',
+  issuer_endpoint: 'Punkt końcowy emitenta',
   authorization_endpoint: 'Endpoint autoryzacji',
   authorization_endpoint_tip:
     'Punkt końcowy wykorzystywany do uwierzytelniania i autoryzacji. Jest używany do OpenID Connect <a>uwierzytelniania</a>.',
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Obróć token odświeżania',
   rotate_refresh_token_label:
     'Po włączeniu tej opcji Logto wydaje nowy token odświeżania dla żądań tokenów, gdy upłynęło 70% oryginalnego czasu życia (TTL) lub spełnione są określone warunki. <a>Dowiedz się więcej</a>',
+  backchannel_logout: 'Backchannel Logout',
+  backchannel_logout_description:
+    'Skonfiguruj punkt końcowy OpenID Connect backchannel logout i czy sesja jest wymagana dla tej aplikacji.',
+  backchannel_logout_uri: 'URI backchannel logout',
+  backchannel_logout_uri_session_required: 'Czy sesja jest wymagana?',
+  backchannel_logout_uri_session_required_description:
+    'Po włączeniu, RP wymaga, aby roszczenie `sid` (ID sesji) było zawarte w tokenie wylogowania, aby zidentyfikować sesję RP z OP, gdy używany jest `backchannel_logout_uri`.',
   delete_description:
     'Ta operacja nie może zostać cofnięta. Spowoduje trwałe usunięcie aplikacji. Aby potwierdzić, wpisz nazwę aplikacji <span>{{name}}</span>.',
   enter_your_application_name: 'Wpisz nazwę swojej aplikacji',
@@ -85,15 +93,23 @@ const application_details = {
     'Upewnij się, że chronisz swój serwer źródłowy przed bezpośrednim dostępem. Odniesienie do przewodnika dla więcej <a>szczegółowych instrukcji</a>.',
   session_duration: 'Czas trwania sesji (dni)',
   try_it: 'Wypróbuj',
+  no_organization_placeholder: 'Nie znaleziono organizacji. <a>Przejdź do organizacji</a>',
   branding: {
     name: 'Branding',
     description: 'Dostosuj nazwę i logo aplikacji na ekranie zgody.',
+    description_third_party: 'Dostosuj nazwę wyświetlaną aplikacji i logo na ekranie zgody.',
+    app_logo: 'Logo aplikacji',
+    app_level_sie: 'Doświadczenie logowania na poziomie aplikacji',
+    app_level_sie_switch:
+      'Włącz doświadczenie logowania na poziomie aplikacji i ustaw branding specyficzny dla aplikacji. Jeśli jest wyłączony, używane będzie doświadczenie omni sign-in.',
     more_info: 'Więcej informacji',
     more_info_description:
       'Zaoferuj użytkownikom więcej szczegółów na temat Twojej aplikacji na ekranie zgody.',
     display_name: 'Nazwa wyświetlana',
-    display_logo: 'Wyświetl logo',
-    display_logo_dark: 'Wyświetl logo (ciemne)',
+    application_logo: 'Logo aplikacji',
+    application_logo_dark: 'Logo aplikacji (ciemne)',
+    brand_color: 'Kolor marki',
+    brand_color_dark: 'Kolor marki (ciemny)',
     terms_of_use_url: 'Adres URL warunków użytkowania aplikacji',
     privacy_policy_url: 'Adres URL polityki prywatności aplikacji',
   },
@@ -131,13 +147,13 @@ const application_details = {
     grant_organization_level_permissions: 'Udziel uprawnień do danych organizacyjnych',
   },
   roles: {
-    name_column: 'Rola między maszynami',
-    description_column: 'Opis',
     assign_button: 'Przypisz role między maszynami',
     delete_description:
       'Ta czynność usunie tę rolę z tej aplikacji machine-to-machine. Rola ta nadal istnieje, ale nie będzie już powiązana z tą aplikacją machine-to-machine.',
     deleted: '{{name}} został(a) pomyślnie usunięty(ą) z tego użytkownika.',
     assign_title: 'Przypisz role między maszynami do {{name}}',
+    assign_subtitle:
+      'Aplikacje machine-to-machine muszą mieć role typu machine-to-machine, aby uzyskać dostęp do powiązanych zasobów API.',
     assign_role_field: 'Przypisz role między maszynami',
     role_search_placeholder: 'Wyszukaj według nazwy roli',
     added_text: '{{value, number}} dodane',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/cloud.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/cloud.ts
index fba7616877ce..f1ba3eb5e89a 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Nic z powyższych',
     },
   },
+  create_tenant: {
+    page_title: 'Utwórz najemcę',
+    title: 'Utwórz swojego pierwszego najemcę',
+    description:
+      'Najemca to odizolowane środowisko, w którym możesz zarządzać tożsamościami użytkowników, aplikacjami i wszystkimi innymi zasobami Logto.',
+    invite_collaborators: 'Zaproś swoich współpracowników za pomocą e-maila',
+  },
   sie: {
     page_title: 'Dostosuj doświadczenie logowania',
     title: 'Najpierw dostosuj swoje doświadczenie logowania',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/connector-details.ts
index 7036831492ae..b9c9acd961e9 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'Wyświetlaj nazwę firmy, adres lub kod pocztowy na dole wiadomości e-mail, aby zwiększyć autentyczność.',
     company_information_placeholder: 'Podstawowe informacje o Twojej firmie',
+    email_logo_field: 'Logo e-mail',
+    email_logo_tip:
+      'Wyświetl logo swojej marki na górze wiadomości e-mail. Użyj tego samego obrazu zarówno dla trybu jasnego, jak i ciemnego.',
     urls_not_allowed: 'Nie dozwolone adresy URL',
     test_notes: 'Logto używa szablonu "Ogólny" do testów.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap to bezpieczny i łatwy sposób, by użytkownicy mogli zalogować się na Twoją stronę.',
+    enable_google_one_tap: 'Włącz Google One Tap',
+    enable_google_one_tap_description:
+      'Włącz Google One Tap w swoim doświadczeniu logowania: Pozwól użytkownikom szybko się zarejestrować lub zalogować za pomocą ich konta Google, jeśli są już zalogowani na swoim urządzeniu.',
+    configure_google_one_tap: 'Skonfiguruj Google One Tap',
+    auto_select: 'Automatyczny wybór poświadczenia, jeśli to możliwe',
+    close_on_tap_outside: 'Anuluj monit, jeśli użytkownik kliknie/tapnie na zewnątrz',
+    itp_support: 'Włącz <a>ulepszony UX One Tap dla przeglądarek ITP</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/connectors.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/connectors.ts
index 6532321cc042..682986c827eb 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/connectors.ts
@@ -44,6 +44,8 @@ const connectors = {
     name_placeholder: 'Wpisz nazwę przycisku logowania społecznościowego',
     name_tip:
       'Nazwa przycisku łącznika będzie wyświetlana jako "Kontynuuj z {{name}}." Uwzględnij długość nazwy, gdyż może stać się zbyt długa.',
+    connector_logo: 'Logo łącznika',
+    connector_logo_tip: 'Logo będzie wyświetlane na przycisku logowania łącznika.',
     target: 'Nazwa dostawcy tożsamości',
     target_placeholder: 'Wpisz nazwę dostawcy tożsamości łącznika',
     target_tip:
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/jwt-claims.ts
index 5e6ca23390fc..b4d735979212 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/jwt-claims.ts
@@ -33,6 +33,11 @@ const jwt_claims = {
     subtitle:
       'Użyj parametru wejściowego `data.user`, aby dostarczyć istotne informacje o użytkowniku.',
   },
+  grant_data: {
+    title: 'Dane przyznania',
+    subtitle:
+      'Użyj parametru wejściowego `data.grant`, aby dostarczyć istotne informacje dotyczące przyznania, dostępne tylko przy wymianie tokenu.',
+  },
   token_data: {
     title: 'Dane tokenu',
     subtitle: 'Użyj parametru wejściowego `token`, aby uzyskać bieżący ładunek tokenu dostępu.',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-details.ts
index 54ce0537b5b1..d26d495d9124 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-details.ts
@@ -14,19 +14,66 @@ const organization_details = {
     'Znajdź odpowiednich użytkowników, wyszukując nazwę, adres e-mail, numer telefonu lub identyfikator użytkownika. Istniejący członkowie nie są wyświetlani w wynikach wyszukiwania.',
   add_with_organization_role: 'Dodaj z rolą(ami) organizacji',
   user: 'Użytkownik',
+  application: 'Aplikacja',
+  application_other: 'Aplikacje',
+  add_applications_to_organization: 'Dodaj aplikacje do organizacji {{name}}',
+  add_applications_to_organization_description:
+    'Znajdź odpowiednie aplikacje, wyszukując ID aplikacji, nazwę lub opis. Istniejące aplikacje nie są wyświetlane w wynikach wyszukiwania.',
+  at_least_one_application: 'Wymagana jest co najmniej jedna aplikacja.',
+  remove_application_from_organization: 'Usuń aplikację z organizacji',
+  remove_application_from_organization_description:
+    'Po usunięciu aplikacja utraci swoje powiązanie i role w tej organizacji. Tego działania nie można cofnąć.',
+  search_application_placeholder: 'Wyszukaj według ID aplikacji, nazwy lub opisu',
+  roles: 'Role organizacji',
   authorize_to_roles: 'Autoryzuj {{name}} dostęp do następujących ról:',
   edit_organization_roles: 'Edytuj role organizacji',
-  edit_organization_roles_of_user: 'Edytuj role organizacji użytkownika {{name}}',
+  edit_organization_roles_title: 'Edytuj role organizacji {{name}}',
   remove_user_from_organization: 'Usuń użytkownika z organizacji',
   remove_user_from_organization_description:
     'Po usunięciu użytkownik straci swoje członkostwo i role w tej organizacji. Tego działania nie można cofnąć.',
   search_user_placeholder:
     'Wyszukaj według nazwy, adresu e-mail, numeru telefonu lub identyfikatora użytkownika',
   at_least_one_user: 'Wymagany jest co najmniej jeden użytkownik.',
+  organization_roles_tooltip: 'Role przypisane do {{type}} w tej organizacji.',
   custom_data: 'Dane niestandardowe',
   custom_data_tip:
     'Dane niestandardowe to obiekt JSON, który może być wykorzystany do przechowywania dodatkowych danych związanych z organizacją.',
   invalid_json_object: 'Nieprawidłowy obiekt JSON.',
+  branding: {
+    logo: 'Logotypy organizacji',
+    logo_tooltip:
+      'Możesz podać ID organizacji, aby wyświetlić ten logo w doświadczeniu logowania; ciemna wersja logo jest potrzebna, jeśli tryb ciemny jest włączony w ustawieniach doświadczenia logowania omni. <a>Dowiedz się więcej</a>',
+  },
+  jit: {
+    title: 'Udostępnianie w odpowiednim momencie',
+    description:
+      'Użytkownicy mogą automatycznie dołączyć do organizacji i otrzymać role przy pierwszym logowaniu przez niektóre metody uwierzytelniania. Możesz ustawić wymagania do spełnienia dla natychmiastowego udostępniania.',
+    email_domain: 'Udostępnianie domeny email',
+    email_domain_description:
+      'Nowi użytkownicy rejestrujący się za pomocą zweryfikowanych adresów email lub logujący się przez social sign-in ze zweryfikowanymi adresami email automatycznie dołączą do organizacji. <a>Dowiedz się więcej</a>',
+    email_domain_placeholder: 'Wprowadź domeny email do automatycznego udostępniania',
+    invalid_domain: 'Nieprawidłowa domena',
+    domain_already_added: 'Domena już dodana',
+    sso_enabled_domain_warning:
+      'Wprowadziłeś jeden lub więcej domen email powiązanych z korporacyjnym SSO. Użytkownicy z tymi adresami email będą podążać standardowym przepływem SSO i nie będą automatycznie przydzielani do tej organizacji, chyba że jest skonfigurowane korporacyjne udostępnianie SSO.',
+    enterprise_sso: 'Korporacyjne udostępnianie SSO',
+    no_enterprise_connector_set:
+      'Nie skonfigurowałeś jeszcze żadnego łącznika SSO korporacyjnego. Najpierw dodaj łączniki, aby włączyć korporacyjne udostępnianie SSO. <a>Skonfiguruj</a>',
+    add_enterprise_connector: 'Dodaj łącznik korporacyjny',
+    enterprise_sso_description:
+      'Nowi użytkownicy lub istniejący użytkownicy logujący się po raz pierwszy przez korporacyjne SSO automatycznie dołączą do organizacji. <a>Dowiedz się więcej</a>',
+    organization_roles: 'Domyślne role organizacji',
+    organization_roles_description:
+      'Przypisz role użytkownikom przy dołączaniu do organizacji za pośrednictwem automatycznego udostępniania.',
+  },
+  mfa: {
+    title: 'Uwierzytelnianie wieloskładnikowe (MFA)',
+    tip: 'Kiedy MFA jest wymagane, użytkownicy bez skonfigurowanego MFA będą odrzuceni podczas próby wymiany tokenu organizacji. To ustawienie nie wpływa na uwierzytelnianie użytkownika.',
+    description:
+      'Wymagaj, aby użytkownicy skonfigurowali uwierzytelnianie wieloskładnikowe w celu uzyskania dostępu do tej organizacji.',
+    no_mfa_warning:
+      'Nie są włączone żadne metody uwierzytelniania wieloskładnikowego dla Twojego najemcy. Użytkownicy nie będą mogli uzyskać dostępu do tej organizacji, dopóki przynajmniej jedna <a>metoda uwierzytelniania wieloskładnikowego</a> nie zostanie włączona.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-template.ts
index a25565b48ef1..6ad592b50e41 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Utwórz rolę organizacji',
       create: 'Utwórz rolę',
-      name_field: 'Nazwa roli',
-      description_field: 'Opis',
+      name: 'Nazwa roli',
+      description: 'Opis',
+      type: 'Typ roli',
       created: 'Rola organizacji {{name}} została pomyślnie utworzona.',
     },
   },
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/organizations.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/organizations.ts
index c62178b99f49..1be5aae9f8fc 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Szablon organizacji',
   organization_id: 'ID organizacji',
   members: 'Członkowie',
+  machine_to_machine: 'Aplikacje typu machine-to-machine',
   create_organization: 'Utwórz organizację',
   setup_organization: 'Skonfiguruj swoją organizację',
   organization_list_placeholder_title: 'Organizacja',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/profile.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/profile.ts
index 486ae2976444..328da965c507 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/profile.ts
@@ -51,6 +51,40 @@ const profile = {
     description:
       'Usunięcie twojego konta spowoduje usunięcie wszystkich twoich danych osobistych, danych użytkownika i konfiguracji. Ta operacja nie może być cofnięta.',
     button: 'Usuń konto',
+    p: {
+      has_issue:
+        'Przykro nam, że chcesz usunąć swoje konto. Przed usunięciem konta musisz rozwiązać następujące problemy.',
+      after_resolved:
+        'Po rozwiązaniu problemów, możesz usunąć swoje konto. Prosimy o kontakt, jeśli potrzebujesz pomocy.',
+      check_information:
+        'Przykro nam, że chcesz usunąć swoje konto. Proszę dokładnie sprawdzić poniższe informacje przed kontynuowaniem.',
+      remove_all_data:
+        'Usunięcie konta spowoduje trwałe usunięcie wszystkich danych o Tobie w Logto Cloud. Upewnij się, że masz kopię zapasową ważnych danych przed kontynuowaniem.',
+      confirm_information:
+        'Proszę potwierdzić, że powyższe informacje są zgodne z Twoimi oczekiwaniami. Po usunięciu konta nie będziemy mogli go odzyskać.',
+      has_admin_role:
+        'Ponieważ masz rolę administratora w poniższym najemcy, zostanie on usunięty wraz z Twoim kontem:',
+      has_admin_role_other:
+        'Ponieważ masz rolę administratora w poniższych najemcach, zostaną one usunięte wraz z Twoim kontem:',
+      quit_tenant: 'Zamierzasz opuścić poniższego najemcę:',
+      quit_tenant_other: 'Zamierzasz opuścić poniższych najemców:',
+    },
+    issues: {
+      paid_plan: 'Poniższy najemca ma płatny plan, proszę najpierw anulować subskrypcję:',
+      paid_plan_other: 'Poniżsi najemcy mają płatne plany, proszę najpierw anulować subskrypcję:',
+      subscription_status: 'Poniższy najemca ma problem ze statusem subskrypcji:',
+      subscription_status_other: 'Poniżsi najemcy mają problemy ze statusem subskrypcji:',
+      open_invoice: 'Poniższy najemca ma otwartą fakturę:',
+      open_invoice_other: 'Poniżsi najemcy mają otwarte faktury:',
+    },
+    error_occurred: 'Wystąpił błąd',
+    error_occurred_description: 'Przepraszamy, wystąpił problem podczas usuwania Twojego konta:',
+    request_id: 'ID żądania: {{requestId}}',
+    try_again_later:
+      'Spróbuj ponownie później. Jeśli problem będzie się powtarzał, skontaktuj się z zespołem Logto, podając ID żądania.',
+    final_confirmation: 'Ostateczne potwierdzenie',
+    about_to_start_deletion: 'Zaraz rozpoczniesz proces usuwania i tej operacji nie można cofnąć.',
+    permanently_delete: 'Usuń na stałe',
   },
   set: 'Ustaw',
   change: 'Zmień',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/roles.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/roles.ts
index 0dd9f444515c..d978536314e3 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Utwórz rolę',
   role_name: 'Nazwa roli',
   role_type: 'Typ roli',
+  type_user: 'Użytkownik',
+  type_machine_to_machine: 'Maszyna-do-maszyny',
   role_description: 'Opis',
   role_name_placeholder: 'Wprowadź nazwę swojej roli',
   role_description_placeholder: 'Wprowadź opis swojej roli',
@@ -19,16 +21,20 @@ const roles = {
   application_count: '{{count}} aplikacja',
   assign_permissions: 'Przypisz uprawnienia',
   create_role_title: 'Utwórz rolę',
+  create_role_description:
+    'Używaj ról do organizowania uprawnień i przypisywania ich użytkownikom.',
   create_role_button: 'Utwórz rolę',
   role_created: 'Rola {{name}} została pomyślnie utworzona.',
   search: 'Wyszukaj po nazwie roli, opisie lub identyfikatorze',
   placeholder_title: 'Role',
   placeholder_description:
     'Role są grupowaniem uprawnień, które mogą być przypisywane użytkownikom. Upewnij się, że najpierw dodasz uprawnienie, zanim utworzysz role.',
+  assign_roles: 'Przypisz role',
   management_api_access_notification:
     'Aby uzyskać dostęp do interfejsu API zarządzania Logto, wybierz role z uprawnieniami do interfejsu API zarządzania <flag/>.',
   with_management_api_access_tip:
     'Ta rola maszyny do maszyny zawiera uprawnienia do interfejsu API zarządzania Logto',
+  role_creation_hint: 'Nie możesz znaleźć odpowiedniej roli? <a>Utwórz rolę</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/index.ts
index c41c7f6d2b16..2e2085aadcd9 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/index.ts
@@ -34,15 +34,56 @@ const sign_in_exp = {
   branding: {
     title: 'OPCJE BRANDINGU',
     ui_style: 'Styl',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: 'Logo aplikacji i favicon',
+    company_logo_and_favicon: 'Logo firmy i favicon',
   },
-  custom_css: {
-    title: 'Niestandardowe CSS',
-    css_code_editor_title: 'Dostosuj swój interfejs użytkownika niestandardowym CSS',
+  branding_uploads: {
+    app_logo: {
+      title: 'Logo aplikacji',
+      url: 'URL logo aplikacji',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo aplikacji: {{error}}',
+    },
+    company_logo: {
+      title: 'Logo firmy',
+      url: 'URL logo firmy',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo firmy: {{error}}',
+    },
+    organization_logo: {
+      title: 'Prześlij obraz',
+      url: 'URL logo organizacji',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo organizacji: {{error}}',
+    },
+    connector_logo: {
+      title: 'Prześlij obraz',
+      url: 'URL logo złącza',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo złącza: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'URL favicon',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'Niestandardowy interfejs użytkownika',
+    css_code_editor_title: 'Niestandardowy CSS',
     css_code_editor_description1: 'Zobacz przykład niestandardowego CSS.',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: 'Dowiedz się więcej',
     css_code_editor_content_placeholder:
-      'Wprowadź swoje niestandardowe CSS, aby dostosować style czegokolwiek do swoich dokładnych specyfikacji. Wyraź swoją kreatywność i wyróżnij swój interfejs użytkownika.',
+      'Wpisz swój niestandardowy CSS, aby dostosować style wszystkiego do swoich specyfikacji. Wyraź swoją kreatywność i spraw, by Twój interfejs użytkownika był wyjątkowy.',
+    bring_your_ui_title: 'Przynieś swój interfejs użytkownika',
+    bring_your_ui_description:
+      'Prześlij skompresowany pakiet (.zip), aby zastąpić predefiniowany interfejs użytkownika Logto swoim własnym kodem. <a>Dowiedz się więcej</a>',
+    preview_with_bring_your_ui_description:
+      'Twoje niestandardowe zasoby interfejsu użytkownika zostały pomyślnie przesłane i są teraz dostępne. W rezultacie wbudowane okno podglądu zostało wyłączone.\nAby przetestować swoje spersonalizowane UI logowania, kliknij przycisk "Podgląd na żywo", aby otworzyć go w nowej karcie przeglądarki.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 1609910ccd3d..a68bbf87833b 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -41,6 +41,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Ustaw',
       go_to: 'inne łączniki społecznościowe teraz.',
     },
+    automatic_account_linking: 'Automatyczne łączenie kont',
+    automatic_account_linking_label:
+      'Gdy jest włączone, jeśli użytkownik zaloguje się za pomocą tożsamości społecznościowej, która jest nowa w systemie, a istnieje jedno istniejące konto z tym samym identyfikatorem (np. adres e-mail), Logto automatycznie połączy konto z tożsamością społecznościową zamiast prosić użytkownika o powiązanie konta.',
   },
   tip: {
     set_a_password: 'Unikatowe hasło dla nazwy użytkownika jest konieczne.',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-item.ts
index 82798b7aa5b1..c417e805d5e1 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'Niestandardowy JWT',
     not_eligible: 'Usuń swoje niestandardowe narzędzie tworzące JWT',
   },
+  impersonation_enabled: {
+    name: 'Impersonacja',
+    limited: 'Impersonacja',
+    unlimited: 'Impersonacja',
+    not_eligible: 'Brak pozwolenia na impersonację',
+  },
+  bring_your_ui_enabled: {
+    name: 'Użyj swojego interfejsu użytkownika',
+    limited: 'Użyj swojego interfejsu użytkownika',
+    unlimited: 'Użyj swojego interfejsu użytkownika',
+    not_eligible: 'Usuń swoje niestandardowe zasoby interfejsu użytkownika',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts
index 4892904c2ee9..dbdf8fbb5062 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Interfejs użytkownika i branding',
     custom_domain: 'Domena niestandardowa',
     custom_css: 'Niestandardowy CSS',
+    logo_and_favicon: 'Logo i favicon',
+    bring_your_ui: 'Przynieś swój interfejs użytkownika',
     dark_mode: 'Tryb ciemny',
     i18n: 'Internacjonalizacja',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Wielopoziomowa autentykacja',
     sso: 'SSO przedsiębiorstwowe',
     adaptive_mfa: 'MFA adaptacyjne',
+    impersonation: 'Podszywanie się',
   },
   user_management: {
     title: 'Zarządzanie użytkownikami',
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/tenants.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/tenants.ts
index 6aba8d2dad5f..676f457358f5 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/tenants.ts
@@ -15,6 +15,8 @@ const tenants = {
     tenant_id: 'ID Najemcy',
     tenant_name: 'Nazwa Najemcy',
     tenant_region: 'Region hostowania danych',
+    tenant_region_description:
+      'Fizyczna lokalizacja, w której hostowane są zasoby twojego najemcy (użytkownicy, aplikacje itp.). Tego nie można zmienić po utworzeniu.',
     tenant_region_tip:
       'Twoje zasoby najemcy są hostowane w {{region}}. <a>Uzyskaj więcej informacji</a>',
     environment_tag_development: 'Dev',
@@ -41,12 +43,13 @@ const tenants = {
     title: 'OPUŚĆ',
     leave_tenant: 'Opuść najemcę',
     leave_tenant_description:
-      'Any resources in the tenant will remain but you no longer have access to this tenant.',
+      'Wszelkie zasoby w najemcy pozostaną, ale nie będziesz mieć dostępu do tego najemcy.',
     last_admin_note:
       'Aby opuścić tego najemcę, upewnij się, że co najmniej jeszcze jeden członek ma rolę Administrator.',
   },
   create_modal: {
     title: 'Utwórz nowego najemcę',
+    subtitle: 'Utwórz nowego najemcę z izolowanymi zasobami i użytkownikami.',
     tenant_usage_purpose: 'Co chcesz zrobić z tym najemcą?',
     development_description:
       'Wyłącznie do testów i nie powinien być używany w produkcji. Nie jest wymagana subskrypcja.',
@@ -57,6 +60,10 @@ const tenants = {
     available_plan: 'Dostępny plan:',
     create_button: 'Utwórz najemcę',
     tenant_name_placeholder: 'Mój najemca',
+    tenant_created: 'Najemca utworzony pomyślnie.',
+    invitation_failed:
+      'Niektóre zaproszenia nie udało się wysłać. Spróbuj ponownie później w Ustawienia -> Członkowie.',
+    tenant_type_description: 'Tego nie można zmienić po utworzeniu.',
   },
   dev_tenant_migration: {
     title:
@@ -72,9 +79,9 @@ const tenants = {
   delete_modal: {
     title: 'Usuń najemcę',
     description_line1:
-      'Are you sure you want to delete your tenant "<span>{{name}}</span>" with environment suffix tag "<span>{{tag}}</span>"? This action cannot be undone, and will result in the permanent deletion of all your data and tenant information.',
+      'Czy na pewno chcesz usunąć swojego najemcę "<span>{{name}}</span>" z sufiksem tagu środowiska "<span>{{tag}}</span>"? Tego działania nie można cofnąć i spowoduje ono trwałe usunięcie wszystkich Twoich danych i informacji o najemcy.',
     description_line2:
-      'Before deleting tenant, maybe we can help you. <span><a>Contact us via Email</a></span>',
+      'Przed usunięciem najemcy, może możemy Ci pomóc. <span><a>Skontaktuj się z nami przez e-mail</a></span>',
     description_line3:
       'Jeśli chcesz kontynuować, wprowadź nazwę najemcy "<span>{{name}}</span>" w celu potwierdzenia.',
     delete_button: 'Usuń na stałe',
@@ -104,6 +111,10 @@ const tenants = {
     description_2:
       'Jeśli potrzebujesz dalszych wyjaśnień, masz jakiekolwiek obawy lub chcesz przywrócić pełną funkcjonalność i odblokować swoje najemce, nie wahaj się skontaktować z nami natychmiast.',
   },
+  production_tenant_notification: {
+    text: 'Jesteś w trybie najemcy deweloperskiego do darmowego testowania. Utwórz najemcę produkcyjnego, aby przejść do działania.',
+    action: 'Utwórz najemcę',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/upsell/paywall.ts
index 063f82b2a12f..09e143cc5497 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Ulepsz do płatnego planu, aby uzyskać funkcjonalność niestandardowego JWT i korzyści premium. Jeśli masz jakieś pytania, nie wahaj się <a>skontaktować z nami</a>.',
   },
+  bring_your_ui:
+    'Ulepsz do płatnego planu, aby uzyskać funkcję własnego interfejsu użytkownika i korzyści premium.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/user-details.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/user-details.ts
index 650fd1fa6bca..b8f21ade73ce 100644
--- a/packages/phrases/src/locales/pl-pl/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/user-details.ts
@@ -34,9 +34,13 @@ const user_details = {
   field_custom_data: 'Dane niestandardowe',
   field_custom_data_tip:
     'Dodatkowe informacje o użytkowniku niewymienione jako właściwości predefiniowane, takie jak preferowany przez użytkownika kolor i język.',
+  field_profile: 'Profil',
+  field_profile_tip:
+    'Dodatkowe standardowe roszczenia OpenID Connect, które nie są uwzględnione we właściwościach użytkownika. Należy pamiętać, że wszystkie nieznane właściwości zostaną usunięte. Proszę zapoznać się z <a>referencją właściwości profilu</a> aby uzyskać więcej informacji.',
   field_connectors: 'Połączenia społecznościowe',
   field_sso_connectors: 'Połączenia przedsiębiorstwa',
   custom_data_invalid: 'Nieprawidłowe dane niestandardowe JSON',
+  profile_invalid: 'Profil musi być poprawnym obiektem JSON',
   connectors: {
     connectors: 'Połączenia',
     user_id: 'Identyfikator użytkownika',
@@ -75,15 +79,18 @@ const user_details = {
   roles: {
     name_column: 'Rola użytkownika',
     description_column: 'Opis',
+    assign_button: 'Przypisz role',
     delete_description:
       'Ta akcja usunie tę rolę z tego użytkownika. Rola nadal będzie istnieć, ale nie będzie już przypisana do tego użytkownika.',
     deleted: '{{name}} została usunięta z tego użytkownika.',
+    assign_title: 'Przypisz role do {{name}}',
     assign_subtitle:
       'Znajdź odpowiednie role użytkowników, wyszukując według nazwy, opisu lub identyfikatora roli.',
     assign_role_field: 'Przypisz rolę',
     role_search_placeholder: 'Szukaj po nazwie roli',
     added_text: '{{value, number}} dodanych',
     assigned_user_count: '{{value, number}} użytkowników',
+    confirm_assign: 'Przypisz role',
     role_assigned: 'Pomyślnie przypisano rolę(y)',
     search: 'Szukaj po nazwie roli, opisie lub ID',
     empty: 'Brak dostępnej roli',
diff --git a/packages/phrases/src/locales/pl-pl/translation/demo-app.ts b/packages/phrases/src/locales/pl-pl/translation/demo-app.ts
index 20c8e8b2e913..a86ff9065958 100644
--- a/packages/phrases/src/locales/pl-pl/translation/demo-app.ts
+++ b/packages/phrases/src/locales/pl-pl/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'Pomyślnie zalogowałeś się do podglądu na żywo!',
+  subtitle: 'Oto Twoje informacje użytkownika:',
   username: 'Nazwa użytkownika: ',
   user_id: 'ID użytkownika: ',
   sign_out: 'Wyloguj się z podglądu na żywo',
diff --git a/packages/phrases/src/locales/pt-br/errors/session.ts b/packages/phrases/src/locales/pt-br/errors/session.ts
index 425ec65fb82e..9d998a9cd9fd 100644
--- a/packages/phrases/src/locales/pt-br/errors/session.ts
+++ b/packages/phrases/src/locales/pt-br/errors/session.ts
@@ -19,11 +19,14 @@ const session = {
     'A verificação não foi bem-sucedida. Reinicie o fluxo de verificação e tente novamente.',
   connector_validation_session_not_found:
     'A sessão de validação do token do conector não foi encontrada.',
+  csrf_token_mismatch: 'Incompatibilidade de token CSRF.',
   identifier_not_found:
     'Identificador de usuário não encontrado. Por favor, volte e faça o login novamente.',
   interaction_not_found:
     'Sessão de interação não encontrada. Por favor, volte e inicie a sessão novamente.',
   not_supported_for_forgot_password: 'Esta operação não é suportada para recuperação de senha.',
+  identity_conflict:
+    'Conflito de identidade detectado. Por favor, inicie uma nova sessão para prosseguir com uma identidade diferente.',
   mfa: {
     require_mfa_verification: 'Verificação MFA é necessária para fazer login.',
     mfa_sign_in_only: 'MFA está disponível apenas para interação de login.',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts
index 07e50e4bff60..d148c717fe2c 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Descrição',
   description_placeholder: 'Digite a descrição do seu aplicativo',
   config_endpoint: 'Endpoint de configuração do OpenID Provider',
+  issuer_endpoint: 'Endpoint do emissor',
   authorization_endpoint: 'Endpoint de autorização',
   authorization_endpoint_tip:
     'O endpoint para execução de autenticação e autorização. É usado para <a>autenticação</a> OpenID Connect.',
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Rotacionar token de atualização',
   rotate_refresh_token_label:
     'Quando ativado, o Logto emitirá um novo token de atualização para solicitações de token quando 70% do tempo de vida original (TTL) tiver passado ou certas condições forem atendidas. <a>Saiba mais</a>',
+  backchannel_logout: 'Logout por backchannel',
+  backchannel_logout_description:
+    'Configure o endpoint de logout do backchannel OpenID Connect e se a sessão é necessária para esta aplicação.',
+  backchannel_logout_uri: 'URI de logout por backchannel',
+  backchannel_logout_uri_session_required: 'A sessão é necessária?',
+  backchannel_logout_uri_session_required_description:
+    'Quando ativado, o RP exige que uma reivindicação `sid` (ID da sessão) seja incluída no token de logout para identificar a sessão do RP com o OP quando o `backchannel_logout_uri` é usado.',
   delete_description:
     'Esta ação não pode ser desfeita. Isso excluirá permanentemente o aplicativo. Insira o nome do aplicativo <span>{{name}}</span> para confirmar.',
   enter_your_application_name: 'Digite o nome do seu aplicativo',
@@ -85,16 +93,25 @@ const application_details = {
     'Garanta proteger seu servidor de origem contra acesso direto. Consulte o guia para mais <a>instruções detalhadas</a>.',
   session_duration: 'Duração da sessão (dias)',
   try_it: 'Tente',
+  no_organization_placeholder: 'Nenhuma organização encontrada. <a>Vá para organizações</a>',
   branding: {
     name: 'Branding',
     description:
       'Personalize o nome e logotipo da exibição de sua aplicação na tela de consentimento.',
+    description_third_party:
+      'Personalize o nome e logotipo da exibição da sua aplicação na tela de consentimento.',
+    app_logo: 'Logo do aplicativo',
+    app_level_sie: 'Experiência de login ao nível do aplicativo',
+    app_level_sie_switch:
+      'Ative a experiência de login ao nível do aplicativo e configure o branding específico do aplicativo. Se desativado, a experiência de login omnicanal será usada.',
     more_info: 'Mais informações',
     more_info_description:
       'Ofereça aos usuários mais detalhes sobre sua aplicação na tela de consentimento.',
     display_name: 'Nome de exibição',
-    display_logo: 'Logotipo de exibição',
-    display_logo_dark: 'Logotipo de exibição (escuro)',
+    application_logo: 'Logo da aplicação',
+    application_logo_dark: 'Logo da aplicação (escuro)',
+    brand_color: 'Cor da marca',
+    brand_color_dark: 'Cor da marca (escuro)',
     terms_of_use_url: 'URL dos termos de uso da aplicação',
     privacy_policy_url: 'URL da política de privacidade da aplicação',
   },
@@ -132,13 +149,13 @@ const application_details = {
     grant_organization_level_permissions: 'Conceder permissões de dados da organização',
   },
   roles: {
-    name_column: 'Função de máquina para máquina',
-    description_column: 'Descrição',
     assign_button: 'Atribuir funções de máquina para máquina',
     delete_description:
       'Esta ação removerá esta função deste aplicativo máquina-a-máquina. A função ainda existirá, mas não será mais associada a este aplicativo máquina-a-máquina.',
     deleted: '{{name}} foi removido com sucesso deste usuário.',
     assign_title: 'Atribuir funções de máquina para máquina a {{name}}',
+    assign_subtitle:
+      'Aplicativos máquina-a-máquina devem ter tipos de funções máquina-a-máquina para acessar recursos de API relacionados.',
     assign_role_field: 'Atribuir funções de máquina para máquina',
     role_search_placeholder: 'Pesquisar pelo nome da função',
     added_text: '{{value, number}} adicionados',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/cloud.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/cloud.ts
index 6882fa93a972..b5fa94e0ddf3 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Nenhuma das opções acima',
     },
   },
+  create_tenant: {
+    page_title: 'Criar inquilino',
+    title: 'Crie seu primeiro inquilino',
+    description:
+      'Um inquilino é um ambiente isolado onde você pode gerenciar identidades de usuário, aplicações e todos os outros recursos do Logto.',
+    invite_collaborators: 'Convide seus colaboradores por e-mail',
+  },
   sie: {
     page_title: 'Personalize a experiência de logon',
     title: 'Vamos personalizar sua experiência de logon facilmente',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/connector-details.ts
index d25671c7c3d5..b082be3a1d14 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'Exiba o nome da sua empresa, endereço ou código postal no final dos e-mails para melhorar a autenticidade.',
     company_information_placeholder: 'Informações básicas da sua empresa',
+    email_logo_field: 'Logo do email',
+    email_logo_tip:
+      'Exiba a logo da sua marca no topo dos e-mails. Use a mesma imagem para ambos os modos claro e escuro.',
     urls_not_allowed: 'URLs não permitidas',
     test_notes: 'Logto utiliza o modelo "Genérico" para testes.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap é uma maneira segura e fácil para os usuários se conectarem ao seu site.',
+    enable_google_one_tap: 'Ativar Google One Tap',
+    enable_google_one_tap_description:
+      'Ative o Google One Tap na sua experiência de login: Permita que os usuários se inscrevam ou conectem rapidamente com a conta Google deles, se eles já estiverem logados em seus dispositivos.',
+    configure_google_one_tap: 'Configurar Google One Tap',
+    auto_select: 'Selecionar credencial automaticamente se possível',
+    close_on_tap_outside: 'Cancelar o prompt se o usuário clicar/tocar fora',
+    itp_support: 'Ativar <a>UX Melhorado do One Tap em navegadores ITP</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/connectors.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/connectors.ts
index 6a0eeb70b5e0..cc2bfaacf80f 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/connectors.ts
@@ -44,6 +44,8 @@ const connectors = {
     name: 'Nome do botão de login social',
     name_placeholder: 'Insira o nome do botão de login social',
     name_tip: 'O nome do botão do conector será exibido como "Continuar com {{Nome do Conector}}".',
+    connector_logo: 'Logotipo do conector',
+    connector_logo_tip: 'O logotipo será exibido no botão de login do conector.',
     target: 'Nome do fornecedor de identidade',
     target_placeholder: 'Insira o nome do fornecedor de identidade do conector',
     target_tip:
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/jwt-claims.ts
index 4df8bf7c9770..6ddfe23c40ee 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/jwt-claims.ts
@@ -31,6 +31,11 @@ const jwt_claims = {
     title: 'Dados do usuário',
     subtitle: 'Use o parâmetro de entrada `data.user` para fornecer informações vitais do usuário.',
   },
+  grant_data: {
+    title: 'Dados da concessão',
+    subtitle:
+      'Use o parâmetro de entrada `data.grant` para fornecer informações vitais da concessão, disponível apenas para troca de token.',
+  },
   token_data: {
     title: 'Dados do token',
     subtitle: 'Use o parâmetro de entrada `token` para a carga útil do token de acesso atual. ',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/organization-details.ts
index ac52d40cc7f2..c3058243b509 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/organization-details.ts
@@ -14,18 +14,65 @@ const organization_details = {
     'Encontre usuários apropriados pesquisando nome, e-mail, telefone ou ID do usuário. Membros existentes não são mostrados nos resultados da pesquisa.',
   add_with_organization_role: 'Adicionar com função(ões) na organização',
   user: 'Usuário',
+  application: 'Aplicação',
+  application_other: 'Aplicações',
+  add_applications_to_organization: 'Adicionar aplicações à organização {{name}}',
+  add_applications_to_organization_description:
+    'Encontre aplicações apropriadas pesquisando pelo ID do aplicativo, nome ou descrição. Aplicaçōes existentes não são mostradas nos resultados da pesquisa.',
+  at_least_one_application: 'Pelo menos uma aplicação é necessária.',
+  remove_application_from_organization: 'Remover aplicação da organização',
+  remove_application_from_organization_description:
+    'Uma vez removida, a aplicação perderá sua associação e funções nesta organização. Essa ação não pode ser desfeita.',
+  search_application_placeholder: 'Pesquise pelo ID do aplicativo, nome ou descrição',
+  roles: 'Funções da organização',
   authorize_to_roles: 'Autorizar {{name}} a acessar os seguintes cargos:',
   edit_organization_roles: 'Editar cargos da organização',
-  edit_organization_roles_of_user: 'Editar cargos da organização de {{name}}',
+  edit_organization_roles_title: 'Editar cargos da organização de {{name}}',
   remove_user_from_organization: 'Remover usuário da organização',
   remove_user_from_organization_description:
     'Uma vez removido, o usuário perderá sua associação e cargos nesta organização. Essa ação não pode ser desfeita.',
   search_user_placeholder: 'Pesquisar por nome, e-mail, telefone ou ID do usuário',
   at_least_one_user: 'Pelo menos um usuário é necessário.',
+  organization_roles_tooltip: 'As funções atribuídas ao {{type}} dentro desta organização.',
   custom_data: 'Dados personalizados',
   custom_data_tip:
     'Dados personalizados é um objeto JSON que pode ser usado para armazenar dados adicionais associados à organização.',
   invalid_json_object: 'Objeto JSON inválido.',
+  branding: {
+    logo: 'Logotipos da organização',
+    logo_tooltip:
+      'Você pode passar o ID da organização para exibir este logotipo na experiência de login; a versão escura do logotipo é necessária se o modo escuro estiver habilitado nas configurações da experiência de login omni. <a>Saiba mais</a>',
+  },
+  jit: {
+    title: 'Provisionamento Just-in-time',
+    description:
+      'Os usuários podem ingressar automaticamente na organização e serem atribuídos a funções na primeira vez que fizerem login através de alguns métodos de autenticação. Você pode definir os requisitos para o provisionamento just-in-time.',
+    email_domain: 'Provisionamento de domínio de e-mail',
+    email_domain_description:
+      'Novos usuários que se inscreverem com seus endereços de e-mail verificados ou através do login social com endereços de e-mail verificados ingressarão automaticamente na organização. <a>Saiba mais</a>',
+    email_domain_placeholder: 'Digite domínios de e-mail para provisionamento just-in-time',
+    invalid_domain: 'Domínio inválido',
+    domain_already_added: 'Domínio já adicionado',
+    sso_enabled_domain_warning:
+      'Você inseriu um ou mais domínios de e-mail associados ao SSO empresarial. Usuários com esses e-mails seguirão o fluxo padrão do SSO e não serão provisionados para esta organização, a menos que o provisionamento do SSO empresarial esteja configurado.',
+    enterprise_sso: 'Provisionamento SSO empresarial',
+    no_enterprise_connector_set:
+      'Você ainda não configurou nenhum conector de SSO empresarial. Adicione conectores primeiro para habilitar o provisionamento SSO empresarial. <a>Configurar</a>',
+    add_enterprise_connector: 'Adicionar conector empresarial',
+    enterprise_sso_description:
+      'Novos usuários ou usuários existentes que fizerem login através de SSO empresarial pela primeira vez ingressarão automaticamente na organização. <a>Saiba mais</a>',
+    organization_roles: 'Funções padrão da organização',
+    organization_roles_description:
+      'Atribuir funções aos usuários ao ingressar na organização através do provisionamento just-in-time.',
+  },
+  mfa: {
+    title: 'Autenticação multifator (MFA)',
+    tip: 'Quando a MFA é necessária, usuários sem MFA configurada serão rejeitados ao tentar trocar um token da organização. Esta configuração não afeta a autenticação do usuário.',
+    description:
+      'Requerer aos usuários que configurem a autenticação multifator para acessar esta organização.',
+    no_mfa_warning:
+      'Nenhum método de autenticação multifator está habilitado para seu locatário. Os usuários não poderão acessar esta organização até que pelo menos um <a>método de autenticação multifator</a> esteja habilitado.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/organization-template.ts
index 46ee4a801977..38ee7c893f2b 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Criar função da organização',
       create: 'Criar função',
-      name_field: 'Nome da função',
-      description_field: 'Descrição',
+      name: 'Nome do papel',
+      description: 'Descrição',
+      type: 'Tipo de papel',
       created: 'A função da organização {{name}} foi criada com sucesso.',
     },
   },
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/organizations.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/organizations.ts
index f8ec0beb6dad..c0bf79d055a6 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Modelo de organização',
   organization_id: 'ID da organização',
   members: 'Membros',
+  machine_to_machine: 'Aplicativos de máquina para máquina',
   create_organization: 'Criar organização',
   setup_organization: 'Configurar sua organização',
   organization_list_placeholder_title: 'Organização',
@@ -27,7 +28,7 @@ const organizations = {
   empty_placeholder: '🤔 Você ainda não configurou nenhum {{entity}}.',
   organization_and_member: 'Organização e membro',
   organization_and_member_description:
-    'A organização é um grupo de usuários e pode representar as equipes, clientes comerciais e empresas parceiras, sendo que cada usuário é um "Membro".  Esses podem ser entidades fundamentais para lidar com seus requisitos de multi-inquilino.',
+    'A organização é um grupo de usuários e pode representar as equipes, clientes comerciais e empresas parceiras, sendo que cada usuário é um "Membro". Esses podem ser entidades fundamentais para lidar com seus requisitos de multi-inquilino.',
   guide: {
     title: 'Comece com guias',
     subtitle: 'Inicie as configurações da sua organização com nossos guias',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/profile.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/profile.ts
index 8e8478f40643..2bfe53e84ec1 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/profile.ts
@@ -51,6 +51,42 @@ const profile = {
     description:
       'Excluir sua conta removerá todas as suas informações pessoais, dados do usuário e configurações. Essa ação não pode ser desfeita.',
     button: 'Excluir conta',
+    p: {
+      has_issue:
+        'Lamentamos saber que você deseja excluir sua conta. Antes de poder excluir sua conta, você precisa resolver os seguintes problemas.',
+      after_resolved:
+        'Assim que resolver os problemas, você poderá excluir sua conta. Não hesite em nos contatar se precisar de alguma assistência.',
+      check_information:
+        'Lamentamos saber que você deseja excluir sua conta. Por favor, verifique as seguintes informações com cuidado antes de prosseguir.',
+      remove_all_data:
+        'Excluir sua conta removerá permanentemente todos os dados sobre você na Logto Cloud. Portanto, certifique-se de fazer backup de quaisquer dados importantes antes de prosseguir.',
+      confirm_information:
+        'Por favor, confirme que as informações acima são o que você esperava. Depois de excluir sua conta, não poderemos recuperá-la.',
+      has_admin_role:
+        'Como você tem o papel de administrador no seguinte tenant, ele será excluído juntamente com sua conta:',
+      has_admin_role_other:
+        'Como você tem o papel de administrador nos seguintes tenants, eles serão excluídos juntamente com sua conta:',
+      quit_tenant: 'Você está prestes a sair do seguinte tenant:',
+      quit_tenant_other: 'Você está prestes a sair dos seguintes tenants:',
+    },
+    issues: {
+      paid_plan: 'O seguinte tenant tem um plano pago, por favor cancele a assinatura primeiro:',
+      paid_plan_other:
+        'Os seguintes tenants têm planos pagos, por favor cancele as assinaturas primeiro:',
+      subscription_status: 'O seguinte tenant tem um problema de status de assinatura:',
+      subscription_status_other: 'Os seguintes tenants têm problemas de status de assinatura:',
+      open_invoice: 'O seguinte tenant tem uma fatura em aberto:',
+      open_invoice_other: 'Os seguintes tenants têm faturas em aberto:',
+    },
+    error_occurred: 'Ocorreu um erro',
+    error_occurred_description: 'Desculpe, algo deu errado ao excluir sua conta:',
+    request_id: 'ID da solicitação: {{requestId}}',
+    try_again_later:
+      'Por favor, tente novamente mais tarde. Se o problema persistir, entre em contato com a equipe Logto com o ID da solicitação.',
+    final_confirmation: 'Confirmação final',
+    about_to_start_deletion:
+      'Você está prestes a iniciar o processo de exclusão e essa ação não pode ser desfeita.',
+    permanently_delete: 'Excluir permanentemente',
   },
   set: 'Configurar',
   change: 'Alterar',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/roles.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/roles.ts
index 0cfc243159f9..720981d2af61 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Criar função',
   role_name: 'Nome da função',
   role_type: 'Tipo de função',
+  type_user: 'Usuário',
+  type_machine_to_machine: 'Máquina para máquina',
   role_description: 'Descrição',
   role_name_placeholder: 'Insira o nome da sua função',
   role_description_placeholder: 'Insira a descrição da sua função',
@@ -19,16 +21,19 @@ const roles = {
   application_count: '{{count}} aplicativo',
   assign_permissions: 'Atribuir permissões',
   create_role_title: 'Criar função',
+  create_role_description: 'Use funções para organizar permissões e atribuí-las a usuários.',
   create_role_button: 'Criar função',
   role_created: 'A função {{name}} foi criada com sucesso.',
   search: 'Pesquisar pelo nome, descrição ou ID da função',
   placeholder_title: 'Funções',
   placeholder_description:
     'As funções são um agrupamento de permissões que podem ser atribuídas a usuários. Certifique-se de adicionar as permissões antes de criar funções.',
+  assign_roles: 'Atribuir funções',
   management_api_access_notification:
     'Para acessar a API de gerenciamento do Logto, selecione funções com permissões de API de gerenciamento <flag/>.',
   with_management_api_access_tip:
     'Esta função de máquina para máquina inclui permissões para a API de gerenciamento do Logto',
+  role_creation_hint: 'Não encontrou a função certa? <a>Crie uma função</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/index.ts
index ecfaafa72049..4ab5c21d8da4 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/index.ts
@@ -34,15 +34,56 @@ const sign_in_exp = {
   branding: {
     title: 'ÁREA DE MARCA',
     ui_style: 'Estilo',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (escuro)',
+    app_logo_and_favicon: 'Logo do aplicativo e favicon',
+    company_logo_and_favicon: 'Logo da empresa e favicon',
   },
-  custom_css: {
-    title: 'CSS personalizado',
-    css_code_editor_title: 'Personalize sua UI com CSS personalizado',
+  branding_uploads: {
+    app_logo: {
+      title: 'Logo do aplicativo',
+      url: 'URL do logo do aplicativo',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo do aplicativo: {{error}}',
+    },
+    company_logo: {
+      title: 'Logo da empresa',
+      url: 'URL do logo da empresa',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo da empresa: {{error}}',
+    },
+    organization_logo: {
+      title: 'Upload de imagem',
+      url: 'URL do logo da organização',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo da organização: {{error}}',
+    },
+    connector_logo: {
+      title: 'Upload de imagem',
+      url: 'URL do logo do conector',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logo do conector: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'URL do favicon',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'UI personalizado',
+    css_code_editor_title: 'CSS personalizado',
     css_code_editor_description1: 'Veja o exemplo de CSS personalizado.',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: 'Saiba mais',
     css_code_editor_content_placeholder:
-      'Digite seu CSS personalizado para personalizar os estilos de qualquer coisa de acordo com suas especificações exatas. Expresse sua criatividade e faça sua IU se destacar.',
+      'Insira seu CSS personalizado para ajustar os estilos de qualquer coisa conforme suas especificações exatas. Expresse sua criatividade e faça sua UI se destacar.',
+    bring_your_ui_title: 'Traga sua UI',
+    bring_your_ui_description:
+      'Carregue um pacote compactado (.zip) para substituir a UI pré-construída do Logto pelo seu próprio código. <a>Saiba mais</a>',
+    preview_with_bring_your_ui_description:
+      'Seus ativos de UI personalizados foram carregados com sucesso e agora estão sendo servidos. Consequentemente, a janela de visualização interna foi desativada.\nPara testar sua UI de login personalizada, clique no botão "Visualização em tempo real" para abri-la em uma nova aba do navegador.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index d95bce736f5b..edfd89e0a575 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -40,6 +40,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Configurar',
       go_to: 'outros conectores sociais agora.',
     },
+    automatic_account_linking: 'Vinculação automática de conta',
+    automatic_account_linking_label:
+      'Quando ativado, se um usuário entrar com uma identidade social que é nova no sistema, e houver exatamente uma conta existente com o mesmo identificador (por exemplo, e-mail), o Logto vinculará automaticamente a conta com a identidade social em vez de solicitar ao usuário a vinculação da conta.',
   },
   tip: {
     set_a_password: 'Um conjunto exclusivo de uma senha para o seu nome de usuário é obrigatório.',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-item.ts
index ec955a8c9fb2..fad1b856496e 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'JWT personalizado',
     not_eligible: 'Remova seu personalizador de declarações JWT',
   },
+  impersonation_enabled: {
+    name: 'Personificação',
+    limited: 'Personificação',
+    unlimited: 'Personificação',
+    not_eligible: 'Nenhuma personificação permitida',
+  },
+  bring_your_ui_enabled: {
+    name: 'Traga sua IU',
+    limited: 'Traga sua IU',
+    unlimited: 'Traga sua IU',
+    not_eligible: 'Remova seus ativos de IU personalizados',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts
index 3d71aacdb35c..c6b1ad6d33e4 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Interface de usuário e branding',
     custom_domain: 'Domínio personalizado',
     custom_css: 'CSS personalizado',
+    logo_and_favicon: 'Logo e favicon',
+    bring_your_ui: 'Traga sua UI',
     dark_mode: 'Modo escuro',
     i18n: 'Internacionalização',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Autenticação multifator',
     sso: 'SSO Empresarial',
     adaptive_mfa: 'MFA adaptativo',
+    impersonation: 'Impersonação',
   },
   user_management: {
     title: 'Gerenciamento de usuários',
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/tenants.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/tenants.ts
index 119147005614..34c159a50904 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/tenants.ts
@@ -15,6 +15,8 @@ const tenants = {
     tenant_id: 'ID do Locatário',
     tenant_name: 'Nome do Locatário',
     tenant_region: 'Região de hospedagem',
+    tenant_region_description:
+      'A localização física onde seus recursos de locatário (usuários, aplicativos, etc.) estão hospedados. Isso não pode ser alterado após a criação.',
     tenant_region_tip:
       'Seus recursos do locatário estão hospedados na região {{region}}. <a>Veja mais</a>',
     environment_tag_development: 'Desenvolvimento',
@@ -47,6 +49,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Criar inquilino',
+    subtitle: 'Crie um novo locatário que tenha recursos e usuários isolados.',
     tenant_usage_purpose: 'Para que você deseja usar este locatário?',
     development_description:
       'Apenas para testes e não deve ser usado em produção. Nenhuma assinatura é necessária.',
@@ -56,6 +59,10 @@ const tenants = {
     available_plan: 'Plano disponível:',
     create_button: 'Criar inquilino',
     tenant_name_placeholder: 'Meu inquilino',
+    tenant_created: 'Locatário criado com sucesso.',
+    invitation_failed:
+      'Algumas convites falharam ao serem enviadas. Por favor, tente novamente em Configurações -> Membros mais tarde.',
+    tenant_type_description: 'Isso não pode ser alterado após a criação.',
   },
   dev_tenant_migration: {
     title:
@@ -103,6 +110,10 @@ const tenants = {
     description_2:
       'Se precisar de mais esclarecimentos, tiver alguma preocupação ou desejar restaurar a funcionalidade total e desbloquear seus locatários, entre em contato conosco imediatamente.',
   },
+  production_tenant_notification: {
+    text: 'Você está em um locatário de desenvolvimento para teste gratuito. Crie um locatário de produção para entrar em operação.',
+    action: 'Criar locatário',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/upsell/paywall.ts
index 498d121a5ea2..31e03c2b11ba 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Atualize para um plano pago para funcionalidades de JWT personalizadas e benefícios premium. Não hesite em <a>entrar em contato conosco</a> se tiver alguma dúvida.',
   },
+  bring_your_ui:
+    'Atualize para um plano pago para trazer sua funcionalidade de UI personalizada e benefícios premium.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/user-details.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/user-details.ts
index 869a02ccd4e0..64c4328bb7f2 100644
--- a/packages/phrases/src/locales/pt-br/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/pt-br/translation/admin-console/user-details.ts
@@ -34,9 +34,13 @@ const user_details = {
   field_custom_data: 'Dados personalizados',
   field_custom_data_tip:
     'Informações adicionais do usuário não listadas nas propriedades de usuário predefinidas, como cor e idioma preferidos do usuário.',
+  field_profile: 'Perfil',
+  field_profile_tip:
+    'Declarações OpenID Connect padrão adicionais que não estão incluídas nas propriedades do usuário. Observe que todas as propriedades desconhecidas serão removidas. Por favor, consulte a <a>referência das propriedades de perfil</a> para mais informações.',
   field_connectors: 'Conectores de login sociais',
   field_sso_connectors: 'Conexões empresariais',
   custom_data_invalid: 'Os dados personalizados devem ser um objeto JSON válido',
+  profile_invalid: 'O perfil deve ser um objeto JSON válido',
   connectors: {
     connectors: 'Conectores',
     user_id: 'ID do usuário',
@@ -76,15 +80,18 @@ const user_details = {
   roles: {
     name_column: 'Papel de usuário',
     description_column: 'Descrição',
+    assign_button: 'Atribuir papéis',
     delete_description:
       'Esta ação removerá esta função deste usuário. A função em si ainda existirá, mas não estará mais associada a este usuário.',
     deleted: '{{name}} foi removido com sucesso deste usuário.',
+    assign_title: 'Atribuir papéis a {{name}}',
     assign_subtitle:
       'Encontre papéis de usuário apropriados buscando pelo nome, descrição ou ID do papel.',
     assign_role_field: 'Atribuir funções',
     role_search_placeholder: 'Pesquisar por nome de função',
     added_text: '{{value, number}} adicionado(s)',
     assigned_user_count: '{{value, number}} usuários',
+    confirm_assign: 'Atribuir papéis',
     role_assigned: 'Função(ões) atribuída(s) com sucesso',
     search: 'Pesquisar por nome de função, descrição ou ID',
     empty: 'Nenhuma função disponível',
diff --git a/packages/phrases/src/locales/pt-br/translation/demo-app.ts b/packages/phrases/src/locales/pt-br/translation/demo-app.ts
index 511c5109e92c..d2a927f8ab64 100644
--- a/packages/phrases/src/locales/pt-br/translation/demo-app.ts
+++ b/packages/phrases/src/locales/pt-br/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: "You've successfully signed in the live preview!",
+  subtitle: 'Aqui está a sua informação de usuário:',
   username: 'Nome de usuário: ',
   user_id: 'ID do usuário: ',
   sign_out: 'Sair da Visualização ao Vivo',
diff --git a/packages/phrases/src/locales/pt-pt/errors/session.ts b/packages/phrases/src/locales/pt-pt/errors/session.ts
index 1c25ef424d8a..6cec98f618e5 100644
--- a/packages/phrases/src/locales/pt-pt/errors/session.ts
+++ b/packages/phrases/src/locales/pt-pt/errors/session.ts
@@ -21,11 +21,14 @@ const session = {
     'A verificação não foi bem-sucedida. Reinicie o processo de verificação e tente novamente.',
   connector_validation_session_not_found:
     'A sessão do conector para validação do token não foi encontrada.',
+  csrf_token_mismatch: 'Incompatibilidade de token CSRF.',
   identifier_not_found:
     'Identificador do usuário não encontrado. Por favor, volte e faça login novamente.',
   interaction_not_found:
     'Sessão de interação não encontrada. Por favor, volte e inicie a sessão novamente.',
   not_supported_for_forgot_password: 'Esta operação não é suportada para recuperação de senha.',
+  identity_conflict:
+    'Conflito de identidade detetado. Por favor, inicie uma nova sessão para continuar com uma identidade diferente.',
   mfa: {
     require_mfa_verification: 'Verificação MFA é necessária para efetuar login.',
     mfa_sign_in_only: 'MFA está disponível apenas para interação de login.',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts
index 830869701591..3c2b403d1879 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Descrição',
   description_placeholder: 'Insira a descrição da sua aplicação',
   config_endpoint: 'Endpoint de configuração do Provedor de ID Aberto',
+  issuer_endpoint: 'Endpoint do emissor',
   authorization_endpoint: 'Endpoint de autorização',
   authorization_endpoint_tip:
     'O endpoint para realizar a autenticação e autorização. É usado para <a>autenticação</a> OpenID Connect.',
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Rotacionar o token de atualização',
   rotate_refresh_token_label:
     'Quando ativado, o Logto emitirá um novo token de atualização para solicitações de token quando 70% do tempo de vida original (TTL) tiver passado ou certas condições forem atendidas. <a>Saiba mais</a>',
+  backchannel_logout: 'Logout de backchannel',
+  backchannel_logout_description:
+    'Configure o endpoint de logout de backchannel do OpenID Connect e se a sessão é necessária para esta aplicação.',
+  backchannel_logout_uri: 'URI de logout de backchannel',
+  backchannel_logout_uri_session_required: 'A sessão é necessária?',
+  backchannel_logout_uri_session_required_description:
+    'Quando ativado, o RP exige que uma reivindicação `sid` (ID da sessão) seja incluída no token de logout para identificar a sessão do RP com o OP quando o `backchannel_logout_uri` é utilizado.',
   delete_description:
     'Esta ação não pode ser revertida. Esta ação irá eliminar permanentemente a aplicação. Insira o nome da aplicação <span>{{name}}</span> para confirmar.',
   enter_your_application_name: 'Insira o nome da aplicação',
@@ -79,21 +87,30 @@ const application_details = {
   custom_rules_tip:
     "Aqui estão dois cenários possíveis:<ol><li>Para proteger apenas as rotas '/admin' e '/privacy' com autenticação: ^/(admin|privacy)/.*</li><li>Para excluir imagens JPG da autenticação: ^(?!.*\\.jpg$).*$</li></ol>",
   authentication_routes_description:
-    'Redirecione o seu botão de autenticação usando as rotas especificadas. Nota: Estas rotas são irsubstituíveis.',
+    'Redirecione o seu botão de autenticação usando as rotas especificadas. Nota: Estas rotas são insubstituíveis.',
   protect_origin_server: 'Proteja o seu servidor de origem',
   protect_origin_server_description:
     'Assegure-se de proteger o seu servidor de origem do acesso direto. Consulte o guia para mais <a>instruções detalhadas</a>.',
   session_duration: 'Duração da sessão (dias)',
   try_it: 'Experimente',
+  no_organization_placeholder: 'Nenhuma organização encontrada. <a>Ir para organizações</a>',
   branding: {
     name: 'Marca',
     description: 'Personalize o nome e o logótipo da sua aplicação no ecrã de consentimento.',
+    description_third_party:
+      'Personalize o nome e o logotipo da aplicação no ecrã de consentimento.',
+    app_logo: 'Logótipo da aplicação',
+    app_level_sie: 'Experiência de início de sessão ao nível da aplicação',
+    app_level_sie_switch:
+      'Ative a experiência de início de sessão ao nível da aplicação e configure a personalização da marca específica da aplicação. Se desativado, será utilizada a experiência de início de sessão omni.',
     more_info: 'Mais informações',
     more_info_description:
       'Ofereça aos utilizadores mais detalhes sobre a sua aplicação no ecrã de consentimento.',
     display_name: 'Nome a apresentar',
-    display_logo: 'Logótipo a apresentar',
-    display_logo_dark: 'Logótipo a apresentar (escuro)',
+    application_logo: 'Logótipo da aplicação',
+    application_logo_dark: 'Logótipo da aplicação (escuro)',
+    brand_color: 'Cor da marca',
+    brand_color_dark: 'Cor da marca (escura)',
     terms_of_use_url: 'URL dos termos de utilização da aplicação',
     privacy_policy_url: 'URL da política de privacidade da aplicação',
   },
@@ -131,13 +148,13 @@ const application_details = {
     grant_organization_level_permissions: 'Conceder permissões de dados da organização',
   },
   roles: {
-    name_column: 'Função de máquina a máquina',
-    description_column: 'Descrição',
     assign_button: 'Atribuir funções de máquina a máquina',
     delete_description:
       'Esta ação irá remover esta função desta aplicação entre máquinas. A função em si ainda existirá, mas não será mais associada a esta aplicação entre as máquinas.',
     deleted: '{{name}} foi removido com sucesso deste utilizador.',
     assign_title: 'Atribuir funções de máquina a máquina a {{name}}',
+    assign_subtitle:
+      'Aplicações de máquina a máquina devem ter funções do tipo máquina a máquina para aceder a recursos de API relacionados.',
     assign_role_field: 'Atribuir funções de máquina a máquina',
     role_search_placeholder: 'Pesquisar por nome de função',
     added_text: '{{value, number}} adicionado',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/cloud.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/cloud.ts
index d6efe0d25bbb..658d3afe0c0e 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Nenhuma das acima mencionadas',
     },
   },
+  create_tenant: {
+    page_title: 'Criar inquilino',
+    title: 'Crie o seu primeiro inquilino',
+    description:
+      'Um inquilino é um ambiente isolado onde pode gerir identidades de utilizadores, aplicações e todos os demais recursos da Logto.',
+    invite_collaborators: 'Convide os seus colaboradores por email',
+  },
   sie: {
     page_title: 'Personalize a Experiência de Login',
     title: 'Vamos personalizar a sua experiência de login com facilidade',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/connector-details.ts
index 63c880fddc8b..78e8179972e6 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'Exiba o nome da sua empresa, endereço ou código postal no rodapé dos e-mails para aumentar a autenticidade.',
     company_information_placeholder: 'Informação básica da empresa',
+    email_logo_field: 'Logotipo do e-mail',
+    email_logo_tip:
+      'Exiba o logotipo da sua marca no topo dos e-mails. Use a mesma imagem para ambos os modos: claro e escuro.',
     urls_not_allowed: 'Os URLs não são permitidos',
     test_notes: 'O Logto utiliza o modelo "Genérico" para os testes.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap é uma forma segura e fácil de os utilizadores entrarem no seu site.',
+    enable_google_one_tap: 'Ativar Google One Tap',
+    enable_google_one_tap_description:
+      'Ative o Google One Tap na sua experiência de início de sessão: Permita que os utilizadores se inscrevam ou entrem rapidamente com a conta Google deles se já estiverem ligados no dispositivo.',
+    configure_google_one_tap: 'Configurar Google One Tap',
+    auto_select: 'Selecionar automaticamente a credencial, se possível',
+    close_on_tap_outside: 'Cancelar o prompt se o utilizador clicar/tocar fora',
+    itp_support: 'Ativar <a>UX One Tap Melhorado em navegadores ITP</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/connectors.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/connectors.ts
index 74b88f0425a4..be5dee2e0f4d 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/connectors.ts
@@ -45,6 +45,8 @@ const connectors = {
     name_placeholder: 'Insira o nome do botão de login social',
     name_tip:
       'O nome do botão do conector será exibido como "Continuar com {{name}}." Esteja atento ao comprimento da nomenclatura caso ela fique muito longa.',
+    connector_logo: 'Logotipo do conector',
+    connector_logo_tip: 'O logotipo será exibido no botão de login do conector.',
     target: 'Nome do provedor de identidade',
     target_placeholder: 'Insira o nome do provedor de identidade do conector',
     target_tip:
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/jwt-claims.ts
index 3e1d1129e1fb..60bc9f0b7a27 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/jwt-claims.ts
@@ -33,6 +33,11 @@ const jwt_claims = {
     subtitle:
       'Utilize o parâmetro de entrada `data.user` para fornecer informações vitais do utilizador.',
   },
+  grant_data: {
+    title: 'Dados da concessão',
+    subtitle:
+      'Utilize o parâmetro de entrada `data.grant` para fornecer informações vitais da concessão, disponíveis apenas para troca de token.',
+  },
   token_data: {
     title: 'Dados do token',
     subtitle: 'Utilize o parâmetro de entrada `token` para a carga util atual do token de acesso.',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-details.ts
index 9a279fcbd103..1fbe1574f92a 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-details.ts
@@ -14,18 +14,65 @@ const organization_details = {
     'Encontre utilizadores adequados pesquisando por nome, email, telefone ou ID de utilizador. Os membros existentes não são mostrados nos resultados da pesquisa.',
   add_with_organization_role: 'Adicionar com função(ões) de organização',
   user: 'Utilizador',
+  application: 'Aplicação',
+  application_other: 'Aplicações',
+  add_applications_to_organization: 'Adicionar aplicações à organização {{name}}',
+  add_applications_to_organization_description:
+    'Encontre aplicações adequadas pesquisando pelo ID da aplicação, nome ou descrição. As aplicações existentes não são mostradas nos resultados da pesquisa.',
+  at_least_one_application: 'É necessária pelo menos uma aplicação.',
+  remove_application_from_organization: 'Remover aplicação da organização',
+  remove_application_from_organization_description:
+    'Uma vez removida, a aplicação perderá a sua associação e funções nesta organização. Esta ação não pode ser desfeita.',
+  search_application_placeholder: 'Pesquisar pelo ID da aplicação, nome ou descrição',
+  roles: 'Funções da organização',
   authorize_to_roles: 'Autorizar {{name}} a aceder às seguintes funções:',
   edit_organization_roles: 'Editar funções da organização',
-  edit_organization_roles_of_user: 'Editar funções da organização de {{name}}',
+  edit_organization_roles_title: 'Editar funções da organização de {{name}}',
   remove_user_from_organization: 'Remover utilizador da organização',
   remove_user_from_organization_description:
     'Uma vez removido, o utilizador perderá a sua adesão e funções nesta organização. Esta ação não pode ser desfeita.',
   search_user_placeholder: 'Pesquisar por nome, email, telefone ou ID de utilizador',
   at_least_one_user: 'Pelo menos um utilizador é necessário.',
+  organization_roles_tooltip: 'As funções atribuídas ao {{type}} dentro desta organização.',
   custom_data: 'Dados personalizados',
   custom_data_tip:
     'Dados personalizados é um objeto JSON que pode ser usado para armazenar dados adicionais associados à organização.',
   invalid_json_object: 'Objeto JSON inválido.',
+  branding: {
+    logo: 'Logos da organização',
+    logo_tooltip:
+      'Pode passar o ID da organização para exibir este logo na experiência de login; a versão escura do logo é necessária se o modo escuro estiver ativado nas configurações da experiência de login omni. <a>Saiba mais</a>',
+  },
+  jit: {
+    title: 'Provisionamento just-in-time',
+    description:
+      'Os utilizadores podem juntar-se automaticamente à organização e receber funções na sua primeira entrada através de alguns métodos de autenticação. Pode definir requisitos para o provisionamento just-in-time.',
+    email_domain: 'Provisionamento de domínio de email',
+    email_domain_description:
+      'Novos utilizadores que se inscrevam com os seus endereços de email verificados ou através do login social com endereços de email verificados juntar-se-ão automaticamente à organização. <a>Saiba mais</a>',
+    email_domain_placeholder: 'Introduza domínios de email para provisionamento just-in-time',
+    invalid_domain: 'Domínio inválido',
+    domain_already_added: 'Domínio já adicionado',
+    sso_enabled_domain_warning:
+      'Introduziu um ou mais domínios de email associados ao SSO empresarial. Os utilizadores com estes emails seguirão o fluxo padrão de SSO e não serão provisionados para esta organização a menos que o provisionamento de SSO empresarial esteja configurado.',
+    enterprise_sso: 'Provisionamento de SSO empresarial',
+    no_enterprise_connector_set:
+      'Ainda não configurou nenhum conector de SSO empresarial. Adicione conectores primeiro para ativar o provisionamento de SSO empresarial. <a>Configurar</a>',
+    add_enterprise_connector: 'Adicionar conector empresarial',
+    enterprise_sso_description:
+      'Novos utilizadores ou utilizadores existentes que iniciem sessão através do SSO empresarial pela primeira vez juntar-se-ão automaticamente à organização. <a>Saiba mais</a>',
+    organization_roles: 'Funções padrão da organização',
+    organization_roles_description:
+      'Atribuir funções aos utilizadores ao juntarem-se à organização através do provisionamento just-in-time.',
+  },
+  mfa: {
+    title: 'Autenticação de múltiplos fatores (MFA)',
+    tip: 'Quando a MFA é necessária, os utilizadores sem MFA configurado serão recusados ao tentar trocar um token da organização. Esta configuração não afeta a autenticação do utilizador.',
+    description:
+      'Exigir que os utilizadores configurem a autenticação de múltiplos fatores para aceder a esta organização.',
+    no_mfa_warning:
+      'Nenhum método de autenticação de múltiplos fatores está habilitado para o seu inquilino. Os utilizadores não poderão aceder a esta organização até que pelo menos um <a>método de autenticação de múltiplos fatores</a> seja habilitado.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-template.ts
index 20235c7f6d8f..ecbcb0abdb0f 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Criar função da organização',
       create: 'Criar função',
-      name_field: 'Nome da função',
-      description_field: 'Descrição',
+      name: 'Nome do papel',
+      description: 'Descrição',
+      type: 'Tipo de papel',
       created: 'A função da organização {{name}} foi criada com sucesso.',
     },
   },
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/organizations.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/organizations.ts
index 7449205a82c0..4edfcf9fe867 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Modelo de organização',
   organization_id: 'ID da organização',
   members: 'Membros',
+  machine_to_machine: 'Aplicações de máquina para máquina',
   create_organization: 'Criar organização',
   setup_organization: 'Configurar a sua organização',
   organization_list_placeholder_title: 'Organização',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/profile.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/profile.ts
index f44411bcd238..646b4bd39667 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/profile.ts
@@ -52,6 +52,42 @@ const profile = {
     description:
       'Apagar a sua conta irá remover todas as suas informações pessoais, dados de usuário e configurações. Esta ação não pode ser desfeita.',
     button: 'Apagar conta',
+    p: {
+      has_issue:
+        'Lamentamos saber que você deseja apagar a sua conta. Antes de poder apagar a sua conta, precisa resolver os seguintes problemas.',
+      after_resolved:
+        'Depois de resolver os problemas, poderá apagar a sua conta. Por favor, não hesite em entrar em contacto connosco se precisar de assistência.',
+      check_information:
+        'Lamentamos saber que você deseja apagar a sua conta. Verifique a seguinte informação cuidadosamente antes de continuar.',
+      remove_all_data:
+        'Apagar a sua conta irá remover permanentemente todos os dados sobre você na Logto Cloud. Por isso, assegure-se de fazer backup de quaisquer dados importantes antes de continuar.',
+      confirm_information:
+        'Por favor confirme que a informação acima é o que esperava. Após apagar a sua conta, não poderemos recuperá-la.',
+      has_admin_role:
+        'Visto que você tem o papel de administrador no seguinte inquilino, ele será apagado junto com a sua conta:',
+      has_admin_role_other:
+        'Visto que você tem o papel de administrador nos seguintes inquilinos, eles serão apagados junto com a sua conta:',
+      quit_tenant: 'Você está prestes a sair do seguinte inquilino:',
+      quit_tenant_other: 'Você está prestes a sair dos seguintes inquilinos:',
+    },
+    issues: {
+      paid_plan: 'O seguinte inquilino tem um plano pago, por favor cancele a subscrição primeiro:',
+      paid_plan_other:
+        'Os seguintes inquilinos têm planos pagos, por favor cancele a subscrição primeiro:',
+      subscription_status: 'O seguinte inquilino tem um problema de estado de subscrição:',
+      subscription_status_other: 'Os seguintes inquilinos têm problemas de estado de subscrição:',
+      open_invoice: 'O seguinte inquilino tem uma fatura em aberto:',
+      open_invoice_other: 'Os seguintes inquilinos têm faturas em aberto:',
+    },
+    error_occurred: 'Ocorreu um erro',
+    error_occurred_description: 'Desculpe, algo correu mal ao apagar a sua conta:',
+    request_id: 'ID do pedido: {{requestId}}',
+    try_again_later:
+      'Por favor, tente novamente mais tarde. Se o problema persistir, contacte a equipa da Logto com o ID do pedido.',
+    final_confirmation: 'Confirmação final',
+    about_to_start_deletion:
+      'Você está prestes a iniciar o processo de exclusão e esta ação não pode ser desfeita.',
+    permanently_delete: 'Apagar permanentemente',
   },
   set: 'Definir',
   change: 'Mudar',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/roles.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/roles.ts
index 1ce875396199..f636426ce357 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Criar papel',
   role_name: 'Nome do papel',
   role_type: 'Tipo de papel',
+  type_user: 'Utilizador',
+  type_machine_to_machine: 'Máquina-a-máquina',
   role_description: 'Descrição',
   role_name_placeholder: 'Digite o nome do papel',
   role_description_placeholder: 'Digite a descrição do papel',
@@ -19,16 +21,19 @@ const roles = {
   application_count: '{{count}} aplicação',
   assign_permissions: 'Atribuir permissões',
   create_role_title: 'Criar papel',
+  create_role_description: 'Use papéis para organizar permissões e atribuí-las a utilizadores.',
   create_role_button: 'Criar papel',
   role_created: 'O papel {{name}} foi criado com sucesso.',
   search: 'Pesquisar por nome do papel, descrição ou ID',
   placeholder_title: 'Papéis',
   placeholder_description:
     'Os papéis são um agrupamento de permissões que podem ser atribuídas a utilizadores. Certifique-se de adicionar permissões antes de criar papéis.',
+  assign_roles: 'Atribuir papéis',
   management_api_access_notification:
     'Para aceder à API de gestão do Logto, selecione funções com permissões de API de gestão <flag/>.',
   with_management_api_access_tip:
     'Esta função de máquina para máquina inclui permissões para a API de gestão do Logto',
+  role_creation_hint: 'Não encontra o papel certo? <a>Crie um papel</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/index.ts
index a2e27c734df7..e7f6e92b015d 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/index.ts
@@ -33,15 +33,56 @@ const sign_in_exp = {
   branding: {
     title: 'ÁREA DE MARCA',
     ui_style: 'Estilo',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: 'Logótipo e favicon do aplicativo',
+    company_logo_and_favicon: 'Logótipo e favicon da empresa',
   },
-  custom_css: {
-    title: 'CSS Personalizado',
-    css_code_editor_title: 'Personalize a sua IU com CSS personalizado',
-    css_code_editor_description1: 'Veja o exemplo de CSS personalizado.',
+  branding_uploads: {
+    app_logo: {
+      title: 'Logótipo do aplicativo',
+      url: 'URL do logótipo do aplicativo',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logótipo do aplicativo: {{error}}',
+    },
+    company_logo: {
+      title: 'Logótipo da empresa',
+      url: 'URL do logótipo da empresa',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logótipo da empresa: {{error}}',
+    },
+    organization_logo: {
+      title: 'Carregar imagem',
+      url: 'URL do logótipo da organização',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logótipo da organização: {{error}}',
+    },
+    connector_logo: {
+      title: 'Carregar imagem',
+      url: 'URL do logótipo do conector',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Logótipo do conector: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'URL do Favicon',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'UI personalizada',
+    css_code_editor_title: 'CSS personalizado',
+    css_code_editor_description1: 'Veja um exemplo de CSS personalizado.',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: 'Saiba mais',
     css_code_editor_content_placeholder:
-      'Insira o seu CSS personalizado para personalizar os estilos de qualquer elemento para as suas especificações exatas. Expresse a sua criatividade e faça a sua interface destacar-se.',
+      'Insira o seu CSS personalizado para adaptar os estilos de qualquer coisa às suas especificações exatas. Exprima a sua criatividade e faça o seu UI se destacar.',
+    bring_your_ui_title: 'Traga o seu UI',
+    bring_your_ui_description:
+      'Carregue um pacote comprimido (.zip) para substituir o UI predefinido do Logto pelo seu próprio código. <a>Saiba mais</a>',
+    preview_with_bring_your_ui_description:
+      'Os seus recursos de UI personalizados foram carregados com êxito e agora estão sendo servidos. Consequentemente, a janela de visualização incorporada foi desativada.\nPara testar o seu UI de início de sessão personalizado, clique no botão "Visualização ao vivo" para abri-lo num novo separador do navegador.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 0c37d08b8dac..4a361b9b5e3e 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -40,6 +40,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Configurar',
       go_to: 'outros conectores sociais agora.',
     },
+    automatic_account_linking: 'Ligação automática de conta',
+    automatic_account_linking_label:
+      'Quando ativado, se um utilizador iniciar sessão com uma identidade social que é nova para o sistema e existir exatamente uma conta existente com o mesmo identificador (por exemplo, email), o Logto irá automaticamente ligar a conta com a identidade social em vez de solicitar ao utilizador a ligação da conta.',
   },
   tip: {
     set_a_password: 'Um conjunto único de uma senha para o seu nome de utilizador é obrigatório.',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-item.ts
index af7361daf4f2..0a8bedff8e9d 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-item.ts
@@ -4,7 +4,7 @@ const quota_item = {
     limited: '{{count, number}} inquilino',
     limited_other: '{{count, number}} inquilinos',
     unlimited: 'Inquilinos ilimitados',
-    not_eligible: 'Eliminar tus inquilinos',
+    not_eligible: 'Eliminar os teus inquilinos',
   },
   mau_limit: {
     name: 'Utilizadores ativos mensais',
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'JWT personalizado',
     not_eligible: 'Remove o teu personalizador de reivindicações JWT',
   },
+  impersonation_enabled: {
+    name: 'Impersonação',
+    limited: 'Impersonação',
+    unlimited: 'Impersonação',
+    not_eligible: 'Não está permitido a personificação',
+  },
+  bring_your_ui_enabled: {
+    name: 'Traga a sua interface gráfica',
+    limited: 'Traga a sua interface gráfica',
+    unlimited: 'Traga a sua interface gráfica',
+    not_eligible: 'Remova os teus ativos de UI personalizados',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts
index c17b65046b1c..701f0abfd315 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'UI e branding',
     custom_domain: 'Domínio personalizado',
     custom_css: 'CSS personalizado',
+    logo_and_favicon: 'Logotipo e favicon',
+    bring_your_ui: 'Traga a sua UI',
     dark_mode: 'Modo escuro',
     i18n: 'Internacionalização',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Autenticação de vários fatores',
     sso: 'SSO Empresarial',
     adaptive_mfa: 'MFA adaptativo',
+    impersonation: 'Personificação',
   },
   user_management: {
     title: 'Gestão de utilizadores',
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/tenants.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/tenants.ts
index 641333668505..764a7ee7403f 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/tenants.ts
@@ -15,8 +15,10 @@ const tenants = {
     tenant_id: 'ID do Inquilino',
     tenant_name: 'Nome do Inquilino',
     tenant_region: 'Região de hospedagem',
+    tenant_region_description:
+      'A localização física onde os recursos do seu inquilino (utilizadores, aplicações, etc.) estão hospedados. Isto não pode ser alterado após a criação.',
     tenant_region_tip:
-      'Os recursos do seu inquilino são hospedados na região {{region}}. <a>Learn more</a>',
+      'Os recursos do seu inquilino são hospedados na região {{region}}. <a>Saiba mais</a>',
     environment_tag_development: 'Dev',
     environment_tag_production: 'Prod',
     tenant_type: 'Tipo de inquilino',
@@ -47,6 +49,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Criar inquilino',
+    subtitle: 'Crie um novo inquilino que tenha recursos e utilizadores isolados.',
     tenant_usage_purpose: 'Para que pretende utilizar este inquilino?',
     development_description:
       'Apenas para testes e não deve ser usado em produção. Não é necessário nenhum plano de subscrição.',
@@ -56,6 +59,10 @@ const tenants = {
     available_plan: 'Plano disponível:',
     create_button: 'Criar inquilino',
     tenant_name_placeholder: 'Meu inquilino',
+    tenant_created: 'Inquilino criado com sucesso.',
+    invitation_failed:
+      'Alguns convites falharam ao enviar. Por favor, tente novamente em Definições -> Membros mais tarde.',
+    tenant_type_description: 'Isto não pode ser alterado após a criação.',
   },
   dev_tenant_migration: {
     title:
@@ -103,6 +110,10 @@ const tenants = {
     description_2:
       'Se precisar de mais esclarecimentos, tiver alguma preocupação ou desejar restaurar a funcionalidade completa e desbloquear os seus inquilinos, não hesite em contactar-nos imediatamente.',
   },
+  production_tenant_notification: {
+    text: 'Está no inquilino de desenvolvimento para testes gratuitos. Crie um inquilino de produção para entrar ao vivo.',
+    action: 'Criar inquilino',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/upsell/paywall.ts
index d6affc63b3fb..a1c00176806b 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/upsell/paywall.ts
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Atualize para um plano pago para funcionalidade personalizada JWT e benefícios premium. Não hesite em <a>contactar-nos</a> se tiver alguma dúvida.',
   },
+  bring_your_ui:
+    'Atualize para um plano pago para trazer a funcionalidade da sua própria UI personalizada e benefícios premium.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/user-details.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/user-details.ts
index 4493f7c414a3..0ac698285358 100644
--- a/packages/phrases/src/locales/pt-pt/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/user-details.ts
@@ -36,9 +36,13 @@ const user_details = {
   field_custom_data: 'Dados personalizados',
   field_custom_data_tip:
     'Informações adicionais do utilizador não listadas nas propriedades predefinidas, ex: idioma preferido pelo utilizador.',
+  field_profile: 'Perfil',
+  field_profile_tip:
+    'Reivindicações adicionais do padrão OpenID Connect que não estão incluídas nas propriedades do usuário. Note que todas as propriedades desconhecidas serão removidas. Consulte a <a>referência da propriedade do perfil</a> para mais informações.',
   field_connectors: 'Conexões sociais',
   field_sso_connectors: 'Conexões empresariais',
   custom_data_invalid: 'Os dados personalizados devem ser um objeto JSON válido',
+  profile_invalid: 'O perfil deve ser um objeto JSON válido',
   connectors: {
     connectors: 'Conectores',
     user_id: 'ID do utilizador',
@@ -78,15 +82,18 @@ const user_details = {
   roles: {
     name_column: 'Função de usuário',
     description_column: 'Descrição',
+    assign_button: 'Atribuir funções',
     delete_description:
       'Esta ação irá remover esta função deste utilizador. A função em si ainda existirá, mas não estará mais associada a este utilizador.',
     deleted: '{{name}} foi removido do utilizador com sucesso.',
+    assign_title: 'Atribuir funções a {{name}}',
     assign_subtitle:
       'Encontre funções de usuário apropriadas pesquisando por nome, descrição ou ID de função.',
     assign_role_field: 'Atribuir funções',
     role_search_placeholder: 'Pesquisar pelo nome da função',
     added_text: '{{value, number}} adicionados',
     assigned_user_count: '{{value, number}} utilizador(es)',
+    confirm_assign: 'Atribuir funções',
     role_assigned: 'Função(ões) atribuída(s) com sucesso',
     search: 'Pesquisar pelo nome, descrição ou ID da função',
     empty: 'Nenhuma função disponível',
diff --git a/packages/phrases/src/locales/pt-pt/translation/demo-app.ts b/packages/phrases/src/locales/pt-pt/translation/demo-app.ts
index 013b1332948c..a80b6008dfcc 100644
--- a/packages/phrases/src/locales/pt-pt/translation/demo-app.ts
+++ b/packages/phrases/src/locales/pt-pt/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'Iniciou sessão com sucesso na pré-visualização ao vivo!',
+  subtitle: 'Aqui está a sua informação de utilizador:',
   username: 'Utilizador: ',
   user_id: 'ID de utilizador: ',
   sign_out: 'Terminar sessão na visualização ao vivo',
diff --git a/packages/phrases/src/locales/ru/errors/session.ts b/packages/phrases/src/locales/ru/errors/session.ts
index ac4e0d059378..40cdcd0d3920 100644
--- a/packages/phrases/src/locales/ru/errors/session.ts
+++ b/packages/phrases/src/locales/ru/errors/session.ts
@@ -18,10 +18,13 @@ const session = {
   verification_failed:
     'Верификация не прошла успешно. Перезапустите процесс верификации и попробуйте еще раз.',
   connector_validation_session_not_found: 'Сеанс коннектора для проверки токена не найден.',
+  csrf_token_mismatch: 'Несоответствие CSRF-токена.',
   identifier_not_found:
     'Идентификатор пользователя не найден. Вернитесь и войдите в систему снова.',
   interaction_not_found: 'Сессия взаимодействия не найдена. Вернитесь и начните сессию заново.',
   not_supported_for_forgot_password: 'Эта операция не поддерживается для забытого пароля.',
+  identity_conflict:
+    'Обнаружено несоответствие личности. Пожалуйста, начните новую сессию для продолжения с другой личностью.',
   mfa: {
     require_mfa_verification: 'Требуется проверка MFA для входа в систему.',
     mfa_sign_in_only: 'Mfa доступен только для взаимодействия при входе в систему.',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts b/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts
index 65625e79cc2a..f2b927751bf6 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts
@@ -23,6 +23,7 @@ const application_details = {
   description: 'Описание',
   description_placeholder: 'Введите описание своего приложения',
   config_endpoint: 'Конечная точка конфигурации OpenID Provider',
+  issuer_endpoint: 'Конечная точка издателя',
   authorization_endpoint: 'Конечная точка авторизации',
   authorization_endpoint_tip:
     'Конечная точка для аутентификации и авторизации. Он используется для аутентификации <a>OpenID Connect</a>.',
@@ -62,6 +63,13 @@ const application_details = {
   rotate_refresh_token: 'Поворот Refresh Token',
   rotate_refresh_token_label:
     'При включении Logto будет выдавать новый Refresh Token для запросов токенов, когда пройдет 70% изначального Time to Live (TTL) или будут выполнены определенные условия. <a>Узнать больше</a>',
+  backchannel_logout: 'Отключение обратного канала',
+  backchannel_logout_description:
+    'Настройте конечную точку отключения обратного канала OpenID Connect и требуется ли сеанс для этого приложения.',
+  backchannel_logout_uri: 'URI для отключения обратного канала',
+  backchannel_logout_uri_session_required: 'Требуется ли сеанс?',
+  backchannel_logout_uri_session_required_description:
+    'При включении RP требует, чтобы претензия `sid` (идентификатор сеанса) была включена в токен выхода, чтобы идентифицировать сеанс RP с OP, когда используется `backchannel_logout_uri`.',
   delete_description:
     'Это действие нельзя отменить. Оно навсегда удалит приложение. Введите название приложения <span> {{name}} </span>, чтобы подтвердить.',
   enter_your_application_name: 'Введите название своего приложения',
@@ -85,15 +93,24 @@ const application_details = {
     'Обеспечьте защиту вашего исходного сервера от прямого доступа. Обратитесь к руководству для получения более <a>подробных инструкций</a>.',
   session_duration: 'Продолжительность сеанса (дни)',
   try_it: 'Попробуйте',
+  no_organization_placeholder: 'Организация не найдена. <a>Перейти к организациям</a>',
   branding: {
     name: 'Брендинг',
     description: 'Настройте отображаемое имя и логотип вашего приложения на экране согласия.',
+    description_third_party:
+      'Настройте отображаемое имя и логотип вашего приложения на экране согласия.',
+    app_logo: 'Логотип приложения',
+    app_level_sie: 'Опыт входа на уровне приложения',
+    app_level_sie_switch:
+      'Включите опыт входа на уровне приложения и настройте брендинг для приложения. Если отключено, будет использоваться омни-опыт входа.',
     more_info: 'Дополнительная информация',
     more_info_description:
       'Предлагайте пользователям больше информации о вашем приложении на экране согласия.',
     display_name: 'Отображаемое имя',
-    display_logo: 'Отображаемый логотип',
-    display_logo_dark: 'Отображаемый логотип (темный)',
+    application_logo: 'Логотип приложения',
+    application_logo_dark: 'Логотип приложения (темный)',
+    brand_color: 'Цвет бренда',
+    brand_color_dark: 'Цвет бренда (темный)',
     terms_of_use_url: 'URL условий использования приложения',
     privacy_policy_url: 'URL политики конфиденциальности приложения',
   },
@@ -131,13 +148,13 @@ const application_details = {
     grant_organization_level_permissions: 'Предоставить разрешения на данные организации',
   },
   roles: {
-    name_column: 'Роль между машинами',
-    description_column: 'Описание',
     assign_button: 'Назначить роли между машинами',
     delete_description:
       'Это действие удалит эту роль из этого приложения. Сама роль останется, но больше не будет связана с этим приложением.',
     deleted: '{{name}} успешно удалено у этого пользователя.',
     assign_title: 'Назначить роли между машинами для {{name}}',
+    assign_subtitle:
+      'Приложения типа «машина к машине» должны иметь соответствующие роли для доступа к связанным ресурсам API.',
     assign_role_field: 'Назначить роли между машинами',
     role_search_placeholder: 'Поиск по названию роли',
     added_text: '{{value, number}} добавлено',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/cloud.ts b/packages/phrases/src/locales/ru/translation/admin-console/cloud.ts
index 091fd3ef460b..fa3edf602905 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Ничего из вышеперечисленного',
     },
   },
+  create_tenant: {
+    page_title: 'Создать арендатора',
+    title: 'Создайте вашего первого арендатора',
+    description:
+      'Арендатор – это изолированная среда, где вы можете управлять пользовательскими идентификаторами, приложениями и всеми другими ресурсами Logto.',
+    invite_collaborators: 'Пригласите ваших сотрудников по электронной почте',
+  },
   sie: {
     page_title: 'Настройка опыта входа',
     title: 'Давайте сначала легко настроим ваш опыт входа',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/ru/translation/admin-console/connector-details.ts
index 8486f7dfc797..6e9cff6c9f39 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'Отображайте имя вашей компании, адрес или почтовый код внизу электронных писем, чтобы улучшить подлинность.',
     company_information_placeholder: 'Основная информация о вашей компании',
+    email_logo_field: 'Логотип электронной почты',
+    email_logo_tip:
+      'Отображайте логотип вашего бренда вверху писем. Используйте одно и то же изображение как для режима светлого, так и для режима темного.',
     urls_not_allowed: 'URL-адреса не разрешены',
     test_notes: 'Logto использует шаблон "Общий" для тестирования.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap — это безопасный и удобный способ для пользователей войти на ваш сайт.',
+    enable_google_one_tap: 'Включить Google One Tap',
+    enable_google_one_tap_description:
+      'Включите Google One Tap в вашем опыте входа: Позвольте пользователям быстро зарегистрироваться или войти с помощью своей учетной записи Google, если они уже вошли в свою учетную запись на устройстве.',
+    configure_google_one_tap: 'Настроить Google One Tap',
+    auto_select: 'Автоматически выбирать учетные данные, если это возможно',
+    close_on_tap_outside: 'Отменить подсказку, если пользователь кликнет/нажмет вне её',
+    itp_support: 'Включить <a>улучшенный UX One Tap для ITP браузеров</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/connectors.ts b/packages/phrases/src/locales/ru/translation/admin-console/connectors.ts
index 07636ac2d5b7..b73c17c0668e 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/connectors.ts
@@ -44,6 +44,8 @@ const connectors = {
     name_placeholder: 'Введите имя для кнопки входа через социальные сети',
     name_tip:
       'Имя кнопки коннектора будет отображаться как "Продолжить с {{name}}". Будьте внимательны к длине названия, в случае, если оно станет слишком длинным.',
+    connector_logo: 'Логотип коннектора',
+    connector_logo_tip: 'Логотип будет отображаться на кнопке входа в коннектор.',
     target: 'Имя поставщика идентификации',
     target_placeholder: 'Введите имя поставщика идентификации коннектора',
     target_tip:
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/ru/translation/admin-console/jwt-claims.ts
index 2bcaa2e38f8f..3a8c2b4ff2c9 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/jwt-claims.ts
@@ -33,6 +33,11 @@ const jwt_claims = {
     subtitle:
       'Используйте параметр ввода `data.user` для предоставления важной информации о пользователе.',
   },
+  grant_data: {
+    title: 'Данные предоставления',
+    subtitle:
+      'Используйте параметр ввода `data.grant` для предоставления важной информации о предоставлении, доступной только для обмена токенами.',
+  },
   token_data: {
     title: 'Данные токена',
     subtitle: 'Используйте параметр ввода `token` для полезной нагрузки текущего токена доступа. ',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/ru/translation/admin-console/organization-details.ts
index f9e8bdbe50af..a87c64abe1bf 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/organization-details.ts
@@ -14,19 +14,66 @@ const organization_details = {
     'Найдите подходящих пользователей, выполнив поиск по имени, электронной почте, телефону или идентификатору пользователя. Существующие участники не отображаются в результатах поиска.',
   add_with_organization_role: 'Добавить с ролями организации',
   user: 'Пользователь',
+  application: 'Приложение',
+  application_other: 'Приложения',
+  add_applications_to_organization: 'Добавить приложения в организацию {{name}}',
+  add_applications_to_organization_description:
+    'Найдите подходящие приложения, выполнив поиск по ID приложения, названию или описанию. Существующие приложения не отображаются в результатах поиска.',
+  at_least_one_application: 'Необходимо хотя бы одно приложение.',
+  remove_application_from_organization: 'Удалить приложение из организации',
+  remove_application_from_organization_description:
+    'После удаления приложение потеряет свою ассоциацию и роли в данной организации. Это действие нельзя отменить.',
+  search_application_placeholder: 'Поиск по ID приложения, названию или описанию',
+  roles: 'Роли организации',
   authorize_to_roles: 'Разрешить {{name}} доступ к следующим ролям:',
   edit_organization_roles: 'Редактирование ролей организации',
-  edit_organization_roles_of_user: 'Редактирование ролей организации для {{name}}',
+  edit_organization_roles_title: 'Редактирование ролей организации {{name}}',
   remove_user_from_organization: 'Удалить пользователя из организации',
   remove_user_from_organization_description:
     'После удаления пользователь потеряет свое членство и роли в этой организации. Это действие нельзя отменить.',
   search_user_placeholder:
     'Поиск по имени, электронной почте, телефону или идентификатору пользователя',
   at_least_one_user: 'Необходимо указать хотя бы одного пользователя.',
+  organization_roles_tooltip: 'Назначенные роли {{type}} в данной организации.',
   custom_data: 'Кастомные данные',
   custom_data_tip:
     'Кастомные данные представляют собой JSON-объект, который может использоваться для хранения дополнительных данных, связанных с организацией.',
   invalid_json_object: 'Некорректный JSON-объект.',
+  branding: {
+    logo: 'Логотипы организации',
+    logo_tooltip:
+      'Вы можете использовать идентификатор организации для отображения этого логотипа при входе в систему; потребуется темная версия логотипа, если в настройках omni sign-in включен темный режим. <a>Подробнее</a>',
+  },
+  jit: {
+    title: 'Создание по требованию',
+    description:
+      'Пользователи могут автоматически присоединиться к организации и получить роли при первом входе через некоторые методы аутентификации. Вы можете установить требования для создания по требованию.',
+    email_domain: 'Почтовый домен для создания по требованию',
+    email_domain_description:
+      'Новые пользователи, регистрирующиеся с проверенными адресами электронной почты или через социальный вход с проверенными адресами электронной почты, автоматически присоединятся к организации. <a>Подробнее</a>',
+    email_domain_placeholder: 'Введите почтовые домены для создания по требованию',
+    invalid_domain: 'Некорректный домен',
+    domain_already_added: 'Домен уже добавлен',
+    sso_enabled_domain_warning:
+      'Вы ввели один или несколько почтовых доменов, связанных с корпоративным SSO. Пользователи с этими почтовыми адресами будут следовать стандартному SSO процессу и не будут добавлены в эту организацию, если не настроено корпоративное SSO.',
+    enterprise_sso: 'Корпоративное SSO',
+    no_enterprise_connector_set:
+      'Вы еще не настроили ни одного корпоративного SSO-коннектора. Сначала добавьте коннекторы, чтобы включить корпоративное SSO. <a>Настроить</a>',
+    add_enterprise_connector: 'Добавить корпоративный коннектор',
+    enterprise_sso_description:
+      'Новые пользователи или существующие пользователи, впервые входящие с помощью корпоративного SSO, автоматически присоединятся к организации. <a>Подробнее</a>',
+    organization_roles: 'Роли организации по умолчанию',
+    organization_roles_description:
+      'Назначайте роли пользователям при присоединении к организации через создание по требованию.',
+  },
+  mfa: {
+    title: 'Многофакторная аутентификация (MFA)',
+    tip: 'Когда требуется MFA, пользователи без настроенной MFA будут отвергнуты при попытке обмена токена организации. Эта настройка не влияет на аутентификацию пользователей.',
+    description:
+      'Требовать от пользователей настройки многофакторной аутентификации для доступа к этой организации.',
+    no_mfa_warning:
+      'В вашем тенанте не включено ни одного метода многофакторной аутентификации. Пользователи не смогут получить доступ к этой организации, пока не будет включен хотя бы один <a>метод многофакторной аутентификации</a>.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/ru/translation/admin-console/organization-template.ts
index 8aada797d9d8..f94e7afa6b32 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Создать роль организации',
       create: 'Создать роль',
-      name_field: 'Название роли',
-      description_field: 'Описание',
+      name: 'Название роли',
+      description: 'Описание',
+      type: 'Тип роли',
       created: 'Роль организации {{name}} успешно создана.',
     },
   },
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/organizations.ts b/packages/phrases/src/locales/ru/translation/admin-console/organizations.ts
index a32524c9a8e9..6d8b2196d9d9 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Шаблон организации',
   organization_id: 'Идентификатор организации',
   members: 'Участники',
+  machine_to_machine: 'Приложения машина-машина',
   create_organization: 'Создать организацию',
   setup_organization: 'Настройка вашей организации',
   organization_list_placeholder_title: 'Организация',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/profile.ts b/packages/phrases/src/locales/ru/translation/admin-console/profile.ts
index 345eb9df14f3..b124b98fd07d 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/profile.ts
@@ -52,6 +52,43 @@ const profile = {
     description:
       'Удаление вашего аккаунта приведет к удалению всей вашей личной информации, пользовательских данных и конфигураций. Это действие нельзя будет отменить.',
     button: 'Удалить аккаунт',
+    p: {
+      has_issue:
+        'Мы сожалеем, что вы хотите удалить свой аккаунт. Прежде чем вы сможете удалить свой аккаунт, вам нужно решить следующие проблемы.',
+      after_resolved:
+        'Как только вы решите проблемы, вы сможете удалить свой аккаунт. Пожалуйста, не стесняйтесь обращаться к нам, если вам нужна помощь.',
+      check_information:
+        'Мы сожалеем, что вы хотите удалить свой аккаунт. Пожалуйста, внимательно проверьте следующую информацию, прежде чем продолжить.',
+      remove_all_data:
+        'Удаление вашего аккаунта навсегда удалит все данные о вас в Logto Cloud. Пожалуйста, убедитесь, что у вас есть резервная копия всех важных данных перед продолжением.',
+      confirm_information:
+        'Пожалуйста, подтвердите, что информация выше соответствует вашим ожиданиям. После удаления вашего аккаунта мы не сможем его восстановить.',
+      has_admin_role:
+        'Поскольку у вас есть роль администратора в следующем арендаторе, он будет удален вместе с вашим аккаунтом:',
+      has_admin_role_other:
+        'Поскольку у вас есть роль администратора в следующих арендаторах, они будут удалены вместе с вашим аккаунтом:',
+      quit_tenant: 'Вы собираетесь выйти из следующего арендатора:',
+      quit_tenant_other: 'Вы собираетесь выйти из следующих арендаторов:',
+    },
+    issues: {
+      paid_plan:
+        'У следующего арендатора есть платный план, пожалуйста, сначала отмените подписку:',
+      paid_plan_other:
+        'У следующих арендаторов есть платные планы, пожалуйста, сначала отмените подписку:',
+      subscription_status: 'У следующего арендатора есть проблема со статусом подписки:',
+      subscription_status_other: 'У следующих арендаторов есть проблемы со статусом подписки:',
+      open_invoice: 'У следующего арендатора есть неоплаченный счет:',
+      open_invoice_other: 'У следующих арендаторов есть неоплаченные счета:',
+    },
+    error_occurred: 'Произошла ошибка',
+    error_occurred_description: 'Извините, произошла ошибка при удалении вашего аккаунта:',
+    request_id: 'Request ID: {{requestId}}',
+    try_again_later:
+      'Пожалуйста, попробуйте позже. Если проблема сохраняется, пожалуйста, свяжитесь с командой Logto с использованием Request ID.',
+    final_confirmation: 'Окончательное подтверждение',
+    about_to_start_deletion:
+      'Вы собираетесь начать процесс удаления, и это действие нельзя будет отменить.',
+    permanently_delete: 'Удалить навсегда',
   },
   set: 'Установить',
   change: 'Изменить',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/roles.ts b/packages/phrases/src/locales/ru/translation/admin-console/roles.ts
index 7d3ea10661a8..44599300314c 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Создать роль',
   role_name: 'Имя роли',
   role_type: 'Тип роли',
+  type_user: 'Пользователь',
+  type_machine_to_machine: 'Машина-к-машине',
   role_description: 'Описание',
   role_name_placeholder: 'Введите название роли',
   role_description_placeholder: 'Введите описание роли',
@@ -19,16 +21,20 @@ const roles = {
   application_count: '{{count}} приложение',
   assign_permissions: 'Назначить права доступа',
   create_role_title: 'Создать роль',
+  create_role_description:
+    'Используйте роли для организации прав доступа и назначения их пользователям.',
   create_role_button: 'Создать роль',
   role_created: 'Роль "{{name}}" успешно создана.',
   search: 'Поиск по названию роли, описанию или ID',
   placeholder_title: 'Роли',
   placeholder_description:
     'Роли являются группировкой разрешений, которые могут быть назначены пользователям. Необходимо добавить разрешения, прежде чем создать роли.',
+  assign_roles: 'Назначить роли',
   management_api_access_notification:
     'Для доступа к API управления Logto выберите роли с разрешениями API управления <flag/>.',
   with_management_api_access_tip:
     'Эта роль от машины к машине включает разрешения для API управления Logto',
+  role_creation_hint: 'Не можете найти подходящую роль? <a>Создать роль</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/index.ts
index 1311e5e9f0bb..fbe0dcf2db35 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/index.ts
@@ -34,16 +34,56 @@ const sign_in_exp = {
   branding: {
     title: 'ЗОНА БРЕНДИНГА',
     ui_style: 'Стиль',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: 'Логотип приложения и иконка',
+    company_logo_and_favicon: 'Логотип компании и иконка',
   },
-  custom_css: {
-    title: 'Пользовательский CSS',
-    css_code_editor_title:
-      'Настройте ваш пользовательский интерфейс с помощью пользовательского CSS',
-    css_code_editor_description1: 'Смотрите пример пользовательского CSS.',
+  branding_uploads: {
+    app_logo: {
+      title: 'Логотип приложения',
+      url: 'URL логотипа приложения',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Логотип приложения: {{error}}',
+    },
+    company_logo: {
+      title: 'Логотип компании',
+      url: 'URL логотипа компании',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Логотип компании: {{error}}',
+    },
+    organization_logo: {
+      title: 'Загрузить изображение',
+      url: 'URL логотипа организации',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Логотип организации: {{error}}',
+    },
+    connector_logo: {
+      title: 'Загрузить изображение',
+      url: 'URL логотипа соединителя',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Логотип соединителя: {{error}}',
+    },
+    favicon: {
+      title: 'Иконка',
+      url: 'URL иконки',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Иконка: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'Пользовательский интерфейс',
+    css_code_editor_title: 'Пользовательский CSS',
+    css_code_editor_description1: 'См. пример пользовательского CSS.',
     css_code_editor_description2: '<a>{{link}}</a>',
-    css_code_editor_description_link_content: 'Подробнее',
+    css_code_editor_description_link_content: 'Узнать больше',
     css_code_editor_content_placeholder:
-      'Введите ваш пользовательский CSS, чтобы настроить стили для чего-угодно в соответствии с вашими требованиями. Выражайте свою креативность и выделяйте свой пользовательский интерфейс.',
+      'Введите пользовательский CSS, чтобы настроить стиль любого элемента в соответствии с вашими точными требованиями. Проявите свою креативность и выделите ваш интерфейс.',
+    bring_your_ui_title: 'Создайте свой интерфейс',
+    bring_your_ui_description:
+      'Загрузите сжатый пакет (.zip), чтобы заменить предустановленный интерфейс Logto вашим собственным кодом. <a>Узнать больше</a>',
+    preview_with_bring_your_ui_description:
+      'Ваши пользовательские ресурсы интерфейса успешно загружены и теперь доступны. Встроенное окно предварительного просмотра отключено.\nДля тестирования персонализированного интерфейса входа нажмите кнопку "Прямая трансляция" для открытия в новой вкладке браузера.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index eb879c0baa80..4e9fc018524e 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -41,6 +41,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Настроить',
       go_to: 'другие социальные коннекторы.',
     },
+    automatic_account_linking: 'Автоматическая привязка аккаунта',
+    automatic_account_linking_label:
+      'Когда включено, если пользователь входит в систему с новой для нее социальной идентичностью и существует ровно одна учетная запись с тем же идентификатором (например, электронная почта), Logto автоматически привяжет учетную запись к социальной идентичности, не запрашивая у пользователя привязку учетной записи.',
   },
   tip: {
     set_a_password: 'Уникальный пароль для вашего имени пользователя является обязательным.',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-item.ts
index 1ca3349c7b72..b6cccb109c21 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'Пользовательский JWT',
     not_eligible: 'Удалите свой настраиваемый создатель токенов JWT',
   },
+  impersonation_enabled: {
+    name: 'Выдача за другого пользователя',
+    limited: 'Выдача за другого пользователя',
+    unlimited: 'Выдача за другого пользователя',
+    not_eligible: 'Отказ в выдаче за другого пользователя',
+  },
+  bring_your_ui_enabled: {
+    name: 'Принесите свой UI',
+    limited: 'Принесите свой UI',
+    unlimited: 'Принесите свой UI',
+    not_eligible: 'Удалите свои пользовательские элементы UI',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts
index 1b487eba597e..798f32274a7b 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Интерфейс и брендинг',
     custom_domain: 'Пользовательский домен',
     custom_css: 'Пользовательский CSS',
+    logo_and_favicon: 'Логотип и значок',
+    bring_your_ui: 'Используйте свой UI',
     dark_mode: 'Темный режим',
     i18n: 'Интернационализация',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Многофакторная аутентификация',
     sso: 'Единый вход в корпоративные системы',
     adaptive_mfa: 'Адаптивный MFA',
+    impersonation: 'Имперсонация',
   },
   user_management: {
     title: 'Управление пользователями',
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/tenants.ts b/packages/phrases/src/locales/ru/translation/admin-console/tenants.ts
index f58328d86de6..818f0e737276 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/tenants.ts
@@ -15,6 +15,8 @@ const tenants = {
     tenant_id: 'ID арендатора',
     tenant_name: 'Имя арендатора',
     tenant_region: 'Регион размещения данных',
+    tenant_region_description:
+      'Физическое местоположение, где размещены ваши ресурсы арендатора (пользователи, приложения и т. д.). Это нельзя изменить после создания.',
     tenant_region_tip: 'Ваши ресурсы арендатора размещаются в {{region}}. <a>Узнайте больше</a>',
     environment_tag_development: 'Разр',
     environment_tag_production: 'Прод',
@@ -46,6 +48,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Создать арендатора',
+    subtitle: 'Создайте нового арендатора, у которого есть изолированные ресурсы и пользователи.',
     tenant_usage_purpose: 'Для чего вы хотите использовать этот арендатор?',
     development_description:
       'Только для тестирования и не должно использоваться в производстве. Подписка не требуется.',
@@ -56,6 +59,10 @@ const tenants = {
     available_plan: 'Доступный план:',
     create_button: 'Создать арендатора',
     tenant_name_placeholder: 'Мой арендатор',
+    tenant_created: 'Арендатор успешно создан.',
+    invitation_failed:
+      'Некоторые приглашения не удалось отправить. Пожалуйста, попробуйте снова в Настройки -> Участники позже.',
+    tenant_type_description: 'Это нельзя изменить после создания.',
   },
   dev_tenant_migration: {
     title:
@@ -75,7 +82,7 @@ const tenants = {
     description_line2:
       'Прежде чем удалять арендатора, возможно, мы можем вам помочь. <span><a>Связаться с нами по электронной почте</a></span>',
     description_line3:
-      'If you want to proceed, enter the tenant name "<span>{{name}}</span>" for confirmation.',
+      'Если вы хотите продолжить, введите имя арендатора "<span>{{name}}</span>" для подтверждения.',
     delete_button: 'Навсегда удалить',
     cannot_delete_title: 'Нельзя удалить этого арендатора',
     cannot_delete_description:
@@ -103,6 +110,10 @@ const tenants = {
     description_2:
       'Если вам нужна дополнительная информация или у вас возникли какие-либо вопросы или вы хотите восстановить полную функциональность и разблокировать своих арендаторов, не стесняйтесь немедленно связаться с нами.',
   },
+  production_tenant_notification: {
+    text: 'Вы находитесь в dev tenant для бесплатного тестирования. Создайте production tenant для запуска в эксплуатацию.',
+    action: 'Создать арендатора',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/ru/translation/admin-console/upsell/paywall.ts
index 91ab3a9c3b8d..0a2333e5333f 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/upsell/paywall.ts
@@ -22,7 +22,7 @@ const paywall = {
   social_connectors:
     'Достигнут лимит {{count, number}} социальных коннекторов в плане <planName/>. Для удовлетворения потребностей вашей команды повысьте план, чтобы получить дополнительные социальные коннекторы и возможность создания собственных коннекторов с использованием протоколов OIDC, OAuth 2.0 и SAML. Если вам нужна помощь, не стесняйтесь <a>связаться с нами</a>.',
   social_connectors_other:
-    'Достигнут лимит {{count, number}} социальных коннекторов в плане <planName/>. Для удовлетворения потребностей вашей команды повысьте план, чтобы получить дополнительные социальные коннекторы и возможность создания собственных коннекторов с использованием протоколов OIDC, OAuth 2.0 и SAML. Если вам нужна помощь, не стесняйтесь <a>связаться с нами</a>.',
+    'Достигнут лимит {{count, number}} социальных коннекторов в плане <planName/>. Для удовлетворения потребностей вашей команды повысьте план, чтобы получить дополнительные социальные коннекторы и возможность создания собственных коннекторов с использованием протоколов OIDC, OAuth 2.0 и SAML. Если вам нужна помощь, не стесняйтесь <a>связаться с нами</а>.',
   standard_connectors_feature:
     'Обновите план до <strong>Hobby</strong> или <strong>Pro</strong>, чтобы создавать собственные коннекторы с использованием протоколов OIDC, OAuth 2.0 и SAML, а также получить неограниченное количество социальных коннекторов и все премиальные функции. Не стесняйтесь <a>связаться с нами</a>, если вам нужна помощь.',
   standard_connectors:
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Обновите платный план для функциональности пользовательского JWT и дополнительных премиальных возможностей. Если у вас есть вопросы, не стесняйтесь <a>связаться с нами</a>.',
   },
+  bring_your_ui:
+    'Обновите план до платного, чтобы использовать собственный интерфейс и получать премиальные преимущества.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/ru/translation/admin-console/user-details.ts b/packages/phrases/src/locales/ru/translation/admin-console/user-details.ts
index 3a4bb2364bea..d532ce7eb6f2 100644
--- a/packages/phrases/src/locales/ru/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/ru/translation/admin-console/user-details.ts
@@ -34,9 +34,13 @@ const user_details = {
   field_custom_data: 'Пользовательские данные',
   field_custom_data_tip:
     'Дополнительная информация о пользователе, не указанная в заранее определенных свойствах пользователя, таких как предпочтительный цвет и язык пользователя.',
+  field_profile: 'Профиль',
+  field_profile_tip:
+    'Дополнительные стандартные утверждения OpenID Connect, которые не включены в свойства пользователя. Обратите внимание, что все неизвестные свойства будут удалены. Дополнительную информацию см. в <a>ссылке на свойство профиля</a>.',
   field_connectors: 'Социальные подключения',
   field_sso_connectors: 'Корпоративные подключения',
   custom_data_invalid: 'Пользовательские данные должны быть допустимым JSON-объектом',
+  profile_invalid: 'Профиль должен быть допустимым JSON-объектом',
   connectors: {
     connectors: 'Подключения',
     user_id: 'ID пользователя',
@@ -76,15 +80,18 @@ const user_details = {
   roles: {
     name_column: 'Роль пользователя',
     description_column: 'Описание',
+    assign_button: 'Назначить роли',
     delete_description:
       'Это действие удалит эту роль у данного пользователя. Роль все еще будет существовать, но она больше не будет связана с этим пользователем.',
     deleted: '{{name}} был(а) успешно удален(а) из этого пользователя.',
+    assign_title: 'Назначить роли {{name}}',
     assign_subtitle:
       'Найдите подходящие роли пользователя, используя поиск по имени, описанию или идентификатору роли.',
     assign_role_field: 'Назначить роли',
     role_search_placeholder: 'Поиск по названию роли',
     added_text: '{{value, number}} добавлен(а)',
     assigned_user_count: '{{value, number}} пользователей',
+    confirm_assign: 'Назначить роли',
     role_assigned: 'Роль(и) успешно назначена(ы)',
     search: 'Поиск по названию роли, описанию или ID',
     empty: 'Нет доступных ролей',
diff --git a/packages/phrases/src/locales/ru/translation/demo-app.ts b/packages/phrases/src/locales/ru/translation/demo-app.ts
index 65bcdec6282b..86658cfe45a2 100644
--- a/packages/phrases/src/locales/ru/translation/demo-app.ts
+++ b/packages/phrases/src/locales/ru/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'Вы успешно вошли в живой просмотр!',
+  subtitle: 'Вот ваша информация о пользователе:',
   username: 'Имя пользователя: ',
   user_id: 'Идентификатор пользователя: ',
   sign_out: 'Выйти из живого просмотра',
diff --git a/packages/phrases/src/locales/tr-tr/errors/session.ts b/packages/phrases/src/locales/tr-tr/errors/session.ts
index 285aa4fad3fb..5ad74adaf03e 100644
--- a/packages/phrases/src/locales/tr-tr/errors/session.ts
+++ b/packages/phrases/src/locales/tr-tr/errors/session.ts
@@ -12,29 +12,32 @@ const session = {
   verification_expired:
     'Bağlantı zaman aşımına uğradı. Hesap güvenliğiniz için yeniden doğrulama yapın.',
   verification_blocked_too_many_attempts:
-    'Too many attempts in a short time. Please try again {{relativeTime}}.',
+    'Kısa sürede çok fazla deneme yapıldı. Lütfen {{relativeTime}} sonra tekrar deneyin.',
   unauthorized: 'Lütfen önce oturum açın.',
   unsupported_prompt_name: 'Desteklenmeyen prompt adı.',
   forgot_password_not_enabled: 'Parolamı unuttum özelliği etkin değil.',
   verification_failed:
     'Doğrulama başarısız oldu. Lütfen doğrulama işlemini yeniden başlatın ve tekrar deneyin.',
   connector_validation_session_not_found: 'Token doğrulama için bağlayıcı oturumu bulunamadı.',
+  csrf_token_mismatch: 'CSRF belirteci eşleşmedi.',
   identifier_not_found: 'Kullanıcı kimliği bulunamadı. Lütfen geri gidin ve yeniden giriş yapın.',
   interaction_not_found:
     'Etkileşim oturumu bulunamadı. Lütfen geri gidin ve oturumu yeniden başlatın.',
-  not_supported_for_forgot_password: 'This operation is not supported for forgot password.',
+  not_supported_for_forgot_password: 'Parolamı unuttum için bu işlem desteklenmiyor.',
+  identity_conflict:
+    'Kimlik uyuşmazlığı tespit edildi. Farklı bir kimlikle devam etmek için yeni bir oturum başlatın.',
   mfa: {
-    require_mfa_verification: 'Mfa verification is required to sign in.',
-    mfa_sign_in_only: 'Mfa is only available for sign-in interaction.',
-    pending_info_not_found: 'Pending MFA info not found, please initiate MFA first.',
-    invalid_totp_code: 'Invalid TOTP code.',
-    webauthn_verification_failed: 'WebAuthn verification failed.',
-    webauthn_verification_not_found: 'WebAuthn verification not found.',
-    bind_mfa_existed: 'MFA already exists.',
-    backup_code_can_not_be_alone: 'Backup code can not be the only MFA.',
-    backup_code_required: 'Backup code is required.',
-    invalid_backup_code: 'Invalid backup code.',
-    mfa_policy_not_user_controlled: 'MFA policy is not user controlled.',
+    require_mfa_verification: 'Oturum açmak için Mfa doğrulaması gereklidir.',
+    mfa_sign_in_only: 'Mfa yalnızca oturum açma etkileşimi için kullanılabilir.',
+    pending_info_not_found: 'Bekleyen MFA bilgisi bulunamadı, lütfen önce MFA başlatın.',
+    invalid_totp_code: 'Geçersiz TOTP kodu.',
+    webauthn_verification_failed: 'WebAuthn doğrulaması başarısız oldu.',
+    webauthn_verification_not_found: 'WebAuthn doğrulaması bulunamadı.',
+    bind_mfa_existed: 'MFA zaten mevcut.',
+    backup_code_can_not_be_alone: 'Yedek kod yalnızca tek başına MFA olamaz.',
+    backup_code_required: 'Yedek kod gereklidir.',
+    invalid_backup_code: 'Geçersiz yedek kod.',
+    mfa_policy_not_user_controlled: 'MFA politikası kullanıcı tarafından kontrol edilmez.',
   },
   sso_enabled: 'Bu e-posta için tek oturum açma etkin. Lütfen SSO ile oturum açın.',
 };
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts
index 37f879a9dffd..8e54c879536b 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts
@@ -22,6 +22,7 @@ const application_details = {
   description: 'Açıklama',
   description_placeholder: 'Uygulama açıklamasını giriniz',
   config_endpoint: 'OpenID Sağlayıcı yapılandırma bitiş noktası',
+  issuer_endpoint: 'Yayımlayıcı bitiş noktası',
   authorization_endpoint: 'Yetkilendirme bitiş noktası',
   authorization_endpoint_tip:
     'Kimlik doğrulama ve yetkilendirme için bir bitiş noktası. OpenID Connect <a>Authentication</a> için kullanılır.',
@@ -61,6 +62,13 @@ const application_details = {
   rotate_refresh_token: 'Yenileme Belirteci değiştir',
   rotate_refresh_token_label:
     "Bu seçenek etkinleştirildiğinde, Logto Yenileme Belirteği Bitiş Süresinin %70'i geçildiğinde veya belirli koşullar sağlandığında yeni bir Yenileme Belirteği verecektir. <a>Daha fazlası için tıklayın</a>",
+  backchannel_logout: 'Arka kanal oturumu kapatma',
+  backchannel_logout_description:
+    'OpenID Connect arka kanal oturumu kapatma bitiş noktasını yapılandırın ve bu uygulama için oturumun gerekli olup olmadığını ayarlayın.',
+  backchannel_logout_uri: 'Arka kanal oturum kapatma URI',
+  backchannel_logout_uri_session_required: 'Oturum gerekli mi?',
+  backchannel_logout_uri_session_required_description:
+    'Etkinleştirildiğinde, RP, `sid` (oturum IDsi) talebinin oturumu kapatma belirtecinde bulunmasını ve `backchannel_logout_uri` kullanıldığında RP oturumunu OP ile tanımlamak için dahil edilmesini isteyecektir.',
   delete_description:
     'Bu eylem geri alınamaz. Uygulama kalıcı olarak silinecektir. Lütfen onaylamak için uygulama adı <span>{{name}}</span> girin.',
   enter_your_application_name: 'Uygulama adı giriniz',
@@ -78,21 +86,29 @@ const application_details = {
   custom_rules_tip:
     "İki durum senaryosu burada:<ol><li>Sadece '/admin' ve '/privacy' rotalarını kimlik doğrulama ile korumak için: ^/(admin|privacy)/.*</li><li>JPG resimlerini kimlik doğrulamadan hariç tutmak için: ^(?!.*\\.jpg$).*$</li></ol>",
   authentication_routes_description:
-    'Belirtilen rotaları kullanarak kimlik doğrulama düğmesinizi yönlendirin. Not: Bu rotalar değiştirilemez.',
+    'Belirtilen rotaları kullanarak kimlik doğrulama düğmenizi yönlendirin. Not: Bu rotalar değiştirilemez.',
   protect_origin_server: 'Orjın sunucunu koru',
   protect_origin_server_description:
     'Orjın sunucunuzu doğrudan erişimden korumaya emin olun. Daha fazla <a>açıklamalı talimatlar</a> için kılavuza bakın.',
   session_duration: 'Oturum süresi (gün cinsinden)',
   try_it: 'Deneyin',
+  no_organization_placeholder: 'Organizasyon bulunamadı. <a>Organizasyonlara git</a>',
   branding: {
     name: 'Markalama',
     description: 'Uygulamanızın adını ve logosunu açıklama ekranında özelleştirin.',
+    description_third_party: 'Uygulamanızın adını ve logosunu onay ekranında özelleştirin.',
+    app_logo: 'Uygulama logosu',
+    app_level_sie: 'Uygulama düzeyinde oturum açma deneyimi',
+    app_level_sie_switch:
+      'Uygulama düzeyinde oturum açma deneyimini etkinleştirin ve uygulamaya özel markalama ayarlayın. Devre dışı bırakılırsa, genel oturum açma deneyimi kullanılacaktır.',
     more_info: 'Daha fazla bilgi',
     more_info_description:
       'Uygulamanız hakkında kullanıcılara açıklama ekranında daha fazla bilgi sunun.',
     display_name: 'Adı göster',
-    display_logo: 'Logoyu göster',
-    display_logo_dark: 'Logoyu göster (koyu)',
+    application_logo: 'Uygulama logosu',
+    application_logo_dark: 'Uygulama logosu (koyu)',
+    brand_color: 'Marka rengi',
+    brand_color_dark: 'Marka rengi (koyu)',
     terms_of_use_url: 'Kullanım Koşulları URLsi',
     privacy_policy_url: 'Gizlilik Politikası URLsi',
   },
@@ -130,13 +146,13 @@ const application_details = {
     grant_organization_level_permissions: 'Organizasyon veri izinlerini ver',
   },
   roles: {
-    name_column: 'Makineden makineye rol',
-    description_column: 'Açıklama',
     assign_button: 'Makineden makineye rolleri atayın',
     delete_description:
       'Bu işlem bu rolü bu makine günlüğünden kaldıracaktır. Rol kendisi hala var olacak, ancak artık makine-makine uygulamasıyla ilişkilendirilmeyecektir.',
     deleted: '{{name}}, bu kullanıcıdan başarıyla kaldırıldı.',
     assign_title: '{{name}} için makineden makineye rolleri atayın',
+    assign_subtitle:
+      'Makine-makine uygulamalarının ilgili API kaynaklarına erişmek için makine-makine türünde rolleri olması gerekir.',
     assign_role_field: 'Makineden makineye rolleri atayın',
     role_search_placeholder: 'Rol adıyla arama yapın',
     added_text: '{{value, number}} eklendi',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/cloud.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/cloud.ts
index c45e11e4af17..953ae45d9279 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/cloud.ts
@@ -34,6 +34,13 @@ const cloud = {
       others: 'Yukarıdakilerden hiçbiri',
     },
   },
+  create_tenant: {
+    page_title: 'Kiracı oluştur',
+    title: 'İlk kiracınızı oluşturun',
+    description:
+      'Bir kiracı, kullanıcı kimliklerini, uygulamaları ve diğer tüm Logto kaynaklarını yönetebileceğiniz izole bir ortamdır.',
+    invite_collaborators: 'E-posta ile işbirlikçilerinizi davet edin',
+  },
   sie: {
     page_title: 'Oturum açma deneyimini özelleştirin',
     title: 'Öncelikle giriş deneyiminizi kolaylıkla özelleştirin',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/connector-details.ts
index f7eec2531aba..bc70781246d9 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/connector-details.ts
@@ -48,9 +48,24 @@ const connector_details = {
     company_information_description:
       'E-postaların alt kısmında şirket adınızı, adresinizi veya posta kodunuzu görüntüleyin.',
     company_information_placeholder: 'Şirketinizin temel bilgileri',
+    email_logo_field: 'Eposta logosu',
+    email_logo_tip:
+      'Marka logonuzu e-postaların en üstüne yerleştirin. Hem açık mod hem de koyu mod için aynı resmi kullanın.',
     urls_not_allowed: 'URLler izin verilmez',
     test_notes: 'Logto testler için "Generic" şablonunu kullanır.',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description:
+      'Google One Tap , kullanıcıların web sitenize güvenli ve kolay bir şekilde giriş yapmalarını sağlar.',
+    enable_google_one_tap: "Google One Tap'i Etkinleştir",
+    enable_google_one_tap_description:
+      "Giriş deneyiminizde Google One Tap'i etkinleştirin: Kullanıcıların cihazlarında zaten oturum açmışlarsa Google hesaplarıyla hızlıca kayıt olmalarını veya giriş yapmalarını sağlayın.",
+    configure_google_one_tap: "Google One Tap'i Yapılandır",
+    auto_select: 'Mümkünse kimlik bilgilerini otomatik seç',
+    close_on_tap_outside: 'Kullanıcı dışarıya tıklarsa istemi iptal et',
+    itp_support: "<a>ITP tarayıcılarda Yükseltilmiş One Tap UX'i</a> etkinleştir",
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/connectors.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/connectors.ts
index 4bba457c5bf8..0706846ac5ef 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/connectors.ts
@@ -45,6 +45,8 @@ const connectors = {
     name_placeholder: 'Sosyal oturum açma düğmesi için ad girin',
     name_tip:
       'Bağlayıcı düğmesinin adı "{{name}} ile devam et" olarak görüntülenecektir. İsimlendirmenin uzunluğuna dikkat edin, çok uzun olursa bir sorun oluşabilir.',
+    connector_logo: 'Bağlayıcı logosu',
+    connector_logo_tip: 'Logo, bağlayıcı oturum açma düğmesinde görüntülenecektir.',
     target: 'Kimlik sağlayıcısı adı',
     target_placeholder: 'Bağlayıcı kimlik sağlayıcısı adını girin',
     target_tip:
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/jwt-claims.ts
index 23b6faf28954..ba5d7ee7a712 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/jwt-claims.ts
@@ -32,6 +32,11 @@ const jwt_claims = {
     subtitle:
       '`veri.kullanıcı` giriş parametresini kullanarak önemli kullanıcı bilgilerini sağlayın.',
   },
+  grant_data: {
+    title: 'Yetki verisi',
+    subtitle:
+      '`veri.yetki` giriş parametresini kullanarak önemli yetki bilgilerini sağlayın, sadece belge değişimi için kullanılabilir.',
+  },
   token_data: {
     title: 'Belge verisi',
     subtitle: '`belge` giriş parametresini mevcut erişim belgesi yükü için kullanın. ',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-details.ts
index 375d3b8a1807..6d7c6dabdc94 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-details.ts
@@ -14,18 +14,65 @@ const organization_details = {
     'İsim, e-posta, telefon veya kullanıcı kimliği arayarak uygun kullanıcıları bulun. Var olan üyeler arama sonuçlarında gösterilmez.',
   add_with_organization_role: 'Kuruluş rol(ler)i ile ekle',
   user: 'Kullanıcı',
+  application: 'Uygulama',
+  application_other: 'Uygulamalar',
+  add_applications_to_organization: 'Uygulamaları {{name}} kuruluşuna ekle',
+  add_applications_to_organization_description:
+    'Uygulama kimliği, adı veya açıklaması arayarak uygun uygulamaları bulun. Var olan uygulamalar arama sonuçlarında gösterilmez.',
+  at_least_one_application: 'En az bir uygulama gereklidir.',
+  remove_application_from_organization: 'Uygulamayı kuruluştan kaldır',
+  remove_application_from_organization_description:
+    'Uygulama kaldırıldığında, bu kuruluştaki ilişkilendirmesini ve rollerini kaybedecek. Bu işlem geri alınamaz.',
+  search_application_placeholder: 'Uygulama kimliği, adı veya açıklaması arayarak arayın',
+  roles: 'Kuruluş rolleri',
   authorize_to_roles: '"{{name}}"a aşağıdaki rolleri erişim yetkisi verin:',
   edit_organization_roles: 'Kuruluş rollerini düzenle',
-  edit_organization_roles_of_user: '"{{name}}"ın kuruluş rollerini düzenle',
+  edit_organization_roles_title: '{{name}} kuruluş rollerini düzenle',
   remove_user_from_organization: 'Kullanıcıyı kuruluştan kaldır',
   remove_user_from_organization_description:
     'Kaldırıldığında, kullanıcı bu kuruluşta üyeliğini ve rollerini kaybedecek. Bu işlem geri alınamaz.',
   search_user_placeholder: 'İsim, e-posta, telefon veya kullanıcı kimliği ile ara',
   at_least_one_user: 'En az bir kullanıcı gereklidir.',
+  organization_roles_tooltip: 'Bu kuruluştaki {{type}} için atanan roller.',
   custom_data: 'Özel veri',
   custom_data_tip:
     'Özel veri, kuruluşla ilişkili ek verileri depolamak için kullanılabilen bir JSON nesnesidir.',
   invalid_json_object: 'Geçersiz JSON nesnesi.',
+  branding: {
+    logo: 'Kuruluş logoları',
+    logo_tooltip:
+      'Bu logoyu oturum açma deneyiminde görüntülemek için kuruluş kimliğini geçirebilirsiniz; koyu mod etkinse logonun koyu sürümü omni oturum açma deneyimi ayarlarında gereklidir. <a>Devamını oku</a>',
+  },
+  jit: {
+    title: 'Anında sağlama',
+    description:
+      'Kullanıcılar bazı kimlik doğrulama yöntemleriyle ilk oturum açtıklarında otomatik olarak kuruluşa katılabilir ve onlara roller atanır. Anında sağlama için karşılanacak gereksinimleri ayarlayabilirsiniz.',
+    email_domain: 'E-posta alan adı sağlama',
+    email_domain_description:
+      'Doğrulanmış e-posta adresleriyle veya doğrulanmış e-posta adresleriyle sosyal oturum açma yoluyla kaydolan yeni kullanıcılar otomatik olarak kuruluşa katılacak. <a>Devamını oku</a>',
+    email_domain_placeholder: 'Anında sağlama için e-posta alan adlarını girin',
+    invalid_domain: 'Geçersiz alan adı',
+    domain_already_added: 'Alan adı zaten eklendi',
+    sso_enabled_domain_warning:
+      'Bir veya daha fazla kurumsal SSO ile ilişkili e-posta alan adları girdiniz. Bu e-postalara sahip kullanıcılar standart SSO akışını takip edecek ve kurumsal SSO sağlama yapılandırılmadıkça bu kuruluşa sağlanmayacaktır.',
+    enterprise_sso: 'Kurumsal SSO sağlama',
+    no_enterprise_connector_set:
+      'Henüz herhangi bir kurumsal SSO konektörü kurmadınız. Kurumsal SSO sağlamayı etkinleştirmek için önce bağlayıcılar ekleyin. <a>Kur</a>',
+    add_enterprise_connector: 'Kurumsal bağlayıcı ekle',
+    enterprise_sso_description:
+      'Kurumsal SSO yoluyla ilk kez oturum açan yeni veya mevcut kullanıcılar otomatik olarak kuruluşa katılacak. <a>Devamını oku</a>',
+    organization_roles: 'Varsayılan kuruluş rolleri',
+    organization_roles_description:
+      'Anında sağlama yoluyla kuruluşa katılan kullanıcılara roller atayın.',
+  },
+  mfa: {
+    title: 'Çok faktörlü kimlik doğrulama (MFA)',
+    tip: 'MFA gerektiğinde, MFA yapılandırılmamış kullanıcılar kuruluş jetonu değiştirmeye çalıştıklarında reddedilecektir. Bu ayar kullanıcı kimlik doğrulamasını etkilemez.',
+    description:
+      'Bu kuruluşa erişmek için kullanıcılardan çok faktörlü kimlik doğrulamayı yapılandırmalarını isteyin.',
+    no_mfa_warning:
+      'Kiracınız için hiçbir çok faktörlü kimlik doğrulama yöntemi etkin değil. En az bir <a>çok faktörlü kimlik doğrulama yöntemi</a> etkinleştirilene kadar kullanıcılar bu kuruluşa erişemeyecek.',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-template.ts
index 1b56d73cfee1..df88c5248fed 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/organization-template.ts
@@ -14,8 +14,9 @@ const organization_template = {
     create_modal: {
       title: 'Kuruluş rolü oluştur',
       create: 'Rol oluştur',
-      name_field: 'Rol adı',
-      description_field: 'Açıklama',
+      name: 'Rol adı',
+      description: 'Açıklama',
+      type: 'Rol türü',
       created: 'Kuruluş rolü {{name}} başarıyla oluşturuldu.',
     },
   },
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/organizations.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/organizations.ts
index 254b21d1741a..09b088e98dd0 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: 'Kuruluş şablonu',
   organization_id: 'Kuruluş Kimliği',
   members: 'Üyeler',
+  machine_to_machine: 'Makineden makineye uygulamalar',
   create_organization: 'Kuruluş oluştur',
   setup_organization: 'Kuruluşunuzu ayarlayın',
   organization_list_placeholder_title: 'Kuruluş',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/profile.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/profile.ts
index 2faf19b63ca2..fc885e8b3b1f 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/profile.ts
@@ -52,6 +52,41 @@ const profile = {
     description:
       'Hesabınızın tüm kişisel bilgileri, kullanıcı verileri ve yapılandırması silinecektir. Bu işlem geri alınamaz.',
     button: 'Hesabı sil',
+    p: {
+      has_issue:
+        'Hesabını silmek istediğini duyduğumuza üzüldük. Hesabını silmeden önce aşağıdaki sorunları çözmen gerekiyor.',
+      after_resolved:
+        'Sorunları çözdükten sonra hesabını silebilirsin. Yardıma ihtiyacın olursa bizimle iletişime geçmekten çekinme.',
+      check_information:
+        'Hesabını silmek istediğini duyduğumuza üzüldük. Devam etmeden önce lütfen aşağıdaki bilgileri dikkatlice kontrol et.',
+      remove_all_data:
+        "Hesabını silmek, Logto Cloud'daki tüm verilerini kalıcı olarak silecektir. Bu yüzden devam etmeden önce önemli verilerini yedeklediğinden emin ol.",
+      confirm_information:
+        'Yukarıdaki bilgilerin beklediğin gibi olduğunu onayla. Hesabını sildiğinde, onu geri getiremeyeceğiz.',
+      has_admin_role:
+        'Aşağıdaki kiracıda yönetici rolün olduğundan, bu kiracı hesapla birlikte silinecektir:',
+      has_admin_role_other:
+        'Aşağıdaki kiracılarda yönetici rolün olduğundan, bu kiracılar hesapla birlikte silinecektir:',
+      quit_tenant: 'Aşağıdaki kiracıdan çıkmak üzeresin:',
+      quit_tenant_other: 'Aşağıdaki kiracılardan çıkmak üzeresin:',
+    },
+    issues: {
+      paid_plan: 'Aşağıdaki kiracıda ücretli bir plan var, lütfen önce aboneliği iptal et:',
+      paid_plan_other:
+        'Aşağıdaki kiracılarda ücretli planlar var, lütfen önce abonelikleri iptal et:',
+      subscription_status: 'Aşağıdaki kiracının abonelik durumu sorunlu:',
+      subscription_status_other: 'Aşağıdaki kiracıların abonelik durumu sorunlu:',
+      open_invoice: 'Aşağıdaki kiracının açık faturası var:',
+      open_invoice_other: 'Aşağıdaki kiracıların açık faturaları var:',
+    },
+    error_occurred: 'Bir hata oluştu',
+    error_occurred_description: 'Üzgünüz, hesabınızı silerken bir şeyler ters gitti:',
+    request_id: 'İstek Kimliği: {{requestId}}',
+    try_again_later:
+      'Lütfen daha sonra tekrar deneyin. Sorun devam ederse, lütfen istek kimliğiyle Logto ekibiyle iletişime geçin.',
+    final_confirmation: 'Nihai onay',
+    about_to_start_deletion: 'Silme işlemine başlamak üzeresiniz ve bu işlem geri alınamaz.',
+    permanently_delete: 'Kalıcı olarak sil',
   },
   set: 'Ayarla',
   change: 'Değiştir',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/roles.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/roles.ts
index 4e3aa4b41b97..42f937411170 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: 'Rol Oluştur',
   role_name: 'Rol adı',
   role_type: 'Rol tipi',
+  type_user: 'Kullanıcı',
+  type_machine_to_machine: 'Makineden makinaya',
   role_description: 'Açıklama',
   role_name_placeholder: 'Rol adınızı girin',
   role_description_placeholder: 'Rol açıklamanızı girin',
@@ -19,15 +21,18 @@ const roles = {
   application_count: '{{count}} uygulama',
   assign_permissions: 'İzinleri Ata',
   create_role_title: 'Rol Oluştur',
+  create_role_description: 'Rolleri organize etmek ve kullanıcılara atamak için kullanın.',
   create_role_button: 'Rol Oluştur',
   role_created: '{{name}} rolü başarıyla oluşturuldu.',
   search: 'Rol adı, açıklama veya kimlik numarasına göre arama yapın',
   placeholder_title: 'Roller',
   placeholder_description:
     'Roller, kullanıcılara atanabilecek izinlerin gruplandırmasıdır. Rolleri oluşturmadan önce izin eklediğinizden emin olun.',
+  assign_roles: 'Rolleri ata',
   management_api_access_notification:
     'Logto Yönetim API erişimi için yönetim API izinleri olan rolleri seçin <flag/>.',
   with_management_api_access_tip: 'Bu makine ile makine rolü, Logto yönetim API izinlerini içerir',
+  role_creation_hint: 'Doğru rolü bulamıyor musunuz? <a>Rol oluşturun</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/index.ts
index 67593c23dcd1..c0aabd42ea62 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/index.ts
@@ -34,15 +34,56 @@ const sign_in_exp = {
   branding: {
     title: 'MARKA ALANI',
     ui_style: 'Stil',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: 'Uygulama logosu ve favicon',
+    company_logo_and_favicon: 'Şirket logosu ve favicon',
   },
-  custom_css: {
-    title: 'Özel CSS',
-    css_code_editor_title: "UI'ınızı Özel CSS ile kişiselleştirin",
-    css_code_editor_description1: 'Özel CSS örneğini görüntüleyin.',
-    css_code_editor_description2: '<a>{{link}}</a>.',
-    css_code_editor_description_link_content: 'Daha fazlası için buraya tıklayın',
+  branding_uploads: {
+    app_logo: {
+      title: 'Uygulama logosu',
+      url: "Uygulama logosu URL'si",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Uygulama logosu: {{error}}',
+    },
+    company_logo: {
+      title: 'Şirket logosu',
+      url: "Şirket logosu URL'si",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Şirket logosu: {{error}}',
+    },
+    organization_logo: {
+      title: 'Görsel yükle',
+      url: "Organizasyon logosu URL'si",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Organizasyon logosu: {{error}}',
+    },
+    connector_logo: {
+      title: 'Görsel yükle',
+      url: "Bağlayıcı logosu URL'si",
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: 'Bağlayıcı logosu: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: "Favicon URL'si",
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: 'Özelleştirilmiş UI',
+    css_code_editor_title: 'Özelleştirilmiş CSS',
+    css_code_editor_description1: 'Özelleştirilmiş CSS örneğine bakın.',
+    css_code_editor_description2: '<a>{{link}}</a>',
+    css_code_editor_description_link_content: 'Daha fazla bilgi edinin',
     css_code_editor_content_placeholder:
-      "Tam olarak istediğiniz gibi o herhangi bir şeyin stilini kişiselleştirmek için özel CSS'nizi girin. Yaratıcılığınızı ifade edin ve UI'ınızın dikkat çekmesini sağlayın.",
+      "Tam olarak istediğiniz özelliklere göre stilleri uyarlamak için özelleştirilmiş CSS'inizi girin. Yaratıcılığınızı ifade edin ve UI'nizi öne çıkarın.",
+    bring_your_ui_title: "UI'nizi Getirin",
+    bring_your_ui_description:
+      "Logto'nun önceden oluşturulmuş UI'sini kendi kodunuzla değiştirmek için sıkıştırılmış bir paket (.zip) yükleyin. <a>Daha fazla bilgi edinin</a>",
+    preview_with_bring_your_ui_description:
+      'Özelleştirilmiş UI varlıklarınız başarıyla yüklendi ve şimdi sunuluyor. Sonuç olarak, yerleşik önizleme penceresi devre dışı bırakıldı.\nKişiselleştirilmiş oturum açma UI\'nizi test etmek için "Canlı Önizleme" düğmesine tıklayarak yeni bir tarayıcı sekmesinde açın.',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 54672e0e4b16..97a71bced99f 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -41,6 +41,9 @@ const sign_up_and_sign_in = {
       set_up_more: 'Daha fazlasını kur',
       go_to: 'şimdi farklı sosyal bağlantı noktalarına.',
     },
+    automatic_account_linking: 'Otomatik hesap bağlantısı',
+    automatic_account_linking_label:
+      'Açıkken, bir kullanıcı sisteme yeni bir sosyal kimlikle giriş yaparsa ve aynı tanımlayıcıya (örn., e-posta) sahip yalnızca bir mevcut hesap varsa, Logto kullanıcıdan hesap bağlantısı istemek yerine hesabı otomatik olarak sosyal kimlikle bağlar.',
   },
   tip: {
     set_a_password: 'Kullanıcı adınıza benzersiz bir şifre belirlemek şarttır.',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-item.ts
index e5c77bee9ec4..c9815e21e16c 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: 'Özel JWT',
     not_eligible: 'JWT taleplerinizin özelleştiricisini kaldırın',
   },
+  impersonation_enabled: {
+    name: 'Kişileştirme',
+    limited: 'Kişileştirme',
+    unlimited: 'Kişileştirme',
+    not_eligible: 'Kişileştirmeye izin verilmez',
+  },
+  bring_your_ui_enabled: {
+    name: 'Ara yüzünü getir',
+    limited: 'Ara yüzünü getir',
+    unlimited: 'Ara yüzünü getir',
+    not_eligible: 'Özel UI varlıklarınızı kaldırın',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts
index 1f78ccd30298..3a526a240347 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: 'Kullanıcı Arayüzü ve Markalama',
     custom_domain: 'Özel alan adı',
     custom_css: 'Özel CSS',
+    logo_and_favicon: 'Logo ve favicon',
+    bring_your_ui: 'Kendi arayüzünü getir',
     dark_mode: 'Karanlık mod',
     i18n: 'Uluslararasılaştırma',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: 'Çoklu faktörlü kimlik doğrulama',
     sso: 'Kurumsal SSO',
     adaptive_mfa: 'Uyarlamalı MFA',
+    impersonation: 'Taklit etme',
   },
   user_management: {
     title: 'Kullanıcı Yönetimi',
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/tenants.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/tenants.ts
index a05b6e39a6cd..cba7e4cb3c9d 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/tenants.ts
@@ -14,6 +14,8 @@ const tenants = {
     tenant_id: 'Kiracı Kimliği',
     tenant_name: 'Kiracı Adı',
     tenant_region: 'Veriler barındırılan bölge',
+    tenant_region_description:
+      'Kiracı kaynaklarınızın (kullanıcılar, uygulamalar vb.) barındırıldığı fiziksel konum. Bu, oluşturulduktan sonra değiştirilemez.',
     tenant_region_tip:
       'Kiracı kaynaklarınız {{region}} bölgesinde barındırılır. <a>Daha fazla bilgi</a>',
     environment_tag_development: 'Geliş',
@@ -46,6 +48,7 @@ const tenants = {
   },
   create_modal: {
     title: 'Kiracı Oluştur',
+    subtitle: 'İzolasyonlu kaynaklara ve kullanıcılara sahip yeni bir kiracı oluşturun.',
     tenant_usage_purpose: 'Bu kiracıyı ne için kullanmak istiyorsunuz?',
     development_description:
       'Yalnızca test amacıyla ve üretimde kullanılmamalıdır. Abonelik gerekli değildir.',
@@ -56,6 +59,10 @@ const tenants = {
     available_plan: 'Mevcut plan:',
     create_button: 'Kiracı oluştur',
     tenant_name_placeholder: 'Benim kiracım',
+    tenant_created: 'Kiracı başarıyla oluşturuldu.',
+    invitation_failed:
+      'Bazı davetler gönderilemedi. Lütfen daha sonra Ayarlar -> Üyeler üzerinden tekrar deneyin.',
+    tenant_type_description: 'Bu, oluşturulduktan sonra değiştirilemez.',
   },
   dev_tenant_migration: {
     title:
@@ -102,6 +109,10 @@ const tenants = {
     description_2:
       'Daha fazla açıklama, endişeleriniz veya işlevselliği tamamen geri yüklemek ve kiracılarınızı engellemek isterseniz, lütfen derhal bizimle iletişime geçmekten çekinmeyin.',
   },
+  production_tenant_notification: {
+    text: 'Ücretsiz test için bir geliştirme kiracısındasınız. Yayına geçmek için bir üretim kiracısı oluşturun.',
+    action: 'Kiracı oluştur',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/upsell/paywall.ts
index a9c3696c0386..5a029a4e17fb 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/upsell/paywall.ts
@@ -38,9 +38,9 @@ const paywall = {
   roles_other:
     '{{count, number}} <planName/> rol sınırına ulaşıldı. İlave roller ve izinler eklemek için planı yükseltin. Yardım için ihtiyacınız olursa, <a>iletişime geçin</a>.',
   machine_to_machine_roles:
-    '{{count, number}} machine-to-machine role of <planName/> limit reached. Upgrade plan to add additional roles and permissions. Feel free to <a>contact us</a> if you need any assistance.',
+    '{{count, number}} <planName/> makine-makine rol sınırına ulaşıldı. İlave roller ve izinler eklemek için planı yükseltin. Yardım için ihtiyacınız olursa, <a>iletişime geçin</a>.',
   machine_to_machine_roles_other:
-    '{{count, number}} machine-to-machine roles of <planName/> limit reached. Upgrade plan to add additional roles and permissions. Feel free to <a>contact us</a> if you need any assistance.',
+    '{{count, number}} <planName/> makine-makine rol sınırına ulaşıldı. İlave roller ve izinler eklemek için planı yükseltin. Yardım için ihtiyacınız olursa, <a>iletişime geçin</a>.',
   scopes_per_role:
     '{{count, number}} <planName/> rol başına izin sınırına ulaşıldı. İlave roller ve izinler eklemek için planı yükseltin. Yardım için ihtiyacınız olursa, <a>iletişime geçin</a>.',
   scopes_per_role_other:
@@ -65,6 +65,8 @@ const paywall = {
     description:
       'Özel JWT işlevselliği ve prim avantajları için ücretli bir plana yükseltin. Sorularınız varsa, çekinmeden <a>iletişime geçin</a>.',
   },
+  bring_your_ui:
+    'Özel kullanıcı arayüzü işlevselliği ve prim avantajları için ücretli bir plana geçin.',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/user-details.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/user-details.ts
index 81e476f04b31..afdc7dd66fe5 100644
--- a/packages/phrases/src/locales/tr-tr/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/user-details.ts
@@ -34,9 +34,13 @@ const user_details = {
   field_custom_data: 'Özel veriler',
   field_custom_data_tip:
     'Kullanıcı tarafından tercih edilen renk ve dil gibi önceden tanımlanmış kullanıcı özelliklerinde listelenmeyen ek kullanıcı bilgileri.',
+  field_profile: 'Profil',
+  field_profile_tip:
+    'Kullanıcının özelliklerine dahil olmayan ek OpenID Connect standart talepleri. Tüm bilinmeyen özelliklerin kaldırılacağını unutmayın. Daha fazla bilgi için <a>profil özellik referansına</a> bakın.',
   field_connectors: 'Sosyal bağlayıcılar',
   field_sso_connectors: 'İş bağlantıları',
   custom_data_invalid: 'Özel veriler geçerli bir JSON nesnesi olmalıdır',
+  profile_invalid: 'Profil geçerli bir JSON nesnesi olmalıdır',
   connectors: {
     connectors: 'Bağlayıcılar',
     user_id: 'Kullanıcı IDsi',
@@ -77,15 +81,18 @@ const user_details = {
   roles: {
     name_column: 'Kullanıcı rolü',
     description_column: 'Açıklama',
+    assign_button: 'Rolleri ata',
     delete_description:
       'Bu işlem, bu rolü bu kullanıcıdan kaldıracaktır. Rol kendisi hala var olacaktır, ancak artık bu kullanıcıyla ilişkili olmayacaktır.',
     deleted: '{{name}} bu kullanıcıdan başarıyla kaldırıldı.',
+    assign_title: "{{name}}'e rolleri ata",
     assign_subtitle:
       'İsim, açıklama veya rol kimliği ile arama yaparak uygun kullanıcı rollerini bulun.',
     assign_role_field: 'Rolleri ata',
     role_search_placeholder: 'Rol adına göre arama yapın',
     added_text: '{{value, number}} eklendi',
     assigned_user_count: '{{value, number}} kullanıcı',
+    confirm_assign: 'Rolleri ata',
     role_assigned: 'Rol(ler) başarıyla atandı',
     search: 'Rol adına, açıklamasına veya Kimliğine göre arama yapın',
     empty: 'Uygun rol yok',
diff --git a/packages/phrases/src/locales/tr-tr/translation/demo-app.ts b/packages/phrases/src/locales/tr-tr/translation/demo-app.ts
index ec595fd6b33b..cd527db6fa07 100644
--- a/packages/phrases/src/locales/tr-tr/translation/demo-app.ts
+++ b/packages/phrases/src/locales/tr-tr/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: 'Canlı önizlemede başarıyla oturum açtınız!',
+  subtitle: 'İşte kullanıcı bilgileriniz:',
   username: 'Kullanıcı Adı: ',
   user_id: 'Kullanıcı Kimliği: ',
   sign_out: 'Canlı Önizlemeyi Kapat',
diff --git a/packages/phrases/src/locales/zh-cn/errors/session.ts b/packages/phrases/src/locales/zh-cn/errors/session.ts
index a344076844cc..210cb188c376 100644
--- a/packages/phrases/src/locales/zh-cn/errors/session.ts
+++ b/packages/phrases/src/locales/zh-cn/errors/session.ts
@@ -8,28 +8,29 @@ const session = {
   connector_session_not_found: '无法找到连接器登录信息，请尝试重新登录。',
   verification_session_not_found: '验证失败，请重新验证。',
   verification_expired: '当前页面已超时。为确保你的账号安全，请重新验证。',
-  verification_blocked_too_many_attempts:
-    'Too many attempts in a short time. Please try again {{relativeTime}}.',
+  verification_blocked_too_many_attempts: '尝试次数过多。请稍后再试 {{relativeTime}}。',
   unauthorized: '请先登录',
   unsupported_prompt_name: '不支持的 prompt name',
   forgot_password_not_enabled: '忘记密码功能没有开启。',
   verification_failed: '验证失败，请重新验证。',
   connector_validation_session_not_found: '找不到连接器用于验证 token 的信息。',
+  csrf_token_mismatch: 'CSRF token 不匹配。',
   identifier_not_found: '找不到用户标识符。请返回并重新登录。',
   interaction_not_found: '找不到交互会话。请返回并重新开始会话。',
-  not_supported_for_forgot_password: 'This operation is not supported for forgot password.',
+  not_supported_for_forgot_password: '此操作不支持忘记密码。',
+  identity_conflict: '检测到身份不匹配。请启动一个新会话以使用不同的身份进行操作。',
   mfa: {
-    require_mfa_verification: 'Mfa verification is required to sign in.',
-    mfa_sign_in_only: 'Mfa is only available for sign-in interaction.',
-    pending_info_not_found: 'Pending MFA info not found, please initiate MFA first.',
-    invalid_totp_code: 'Invalid TOTP code.',
-    webauthn_verification_failed: 'WebAuthn verification failed.',
-    webauthn_verification_not_found: 'WebAuthn verification not found.',
-    bind_mfa_existed: 'MFA already exists.',
-    backup_code_can_not_be_alone: 'Backup code can not be the only MFA.',
-    backup_code_required: 'Backup code is required.',
-    invalid_backup_code: 'Invalid backup code.',
-    mfa_policy_not_user_controlled: 'MFA policy is not user controlled.',
+    require_mfa_verification: '需要多因素身份验证 (MFA) 才能登录。',
+    mfa_sign_in_only: '多因素身份验证 (MFA) 仅适用于登录交互。',
+    pending_info_not_found: '找不到待处理的多因素身份验证 (MFA) 信息，请先启动 MFA。',
+    invalid_totp_code: '无效的 TOTP 代码。',
+    webauthn_verification_failed: 'WebAuthn 验证失败。',
+    webauthn_verification_not_found: '未找到 WebAuthn 验证。',
+    bind_mfa_existed: '多因素身份验证 (MFA) 已存在。',
+    backup_code_can_not_be_alone: '备用代码不能是唯一的 MFA。',
+    backup_code_required: '需要备用代码。',
+    invalid_backup_code: '无效的备用代码。',
+    mfa_policy_not_user_controlled: 'MFA 策略不受用户控制。',
   },
   sso_enabled: '该邮箱已开启单点登录，请使用 SSO 登录。',
 };
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts
index b6b6cb6fcdde..c18fa79c33a9 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts
@@ -21,6 +21,7 @@ const application_details = {
   description: '描述',
   description_placeholder: '请输入应用描述',
   config_endpoint: 'OpenID Provider 配置端点',
+  issuer_endpoint: '发行者端点',
   authorization_endpoint: '授权端点',
   authorization_endpoint_tip: '进行鉴权与授权的端点。用于 OpenID Connect 中的 <a>鉴权</a> 流程。',
   show_endpoint_details: '显示端点详细信息',
@@ -59,6 +60,12 @@ const application_details = {
   rotate_refresh_token: '轮换刷新令牌',
   rotate_refresh_token_label:
     '启用后，当原先的刷新令牌的时效已经过去 70%，或者满足一定条件时，Logto 将会为访问令牌请求发放新的刷新令牌。<a>了解更多</a>',
+  backchannel_logout: '后端通道注销',
+  backchannel_logout_description: '配置 OpenID Connect 后端通道注销端点，以及该应用是否需要会话。',
+  backchannel_logout_uri: '后端通道注销 URI',
+  backchannel_logout_uri_session_required: '是否需要会话？',
+  backchannel_logout_uri_session_required_description:
+    '启用后，当使用 `backchannel_logout_uri` 时，RP 需要在注销令牌中包含 `sid`（会话 ID）声明，以标识 RP 与 OP 的会话。',
   delete_description: '本操作会永久性地删除该应用，且不可撤销。输入 <span>{{name}}</span> 确认。',
   enter_your_application_name: '输入你的应用名称',
   application_deleted: '应用 {{name}} 成功删除。',
@@ -79,14 +86,21 @@ const application_details = {
     '确保保护源服务器免受直接访问。请参阅指南了解更多<a>详细说明</a>。',
   session_duration: '会话持续时间（天）',
   try_it: '试一下',
+  no_organization_placeholder: '找不到组织。<a>前往组织</a>',
   branding: {
     name: '品牌化',
     description: '在授权屏幕上自定义应用程序的显示名称和标识。',
+    description_third_party: '自定义应用程序在同意屏幕上的显示名称和标识。',
+    app_logo: '应用标识',
+    app_level_sie: '应用级别的登录体验',
+    app_level_sie_switch: '启用应用级别的登录体验并设置特定品牌。如果禁用，将使用全局登录体验。',
     more_info: '更多信息',
     more_info_description: '在授权屏幕上为用户提供关于您的应用程序的更多详细信息。',
     display_name: '显示名称',
-    display_logo: '显示标识',
-    display_logo_dark: '显示标识（深色）',
+    application_logo: '应用标识',
+    application_logo_dark: '应用标识（深色）',
+    brand_color: '品牌颜色',
+    brand_color_dark: '品牌颜色（深色）',
     terms_of_use_url: '应用程序使用条款 URL',
     privacy_policy_url: '应用程序隐私政策 URL',
   },
@@ -100,7 +114,7 @@ const application_details = {
     field_description: '在授权屏幕中显示',
     delete_text: '删除权限',
     permission_delete_confirm:
-      '此操作将会撤回授予第三方应用程序的权限，阻止其请求特定数据类型的用户授权。您确定要继续吗？',
+      '此操作将会撤回授予第三方应用程序的权限，阻止其请求特定数据类型的用户授权。你确定要继续吗？',
     permissions_assignment_description:
       '选择第三方应用程序请求用于用户授权访问特定数据类型的权限。',
     user_profile: '用户数据',
@@ -110,7 +124,7 @@ const application_details = {
     organization_permissions_assignment_form_title: '添加组织权限',
     api_resource_permissions_assignment_form_title: '添加 API 资源权限',
     user_data_permission_description_tips:
-      '您可以通过“登录体验 > 内容 > 管理语言”修改个人用户数据权限的描述。',
+      '你可以通过“登录体验 > 内容 > 管理语言”修改个人用户数据权限的描述。',
     permission_description_tips:
       '当 Logto 作为第三方应用程序中的身份提供者（IdP）用于授权时，用户被要求授权时，此描述会显示在授权屏幕上。',
     user_title: '用户',
@@ -121,12 +135,11 @@ const application_details = {
     grant_organization_level_permissions: '授予组织数据权限',
   },
   roles: {
-    name_column: '机器对机器角色',
-    description_column: '描述',
     assign_button: '分配机器对机器角色',
     delete_description: '此操作将会从此应用中移除此角色。角色本身仍然存在，但不再与此应用关联。',
     deleted: '成功从此用户中移除 {{name}}。',
     assign_title: '将机器对机器角色分配给 {{name}}',
+    assign_subtitle: '机器对机器应用必须拥有机器对机器类型的角色，才能访问相关的 API 资源。',
     assign_role_field: '分配机器对机器角色',
     role_search_placeholder: '按角色名称搜索',
     added_text: '{{value, number}}个已添加',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/cloud.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/cloud.ts
index d6a460b4ef28..24b8e4cbbd32 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/cloud.ts
@@ -29,6 +29,12 @@ const cloud = {
       others: '以上都不是',
     },
   },
+  create_tenant: {
+    page_title: '创建租户',
+    title: '创建你的第一个租户',
+    description: '租户是一个隔离的环境，你可以在其中管理用户身份、应用程序和所有其他 Logto 资源。',
+    invite_collaborators: '通过电子邮件邀请你的合作者',
+  },
   sie: {
     page_title: '定制登录体验',
     title: '让我们轻松定制你的登录体验',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/connector-details.ts
index 54a48389e635..3d034321aba7 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/connector-details.ts
@@ -45,9 +45,22 @@ const connector_details = {
     company_information_field: '公司信息',
     company_information_description: '在电子邮件底部显示您公司的名称、地址或邮编，以增强真实性。',
     company_information_placeholder: '你公司的基本信息',
+    email_logo_field: '电子邮件标志',
+    email_logo_tip: '在电子邮件顶部显示你的品牌标志。对浅色模式和深色模式使用相同的图像。',
     urls_not_allowed: '不允许使用 URL',
     test_notes: 'Logto 使用 "通用" 模板进行测试。',
   },
+  google_one_tap: {
+    title: 'Google 一键登录',
+    description: 'Google 一键登录是一种安全且方便的方式，用户可以用它登录你的网站。',
+    enable_google_one_tap: '启用 Google 一键登录',
+    enable_google_one_tap_description:
+      '在你的登录体验中启用 Google 一键登录：如果用户已经在设备上登录，可以让他们快速注册或登录。',
+    configure_google_one_tap: '配置 Google 一键登录',
+    auto_select: '如果可能，自动选择凭据',
+    close_on_tap_outside: '如果用户点击/点击外部则取消提示',
+    itp_support: '启用 <a>在 ITP 浏览器上升级的一键登录 UX</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/connectors.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/connectors.ts
index f4f1cf8a51b1..bff19bc4dd06 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/connectors.ts
@@ -40,6 +40,8 @@ const connectors = {
     name: '社交登录按钮的名称',
     name_placeholder: '输入社交登录按钮的名称',
     name_tip: '按钮上将展示「通过 {{name}} 继续」。名字不宜过长而导致信息无法展示完整。',
+    connector_logo: '连接器 logo',
+    connector_logo_tip: '该 logo 将显示在连接器登录按钮上。',
     target: '身份提供商名称',
     target_placeholder: '输入身份提供商的名称',
     target_tip: '在“身份供应商名称”字段中输入唯一的标识符字符串，用于区分社交身份来源。',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/jwt-claims.ts
index 32722a3ab3aa..d5c341612cb1 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/jwt-claims.ts
@@ -17,7 +17,7 @@ const jwt_claims = {
   custom_jwt_create_button: '添加自定义声明',
   custom_jwt_item: '自定义声明{{for}}',
   delete_modal_title: '删除自定义声明',
-  delete_modal_content: '您确定要删除自定义声明吗？',
+  delete_modal_content: '你确定要删除自定义声明吗？',
   clear: '清除',
   cleared: '已清除',
   restore: '恢复默认',
@@ -29,6 +29,10 @@ const jwt_claims = {
     title: '用户数据',
     subtitle: '使用`data.user`输入参数提供重要用户信息。',
   },
+  grant_data: {
+    title: '授权数据',
+    subtitle: '使用`data.grant`输入参数提供重要的授权信息，仅适用于令牌交换。',
+  },
   token_data: {
     title: '令牌数据',
     subtitle: '使用`token`输入参数查看当前访问令牌负载。',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-details.ts
index 3f32eb62d12b..bcd1ab4b7358 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-details.ts
@@ -13,17 +13,62 @@ const organization_details = {
     '通过姓名、电子邮件、电话或用户ID搜索合适的用户。搜索结果中不显示现有成员。',
   add_with_organization_role: '以机构角色加入',
   user: '用户',
+  application: '应用',
+  application_other: '应用',
+  add_applications_to_organization: '向组织{{name}}添加应用',
+  add_applications_to_organization_description:
+    '通过搜索应用 ID、名称或描述来找到合适的应用。搜索结果中不显示现有应用。',
+  at_least_one_application: '至少需要一个应用。',
+  remove_application_from_organization: '从机构中移除应用',
+  remove_application_from_organization_description:
+    '一旦移除，应用将失去其在该机构中的关联和角色。此操作将无法撤销。',
+  search_application_placeholder: '按应用 ID、名称或描述搜索',
+  roles: '机构角色',
   authorize_to_roles: '授权{{name}}访问以下角色:',
   edit_organization_roles: '编辑机构角色',
-  edit_organization_roles_of_user: '编辑{{name}}的机构角色',
+  edit_organization_roles_title: '编辑{{name}}的机构角色',
   remove_user_from_organization: '从机构中移除用户',
   remove_user_from_organization_description:
     '一旦移除，用户将失去他们在这个机构中的成员资格和角色。此操作将无法撤销。',
   search_user_placeholder: '按名称、电子邮件、电话或用户ID搜索',
   at_least_one_user: '至少需要一个用户。',
+  organization_roles_tooltip: '{{type}}在此机构中分配的角色。',
   custom_data: '自定义数据',
   custom_data_tip: '自定义数据是一个 JSON 对象，可用于存储与机构关联的附加数据。',
   invalid_json_object: '无效的 JSON 对象。',
+  branding: {
+    logo: '机构标志',
+    logo_tooltip:
+      '你可以传递机构 ID 以在登录体验中显示此标志；如果在全套登录体验设置中启用了深色模式，则需要深色版本的标志。<a>了解更多</a>',
+  },
+  jit: {
+    title: '即时供应',
+    description:
+      '用户可以在通过某些身份验证方法首次登录时自动加入机构并被分配角色。你可以设置即时供应的要求。',
+    email_domain: '电子邮件域供应',
+    email_domain_description:
+      '新用户使用他们的验证电子邮件地址注册或通过验证电子邮件地址的社交登录，将自动加入机构。<a>了解更多</a>',
+    email_domain_placeholder: '输入即时供应的电子邮件域',
+    invalid_domain: '无效的域',
+    domain_already_added: '域已添加',
+    sso_enabled_domain_warning:
+      '你输入了一个或多个与企业 SSO 关联的电子邮件域。使用这些电子邮件的用户将遵循标准的 SSO 流程，除非配置了企业 SSO 供应，否则不会被分配到该机构。',
+    enterprise_sso: '企业 SSO 供应',
+    no_enterprise_connector_set:
+      '你尚未设置任何企业 SSO 连接器。首先添加连接器，以启用企业 SSO 供应。<a>设置</a>',
+    add_enterprise_connector: '添加企业连接器',
+    enterprise_sso_description:
+      '通过企业 SSO 首次登录的新用户或现有用户将自动加入机构。<a>了解更多</a>',
+    organization_roles: '默认机构角色',
+    organization_roles_description: '通过即时供应加入机构时分配角色。',
+  },
+  mfa: {
+    title: '多因素认证 (MFA)',
+    tip: '当要求 MFA 时，没有配置 MFA 的用户在试图交换机构令牌时将被拒绝。此设置不影响用户身份验证。',
+    description: '要求用户配置多因素认证才能访问此机构。',
+    no_mfa_warning:
+      '你的租户没有启用多因素认证方法。用户将无法访问此机构，直到启用至少一种<a>多因素认证方法</a>。',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-template.ts
index c1746fb97107..75b861b4e4c1 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/organization-template.ts
@@ -12,8 +12,9 @@ const organization_template = {
     create_modal: {
       title: '创建组织角色',
       create: '创建角色',
-      name_field: '角色名称',
-      description_field: '描述',
+      name: '角色名称',
+      description: '描述',
+      type: '角色类型',
       created: '成功创建组织角色 {{name}}。',
     },
   },
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/organizations.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/organizations.ts
index 537deb769f39..4f1dbfa7f192 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/organizations.ts
@@ -3,15 +3,16 @@ const organizations = {
   page_title: '组织',
   title: '组织',
   subtitle:
-    '组织通常在SaaS或类似的多租户应用程序中使用，代表您的客户，这些客户可以是团队、组织或整个公司。组织作为B2B身份验证和授权的基础元素。',
+    '组织通常在 SaaS 或类似的多租户应用程序中使用，代表您的客户，这些客户可以是团队、组织或整个公司。组织作为 B2B 身份验证和授权的基础元素。',
   organization_template: '组织模板',
   organization_id: '组织 ID',
   members: '成员',
+  machine_to_machine: '机器对机器应用',
   create_organization: '创建组织',
   setup_organization: '设置您的组织',
   organization_list_placeholder_title: '组织',
   organization_list_placeholder_text:
-    '在SaaS或类似的多租户应用程序中，通常作为最佳实践使用组织。它们使您能够开发允许客户创建和管理组织、邀请成员并分配角色的应用程序。',
+    '在 SaaS 或类似的多租户应用程序中，通常作为最佳实践使用组织。它们使您能够开发允许客户创建和管理组织、邀请成员并分配角色的应用程序。',
   organization_name_placeholder: '我的组织',
   organization_description_placeholder: '组织的简要描述',
   organization_permission: '组织权限',
@@ -22,9 +23,9 @@ const organizations = {
   organization_role_description:
     '组织角色是可分配给用户的权限组。这些权限必须来自预定义的组织权限。',
   role: '角色',
-  search_placeholder: '按组织名称或ID搜索',
+  search_placeholder: '按组织名称或 ID 搜索',
   search_role_placeholder: '输入以搜索和选择角色',
-  empty_placeholder: '🤔 你还没有设置任何{{entity}}。',
+  empty_placeholder: '🤔 你还没有设置任何 {{entity}}。',
   organization_and_member: '组织和成员',
   organization_and_member_description:
     '组织是一个用户组，可以代表团队、业务客户和合作伙伴公司，每个用户都是“成员”。这些可以是处理您的多租户需求的基本实体。',
@@ -32,22 +33,22 @@ const organizations = {
     title: '从指南开始',
     subtitle: '使用我们的指南快速开始组织设置',
     introduction: {
-      title: '让我们了解Logto中的组织工作原理',
+      title: '让我们了解 Logto 中的组织工作原理',
       section_1: {
         title: '组织是一组用户（身份）',
       },
       section_2: {
         title: '组织模板专为多租户应用程序访问控制而设计',
         description:
-          '在多租户SaaS应用程序中，多个组织通常共享相同的访问控制模板，包括权限和角色。在Logto中，我们称之为“组织模板”。',
+          '在多租户 SaaS 应用程序中，多个组织通常共享相同的访问控制模板，包括权限和角色。在 Logto 中，我们称之为“组织模板”。',
         permission_description: '组织权限是指在组织上下文中访问资源的授权。',
         role_description_deprecated: '组织角色是可分配给成员的组织权限组。',
-        role_description: '组织角色是可以分配给成员的组织权限或API权限的分组。',
+        role_description: '组织角色是可以分配给成员的组织权限或 API 权限的分组。',
       },
       section_3: {
-        title: '我可以将API权限分配给组织角色吗？',
+        title: '我可以将 API 权限分配给组织角色吗？',
         description:
-          '是的，您可以将API权限分配给组织角色。Logto提供灵活性，有效管理您组织的角色，允许您在这些角色中包括组织权限和API权限。',
+          '是的，您可以将 API 权限分配给组织角色。Logto 提供灵活性，有效管理您组织的角色，允许您在这些角色中包括组织权限和 API 权限。',
       },
       section_4: {
         title: '交互插图以查看所有关系',
@@ -63,9 +64,9 @@ const organizations = {
     role_description: '角色“{{role}}”在不同组织中共享相同的组织模板。',
     john: '约翰',
     john_tip:
-      '约翰隶属于两个组织，以电子邮件“john@email.com”作为唯一标识。他是组织A的管理员，也是组织B的访客。',
+      '约翰隶属于两个组织，以电子邮件“john@email.com”作为唯一标识。他是组织 A 的管理员，也是组织 B 的访客。',
     sarah: '莎拉',
-    sarah_tip: '莎拉隶属于一个组织，以电子邮件“sarah@email.com”作为唯一标识。她是组织B的管理员。',
+    sarah_tip: '莎拉隶属于一个组织，以电子邮件“sarah@email.com”作为唯一标识。她是组织 B 的管理员。',
   },
 };
 
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/profile.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/profile.ts
index 1c7e20b1bb40..bf75724acb0f 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/profile.ts
@@ -47,6 +47,33 @@ const profile = {
     label: '删除账户',
     description: '删除账户将会删除所有个人信息、用户数据和配置。此操作无法撤销。',
     button: '删除账户',
+    p: {
+      has_issue: '很遗憾听到你想要删除账户。在删除账户之前，你需要解决以下问题。',
+      after_resolved: '解决问题后，你可以删除账户。如需任何帮助，请随时联系我们。',
+      check_information: '很遗憾听到你想要删除账户。请在继续操作前仔细检查以下信息。',
+      remove_all_data:
+        '删除账户将永久删除在 Logto Cloud 中的所有个人数据。因此，请确保在操作前备份任何重要数据。',
+      confirm_information: '请确认以上信息符合你的预期。删除账户后，我们将无法恢复它。',
+      has_admin_role: '由于你在以下租户中拥有管理员角色，该租户将与你的账户一起被删除：',
+      has_admin_role_other: '由于你在以下租户中拥有管理员角色，它们将与你的账户一起被删除：',
+      quit_tenant: '你即将退出以下租户：',
+      quit_tenant_other: '你即将退出以下租户：',
+    },
+    issues: {
+      paid_plan: '以下租户有一个付费计划，请先取消订阅：',
+      paid_plan_other: '以下租户有付费计划，请先取消订阅：',
+      subscription_status: '以下租户有订阅状态问题：',
+      subscription_status_other: '以下租户有订阅状态问题：',
+      open_invoice: '以下租户有未结发票：',
+      open_invoice_other: '以下租户有未结发票：',
+    },
+    error_occurred: '发生错误',
+    error_occurred_description: '抱歉，在删除账户时发生了问题：',
+    request_id: '请求 ID：{{requestId}}',
+    try_again_later: '请稍后再试。如果问题仍然存在，请联系 Logto 团队并提供请求 ID。',
+    final_confirmation: '最终确认',
+    about_to_start_deletion: '你即将开始删除流程，此操作不能撤销。',
+    permanently_delete: '永久删除',
   },
   set: '设置',
   change: '修改',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/roles.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/roles.ts
index 929c444e556b..ced97f0bb19a 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: '创建角色',
   role_name: '角色名称',
   role_type: '角色类型',
+  type_user: '用户',
+  type_machine_to_machine: '机器对机器',
   role_description: '描述',
   role_name_placeholder: '输入你的角色名称',
   role_description_placeholder: '输入你的角色描述',
@@ -19,13 +21,17 @@ const roles = {
   application_count: '{{count}} 应用',
   assign_permissions: '分配权限',
   create_role_title: '创建角色',
+  create_role_description: '使用角色来组织权限并将其分配给用户。',
   create_role_button: '创建角色',
   role_created: '角色 {{name}} 已成功创建。',
   search: '按角色名称、描述或 ID 搜索',
   placeholder_title: '角色',
   placeholder_description: '角色是可以分配给用户的权限分组。在创建角色之前，请确保先添加权限。',
-  management_api_access_notification: '要访问Logto管理API，请选择具有管理API权限的角色<flag/>。',
-  with_management_api_access_tip: '此机器到机器角色包括Logto管理API权限',
+  assign_roles: '分配角色',
+  management_api_access_notification:
+    '要访问 Logto 管理 API，请选择具有管理 API 权限的角色<flag/>。',
+  with_management_api_access_tip: '此机器到机器角色包括 Logto 管理 API 权限',
+  role_creation_hint: '找不到合适的角色？<a>创建角色</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/index.ts
index 581aa0a80c24..a575b3827b4e 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/index.ts
@@ -31,15 +31,56 @@ const sign_in_exp = {
   branding: {
     title: '品牌定制区',
     ui_style: '样式',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (深色)',
+    app_logo_and_favicon: '应用 logo 和 favicon',
+    company_logo_and_favicon: '公司 logo 和 favicon',
   },
-  custom_css: {
-    title: '自定义 CSS',
-    css_code_editor_title: '自定义 CSS 个性化你的用户界面',
-    css_code_editor_description1: '查看自定义 CSS 的例子。',
+  branding_uploads: {
+    app_logo: {
+      title: '应用 logo',
+      url: '应用 logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '应用 logo: {{error}}',
+    },
+    company_logo: {
+      title: '公司 logo',
+      url: '公司 logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '公司 logo: {{error}}',
+    },
+    organization_logo: {
+      title: '上传 图片',
+      url: '组织 logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '组织 logo: {{error}}',
+    },
+    connector_logo: {
+      title: '上传 图片',
+      url: '连接器 logo URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '连接器 logo: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'Favicon URL',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: '自定义 UI',
+    css_code_editor_title: '自定义 CSS',
+    css_code_editor_description1: '请查看自定义 CSS 的示例。',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: '了解更多',
     css_code_editor_content_placeholder:
-      '输入 CSS 代码，修改颜色、字体、组件样式、布局，定制你的登录、注册、忘记密码等页面。充分发挥创造力，让你的用户界面脱颖而出。',
+      '输入你自定义的 CSS 以根据你的精确要求调整任何样式。展示你的创造力，让你的 UI 脱颖而出。',
+    bring_your_ui_title: '带上你的 UI',
+    bring_your_ui_description:
+      '上传一个压缩包 (.zip) 以使用你自己的代码替换 Logto 预构建的 UI。<a>了解更多</a>',
+    preview_with_bring_your_ui_description:
+      '你自定义的 UI 资源已经成功上传，现在正在提供服务。因此，内置预览窗口已被禁用。\n要测试你个性化的登录 UI，请单击“实时预览”按钮在新的浏览器标签中打开它。',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 8a739a790810..6f7b56ab4da8 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -36,6 +36,9 @@ const sign_up_and_sign_in = {
       set_up_more: '立即设置',
       go_to: '其他社交连接器。',
     },
+    automatic_account_linking: '自动账号关联',
+    automatic_account_linking_label:
+      '开启后，如果用户使用系统中新社交身份登录，且系统中存在同一标识（如邮件地址）的唯一账号，Logto 会自动将该账号与社交身份关联，而不是提示用户进行账号关联。',
   },
   tip: {
     set_a_password: '启用户名注册，必须设置密码。',
@@ -53,7 +56,7 @@ const sign_up_and_sign_in = {
     enable_single_sign_on_description: '启用用户使用他们的企业身份进行单点登录到应用程序。',
     single_sign_on_hint: {
       prefix: '前往',
-      link: '"企业SSO"',
+      link: '"企业 SSO"',
       suffix: '部分以设置更多企业连接器。',
     },
     enable_user_registration: '启用用户注册',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-item.ts
index 6cdcde05588a..c4d754f557bf 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: '自定义 JWT',
     not_eligible: '移除你的 JWT 声明自定义器',
   },
+  impersonation_enabled: {
+    name: '冒充',
+    limited: '冒充',
+    unlimited: '冒充',
+    not_eligible: '不允许冒充',
+  },
+  bring_your_ui_enabled: {
+    name: '自定义 UI',
+    limited: '自定义 UI',
+    unlimited: '自定义 UI',
+    not_eligible: '移除你的自定义 UI 资产',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts
index 0e7364ef4bb0..8bdb065606cd 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: '界面与品牌',
     custom_domain: '自定义域名',
     custom_css: '自定义 CSS',
+    logo_and_favicon: 'Logo 和 Favicon',
+    bring_your_ui: '携带你的 UI',
     dark_mode: '深色模式',
     i18n: '国际化',
   },
@@ -35,7 +37,8 @@ const quota_table = {
     built_in_email_connector: '内置电子邮件连接器',
     mfa: '多因素认证',
     sso: '企业 SSO',
-    adaptive_mfa: '自适应MFA',
+    adaptive_mfa: '自适应 MFA',
+    impersonation: '模拟',
   },
   user_management: {
     title: '用户管理',
@@ -61,14 +64,14 @@ const quota_table = {
     customer_ticket: '客户支持票据',
     premium: '高级版',
     email_ticket_support: '邮件支持票据',
-    soc2_report: 'SOC2报告',
-    hipaa_or_baa_report: 'HIPAA/BAA报告',
+    soc2_report: 'SOC2 报告',
+    hipaa_or_baa_report: 'HIPAA/BAA 报告',
   },
   developers_and_platform: {
     title: '开发者与平台',
     hooks: 'Webhooks',
     audit_logs_retention: '审计日志保留',
-    jwt_claims: 'JWT声明',
+    jwt_claims: 'JWT 声明',
     tenant_members: '租户成员',
   },
   unlimited: '无限制',
@@ -79,16 +82,16 @@ const quota_table = {
   add_on: '附加功能',
   tier: '层级{{value, number}}：',
   paid_token_limit_tip:
-    'Logto将为超出您配额限制的功能收费。您可以在2024年第二季度左右开始收费之前免费使用它。如果您需要更多的令牌，请与我们联系。默认情况下，我们每月为每百万令牌收费80美元。',
+    'Logto 将为超出你配额限制的功能收费。你可以在 2024 年第二季度左右开始收费之前免费使用它。如果你需要更多的令牌，请与我们联系。默认情况下，我们每月为每百万令牌收费 80 美元。',
   paid_quota_limit_tip:
-    'Logto将为超出配额限制的功能添加费用。在我们从2024年第二季度开始收费之前，您可以免费使用它。',
+    'Logto 将为超出配额限制的功能添加费用。在我们从 2024 年第二季度开始收费之前，你可以免费使用它。',
   paid_add_on_feature_tip:
-    '这是一个附加功能。在我们从2024年第二季度开始收费之前，您可以免费使用它。',
+    '这是一个附加功能。在我们从 2024 年第二季度开始收费之前，你可以免费使用它。',
   million: '{{value, number}} 百万',
-  mau_tip: 'MAU（月活跃用户）是指在计费周期内与Logto交换过至少一个令牌的独立用户数量。',
+  mau_tip: 'MAU（月活跃用户）是指在计费周期内与 Logto 交换过至少一个令牌的独立用户数量。',
   tokens_tip: 'Logto 发行的所有类型令牌，包括访问令牌、刷新令牌等。',
-  mao_tip: 'MAO（月度活跃组织）是指在计费周期内至少有一个MAU（月度活跃用户）的独特组织数量。',
-  third_party_tip: '将Logto用作您的OIDC身份提供程序，用于第三方应用的登录和权限授予。',
+  mao_tip: 'MAO（月度活跃组织）是指在计费周期内至少有一个 MAU（月度活跃用户）的独特组织数量。',
+  third_party_tip: '将 Logto 用作你的 OIDC 身份提供程序，用于第三方应用的登录和权限授予。',
   included: '已包含{{value, number}}',
   included_mao: '已包含 {{value, number}} MAO',
   extra_quota_price: '然后每月 ${{value, number}} / 每个之后',
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/tenants.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/tenants.ts
index bae0d4934211..a36cb2f66db6 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/tenants.ts
@@ -14,6 +14,7 @@ const tenants = {
     tenant_id: '租户 ID',
     tenant_name: '租户名称',
     tenant_region: '数据托管地区',
+    tenant_region_description: '托管您的租户资源（用户、应用程序等）的物理位置。创建后无法更改。',
     tenant_region_tip: '您的租户资源托管在 {{region}}。 <a>了解更多</a>',
     environment_tag_development: '开发',
     environment_tag_production: '产品',
@@ -41,6 +42,7 @@ const tenants = {
   },
   create_modal: {
     title: '创建租户',
+    subtitle: '创建一个拥有独立资源和用户的新租户。',
     tenant_usage_purpose: '您想要使用此租户做什么?',
     development_description: '仅用于测试，不应在生产环境中使用。不需要订阅。',
     development_hint: '它具有所有专业功能，但有像登录横幅之类的限制。',
@@ -48,6 +50,9 @@ const tenants = {
     available_plan: '可用方案：',
     create_button: '创建租户',
     tenant_name_placeholder: '我的租户',
+    tenant_created: '租户创建成功。',
+    invitation_failed: '某些邀请未能发送。请稍后在设置 -> 成员中重试。',
+    tenant_type_description: '创建后将无法更改。',
   },
   dev_tenant_migration: {
     title: '您现在可以通过创建新的“开发租户”免费尝试我们的专业功能！',
@@ -93,6 +98,10 @@ const tenants = {
     description_2:
       '如果您需要进一步澄清、有任何疑虑或希望恢复全部功能并解锁您的租户，请立即联系我们。',
   },
+  production_tenant_notification: {
+    text: '你在一个用于免费测试的开发租户中。创建一个生产租户以投入使用。',
+    action: '创建租户',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/upsell/paywall.ts
index 061018cd3c80..8468b3563fa1 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/upsell/paywall.ts
@@ -62,6 +62,7 @@ const paywall = {
     description:
       '升级到付费计划以获取自定义 JWT 功能和高级福利。如有任何问题，请不要犹豫 <a>联系我们</a>。',
   },
+  bring_your_ui: '升级到付费计划，可带上自定义界面功能和高级福利。',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/user-details.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/user-details.ts
index d7a08caa6afc..00d207b74800 100644
--- a/packages/phrases/src/locales/zh-cn/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/user-details.ts
@@ -33,29 +33,33 @@ const user_details = {
   field_avatar_placeholder: 'https://your.cdn.domain/avatar.png',
   field_custom_data: '自定义数据',
   field_custom_data_tip: '预定义属性之外的用户信息，例如用户偏好的颜色和语言。',
+  field_profile: '个人资料',
+  field_profile_tip:
+    '其他 OpenID Connect 标准声明，这些声明不包含在用户的属性中。请注意，所有未知属性将被删除。请参考 <a>profile 属性参考</a> 以获取更多信息。',
   field_connectors: '社交帐号',
   field_sso_connectors: '企业连接',
   custom_data_invalid: '自定义数据必须是有效的 JSON 对象',
+  profile_invalid: '个人资料必须是有效的 JSON 对象',
   connectors: {
     connectors: '连接器',
-    user_id: '用户ID',
+    user_id: '用户 ID',
     remove: '删除',
     connected: '该用户已连接多个社交连接。',
     not_connected: '该用户还没有绑定社交帐号',
-    deletion_confirmation: '您正在删除现有的<name/>身份。你确定要继续吗？',
+    deletion_confirmation: '你正在删除现有的 <name/> 身份。你确定要继续吗？',
   },
   sso_connectors: {
     connectors: '连接器',
-    enterprise_id: '企业ID',
+    enterprise_id: '企业 ID',
     connected: '该用户已连接多个企业身份提供者进行单点登录。',
     not_connected: '该用户尚未与任何企业身份提供者连接进行单点登录。',
   },
   mfa: {
     field_name: '多因素认证',
-    field_description: '该用户已启用2步认证因素。',
+    field_description: '该用户已启用 2 步认证因素。',
     name_column: '多因素认证',
     field_description_empty: '此用户尚未启用两步身份验证因素。',
-    deletion_confirmation: '您正在删除现有的两步验证中的 <name/>。你确定要继续吗？',
+    deletion_confirmation: '你正在删除现有的两步验证中的 <name/>。你确定要继续吗？',
   },
   suspended: '已禁用',
   suspend_user: '禁用用户',
@@ -70,13 +74,16 @@ const user_details = {
   roles: {
     name_column: '用户角色',
     description_column: '描述',
+    assign_button: '分配角色',
     delete_description: '此操作将从此用户中删除此角色。角色本身仍将存在，但不再与此用户相关联。',
     deleted: '已成功将 {{name}} 从此用户中删除。',
-    assign_subtitle: '通过搜索名称、描述或角色ID找到合适的用户角色。',
+    assign_title: '分配角色至 {{name}}',
+    assign_subtitle: '通过搜索名称、描述或角色 ID 找到合适的用户角色。',
     assign_role_field: '分配角色',
     role_search_placeholder: '按角色名称搜索',
     added_text: '添加了 {{value, number}} 个',
     assigned_user_count: '{{value, number}} 个用户',
+    confirm_assign: '分配角色',
     role_assigned: '已成功分配角色',
     search: '按角色名称、描述或 ID 搜索',
     empty: '无可用角色',
diff --git a/packages/phrases/src/locales/zh-cn/translation/demo-app.ts b/packages/phrases/src/locales/zh-cn/translation/demo-app.ts
index d95201960f95..a128e4c790fc 100644
--- a/packages/phrases/src/locales/zh-cn/translation/demo-app.ts
+++ b/packages/phrases/src/locales/zh-cn/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: '你已成功登录实时预览！',
+  subtitle: '这里是你的用户信息：',
   username: '用户名：',
   user_id: '用户 ID：',
   sign_out: '退出实时预览',
diff --git a/packages/phrases/src/locales/zh-hk/errors/session.ts b/packages/phrases/src/locales/zh-hk/errors/session.ts
index 6429881a2d92..266d028ab1a8 100644
--- a/packages/phrases/src/locales/zh-hk/errors/session.ts
+++ b/packages/phrases/src/locales/zh-hk/errors/session.ts
@@ -14,9 +14,11 @@ const session = {
   forgot_password_not_enabled: '忘記密碼功能沒有開啟。',
   verification_failed: '驗證失敗，請重新驗證。',
   connector_validation_session_not_found: '找不到連接器用於驗證 token 的信息。',
+  csrf_token_mismatch: 'CSRF token 不匹配。',
   identifier_not_found: '找不到用戶標識符。請返回並重新登錄。',
   interaction_not_found: '找不到互動會話。請返回並重新開始會話。',
   not_supported_for_forgot_password: '此操作不支援忘記密碼。',
+  identity_conflict: '偵測到身份不匹配。請啟動一個新的會話以使用不同的身份繼續。',
   mfa: {
     require_mfa_verification: '需要 MFA 驗證才能登錄。',
     mfa_sign_in_only: 'MFA 只能用於登錄互動。',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts
index 685ce2dc9c68..befc1d63c795 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts
@@ -21,6 +21,7 @@ const application_details = {
   description: '描述',
   description_placeholder: '請輸入應用程式描述',
   config_endpoint: 'OpenID Provider 配置端點',
+  issuer_endpoint: '發行者端點',
   authorization_endpoint: '授權端點',
   authorization_endpoint_tip: '進行驗證和授權的端點。用於 OpenID Connect 中的 <a>驗證</a> 流程。',
   show_endpoint_details: '顯示端點詳情',
@@ -59,6 +60,12 @@ const application_details = {
   rotate_refresh_token: '旋轉刷新令牌',
   rotate_refresh_token_label:
     '啟用後，當原始 TTL 達到 70% 或滿足某些條件時就可以在令牌請求中為刷新令牌發行新的刷新令牌。 <a>了解更多。</a>',
+  backchannel_logout: '後台登出',
+  backchannel_logout_description: '配置 OpenID Connect 後台登出端點及是否需要會話用於此應用程式。',
+  backchannel_logout_uri: '後台登出 URI',
+  backchannel_logout_uri_session_required: '是否需要會話？',
+  backchannel_logout_uri_session_required_description:
+    '啟用後，RP 要求在登出令牌中包含 `sid`（會話 ID）聲明，以便在使用 `backchannel_logout_uri` 時識別 RP 與 OP 的會話。',
   delete_description: '本操作會永久性地刪除該應用，且不可撤銷。輸入 <span>{{name}}</span> 確認。',
   enter_your_application_name: '輸入你的應用程式名稱',
   application_deleted: '應用 {{name}} 成功刪除。',
@@ -79,14 +86,22 @@ const application_details = {
     '確保保護您的源伺服器免受直接訪問。有關更多 <a>詳細指示</a>，請參見指南。',
   session_duration: '會話持續時間（天）',
   try_it: '試試看',
+  no_organization_placeholder: '沒有找到組織。<a>前往組織</a>',
   branding: {
     name: '品牌推廣',
     description: '在同意屏幕上自訂您應用程式的顯示名稱和標誌。',
+    description_third_party: '自訂應用程式在同意屏幕上的顯示名稱和標誌。',
+    app_logo: '應用程式標誌',
+    app_level_sie: '應用程式級別的登入體驗',
+    app_level_sie_switch:
+      '啟用應用程式級別的登入體驗並設置應用程式特定的品牌推廣。禁用後，將使用全方位的登入體驗。',
     more_info: '更多資訊',
     more_info_description: '在同意屏幕上提供有關您應用程式的更多詳細資訊。',
     display_name: '顯示名稱',
-    display_logo: '顯示標誌',
-    display_logo_dark: '顯示標誌（深色）',
+    application_logo: '應用程式標誌',
+    application_logo_dark: '應用程式標誌（深色模式）',
+    brand_color: '品牌顏色',
+    brand_color_dark: '品牌顏色（深色模式）',
     terms_of_use_url: '應用程式使用條款網址',
     privacy_policy_url: '應用程式隱私政策網址',
   },
@@ -109,7 +124,7 @@ const application_details = {
     organization_permissions_assignment_form_title: '添加組織權限',
     api_resource_permissions_assignment_form_title: '添加 API 資源權限',
     user_data_permission_description_tips:
-      '您可以通過 "登入體驗 > 內容 > 管理語言" 修改個人用戶數據權限的描述',
+      '你可以通過 "登入體驗 > 內容 > 管理語言" 修改個人用戶數據權限的描述',
     permission_description_tips:
       '當 Logto 用作第三方應用程式的身份提供者（IdP）用於授權時，以及用戶被要求授權時，此描述將在同意屏幕上顯示。',
     user_title: '用戶',
@@ -120,13 +135,12 @@ const application_details = {
     grant_organization_level_permissions: '授予組織數據的權限',
   },
   roles: {
-    name_column: '機器對機器角色',
-    description_column: '描述',
     assign_button: '分配機器對機器角色',
     delete_description:
       '該操作將從此機器對機器應用程式中刪除該角色。該角色本身仍然存在，但不再與此機器對機器應用程式相關聯。',
     deleted: '{{name}} 已成功從此使用者中刪除。',
     assign_title: '將機器對機器角色分配給 {{name}}',
+    assign_subtitle: '機器對機器應用程式必須具有機器對機器類型的角色才能訪問相關的 API 資源。',
     assign_role_field: '分配機器對機器角色',
     role_search_placeholder: '按角色名稱搜索',
     added_text: '{{value, number}} 已添加',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/cloud.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/cloud.ts
index 11f9845f55d5..a5092f2ede54 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/cloud.ts
@@ -29,6 +29,12 @@ const cloud = {
       others: '以上都不是',
     },
   },
+  create_tenant: {
+    page_title: '創建租戶',
+    title: '創建你的第一個租戶',
+    description: '租戶是一個獨立的環境，在這裡你可以管理用戶身份、應用程式和所有其他 Logto 資源。',
+    invite_collaborators: '通過電子郵件邀請你的合作者',
+  },
   sie: {
     page_title: '定制登錄體驗',
     title: '讓我們輕鬆定制你的登錄體驗',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/connector-details.ts
index a24066decbcb..2ead9726a7ee 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/connector-details.ts
@@ -45,9 +45,22 @@ const connector_details = {
     company_information_field: '公司信息',
     company_information_description: '在郵件底部顯示您的公司名稱、地址或郵政編碼，以增強真實性。',
     company_information_placeholder: '您公司的基本信息',
+    email_logo_field: '郵件標誌',
+    email_logo_tip: '在電子郵件頂部顯示您的品牌標誌。使用相同的圖像適配亮模式和暗模式。',
     urls_not_allowed: '不允許使用 URL',
     test_notes: 'Logto 使用 "通用" 模板進行測試。',
   },
+  google_one_tap: {
+    title: 'Google One Tap',
+    description: 'Google One Tap 是一種安全且方便用戶登錄網站的方式。',
+    enable_google_one_tap: '啟用 Google One Tap',
+    enable_google_one_tap_description:
+      '在你的登錄體驗中啟用 Google One Tap：如果用戶的設備上已登錄谷歌帳號，讓用戶快速註冊或登錄。',
+    configure_google_one_tap: '配置 Google One Tap',
+    auto_select: '如果可能，自動選擇憑據',
+    close_on_tap_outside: '如果用戶點擊/點按外部，取消提示',
+    itp_support: '在 ITP 瀏覽器上啟用 <a>升級的 One Tap UX</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/connectors.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/connectors.ts
index 08efe6876a31..0b4e9d56c7dc 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/connectors.ts
@@ -40,6 +40,8 @@ const connectors = {
     name: '社交登錄按鈕的名稱',
     name_placeholder: '輸入社交登錄按鈕的名稱',
     name_tip: '按鈕上將展示「通過 {{name}} 繼續」。名字不宜過長而導致信息無法展示完整。',
+    connector_logo: '連接器標誌',
+    connector_logo_tip: '標誌將顯示在連接器登錄按鈕上。',
     target: '身份提供商名稱',
     target_placeholder: '輸入身份提供商的名稱',
     target_tip: '在“身份供應商名稱”字段中輸入唯一的標識符字符串，用於區分社交身份來源。',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/jwt-claims.ts
index 7cd4f1c74b0a..67bd93ec641c 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/jwt-claims.ts
@@ -1,6 +1,6 @@
 const jwt_claims = {
   title: '自訂 JWT',
-  description: '設定自訂 JWT 声明以包含在存取權杖中。這些声明可用於將額外信息傳遞給您的應用程式。',
+  description: '設定自訂 JWT 声明以包含在存取權杖中。這些声明可用於將額外信息傳遞給你的應用程式。',
   user_jwt: {
     card_title: '用於用戶',
     card_field: '用戶存取權杖',
@@ -17,7 +17,7 @@ const jwt_claims = {
   custom_jwt_create_button: '添加自訂声明',
   custom_jwt_item: '自訂声明 {{for}}',
   delete_modal_title: '刪除自訂声明',
-  delete_modal_content: '您確定要刪除自訂声明嗎？',
+  delete_modal_content: '你確定要刪除自訂声明嗎？',
   clear: '清空',
   cleared: '已清空',
   restore: '恢復預設值',
@@ -29,6 +29,10 @@ const jwt_claims = {
     title: '用戶數據',
     subtitle: '使用 `data.user` 輸入參數提供重要用戶信息。',
   },
+  grant_data: {
+    title: '授權數據',
+    subtitle: '使用 `data.grant` 輸入參數提供重要的授權信息，只適用於權杖交換。',
+  },
   token_data: {
     title: '權杖數據',
     subtitle: '使用 `token` 輸入參數查看當前存取權杖有效負載。',
@@ -36,13 +40,13 @@ const jwt_claims = {
   fetch_external_data: {
     title: '提取外部數據',
     subtitle: '將來自外部 API 的數據直接導入声明。',
-    description: '使用 `fetch` 函數調用您的外部 API 並將數據包含在自訂声明中。例如：',
+    description: '使用 `fetch` 函數調用你的外部 API 並將數據包含在自訂声明中。例如：',
   },
   environment_variables: {
     title: '設置環境變數',
     subtitle: '使用環境變數存儲敏感信息。',
     input_field_title: '添加環境變數',
-    sample_code: '在您的自訂 JWT 声明處理程序中訪問環境變數。例如：',
+    sample_code: '在你的自訂 JWT 声明處理程序中訪問環境變數。例如：',
   },
   jwt_claims_hint: '將自訂声明限制在 50KB 以下。默認 JWT 声明會自動包含在權杖中，不能被覆蓋。',
   tester: {
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-details.ts
index ea3944ff0add..0bd9ad2345e3 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-details.ts
@@ -12,17 +12,62 @@ const organization_details = {
     '通過搜索姓名、電子郵件、電話或使用者 ID 尋找合適的使用者。現有成員不會顯示在搜尋結果中。',
   add_with_organization_role: '以組織角色添加',
   user: '使用者',
+  application: '應用程式',
+  application_other: '應用程式',
+  add_applications_to_organization: '將應用程式新增至組織 {{name}}',
+  add_applications_to_organization_description:
+    '通過搜索應用程式 ID、名稱或描述尋找合適的應用程式。現有應用程式不會顯示在搜尋結果中。',
+  at_least_one_application: '至少需要一個應用程式。',
+  remove_application_from_organization: '從組織中移除應用程式',
+  remove_application_from_organization_description:
+    '移除後，應用程式將失去它在此組織中的關聯和角色。此操作無法撤銷。',
+  search_application_placeholder: '按應用程式 ID、名稱或描述搜索',
+  roles: '組織角色',
   authorize_to_roles: '授權 {{name}} 存取以下角色：',
   edit_organization_roles: '編輯組織角色',
-  edit_organization_roles_of_user: '編輯 {{name}} 的組織角色',
+  edit_organization_roles_title: '編輯 {{name}} 的組織角色',
   remove_user_from_organization: '從組織中移除使用者',
   remove_user_from_organization_description:
     '移除後，使用者將失去他們在此組織的成員資格和角色。此操作無法撤銷。',
   search_user_placeholder: '按姓名、電子郵件、電話或使用者 ID 搜尋',
   at_least_one_user: '至少需要一名使用者。',
+  organization_roles_tooltip: '{{type}} 在此組織中分配的角色。',
   custom_data: '自訂資料',
   custom_data_tip: '自訂資料是一個 JSON 物件，可用於存儲與組織相關的附加資料。',
   invalid_json_object: '無效的 JSON 物件。',
+  branding: {
+    logo: '組織標誌',
+    logo_tooltip:
+      '你可以傳遞組織 ID 以在登錄體驗中顯示此標誌；如果在 Omni 登錄體驗設置中啟用了深色模式，則需要使用深色版本的標誌。<a>了解更多</a>',
+  },
+  jit: {
+    title: '即時供應',
+    description:
+      '使用者可以通過某些身份驗證方法在首次登錄時自動加入組織並被分配角色。你可以設置即時供應的要求。',
+    email_domain: '電子郵件域名供應',
+    email_domain_description:
+      '使用已驗證電子郵件地址或通過已驗證電子郵件地址社交登錄的新使用者將自動加入組織。<a>了解更多</a>',
+    email_domain_placeholder: '輸入即時供應的電子郵件域名',
+    invalid_domain: '無效的域名',
+    domain_already_added: '域名已添加',
+    sso_enabled_domain_warning:
+      '你輸入了一個或多個與企業 SSO 聯繫的電子郵件域名。使用這些電子郵件的使用者將遵循標準 SSO 流程，除非配置了企業 SSO 供應，否則不會被供應到此組織。',
+    enterprise_sso: '企業 SSO 供應',
+    no_enterprise_connector_set:
+      '你尚未設置任何企業 SSO 連接器。首先添加連接器以啟用企業 SSO 供應。<a>設置</a>',
+    add_enterprise_connector: '添加企業連接器',
+    enterprise_sso_description:
+      '首次通過企業 SSO 登錄的新使用者或現有使用者將自動加入組織。<a>了解更多</a>',
+    organization_roles: '默認組織角色',
+    organization_roles_description: '通過即時供應加入組織時分配角色給使用者。',
+  },
+  mfa: {
+    title: '多因素身份驗證（MFA）',
+    tip: '當需要 MFA 時，未配置 MFA 的使用者在嘗試交換組織令牌時將被拒絕。此設置不影響使用者身份驗證。',
+    description: '要求使用者配置多因素身份驗證以訪問此組織。',
+    no_mfa_warning:
+      '你的租戶未啟用任何多因素身份驗證方法。使用者在啟用至少一種 <a>多因素身份驗證方法</a> 之前將無法訪問此組織。',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-template.ts
index 59a5b298b8ac..c6e09f6e6f49 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/organization-template.ts
@@ -12,8 +12,9 @@ const organization_template = {
     create_modal: {
       title: '建立組織角色',
       create: '建立角色',
-      name_field: '角色名稱',
-      description_field: '描述',
+      name: '角色名稱',
+      description: '描述',
+      type: '角色類型',
       created: '成功建立組織角色 {{name}}。',
     },
   },
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/organizations.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/organizations.ts
index c6569e4d2f27..10321fd84605 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/organizations.ts
@@ -7,6 +7,7 @@ const organizations = {
   organization_template: '組織模板',
   organization_id: '組織 ID',
   members: '成員',
+  machine_to_machine: '機器對機器應用程式',
   create_organization: '建立組織',
   setup_organization: '設定您的組織',
   organization_list_placeholder_title: '組織',
@@ -45,9 +46,9 @@ const organizations = {
         role_description: '組繇角色是可以分配給成員的組繇權限或API權限的分組。',
       },
       section_3: {
-        title: '我可以將API權限分配給組織角色嗎？',
+        title: '我可以將 API 權限分配給組織角色嗎？',
         description:
-          '是的，您可以將API權限分配給組織角色。Logto提供靈活性，有效管理您組織的角色，允許您在這些角色中包括組織權限和API權限。',
+          '是的，您可以將 API 權限分配給組織角色。Logto 提供靈活性，有效管理您組織的角色，允許您在這些角色中包括組織權限和 API 權限。',
       },
       section_4: {
         title: '交互示意圖，看看它們之間的關係',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/profile.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/profile.ts
index 764e6dac6b42..2885af2632a6 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/profile.ts
@@ -47,6 +47,33 @@ const profile = {
     label: '刪除賬戶',
     description: '刪除賬戶將會刪除所有個人信息、用戶數據和配置。此操作無法撤銷。',
     button: '刪除賬戶',
+    p: {
+      has_issue: '很抱歉聽到你想刪除你的賬戶。在刪除賬戶之前，你需要解決以下問題。',
+      after_resolved: '一旦你解決了這些問題，你就可以刪除賬戶了。如需任何幫助，請隨時聯繫我們。',
+      check_information: '很抱歉聽到你想刪除你的賬戶。請在繼續操作前仔細檢查以下信息。',
+      remove_all_data:
+        '刪除賬戶將會永久刪除你在 Logto Cloud 的所有數據。因此，請確保在繼續操作前備份所有重要數據。',
+      confirm_information: '請確認上述信息是否符合你的預期。一旦刪除賬戶，我們將無法恢復。',
+      has_admin_role: '由於你是以下租戶的管理員，這些租戶將與你的賬戶一起被刪除：',
+      has_admin_role_other: '由於你是以下租戶的管理員，這些租戶將與你的賬戶一起被刪除：',
+      quit_tenant: '你將退出以下租戶：',
+      quit_tenant_other: '你將退出以下租戶：',
+    },
+    issues: {
+      paid_plan: '以下租戶有付費計劃，請先取消訂閱：',
+      paid_plan_other: '以下租戶有付費計劃，請先取消訂閱：',
+      subscription_status: '以下租戶有訂閱狀態問題：',
+      subscription_status_other: '以下租戶有訂閱狀態問題：',
+      open_invoice: '以下租戶有未結發票：',
+      open_invoice_other: '以下租戶有未結發票：',
+    },
+    error_occurred: '發生錯誤',
+    error_occurred_description: '抱歉，刪除賬戶時出現問題：',
+    request_id: '請求 ID：{{requestId}}',
+    try_again_later: '請稍後再試。如果問題仍然存在，請聯繫 Logto 團隊並提供請求 ID。',
+    final_confirmation: '最終確認',
+    about_to_start_deletion: '你即將開始刪除過程，這一操作無法撤銷。',
+    permanently_delete: '永久刪除',
   },
   set: '設置',
   change: '修改',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/roles.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/roles.ts
index dd297c6f2de4..7a0dcced01d7 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: '創建角色',
   role_name: '角色名稱',
   role_type: '角色類型',
+  type_user: '用戶',
+  type_machine_to_machine: '機器對機器',
   role_description: '描述',
   role_name_placeholder: '輸入你的角色名稱',
   role_description_placeholder: '輸入你的角色描述',
@@ -19,13 +21,17 @@ const roles = {
   application_count: '{{count}} 個應用程式',
   assign_permissions: '分配權限',
   create_role_title: '創建角色',
+  create_role_description: '使用角色來整理權限並將其分配給用戶。',
   create_role_button: '創建角色',
   role_created: '角色 {{name}} 已成功創建。',
   search: '按角色名稱、描述或 ID 搜索',
   placeholder_title: '角色',
   placeholder_description: '角色是可以分配給用戶的權限分組。在創建角色之前，請確保先添加權限。',
-  management_api_access_notification: '要訪問Logto管理API，請選擇具有管理API權限的角色<flag/>。',
-  with_management_api_access_tip: '此機器對機器角色包含Logto管理API權限',
+  assign_roles: '分配角色',
+  management_api_access_notification:
+    '要訪問 Logto 管理 API，請選擇具有管理 API 權限的角色<flag/>。',
+  with_management_api_access_tip: '此機器對機器角色包含 Logto 管理 API 權限',
+  role_creation_hint: '找不到合適的角色？ <a>創建角色</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/index.ts
index 91e82f1c9d0a..6d04ef86f192 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/index.ts
@@ -14,7 +14,7 @@ const sign_in_exp = {
   },
   welcome: {
     title: '自定義登錄體驗',
-    description: '通過首次登錄設置快速入門。本指南將帶領您完成所有必要的設置。',
+    description: '通過首次登錄設置快速入門。本指南將帶領你完成所有必要的設置。',
     get_started: '開始',
     apply_remind: '請注意，登錄體驗將會應用到當前帳戶下的所有應用。',
   },
@@ -24,22 +24,63 @@ const sign_in_exp = {
     dark_primary_color: '品牌顏色 (深色)',
     dark_mode: '開啟深色模式',
     dark_mode_description:
-      '基於品牌顏色和 Logto 的算法，應用將會有一個自動生成的深色模式。當然，您可以自定義和修改。',
+      '基於品牌顏色和 Logto 的算法，應用將會有一個自動生成的深色模式。當然，你可以自定義和修改。',
     dark_mode_reset_tip: '基於品牌顏色，重新生成深色模式顏色。',
     reset: '重新生成',
   },
   branding: {
     title: '品牌定制區',
     ui_style: '樣式',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (深色)',
+    app_logo_and_favicon: '應用程式標誌和圖標',
+    company_logo_and_favicon: '公司標誌和圖標',
   },
-  custom_css: {
-    title: '自定義 CSS',
-    css_code_editor_title: '自定義 CSS 個性化您的用戶界面',
-    css_code_editor_description1: '查看自定義 CSS 的例子。',
+  branding_uploads: {
+    app_logo: {
+      title: '應用程式標誌',
+      url: '應用程式標誌 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '應用程式標誌：{{error}}',
+    },
+    company_logo: {
+      title: '公司標誌',
+      url: '公司標誌 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '公司標誌：{{error}}',
+    },
+    organization_logo: {
+      title: '上傳圖片',
+      url: '組織標誌 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '組織標誌：{{error}}',
+    },
+    connector_logo: {
+      title: '上傳圖片',
+      url: '連接器標誌 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '連接器標誌：{{error}}',
+    },
+    favicon: {
+      title: '圖標',
+      url: '圖標 URL',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: '圖標：{{error}}',
+    },
+  },
+  custom_ui: {
+    title: '自定義 UI',
+    css_code_editor_title: '自定義 CSS',
+    css_code_editor_description1: '查看自定義 CSS 示例。',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: '了解更多',
     css_code_editor_content_placeholder:
-      '輸入 CSS 代碼，修改顏色、字體、組件樣式、佈局，定制您的登錄、註冊、忘記密碼等頁面。充分發揮創造力，讓您的用戶界面脫穎而出。',
+      '輸入你的自定義 CSS 來精確調整任何東西的樣式。發揮你的創意，讓你的 UI 脫穎而出。',
+    bring_your_ui_title: '帶上你的 UI',
+    bring_your_ui_description:
+      '上傳壓縮包 (.zip) 以用自己的代碼替換 Logto 預建的 UI。<a>了解更多</a>',
+    preview_with_bring_your_ui_description:
+      '你的自定義 UI 資源已成功上傳，現在正在提供服務。因此，內建預覽窗口已被禁用。\n要測試你的個性化登錄 UI，請點擊“實時預覽”按鈕在新瀏覽器標籤頁中打開。',
   },
   sign_up_and_sign_in,
   content,
@@ -50,12 +91,12 @@ const sign_in_exp = {
     no_connector_email:
       '尚未設置電子郵件連接器。在完成該配置前，用戶將無法通過此登錄方式登錄。<a>{{link}}</a>連接器。',
     no_connector_social:
-      '您還沒有設置任何社交連接器。首先添加連接器以應用社交登錄方法。<a>{{link}}</a>連接器。',
+      '你還沒有設置任何社交連接器。首先添加連接器以應用社交登錄方法。<a>{{link}}</a>連接器。',
     setup_link: '立即設置',
   },
   save_alert: {
     description:
-      '您正在進行登錄註冊設置的變更。當前您的所有用戶會受到新設置的影響。確認保存該設置嗎？',
+      '你正在進行登錄註冊設置的變更。當前你的所有用戶會受到新設置的影響。確認保存該設置嗎？',
     before: '設置前',
     after: '設置後',
     sign_up: '註冊',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 7eb0346d9dac..b13f30ff07f1 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -36,6 +36,9 @@ const sign_up_and_sign_in = {
       set_up_more: '立即設置',
       go_to: '其他社交連接器。',
     },
+    automatic_account_linking: '自動帳戶連結',
+    automatic_account_linking_label:
+      '當啟用時，如果用戶以系統中新身份登錄，但存在與之相同標識（如電郵地址）的唯一帳戶，Logto 將自動連結該帳戶與社交身份，而不要求用戶進行帳戶連結。',
   },
   tip: {
     set_a_password: '啟用用戶名註冊，必須設置密碼。',
@@ -53,7 +56,7 @@ const sign_up_and_sign_in = {
     enable_single_sign_on_description: '啟用用戶使用企業身份進行應用程式的單一登錄。',
     single_sign_on_hint: {
       prefix: '前往',
-      link: '“企業SSO”',
+      link: '“企業 SSO”',
       suffix: '部分設置更多企業連接器。',
     },
     enable_user_registration: '啟用用戶註冊',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-item.ts
index 266bd3f6f962..4c763d5c9aab 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: '自定義JWT',
     not_eligible: '刪除您的JWT聲明自訂程式',
   },
+  impersonation_enabled: {
+    name: '假扮',
+    limited: '假扮',
+    unlimited: '假扮',
+    not_eligible: '不允許假扮',
+  },
+  bring_your_ui_enabled: {
+    name: '自帶介面',
+    limited: '自帶介面',
+    unlimited: '自帶介面',
+    not_eligible: '移除您的自定義介面資產',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts
index 985dfe212c82..0cc8cbac69de 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: '用戶界面與品牌',
     custom_domain: '自訂網域',
     custom_css: '自訂 CSS',
+    logo_and_favicon: 'Logo 和 favicon',
+    bring_your_ui: '帶上你的 UI',
     dark_mode: '深色模式',
     i18n: '國際化',
   },
@@ -36,6 +38,7 @@ const quota_table = {
     mfa: '多因素認證',
     sso: '企業 SSO',
     adaptive_mfa: '自適應MFA',
+    impersonation: '冒充',
   },
   user_management: {
     title: '用戶管理',
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/tenants.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/tenants.ts
index ca2dec9c4f1d..d70f1ba19516 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/tenants.ts
@@ -14,6 +14,7 @@ const tenants = {
     tenant_id: '租戶ID',
     tenant_name: '租戶名稱',
     tenant_region: '數據托管區域',
+    tenant_region_description: '您的租戶資源（用戶、應用等）所在的實際位置。這無法在創建後更改。',
     tenant_region_tip: '您的租戶資源托管在{{region}}。 <a>了解更多</a>',
     environment_tag_development: '開發',
     environment_tag_production: '生產',
@@ -36,49 +37,53 @@ const tenants = {
   leave_tenant_card: {
     title: '離開',
     leave_tenant: '離開租戶',
-    leave_tenant_description: '租戶內的任何資源將保留，但您將無法再訪問此租戶。',
+    leave_tenant_description: '租戶內的任何資源將保留，但你將無法再訪問此租戶。',
     last_admin_note: '要離開此租戶，請確保至少還有一個成員具有管理員角色。',
   },
   create_modal: {
     title: '創建租戶',
-    tenant_usage_purpose: '您希望使用此租戶做什麼？',
+    subtitle: '創建一個擁有獨立資源和用戶的新租戶。',
+    tenant_usage_purpose: '你希望使用此租戶做什麼？',
     development_description: '僅供測試使用，不應在生產中使用。無需訂閱。',
     development_hint: '它具有所有專業功能，但存在限制，例如登錄橫幅。',
     production_description: '用於最終用戶使用並可能需要付費訂閱。',
     available_plan: '可用方案：',
     create_button: '創建租戶',
     tenant_name_placeholder: '我的租戶',
+    tenant_created: '租戶創建成功。',
+    invitation_failed: '部分邀請發送失敗。請稍後在設定 -> 成員中再試。',
+    tenant_type_description: '這無法在創建後更改。',
   },
   dev_tenant_migration: {
-    title: '現在，您可以通過創建新的“開發租戶”免費試用我們的專業功能！',
-    affect_title: '這對您有什麼影響？',
+    title: '現在，你可以通過創建新的“開發租戶”免費試用我們的專業功能！',
+    affect_title: '這對你有什麼影響？',
     hint_1:
       '我們正在將舊的<strong>環境標籤</strong>替換為兩種新的租戶類型：<strong>“開發”</strong>和<strong>“生產”</strong>。',
     hint_2:
-      '為確保平滑過渡和功能不中斷，所有早期創建的租戶將晉升為<strong>生產</strong>租戶類型，您的以前的訂閱也將保留。',
-    hint_3: '別擔心，您的其他設置將保持不變。',
+      '為確保平滑過渡和功能不中斷，所有早期創建的租戶將晉升為<strong>生產</strong>租戶類型，你的以前的訂閱也將保留。',
+    hint_3: '別擔心，你的其他設置將保持不變。',
     about_tenant_type: '關於租戶類型',
   },
   delete_modal: {
     title: '刪除租戶',
     description_line1:
-      '您確定要刪除您的租戶“<span>{{name}}</span>”和環境後綴標記“<span>{{tag}}</span>” 嗎？此操作無法撤銷，將永久刪除所有您的數據和租戶信息。',
+      '你確定要刪除你的租戶“<span>{{name}}</span>”和環境後綴標記“<span>{{tag}}</span>” 嗎？此操作無法撤銷，將永久刪除所有你的數據和租戶信息。',
     description_line2:
-      '在刪除租戶之前，也許我們可以幫助您。<span><a>通過電子郵件與我們聯繫</a></span>',
-    description_line3: '如果您確定要繼續，請輸入租戶名“<span>{{name}}</span>” 以進行確認。',
+      '在刪除租戶之前，也許我們可以幫助你。<span><a>通過電子郵件與我們聯繫</a></span>',
+    description_line3: '如果你確定要繼續，請輸入租戶名“<span>{{name}}</span>” 以進行確認。',
     delete_button: '永久刪除',
     cannot_delete_title: '無法刪除此租戶',
     cannot_delete_description:
-      '抱歉，您現在無法刪除此租戶。請確保您處於免費計劃並已支付所有未結賬單。',
+      '抱歉，你現在無法刪除此租戶。請確保你處於免費計劃並已支付所有未結賬單。',
   },
   leave_tenant_modal: {
-    description: '您確定要離開此租戶？',
+    description: '你確定要離開此租戶？',
     leave_button: '離開',
   },
   tenant_landing_page: {
-    title: '您尚未建立租戶',
+    title: '你尚未建立租戶',
     description:
-      '要開始使用 Logto 配置您的項目，請創建一個新的租戶。如果您需要退出或刪除您的帳戶，只需單擊右上角的頭像按鈕。',
+      '要開始使用 Logto 配置你的項目，請創建一個新的租戶。如果你需要退出或刪除你的帳戶，只需單擊右上角的頭像按鈕。',
     create_tenant_button: '創建租戶',
   },
   status: {
@@ -89,9 +94,13 @@ const tenants = {
   tenant_suspended_page: {
     title: '租戶已暫停。請聯繫我們恢復訪問。',
     description_1:
-      '很遺憾地通知您，由於不當使用（包括超出 MAU 限制、逾期付款或其他未經授權的操作等），您的租戶帳戶已被暫時停用。',
+      '很遺憾地通知你，由於不當使用（包括超出 MAU 限制、逾期付款或其他未經授權的操作等），你的租戶帳戶已被暫時停用。',
     description_2:
-      '如果您需要進一步了解，有任何疑慮或希望恢復完整功能並解鎖您的租戶，請立即與我們聯繫。',
+      '如果你需要進一步了解，有任何疑慮或希望恢復完整功能並解鎖你的租戶，請立即與我們聯繫。',
+  },
+  production_tenant_notification: {
+    text: '你正在使用開發租戶進行免費測試。創建一個生產租戶以進行上線。',
+    action: '創建租戶',
   },
 };
 
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/upsell/paywall.ts
index 5761615e60f6..a9db233f0508 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/upsell/paywall.ts
@@ -62,6 +62,7 @@ const paywall = {
     description:
       '升級至付費計劃以獲得自訂 JWT 功能和專業服務。如有任何問題，歡迎隨時<a>聯絡我們</a>。',
   },
+  bring_your_ui: '升級至付費計劃，以使用您的自定義 UI 功能和享受高級福利。',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/user-details.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/user-details.ts
index 4986bb8a8510..8228bba81db0 100644
--- a/packages/phrases/src/locales/zh-hk/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/user-details.ts
@@ -33,16 +33,20 @@ const user_details = {
   field_avatar_placeholder: 'https://your.cdn.domain/avatar.png',
   field_custom_data: '自定義數據',
   field_custom_data_tip: '預設屬性之外的用戶信息，例如用戶偏好的顏色和語言。',
+  field_profile: '個人資料',
+  field_profile_tip:
+    '其他 OpenID Connect 標準的附加聲明，這些聲明未包含在用戶屬性中。請注意，所有未知屬性將被刪除。請參閱<a>個人資料屬性參考</a>以獲取更多信息。',
   field_connectors: '社交帳號',
   field_sso_connectors: '企業連接',
   custom_data_invalid: '自定義數據必須是有效的 JSON 對象',
+  profile_invalid: '個人資料必須是有效的 JSON 對象',
   connectors: {
     connectors: '連接器',
     user_id: '用戶 ID',
     remove: '刪除',
     connected: '此用戶已連接多個社交連接器。',
     not_connected: '該用戶還沒有綁定社交帳號',
-    deletion_confirmation: '您正在刪除現有的<name/>身份。你確定要繼續嗎？',
+    deletion_confirmation: '你正在刪除現有的<name/>身份。你確定要繼續嗎？',
   },
   sso_connectors: {
     connectors: '連接器',
@@ -55,12 +59,12 @@ const user_details = {
     field_description: '這個使用者已啟用 2 步驗證因素。',
     name_column: '多重因素驗證',
     field_description_empty: '此用戶尚未啟用兩步驟身份驗證因素。',
-    deletion_confirmation: '您正在刪除現有的雙步驗證中的 <name/>。你確定要繼續嗎？',
+    deletion_confirmation: '你正在刪除現有的雙步驗證中的 <name/>。你確定要繼續嗎？',
   },
   suspended: '已禁用',
   suspend_user: '禁用用戶',
   suspend_user_reminder:
-    '你確定要禁用該用戶？該用戶將無法登錄您的應用程序，並在當前令牌過期後將無法獲取新的訪問令牌。此外，該用戶發出的任何 API 請求都將失敗。',
+    '你確定要禁用該用戶？該用戶將無法登錄你的應用程序，並在當前令牌過期後將無法獲取新的訪問令牌。此外，該用戶發出的任何 API 請求都將失敗。',
   suspend_action: '禁用',
   user_suspended: '用戶已被臨時禁用。',
   reactivate_user: '重新啟用用戶',
@@ -70,13 +74,16 @@ const user_details = {
   roles: {
     name_column: '用戶角色',
     description_column: '描述',
+    assign_button: '分配角色',
     delete_description: '此操作將從此用戶中刪除此角色。角色本身仍將存在，但不再與此用戶相關聯。',
     deleted: '已成功從此用戶中刪除 {{name}}。',
-    assign_subtitle: '通過搜索名稱、描述或角色ID找到合適的用戶角色。',
+    assign_title: '將角色分配給 {{name}}',
+    assign_subtitle: '通過搜索名稱、描述或角色 ID 找到合適的用戶角色。',
     assign_role_field: '分配角色',
     role_search_placeholder: '按角色名稱搜索',
     added_text: '添加了 {{value, number}} 個',
     assigned_user_count: '{{value, number}} 個用戶',
+    confirm_assign: '分配角色',
     role_assigned: '已成功分配角色',
     search: '按角色名稱、描述或 ID 搜索',
     empty: '無可用角色',
diff --git a/packages/phrases/src/locales/zh-hk/translation/demo-app.ts b/packages/phrases/src/locales/zh-hk/translation/demo-app.ts
index 23c5e617e7e2..b8028dbb6960 100644
--- a/packages/phrases/src/locales/zh-hk/translation/demo-app.ts
+++ b/packages/phrases/src/locales/zh-hk/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: '你已成功登錄實時預覽！',
+  subtitle: '這是你的用戶信息：',
   username: '用戶名：',
   user_id: '用戶 ID：',
   sign_out: '退出實時預覽',
diff --git a/packages/phrases/src/locales/zh-tw/errors/session.ts b/packages/phrases/src/locales/zh-tw/errors/session.ts
index c4389118b2ee..ecb1f24249ad 100644
--- a/packages/phrases/src/locales/zh-tw/errors/session.ts
+++ b/packages/phrases/src/locales/zh-tw/errors/session.ts
@@ -14,9 +14,11 @@ const session = {
   forgot_password_not_enabled: '忘記密碼功能沒有開啟。',
   verification_failed: '驗證失敗，請重新驗證。',
   connector_validation_session_not_found: '找不到用於驗證 token 的連接器資訊。',
+  csrf_token_mismatch: 'CSRF token 不匹配。',
   identifier_not_found: '找不到使用者識別碼。請返回並重新登錄。',
   interaction_not_found: '找不到交互會話。請返回並重新開始會話。',
   not_supported_for_forgot_password: '該操作不支援忘記密碼。',
+  identity_conflict: '檢測到身分不匹配。請啟動一個新的會話以進行不同的身分驗證。',
   mfa: {
     require_mfa_verification: '需要 MFA 驗證才能登錄。',
     mfa_sign_in_only: 'MFA 只能用於登錄交互。',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts
index b95cad483291..5f7d488b6a3e 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts
@@ -21,6 +21,7 @@ const application_details = {
   description: '說明',
   description_placeholder: '請輸入應用程式說明',
   config_endpoint: 'OpenID Provider 配置端點',
+  issuer_endpoint: '發行者端點',
   authorization_endpoint: '授權端點',
   authorization_endpoint_tip: '進行驗證與授權的端點。用於 OpenID Connect 中的 <a>驗證</a> 流程。',
   show_endpoint_details: '顯示端點詳情',
@@ -58,7 +59,13 @@ const application_details = {
     'Refresh Token 可用來獲取新的訪問令牌，失效日期之前可用。獲取訪問令牌時，該令牌的期限將被延長至此值。',
   rotate_refresh_token: '旋轉 Refresh Token',
   rotate_refresh_token_label:
-    '啟用此配置將使 Logto 当 Refresh Token 的原始有效期剩下 70% 时或当满足某些条件时，授予新的 Refresh Token 以獲取新的 Access Token。<a>了解更多</a>',
+    '啟用此配置將使 Logto 當 Refresh Token 的原始有效期剩下 70% 時或當滿足某些條件時，授予新的 Refresh Token 以獲取新的 Access Token。<a>了解更多</a>',
+  backchannel_logout: '後台登出',
+  backchannel_logout_description: '配置 OpenID Connect 後台登出端點以及此應用程式是否需要會話。',
+  backchannel_logout_uri: '後台登出 URI',
+  backchannel_logout_uri_session_required: '需要會話嗎？',
+  backchannel_logout_uri_session_required_description:
+    '啟用後，RP 要求 logout token 中包含 `sid`（會話 ID）聲明，以便當使用 `backchannel_logout_uri` 時識別 RP 與 OP 的會話。',
   delete_description:
     '本操作會永久性地刪除該應用程式，且不可撤銷。輸入 <span>{{name}}</span> 確認。',
   enter_your_application_name: '輸入你的應用程式姓名',
@@ -79,14 +86,22 @@ const application_details = {
     '確保保護您的源伺服器免受直接訪問。請參閱指南以獲取更多 <a>詳細說明</a>。',
   session_duration: '會話持續時間（天數）',
   try_it: '試試看',
+  no_organization_placeholder: '未找到組織。<a>前往組織</a>',
   branding: {
     name: '品牌',
     description: '在同意畫面上自訂應用程式的顯示名稱和標誌。',
+    description_third_party: '自訂應用程式的顯示名稱和標誌在同意畫面上。',
+    app_logo: '應用圖標',
+    app_level_sie: '應用層級登入體驗',
+    app_level_sie_switch:
+      '啟用應用層級登入體驗，並設置應用特定的品牌。如果禁用，將使用全局登入體驗。',
     more_info: '更多資訊',
     more_info_description: '在同意畫面上提供有關您的應用程式的更多詳細資訊。',
     display_name: '顯示名稱',
-    display_logo: '顯示標誌',
-    display_logo_dark: '顯示標誌（深色）',
+    application_logo: '應用程式標誌',
+    application_logo_dark: '應用程式標誌（深色）',
+    brand_color: '品牌顏色',
+    brand_color_dark: '品牌顏色（深色）',
     terms_of_use_url: '應用程式使用條款網址',
     privacy_policy_url: '應用程式隱私政策網址',
   },
@@ -107,7 +122,7 @@ const application_details = {
     organization: '組織權限',
     user_permissions_assignment_form_title: '添加用戶資料權限',
     organization_permissions_assignment_form_title: '添加組織權限',
-    api_resource_permissions_assignment_form_title: '添加 API 资源權限',
+    api_resource_permissions_assignment_form_title: '添加 API 資源權限',
     user_data_permission_description_tips:
       '您可以通過「登入體驗 > 內容 > 管理語言」修改個人用戶資料權限的描述。',
     permission_description_tips:
@@ -120,13 +135,12 @@ const application_details = {
     grant_organization_level_permissions: '授予組織資料權限',
   },
   roles: {
-    name_column: '機器對機器角色',
-    description_column: '描述',
     assign_button: '分配機器對機器角色',
     delete_description:
       '此操作將從此機器到機器應用程式中刪除該角色。該角色本身仍然存在，但不再與此機器到機器應用程式關聯。',
     deleted: '已成功從此用戶中刪除 {{name}}。',
     assign_title: '將機器對機器角色分配給 {{name}}',
+    assign_subtitle: '機器對機器應用程式必須具有機器對機器類型的角色才能訪問相關的 API 資源。',
     assign_role_field: '分配機器對機器角色',
     role_search_placeholder: '按角色名稱搜索',
     added_text: '{{value, number}} 已添加',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/cloud.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/cloud.ts
index 0e2aa8351a2b..a9618bc6cd49 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/cloud.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/cloud.ts
@@ -29,6 +29,12 @@ const cloud = {
       others: '以上都不是',
     },
   },
+  create_tenant: {
+    page_title: '新增租戶',
+    title: '創建你的第一個租戶',
+    description: '租戶是一個隔離的環境，你可以在其中管理用戶身份、應用程式和所有其他 Logto 資源。',
+    invite_collaborators: '通過電子郵件邀請你的合作者',
+  },
   sie: {
     page_title: '定制登錄體驗',
     title: '讓我們輕鬆定制你的登錄體驗',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/connector-details.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/connector-details.ts
index 3946e68ed68b..57923eadadbe 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/connector-details.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/connector-details.ts
@@ -45,9 +45,22 @@ const connector_details = {
     company_information_field: '公司信息',
     company_information_description: '在郵件底部顯示您的公司名稱、地址或郵編，以提高真實性。',
     company_information_placeholder: '您的公司基本信息',
+    email_logo_field: '郵件標誌',
+    email_logo_tip: '在郵件頂部顯示您的品牌標誌。請在淺色模式和深色模式下使用相同的圖片。',
     urls_not_allowed: '不允許使用 URL',
     test_notes: 'Logto 使用「通用」模板進行測試。',
   },
+  google_one_tap: {
+    title: 'Google 一鍵登入',
+    description: 'Google 一鍵登入 是用戶登錄您網站的一種安全且簡單的方式。',
+    enable_google_one_tap: '啟用 Google 一鍵登入',
+    enable_google_one_tap_description:
+      '在您的登入體驗中啟用 Google 一鍵登入：讓用戶在他們的設備上已經登入 Google 帳戶時快速註冊或登入。',
+    configure_google_one_tap: '配置 Google 一鍵登入',
+    auto_select: '自動選擇憑證（如果可能）',
+    close_on_tap_outside: '在用戶點擊/點擊外面時取消提示',
+    itp_support: '啟用 <a>ITP 瀏覽器上的升級一鍵登入用戶體驗</a>',
+  },
 };
 
 export default Object.freeze(connector_details);
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/connectors.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/connectors.ts
index 36a40495627c..c110dc038b43 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/connectors.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/connectors.ts
@@ -40,6 +40,8 @@ const connectors = {
     name: '社交登錄按鈕的名稱',
     name_placeholder: '輸入社交登錄按鈕的名稱',
     name_tip: '按鈕上將展示「通過 {{name}} 繼續」。名字不宜過長而導致信息無法展示完整。',
+    connector_logo: '連接器標誌',
+    connector_logo_tip: '標誌將顯示在連接器登錄按鈕上。',
     target: '身份提供商名稱',
     target_placeholder: '輸入身份提供商的名稱',
     target_tip: '在“身份供應商名稱”字段中輸入唯一的標識符字符串，用於區分社交身份來源。',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/jwt-claims.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/jwt-claims.ts
index 656757247e62..85a3aae65a8c 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/jwt-claims.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/jwt-claims.ts
@@ -17,7 +17,7 @@ const jwt_claims = {
   custom_jwt_create_button: '添加自定義声明',
   custom_jwt_item: '自定義声明 {{for}}',
   delete_modal_title: '刪除自定義声明',
-  delete_modal_content: '您確定要刪除自定義声明嗎？',
+  delete_modal_content: '你確定要刪除自定義声明嗎？',
   clear: '清除',
   cleared: '已清除',
   restore: '恢復默認值',
@@ -29,6 +29,10 @@ const jwt_claims = {
     title: '用戶數據',
     subtitle: '使用 `data.user` 輸入參數提供重要用戶信息。',
   },
+  grant_data: {
+    title: '授權資料',
+    subtitle: '使用 `data.grant` 輸入參數提供重要授權信息，僅適用於令牌交換。',
+  },
   token_data: {
     title: '令牌數據',
     subtitle: '使用 `token` 輸入參數獲取當前訪問令牌有效載荷。',
@@ -36,7 +40,7 @@ const jwt_claims = {
   fetch_external_data: {
     title: '提取外部數據',
     subtitle: '直接將來自外部 APIs 的數據合併到声明中。',
-    description: '使用 `fetch` 函數調用外部 APIs 並將數據包含在您的自定義声明中。示例：',
+    description: '使用 `fetch` 函數調用外部 APIs 並將數據包含在你的自定義声明中。示例：',
   },
   environment_variables: {
     title: '設置環境變量',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-details.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-details.ts
index 23c58fb426a3..e73e0cbca6df 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-details.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-details.ts
@@ -9,20 +9,65 @@ const organization_details = {
   member_other: '成員',
   add_members_to_organization: '將成員添加到 {{name}} 組織',
   add_members_to_organization_description:
-    '通過搜索名稱、電子郵件、電話或用戶ID來查找適合的用戶。現有成員不會顯示在搜索結果中。',
+    '通過搜索名稱、電子郵件、電話或用戶 ID 來查找適合的用戶。現有成員不會顯示在搜索結果中。',
   add_with_organization_role: '添加組織角色',
   user: '用戶',
+  application: '應用程式',
+  application_other: '應用程式',
+  add_applications_to_organization: '將應用程式添加到組織 {{name}}',
+  add_applications_to_organization_description:
+    '通過搜索應用程式 ID、名稱或描述來查找適合的應用程式。現有的應用程式不會顯示在搜索結果中。',
+  at_least_one_application: '至少需要一個應用程式。',
+  remove_application_from_organization: '從組織中移除應用程式',
+  remove_application_from_organization_description:
+    '移除後，應用程式將失去在此組織中的關聯和角色。此操作無法撤銷。',
+  search_application_placeholder: '按應用程式 ID、名稱或描述搜尋',
+  roles: '組織角色',
   authorize_to_roles: '授權 {{name}} 訪問以下角色：',
   edit_organization_roles: '編輯組織角色',
-  edit_organization_roles_of_user: '編輯 {{name}} 的組織角色',
+  edit_organization_roles_title: '編輯 {{name}} 的組織角色',
   remove_user_from_organization: '從組織中刪除用戶',
   remove_user_from_organization_description:
     '刪除後，用戶將失去在這個組織中的成員資格和角色。此操作無法撤銷。',
-  search_user_placeholder: '按名稱、電子郵件、電話或用戶ID搜尋',
+  search_user_placeholder: '按名稱、電子郵件、電話或用戶 ID 搜尋',
   at_least_one_user: '至少需要一個用戶。',
+  organization_roles_tooltip: '分配給此組織中的 {{type}} 的角色。',
   custom_data: '自訂數據',
   custom_data_tip: '自訂數據是一個可用於存儲與組織相關的附加數據的 JSON 對象。',
   invalid_json_object: '無效的 JSON 對象。',
+  branding: {
+    logo: '組織標誌',
+    logo_tooltip:
+      '你可以通過組織 ID 顯示此標誌在登錄體驗中；如果啟用了暗黑模式，則需要使用標誌的暗色版本。<a>了解更多</a>',
+  },
+  jit: {
+    title: '即時配置',
+    description:
+      '通過某些身份驗證方法，用户首次登錄時將自動加入組織並分配角色。你可以設定即時配置的要求。',
+    email_domain: '電子郵件域配置',
+    email_domain_description:
+      '新用户使用驗證的電子郵件地址註冊或通過社交登錄時，將自動加入組織。<a>了解更多</a>',
+    email_domain_placeholder: '輸入電子郵件域以進行即時配置',
+    invalid_domain: '無效的域名',
+    domain_already_added: '域名已添加',
+    sso_enabled_domain_warning:
+      '你已輸入一個或多個與企業 SSO 相關的電子郵件域。擁有這些電子郵件的用戶將遵循標準 SSO 流程，除非配置了企業 SSO 配置，否則不會配置到此組織。',
+    enterprise_sso: '企業 SSO 配置',
+    no_enterprise_connector_set:
+      '您尚未設置任何企業 SSO 連接器。請先添加連接器以啟用企業 SSO 配置。<a>設置</a>',
+    add_enterprise_connector: '添加企業連接器',
+    enterprise_sso_description:
+      '首次通過企業 SSO 登錄的新用户或現有用户將自動加入組織。<a>了解更多</a>',
+    organization_roles: '默認組織角色',
+    organization_roles_description: '通過即時配置加入組織的用戶分配角色。',
+  },
+  mfa: {
+    title: '多因素身份驗證 (MFA)',
+    tip: '當需要 MFA 時，未設置 MFA 的用戶在嘗試交換組織令牌時將會被拒絕。此設置不影響用戶身份驗證。',
+    description: '要求用戶設置多因素身份驗證才能訪問此組織。',
+    no_mfa_warning:
+      '你的租戶未啟用任何多因素身份驗證方法。除非啟用了至少一種<a>多因素身份驗證方法</a>，否則用戶將無法訪問此組織。',
+  },
 };
 
 export default Object.freeze(organization_details);
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-template.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-template.ts
index e2573c05e8bf..cb36611eb667 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-template.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/organization-template.ts
@@ -12,8 +12,9 @@ const organization_template = {
     create_modal: {
       title: '建立組織角色',
       create: '建立角色',
-      name_field: '角色名稱',
-      description_field: '描述',
+      name: '角色名稱',
+      description: '描述',
+      type: '角色類型',
       created: '成功建立組織角色 {{name}}。',
     },
   },
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/organizations.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/organizations.ts
index f4ec31368696..d3e3ec035f72 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/organizations.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/organizations.ts
@@ -5,67 +5,68 @@ const organizations = {
   subtitle:
     '組織通常在SaaS或類似的多租戶應用程式中使用，代表您的客戶，這些客戶可以是團隊、組織或整個公司。 組織作為B2B身份驗證和授權的基本元素。',
   organization_template: '組織模板',
-  organization_id: '組繹 ID',
+  organization_id: '組織 ID',
   members: '成員',
-  create_organization: '建立組繹',
-  setup_organization: '設立您的組繹',
-  organization_list_placeholder_title: '組繹',
+  machine_to_machine: '機器對機器應用程式',
+  create_organization: '建立組織',
+  setup_organization: '設立您的組織',
+  organization_list_placeholder_title: '組織',
   organization_list_placeholder_text:
-    '組繹通常在SaaS或類似的多租戶應用程式中作為最佳做法使用。 它們使您能夠開發應用程式，讓客戶可以創建和管理組繹、邀請成員並分配角色。',
-  organization_name_placeholder: '我的組繹',
-  organization_description_placeholder: '組繹的簡要描述',
-  organization_permission: '組繹權限',
-  organization_permission_other: '組繹權限',
+    '組織通常在SaaS或類似的多租戶應用程式中作為最佳做法使用。 它們使您能夠開發應用程式，讓客戶可以創建和管理組織、邀請成員並分配角色。',
+  organization_name_placeholder: '我的組織',
+  organization_description_placeholder: '組織的簡要描述',
+  organization_permission: '組織權限',
+  organization_permission_other: '組織權限',
   create_permission_placeholder: '瀏覽預約歷史',
-  organization_role: '組繹角色',
-  organization_role_other: '組繹角色',
+  organization_role: '組織角色',
+  organization_role_other: '組織角色',
   organization_role_description:
-    '組繹角色是一組可以分配給用戶的權限。 這些權限必須來自預定義的組繹權限。',
+    '組織角色是一組可以分配給用戶的權限。 這些權限必須來自預定義的組織權限。',
   role: '角色',
-  search_placeholder: '按組繹名稱或 ID 搜索',
+  search_placeholder: '按組織名稱或 ID 搜索',
   search_role_placeholder: '輸入搜索並選擇角色',
   empty_placeholder: '🤔 你目前尚未設置任何 {{entity}}。',
-  organization_and_member: '組繹和成員',
+  organization_and_member: '組織和成員',
   organization_and_member_description:
-    '組繹是一個用戶組的群組，可以代表團隊、商業客戶和合作夥伴公司，每個用戶都是一個「成員」。 這些可以是處理多租戶需求的基本實體。',
+    '組織是一個用戶組的群組，可以代表團隊、商業客戶和合作夥伴公司，每個用戶都是一個「成員」。 這些可以是處理多租戶需求的基本實體。',
   guide: {
     title: '從指南開始',
-    subtitle: '使用我們的指南快速開始組繹設定',
+    subtitle: '使用我們的指南快速開始組織設定',
     introduction: {
-      title: '讓我們了解組繹在 Logto 中的運作方式',
+      title: '讓我們了解組織在 Logto 中的運作方式',
       section_1: {
-        title: '組繹是一組用戶(身分)組成的集團',
+        title: '組織是一組用戶(身分)組成的集團',
       },
       section_2: {
-        title: '組繹模板旨在用於多租戶應用程式存取控制',
+        title: '組織模板旨在用於多租戶應用程式存取控制',
         description:
-          '在多租戶SaaS應用程式中，多個組繹通常共用相同的存取控制模板，其中包括權限和角色。 在Logto中，我們稱之為「組繹模板」。',
-        permission_description: '組繹權限是指在組繹上下文中訪問資源的授權。',
-        role_description_deprecated: '組繭角色是一組組繹權限，可以分配給成員。',
-        role_description: '組繹角色是可以分配給成員的組繹權限或API權限的分組。',
+          '在多租戶SaaS應用程式中，多個組織通常共用相同的存取控制模板，其中包括權限和角色。 在Logto中，我們稱之為「組織模板」。',
+        permission_description: '組織權限是指在組織上下文中訪問資源的授權。',
+        role_description_deprecated: '組織角色是一組組織權限，可以分配給成員。',
+        role_description: '組織角色是可以分配給成員的組織權限或 API 權限的分組。',
       },
       section_3: {
-        title: '我可以將API權限指派給組繹角色嗎？',
+        title: '我可以將 API 權限指派給組織角色嗎？',
         description:
-          '是的，您可以將API權限指派給組繭角色。 Logto提供彈性，有效管理您組繹的角色，允許您在這些角色中包含組繭權限和API權限。',
+          '是的，你可以將 API 權限指派給組織角色。 Logto 提供彈性，有效管理你組織的角色，允許你在這些角色中包含組織權限和 API 權限。',
       },
       section_4: {
         title: '與插圖互動，查看所有連結如何互相連接',
         description:
-          '讓我們舉個例子。約翰、莎拉屬於不同的組繫，並在不同組繫的上下文中擔任不同角色。 將滑鼠指針懸停在不同的模塊上並觀察會發生什麼。',
+          '讓我們舉個例子。約翰、莎拉屬於不同的組織，並在不同組織的上下文中擔任不同角色。 將滑鼠指針懸停在不同的模塊上並觀察會發生什麼。',
       },
     },
-    organization_permissions: '組繹權限',
-    organization_roles: '組繹角色',
+    organization_permissions: '組織權限',
+    organization_roles: '組織角色',
     admin: '管理員',
     member: '成員',
     guest: '訪客',
-    role_description: '角色 "{{role}}" 在不同的組繭中共用相同的組繹模板。',
+    role_description: '角色 "{{role}}" 在不同的組織中共用相同的組織模板。',
     john: '約翰',
     john_tip:
-      '約翰的電子郵件地址為 "john@email.com"，他屬於兩個組繹，分別作為組繹 A 的管理員和組繹 B 的訪客。',
+      '約翰的電子郵件地址為 "john@email.com"，他屬於兩個組織，分別作為組織 A 的管理員和組織 B 的訪客。',
     sarah: '莎拉',
-    sarah_tip: '莎拉的電子郵件地址為 "sarah@email.com"，她屬於一個組繹，並擔任組繹 B 的管理員。',
+    sarah_tip: '莎拉的電子郵件地址為 "sarah@email.com"，她屬於一個組織，並擔任組織 B 的管理員。',
   },
 };
 
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/profile.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/profile.ts
index a2f99b4820fa..7377f19ac790 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/profile.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/profile.ts
@@ -47,6 +47,33 @@ const profile = {
     label: '刪除賬戶',
     description: '刪除賬戶將會刪除所有個人信息、用戶數據和配置。此操作無法撤銷。',
     button: '刪除賬戶',
+    p: {
+      has_issue: '很遺憾聽到你想要刪除賬戶。在你刪除賬戶之前，你需要解決以下問題。',
+      after_resolved: '一旦你解決了這些問題，你就可以刪除賬戶。如需幫助，請不要猶豫聯繫我們。',
+      check_information: '很遺憾聽到你想要刪除賬戶。在繼續之前，請仔細檢查以下信息。',
+      remove_all_data:
+        '刪除賬戶會永久刪除 Logto Cloud 中的所有個人數據。因此，請在繼續之前備份任何重要數據。',
+      confirm_information: '請確認上述信息是否正確。一旦刪除賬戶，我們將無法恢復。',
+      has_admin_role: '由於你在以下租戶中擁有管理員角色，它將與你的賬戶一起被刪除：',
+      has_admin_role_other: '由於你在以下租戶中擁有管理員角色，它們將與你的賬戶一起被刪除：',
+      quit_tenant: '你將退出以下租戶：',
+      quit_tenant_other: '你將退出以下租戶：',
+    },
+    issues: {
+      paid_plan: '以下租戶有付費方案，請先取消訂閱：',
+      paid_plan_other: '以下租戶有付費方案，請先取消訂閱：',
+      subscription_status: '以下租戶有訂閱狀態問題：',
+      subscription_status_other: '以下租戶有訂閱狀態問題：',
+      open_invoice: '以下租戶有未付賬單：',
+      open_invoice_other: '以下租戶有未付賬單：',
+    },
+    error_occurred: '發生錯誤',
+    error_occurred_description: '抱歉，刪除賬戶時出錯：',
+    request_id: '請求 ID：{{requestId}}',
+    try_again_later: '請稍後再試。如果問題仍然存在，請聯繫 Logto 團隊並提供請求 ID。',
+    final_confirmation: '最終確認',
+    about_to_start_deletion: '你即將開始刪除過程，該操作無法撤銷。',
+    permanently_delete: '永久刪除',
   },
   set: '設置',
   change: '修改',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/roles.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/roles.ts
index 9617f0961703..3c97e3c1ebbc 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/roles.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/roles.ts
@@ -6,6 +6,8 @@ const roles = {
   create: '建立角色',
   role_name: '角色名稱',
   role_type: '角色類型',
+  type_user: '使用者',
+  type_machine_to_machine: '機器對機器',
   role_description: '描述',
   role_name_placeholder: '輸入你的角色名稱',
   role_description_placeholder: '輸入你的角色描述',
@@ -19,13 +21,17 @@ const roles = {
   application_count: '{{count}} 個應用程式',
   assign_permissions: '分配權限',
   create_role_title: '建立角色',
+  create_role_description: '使用角色來組織權限並分配給使用者。',
   create_role_button: '建立角色',
   role_created: '角色 {{name}} 已成功建立。',
   search: '按角色名稱、描述或 ID 搜尋',
   placeholder_title: '角色',
   placeholder_description: '角色是可以分配給使用者的權限分組。在建立角色之前，請確保先新增權限。',
-  management_api_access_notification: '要訪問Logto管理API，請選擇具有管理API權限的角色<flag/>。',
-  with_management_api_access_tip: '此機器對機器角色包含Logto管理API權限',
+  assign_roles: '分配角色',
+  management_api_access_notification:
+    '要訪問 Logto 管理 API，請選擇具有管理 API 權限的角色 <flag/>。',
+  with_management_api_access_tip: '此機器對機器角色包含 Logto 管理 API 權限',
+  role_creation_hint: '找不到合適的角色？<a>建立角色</a>',
 };
 
 export default Object.freeze(roles);
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/index.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/index.ts
index f1bf4018fc5c..321c110433a2 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/index.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/index.ts
@@ -31,15 +31,56 @@ const sign_in_exp = {
   branding: {
     title: '品牌定制區',
     ui_style: '樣式',
+    with_light: '{{value}}',
+    with_dark: '{{value}} (dark)',
+    app_logo_and_favicon: '應用圖標和 Favicon',
+    company_logo_and_favicon: '公司圖標和 Favicon',
   },
-  custom_css: {
-    title: '自定義 CSS',
-    css_code_editor_title: '自定義 CSS 個性化你的用戶界面',
-    css_code_editor_description1: '查看自定義 CSS 的例子。',
+  branding_uploads: {
+    app_logo: {
+      title: '應用圖標',
+      url: '應用圖標 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '應用圖標: {{error}}',
+    },
+    company_logo: {
+      title: '公司圖標',
+      url: '公司圖標 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '公司圖標: {{error}}',
+    },
+    organization_logo: {
+      title: '上傳圖片',
+      url: '組織圖標 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '組織圖標: {{error}}',
+    },
+    connector_logo: {
+      title: '上傳圖片',
+      url: '連接器圖標 URL',
+      url_placeholder: 'https://your.cdn.domain/logo.png',
+      error: '連接器圖標: {{error}}',
+    },
+    favicon: {
+      title: 'Favicon',
+      url: 'Favicon URL',
+      url_placeholder: 'https://your.cdn.domain/favicon.ico',
+      error: 'Favicon: {{error}}',
+    },
+  },
+  custom_ui: {
+    title: '自定義界面',
+    css_code_editor_title: '自定義 CSS',
+    css_code_editor_description1: '查看自定義 CSS 範例。',
     css_code_editor_description2: '<a>{{link}}</a>',
     css_code_editor_description_link_content: '了解更多',
     css_code_editor_content_placeholder:
-      '輸入 CSS 代碼，修改顏色、字體、組件樣式、布局，定制你的登錄、註冊、忘記密碼等頁面。充分發揮創造力，讓你的用戶界面脫穎而出。',
+      '輸入你的自定義 CSS，以完全符合你的規格定制樣式。展現你的創意，讓你的界面脫穎而出。',
+    bring_your_ui_title: '帶上你的界面',
+    bring_your_ui_description:
+      '上傳壓縮包 (.zip) 來用你的代碼替換 Logto 的預構建界面。<a>了解更多</a>',
+    preview_with_bring_your_ui_description:
+      '你的自定義界面資源已成功上傳並正在服務。因此，內置預覽窗口已被禁用。\n若要測試你的個性化登錄界面，請點擊「實時預覽」按鈕在新瀏覽器標籤頁中打開。',
   },
   sign_up_and_sign_in,
   content,
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
index 85c1a5f96ef8..b03ea41b0535 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/sign-in-exp/sign-up-and-sign-in.ts
@@ -36,6 +36,9 @@ const sign_up_and_sign_in = {
       set_up_more: '立即設定',
       go_to: '參考其他的社交連結器。',
     },
+    automatic_account_linking: '自動帳號連結',
+    automatic_account_linking_label:
+      '當啟用時，如果使用者以新社交身份登入系統，且系統中有且僅有一個現有帳戶具有相同的標識符（如電子郵件），Logto 將自動連結該帳戶與社交身份，而不是提示使用者進行帳戶連結。',
   },
   tip: {
     set_a_password: '啟用使用者名稱註冊，必須設定密碼。',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-item.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-item.ts
index 70232ea0b942..431772254ff6 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-item.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-item.ts
@@ -159,6 +159,18 @@ const quota_item = {
     unlimited: '自訂 JWT',
     not_eligible: '移除你的 JWT 声明自訂器',
   },
+  impersonation_enabled: {
+    name: '模擬',
+    limited: '模擬',
+    unlimited: '模擬',
+    not_eligible: '不允許模擬',
+  },
+  bring_your_ui_enabled: {
+    name: '自帶 UI',
+    limited: '自帶 UI',
+    unlimited: '自帶 UI',
+    not_eligible: '移除你的自訂 UI 資產',
+  },
 };
 
 export default Object.freeze(quota_item);
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts
index 73dadd7b2181..56301ef464a4 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/subscription/quota-table.ts
@@ -20,6 +20,8 @@ const quota_table = {
     title: '使用者介面和品牌塑造',
     custom_domain: '自訂網域',
     custom_css: '自訂 CSS',
+    logo_and_favicon: 'Logo 和 Favicon',
+    bring_your_ui: '帶上你的 UI',
     dark_mode: '深色模式',
     i18n: '國際化',
   },
@@ -35,7 +37,8 @@ const quota_table = {
     built_in_email_connector: '內建電子郵件連接器',
     mfa: '多因素認證',
     sso: '企業 SSO',
-    adaptive_mfa: '自適應MFA',
+    adaptive_mfa: '自適應 MFA',
+    impersonation: '冒充',
   },
   user_management: {
     title: '使用者管理',
@@ -68,7 +71,7 @@ const quota_table = {
     title: '開發人員與平台',
     hooks: 'Webhooks',
     audit_logs_retention: '審計日誌保留',
-    jwt_claims: 'JWT 声明',
+    jwt_claims: 'JWT 聲明',
     tenant_members: '租戶成員',
   },
   unlimited: '無限制',
@@ -79,16 +82,16 @@ const quota_table = {
   add_on: '附加功能',
   tier: '層級{{value, number}}：',
   paid_token_limit_tip:
-    'Logto將為超出您額度限制的功能收費。您可以在2024年第二季度左右開始收費之前免費使用它。如果您需要更多的令牌，請與我們聯繫。默認情況下，我們每月為每百萬令牌收費80美元。',
+    'Logto 將為超出你額度限制的功能收費。你可以在 2024 年第二季度左右開始收費之前免費使用它。如果你需要更多的令牌，請與我們聯繫。默認情況下，我們每月為每百萬令牌收費 80 美元。',
   paid_quota_limit_tip:
-    'Logto將為超出配額限制的功能添加費用。在我們從2024年第二季度開始收費之前，您可以免費使用它。',
+    'Logto 將為超出配額限制的功能添加費用。在我們從 2024 年第二季度開始收費之前，你可以免費使用它。',
   paid_add_on_feature_tip:
-    '這是一個附加功能。在我們從2024年第二季度開始收費之前，您可以免費使用它。',
+    '這是一個附加功能。在我們從 2024 年第二季度開始收費之前，你可以免費使用它。',
   million: '{{value, number}} 百萬',
-  mau_tip: 'MAU（每月活躍用戶）是指在計費週期內與Logto交換過至少一個令牌的獨立用戶數量。',
+  mau_tip: 'MAU（每月活躍用戶）是指在計費週期內與 Logto 交換過至少一個令牌的獨立用戶數量。',
   tokens_tip: 'Logto 發行的所有類型令牌，包括訪問令牌、刷新令牌等。',
-  mao_tip: 'MAO（月度活躍組織）指的是在計費週期內至少有一個MAU（月度活躍用戶）的獨特組織數量。',
-  third_party_tip: '使用Logto作為您的OIDC身份提供程序，以便第三方應用程式進行登錄和權限授予。',
+  mao_tip: 'MAO（月度活躍組織）指的是在計費週期內至少有一個 MAU（月度活躍用戶）的獨特組織數量。',
+  third_party_tip: '使用 Logto 作為你的 OIDC 身份提供程序，以便第三方應用程式進行登錄和權限授予。',
   included: '已包含 {{value, number}}',
   included_mao: '已包含 {{value, number}} MAO',
   extra_quota_price: '然後每月 ${{value, number}} / 每個之後',
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/tenants.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/tenants.ts
index 7670a3aa41e5..96f71e4f639a 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/tenants.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/tenants.ts
@@ -14,6 +14,7 @@ const tenants = {
     tenant_id: '租戶 ID',
     tenant_name: '租戶名稱',
     tenant_region: '資料托管地區',
+    tenant_region_description: '您的租戶資源（使用者、應用程式等）所在的實體位置。建立後無法更改。',
     tenant_region_tip: '您的租戶資源托管於 {{region}}。 <a>了解更多</a>',
     environment_tag_development: '開發',
     environment_tag_production: '產品',
@@ -41,6 +42,7 @@ const tenants = {
   },
   create_modal: {
     title: '建立客戶',
+    subtitle: '建立一個具有獨立資源和使用者的新租戶。',
     tenant_usage_purpose: '您希望將此租戶用於什麼目的？',
     development_description: '僅供測試，不應在生產環境中使用。無需訂閱。',
     development_hint: '它擁有所有專業功能，但存在限制，如登入橫幅。',
@@ -48,6 +50,9 @@ const tenants = {
     available_plan: '可用方案：',
     create_button: '建立租戶',
     tenant_name_placeholder: '我的租戶',
+    tenant_created: '租戶建立成功。',
+    invitation_failed: '某些邀請發送失敗。請稍後在設置 -> 成員中再試。',
+    tenant_type_description: '這一點在建立後無法更改。',
   },
   dev_tenant_migration: {
     title: '您現在可以通過創建新的 "開發租戶" 免費試用我們的專業功能！',
@@ -93,6 +98,10 @@ const tenants = {
     description_2:
       '如果您需要進一步的說明、有任何疑慮或希望恢復全部功能並解鎖您的租戶，請立即聯絡我們。',
   },
+  production_tenant_notification: {
+    text: '你正在一個開發租戶中免費測試。創建一個產品租戶來上線。',
+    action: '創建租戶',
+  },
 };
 
 export default Object.freeze(tenants);
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/upsell/paywall.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/upsell/paywall.ts
index 5a78bf82c70f..967a28871314 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/upsell/paywall.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/upsell/paywall.ts
@@ -62,6 +62,7 @@ const paywall = {
     description:
       '升級至付費計劃以解鎖自訂JWT功能和高級福利。如果有任何問題，請隨時<a>聯繹我們</a>。',
   },
+  bring_your_ui: '升級到付費計劃以獲得自訂UI功能和高級福利。',
 };
 
 export default Object.freeze(paywall);
diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/user-details.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/user-details.ts
index 6e66719c1792..69cb3866e4b4 100644
--- a/packages/phrases/src/locales/zh-tw/translation/admin-console/user-details.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/user-details.ts
@@ -33,16 +33,20 @@ const user_details = {
   field_avatar_placeholder: 'https://your.cdn.domain/avatar.png',
   field_custom_data: '自定義數據',
   field_custom_data_tip: '預定義屬性之外的用戶資訊，例如用戶偏好的顏色和語言。',
+  field_profile: '個人資料',
+  field_profile_tip:
+    '其他 OpenID Connect 標準聲明，未包含在用戶屬性中。請注意，所有未知屬性將被去除。更多資訊請參閱<a>個人資料屬性參考</a>。',
   field_connectors: '社交帳號',
   field_sso_connectors: '企業連接',
   custom_data_invalid: '自定義數據必須是有效的 JSON 對象',
+  profile_invalid: '個人資料必須是有效的 JSON 對象',
   connectors: {
     connectors: '連接器',
     user_id: '用戶ID',
     remove: '刪除',
     connected: '該用戶已連接多個社交連接器。',
     not_connected: '該用戶還沒有綁定社交帳號',
-    deletion_confirmation: '您正在刪除現有的<name/>身份。你確定要繼續嗎？',
+    deletion_confirmation: '你正在刪除現有的<name/>身份。你確定要繼續嗎？',
   },
   sso_connectors: {
     connectors: '連接器',
@@ -55,7 +59,7 @@ const user_details = {
     field_description: '這個用戶已啟用2步驗證因素。',
     name_column: '多因素驗證',
     field_description_empty: '此使用者尚未啟用兩步驗證因素。',
-    deletion_confirmation: '您正在刪除現有的雙步驗證中的 <name/>。你確定要繼續嗎？',
+    deletion_confirmation: '你正在刪除現有的雙步驗證中的 <name/>。你確定要繼續嗎？',
   },
   suspended: '已禁用',
   suspend_user: '禁用用戶',
@@ -70,13 +74,16 @@ const user_details = {
   roles: {
     name_column: '使用者角色',
     description_column: '描述',
+    assign_button: '分配角色',
     delete_description: '此操作將從此用戶中刪除此角色。角色本身仍將存在，但不再與此用戶相關聯。',
     deleted: '已成功將 {{name}} 從此用戶中刪除。',
-    assign_subtitle: '通過搜索名稱、描述或角色ID找到合適的使用者角色。',
+    assign_title: '分配角色至 {{name}}',
+    assign_subtitle: '通過搜索名稱、描述或角色 ID 找到合適的使用者角色。',
     assign_role_field: '分配角色',
     role_search_placeholder: '按角色名稱搜索',
     added_text: '添加了 {{value, number}} 個',
     assigned_user_count: '{{value, number}} 個用戶',
+    confirm_assign: '分配角色',
     role_assigned: '已成功分配角色',
     search: '按角色名稱、描述或 ID 搜索',
     empty: '無可用角色',
diff --git a/packages/phrases/src/locales/zh-tw/translation/demo-app.ts b/packages/phrases/src/locales/zh-tw/translation/demo-app.ts
index 23c5e617e7e2..b8028dbb6960 100644
--- a/packages/phrases/src/locales/zh-tw/translation/demo-app.ts
+++ b/packages/phrases/src/locales/zh-tw/translation/demo-app.ts
@@ -1,5 +1,6 @@
 const demo_app = {
   title: '你已成功登錄實時預覽！',
+  subtitle: '這是你的用戶信息：',
   username: '用戶名：',
   user_id: '用戶 ID：',
   sign_out: '退出實時預覽',

From 52c0dccbc7514cf3aabf98203218869786b14d7b Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Tue, 23 Jul 2024 19:43:15 +0800
Subject: [PATCH 088/135] refactor(core): implement verification records map
 (#6289)

* refactor(core): implement verificaiton records map

implement verification records map

* fix(core): fix invalid verification type error

fix invalid verificaiton type error

* fix(core): update the verification record map

update the verification record map

* fix(core): update some comments

update some comments

* refactor(core): polish promise dependency

polish promise dependency

* fix(core): fix the social/sso syncing profile logic

fix the social/sso syncing profile logic

* refactor(core): optimize the verification records map

optimize the verification records map

* fix(core): fix set method of VerificationRecord map
fix set method of VerificationRecord map
---
 .../classes/experience-interaction.ts         | 32 ++++++++++++-----
 .../src/routes/experience/classes/helpers.ts  | 16 ++++++---
 .../classes/validators/provision-library.ts   |  2 +-
 .../enterprise-sso-verification.ts            |  2 +-
 .../experience/classes/verifications/index.ts | 35 ++++++++++++-------
 .../verifications/verification-records-map.ts | 34 ++++++++++++++++++
 .../enterprise-sso-verification.ts            |  9 ++---
 .../social-verification.ts                    | 10 +++---
 .../verification-routes/totp-verification.ts  | 10 +++---
 .../verification-routes/verification-code.ts  | 13 ++-----
 10 files changed, 111 insertions(+), 52 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/verifications/verification-records-map.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 9dd36d12f0e3..e69ad74e55e4 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -1,5 +1,5 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import { InteractionEvent, type User, type VerificationType } from '@logto/schemas';
+import { InteractionEvent, type User } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
@@ -24,7 +24,9 @@ import {
   verificationRecordDataGuard,
   type VerificationRecord,
   type VerificationRecordData,
+  type VerificationRecordMap,
 } from './verifications/index.js';
+import { VerificationRecordsMap } from './verifications/verification-records-map.js';
 
 type InteractionStorage = {
   interactionEvent?: InteractionEvent;
@@ -52,7 +54,7 @@ export default class ExperienceInteraction {
   public readonly provisionLibrary: ProvisionLibrary;
 
   /** The user verification record list for the current interaction. */
-  private readonly verificationRecords = new Map<VerificationType, VerificationRecord>();
+  private readonly verificationRecords = new VerificationRecordsMap();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
   private userCache?: User;
@@ -101,7 +103,7 @@ export default class ExperienceInteraction {
 
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
-      this.verificationRecords.set(instance.type, instance);
+      this.verificationRecords.setValue(instance);
     }
   }
 
@@ -182,13 +184,21 @@ export default class ExperienceInteraction {
    * If a record with the same type already exists, it will be replaced.
    */
   public setVerificationRecord(record: VerificationRecord) {
-    const { type } = record;
-
-    this.verificationRecords.set(type, record);
+    this.verificationRecords.setValue(record);
   }
 
-  public getVerificationRecordById(verificationId: string) {
-    return this.verificationRecordsArray.find((record) => record.id === verificationId);
+  public getVerificationRecordByTypeAndId<K extends keyof VerificationRecordMap>(
+    type: K,
+    verificationId: string
+  ): VerificationRecordMap[K] {
+    const record = this.verificationRecords.get(type);
+
+    assertThat(
+      record?.id === verificationId,
+      new RequestError({ code: 'session.verification_session_not_found', status: 404 })
+    );
+
+    return record;
   }
 
   /**
@@ -298,7 +308,7 @@ export default class ExperienceInteraction {
   }
 
   private get verificationRecordsArray() {
-    return [...this.verificationRecords.values()];
+    return this.verificationRecords.array();
   }
 
   /**
@@ -389,4 +399,8 @@ export default class ExperienceInteraction {
     this.userCache = user;
     return this.userCache;
   }
+
+  private getVerificationRecordById(verificationId: string) {
+    return this.verificationRecordsArray.find((record) => record.id === verificationId);
+  }
 }
diff --git a/packages/core/src/routes/experience/classes/helpers.ts b/packages/core/src/routes/experience/classes/helpers.ts
index c208f2be26e0..29fa65ad0aa4 100644
--- a/packages/core/src/routes/experience/classes/helpers.ts
+++ b/packages/core/src/routes/experience/classes/helpers.ts
@@ -16,8 +16,8 @@ import type { InteractionProfile } from '../types.js';
 import { type VerificationRecord } from './verifications/index.js';
 
 /**
- * @throws {RequestError} -400 if the verification record type is not supported for user creation.
- * @throws {RequestError} -400 if the verification record is not verified.
+ * @throws {RequestError} with status 400 if the verification record type is not supported for user creation.
+ * @throws {RequestError} with status 400 if the verification record is not verified.
  */
 export const getNewUserProfileFromVerificationRecord = async (
   verificationRecord: VerificationRecord
@@ -30,8 +30,13 @@ export const getNewUserProfileFromVerificationRecord = async (
     }
     case VerificationType.EnterpriseSso:
     case VerificationType.Social: {
-      const identityProfile = await verificationRecord.toUserProfile();
-      const syncedProfile = await verificationRecord.toSyncedProfile(true);
+      const [identityProfile, syncedProfile] = await Promise.all([
+        verificationRecord.toUserProfile(),
+        // Set `isNewUser` to true to specify syncing profile from the
+        // social/enterprise SSO identity for a new user.
+        verificationRecord.toSyncedProfile(true),
+      ]);
+
       return { ...identityProfile, ...syncedProfile };
     }
     default: {
@@ -95,8 +100,9 @@ export const identifyUserByVerificationRecord = async (
         // Auto fallback to identify the related user if the user does not exist for enterprise SSO.
         if (error instanceof RequestError && error.code === 'user.identity_not_exist') {
           const user = await verificationRecord.identifyRelatedUser();
+
           const syncedProfile = {
-            ...(await verificationRecord.toUserProfile()),
+            ...verificationRecord.toUserProfile(),
             ...(await verificationRecord.toSyncedProfile()),
           };
           return { user, syncedProfile };
diff --git a/packages/core/src/routes/experience/classes/validators/provision-library.ts b/packages/core/src/routes/experience/classes/validators/provision-library.ts
index 8d9e502acf13..a8610b7b67fe 100644
--- a/packages/core/src/routes/experience/classes/validators/provision-library.ts
+++ b/packages/core/src/routes/experience/classes/validators/provision-library.ts
@@ -43,7 +43,7 @@ export class ProvisionLibrary {
   /**
    * Insert a new user into the Logto database using the provided profile.
    *
-   * - provision the organization for the new user based on the profile
+   * - Provision the organization for the new user based on the profile
    * - OSS only, new user provisioning
    */
   async provisionNewUser(profile: InteractionProfile) {
diff --git a/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts b/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
index db710ca690a3..5bf28a730b03 100644
--- a/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/enterprise-sso-verification.ts
@@ -173,7 +173,7 @@ export class EnterpriseSsoVerification
   /**
    * Returns the use SSO identity as a new user profile.
    */
-  async toUserProfile(): Promise<Required<Pick<InteractionProfile, 'enterpriseSsoIdentity'>>> {
+  toUserProfile(): Required<Pick<InteractionProfile, 'enterpriseSsoIdentity'>> {
     assertThat(
       this.enterpriseSsoUserInfo && this.issuer,
       new RequestError({ code: 'session.verification_failed', status: 400 })
diff --git a/packages/core/src/routes/experience/classes/verifications/index.ts b/packages/core/src/routes/experience/classes/verifications/index.ts
index bc1ac79bdb50..db9f601d5d2e 100644
--- a/packages/core/src/routes/experience/classes/verifications/index.ts
+++ b/packages/core/src/routes/experience/classes/verifications/index.ts
@@ -41,6 +41,7 @@ import {
   totpVerificationRecordDataGuard,
   type TotpVerificationRecordData,
 } from './totp-verification.js';
+import { type VerificationRecord as GenericVerificationRecord } from './verification-record.js';
 
 export type VerificationRecordData =
   | PasswordVerificationRecordData
@@ -52,23 +53,33 @@ export type VerificationRecordData =
   | BackupCodeVerificationRecordData
   | NewPasswordIdentityVerificationRecordData;
 
+// This is to ensure the keys of the map are the same as the type of the verification record
+type VerificationRecordInterfaceMap = {
+  [K in VerificationType]?: GenericVerificationRecord<K>;
+};
+type AssertVerificationMap<T extends VerificationRecordInterfaceMap> = T;
+
+export type VerificationRecordMap = AssertVerificationMap<{
+  [VerificationType.Password]: PasswordVerification;
+  [VerificationType.EmailVerificationCode]: EmailCodeVerification;
+  [VerificationType.PhoneVerificationCode]: PhoneCodeVerification;
+  [VerificationType.Social]: SocialVerification;
+  [VerificationType.EnterpriseSso]: EnterpriseSsoVerification;
+  [VerificationType.TOTP]: TotpVerification;
+  [VerificationType.BackupCode]: BackupCodeVerification;
+  [VerificationType.NewPasswordIdentity]: NewPasswordIdentityVerification;
+}>;
+
+type ValueOf<T> = T[keyof T];
 /**
  * Union type for all verification record types
  *
- * @remark This is a discriminated union type.
- * The VerificationRecord generic class can not narrow down the type of a verification record instance by its type property.
+ * @remarks This is a discriminated union type.
+ * The `VerificationRecord` generic class can not narrow down the type of a verification record instance by its type property.
  * This union type is used to narrow down the type of the verification record.
- * Used in the ExperienceInteraction class to store and manage all the verification records. With a given verification type, we can narrow down the type of the verification record.
+ * Used in the `ExperienceInteraction` class to store and manage all the verification records. With a given verification type, we can narrow down the type of the verification record.
  */
-export type VerificationRecord =
-  | PasswordVerification
-  | EmailCodeVerification
-  | PhoneCodeVerification
-  | SocialVerification
-  | EnterpriseSsoVerification
-  | TotpVerification
-  | BackupCodeVerification
-  | NewPasswordIdentityVerification;
+export type VerificationRecord = ValueOf<VerificationRecordMap>;
 
 export const verificationRecordDataGuard = z.discriminatedUnion('type', [
   passwordVerificationRecordDataGuard,
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts b/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts
new file mode 100644
index 000000000000..dc60760f31a0
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts
@@ -0,0 +1,34 @@
+/**
+ * @fileoverview
+ *
+ * Since `Map` in TS does not support  key value type mapping,
+ * we have to manually define a `setValue` method to ensure correct key will be set
+ * This class is used to store and manage all the verification records.
+ *
+ * Extends the Map class and adds a `setValue` method to ensure the key value type mapping.
+ */
+
+import { type VerificationType } from '@logto/schemas';
+
+import { type VerificationRecord, type VerificationRecordMap } from './index.js';
+
+export class VerificationRecordsMap extends Map<VerificationType, VerificationRecord> {
+  setValue(value: VerificationRecord) {
+    return super.set(value.type, value);
+  }
+
+  override get<K extends keyof VerificationRecordMap>(
+    key: K
+  ): VerificationRecordMap[K] | undefined {
+    // eslint-disable-next-line no-restricted-syntax
+    return super.get(key) as VerificationRecordMap[K] | undefined;
+  }
+
+  override set(): never {
+    throw new Error('Use `setValue` method to set the value');
+  }
+
+  array(): VerificationRecord[] {
+    return [...this.values()];
+  }
+}
diff --git a/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts b/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts
index bdb1d86e704e..ce65b992fc34 100644
--- a/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts
@@ -80,12 +80,13 @@ export default function enterpriseSsoVerificationRoutes<T extends WithLogContext
       const { connectorData, verificationId } = ctx.guard.body;
 
       const enterpriseSsoVerificationRecord =
-        ctx.experienceInteraction.getVerificationRecordById(verificationId);
+        ctx.experienceInteraction.getVerificationRecordByTypeAndId(
+          VerificationType.EnterpriseSso,
+          verificationId
+        );
 
       assertThat(
-        enterpriseSsoVerificationRecord &&
-          enterpriseSsoVerificationRecord.type === VerificationType.EnterpriseSso &&
-          enterpriseSsoVerificationRecord.connectorId === connectorId,
+        enterpriseSsoVerificationRecord.connectorId === connectorId,
         new RequestError({ code: 'session.verification_session_not_found', status: 404 })
       );
 
diff --git a/packages/core/src/routes/experience/verification-routes/social-verification.ts b/packages/core/src/routes/experience/verification-routes/social-verification.ts
index 88dd3b9613ef..ef77607da43f 100644
--- a/packages/core/src/routes/experience/verification-routes/social-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/social-verification.ts
@@ -75,13 +75,13 @@ export default function socialVerificationRoutes<T extends WithLogContext>(
       const { connectorId } = ctx.params;
       const { connectorData, verificationId } = ctx.guard.body;
 
-      const socialVerificationRecord =
-        ctx.experienceInteraction.getVerificationRecordById(verificationId);
+      const socialVerificationRecord = ctx.experienceInteraction.getVerificationRecordByTypeAndId(
+        VerificationType.Social,
+        verificationId
+      );
 
       assertThat(
-        socialVerificationRecord &&
-          socialVerificationRecord.type === VerificationType.Social &&
-          socialVerificationRecord.connectorId === connectorId,
+        socialVerificationRecord.connectorId === connectorId,
         new RequestError({ code: 'session.verification_session_not_found', status: 404 })
       );
 
diff --git a/packages/core/src/routes/experience/verification-routes/totp-verification.ts b/packages/core/src/routes/experience/verification-routes/totp-verification.ts
index ef6a4925b002..ba875a88edbc 100644
--- a/packages/core/src/routes/experience/verification-routes/totp-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/totp-verification.ts
@@ -75,13 +75,13 @@ export default function totpVerificationRoutes<T extends WithLogContext>(
 
       // Verify new generated secret
       if (verificationId) {
-        const totpVerificationRecord =
-          experienceInteraction.getVerificationRecordById(verificationId);
+        const totpVerificationRecord = experienceInteraction.getVerificationRecordByTypeAndId(
+          VerificationType.TOTP,
+          verificationId
+        );
 
         assertThat(
-          totpVerificationRecord &&
-            totpVerificationRecord.type === VerificationType.TOTP &&
-            totpVerificationRecord.userId === experienceInteraction.identifiedUserId,
+          totpVerificationRecord.userId === experienceInteraction.identifiedUserId,
           new RequestError({
             code: 'session.verification_session_not_found',
             status: 404,
diff --git a/packages/core/src/routes/experience/verification-routes/verification-code.ts b/packages/core/src/routes/experience/verification-routes/verification-code.ts
index 6c9654ba4073..711546d3853a 100644
--- a/packages/core/src/routes/experience/verification-routes/verification-code.ts
+++ b/packages/core/src/routes/experience/verification-routes/verification-code.ts
@@ -2,11 +2,9 @@ import { InteractionEvent, verificationCodeIdentifierGuard } from '@logto/schema
 import type Router from 'koa-router';
 import { z } from 'zod';
 
-import RequestError from '#src/errors/RequestError/index.js';
 import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
-import assertThat from '#src/utils/assert-that.js';
 
 import { codeVerificationIdentifierRecordTypeMap } from '../classes/utils.js';
 import { createNewCodeVerificationRecord } from '../classes/verifications/code-verification.js';
@@ -71,14 +69,9 @@ export default function verificationCodeRoutes<T extends WithLogContext>(
     async (ctx, next) => {
       const { verificationId, code, identifier } = ctx.guard.body;
 
-      const codeVerificationRecord =
-        ctx.experienceInteraction.getVerificationRecordById(verificationId);
-
-      assertThat(
-        codeVerificationRecord &&
-          // Make the Verification type checker happy
-          codeVerificationRecord.type === codeVerificationIdentifierRecordTypeMap[identifier.type],
-        new RequestError({ code: 'session.verification_session_not_found', status: 404 })
+      const codeVerificationRecord = ctx.experienceInteraction.getVerificationRecordByTypeAndId(
+        codeVerificationIdentifierRecordTypeMap[identifier.type],
+        verificationId
       );
 
       await codeVerificationRecord.verify(identifier, code);

From 74e41e854b6d46dd35d84141dcfb4b2741cd10df Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Wed, 24 Jul 2024 13:02:09 +0800
Subject: [PATCH 089/135] refactor(experience): use button loading for social
 sign-in (#6316)

---
 .../src/containers/SocialSignInList/index.tsx | 12 +++++-
 .../containers/SocialSignInList/use-social.ts | 16 ++++++-
 .../src/hooks/use-global-redirect-to.ts       | 42 ++++++++++++++++---
 .../src/hooks/use-single-sign-on.ts           | 16 ++++---
 .../pages/SingleSignOnConnectors/index.tsx    | 15 ++++++-
 5 files changed, 85 insertions(+), 16 deletions(-)

diff --git a/packages/experience/src/containers/SocialSignInList/index.tsx b/packages/experience/src/containers/SocialSignInList/index.tsx
index 6b99756cc977..24c902482277 100644
--- a/packages/experience/src/containers/SocialSignInList/index.tsx
+++ b/packages/experience/src/containers/SocialSignInList/index.tsx
@@ -1,5 +1,6 @@
 import type { ExperienceSocialConnector } from '@logto/schemas';
 import classNames from 'classnames';
+import { useState } from 'react';
 
 import SocialLinkButton from '@/components/Button/SocialLinkButton';
 import useNativeMessageListener from '@/hooks/use-native-message-listener';
@@ -17,6 +18,14 @@ const SocialSignInList = ({ className, socialConnectors = [] }: Props) => {
   const { invokeSocialSignIn, theme } = useSocial();
   useNativeMessageListener();
 
+  const [loadingConnectorId, setLoadingConnectorId] = useState<string>();
+
+  const handleClick = async (connector: ExperienceSocialConnector) => {
+    setLoadingConnectorId(connector.id);
+    await invokeSocialSignIn(connector);
+    setLoadingConnectorId(undefined);
+  };
+
   return (
     <div className={classNames(styles.socialLinkList, className)}>
       {socialConnectors.map((connector) => {
@@ -29,8 +38,9 @@ const SocialSignInList = ({ className, socialConnectors = [] }: Props) => {
             name={name}
             logo={getLogoUrl({ theme, logoUrl, darkLogoUrl })}
             target={target}
+            isLoading={loadingConnectorId === id}
             onClick={() => {
-              void invokeSocialSignIn(connector);
+              void handleClick(connector);
             }}
           />
         );
diff --git a/packages/experience/src/containers/SocialSignInList/use-social.ts b/packages/experience/src/containers/SocialSignInList/use-social.ts
index 6e884c55dc8c..3ea08c1103f4 100644
--- a/packages/experience/src/containers/SocialSignInList/use-social.ts
+++ b/packages/experience/src/containers/SocialSignInList/use-social.ts
@@ -9,6 +9,7 @@ import PageContext from '@/Providers/PageContextProvider/PageContext';
 import { getSocialAuthorizationUrl } from '@/apis/interaction';
 import useApi from '@/hooks/use-api';
 import useErrorHandler from '@/hooks/use-error-handler';
+import useGlobalRedirectTo from '@/hooks/use-global-redirect-to';
 import useTerms from '@/hooks/use-terms';
 import { getLogtoNativeSdk, isNativeWebview } from '@/utils/native-sdk';
 import { generateState, storeState, buildSocialLandingUri } from '@/utils/social-connectors';
@@ -19,6 +20,10 @@ const useSocial = () => {
   const handleError = useErrorHandler();
   const asyncInvokeSocialSignIn = useApi(getSocialAuthorizationUrl);
   const { termsValidation, agreeToTermsPolicy } = useTerms();
+  const redirectTo = useGlobalRedirectTo({
+    shouldClearInteractionContextSession: false,
+    isReplace: false,
+  });
 
   const nativeSignInHandler = useCallback(
     (redirectTo: string, connector: ExperienceSocialConnector) => {
@@ -76,9 +81,16 @@ const useSocial = () => {
       }
 
       // Invoke web social sign-in flow
-      window.location.assign(result.redirectTo);
+      await redirectTo(result.redirectTo);
     },
-    [agreeToTermsPolicy, asyncInvokeSocialSignIn, handleError, nativeSignInHandler, termsValidation]
+    [
+      agreeToTermsPolicy,
+      asyncInvokeSocialSignIn,
+      handleError,
+      nativeSignInHandler,
+      redirectTo,
+      termsValidation,
+    ]
   );
 
   return {
diff --git a/packages/experience/src/hooks/use-global-redirect-to.ts b/packages/experience/src/hooks/use-global-redirect-to.ts
index 168d052d72db..ebba12dc1844 100644
--- a/packages/experience/src/hooks/use-global-redirect-to.ts
+++ b/packages/experience/src/hooks/use-global-redirect-to.ts
@@ -4,17 +4,36 @@ import { useCallback, useContext } from 'react';
 import PageContext from '@/Providers/PageContextProvider/PageContext';
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
 
+type Options = {
+  /**
+   * Whether to clear the interaction context session storage before redirecting.
+   * Defaults to `true`.
+   * Set to `false` if this redirection is not the final redirection in the sign-in process (not the sign-in successful redirection).
+   */
+  shouldClearInteractionContextSession?: boolean;
+  /**
+   * Whether to use `window.location.replace` instead of `window.location.assign` for the redirection.
+   * Defaults to `true`.
+   * Use `false` if this is a 3rd-party URL redirection (social sign-in or single sign-on redirection) that should be added to the browser history.
+   */
+  isReplace?: boolean;
+};
+
 /**
- * Hook for global redirection after successful login.
+ * Hook for global redirection to 3rd-party URLs (e.g., social sign-in, single sign-on, and the final redirection to the
+ * app redirect URI after successful sign-in).
  *
  * This hook provides an async function that represents the final step in the login process.
- * It sets a global loading state, clears the interaction context, and then redirects the user.
+ * It sets a global loading state, clears the interaction context (if needed), and then redirects the user.
  *
  * The returned async function will never resolve, as the page will be redirected before
  * the Promise can settle. This behavior is intentional and serves to maintain the loading
  * state on the interaction element (e.g., a button) that triggered the successful login.
  */
-function useGlobalRedirectTo() {
+function useGlobalRedirectTo({
+  shouldClearInteractionContextSession = true,
+  isReplace = true,
+}: Options = {}) {
   const { setLoading } = useContext(PageContext);
   const { clearInteractionContextSessionStorage } = useContext(UserInteractionContext);
 
@@ -29,12 +48,18 @@ function useGlobalRedirectTo() {
        * Clear all identifier input values from the storage once the interaction is submitted.
        * The Identifier cache should be session-isolated, so it should be cleared after the interaction is completed.
        */
-      clearInteractionContextSessionStorage();
+      if (shouldClearInteractionContextSession) {
+        clearInteractionContextSessionStorage();
+      }
       /**
        * Perform the actual redirect
        * This is a synchronous operation and will immediately unload the current page
        */
-      window.location.replace(url);
+      if (isReplace) {
+        window.location.replace(url);
+      } else {
+        window.location.assign(url);
+      }
 
       /**
        * Return a Promise that never resolves
@@ -43,7 +68,12 @@ function useGlobalRedirectTo() {
        */
       return new Promise<never>(noop);
     },
-    [clearInteractionContextSessionStorage, setLoading]
+    [
+      clearInteractionContextSessionStorage,
+      isReplace,
+      setLoading,
+      shouldClearInteractionContextSession,
+    ]
   );
 
   return redirectTo;
diff --git a/packages/experience/src/hooks/use-single-sign-on.ts b/packages/experience/src/hooks/use-single-sign-on.ts
index 751ba725f487..a6b62109ca36 100644
--- a/packages/experience/src/hooks/use-single-sign-on.ts
+++ b/packages/experience/src/hooks/use-single-sign-on.ts
@@ -6,9 +6,15 @@ import useErrorHandler from '@/hooks/use-error-handler';
 import { getLogtoNativeSdk, isNativeWebview } from '@/utils/native-sdk';
 import { buildSocialLandingUri, generateState, storeState } from '@/utils/social-connectors';
 
+import useGlobalRedirectTo from './use-global-redirect-to';
+
 const useSingleSignOn = () => {
   const handleError = useErrorHandler();
   const asyncInvokeSingleSignOn = useApi(getSingleSignOnUrl);
+  const redirectTo = useGlobalRedirectTo({
+    shouldClearInteractionContextSession: false,
+    isReplace: false,
+  });
 
   /**
    * Native IdP Sign In Flow
@@ -39,7 +45,7 @@ const useSingleSignOn = () => {
       const state = generateState();
       storeState(state, connectorId);
 
-      const [error, redirectTo] = await asyncInvokeSingleSignOn(
+      const [error, redirectUrl] = await asyncInvokeSingleSignOn(
         connectorId,
         state,
         `${window.location.origin}/callback/${connectorId}`
@@ -51,19 +57,19 @@ const useSingleSignOn = () => {
         return;
       }
 
-      if (!redirectTo) {
+      if (!redirectUrl) {
         return;
       }
 
       // Invoke Native Sign In flow
       if (isNativeWebview()) {
-        nativeSignInHandler(redirectTo, connectorId);
+        nativeSignInHandler(redirectUrl, connectorId);
       }
 
       // Invoke Web Sign In flow
-      window.location.assign(redirectTo);
+      await redirectTo(redirectUrl);
     },
-    [asyncInvokeSingleSignOn, handleError, nativeSignInHandler]
+    [asyncInvokeSingleSignOn, handleError, nativeSignInHandler, redirectTo]
   );
 };
 
diff --git a/packages/experience/src/pages/SingleSignOnConnectors/index.tsx b/packages/experience/src/pages/SingleSignOnConnectors/index.tsx
index c1b0904a659d..fb17d5b5993d 100644
--- a/packages/experience/src/pages/SingleSignOnConnectors/index.tsx
+++ b/packages/experience/src/pages/SingleSignOnConnectors/index.tsx
@@ -1,4 +1,4 @@
-import { useContext, useEffect } from 'react';
+import { useContext, useEffect, useState } from 'react';
 import { useNavigate } from 'react-router-dom';
 
 import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
@@ -17,6 +17,14 @@ const SingleSignOnConnectors = () => {
   const navigate = useNavigate();
   const onSubmit = useSingleSignOn();
 
+  const [loadingConnectorId, setLoadingConnectorId] = useState<string>();
+
+  const handleSubmit = async (connectorId: string) => {
+    setLoadingConnectorId(connectorId);
+    await onSubmit(connectorId);
+    setLoadingConnectorId(undefined);
+  };
+
   // Listen to native message
   useNativeMessageListener();
 
@@ -46,7 +54,10 @@ const SingleSignOnConnectors = () => {
               name={{ en: connectorName }} // I18n support for connectorName not supported yet, always display the plain text
               logo={getLogoUrl({ theme, logoUrl, darkLogoUrl })}
               target={connectorName}
-              onClick={async () => onSubmit(id)}
+              isLoading={loadingConnectorId === connector.id}
+              onClick={() => {
+                void handleSubmit(connector.id);
+              }}
             />
           );
         })}

From 94296acc7a18ce5a6859a23132fd65b0de068156 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 24 Jul 2024 15:55:37 +0800
Subject: [PATCH 090/135] chore: add comment

---
 packages/core/src/routes/applications/application-secret.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/core/src/routes/applications/application-secret.ts b/packages/core/src/routes/applications/application-secret.ts
index 720afd7f50ae..1728e6cbc79b 100644
--- a/packages/core/src/routes/applications/application-secret.ts
+++ b/packages/core/src/routes/applications/application-secret.ts
@@ -13,6 +13,7 @@ export const generateInternalSecret = () => internalPrefix + generateStandardSec
 export default function applicationSecretRoutes<T extends ManagementApiRouter>(
   ...[router, { queries }]: RouterInitArgs<T>
 ) {
+  // See OpenAPI description for the rationale of this endpoint.
   router.delete(
     '/applications/:id/legacy-secret',
     koaGuard({

From 6b33a369605bf347a36c4627692ffd951c5858a2 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 24 Jul 2024 16:14:15 +0800
Subject: [PATCH 091/135] chore: add comment

---
 .../ApplicationDetailsContent/CreateSecretModal.tsx             | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
index 4d3129096be5..d50e34ac3017 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
@@ -48,6 +48,8 @@ function CreateSecretModal({ appId, isOpen, onClose }: Props) {
   const expirationDays = watch('expiration');
   const [expirationDate, setExpirationDate] = useState<Date>();
 
+  // Update expiration date every second since our options are relative to the current time (in
+  // days).
   useEffect(() => {
     const setDate = () => {
       if (expirationDays === neverExpires) {

From 6c1f4283a996fd8904767d8d8fc1120f16578b1b Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 24 Jul 2024 17:47:02 +0800
Subject: [PATCH 092/135] refactor(console): use vite

---
 package.json                                  |    3 +-
 packages/console/.eslintrc.cjs                |   12 +
 packages/console/.parcelrc                    |   19 -
 packages/console/.parcelrc.arm64              |   23 -
 packages/console/{src => }/index.html         |    2 +-
 packages/console/package.json                 |   43 +-
 packages/console/parcel-transformer-mdx2.js   |   61 -
 .../console/src/assets/docs/guides/index.tsx  |   66 +-
 .../components/ClientBasics/index.tsx         |    2 +-
 packages/console/src/cloud/AppRoutes.tsx      |    2 +-
 .../cloud/pages/Main/InvitationList/index.tsx |    4 +-
 .../TenantLandingPageContent/index.tsx        |    8 +-
 .../pages/Main/TenantLandingPage/index.tsx    |    2 +-
 .../cloud/pages/SocialDemoCallback/index.tsx  |    6 +-
 .../src/components/ActionBar/index.tsx        |    2 +-
 .../src/components/ActionsButton/index.tsx    |    8 +-
 .../console/src/components/AppError/index.tsx |   10 +-
 .../src/components/AppLoading/index.tsx       |    4 +-
 .../ApplicationCreation/CreateForm/index.tsx  |    4 +-
 .../src/components/ApplicationName/index.tsx  |    2 +-
 .../components/EventName/index.tsx            |    6 +-
 .../src/components/AuditLogTable/index.tsx    |    2 +-
 .../src/components/BasicWebhookForm/index.tsx |    2 +-
 .../console/src/components/BillInfo/index.tsx |    4 +-
 .../src/components/Breakable/index.tsx        |    2 +-
 .../ConnectorForm/BasicForm/index.tsx         |    4 +-
 .../ConfigForm/ConfigFormFields/index.tsx     |    2 +-
 .../ConnectorForm/ConfigForm/index.tsx        |    2 +-
 .../ConnectorForm/GoogleOneTapCard/index.tsx  |    2 +-
 .../src/components/ConnectorLogo/index.tsx    |    2 +-
 .../src/components/ConnectorTester/index.tsx  |    2 +-
 .../ConnectorRadio/index.tsx                  |    2 +-
 .../ConnectorRadioGroup/index.tsx             |    2 +-
 .../PlatformSelector/index.tsx                |    2 +-
 .../CreateConnectorForm/Skeleton/index.tsx    |    6 +-
 .../components/CreateConnectorForm/index.tsx  |    4 +-
 .../EnvTagOptionContent/index.tsx             |    2 +-
 .../FeaturedPlanContent/index.tsx             |    6 +-
 .../PlanCardItem/index.tsx                    |    4 +-
 .../SelectTenantPlanModal/index.tsx           |    4 +-
 .../components/CreateTenantModal/index.tsx    |    8 +-
 .../CustomUiAssetsUploader/index.tsx          |    4 +-
 .../src/components/DetailsForm/index.tsx      |    2 +-
 .../DetailsPage/DetailsPageHeader/index.tsx   |    4 +-
 .../components/DetailsPage/Skeleton/index.tsx |    2 +-
 .../src/components/DetailsPage/index.tsx      |    4 +-
 .../console/src/components/Drawer/index.tsx   |    4 +-
 .../src/components/EditScopeModal/index.tsx   |    2 +-
 .../components/EmptyDataPlaceholder/index.tsx |    6 +-
 .../components/EntityItem/index.tsx           |    2 +-
 .../components/SourceEntitiesBox/index.tsx    |    6 +-
 .../components/SourceEntityItem/index.tsx     |    2 +-
 .../components/TargetEntitiesBox/index.tsx    |    4 +-
 .../components/TargetEntityItem/index.tsx     |    4 +-
 .../src/components/EntitiesTransfer/index.tsx |    4 +-
 .../src/components/FeatureTag/BetaTag.tsx     |    2 +-
 .../src/components/FeatureTag/index.tsx       |    2 +-
 .../console/src/components/FileIcon/index.tsx |    4 +-
 .../FormCard/FormCardLayout/index.tsx         |    2 +-
 .../components/FormCard/Skeleton/index.tsx    |    2 +-
 .../console/src/components/FormCard/index.tsx |    2 +-
 .../src/components/Guide/GuideCard/index.tsx  |    2 +-
 .../components/Guide/GuideCardGroup/index.tsx |    2 +-
 .../components/Guide/ModalFooter/index.tsx    |    2 +-
 .../Guide/ModalHeader/RequestForm.tsx         |    2 +-
 .../components/Guide/ModalHeader/index.tsx    |    4 +-
 .../components/Guide/StepsSkeleton/index.tsx  |    2 +-
 .../console/src/components/Guide/index.tsx    |    2 +-
 .../src/components/ImageInputs/index.tsx      |    2 +-
 .../console/src/components/Index/index.tsx    |    4 +-
 .../src/components/InlineUpsell/index.tsx     |    2 +-
 .../ItemPreview/ApplicationPreview.tsx        |    2 +-
 .../src/components/ItemPreview/index.tsx      |    2 +-
 .../console/src/components/ListPage/index.tsx |    4 +-
 .../components/LivePreviewButton/index.tsx    |    4 +-
 .../index.tsx                                 |    2 +-
 .../console/src/components/Markdown/index.tsx |    2 +-
 .../src/components/MauExceededModal/index.tsx |    4 +-
 .../src/components/MfaFactorTitle/index.tsx   |   10 +-
 .../src/components/MultiOptionInput/index.tsx |    4 +-
 .../components/MultiTextInputField/index.tsx  |    2 +-
 .../src/components/OpenExternalLink/index.tsx |    2 +-
 .../src/components/OrganizationList/index.tsx |    6 +-
 .../OrganizationRolesSelect/index.tsx         |    4 +-
 .../components/PaymentOverdueModal/index.tsx  |    4 +-
 .../src/components/PermissionsTable/index.tsx |    8 +-
 .../src/components/PlanUsage/index.tsx        |    2 +-
 .../src/components/ProgressBar/index.tsx      |    2 +-
 .../src/components/QuotaGuardFooter/index.tsx |    2 +-
 .../console/src/components/Region/index.tsx   |    2 +-
 .../src/components/RequestDataError/index.tsx |    6 +-
 .../components/RoleAssignmentModal/index.tsx  |    4 +-
 .../console/src/components/RoleIcon/index.tsx |    4 +-
 .../components/ResourceItem/index.tsx         |    6 +-
 .../components/SourceScopeItem/index.tsx      |    2 +-
 .../components/SourceScopesBox/index.tsx      |    6 +-
 .../components/TargetScopeItem/index.tsx      |    4 +-
 .../components/TargetScopesBox/index.tsx      |    4 +-
 .../components/RoleScopesTransfer/index.tsx   |    4 +-
 .../SourceRolesBox/SourceRoleItem/index.tsx   |    2 +-
 .../RolesTransfer/SourceRolesBox/index.tsx    |    6 +-
 .../TargetRolesBox/TargetRoleItem/index.tsx   |    4 +-
 .../RolesTransfer/TargetRolesBox/index.tsx    |    4 +-
 .../components/RoleInformation/index.tsx      |    4 +-
 .../src/components/RolesTransfer/index.tsx    |    6 +-
 .../components/ToggleUiThemeButton/index.tsx  |    6 +-
 .../SignInExperiencePreview/index.tsx         |    4 +-
 .../SubmitFormChangesActionBar/index.tsx      |    2 +-
 .../src/components/TemplateTable/index.tsx    |    6 +-
 .../src/components/TenantEnvTag/index.tsx     |    2 +-
 .../src/components/ThemedIcon/index.tsx       |    2 +-
 .../components/Topbar/ContactModal/hook.tsx   |   14 +-
 .../components/Topbar/ContactModal/index.tsx  |    4 +-
 .../TenantDropdownItem/index.tsx              |    4 +-
 .../TenantInvitationDropdownItem/index.tsx    |    2 +-
 .../Topbar/TenantSelector/index.tsx           |    6 +-
 .../Topbar/UserInfo/SubMenu/index.tsx         |    6 +-
 .../UserInfo/UserInfoSkeleton/index.tsx       |    2 +-
 .../src/components/Topbar/UserInfo/index.tsx  |   12 +-
 .../src/components/Topbar/index.module.scss   |    6 +-
 .../console/src/components/Topbar/index.tsx   |   12 +-
 .../UnsavedChangesAlertModal/index.tsx        |    2 +-
 .../UserAccountInformation/index.tsx          |    6 +-
 .../src/components/UserAvatar/index.tsx       |    4 +-
 .../src/components/UserInfoCard/index.tsx     |    2 +-
 .../console/src/components/UserName/index.tsx |    2 +-
 .../VerificationCodeInput/index.tsx           |    2 +-
 packages/console/src/consts/applications.ts   |   24 +-
 packages/console/src/consts/connectors.ts     |    4 +-
 packages/console/src/consts/env.ts            |   11 +-
 .../CreateProductionTenantBanner/index.tsx    |    2 +-
 .../TenantEnvMigrationModal/index.tsx         |   10 +-
 .../AppContent/TenantSuspendedPage/index.tsx  |    6 +-
 .../src/containers/AppContent/index.tsx       |    2 +-
 .../Sidebar/components/Item/index.tsx         |    2 +-
 .../Sidebar/components/Section/index.tsx      |    2 +-
 .../ConsoleContent/Sidebar/hook.tsx           |   34 +-
 .../ConsoleContent/Sidebar/index.module.scss  |    6 +
 .../ConsoleContent/Sidebar/index.tsx          |    6 +-
 .../ConsoleContent/index.module.scss          |   11 +-
 .../src/containers/ConsoleContent/index.tsx   |   14 +-
 .../src/contexts/AppThemeProvider/index.tsx   |    8 +-
 .../src/ds-components/ActionMenu/index.tsx    |    2 +-
 .../src/ds-components/Button/index.tsx        |    2 +-
 .../console/src/ds-components/Card/index.tsx  |    2 +-
 .../src/ds-components/CardTitle/index.tsx     |    2 +-
 .../CategorizedCheckboxGroup/index.tsx        |    2 +-
 .../ds-components/Checkbox/Checkbox/index.tsx |    2 +-
 .../Checkbox/CheckboxGroup/index.tsx          |    2 +-
 .../src/ds-components/CodeEditor/index.tsx    |    2 +-
 .../src/ds-components/ColorPicker/index.tsx   |    2 +-
 .../src/ds-components/ConfirmModal/index.tsx  |    4 +-
 .../ds-components/CopyToClipboard/index.tsx   |    8 +-
 .../DataTransferBox/SourceDataItem/index.tsx  |    2 +-
 .../DataTransferBox/SourceGroupItem/index.tsx |    6 +-
 .../DataTransferBox/SourcePanel/index.tsx     |    6 +-
 .../DataTransferBox/TargetDataItem/index.tsx  |    4 +-
 .../DataTransferBox/TargetPanel/index.tsx     |    4 +-
 .../ds-components/DataTransferBox/index.tsx   |    4 +-
 .../src/ds-components/Divider/index.tsx       |    2 +-
 .../DragDrop/DragDropProvider.tsx             |    2 +-
 .../ds-components/Dropdown/DropdownItem.tsx   |    2 +-
 .../src/ds-components/Dropdown/index.tsx      |    2 +-
 .../src/ds-components/FormField/Skeleton.tsx  |    2 +-
 .../src/ds-components/FormField/index.tsx     |    4 +-
 .../src/ds-components/IconButton/index.tsx    |    2 +-
 .../ImageWithErrorFallback/index.tsx          |    4 +-
 .../InlineNotification/index.tsx              |   10 +-
 .../KeyValueInputField/index.tsx              |    6 +-
 .../src/ds-components/ModalHeader/index.tsx   |    4 +-
 .../src/ds-components/ModalLayout/index.tsx   |    4 +-
 .../ds-components/MultiTextInput/index.tsx    |    6 +-
 .../src/ds-components/Pagination/index.tsx    |    2 +-
 .../src/ds-components/RadioGroup/Radio.tsx    |    2 +-
 .../src/ds-components/RadioGroup/index.tsx    |    2 +-
 .../src/ds-components/Search/index.tsx        |    4 +-
 .../src/ds-components/Select/MultiSelect.tsx  |    4 +-
 .../src/ds-components/Select/index.tsx        |   10 +-
 .../src/ds-components/Spacer/index.tsx        |    2 +-
 .../src/ds-components/Spinner/index.tsx       |    2 +-
 .../src/ds-components/Switch/index.tsx        |    2 +-
 .../src/ds-components/TabNav/TabNavItem.tsx   |    2 +-
 .../src/ds-components/TabNav/index.tsx        |    2 +-
 .../src/ds-components/TabWrapper/index.tsx    |    2 +-
 .../ds-components/Table/Skeleton/index.tsx    |    2 +-
 .../ds-components/Table/TableEmptyWrapper.tsx |    2 +-
 .../src/ds-components/Table/TableError.tsx    |    6 +-
 .../ds-components/Table/TablePlaceholder.tsx  |    2 +-
 .../console/src/ds-components/Table/index.tsx |    2 +-
 .../console/src/ds-components/Tag/index.tsx   |    6 +-
 .../ds-components/TextInput/NumericInput.tsx  |    6 +-
 .../src/ds-components/TextInput/index.tsx     |    6 +-
 .../src/ds-components/TextLink/index.tsx      |    2 +-
 .../src/ds-components/Textarea/index.tsx      |    2 +-
 .../src/ds-components/Tip/TipBubble/index.tsx |    2 +-
 .../src/ds-components/Tip/ToggleTip/index.tsx |    4 +-
 .../src/ds-components/Tip/Tooltip/index.tsx   |    2 +-
 .../console/src/ds-components/Toast/index.tsx |    6 +-
 .../Uploader/FileUploader/index.tsx           |    4 +-
 .../Uploader/ImageUploader/index.tsx          |    4 +-
 .../Uploader/ImageUploaderField/index.tsx     |    2 +-
 .../src/hooks/use-console-routes/index.tsx    |    9 +-
 .../routes/api-resources.tsx                  |   14 +-
 .../routes/applications.tsx                   |    8 +-
 .../use-console-routes/routes/audit-logs.tsx  |    5 +-
 .../use-console-routes/routes/connectors.tsx  |    6 +-
 .../routes/customize-jwt.tsx                  |    5 +-
 .../routes/enterprise-sso.tsx                 |    6 +-
 .../hooks/use-console-routes/routes/mfa.tsx   |    3 +-
 .../routes/organization-template.tsx          |   18 +-
 .../routes/organizations.tsx                  |   12 +-
 .../use-console-routes/routes/profile.tsx     |   15 +-
 .../hooks/use-console-routes/routes/roles.tsx |   14 +-
 .../routes/sign-in-experience.tsx             |    4 +-
 .../routes/tenant-settings.tsx                |   21 +-
 .../hooks/use-console-routes/routes/users.tsx |   16 +-
 .../use-console-routes/routes/webhooks.tsx    |   12 +-
 .../src/icons/ConnectorPlatformIcon.tsx       |    6 +-
 packages/console/src/include.d/react-app.d.ts |   65 -
 .../src/include.d/react-router-dom.d.ts       |    1 -
 packages/console/src/include.d/vite-env.d.ts  |    6 +
 .../ApplicationCredentials/index.tsx          |    2 +-
 .../mdx-components/DetailsSummary/index.tsx   |    4 +-
 .../src/mdx-components/Mermaid/index.tsx      |    5 +-
 .../mdx-components/OidcCallbackUri/index.tsx  |    2 +-
 .../src/mdx-components/Sample/index.tsx       |    2 +-
 .../SsoSamlSpMetadata/index.tsx               |    2 +-
 .../console/src/mdx-components/Step/index.tsx |    2 +-
 .../src/mdx-components/Steps/index.tsx        |    2 +-
 .../console/src/mdx-components/Tabs/index.tsx |    2 +-
 .../mdx-components/UriInputField/index.tsx    |    2 +-
 .../MultiCardSelector/CardItem.tsx            |    2 +-
 .../CardSelector/MultiCardSelector/index.tsx  |    2 +-
 .../components/DemoConnectorNotice/index.tsx  |    2 +-
 .../onboarding/components/Topbar/index.tsx    |    4 +-
 packages/console/src/onboarding/index.tsx     |    2 +-
 .../onboarding/pages/CreateTenant/index.tsx   |    6 +-
 .../SignInExperience/InspireMe/index.tsx      |    6 +-
 .../Preview/PlatformTabs/PlatformTab.tsx      |    2 +-
 .../Preview/PlatformTabs/index.tsx            |    6 +-
 .../pages/SignInExperience/Preview/index.tsx  |    2 +-
 .../pages/SignInExperience/Skeleton/index.tsx |    6 +-
 .../pages/SignInExperience/index.tsx          |    6 +-
 .../pages/SignInExperience/options.tsx        |   18 +-
 .../src/onboarding/pages/Welcome/index.tsx    |    6 +-
 .../src/onboarding/pages/Welcome/options.tsx  |    4 +-
 .../AcceptInvitation/SwitchAccount/index.tsx  |    4 +-
 .../CreatePermissionModal/index.tsx           |    2 +-
 .../components/GuideDrawer/index.tsx          |    6 +-
 .../components/GuideModal/index.tsx           |    4 +-
 .../src/pages/ApiResourceDetails/index.tsx    |   14 +-
 .../components/CreateForm/index.tsx           |    2 +-
 .../components/GuideLibrary/index.tsx         |    2 +-
 .../components/GuideLibraryModal/index.tsx    |    4 +-
 .../console/src/pages/ApiResources/index.tsx  |   10 +-
 .../Branding/index.tsx                        |    2 +-
 .../CreateSecretModal.tsx                     |    2 +-
 .../EndpointsAndCredentials.tsx               |   10 +-
 .../GuideDrawer/index.tsx                     |    6 +-
 .../MachineLogs/index.tsx                     |    2 +-
 .../index.tsx                                 |    6 +-
 .../index.tsx                                 |    2 +-
 .../Permissions/PermissionsCard/index.tsx     |    2 +-
 .../PermissionsCard/use-scopes-table.tsx      |    4 +-
 .../Permissions/index.tsx                     |    2 +-
 .../components/SessionForm.tsx                |    2 +-
 .../ProtectedAppSettings/index.tsx            |    4 +-
 .../ApplicationDetailsContent/index.tsx       |    6 +-
 .../ApplicationDetails/GuideModal/index.tsx   |    4 +-
 .../components/GuideLibrary/index.tsx         |    4 +-
 .../components/GuideLibraryModal/index.tsx    |    4 +-
 .../components/ProtectedAppCard/index.tsx     |    6 +-
 .../components/ProtectedAppForm/index.tsx     |    2 +-
 .../components/ProtectedAppModal/index.tsx    |    2 +-
 .../components/TypeDescription/index.tsx      |    2 +-
 .../console/src/pages/Applications/index.tsx  |    6 +-
 .../components/EventIcon/index.tsx            |    6 +-
 .../src/pages/AuditLogDetails/index.tsx       |    2 +-
 .../console/src/pages/AuditLogs/index.tsx     |    2 +-
 .../EmailServiceConnectorForm/index.tsx       |    2 +-
 .../ConnectorDetails/ConnectorTabs/index.tsx  |    2 +-
 .../ConnectorDetails/EmailUsage/index.tsx     |    8 +-
 .../src/pages/ConnectorDetails/index.tsx      |    8 +-
 .../ConnectorDeleteButton/index.tsx           |    2 +-
 .../pages/Connectors/ConnectorName/index.tsx  |    2 +-
 .../Connectors/ConnectorStatusField/index.tsx |    4 +-
 .../src/pages/Connectors/Guide/index.tsx      |    6 +-
 .../SignInExperienceSetupNotice/index.tsx     |    2 +-
 .../console/src/pages/Connectors/index.tsx    |    8 +-
 .../CustomizeJwt/CustomizerItem/index.tsx     |    6 +-
 .../console/src/pages/CustomizeJwt/index.tsx  |    2 +-
 .../ActionButton/CodeRestoreButton.tsx        |    4 +-
 .../MonacoCodeEditor/Dashboard/index.tsx      |    4 +-
 .../MainContent/MonacoCodeEditor/index.tsx    |    2 +-
 .../ScriptSection/ErrorContent/index.tsx      |    2 +-
 .../MainContent/ScriptSection/index.tsx       |    4 +-
 .../InstructionTab/GuideCard/index.tsx        |    4 +-
 .../SettingsSection/InstructionTab/index.tsx  |    4 +-
 .../SettingsSection/TestTab/index.tsx         |    4 +-
 .../MainContent/SettingsSection/index.tsx     |    6 +-
 .../CustomizeJwtDetails/MainContent/index.tsx |    2 +-
 .../PageLoadingSkeleton/index.tsx             |    2 +-
 .../src/pages/CustomizeJwtDetails/index.tsx   |    2 +-
 .../CustomizeJwtDetails/utils/config.tsx      |    4 +-
 .../src/pages/Dashboard/components/Block.tsx  |    8 +-
 .../components/ChartTooltip/index.tsx         |    2 +-
 .../Dashboard/components/Skeleton/index.tsx   |    2 +-
 .../console/src/pages/Dashboard/index.tsx     |    2 +-
 .../EnterpriseSso/SsoConnectorLogo/index.tsx  |    2 +-
 .../SsoConnectorRadio/index.tsx               |    2 +-
 .../SsoConnectorRadioGroup/index.tsx          |    2 +-
 .../EnterpriseSso/SsoCreationModal/index.tsx  |    4 +-
 .../console/src/pages/EnterpriseSso/index.tsx |    8 +-
 .../Connection/FileReader/index.tsx           |   10 +-
 .../ParsedConfigPreview/index.tsx             |    2 +-
 .../Connection/OidcMetadataForm/index.tsx     |    2 +-
 .../Connection/SamlAttributeMapping/index.tsx |    2 +-
 .../Connection/SamlConnectorForm.tsx          |    2 +-
 .../ParsedConfigPreview/index.tsx             |    2 +-
 .../SwitchFormatButton/index.tsx              |    6 +-
 .../Connection/SamlMetadataForm/index.tsx     |    2 +-
 .../Experience/DomainsInput/index.tsx         |    4 +-
 .../Experience/LogosUploader/index.tsx        |    2 +-
 .../EnterpriseSsoDetails/Experience/index.tsx |    2 +-
 .../EnterpriseSsoDetails/SsoGuide/index.tsx   |    2 +-
 .../src/pages/EnterpriseSsoDetails/index.tsx  |    6 +-
 .../ProtectedAppCreationForm/index.tsx        |    2 +-
 .../console/src/pages/GetStarted/index.tsx    |   14 +-
 .../FactorLabel/WebAuthnTipContent/index.tsx  |    2 +-
 .../pages/Mfa/MfaForm/FactorLabel/index.tsx   |    2 +-
 .../console/src/pages/Mfa/MfaForm/index.tsx   |    2 +-
 .../src/pages/Mfa/PageWrapper/index.tsx       |    2 +-
 .../console/src/pages/Mfa/Skeleton/index.tsx  |    2 +-
 packages/console/src/pages/NotFound/index.tsx |    6 +-
 .../EditOrganizationRolesModal/index.tsx      |    2 +-
 .../AddAppsToOrganization.tsx                 |    2 +-
 .../MachineToMachine/index.tsx                |    4 +-
 .../Members/AddMembersToOrganization.tsx      |    2 +-
 .../OrganizationDetails/Members/index.tsx     |    4 +-
 .../Settings/JitSettings.tsx                  |    8 +-
 .../OrganizationDetails/Settings/index.tsx    |    2 +-
 .../src/pages/OrganizationDetails/index.tsx   |    8 +-
 .../Permissions/ResourceName/index.tsx        |    4 +-
 .../Permissions/index.tsx                     |    4 +-
 .../pages/OrganizationRoleDetails/index.tsx   |    6 +-
 .../OrganizationPermissions/index.tsx         |    8 +-
 .../CreateOrganizationRoleModal.tsx           |    4 +-
 .../OrganizationRoles/index.tsx               |   10 +-
 .../src/pages/OrganizationTemplate/index.tsx  |    8 +-
 .../CreateOrganizationModal/index.tsx         |    2 +-
 .../Introduction/components/FlexBox/index.tsx |    2 +-
 .../components/InteractiveDiagram/index.tsx   |    2 +-
 .../Introduction/components/Panel/index.tsx   |    2 +-
 .../components/Permission/index.tsx           |    2 +-
 .../Introduction/components/Role/index.tsx    |    2 +-
 .../Introduction/components/Section/index.tsx |    2 +-
 .../Introduction/components/User/index.tsx    |    4 +-
 .../Introduction/components/Vector/John.tsx   |    2 +-
 .../Introduction/components/Vector/Sarah.tsx  |    2 +-
 .../Organizations/Introduction/index.tsx      |    6 +-
 .../EmptyDataPlaceholder/index.tsx            |    8 +-
 .../OrganizationsTable/index.tsx              |    4 +-
 .../console/src/pages/Organizations/index.tsx |    6 +-
 .../Profile/components/CardContent/index.tsx  |    2 +-
 .../components/ExperienceLikeModal/index.tsx  |    6 +-
 .../components/LinkAccountSection/index.tsx   |    4 +-
 .../pages/Profile/components/NotSet/index.tsx |    2 +-
 .../Profile/components/Skeleton/index.tsx     |    2 +-
 .../BasicUserInfoUpdateModal/index.tsx        |    2 +-
 .../containers/ChangePasswordModal/index.tsx  |    2 +-
 .../DeletionConfirmationModal/index.tsx       |    2 +-
 .../FinalConfirmationModal/index.tsx          |    4 +-
 .../components/TenantsIssuesModal/index.tsx   |    2 +-
 .../components/TenantsList/index.tsx          |    2 +-
 .../containers/DeleteAccountModal/index.tsx   |    2 +-
 .../VerificationCodeModal/index.tsx           |    4 +-
 .../containers/VerifyPasswordModal/index.tsx  |    8 +-
 packages/console/src/pages/Profile/index.tsx  |    4 +-
 .../RoleDetails/RoleApplications/index.tsx    |    6 +-
 .../AssignPermissionsModal/index.tsx          |    2 +-
 .../src/pages/RoleDetails/RoleUsers/index.tsx |    6 +-
 .../console/src/pages/RoleDetails/index.tsx   |    4 +-
 .../components/AssignRoleModal/index.tsx      |    2 +-
 .../components/AssignedEntities/index.tsx     |    2 +-
 .../Roles/components/CreateRoleForm/index.tsx |    2 +-
 .../components/CreateRoleModal/index.tsx      |    2 +-
 packages/console/src/pages/Roles/index.tsx    |    6 +-
 .../Branding/BrandingForm/index.tsx           |    2 +-
 .../Branding/CustomUiForm/index.tsx           |    2 +-
 .../LanguageEditor/AddLanguageSelector.tsx    |    6 +-
 .../LanguageEditor/LanguageDetails.tsx        |    6 +-
 .../LanguageEditor/LanguageItem.tsx           |    2 +-
 .../LanguageEditor/LanguageNav.tsx            |    2 +-
 .../ManageLanguage/LanguageEditor/index.tsx   |    4 +-
 .../Content/LanguagesForm/index.tsx           |    2 +-
 .../PageContent/PasswordPolicy/index.tsx      |    2 +-
 .../SignUpAndSignIn/AdvancedOptions/index.tsx |    2 +-
 .../SignInMethodEditBox/AddButton.tsx         |    6 +-
 .../SignInMethodEditBox/SignInMethodItem.tsx  |    8 +-
 .../SignInForm/SignInMethodEditBox/index.tsx  |    2 +-
 .../SignUpAndSignIn/SignUpForm/index.tsx      |    2 +-
 .../AddButton/index.tsx                       |    6 +-
 .../SelectedConnectorItem/index.tsx           |    6 +-
 .../SocialConnectorEditBox/index.tsx          |    2 +-
 .../ConnectorSetupWarning/index.tsx           |    2 +-
 .../DiffSegment.tsx                           |    2 +-
 .../SignInDiffSection.tsx                     |    2 +-
 .../SignUpDiffSection.tsx                     |    2 +-
 .../SocialTargetsDiffSection.tsx              |    2 +-
 .../SignUpAndSignInChangePreview/index.tsx    |    2 +-
 .../components/FormFieldDescription/index.tsx |    2 +-
 .../components/FormSectionTitle/index.tsx     |    2 +-
 .../SignInExperienceTabWrapper/index.tsx      |    2 +-
 .../SignInExperience/PageContent/index.tsx    |    2 +-
 .../pages/SignInExperience/Skeleton/index.tsx |    6 +-
 .../SignInExperience/Welcome/GuideModal.tsx   |    6 +-
 .../pages/SignInExperience/Welcome/index.tsx  |    6 +-
 .../components/Preview/index.tsx              |    2 +-
 .../src/pages/SignInExperience/index.tsx      |    2 +-
 .../SigningKeys/SigningKeyFormCard/index.tsx  |    4 +-
 .../console/src/pages/SigningKeys/index.tsx   |    2 +-
 .../Subscription/CurrentPlan/index.tsx        |    2 +-
 .../PlanQuotaList/DiffQuotaItem/index.tsx     |    6 +-
 .../PlanQuotaDiffCard/PlanQuotaList/index.tsx |    2 +-
 .../PlanQuotaDiffCard/index.tsx               |    2 +-
 .../DowngradeConfirmModalContent/index.tsx    |    2 +-
 .../TableDataContent/index.tsx                |    4 +-
 .../TableDataWrapper/index.tsx                |    4 +-
 .../PlanComparisonTable/index.tsx             |    2 +-
 .../SwitchPlanActionBar/index.tsx             |    2 +-
 .../TenantSettings/Subscription/index.tsx     |    2 +-
 .../TenantBasicSettings/DeleteCard/index.tsx  |    2 +-
 .../TenantBasicSettings/DeleteModal/index.tsx |    2 +-
 .../TenantBasicSettings/LeaveCard/index.tsx   |    2 +-
 .../ProfileForm/TenantEnvironment/index.tsx   |    2 +-
 .../ProfileForm/TenantRegion/index.tsx        |    2 +-
 .../TenantBasicSettings/index.tsx             |    2 +-
 .../AddDomainForm/index.tsx                   |    2 +-
 .../DnsRecordsTable/index.tsx                 |    2 +-
 .../ActivationProcess/Step/index.tsx          |    6 +-
 .../CustomDomain/ActivationProcess/index.tsx  |    2 +-
 .../CustomDomain/CustomDomainHeader/index.tsx |    6 +-
 .../CustomDomain/index.tsx                    |    2 +-
 .../DefaultDomain/index.tsx                   |    2 +-
 .../TenantDomainSettings/index.tsx            |    2 +-
 .../TenantMembers/EditMemberModal/index.tsx   |    4 +-
 .../TenantMembers/Invitations/index.tsx       |   14 +-
 .../TenantMembers/InviteEmailsInput/index.tsx |    4 +-
 .../InviteMemberModal/Footer/index.tsx        |    2 +-
 .../TenantMembers/InviteMemberModal/index.tsx |    4 +-
 .../TenantSettings/TenantMembers/index.tsx    |    8 +-
 .../index.tsx                                 |    2 +-
 .../components/Skeleton/index.tsx             |    2 +-
 .../src/pages/TenantSettings/index.tsx        |    2 +-
 .../src/pages/UserDetails/UserLogs/index.tsx  |    2 +-
 .../src/pages/UserDetails/UserRoles/index.tsx |    6 +-
 .../UserMfaVerifications/index.tsx            |    2 +-
 .../components/UserSocialIdentities/index.tsx |    2 +-
 .../components/UserSsoIdentities/index.tsx    |    2 +-
 .../console/src/pages/UserDetails/index.tsx   |   12 +-
 .../Users/components/CreateForm/index.tsx     |    4 +-
 packages/console/src/pages/Users/index.tsx    |    6 +-
 .../WebhookDetails/WebhookLogs/index.tsx      |    2 +-
 .../WebhookSettings/SigningKeyField/index.tsx |    4 +-
 .../WebhookSettings/TestWebhook/index.tsx     |    2 +-
 .../src/pages/WebhookDetails/index.tsx        |   12 +-
 .../pages/Webhooks/CreateFormModal/index.tsx  |    2 +-
 packages/console/src/pages/Webhooks/index.tsx |   12 +-
 packages/console/src/pages/Welcome/index.tsx  |    4 +-
 packages/console/svgo.config.json             |   13 -
 packages/console/tsconfig.json                |    6 +-
 packages/console/vite.config.ts               |   55 +
 packages/core/src/app/init.ts                 |    7 +-
 .../src/middleware/koa-security-headers.ts    |    4 +-
 packages/core/src/middleware/koa-spa-proxy.ts |   12 +-
 packages/demo-app/package.json                |    3 -
 packages/demo-app/src/App.tsx                 |    2 +-
 packages/demo-app/src/DevPanel.tsx            |    2 +-
 packages/demo-app/vite.config.ts              |   44 +-
 packages/phrases-experience/package.json      |    1 -
 pnpm-lock.yaml                                | 1179 ++++++++++++-----
 vite.shared.config.ts                         |   39 +
 482 files changed, 2026 insertions(+), 1547 deletions(-)
 delete mode 100644 packages/console/.parcelrc
 delete mode 100644 packages/console/.parcelrc.arm64
 rename packages/console/{src => }/index.html (85%)
 delete mode 100644 packages/console/parcel-transformer-mdx2.js
 delete mode 100644 packages/console/src/include.d/react-app.d.ts
 create mode 100644 packages/console/src/include.d/vite-env.d.ts
 delete mode 100644 packages/console/svgo.config.json
 create mode 100644 packages/console/vite.config.ts
 create mode 100644 vite.shared.config.ts

diff --git a/package.json b/package.json
index 51d09398705c..dcdf6ccb1112 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,8 @@
     "@types/pg": "^8.6.6",
     "husky": "^9.0.0",
     "pg": "^8.8.0",
-    "typescript": "^5.0.0"
+    "typescript": "^5.0.0",
+    "vite": "^5.3.4"
   },
   "engines": {
     "node": "^20.9.0",
diff --git a/packages/console/.eslintrc.cjs b/packages/console/.eslintrc.cjs
index f2cffeab3dbb..a350201e77d3 100644
--- a/packages/console/.eslintrc.cjs
+++ b/packages/console/.eslintrc.cjs
@@ -49,5 +49,17 @@ module.exports = {
         ],
       },
     },
+    {
+      files: ['*.config.js', '*.config.ts', '*.d.ts'],
+      rules: {
+        'import/no-unused-modules': 'off',
+      },
+    },
+    {
+      files: ['*.d.ts'],
+      rules: {
+        'import/no-unassigned-import': 'off',
+      },
+    },
   ],
 };
diff --git a/packages/console/.parcelrc b/packages/console/.parcelrc
deleted file mode 100644
index eeade8d28902..000000000000
--- a/packages/console/.parcelrc
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  "extends": "@parcel/config-default",
-  "transformers": {
-    "raw:*": ["@parcel/transformer-raw"],
-    "**/assets/**/*.svg": [
-      "@parcel/transformer-svg-react"
-    ],
-    "*.{md,mdx}": [
-      "./parcel-transformer-mdx2.js"
-    ]
-  },
-  "compressors": {
-    "*.{html,css,js,svg,map}": [
-      "...",
-      "@parcel/compressor-gzip",
-      "@parcel/compressor-brotli"
-    ]
-  }
-}
diff --git a/packages/console/.parcelrc.arm64 b/packages/console/.parcelrc.arm64
deleted file mode 100644
index c31f639e17bc..000000000000
--- a/packages/console/.parcelrc.arm64
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  "extends": "@parcel/config-default",
-  "optimizers": {
-    // Disable optimizers in arm64 arch https://github.com/parcel-bundler/parcel/issues/7402
-    "*.{jpg,jpeg,png}": []
-  },
-  "transformers": {
-    "raw:*": ["@parcel/transformer-raw"],
-    "**/assets/**/*.svg": [
-      "@parcel/transformer-svg-react"
-    ],
-    "*.{md,mdx}": [
-      "./parcel-transformer-mdx2.js"
-    ]
-  },
-  "compressors": {
-    "*.{html,css,js,svg,map}": [
-      "...",
-      "@parcel/compressor-gzip",
-      "@parcel/compressor-brotli"
-    ]
-  }
-}
diff --git a/packages/console/src/index.html b/packages/console/index.html
similarity index 85%
rename from packages/console/src/index.html
rename to packages/console/index.html
index 91e6965ac8c0..c20b63d96c2f 100644
--- a/packages/console/src/index.html
+++ b/packages/console/index.html
@@ -10,7 +10,7 @@
 <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>
     <div id="app"></div>
-    <script type="module" src="index.tsx"></script>
+    <script type="module" src="src/index.tsx"></script>
 </body>
 
 </html>
diff --git a/packages/console/package.json b/packages/console/package.json
index e5075e13850e..0257eaed5397 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -14,10 +14,10 @@
     "prepack": "pnpm generate",
     "generate": "./generate.sh",
     "precommit": "lint-staged",
-    "start": "parcel src/index.html",
-    "dev": "cross-env PORT=5002 parcel src/index.html --public-url ${CONSOLE_PUBLIC_URL:-/console} --no-cache --hmr-port 6002",
+    "start": "vite",
+    "dev": "vite",
     "check": "tsc --noEmit",
-    "build": "pnpm generate && pnpm check && rm -rf dist && parcel build src/index.html --no-autoinstall --no-cache --public-url ${CONSOLE_PUBLIC_URL:-/console}",
+    "build": "pnpm generate && pnpm check && vite build",
     "lint": "eslint --ext .ts --ext .tsx src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"src/**/*.scss\"",
@@ -39,12 +39,8 @@
     "@logto/shared": "workspace:^3.1.1",
     "@mdx-js/mdx": "^3.0.1",
     "@mdx-js/react": "^3.0.1",
+    "@mdx-js/rollup": "^3.0.1",
     "@monaco-editor/react": "^4.6.0",
-    "@parcel/compressor-brotli": "2.9.3",
-    "@parcel/compressor-gzip": "2.9.3",
-    "@parcel/core": "2.9.3",
-    "@parcel/transformer-sass": "2.9.3",
-    "@parcel/transformer-svg-react": "2.9.3",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/eslint-config-react": "6.0.2",
     "@silverhand/essentials": "^2.9.1",
@@ -63,20 +59,19 @@
     "@types/react-helmet": "^6.1.6",
     "@types/react-modal": "^3.13.1",
     "@types/react-syntax-highlighter": "^15.5.1",
+    "@vitejs/plugin-react": "^4.3.1",
     "@withtyped/client": "^0.8.7",
-    "buffer": "^6.0.0",
     "classnames": "^2.3.1",
     "clean-deep": "^3.4.0",
-    "cross-env": "^7.0.3",
-    "csstype": "^3.0.11",
     "date-fns": "^2.29.3",
     "dayjs": "^1.10.5",
     "debug": "^4.3.4",
     "deep-object-diff": "^1.1.9",
     "deepmerge": "^4.2.2",
     "dnd-core": "^16.0.0",
+    "dotenv": "^16.4.5",
     "eslint": "^8.56.0",
-    "history": "^5.3.0",
+    "find-up": "^7.0.0",
     "i18next": "^22.4.15",
     "i18next-browser-languagedetector": "^8.0.0",
     "identity-obj-proxy": "^3.0.0",
@@ -92,11 +87,9 @@
     "nanoid": "^5.0.1",
     "overlayscrollbars": "^2.0.2",
     "overlayscrollbars-react": "^0.5.0",
-    "parcel": "2.9.3",
-    "postcss": "^8.4.31",
+    "postcss": "^8.4.39",
     "postcss-modules": "^4.3.0",
     "prettier": "^3.0.0",
-    "process": "^0.11.10",
     "prop-types": "^15.8.1",
     "property-information": "^6.2.0",
     "react": "^18.3.1",
@@ -114,7 +107,7 @@
     "react-markdown": "^9.0.0",
     "react-modal": "^3.15.1",
     "react-paginate": "^8.1.3",
-    "react-router-dom": "^6.10.0",
+    "react-router-dom": "^6.25.1",
     "react-syntax-highlighter": "^15.5.0",
     "react-timer-hook": "^3.0.5",
     "recharts": "^2.1.13",
@@ -122,27 +115,17 @@
     "remark-gfm": "^4.0.0",
     "stylelint": "^15.0.0",
     "swr": "^2.2.0",
-    "ts-node": "^10.9.2",
-    "tslib": "^2.4.1",
     "typescript": "^5.5.3",
+    "vite": "^5.3.4",
+    "vite-plugin-compression": "^0.5.1",
+    "vite-plugin-prebundle": "^0.0.4",
+    "vite-plugin-svgr": "^4.2.0",
     "zod": "^3.23.8",
     "zod-to-ts": "^1.2.0"
   },
   "engines": {
     "node": "^20.9.0"
   },
-  "//": "https://github.com/parcel-bundler/parcel/issues/7636",
-  "targets": {
-    "default": {
-      "engines": {
-        "browsers": "defaults"
-      }
-    }
-  },
-  "alias": {
-    "@/*": "./src/$1",
-    "@cloud/*": "./src/cloud/$1"
-  },
   "stylelint": {
     "extends": "@silverhand/eslint-config-react/.stylelintrc"
   },
diff --git a/packages/console/parcel-transformer-mdx2.js b/packages/console/parcel-transformer-mdx2.js
deleted file mode 100644
index bd0058975758..000000000000
--- a/packages/console/parcel-transformer-mdx2.js
+++ /dev/null
@@ -1,61 +0,0 @@
-// https://github.com/parcel-bundler/parcel/pull/7922#issuecomment-1750704973
-
-import { compile } from '@mdx-js/mdx';
-import { default as ThrowableDiagnostic } from '@parcel/diagnostic';
-import { Transformer } from '@parcel/plugin';
-import rehypeMdxCodeProps from 'rehype-mdx-code-props';
-import remarkGfm from 'remark-gfm';
-
-export default new Transformer({
-  async transform({ asset }) {
-    const source = await asset.getCode();
-
-    let codeVFile;
-
-    try {
-      codeVFile = await compile(source, {
-        development: true,
-        jsx: true,
-        providerImportSource: '@mdx-js/react',
-        remarkPlugins: [remarkGfm],
-        rehypePlugins: [[rehypeMdxCodeProps, { tagName: 'code' }]],
-      });
-    } catch (error) {
-      const { start, end } = error.position;
-
-      const highlight = {
-        message: error.reason,
-        start,
-        end,
-      };
-
-      if (!(end.line && end.column)) {
-        highlight.end = { ...start };
-      }
-
-      // Adjust for parser and reporter differences
-      highlight.start.column -= 1;
-      highlight.end.column -= 1;
-
-      throw new ThrowableDiagnostic({
-        diagnostic: {
-          message: 'Unable to compile MDX',
-          codeFrames: [
-            {
-              filePath: asset.filePath,
-              code: source,
-              codeHighlights: [highlight],
-            },
-          ],
-        },
-      });
-    }
-
-    const code = String(codeVFile);
-
-    asset.type = 'jsx';
-    asset.setCode(code);
-
-    return [asset];
-  },
-});
diff --git a/packages/console/src/assets/docs/guides/index.tsx b/packages/console/src/assets/docs/guides/index.tsx
index d83d09817d46..3f93b2c74114 100644
--- a/packages/console/src/assets/docs/guides/index.tsx
+++ b/packages/console/src/assets/docs/guides/index.tsx
@@ -43,126 +43,126 @@ export const guides: Readonly<Guide[]> = Object.freeze([
   {
     order: 1,
     id: 'web-next-app-router',
-    Logo: lazy(async () => import('./web-next-app-router/logo.svg')),
+    Logo: lazy(async () => import('./web-next-app-router/logo.svg?react')),
     Component: lazy(async () => import('./web-next-app-router/README.mdx')),
     metadata: webNextAppRouter,
   },
   {
     order: 1.1,
     id: 'native-expo',
-    Logo: lazy(async () => import('./native-expo/logo.svg')),
+    Logo: lazy(async () => import('./native-expo/logo.svg?react')),
     Component: lazy(async () => import('./native-expo/README.mdx')),
     metadata: nativeExpo,
   },
   {
     order: 1.1,
     id: 'spa-angular',
-    Logo: lazy(async () => import('./spa-angular/logo.svg')),
+    Logo: lazy(async () => import('./spa-angular/logo.svg?react')),
     Component: lazy(async () => import('./spa-angular/README.mdx')),
     metadata: spaAngular,
   },
   {
     order: 1.1,
     id: 'spa-chrome-extension',
-    Logo: lazy(async () => import('./spa-chrome-extension/logo.svg')),
+    Logo: lazy(async () => import('./spa-chrome-extension/logo.svg?react')),
     Component: lazy(async () => import('./spa-chrome-extension/README.mdx')),
     metadata: spaChromeExtension,
   },
   {
     order: 1.1,
     id: 'spa-react',
-    Logo: lazy(async () => import('./spa-react/logo.svg')),
+    Logo: lazy(async () => import('./spa-react/logo.svg?react')),
     Component: lazy(async () => import('./spa-react/README.mdx')),
     metadata: spaReact,
   },
   {
     order: 1.2,
     id: 'm2m-general',
-    Logo: lazy(async () => import('./m2m-general/logo.svg')),
+    Logo: lazy(async () => import('./m2m-general/logo.svg?react')),
     Component: lazy(async () => import('./m2m-general/README.mdx')),
     metadata: m2mGeneral,
   },
   {
     order: 1.2,
     id: 'web-express',
-    Logo: lazy(async () => import('./web-express/logo.svg')),
+    Logo: lazy(async () => import('./web-express/logo.svg?react')),
     Component: lazy(async () => import('./web-express/README.mdx')),
     metadata: webExpress,
   },
   {
     order: 1.2,
     id: 'web-next',
-    Logo: lazy(async () => import('./web-next/logo.svg')),
+    Logo: lazy(async () => import('./web-next/logo.svg?react')),
     Component: lazy(async () => import('./web-next/README.mdx')),
     metadata: webNext,
   },
   {
     order: 1.2,
     id: 'web-sveltekit',
-    Logo: lazy(async () => import('./web-sveltekit/logo.svg')),
+    Logo: lazy(async () => import('./web-sveltekit/logo.svg?react')),
     Component: lazy(async () => import('./web-sveltekit/README.mdx')),
     metadata: webSveltekit,
   },
   {
     order: 1.3,
     id: 'web-go',
-    Logo: lazy(async () => import('./web-go/logo.svg')),
+    Logo: lazy(async () => import('./web-go/logo.svg?react')),
     Component: lazy(async () => import('./web-go/README.mdx')),
     metadata: webGo,
   },
   {
     order: 1.3,
     id: 'web-next-auth',
-    Logo: lazy(async () => import('./web-next-auth/logo.svg')),
+    Logo: lazy(async () => import('./web-next-auth/logo.svg?react')),
     Component: lazy(async () => import('./web-next-auth/README.mdx')),
     metadata: webNextAuth,
   },
   {
     order: 1.4,
     id: 'web-java-spring-boot',
-    Logo: lazy(async () => import('./web-java-spring-boot/logo.svg')),
+    Logo: lazy(async () => import('./web-java-spring-boot/logo.svg?react')),
     Component: lazy(async () => import('./web-java-spring-boot/README.mdx')),
     metadata: webJavaSpringBoot,
   },
   {
     order: 1.6,
     id: 'spa-vue',
-    Logo: lazy(async () => import('./spa-vue/logo.svg')),
+    Logo: lazy(async () => import('./spa-vue/logo.svg?react')),
     Component: lazy(async () => import('./spa-vue/README.mdx')),
     metadata: spaVue,
   },
   {
     order: 1.7,
     id: 'native-ios-swift',
-    Logo: lazy(async () => import('./native-ios-swift/logo.svg')),
+    Logo: lazy(async () => import('./native-ios-swift/logo.svg?react')),
     Component: lazy(async () => import('./native-ios-swift/README.mdx')),
     metadata: nativeIosSwift,
   },
   {
     order: 2,
     id: 'native-android',
-    Logo: lazy(async () => import('./native-android/logo.svg')),
+    Logo: lazy(async () => import('./native-android/logo.svg?react')),
     Component: lazy(async () => import('./native-android/README.mdx')),
     metadata: nativeAndroid,
   },
   {
     order: 2,
     id: 'spa-vanilla',
-    Logo: lazy(async () => import('./spa-vanilla/logo.svg')),
+    Logo: lazy(async () => import('./spa-vanilla/logo.svg?react')),
     Component: lazy(async () => import('./spa-vanilla/README.mdx')),
     metadata: spaVanilla,
   },
   {
     order: 2,
     id: 'web-nuxt',
-    Logo: lazy(async () => import('./web-nuxt/logo.svg')),
+    Logo: lazy(async () => import('./web-nuxt/logo.svg?react')),
     Component: lazy(async () => import('./web-nuxt/README.mdx')),
     metadata: webNuxt,
   },
   {
     order: 2,
     id: 'web-php',
-    Logo: lazy(async () => import('./web-php/logo.svg')),
+    Logo: lazy(async () => import('./web-php/logo.svg?react')),
     Component: lazy(async () => import('./web-php/README.mdx')),
     metadata: webPhp,
   },
@@ -178,105 +178,105 @@ export const guides: Readonly<Guide[]> = Object.freeze([
   {
     order: 2.1,
     id: 'spa-webflow',
-    Logo: lazy(async () => import('./spa-webflow/logo.svg')),
+    Logo: lazy(async () => import('./spa-webflow/logo.svg?react')),
     Component: lazy(async () => import('./spa-webflow/README.mdx')),
     metadata: spaWebflow,
   },
   {
     order: 2.2,
     id: 'web-wordpress',
-    Logo: lazy(async () => import('./web-wordpress/logo.svg')),
+    Logo: lazy(async () => import('./web-wordpress/logo.svg?react')),
     Component: lazy(async () => import('./web-wordpress/README.mdx')),
     metadata: webWordpress,
   },
   {
     order: 3,
     id: 'web-python',
-    Logo: lazy(async () => import('./web-python/logo.svg')),
+    Logo: lazy(async () => import('./web-python/logo.svg?react')),
     Component: lazy(async () => import('./web-python/README.mdx')),
     metadata: webPython,
   },
   {
     order: 4,
     id: 'native-capacitor',
-    Logo: lazy(async () => import('./native-capacitor/logo.svg')),
+    Logo: lazy(async () => import('./native-capacitor/logo.svg?react')),
     Component: lazy(async () => import('./native-capacitor/README.mdx')),
     metadata: nativeCapacitor,
   },
   {
     order: 5,
     id: 'native-flutter',
-    Logo: lazy(async () => import('./native-flutter/logo.svg')),
+    Logo: lazy(async () => import('./native-flutter/logo.svg?react')),
     Component: lazy(async () => import('./native-flutter/README.mdx')),
     metadata: nativeFlutter,
   },
   {
     order: 5,
     id: 'web-dotnet-core',
-    Logo: lazy(async () => import('./web-dotnet-core/logo.svg')),
+    Logo: lazy(async () => import('./web-dotnet-core/logo.svg?react')),
     Component: lazy(async () => import('./web-dotnet-core/README.mdx')),
     metadata: webDotnetCore,
   },
   {
     order: 5.1,
     id: 'web-dotnet-core-mvc',
-    Logo: lazy(async () => import('./web-dotnet-core-mvc/logo.svg')),
+    Logo: lazy(async () => import('./web-dotnet-core-mvc/logo.svg?react')),
     Component: lazy(async () => import('./web-dotnet-core-mvc/README.mdx')),
     metadata: webDotnetCoreMvc,
   },
   {
     order: 5.2,
     id: 'web-dotnet-core-blazor-server',
-    Logo: lazy(async () => import('./web-dotnet-core-blazor-server/logo.svg')),
+    Logo: lazy(async () => import('./web-dotnet-core-blazor-server/logo.svg?react')),
     Component: lazy(async () => import('./web-dotnet-core-blazor-server/README.mdx')),
     metadata: webDotnetCoreBlazorServer,
   },
   {
     order: 5.3,
     id: 'web-dotnet-core-blazor-wasm',
-    Logo: lazy(async () => import('./web-dotnet-core-blazor-wasm/logo.svg')),
+    Logo: lazy(async () => import('./web-dotnet-core-blazor-wasm/logo.svg?react')),
     Component: lazy(async () => import('./web-dotnet-core-blazor-wasm/README.mdx')),
     metadata: webDotnetCoreBlazorWasm,
   },
   {
     order: 6,
     id: 'web-outline',
-    Logo: lazy(async () => import('./web-outline/logo.svg')),
+    Logo: lazy(async () => import('./web-outline/logo.svg?react')),
     Component: lazy(async () => import('./web-outline/README.mdx')),
     metadata: webOutline,
   },
   {
     order: 999,
     id: 'web-gpt-plugin',
-    Logo: lazy(async () => import('./web-gpt-plugin/logo.svg')),
+    Logo: lazy(async () => import('./web-gpt-plugin/logo.svg?react')),
     Component: lazy(async () => import('./web-gpt-plugin/README.mdx')),
     metadata: webGptPlugin,
   },
   {
     order: Number.POSITIVE_INFINITY,
     id: 'api-express',
-    Logo: lazy(async () => import('./api-express/logo.svg')),
+    Logo: lazy(async () => import('./api-express/logo.svg?react')),
     Component: lazy(async () => import('./api-express/README.mdx')),
     metadata: apiExpress,
   },
   {
     order: Number.POSITIVE_INFINITY,
     id: 'api-python',
-    Logo: lazy(async () => import('./api-python/logo.svg')),
+    Logo: lazy(async () => import('./api-python/logo.svg?react')),
     Component: lazy(async () => import('./api-python/README.mdx')),
     metadata: apiPython,
   },
   {
     order: Number.POSITIVE_INFINITY,
     id: 'api-spring-boot',
-    Logo: lazy(async () => import('./api-spring-boot/logo.svg')),
+    Logo: lazy(async () => import('./api-spring-boot/logo.svg?react')),
     Component: lazy(async () => import('./api-spring-boot/README.mdx')),
     metadata: apiSpringBoot,
   },
   {
     order: Number.POSITIVE_INFINITY,
     id: 'third-party-oidc',
-    Logo: lazy(async () => import('./third-party-oidc/logo.svg')),
+    Logo: lazy(async () => import('./third-party-oidc/logo.svg?react')),
     Component: lazy(async () => import('./third-party-oidc/README.mdx')),
     metadata: thirdPartyOidc,
   },
diff --git a/packages/console/src/assets/docs/guides/web-gpt-plugin/components/ClientBasics/index.tsx b/packages/console/src/assets/docs/guides/web-gpt-plugin/components/ClientBasics/index.tsx
index c7fae219f79b..b5ab4e70ba74 100644
--- a/packages/console/src/assets/docs/guides/web-gpt-plugin/components/ClientBasics/index.tsx
+++ b/packages/console/src/assets/docs/guides/web-gpt-plugin/components/ClientBasics/index.tsx
@@ -4,7 +4,7 @@ import { GuideContext } from '@/components/Guide';
 import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import FormField from '@/ds-components/FormField';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export default function ClientBasics() {
   const { app } = useContext(GuideContext);
diff --git a/packages/console/src/cloud/AppRoutes.tsx b/packages/console/src/cloud/AppRoutes.tsx
index 9870c709ac61..2e49878cfa8d 100644
--- a/packages/console/src/cloud/AppRoutes.tsx
+++ b/packages/console/src/cloud/AppRoutes.tsx
@@ -9,7 +9,7 @@ import CheckoutSuccessCallback from '@/pages/CheckoutSuccessCallback';
 import Profile from '@/pages/Profile';
 import HandleSocialCallback from '@/pages/Profile/containers/HandleSocialCallback';
 
-import * as styles from './AppRoutes.module.scss';
+import styles from './AppRoutes.module.scss';
 import Main from './pages/Main';
 import SocialDemoCallback from './pages/SocialDemoCallback';
 
diff --git a/packages/console/src/cloud/pages/Main/InvitationList/index.tsx b/packages/console/src/cloud/pages/Main/InvitationList/index.tsx
index e86b71147fe0..13e17b42a472 100644
--- a/packages/console/src/cloud/pages/Main/InvitationList/index.tsx
+++ b/packages/console/src/cloud/pages/Main/InvitationList/index.tsx
@@ -2,7 +2,7 @@ import { OrganizationInvitationStatus, getTenantIdFromOrganizationId } from '@lo
 import { useContext, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import OrganizationIcon from '@/assets/icons/organization-preview.svg';
+import OrganizationIcon from '@/assets/icons/organization-preview.svg?react';
 import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type InvitationListResponse } from '@/cloud/types/router';
 import TenantEnvTag from '@/components/TenantEnvTag';
@@ -13,7 +13,7 @@ import Spacer from '@/ds-components/Spacer';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useUserOnboardingData from '@/onboarding/hooks/use-user-onboarding-data';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly invitations: InvitationListResponse;
diff --git a/packages/console/src/cloud/pages/Main/TenantLandingPage/TenantLandingPageContent/index.tsx b/packages/console/src/cloud/pages/Main/TenantLandingPage/TenantLandingPageContent/index.tsx
index 6978b899366b..e51c9c24c4b7 100644
--- a/packages/console/src/cloud/pages/Main/TenantLandingPage/TenantLandingPageContent/index.tsx
+++ b/packages/console/src/cloud/pages/Main/TenantLandingPage/TenantLandingPageContent/index.tsx
@@ -2,9 +2,9 @@ import { Theme } from '@logto/schemas';
 import classNames from 'classnames';
 import { useContext, useState } from 'react';
 
-import Plus from '@/assets/icons/plus.svg';
-import TenantLandingPageImageDark from '@/assets/images/tenant-landing-page-dark.svg';
-import TenantLandingPageImage from '@/assets/images/tenant-landing-page.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import TenantLandingPageImageDark from '@/assets/images/tenant-landing-page-dark.svg?react';
+import TenantLandingPageImage from '@/assets/images/tenant-landing-page.svg?react';
 import { type TenantResponse } from '@/cloud/types/router';
 import CreateTenantModal from '@/components/CreateTenantModal';
 import { TenantsContext } from '@/contexts/TenantsProvider';
@@ -12,7 +12,7 @@ import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/cloud/pages/Main/TenantLandingPage/index.tsx b/packages/console/src/cloud/pages/Main/TenantLandingPage/index.tsx
index fb99b70dcc46..d5fd24d6c70a 100644
--- a/packages/console/src/cloud/pages/Main/TenantLandingPage/index.tsx
+++ b/packages/console/src/cloud/pages/Main/TenantLandingPage/index.tsx
@@ -1,7 +1,7 @@
 import Topbar from '@/components/Topbar';
 
 import TenantLandingPageContent from './TenantLandingPageContent';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function TenantLandingPage() {
   return (
diff --git a/packages/console/src/cloud/pages/SocialDemoCallback/index.tsx b/packages/console/src/cloud/pages/SocialDemoCallback/index.tsx
index 5c18de94f1c8..b83cd0c46a56 100644
--- a/packages/console/src/cloud/pages/SocialDemoCallback/index.tsx
+++ b/packages/console/src/cloud/pages/SocialDemoCallback/index.tsx
@@ -3,12 +3,12 @@ import { useEffect } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useSearchParams } from 'react-router-dom';
 
-import CongratsDark from '@/assets/images/congrats-dark.svg';
-import Congrats from '@/assets/images/congrats.svg';
+import CongratsDark from '@/assets/images/congrats-dark.svg?react';
+import Congrats from '@/assets/images/congrats.svg?react';
 import Card from '@/ds-components/Card';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function SocialDemoCallback() {
   const theme = useTheme();
diff --git a/packages/console/src/components/ActionBar/index.tsx b/packages/console/src/components/ActionBar/index.tsx
index 11d09537973a..403f3a981cc5 100644
--- a/packages/console/src/components/ActionBar/index.tsx
+++ b/packages/console/src/components/ActionBar/index.tsx
@@ -2,7 +2,7 @@ import type { ReactNode } from 'react';
 
 import ProgressBar from '../ProgressBar';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly step: number;
diff --git a/packages/console/src/components/ActionsButton/index.tsx b/packages/console/src/components/ActionsButton/index.tsx
index 575b05f1bd61..00a271132744 100644
--- a/packages/console/src/components/ActionsButton/index.tsx
+++ b/packages/console/src/components/ActionsButton/index.tsx
@@ -2,15 +2,15 @@ import { type AdminConsoleKey } from '@logto/phrases';
 import { useCallback, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Delete from '@/assets/icons/delete.svg';
-import Edit from '@/assets/icons/edit.svg';
-import More from '@/assets/icons/more.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Edit from '@/assets/icons/edit.svg?react';
+import More from '@/assets/icons/more.svg?react';
 import ActionMenu, { ActionMenuItem } from '@/ds-components/ActionMenu';
 import ConfirmModal from '@/ds-components/ConfirmModal';
 import DynamicT from '@/ds-components/DynamicT';
 import useActionTranslation from '@/hooks/use-action-translation';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   /** A function that will be called when the user confirms the deletion. If not provided,
diff --git a/packages/console/src/components/AppError/index.tsx b/packages/console/src/components/AppError/index.tsx
index 49a2bfdbb89f..468aa8d80fe8 100644
--- a/packages/console/src/components/AppError/index.tsx
+++ b/packages/console/src/components/AppError/index.tsx
@@ -3,15 +3,15 @@ import { Theme } from '@logto/schemas';
 import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import KeyboardArrowDown from '@/assets/icons/keyboard-arrow-down.svg';
-import KeyboardArrowUp from '@/assets/icons/keyboard-arrow-up.svg';
-import ErrorDark from '@/assets/images/error-dark.svg';
-import Error from '@/assets/images/error.svg';
+import KeyboardArrowDown from '@/assets/icons/keyboard-arrow-down.svg?react';
+import KeyboardArrowUp from '@/assets/icons/keyboard-arrow-up.svg?react';
+import ErrorDark from '@/assets/images/error-dark.svg?react';
+import Error from '@/assets/images/error.svg?react';
 import Button from '@/ds-components/Button';
 import useTheme from '@/hooks/use-theme';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title?: string;
diff --git a/packages/console/src/components/AppLoading/index.tsx b/packages/console/src/components/AppLoading/index.tsx
index 036e8efa2707..c0db14cb0061 100644
--- a/packages/console/src/components/AppLoading/index.tsx
+++ b/packages/console/src/components/AppLoading/index.tsx
@@ -1,7 +1,7 @@
-import Logo from '@/assets/images/logo.svg';
+import Logo from '@/assets/images/logo.svg?react';
 import { Daisy as Spinner } from '@/ds-components/Spinner';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function AppLoading() {
   return (
diff --git a/packages/console/src/components/ApplicationCreation/CreateForm/index.tsx b/packages/console/src/components/ApplicationCreation/CreateForm/index.tsx
index 21c88536a072..7f4ac87e9491 100644
--- a/packages/console/src/components/ApplicationCreation/CreateForm/index.tsx
+++ b/packages/console/src/components/ApplicationCreation/CreateForm/index.tsx
@@ -17,12 +17,12 @@ import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
 import useCurrentUser from '@/hooks/use-current-user';
 import TypeDescription from '@/pages/Applications/components/TypeDescription';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { applicationTypeI18nKey } from '@/types/applications';
 import { trySubmitSafe } from '@/utils/form';
 
 import Footer from './Footer';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormData = {
   type: ApplicationType;
diff --git a/packages/console/src/components/ApplicationName/index.tsx b/packages/console/src/components/ApplicationName/index.tsx
index e537d5d9c0e3..96f593e0ace0 100644
--- a/packages/console/src/components/ApplicationName/index.tsx
+++ b/packages/console/src/components/ApplicationName/index.tsx
@@ -10,7 +10,7 @@ import useSwrFetcher from '@/hooks/use-swr-fetcher';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import { shouldRetryOnError } from '@/utils/request';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly applicationId: string;
diff --git a/packages/console/src/components/AuditLogTable/components/EventName/index.tsx b/packages/console/src/components/AuditLogTable/components/EventName/index.tsx
index 46898ff3b362..ae6066090f99 100644
--- a/packages/console/src/components/AuditLogTable/components/EventName/index.tsx
+++ b/packages/console/src/components/AuditLogTable/components/EventName/index.tsx
@@ -1,13 +1,13 @@
 import classNames from 'classnames';
 import { Link } from 'react-router-dom';
 
-import Failed from '@/assets/icons/failed.svg';
-import Success from '@/assets/icons/success.svg';
+import Failed from '@/assets/icons/failed.svg?react';
+import Success from '@/assets/icons/success.svg?react';
 import { logEventTitle } from '@/consts/logs';
 import Tag from '@/ds-components/Tag';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly eventKey: string;
diff --git a/packages/console/src/components/AuditLogTable/index.tsx b/packages/console/src/components/AuditLogTable/index.tsx
index 6901f5fa3a63..8cd31e744b31 100644
--- a/packages/console/src/components/AuditLogTable/index.tsx
+++ b/packages/console/src/components/AuditLogTable/index.tsx
@@ -19,7 +19,7 @@ import EmptyDataPlaceholder from '../EmptyDataPlaceholder';
 import ApplicationSelector from './components/ApplicationSelector';
 import EventName from './components/EventName';
 import EventSelector from './components/EventSelector';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const auditLogEventOptions = Object.entries(auditLogEventTitle).map(([value, title]) => ({
   value,
diff --git a/packages/console/src/components/BasicWebhookForm/index.tsx b/packages/console/src/components/BasicWebhookForm/index.tsx
index f110c7b852c5..98ba5b7097ed 100644
--- a/packages/console/src/components/BasicWebhookForm/index.tsx
+++ b/packages/console/src/components/BasicWebhookForm/index.tsx
@@ -14,7 +14,7 @@ import FormField from '@/ds-components/FormField';
 import TextInput from '@/ds-components/TextInput';
 import { uriValidator } from '@/utils/validator';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const hookEventGroups: Array<CheckboxOptionGroup<HookEvent>> = [
   ...schemaGroupedDataHookEvents.map(([schema, events]) => ({
diff --git a/packages/console/src/components/BillInfo/index.tsx b/packages/console/src/components/BillInfo/index.tsx
index c2a3a25f2df5..85ec6946fed9 100644
--- a/packages/console/src/components/BillInfo/index.tsx
+++ b/packages/console/src/components/BillInfo/index.tsx
@@ -1,7 +1,7 @@
 import { useContext, useState } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
-import Tip from '@/assets/icons/tip.svg';
+import Tip from '@/assets/icons/tip.svg?react';
 import { newPlansBlogLink } from '@/consts';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
@@ -11,7 +11,7 @@ import TextLink from '@/ds-components/TextLink';
 import { ToggleTip } from '@/ds-components/Tip';
 import useSubscribe from '@/hooks/use-subscribe';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly cost: number;
diff --git a/packages/console/src/components/Breakable/index.tsx b/packages/console/src/components/Breakable/index.tsx
index ca5bf2167978..45de5954c8ca 100644
--- a/packages/console/src/components/Breakable/index.tsx
+++ b/packages/console/src/components/Breakable/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: React.ReactNode;
diff --git a/packages/console/src/components/ConnectorForm/BasicForm/index.tsx b/packages/console/src/components/ConnectorForm/BasicForm/index.tsx
index fb872a83e6de..0711588a6a2e 100644
--- a/packages/console/src/components/ConnectorForm/BasicForm/index.tsx
+++ b/packages/console/src/components/ConnectorForm/BasicForm/index.tsx
@@ -2,7 +2,7 @@ import { Theme } from '@logto/schemas';
 import { Controller, useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
 
-import Error from '@/assets/icons/toast-error.svg';
+import Error from '@/assets/icons/toast-error.svg?react';
 import ImageInputs from '@/components/ImageInputs';
 import UnnamedTrans from '@/components/UnnamedTrans';
 import FormField from '@/ds-components/FormField';
@@ -13,7 +13,7 @@ import useDocumentationUrl from '@/hooks/use-documentation-url';
 import type { ConnectorFormType } from '@/types/connector';
 import { SyncProfileMode } from '@/types/connector';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const themeToField = Object.freeze({
   [Theme.Light]: 'logo',
diff --git a/packages/console/src/components/ConnectorForm/ConfigForm/ConfigFormFields/index.tsx b/packages/console/src/components/ConnectorForm/ConfigForm/ConfigFormFields/index.tsx
index fb1119d810fb..90e05fd7e5b4 100644
--- a/packages/console/src/components/ConnectorForm/ConfigForm/ConfigFormFields/index.tsx
+++ b/packages/console/src/components/ConnectorForm/ConfigForm/ConfigFormFields/index.tsx
@@ -15,7 +15,7 @@ import Textarea from '@/ds-components/Textarea';
 import type { ConnectorFormType } from '@/types/connector';
 import { jsonValidator } from '@/utils/validator';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly formItems: ConnectorConfigFormItem[];
diff --git a/packages/console/src/components/ConnectorForm/ConfigForm/index.tsx b/packages/console/src/components/ConnectorForm/ConfigForm/index.tsx
index b13a45d524e8..d1789eb1ce97 100644
--- a/packages/console/src/components/ConnectorForm/ConfigForm/index.tsx
+++ b/packages/console/src/components/ConnectorForm/ConfigForm/index.tsx
@@ -16,7 +16,7 @@ import type { ConnectorFormType } from '@/types/connector';
 import { jsonValidator } from '@/utils/validator';
 
 import ConfigFormFields from './ConfigFormFields';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly formItems?: ConnectorConfigFormItem[];
diff --git a/packages/console/src/components/ConnectorForm/GoogleOneTapCard/index.tsx b/packages/console/src/components/ConnectorForm/GoogleOneTapCard/index.tsx
index cfb7deb12845..da03323f5df8 100644
--- a/packages/console/src/components/ConnectorForm/GoogleOneTapCard/index.tsx
+++ b/packages/console/src/components/ConnectorForm/GoogleOneTapCard/index.tsx
@@ -12,7 +12,7 @@ import useTheme from '@/hooks/use-theme';
 
 import figureDark from './figure-dark.webp';
 import figureLight from './figure-light.webp';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormContext = { rawConfig: { oneTap: GoogleConnectorConfig['oneTap'] } };
 
diff --git a/packages/console/src/components/ConnectorLogo/index.tsx b/packages/console/src/components/ConnectorLogo/index.tsx
index 333cbcff5de7..809afe5e01d3 100644
--- a/packages/console/src/components/ConnectorLogo/index.tsx
+++ b/packages/console/src/components/ConnectorLogo/index.tsx
@@ -5,7 +5,7 @@ import classNames from 'classnames';
 import ImageWithErrorFallback from '@/ds-components/ImageWithErrorFallback';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/ConnectorTester/index.tsx b/packages/console/src/components/ConnectorTester/index.tsx
index 3e88f51c43fb..874d5428892c 100644
--- a/packages/console/src/components/ConnectorTester/index.tsx
+++ b/packages/console/src/components/ConnectorTester/index.tsx
@@ -15,7 +15,7 @@ import useApi from '@/hooks/use-api';
 import { onKeyDownHandler } from '@/utils/a11y';
 import { trySubmitSafe } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly connectorFactoryId: string;
diff --git a/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/ConnectorRadio/index.tsx b/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/ConnectorRadio/index.tsx
index b722f3f99bba..fc2293ab59d6 100644
--- a/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/ConnectorRadio/index.tsx
+++ b/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/ConnectorRadio/index.tsx
@@ -5,7 +5,7 @@ import ConnectorLogo from '@/components/ConnectorLogo';
 import UnnamedTrans from '@/components/UnnamedTrans';
 import { type ConnectorGroup } from '@/types/connector';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly data: ConnectorGroup<ConnectorFactoryResponse>;
diff --git a/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/index.tsx b/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/index.tsx
index f682f929e8ad..38a81ebe01b3 100644
--- a/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/index.tsx
+++ b/packages/console/src/components/CreateConnectorForm/ConnectorRadioGroup/index.tsx
@@ -5,7 +5,7 @@ import RadioGroup, { Radio } from '@/ds-components/RadioGroup';
 import { type ConnectorGroup } from '@/types/connector';
 
 import ConnectorRadio from './ConnectorRadio';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type ConnectorRadioGroupSize = 'medium' | 'large' | 'xlarge';
 
diff --git a/packages/console/src/components/CreateConnectorForm/PlatformSelector/index.tsx b/packages/console/src/components/CreateConnectorForm/PlatformSelector/index.tsx
index 658db4e286d4..01a9eac6eab7 100644
--- a/packages/console/src/components/CreateConnectorForm/PlatformSelector/index.tsx
+++ b/packages/console/src/components/CreateConnectorForm/PlatformSelector/index.tsx
@@ -6,7 +6,7 @@ import { connectorPlatformLabel } from '@/consts/connectors';
 import RadioGroup, { Radio } from '@/ds-components/RadioGroup';
 import type { ConnectorGroup } from '@/types/connector';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly connectorGroup: ConnectorGroup<ConnectorFactoryResponse & { added: boolean }>;
diff --git a/packages/console/src/components/CreateConnectorForm/Skeleton/index.tsx b/packages/console/src/components/CreateConnectorForm/Skeleton/index.tsx
index 9ecdb68975ff..c305f630c421 100644
--- a/packages/console/src/components/CreateConnectorForm/Skeleton/index.tsx
+++ b/packages/console/src/components/CreateConnectorForm/Skeleton/index.tsx
@@ -1,9 +1,9 @@
 import classNames from 'classnames';
 
-import * as radioStyles from '../ConnectorRadioGroup/ConnectorRadio/index.module.scss';
-import * as radioGroupStyles from '../ConnectorRadioGroup/index.module.scss';
+import radioStyles from '../ConnectorRadioGroup/ConnectorRadio/index.module.scss';
+import radioGroupStyles from '../ConnectorRadioGroup/index.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly numberOfLoadingConnectors?: number;
diff --git a/packages/console/src/components/CreateConnectorForm/index.tsx b/packages/console/src/components/CreateConnectorForm/index.tsx
index 5ed33692ef9c..db935cd198ad 100644
--- a/packages/console/src/components/CreateConnectorForm/index.tsx
+++ b/packages/console/src/components/CreateConnectorForm/index.tsx
@@ -10,7 +10,7 @@ import useSWR from 'swr';
 import DynamicT from '@/ds-components/DynamicT';
 import ModalLayout from '@/ds-components/ModalLayout';
 import type { RequestError } from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import { getConnectorGroups } from '../../pages/Connectors/utils';
 
@@ -18,7 +18,7 @@ import ConnectorRadioGroup from './ConnectorRadioGroup';
 import Footer from './Footer';
 import PlatformSelector from './PlatformSelector';
 import Skeleton from './Skeleton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { compareConnectors, getConnectorRadioGroupSize, getModalTitle } from './utils';
 
 type Props = {
diff --git a/packages/console/src/components/CreateTenantModal/EnvTagOptionContent/index.tsx b/packages/console/src/components/CreateTenantModal/EnvTagOptionContent/index.tsx
index f9d6a10549d1..48b2f75e2d7f 100644
--- a/packages/console/src/components/CreateTenantModal/EnvTagOptionContent/index.tsx
+++ b/packages/console/src/components/CreateTenantModal/EnvTagOptionContent/index.tsx
@@ -7,7 +7,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import Tag from '@/ds-components/Tag';
 import { ReservedPlanName } from '@/types/subscriptions';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tag: TenantTag;
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/FeaturedPlanContent/index.tsx b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/FeaturedPlanContent/index.tsx
index 8e95a6a2a3a5..9007d7062737 100644
--- a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/FeaturedPlanContent/index.tsx
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/FeaturedPlanContent/index.tsx
@@ -1,9 +1,9 @@
 import classNames from 'classnames';
 
-import Failed from '@/assets/icons/failed.svg';
-import Success from '@/assets/icons/success.svg';
+import Failed from '@/assets/icons/failed.svg?react';
+import Success from '@/assets/icons/success.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useFeaturedPlanContent from './use-featured-plan-content';
 
 type Props = {
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/index.tsx b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/index.tsx
index f6836d4041c9..417d5d77a66e 100644
--- a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/index.tsx
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/PlanCardItem/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 import { useContext, useMemo } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
-import ArrowRight from '@/assets/icons/arrow-right.svg';
+import ArrowRight from '@/assets/icons/arrow-right.svg?react';
 import PlanDescription from '@/components/PlanDescription';
 import PlanName from '@/components/PlanName';
 import { pricingLink } from '@/consts';
@@ -15,7 +15,7 @@ import TextLink from '@/ds-components/TextLink';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 
 import FeaturedPlanContent from './FeaturedPlanContent';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly plan: SubscriptionPlan;
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx
index 38d4260599fa..2d4f796a641e 100644
--- a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx
@@ -13,14 +13,14 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import TextLink from '@/ds-components/TextLink';
 import useSubscribe from '@/hooks/use-subscribe';
 import useSubscriptionPlans from '@/hooks/use-subscription-plans';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 import { pickupFeaturedPlans } from '@/utils/subscription';
 
 import { type CreateTenantData } from '../types';
 
 import PlanCardItem from './PlanCardItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tenantData?: CreateTenantData;
diff --git a/packages/console/src/components/CreateTenantModal/index.tsx b/packages/console/src/components/CreateTenantModal/index.tsx
index d6525cc5162f..3dc2fd678780 100644
--- a/packages/console/src/components/CreateTenantModal/index.tsx
+++ b/packages/console/src/components/CreateTenantModal/index.tsx
@@ -5,8 +5,8 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import Modal from 'react-modal';
 
-import CreateTenantHeaderIconDark from '@/assets/icons/create-tenant-header-dark.svg';
-import CreateTenantHeaderIcon from '@/assets/icons/create-tenant-header.svg';
+import CreateTenantHeaderIconDark from '@/assets/icons/create-tenant-header-dark.svg?react';
+import CreateTenantHeaderIcon from '@/assets/icons/create-tenant-header.svg?react';
 import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type TenantResponse } from '@/cloud/types/router';
 import Region, { RegionName } from '@/components/Region';
@@ -17,11 +17,11 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import RadioGroup, { Radio } from '@/ds-components/RadioGroup';
 import TextInput from '@/ds-components/TextInput';
 import useTheme from '@/hooks/use-theme';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import EnvTagOptionContent from './EnvTagOptionContent';
 import SelectTenantPlanModal from './SelectTenantPlanModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type CreateTenantData } from './types';
 
 type Props = {
diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.tsx b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
index a985b0a062bc..070cdbdc025d 100644
--- a/packages/console/src/components/CustomUiAssetsUploader/index.tsx
+++ b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
@@ -4,14 +4,14 @@ import { format } from 'date-fns/fp';
 import { useCallback, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import DeleteIcon from '@/assets/icons/delete.svg';
+import DeleteIcon from '@/assets/icons/delete.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import FileUploader from '@/ds-components/Uploader/FileUploader';
 import { formatBytes } from '@/utils/uploader';
 
 import FileIcon from '../FileIcon';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   // eslint-disable-next-line react/boolean-prop-naming
diff --git a/packages/console/src/components/DetailsForm/index.tsx b/packages/console/src/components/DetailsForm/index.tsx
index c19161d60c4d..fb2b8ef231a0 100644
--- a/packages/console/src/components/DetailsForm/index.tsx
+++ b/packages/console/src/components/DetailsForm/index.tsx
@@ -3,7 +3,7 @@ import type { ReactNode } from 'react';
 
 import SubmitFormChangesActionBar from '../SubmitFormChangesActionBar';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly autoComplete?: string;
diff --git a/packages/console/src/components/DetailsPage/DetailsPageHeader/index.tsx b/packages/console/src/components/DetailsPage/DetailsPageHeader/index.tsx
index b4b431a33a90..d72e741f6bfa 100644
--- a/packages/console/src/components/DetailsPage/DetailsPageHeader/index.tsx
+++ b/packages/console/src/components/DetailsPage/DetailsPageHeader/index.tsx
@@ -10,7 +10,7 @@ import {
 } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import More from '@/assets/icons/more.svg';
+import More from '@/assets/icons/more.svg?react';
 import ActionMenu, { ActionMenuItem } from '@/ds-components/ActionMenu';
 import Button from '@/ds-components/Button';
 import Card from '@/ds-components/Card';
@@ -20,7 +20,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import Tag, { type Props as TagProps } from '@/ds-components/Tag';
 import useWindowResize from '@/hooks/use-window-resize';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type StatusTag = {
   status: TagProps['status'];
diff --git a/packages/console/src/components/DetailsPage/Skeleton/index.tsx b/packages/console/src/components/DetailsPage/Skeleton/index.tsx
index b796c621e913..58bfcb30b245 100644
--- a/packages/console/src/components/DetailsPage/Skeleton/index.tsx
+++ b/packages/console/src/components/DetailsPage/Skeleton/index.tsx
@@ -1,7 +1,7 @@
 import { FormCardSkeleton } from '@/components/FormCard';
 import Spacer from '@/ds-components/Spacer';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/components/DetailsPage/index.tsx b/packages/console/src/components/DetailsPage/index.tsx
index c6083122d0ff..2f4f86774134 100644
--- a/packages/console/src/components/DetailsPage/index.tsx
+++ b/packages/console/src/components/DetailsPage/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 import type { ReactElement, ReactNode } from 'react';
 import { type To } from 'react-router-dom';
 
-import Back from '@/assets/icons/back.svg';
+import Back from '@/assets/icons/back.svg?react';
 import type DangerousRaw from '@/ds-components/DangerousRaw';
 import DynamicT from '@/ds-components/DynamicT';
 import TextLink from '@/ds-components/TextLink';
@@ -12,7 +12,7 @@ import type { RequestError } from '@/hooks/use-api';
 import RequestDataError from '../RequestDataError';
 
 import Skeleton from './Skeleton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly backLink: To;
diff --git a/packages/console/src/components/Drawer/index.tsx b/packages/console/src/components/Drawer/index.tsx
index 99e004b664d1..bf920ab5d797 100644
--- a/packages/console/src/components/Drawer/index.tsx
+++ b/packages/console/src/components/Drawer/index.tsx
@@ -1,12 +1,12 @@
 import type { AdminConsoleKey } from '@logto/phrases';
 import ReactModal from 'react-modal';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import CardTitle from '@/ds-components/CardTitle';
 import IconButton from '@/ds-components/IconButton';
 import Spacer from '@/ds-components/Spacer';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title?: AdminConsoleKey;
diff --git a/packages/console/src/components/EditScopeModal/index.tsx b/packages/console/src/components/EditScopeModal/index.tsx
index 1ba3bc37beed..5e8a3cc1fdac 100644
--- a/packages/console/src/components/EditScopeModal/index.tsx
+++ b/packages/console/src/components/EditScopeModal/index.tsx
@@ -8,7 +8,7 @@ import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 export type EditScopeData = {
diff --git a/packages/console/src/components/EmptyDataPlaceholder/index.tsx b/packages/console/src/components/EmptyDataPlaceholder/index.tsx
index bdf1706507b3..4b7d12ad7b0b 100644
--- a/packages/console/src/components/EmptyDataPlaceholder/index.tsx
+++ b/packages/console/src/components/EmptyDataPlaceholder/index.tsx
@@ -3,11 +3,11 @@ import classNames from 'classnames';
 import { type ReactNode } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import EmptyDark from '@/assets/images/table-empty-dark.svg';
-import Empty from '@/assets/images/table-empty.svg';
+import EmptyDark from '@/assets/images/table-empty-dark.svg?react';
+import Empty from '@/assets/images/table-empty.svg?react';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title?: ReactNode;
diff --git a/packages/console/src/components/EntitiesTransfer/components/EntityItem/index.tsx b/packages/console/src/components/EntitiesTransfer/components/EntityItem/index.tsx
index 0b8ccaa9db2c..7646f9f66eea 100644
--- a/packages/console/src/components/EntitiesTransfer/components/EntityItem/index.tsx
+++ b/packages/console/src/components/EntitiesTransfer/components/EntityItem/index.tsx
@@ -5,7 +5,7 @@ import UserAvatar from '@/components/UserAvatar';
 import SuspendedTag from '@/pages/Users/components/SuspendedTag';
 import { getUserTitle } from '@/utils/user';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type UserItemProps = {
   readonly entity: User;
diff --git a/packages/console/src/components/EntitiesTransfer/components/SourceEntitiesBox/index.tsx b/packages/console/src/components/EntitiesTransfer/components/SourceEntitiesBox/index.tsx
index e8402edf490e..01715df9161f 100644
--- a/packages/console/src/components/EntitiesTransfer/components/SourceEntitiesBox/index.tsx
+++ b/packages/console/src/components/EntitiesTransfer/components/SourceEntitiesBox/index.tsx
@@ -6,7 +6,7 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Search from '@/assets/icons/search.svg';
+import Search from '@/assets/icons/search.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import { defaultPageSize } from '@/consts';
 import DynamicT from '@/ds-components/DynamicT';
@@ -14,13 +14,13 @@ import Pagination from '@/ds-components/Pagination';
 import TextInput from '@/ds-components/TextInput';
 import type { RequestError } from '@/hooks/use-api';
 import useDebounce from '@/hooks/use-debounce';
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 import { type Identifiable } from '@/types/general';
 import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
 import SourceEntityItem from '../SourceEntityItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type SearchProps = {
   pathname: string;
diff --git a/packages/console/src/components/EntitiesTransfer/components/SourceEntityItem/index.tsx b/packages/console/src/components/EntitiesTransfer/components/SourceEntityItem/index.tsx
index b26f110b3ae5..1c3dc0d1820b 100644
--- a/packages/console/src/components/EntitiesTransfer/components/SourceEntityItem/index.tsx
+++ b/packages/console/src/components/EntitiesTransfer/components/SourceEntityItem/index.tsx
@@ -4,7 +4,7 @@ import Checkbox from '@/ds-components/Checkbox';
 import { type Identifiable } from '@/types/general';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<T> = {
   readonly entity: T;
diff --git a/packages/console/src/components/EntitiesTransfer/components/TargetEntitiesBox/index.tsx b/packages/console/src/components/EntitiesTransfer/components/TargetEntitiesBox/index.tsx
index 145cbbfb31b7..7c19d6e69cf2 100644
--- a/packages/console/src/components/EntitiesTransfer/components/TargetEntitiesBox/index.tsx
+++ b/packages/console/src/components/EntitiesTransfer/components/TargetEntitiesBox/index.tsx
@@ -1,11 +1,11 @@
 import { useTranslation } from 'react-i18next';
 
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 import { type Identifiable } from '@/types/general';
 
 import TargetEntityItem from '../TargetEntityItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<T> = {
   readonly renderEntity: (entity: T) => React.ReactNode;
diff --git a/packages/console/src/components/EntitiesTransfer/components/TargetEntityItem/index.tsx b/packages/console/src/components/EntitiesTransfer/components/TargetEntityItem/index.tsx
index 8c71be5d2056..47c4f05b19b3 100644
--- a/packages/console/src/components/EntitiesTransfer/components/TargetEntityItem/index.tsx
+++ b/packages/console/src/components/EntitiesTransfer/components/TargetEntityItem/index.tsx
@@ -1,10 +1,10 @@
 import { type ReactNode } from 'react';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import { type Identifiable } from '@/types/general';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<T> = {
   readonly entity: T;
diff --git a/packages/console/src/components/EntitiesTransfer/index.tsx b/packages/console/src/components/EntitiesTransfer/index.tsx
index ffec093f2ef5..87d4ca74344d 100644
--- a/packages/console/src/components/EntitiesTransfer/index.tsx
+++ b/packages/console/src/components/EntitiesTransfer/index.tsx
@@ -1,11 +1,11 @@
 import classNames from 'classnames';
 
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 import { type Identifiable } from '@/types/general';
 
 import SourceEntitiesBox, { type Props as SourceProps } from './components/SourceEntitiesBox';
 import TargetEntitiesBox from './components/TargetEntitiesBox';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<T extends Identifiable> = SourceProps<T> & {
   readonly errorMessage?: string;
diff --git a/packages/console/src/components/FeatureTag/BetaTag.tsx b/packages/console/src/components/FeatureTag/BetaTag.tsx
index 4bbe194a0952..452eab39d3b6 100644
--- a/packages/console/src/components/FeatureTag/BetaTag.tsx
+++ b/packages/console/src/components/FeatureTag/BetaTag.tsx
@@ -6,7 +6,7 @@ import classNames from 'classnames';
  * Used to indicate that a new released feature is in beta.
  */
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/FeatureTag/index.tsx b/packages/console/src/components/FeatureTag/index.tsx
index cfec1dc5288b..75d58d3271b7 100644
--- a/packages/console/src/components/FeatureTag/index.tsx
+++ b/packages/console/src/components/FeatureTag/index.tsx
@@ -4,7 +4,7 @@ import { useContext } from 'react';
 
 import { TenantsContext } from '@/contexts/TenantsProvider';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export { default as BetaTag } from './BetaTag';
 
diff --git a/packages/console/src/components/FileIcon/index.tsx b/packages/console/src/components/FileIcon/index.tsx
index bab200d1d0fd..29c8585ff8b2 100644
--- a/packages/console/src/components/FileIcon/index.tsx
+++ b/packages/console/src/components/FileIcon/index.tsx
@@ -1,8 +1,8 @@
 import { Theme } from '@logto/schemas';
 import { type ReactNode } from 'react';
 
-import FileIconDark from '@/assets/icons/file-icon-dark.svg';
-import FileIconLight from '@/assets/icons/file-icon.svg';
+import FileIconDark from '@/assets/icons/file-icon-dark.svg?react';
+import FileIconLight from '@/assets/icons/file-icon.svg?react';
 import useTheme from '@/hooks/use-theme';
 
 const themeToRoleIcon = Object.freeze({
diff --git a/packages/console/src/components/FormCard/FormCardLayout/index.tsx b/packages/console/src/components/FormCard/FormCardLayout/index.tsx
index a19c3c663437..1622ed74cf77 100644
--- a/packages/console/src/components/FormCard/FormCardLayout/index.tsx
+++ b/packages/console/src/components/FormCard/FormCardLayout/index.tsx
@@ -2,7 +2,7 @@ import { type ReactNode } from 'react';
 
 import Card from '@/ds-components/Card';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly introduction: ReactNode;
diff --git a/packages/console/src/components/FormCard/Skeleton/index.tsx b/packages/console/src/components/FormCard/Skeleton/index.tsx
index 01b44e57d2fd..c9fc9f5a2166 100644
--- a/packages/console/src/components/FormCard/Skeleton/index.tsx
+++ b/packages/console/src/components/FormCard/Skeleton/index.tsx
@@ -2,7 +2,7 @@ import FormFieldSkeleton from '@/ds-components/FormField/Skeleton';
 
 import FormCardLayout from '../FormCardLayout';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly formFieldCount?: number;
diff --git a/packages/console/src/components/FormCard/index.tsx b/packages/console/src/components/FormCard/index.tsx
index 565a3615a496..6befab89d5c9 100644
--- a/packages/console/src/components/FormCard/index.tsx
+++ b/packages/console/src/components/FormCard/index.tsx
@@ -6,7 +6,7 @@ import TextLink from '@/ds-components/TextLink';
 import type { Props as TextLinkProps } from '@/ds-components/TextLink';
 
 import FormCardLayout from './FormCardLayout';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly title: AdminConsoleKey;
diff --git a/packages/console/src/components/Guide/GuideCard/index.tsx b/packages/console/src/components/Guide/GuideCard/index.tsx
index fef3471ecf8b..4c5ddb964025 100644
--- a/packages/console/src/components/Guide/GuideCard/index.tsx
+++ b/packages/console/src/components/Guide/GuideCard/index.tsx
@@ -9,7 +9,7 @@ import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type SelectedGuide = {
   id: Guide['id'];
diff --git a/packages/console/src/components/Guide/GuideCardGroup/index.tsx b/packages/console/src/components/Guide/GuideCardGroup/index.tsx
index e23fb721fef9..a979d68e5d0c 100644
--- a/packages/console/src/components/Guide/GuideCardGroup/index.tsx
+++ b/packages/console/src/components/Guide/GuideCardGroup/index.tsx
@@ -5,7 +5,7 @@ import { type Guide } from '@/assets/docs/guides/types';
 
 import GuideCard, { type SelectedGuide } from '../GuideCard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/Guide/ModalFooter/index.tsx b/packages/console/src/components/Guide/ModalFooter/index.tsx
index d43a8960221e..42862ea5d18d 100644
--- a/packages/console/src/components/Guide/ModalFooter/index.tsx
+++ b/packages/console/src/components/Guide/ModalFooter/index.tsx
@@ -4,7 +4,7 @@ import classNames from 'classnames';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly wrapperClassName?: string;
diff --git a/packages/console/src/components/Guide/ModalHeader/RequestForm.tsx b/packages/console/src/components/Guide/ModalHeader/RequestForm.tsx
index afa1a94c72ba..7232c3b6cd84 100644
--- a/packages/console/src/components/Guide/ModalHeader/RequestForm.tsx
+++ b/packages/console/src/components/Guide/ModalHeader/RequestForm.tsx
@@ -10,7 +10,7 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useCurrentUser from '@/hooks/use-current-user';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 type Props = {
   readonly title: AdminConsoleKey;
diff --git a/packages/console/src/components/Guide/ModalHeader/index.tsx b/packages/console/src/components/Guide/ModalHeader/index.tsx
index dbef8c32208b..99f40efdb207 100644
--- a/packages/console/src/components/Guide/ModalHeader/index.tsx
+++ b/packages/console/src/components/Guide/ModalHeader/index.tsx
@@ -1,14 +1,14 @@
 import { type AdminConsoleKey } from '@logto/phrases';
 import { useCallback, useState } from 'react';
 
-import Box from '@/assets/icons/box.svg';
+import Box from '@/assets/icons/box.svg?react';
 import { githubIssuesLink } from '@/consts';
 import { isCloud } from '@/consts/env';
 import Button from '@/ds-components/Button';
 import DsModalHeader from '@/ds-components/ModalHeader';
 
 import RequestForm from './RequestForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: AdminConsoleKey;
diff --git a/packages/console/src/components/Guide/StepsSkeleton/index.tsx b/packages/console/src/components/Guide/StepsSkeleton/index.tsx
index 7d3ed4e75d9e..5557f532f571 100644
--- a/packages/console/src/components/Guide/StepsSkeleton/index.tsx
+++ b/packages/console/src/components/Guide/StepsSkeleton/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function StepsSkeleton() {
   return (
diff --git a/packages/console/src/components/Guide/index.tsx b/packages/console/src/components/Guide/index.tsx
index be312df981e6..f697cdf70839 100644
--- a/packages/console/src/components/Guide/index.tsx
+++ b/packages/console/src/components/Guide/index.tsx
@@ -10,7 +10,7 @@ import MdxProvider from '@/mdx-components/MdxProvider';
 import NotFound from '@/pages/NotFound';
 
 import StepsSkeleton from './StepsSkeleton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type GuideContextType = {
   metadata: Readonly<GuideMetadata>;
diff --git a/packages/console/src/components/ImageInputs/index.tsx b/packages/console/src/components/ImageInputs/index.tsx
index dcabc41d39a6..29a028199650 100644
--- a/packages/console/src/components/ImageInputs/index.tsx
+++ b/packages/console/src/components/ImageInputs/index.tsx
@@ -22,7 +22,7 @@ import useImageMimeTypes from '@/hooks/use-image-mime-types';
 import useUserAssetsService from '@/hooks/use-user-assets-service';
 import { uriValidator } from '@/utils/validator';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export const themeToLogoName = Object.freeze({
   [Theme.Light]: 'logoUrl',
diff --git a/packages/console/src/components/Index/index.tsx b/packages/console/src/components/Index/index.tsx
index d9584593dca9..4c9036e0e441 100644
--- a/packages/console/src/components/Index/index.tsx
+++ b/packages/console/src/components/Index/index.tsx
@@ -1,8 +1,8 @@
 import classNames from 'classnames';
 
-import Tick from '@/assets/icons/tick.svg';
+import Tick from '@/assets/icons/tick.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/InlineUpsell/index.tsx b/packages/console/src/components/InlineUpsell/index.tsx
index 1f57a042c436..ca2fd0eb1522 100644
--- a/packages/console/src/components/InlineUpsell/index.tsx
+++ b/packages/console/src/components/InlineUpsell/index.tsx
@@ -8,7 +8,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 
 import ContactUsPhraseLink from '../ContactUsPhraseLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/ItemPreview/ApplicationPreview.tsx b/packages/console/src/components/ItemPreview/ApplicationPreview.tsx
index e284a5894c6e..438d322834d1 100644
--- a/packages/console/src/components/ItemPreview/ApplicationPreview.tsx
+++ b/packages/console/src/components/ItemPreview/ApplicationPreview.tsx
@@ -5,7 +5,7 @@ import ApplicationIcon from '@/components/ApplicationIcon';
 import { applicationTypeI18nKey } from '@/types/applications';
 
 import ItemPreview from '.';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const applicationsPathname = '/applications';
 const buildDetailsPathname = (id: string) => `${applicationsPathname}/${id}`;
diff --git a/packages/console/src/components/ItemPreview/index.tsx b/packages/console/src/components/ItemPreview/index.tsx
index e7447b76e063..2728e184848e 100644
--- a/packages/console/src/components/ItemPreview/index.tsx
+++ b/packages/console/src/components/ItemPreview/index.tsx
@@ -5,7 +5,7 @@ import { Link } from 'react-router-dom';
 
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: ReactNode;
diff --git a/packages/console/src/components/ListPage/index.tsx b/packages/console/src/components/ListPage/index.tsx
index c59d75fea1d5..26abe9e481b7 100644
--- a/packages/console/src/components/ListPage/index.tsx
+++ b/packages/console/src/components/ListPage/index.tsx
@@ -2,14 +2,14 @@ import classNames from 'classnames';
 import { type ReactNode } from 'react';
 import { type FieldValues, type FieldPath } from 'react-hook-form';
 
-import Plus from '@/assets/icons/plus.svg';
+import Plus from '@/assets/icons/plus.svg?react';
 import PageMeta, { type Props as PageMetaProps } from '@/components/PageMeta';
 import { type Props as ButtonProps } from '@/ds-components/Button';
 import Button from '@/ds-components/Button';
 import { type Props as CardTitleProps } from '@/ds-components/CardTitle';
 import CardTitle from '@/ds-components/CardTitle';
 import Table, { type Props as TableProps } from '@/ds-components/Table';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 
 type CreateButtonProps = {
   title: ButtonProps['title'];
diff --git a/packages/console/src/components/LivePreviewButton/index.tsx b/packages/console/src/components/LivePreviewButton/index.tsx
index 6a1ec955d3fc..c773cfaac34b 100644
--- a/packages/console/src/components/LivePreviewButton/index.tsx
+++ b/packages/console/src/components/LivePreviewButton/index.tsx
@@ -3,13 +3,13 @@ import classNames from 'classnames';
 import { useContext } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import ExternalLinkIcon from '@/assets/icons/external-link.svg';
+import ExternalLinkIcon from '@/assets/icons/external-link.svg?react';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import type { Props as ButtonProps, ButtonType } from '@/ds-components/Button';
 import Button from '@/ds-components/Button';
 import { Tooltip } from '@/ds-components/Tip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly size?: ButtonProps['size'];
diff --git a/packages/console/src/components/ManageOrganizationPermissionModal/index.tsx b/packages/console/src/components/ManageOrganizationPermissionModal/index.tsx
index bca34f4503a6..153802ff340e 100644
--- a/packages/console/src/components/ManageOrganizationPermissionModal/index.tsx
+++ b/packages/console/src/components/ManageOrganizationPermissionModal/index.tsx
@@ -10,7 +10,7 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 type Props = {
diff --git a/packages/console/src/components/Markdown/index.tsx b/packages/console/src/components/Markdown/index.tsx
index c8cf7c6eb97f..ef077e022d65 100644
--- a/packages/console/src/components/Markdown/index.tsx
+++ b/packages/console/src/components/Markdown/index.tsx
@@ -17,7 +17,7 @@ import 'property-information';
 import CodeEditor from '@/ds-components/CodeEditor';
 
 import GithubRawImage from './components/GithubRawImage';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/MauExceededModal/index.tsx b/packages/console/src/components/MauExceededModal/index.tsx
index 3d44dddf6925..947e53835136 100644
--- a/packages/console/src/components/MauExceededModal/index.tsx
+++ b/packages/console/src/components/MauExceededModal/index.tsx
@@ -12,11 +12,11 @@ import FormField from '@/ds-components/FormField';
 import InlineNotification from '@/ds-components/InlineNotification';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import PlanName from '../PlanName';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function MauExceededModal() {
   const { currentTenant } = useContext(TenantsContext);
diff --git a/packages/console/src/components/MfaFactorTitle/index.tsx b/packages/console/src/components/MfaFactorTitle/index.tsx
index a32c32339f58..8f75cafb8b43 100644
--- a/packages/console/src/components/MfaFactorTitle/index.tsx
+++ b/packages/console/src/components/MfaFactorTitle/index.tsx
@@ -1,16 +1,16 @@
 import { MfaFactor } from '@logto/schemas';
 import { type ReactNode } from 'react';
 
-import FactorBackupCode from '@/assets/icons/factor-backup-code.svg';
-import FactorTotp from '@/assets/icons/factor-totp.svg';
-import FactorWebAuthn from '@/assets/icons/factor-webauthn.svg';
-import Tip from '@/assets/icons/tip.svg';
+import FactorBackupCode from '@/assets/icons/factor-backup-code.svg?react';
+import FactorTotp from '@/assets/icons/factor-totp.svg?react';
+import FactorWebAuthn from '@/assets/icons/factor-webauthn.svg?react';
+import Tip from '@/assets/icons/tip.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import { ToggleTip } from '@/ds-components/Tip';
 
 import MfaFactorName, { type Props as MfaFactorNameProps } from '../MfaFactorName';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const factorIcon: Record<MfaFactor, SvgComponent> = {
   [MfaFactor.TOTP]: FactorTotp,
diff --git a/packages/console/src/components/MultiOptionInput/index.tsx b/packages/console/src/components/MultiOptionInput/index.tsx
index 68d5db09eb7c..47cc0f85c795 100644
--- a/packages/console/src/components/MultiOptionInput/index.tsx
+++ b/packages/console/src/components/MultiOptionInput/index.tsx
@@ -2,12 +2,12 @@ import { isKeyInObject, type Nullable } from '@silverhand/essentials';
 import classNames from 'classnames';
 import { type ReactNode, useRef, useState, useCallback } from 'react';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import Tag from '@/ds-components/Tag';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type CanBePromise<T> = T | Promise<T>;
 
diff --git a/packages/console/src/components/MultiTextInputField/index.tsx b/packages/console/src/components/MultiTextInputField/index.tsx
index 69791ecaeff8..d797a4e1891b 100644
--- a/packages/console/src/components/MultiTextInputField/index.tsx
+++ b/packages/console/src/components/MultiTextInputField/index.tsx
@@ -5,7 +5,7 @@ import FormField from '@/ds-components/FormField';
 import type { Props as MultiTextInputProps } from '@/ds-components/MultiTextInput';
 import MultiTextInput from '@/ds-components/MultiTextInput';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = MultiTextInputProps &
   Pick<FormFieldProps, 'isRequired' | 'tip'> & {
diff --git a/packages/console/src/components/OpenExternalLink/index.tsx b/packages/console/src/components/OpenExternalLink/index.tsx
index c6e93e6c3453..649fbde7fd3d 100644
--- a/packages/console/src/components/OpenExternalLink/index.tsx
+++ b/packages/console/src/components/OpenExternalLink/index.tsx
@@ -1,6 +1,6 @@
 import { useTranslation } from 'react-i18next';
 
-import ExternalLinkIcon from '@/assets/icons/external-link.svg';
+import ExternalLinkIcon from '@/assets/icons/external-link.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import { Tooltip } from '@/ds-components/Tip';
 
diff --git a/packages/console/src/components/OrganizationList/index.tsx b/packages/console/src/components/OrganizationList/index.tsx
index a924e8306460..aaef30d4f742 100644
--- a/packages/console/src/components/OrganizationList/index.tsx
+++ b/packages/console/src/components/OrganizationList/index.tsx
@@ -3,8 +3,8 @@ import { type ReactNode, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import OrganizationIcon from '@/assets/icons/organization-preview.svg';
-import Tip from '@/assets/icons/tip.svg';
+import OrganizationIcon from '@/assets/icons/organization-preview.svg?react';
+import Tip from '@/assets/icons/tip.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
 import { RoleOption } from '@/components/OrganizationRolesSelect';
@@ -18,7 +18,7 @@ import { ToggleTip } from '@/ds-components/Tip';
 import { type RequestError } from '@/hooks/use-api';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly type: 'user' | 'application';
diff --git a/packages/console/src/components/OrganizationRolesSelect/index.tsx b/packages/console/src/components/OrganizationRolesSelect/index.tsx
index 452100f8980a..f78a09f08762 100644
--- a/packages/console/src/components/OrganizationRolesSelect/index.tsx
+++ b/packages/console/src/components/OrganizationRolesSelect/index.tsx
@@ -1,14 +1,14 @@
 import { type OrganizationRole, type RoleType } from '@logto/schemas';
 import classNames from 'classnames';
 
-import RoleIcon from '@/assets/icons/organization-role-feature.svg';
+import RoleIcon from '@/assets/icons/organization-role-feature.svg?react';
 import MultiSelect, { type Option } from '@/ds-components/Select/MultiSelect';
 import useSearchValues from '@/hooks/use-search-values';
 
 import Breakable from '../Breakable';
 import ThemedIcon from '../ThemedIcon';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type RoleOptionProps = {
   readonly title?: string;
diff --git a/packages/console/src/components/PaymentOverdueModal/index.tsx b/packages/console/src/components/PaymentOverdueModal/index.tsx
index 78029388510c..73e31ff27fe6 100644
--- a/packages/console/src/components/PaymentOverdueModal/index.tsx
+++ b/packages/console/src/components/PaymentOverdueModal/index.tsx
@@ -10,11 +10,11 @@ import FormField from '@/ds-components/FormField';
 import InlineNotification from '@/ds-components/InlineNotification';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useSubscribe from '@/hooks/use-subscribe';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import BillInfo from '../BillInfo';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function PaymentOverdueModal() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/components/PermissionsTable/index.tsx b/packages/console/src/components/PermissionsTable/index.tsx
index 3097491f369f..0a2b62fab26e 100644
--- a/packages/console/src/components/PermissionsTable/index.tsx
+++ b/packages/console/src/components/PermissionsTable/index.tsx
@@ -5,9 +5,9 @@ import { useState } from 'react';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 
-import Plus from '@/assets/icons/plus.svg';
-import PermissionsEmptyDark from '@/assets/images/permissions-empty-dark.svg';
-import PermissionsEmpty from '@/assets/images/permissions-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import PermissionsEmptyDark from '@/assets/images/permissions-empty-dark.svg?react';
+import PermissionsEmpty from '@/assets/images/permissions-empty.svg?react';
 import { ApiResourceDetailsTabs } from '@/consts/page-tabs';
 import Button from '@/ds-components/Button';
 import type { Props as PaginationProps } from '@/ds-components/Pagination';
@@ -24,7 +24,7 @@ import ActionsButton from '../ActionsButton';
 import EditScopeModal, { type EditScopeData } from '../EditScopeModal';
 import EmptyDataPlaceholder from '../EmptyDataPlaceholder';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type SearchProps = {
   keyword: string;
diff --git a/packages/console/src/components/PlanUsage/index.tsx b/packages/console/src/components/PlanUsage/index.tsx
index 96fb6345b54c..0a27d441c435 100644
--- a/packages/console/src/components/PlanUsage/index.tsx
+++ b/packages/console/src/components/PlanUsage/index.tsx
@@ -7,7 +7,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 import { formatPeriod } from '@/utils/subscription';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly subscriptionUsage: SubscriptionUsage;
diff --git a/packages/console/src/components/ProgressBar/index.tsx b/packages/console/src/components/ProgressBar/index.tsx
index 25af66bc8185..5977e5fc00e8 100644
--- a/packages/console/src/components/ProgressBar/index.tsx
+++ b/packages/console/src/components/ProgressBar/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly currentStep: number;
diff --git a/packages/console/src/components/QuotaGuardFooter/index.tsx b/packages/console/src/components/QuotaGuardFooter/index.tsx
index c5d57f0ded60..ecd9408dc3a8 100644
--- a/packages/console/src/components/QuotaGuardFooter/index.tsx
+++ b/packages/console/src/components/QuotaGuardFooter/index.tsx
@@ -3,7 +3,7 @@ import { type ReactNode } from 'react';
 import Button from '@/ds-components/Button';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/components/Region/index.tsx b/packages/console/src/components/Region/index.tsx
index 9a50cb97ed2e..ff4164aa88fc 100644
--- a/packages/console/src/components/Region/index.tsx
+++ b/packages/console/src/components/Region/index.tsx
@@ -1,7 +1,7 @@
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 // TODO: This is a copy from `@logto/cloud-models`, make a SSoT for this later
 export enum RegionName {
diff --git a/packages/console/src/components/RequestDataError/index.tsx b/packages/console/src/components/RequestDataError/index.tsx
index daed530f2c51..b0134d6f37ff 100644
--- a/packages/console/src/components/RequestDataError/index.tsx
+++ b/packages/console/src/components/RequestDataError/index.tsx
@@ -2,14 +2,14 @@ import { Theme } from '@logto/schemas';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import RequestErrorDarkImage from '@/assets/images/request-error-dark.svg';
-import RequestErrorImage from '@/assets/images/request-error.svg';
+import RequestErrorDarkImage from '@/assets/images/request-error-dark.svg?react';
+import RequestErrorImage from '@/assets/images/request-error.svg?react';
 import Button from '@/ds-components/Button';
 import Card from '@/ds-components/Card';
 import type { RequestError } from '@/hooks/use-api';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly error: RequestError;
diff --git a/packages/console/src/components/RoleAssignmentModal/index.tsx b/packages/console/src/components/RoleAssignmentModal/index.tsx
index cd2e9fed36b0..baa1056ecfe3 100644
--- a/packages/console/src/components/RoleAssignmentModal/index.tsx
+++ b/packages/console/src/components/RoleAssignmentModal/index.tsx
@@ -11,10 +11,10 @@ import DangerousRaw from '@/ds-components/DangerousRaw';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextLink from '@/ds-components/TextLink';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { getUserTitle } from '@/utils/user';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = (
   | {
diff --git a/packages/console/src/components/RoleIcon/index.tsx b/packages/console/src/components/RoleIcon/index.tsx
index 109143291134..878a790de51d 100644
--- a/packages/console/src/components/RoleIcon/index.tsx
+++ b/packages/console/src/components/RoleIcon/index.tsx
@@ -1,8 +1,8 @@
 import { Theme } from '@logto/schemas';
 import { type ReactNode } from 'react';
 
-import UserRoleIconDark from '@/assets/icons/role-feature-dark.svg';
-import UserRoleIcon from '@/assets/icons/role-feature.svg';
+import UserRoleIconDark from '@/assets/icons/role-feature-dark.svg?react';
+import UserRoleIcon from '@/assets/icons/role-feature.svg?react';
 import useTheme from '@/hooks/use-theme';
 
 const themeToRoleIcon = Object.freeze({
diff --git a/packages/console/src/components/RoleScopesTransfer/components/ResourceItem/index.tsx b/packages/console/src/components/RoleScopesTransfer/components/ResourceItem/index.tsx
index a0280753fbe4..ee93f79ce1ba 100644
--- a/packages/console/src/components/RoleScopesTransfer/components/ResourceItem/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/components/ResourceItem/index.tsx
@@ -3,8 +3,8 @@ import classNames from 'classnames';
 import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import CaretExpanded from '@/assets/icons/caret-expanded.svg';
-import CaretFolded from '@/assets/icons/caret-folded.svg';
+import CaretExpanded from '@/assets/icons/caret-expanded.svg?react';
+import CaretFolded from '@/assets/icons/caret-folded.svg?react';
 import Checkbox from '@/ds-components/Checkbox';
 import IconButton from '@/ds-components/IconButton';
 import { onKeyDownHandler } from '@/utils/a11y';
@@ -12,7 +12,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 import type { DetailedResourceResponse } from '../../types';
 import SourceScopeItem from '../SourceScopeItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly resource: DetailedResourceResponse;
diff --git a/packages/console/src/components/RoleScopesTransfer/components/SourceScopeItem/index.tsx b/packages/console/src/components/RoleScopesTransfer/components/SourceScopeItem/index.tsx
index 04f84802ae0d..869b746a28ae 100644
--- a/packages/console/src/components/RoleScopesTransfer/components/SourceScopeItem/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/components/SourceScopeItem/index.tsx
@@ -3,7 +3,7 @@ import type { ScopeResponse } from '@logto/schemas';
 import Checkbox from '@/ds-components/Checkbox';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly scope: ScopeResponse;
diff --git a/packages/console/src/components/RoleScopesTransfer/components/SourceScopesBox/index.tsx b/packages/console/src/components/RoleScopesTransfer/components/SourceScopesBox/index.tsx
index a67684e135cc..aea029d47b31 100644
--- a/packages/console/src/components/RoleScopesTransfer/components/SourceScopesBox/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/components/SourceScopesBox/index.tsx
@@ -7,16 +7,16 @@ import { useMemo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Search from '@/assets/icons/search.svg';
+import Search from '@/assets/icons/search.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import type { DetailedResourceResponse } from '@/components/RoleScopesTransfer/types';
 import TextInput from '@/ds-components/TextInput';
 import type { RequestError } from '@/hooks/use-api';
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import ResourceItem from '../ResourceItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly roleId?: string;
diff --git a/packages/console/src/components/RoleScopesTransfer/components/TargetScopeItem/index.tsx b/packages/console/src/components/RoleScopesTransfer/components/TargetScopeItem/index.tsx
index 65793d4f2f59..41fbec835aaf 100644
--- a/packages/console/src/components/RoleScopesTransfer/components/TargetScopeItem/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/components/TargetScopeItem/index.tsx
@@ -1,9 +1,9 @@
 import type { ScopeResponse } from '@logto/schemas';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly scope: ScopeResponse;
diff --git a/packages/console/src/components/RoleScopesTransfer/components/TargetScopesBox/index.tsx b/packages/console/src/components/RoleScopesTransfer/components/TargetScopesBox/index.tsx
index c7edebe25623..bc0319fdd906 100644
--- a/packages/console/src/components/RoleScopesTransfer/components/TargetScopesBox/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/components/TargetScopesBox/index.tsx
@@ -1,11 +1,11 @@
 import type { ScopeResponse } from '@logto/schemas';
 import { useTranslation } from 'react-i18next';
 
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import TargetScopeItem from '../TargetScopeItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly selectedScopes: ScopeResponse[];
diff --git a/packages/console/src/components/RoleScopesTransfer/index.tsx b/packages/console/src/components/RoleScopesTransfer/index.tsx
index 5baf6c1205eb..ce1610c9e574 100644
--- a/packages/console/src/components/RoleScopesTransfer/index.tsx
+++ b/packages/console/src/components/RoleScopesTransfer/index.tsx
@@ -1,11 +1,11 @@
 import type { ScopeResponse, RoleType } from '@logto/schemas';
 import classNames from 'classnames';
 
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import SourceScopesBox from './components/SourceScopesBox';
 import TargetScopesBox from './components/TargetScopesBox';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 /**
  * @deprecated Use `@/ds-component/DataTransferBox` instead.
diff --git a/packages/console/src/components/RolesTransfer/SourceRolesBox/SourceRoleItem/index.tsx b/packages/console/src/components/RolesTransfer/SourceRolesBox/SourceRoleItem/index.tsx
index c943633cc2eb..9a128849bdf3 100644
--- a/packages/console/src/components/RolesTransfer/SourceRolesBox/SourceRoleItem/index.tsx
+++ b/packages/console/src/components/RolesTransfer/SourceRolesBox/SourceRoleItem/index.tsx
@@ -5,7 +5,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import RoleInformation from '../../components/RoleInformation';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly role: RoleResponse;
diff --git a/packages/console/src/components/RolesTransfer/SourceRolesBox/index.tsx b/packages/console/src/components/RolesTransfer/SourceRolesBox/index.tsx
index 1da49e842e68..ccc485c37641 100644
--- a/packages/console/src/components/RolesTransfer/SourceRolesBox/index.tsx
+++ b/packages/console/src/components/RolesTransfer/SourceRolesBox/index.tsx
@@ -7,18 +7,18 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Search from '@/assets/icons/search.svg';
+import Search from '@/assets/icons/search.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import { defaultPageSize } from '@/consts';
 import Pagination from '@/ds-components/Pagination';
 import TextInput from '@/ds-components/TextInput';
 import type { RequestError } from '@/hooks/use-api';
 import useDebounce from '@/hooks/use-debounce';
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 import { buildUrl } from '@/utils/url';
 
 import SourceRoleItem from './SourceRoleItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly entityId: string;
diff --git a/packages/console/src/components/RolesTransfer/TargetRolesBox/TargetRoleItem/index.tsx b/packages/console/src/components/RolesTransfer/TargetRolesBox/TargetRoleItem/index.tsx
index af35c72caa12..ec1690c3e688 100644
--- a/packages/console/src/components/RolesTransfer/TargetRolesBox/TargetRoleItem/index.tsx
+++ b/packages/console/src/components/RolesTransfer/TargetRolesBox/TargetRoleItem/index.tsx
@@ -1,11 +1,11 @@
 import { type RoleResponse } from '@logto/schemas';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 
 import RoleInformation from '../../components/RoleInformation';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly role: RoleResponse;
diff --git a/packages/console/src/components/RolesTransfer/TargetRolesBox/index.tsx b/packages/console/src/components/RolesTransfer/TargetRolesBox/index.tsx
index ea9bcc2e4eaf..56c82584ca08 100644
--- a/packages/console/src/components/RolesTransfer/TargetRolesBox/index.tsx
+++ b/packages/console/src/components/RolesTransfer/TargetRolesBox/index.tsx
@@ -1,10 +1,10 @@
 import type { RoleResponse } from '@logto/schemas';
 import { useTranslation } from 'react-i18next';
 
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import TargetRoleItem from './TargetRoleItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly selectedRoles: RoleResponse[];
diff --git a/packages/console/src/components/RolesTransfer/components/RoleInformation/index.tsx b/packages/console/src/components/RolesTransfer/components/RoleInformation/index.tsx
index 4602f85758d2..93bd47512189 100644
--- a/packages/console/src/components/RolesTransfer/components/RoleInformation/index.tsx
+++ b/packages/console/src/components/RolesTransfer/components/RoleInformation/index.tsx
@@ -1,11 +1,11 @@
 import { RoleType, type ScopeResponse, isManagementApi, type RoleResponse } from '@logto/schemas';
 import useSWR from 'swr';
 
-import ManagementApiAccessFlag from '@/assets/icons/management-api-access.svg';
+import ManagementApiAccessFlag from '@/assets/icons/management-api-access.svg?react';
 import DynamicT from '@/ds-components/DynamicT';
 import { Tooltip } from '@/ds-components/Tip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly role: RoleResponse;
diff --git a/packages/console/src/components/RolesTransfer/index.tsx b/packages/console/src/components/RolesTransfer/index.tsx
index 152aa6fd41c4..c642f628959e 100644
--- a/packages/console/src/components/RolesTransfer/index.tsx
+++ b/packages/console/src/components/RolesTransfer/index.tsx
@@ -2,15 +2,15 @@ import { type RoleResponse, RoleType } from '@logto/schemas';
 import classNames from 'classnames';
 import { Trans, useTranslation } from 'react-i18next';
 
-import ManagementApiAccessFlag from '@/assets/icons/management-api-access.svg';
+import ManagementApiAccessFlag from '@/assets/icons/management-api-access.svg?react';
 import FormField from '@/ds-components/FormField';
 import InlineNotification from '@/ds-components/InlineNotification';
 import useUserPreferences from '@/hooks/use-user-preferences';
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import SourceRolesBox from './SourceRolesBox';
 import TargetRolesBox from './TargetRolesBox';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly entityId: string;
diff --git a/packages/console/src/components/SignInExperiencePreview/components/ToggleUiThemeButton/index.tsx b/packages/console/src/components/SignInExperiencePreview/components/ToggleUiThemeButton/index.tsx
index c0e9dbce37f4..ffc859394e81 100644
--- a/packages/console/src/components/SignInExperiencePreview/components/ToggleUiThemeButton/index.tsx
+++ b/packages/console/src/components/SignInExperiencePreview/components/ToggleUiThemeButton/index.tsx
@@ -1,12 +1,12 @@
 import { Theme } from '@logto/schemas';
 import classNames from 'classnames';
 
-import Moon from '@/assets/icons/moon.svg';
-import Sun from '@/assets/icons/sun.svg';
+import Moon from '@/assets/icons/moon.svg?react';
+import Sun from '@/assets/icons/sun.svg?react';
 import Button from '@/ds-components/Button';
 import type { Props as ButtonProps } from '@/ds-components/Button';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly value: Theme;
diff --git a/packages/console/src/components/SignInExperiencePreview/index.tsx b/packages/console/src/components/SignInExperiencePreview/index.tsx
index ef6ff41b2891..cf20714f359d 100644
--- a/packages/console/src/components/SignInExperiencePreview/index.tsx
+++ b/packages/console/src/components/SignInExperiencePreview/index.tsx
@@ -16,12 +16,12 @@ import {
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import PhoneInfo from '@/assets/images/phone-info.svg';
+import PhoneInfo from '@/assets/images/phone-info.svg?react';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import type { RequestError } from '@/hooks/use-api';
 import useUiLanguages from '@/hooks/use-ui-languages';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { PreviewPlatform } from './types';
 
 export { default as ToggleUiThemeButton } from './components/ToggleUiThemeButton';
diff --git a/packages/console/src/components/SubmitFormChangesActionBar/index.tsx b/packages/console/src/components/SubmitFormChangesActionBar/index.tsx
index 7cf92fab9de8..e1eeed147b12 100644
--- a/packages/console/src/components/SubmitFormChangesActionBar/index.tsx
+++ b/packages/console/src/components/SubmitFormChangesActionBar/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 
 import Button from '@/ds-components/Button';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/console/src/components/TemplateTable/index.tsx b/packages/console/src/components/TemplateTable/index.tsx
index ed7faa430f72..38e285a4e88e 100644
--- a/packages/console/src/components/TemplateTable/index.tsx
+++ b/packages/console/src/components/TemplateTable/index.tsx
@@ -3,14 +3,14 @@ import { useMemo } from 'react';
 import { type FieldPath, type FieldValues } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import CirclePlus from '@/assets/icons/circle-plus.svg';
-import Plus from '@/assets/icons/plus.svg';
+import CirclePlus from '@/assets/icons/circle-plus.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
 import Table from '@/ds-components/Table';
 import { type RowGroup, type Column } from '@/ds-components/Table/types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<TFieldValues extends FieldValues, TName extends FieldPath<TFieldValues>> = {
   /**
diff --git a/packages/console/src/components/TenantEnvTag/index.tsx b/packages/console/src/components/TenantEnvTag/index.tsx
index b6eab6b48e29..acf2b76999e8 100644
--- a/packages/console/src/components/TenantEnvTag/index.tsx
+++ b/packages/console/src/components/TenantEnvTag/index.tsx
@@ -4,7 +4,7 @@ import classNames from 'classnames';
 
 import DynamicT from '@/ds-components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tag: TenantTag;
diff --git a/packages/console/src/components/ThemedIcon/index.tsx b/packages/console/src/components/ThemedIcon/index.tsx
index b5dc9871b402..75f8a99f4ac5 100644
--- a/packages/console/src/components/ThemedIcon/index.tsx
+++ b/packages/console/src/components/ThemedIcon/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly for: SvgComponent;
diff --git a/packages/console/src/components/Topbar/ContactModal/hook.tsx b/packages/console/src/components/Topbar/ContactModal/hook.tsx
index a39258161ff0..c04e32de4bbe 100644
--- a/packages/console/src/components/Topbar/ContactModal/hook.tsx
+++ b/packages/console/src/components/Topbar/ContactModal/hook.tsx
@@ -1,13 +1,13 @@
 import type { AdminConsoleKey } from '@logto/phrases';
 import { Theme } from '@logto/schemas';
 
-import Calendar from '@/assets/icons/calendar.svg';
-import DiscordDark from '@/assets/icons/discord-dark.svg';
-import Discord from '@/assets/icons/discord.svg';
-import EmailDark from '@/assets/icons/email-dark.svg';
-import Email from '@/assets/icons/email.svg';
-import GithubDark from '@/assets/icons/github-dark.svg';
-import Github from '@/assets/icons/github.svg';
+import Calendar from '@/assets/icons/calendar.svg?react';
+import DiscordDark from '@/assets/icons/discord-dark.svg?react';
+import Discord from '@/assets/icons/discord.svg?react';
+import EmailDark from '@/assets/icons/email-dark.svg?react';
+import Email from '@/assets/icons/email.svg?react';
+import GithubDark from '@/assets/icons/github-dark.svg?react';
+import Github from '@/assets/icons/github.svg?react';
 import { contactEmailLink, discordLink, githubIssuesLink, reservationLink } from '@/consts';
 import useTheme from '@/hooks/use-theme';
 
diff --git a/packages/console/src/components/Topbar/ContactModal/index.tsx b/packages/console/src/components/Topbar/ContactModal/index.tsx
index 9e9fe42dd52a..6c2f87a179d3 100644
--- a/packages/console/src/components/Topbar/ContactModal/index.tsx
+++ b/packages/console/src/components/Topbar/ContactModal/index.tsx
@@ -3,10 +3,10 @@ import ReactModal from 'react-modal';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
 import ModalLayout from '@/ds-components/ModalLayout';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import { useContacts } from './hook';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx b/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx
index 714dc97d39a2..444f4ba4c6e6 100644
--- a/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx
+++ b/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx
@@ -2,7 +2,7 @@ import { TenantTag } from '@logto/schemas';
 import classNames from 'classnames';
 import { useContext, useMemo } from 'react';
 
-import Tick from '@/assets/icons/tick.svg';
+import Tick from '@/assets/icons/tick.svg?react';
 import { type TenantResponse } from '@/cloud/types/router';
 import PlanName from '@/components/PlanName';
 import TenantEnvTag from '@/components/TenantEnvTag';
@@ -11,7 +11,7 @@ import { DropdownItem } from '@/ds-components/Dropdown';
 import DynamicT from '@/ds-components/DynamicT';
 
 import TenantStatusTag from './TenantStatusTag';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tenantData: TenantResponse;
diff --git a/packages/console/src/components/Topbar/TenantSelector/TenantInvitationDropdownItem/index.tsx b/packages/console/src/components/Topbar/TenantSelector/TenantInvitationDropdownItem/index.tsx
index 47d59d639c63..8812f86b50f1 100644
--- a/packages/console/src/components/Topbar/TenantSelector/TenantInvitationDropdownItem/index.tsx
+++ b/packages/console/src/components/Topbar/TenantSelector/TenantInvitationDropdownItem/index.tsx
@@ -10,7 +10,7 @@ import TenantEnvTag from '@/components/TenantEnvTag';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly data: {
diff --git a/packages/console/src/components/Topbar/TenantSelector/index.tsx b/packages/console/src/components/Topbar/TenantSelector/index.tsx
index 2116d80046d3..f882a351fc11 100644
--- a/packages/console/src/components/Topbar/TenantSelector/index.tsx
+++ b/packages/console/src/components/Topbar/TenantSelector/index.tsx
@@ -2,8 +2,8 @@ import { OrganizationInvitationStatus } from '@logto/schemas';
 import { useContext, useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import KeyboardArrowDown from '@/assets/icons/keyboard-arrow-down.svg';
-import PlusSign from '@/assets/icons/plus.svg';
+import KeyboardArrowDown from '@/assets/icons/keyboard-arrow-down.svg?react';
+import PlusSign from '@/assets/icons/plus.svg?react';
 import { type TenantResponse } from '@/cloud/types/router';
 import CreateTenantModal from '@/components/CreateTenantModal';
 import TenantEnvTag from '@/components/TenantEnvTag';
@@ -17,7 +17,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import TenantDropdownItem from './TenantDropdownItem';
 import TenantInvitationDropdownItem from './TenantInvitationDropdownItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export default function TenantSelector() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/components/Topbar/UserInfo/SubMenu/index.tsx b/packages/console/src/components/Topbar/UserInfo/SubMenu/index.tsx
index d24c791c9a19..415ac6664657 100644
--- a/packages/console/src/components/Topbar/UserInfo/SubMenu/index.tsx
+++ b/packages/console/src/components/Topbar/UserInfo/SubMenu/index.tsx
@@ -2,8 +2,8 @@ import type { AdminConsoleKey } from '@logto/phrases';
 import classNames from 'classnames';
 import { type ReactNode, useCallback, useState, useRef } from 'react';
 
-import ArrowRight from '@/assets/icons/arrow-right.svg';
-import Tick from '@/assets/icons/tick.svg';
+import ArrowRight from '@/assets/icons/arrow-right.svg?react';
+import Tick from '@/assets/icons/tick.svg?react';
 import { DropdownItem } from '@/ds-components/Dropdown';
 import DynamicT from '@/ds-components/DynamicT';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
@@ -11,7 +11,7 @@ import type { Option } from '@/ds-components/Select';
 import Spacer from '@/ds-components/Spacer';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<T> = {
   readonly className?: string;
diff --git a/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.tsx b/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.tsx
index 5ce948b1c20c..6a3186a2a260 100644
--- a/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.tsx
+++ b/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function UserInfoSkeleton() {
   return (
diff --git a/packages/console/src/components/Topbar/UserInfo/index.tsx b/packages/console/src/components/Topbar/UserInfo/index.tsx
index 67dd709a2a9a..81519b3bf0fb 100644
--- a/packages/console/src/components/Topbar/UserInfo/index.tsx
+++ b/packages/console/src/components/Topbar/UserInfo/index.tsx
@@ -5,11 +5,11 @@ import classNames from 'classnames';
 import { useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import ExternalLinkIcon from '@/assets/icons/external-link.svg';
-import Globe from '@/assets/icons/globe.svg';
-import Palette from '@/assets/icons/palette.svg';
-import Profile from '@/assets/icons/profile.svg';
-import SignOut from '@/assets/icons/sign-out.svg';
+import ExternalLinkIcon from '@/assets/icons/external-link.svg?react';
+import Globe from '@/assets/icons/globe.svg?react';
+import Palette from '@/assets/icons/palette.svg?react';
+import Profile from '@/assets/icons/profile.svg?react';
+import SignOut from '@/assets/icons/sign-out.svg?react';
 import UserAvatar from '@/components/UserAvatar';
 import UserInfoCard from '@/components/UserInfoCard';
 import { isCloud } from '@/consts/env';
@@ -26,7 +26,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import SubMenu from './SubMenu';
 import UserInfoSkeleton from './UserInfoSkeleton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function UserInfo() {
   const { signOut } = useLogto();
diff --git a/packages/console/src/components/Topbar/index.module.scss b/packages/console/src/components/Topbar/index.module.scss
index 4946b7d325d3..0de21ef488c6 100644
--- a/packages/console/src/components/Topbar/index.module.scss
+++ b/packages/console/src/components/Topbar/index.module.scss
@@ -4,6 +4,7 @@
   flex: 0 0 64px;
   width: 100%;
   padding: 0 _.unit(6);
+  gap: _.unit(4);
   display: flex;
   align-items: center;
 
@@ -17,17 +18,12 @@
   .line {
     @include _.vertical-bar;
     height: 20px;
-    margin: 0 _.unit(5);
   }
 
   .text {
     font: var(--font-title-2);
     color: var(--color-text);
   }
-
-  > :not(:last-child) {
-    margin-right: _.unit(4);
-  }
 }
 
 .button {
diff --git a/packages/console/src/components/Topbar/index.tsx b/packages/console/src/components/Topbar/index.tsx
index dbce591d5865..15839e6b7dcb 100644
--- a/packages/console/src/components/Topbar/index.tsx
+++ b/packages/console/src/components/Topbar/index.tsx
@@ -3,11 +3,11 @@ import classNames from 'classnames';
 import { useEffect, useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import ContactIcon from '@/assets/icons/contact-us.svg';
-import CubeIcon from '@/assets/icons/cube.svg';
-import DocumentIcon from '@/assets/icons/document-nav-button.svg';
-import CloudLogo from '@/assets/images/cloud-logo.svg';
-import Logo from '@/assets/images/logo.svg';
+import ContactIcon from '@/assets/icons/contact-us.svg?react';
+import CubeIcon from '@/assets/icons/cube.svg?react';
+import DocumentIcon from '@/assets/icons/document-nav-button.svg?react';
+import CloudLogo from '@/assets/images/cloud-logo.svg?react';
+import Logo from '@/assets/images/logo.svg?react';
 import { githubReleasesLink } from '@/consts';
 import { isCloud } from '@/consts/env';
 import DynamicT from '@/ds-components/DynamicT';
@@ -20,7 +20,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 import ContactModal from './ContactModal';
 import TenantSelector from './TenantSelector';
 import UserInfo from './UserInfo';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { currentVersion, isGreaterThanCurrentVersion } from './utils';
 
 type Props = {
diff --git a/packages/console/src/components/UnsavedChangesAlertModal/index.tsx b/packages/console/src/components/UnsavedChangesAlertModal/index.tsx
index b1674b23bbee..dea58bd9c0b7 100644
--- a/packages/console/src/components/UnsavedChangesAlertModal/index.tsx
+++ b/packages/console/src/components/UnsavedChangesAlertModal/index.tsx
@@ -1,6 +1,6 @@
 import { useEffect } from 'react';
 import { useTranslation } from 'react-i18next';
-import { unstable_useBlocker as useBlocker, useLocation } from 'react-router-dom';
+import { useBlocker, useLocation } from 'react-router-dom';
 
 import ConfirmModal from '@/ds-components/ConfirmModal';
 
diff --git a/packages/console/src/components/UserAccountInformation/index.tsx b/packages/console/src/components/UserAccountInformation/index.tsx
index 4d7eeaec2e98..adea73a1d6bd 100644
--- a/packages/console/src/components/UserAccountInformation/index.tsx
+++ b/packages/console/src/components/UserAccountInformation/index.tsx
@@ -6,13 +6,13 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 
-import Eye from '@/assets/icons/eye.svg';
+import Eye from '@/assets/icons/eye.svg?react';
 import Button from '@/ds-components/Button';
 import IconButton from '@/ds-components/IconButton';
 import ModalLayout from '@/ds-components/ModalLayout';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly user: UserProfileResponse;
diff --git a/packages/console/src/components/UserAvatar/index.tsx b/packages/console/src/components/UserAvatar/index.tsx
index f13c92da4945..71c7c9df0e87 100644
--- a/packages/console/src/components/UserAvatar/index.tsx
+++ b/packages/console/src/components/UserAvatar/index.tsx
@@ -4,11 +4,11 @@ import { conditional } from '@silverhand/essentials';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import DefaultAvatar from '@/assets/images/default-avatar.svg';
+import DefaultAvatar from '@/assets/images/default-avatar.svg?react';
 import ImageWithErrorFallback from '@/ds-components/ImageWithErrorFallback';
 import { Tooltip } from '@/ds-components/Tip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type UserInfo = Pick<User, 'name' | 'username' | 'avatar' | 'primaryEmail' | 'primaryPhone'>;
 
diff --git a/packages/console/src/components/UserInfoCard/index.tsx b/packages/console/src/components/UserInfoCard/index.tsx
index e3f535f1fdd7..ff25ee2c2a7d 100644
--- a/packages/console/src/components/UserInfoCard/index.tsx
+++ b/packages/console/src/components/UserInfoCard/index.tsx
@@ -5,7 +5,7 @@ import { useTranslation } from 'react-i18next';
 
 import UserAvatar from '../UserAvatar';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/components/UserName/index.tsx b/packages/console/src/components/UserName/index.tsx
index 97df6142be0b..3a5e00e8ab15 100644
--- a/packages/console/src/components/UserName/index.tsx
+++ b/packages/console/src/components/UserName/index.tsx
@@ -14,7 +14,7 @@ import { getUserTitle } from '@/utils/user';
 
 import UserAvatar from '../UserAvatar';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly userId: string;
diff --git a/packages/console/src/components/VerificationCodeInput/index.tsx b/packages/console/src/components/VerificationCodeInput/index.tsx
index fc11b7d0bc0e..d8e667d21c34 100644
--- a/packages/console/src/components/VerificationCodeInput/index.tsx
+++ b/packages/console/src/components/VerificationCodeInput/index.tsx
@@ -1,7 +1,7 @@
 import type { FormEventHandler, KeyboardEventHandler, ClipboardEventHandler } from 'react';
 import { useMemo, useRef, useCallback, useEffect } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export const defaultLength = 6;
 
diff --git a/packages/console/src/consts/applications.ts b/packages/console/src/consts/applications.ts
index 537e21fabeef..73c936d0afb5 100644
--- a/packages/console/src/consts/applications.ts
+++ b/packages/console/src/consts/applications.ts
@@ -1,15 +1,15 @@
 import { ApplicationType } from '@logto/schemas';
 
-import MachineToMachineDark from '@/assets/icons/machine-to-machine-dark.svg';
-import MachineToMachine from '@/assets/icons/machine-to-machine.svg';
-import NativeAppDark from '@/assets/icons/native-app-dark.svg';
-import NativeApp from '@/assets/icons/native-app.svg';
-import ProtectedAppDark from '@/assets/icons/protected-app-dark.svg';
-import ProtectedApp from '@/assets/icons/protected-app.svg';
-import SinglePageAppDark from '@/assets/icons/single-page-app-dark.svg';
-import SinglePageApp from '@/assets/icons/single-page-app.svg';
-import TraditionalWebAppDark from '@/assets/icons/traditional-web-app-dark.svg';
-import TraditionalWebApp from '@/assets/icons/traditional-web-app.svg';
+import MachineToMachineDark from '@/assets/icons/machine-to-machine-dark.svg?react';
+import MachineToMachine from '@/assets/icons/machine-to-machine.svg?react';
+import NativeAppDark from '@/assets/icons/native-app-dark.svg?react';
+import NativeApp from '@/assets/icons/native-app.svg?react';
+import ProtectedAppDark from '@/assets/icons/protected-app-dark.svg?react';
+import ProtectedApp from '@/assets/icons/protected-app.svg?react';
+import SinglePageAppDark from '@/assets/icons/single-page-app-dark.svg?react';
+import SinglePageApp from '@/assets/icons/single-page-app.svg?react';
+import TraditionalWebAppDark from '@/assets/icons/traditional-web-app-dark.svg?react';
+import TraditionalWebApp from '@/assets/icons/traditional-web-app.svg?react';
 
 type ApplicationIconMap = {
   [key in ApplicationType]: SvgComponent;
@@ -31,6 +31,6 @@ export const darkModeApplicationIconMap: ApplicationIconMap = Object.freeze({
   [ApplicationType.Protected]: ProtectedAppDark,
 } as const);
 
-export { default as thirdPartyApplicationIconDark } from '@/assets/icons/third-party-app-dark.svg';
+export { default as thirdPartyApplicationIconDark } from '@/assets/icons/third-party-app-dark.svg?react';
 
-export { default as thirdPartyApplicationIcon } from '@/assets/icons/third-party-app.svg';
+export { default as thirdPartyApplicationIcon } from '@/assets/icons/third-party-app.svg?react';
diff --git a/packages/console/src/consts/connectors.ts b/packages/console/src/consts/connectors.ts
index 5fed12d1bac4..cf979142eb8d 100644
--- a/packages/console/src/consts/connectors.ts
+++ b/packages/console/src/consts/connectors.ts
@@ -1,8 +1,8 @@
 import type { AdminConsoleKey } from '@logto/phrases';
 import { ConnectorPlatform, ConnectorType } from '@logto/schemas';
 
-import EmailConnector from '@/assets/icons/connector-email.svg';
-import SmsConnectorIcon from '@/assets/icons/connector-sms.svg';
+import EmailConnector from '@/assets/icons/connector-email.svg?react';
+import SmsConnectorIcon from '@/assets/icons/connector-sms.svg?react';
 import type { ConnectorGroup } from '@/types/connector';
 
 type TitlePlaceHolder = {
diff --git a/packages/console/src/consts/env.ts b/packages/console/src/consts/env.ts
index 7b26d4d598bd..f8239c099b38 100644
--- a/packages/console/src/consts/env.ts
+++ b/packages/console/src/consts/env.ts
@@ -2,11 +2,14 @@ import { yes } from '@silverhand/essentials';
 
 import { storageKeys } from './storage';
 
-const isProduction = process.env.NODE_ENV === 'production';
-export const isCloud = yes(process.env.IS_CLOUD);
-export const adminEndpoint = process.env.ADMIN_ENDPOINT;
+export const normalizeEnv = (value: unknown) =>
+  value === null || value === undefined ? undefined : String(value);
+
+const isProduction = import.meta.env.PROD;
+export const isCloud = yes(normalizeEnv(import.meta.env.IS_CLOUD));
+export const adminEndpoint = normalizeEnv(import.meta.env.ADMIN_ENDPOINT);
 
 export const isDevFeaturesEnabled =
   !isProduction ||
-  yes(process.env.DEV_FEATURES_ENABLED) ||
+  yes(normalizeEnv(import.meta.env.DEV_FEATURES_ENABLED)) ||
   yes(localStorage.getItem(storageKeys.isDevFeaturesEnabled));
diff --git a/packages/console/src/containers/AppContent/TenantNotificationContainer/CreateProductionTenantBanner/index.tsx b/packages/console/src/containers/AppContent/TenantNotificationContainer/CreateProductionTenantBanner/index.tsx
index 87816b000b85..7138165f2767 100644
--- a/packages/console/src/containers/AppContent/TenantNotificationContainer/CreateProductionTenantBanner/index.tsx
+++ b/packages/console/src/containers/AppContent/TenantNotificationContainer/CreateProductionTenantBanner/index.tsx
@@ -8,7 +8,7 @@ import CreateTenantModal from '@/components/CreateTenantModal';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import TextLink from '@/ds-components/TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function CreateProductionTenantBanner() {
   const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
diff --git a/packages/console/src/containers/AppContent/TenantNotificationContainer/TenantEnvMigrationModal/index.tsx b/packages/console/src/containers/AppContent/TenantNotificationContainer/TenantEnvMigrationModal/index.tsx
index 0260408c2c39..b55363ac1d7e 100644
--- a/packages/console/src/containers/AppContent/TenantNotificationContainer/TenantEnvMigrationModal/index.tsx
+++ b/packages/console/src/containers/AppContent/TenantNotificationContainer/TenantEnvMigrationModal/index.tsx
@@ -4,9 +4,9 @@ import Confetti from 'react-confetti';
 import { Trans, useTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 
-import CongratsDark from '@/assets/images/congrats-dark.svg';
-import Congrats from '@/assets/images/congrats.svg';
-import Fireworks from '@/assets/images/tenant-modal-fireworks.svg';
+import CongratsDark from '@/assets/images/congrats-dark.svg?react';
+import Congrats from '@/assets/images/congrats.svg?react';
+import Fireworks from '@/assets/images/tenant-modal-fireworks.svg?react';
 import { envTagsFeatureLink } from '@/consts';
 import Button, { LinkButton } from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
@@ -14,9 +14,9 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import useConfigs from '@/hooks/use-configs';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
 import useTheme from '@/hooks/use-theme';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 /**
  * This modal is used to notify the user that the tenant env has been migrated.
diff --git a/packages/console/src/containers/AppContent/TenantSuspendedPage/index.tsx b/packages/console/src/containers/AppContent/TenantSuspendedPage/index.tsx
index 0aabc7ef4573..9a3bf7cbbd14 100644
--- a/packages/console/src/containers/AppContent/TenantSuspendedPage/index.tsx
+++ b/packages/console/src/containers/AppContent/TenantSuspendedPage/index.tsx
@@ -1,13 +1,13 @@
 import { Theme } from '@logto/schemas';
 
-import ErrorDark from '@/assets/images/error-dark.svg';
-import Error from '@/assets/images/error.svg';
+import ErrorDark from '@/assets/images/error-dark.svg?react';
+import Error from '@/assets/images/error.svg?react';
 import { contactEmailLink } from '@/consts';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function TenantSuspendedPage() {
   const theme = useTheme();
diff --git a/packages/console/src/containers/AppContent/index.tsx b/packages/console/src/containers/AppContent/index.tsx
index 57d738306dd4..8722f0381bb1 100644
--- a/packages/console/src/containers/AppContent/index.tsx
+++ b/packages/console/src/containers/AppContent/index.tsx
@@ -16,7 +16,7 @@ import { useSidebarMenuItems } from '../ConsoleContent/Sidebar/hook';
 
 import TenantNotificationContainer from './TenantNotificationContainer';
 import TenantSuspendedPage from './TenantSuspendedPage';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type AppContentOutletContext } from './types';
 
 export default function AppContent() {
diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/components/Item/index.tsx b/packages/console/src/containers/ConsoleContent/Sidebar/components/Item/index.tsx
index 09141752225d..641d1e1c978d 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/components/Item/index.tsx
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/components/Item/index.tsx
@@ -7,7 +7,7 @@ import { Link } from 'react-router-dom';
 
 import { getPath } from '../../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly icon?: ReactNode;
diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/components/Section/index.tsx b/packages/console/src/containers/ConsoleContent/Sidebar/components/Section/index.tsx
index ef4315af6c9e..3420e9cdd3d3 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/components/Section/index.tsx
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/components/Section/index.tsx
@@ -1,6 +1,6 @@
 import type { ReactNode } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: string;
diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/hook.tsx b/packages/console/src/containers/ConsoleContent/Sidebar/hook.tsx
index 1b539c622c0e..1cce6cae3f75 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/hook.tsx
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/hook.tsx
@@ -2,23 +2,23 @@ import { type Optional } from '@silverhand/essentials';
 import type { TFuncKey } from 'i18next';
 import type { FC, ReactNode } from 'react';
 
-import BarGraph from '@/assets/icons/bar-graph.svg';
-import Bolt from '@/assets/icons/bolt.svg';
-import Box from '@/assets/icons/box.svg';
-import Connection from '@/assets/icons/connection.svg';
-import Gear from '@/assets/icons/gear.svg';
-import Hook from '@/assets/icons/hook.svg';
-import JwtClaims from '@/assets/icons/jwt-claims.svg';
-import Key from '@/assets/icons/key.svg';
-import List from '@/assets/icons/list.svg';
-import OrganizationTemplate from '@/assets/icons/organization-template-feature.svg';
-import Organization from '@/assets/icons/organization.svg';
-import UserProfile from '@/assets/icons/profile.svg';
-import ResourceIcon from '@/assets/icons/resource.svg';
-import Role from '@/assets/icons/role.svg';
-import SecurityLock from '@/assets/icons/security-lock.svg';
-import EnterpriseSso from '@/assets/icons/single-sign-on.svg';
-import Web from '@/assets/icons/web.svg';
+import BarGraph from '@/assets/icons/bar-graph.svg?react';
+import Bolt from '@/assets/icons/bolt.svg?react';
+import Box from '@/assets/icons/box.svg?react';
+import Connection from '@/assets/icons/connection.svg?react';
+import Gear from '@/assets/icons/gear.svg?react';
+import Hook from '@/assets/icons/hook.svg?react';
+import JwtClaims from '@/assets/icons/jwt-claims.svg?react';
+import Key from '@/assets/icons/key.svg?react';
+import List from '@/assets/icons/list.svg?react';
+import OrganizationTemplate from '@/assets/icons/organization-template-feature.svg?react';
+import Organization from '@/assets/icons/organization.svg?react';
+import UserProfile from '@/assets/icons/profile.svg?react';
+import ResourceIcon from '@/assets/icons/resource.svg?react';
+import Role from '@/assets/icons/role.svg?react';
+import SecurityLock from '@/assets/icons/security-lock.svg?react';
+import EnterpriseSso from '@/assets/icons/single-sign-on.svg?react';
+import Web from '@/assets/icons/web.svg?react';
 import { isCloud } from '@/consts/env';
 
 type SidebarItem = {
diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss b/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
index c0d8e7ab7355..117802ee4db6 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
@@ -6,3 +6,9 @@
   margin-bottom: _.unit(6);
   flex-shrink: 0;
 }
+
+.skeleton {
+  @include _.shimmering-animation;
+  width: 248px;
+  height: 100%;
+}
diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/index.tsx b/packages/console/src/containers/ConsoleContent/Sidebar/index.tsx
index 3cb525f7f59d..b1a8a33dbe09 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/index.tsx
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/index.tsx
@@ -6,9 +6,13 @@ import useMatchTenantPath from '@/hooks/use-tenant-pathname';
 import Item from './components/Item';
 import Section from './components/Section';
 import { useSidebarMenuItems } from './hook';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { getPath } from './utils';
 
+export function Skeleton() {
+  return <div className={styles.skeleton} />;
+}
+
 function Sidebar() {
   const { t } = useTranslation(undefined, {
     keyPrefix: 'admin_console.tab_sections',
diff --git a/packages/console/src/containers/ConsoleContent/index.module.scss b/packages/console/src/containers/ConsoleContent/index.module.scss
index 4f2b34bea11f..81b2977908df 100644
--- a/packages/console/src/containers/ConsoleContent/index.module.scss
+++ b/packages/console/src/containers/ConsoleContent/index.module.scss
@@ -15,12 +15,12 @@
   height: 100%;
   padding: 0 _.unit(6) 0 _.unit(2);
 
-  > * {
+  > :not(svg) {
     @include _.main-content-width;
   }
 
   // App Insights wrapper on cloud env prevents the CSS assignment to direct children
-  [class='appInsightsWrapper'] > * {
+  [class='appInsightsWrapper'] > :not(svg) {
     @include _.main-content-width;
   }
 }
@@ -31,3 +31,10 @@
   bottom: _.unit(3);
   left: _.unit(4);
 }
+
+.daisy {
+  position: absolute;
+  left: 50%;
+  top: 50%;
+  transform: translate(-50%, -50%);
+}
diff --git a/packages/console/src/containers/ConsoleContent/index.tsx b/packages/console/src/containers/ConsoleContent/index.tsx
index 8deffe847f72..49ff99674704 100644
--- a/packages/console/src/containers/ConsoleContent/index.tsx
+++ b/packages/console/src/containers/ConsoleContent/index.tsx
@@ -1,16 +1,20 @@
+import { lazy, Suspense } from 'react';
 import { useOutletContext, useRoutes } from 'react-router-dom';
 
 import { isDevFeaturesEnabled } from '@/consts/env';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
+import { Daisy } from '@/ds-components/Spinner';
 import Tag from '@/ds-components/Tag';
 import { useConsoleRoutes } from '@/hooks/use-console-routes';
 import { usePlausiblePageview } from '@/hooks/use-plausible-pageview';
 
 import type { AppContentOutletContext } from '../AppContent/types';
 
-import Sidebar from './Sidebar';
+import { Skeleton } from './Sidebar';
 import useTenantScopeListener from './hooks';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
+
+const Sidebar = lazy(async () => import('./Sidebar'));
 
 function ConsoleContent() {
   const { scrollableContent } = useOutletContext<AppContentOutletContext>();
@@ -23,10 +27,12 @@ function ConsoleContent() {
 
   return (
     <div className={styles.content}>
-      <Sidebar />
+      <Suspense fallback={<Skeleton />}>
+        <Sidebar />
+      </Suspense>
       <OverlayScrollbar className={styles.overlayScrollbarWrapper}>
         <div ref={scrollableContent} className={styles.main}>
-          {routes}
+          <Suspense fallback={<Daisy className={styles.daisy} />}>{routes}</Suspense>
         </div>
       </OverlayScrollbar>
       {isDevFeaturesEnabled && (
diff --git a/packages/console/src/contexts/AppThemeProvider/index.tsx b/packages/console/src/contexts/AppThemeProvider/index.tsx
index bd3e6990aa4d..fa9f2af0560d 100644
--- a/packages/console/src/contexts/AppThemeProvider/index.tsx
+++ b/packages/console/src/contexts/AppThemeProvider/index.tsx
@@ -1,5 +1,5 @@
 import { Theme } from '@logto/schemas';
-import { conditionalString, noop, trySafe } from '@silverhand/essentials';
+import { condArray, noop, trySafe } from '@silverhand/essentials';
 import type { ReactNode } from 'react';
 import { useEffect, useMemo, useState, createContext } from 'react';
 
@@ -7,7 +7,7 @@ import { storageKeys } from '@/consts';
 import type { AppearanceMode } from '@/types/appearance-mode';
 import { appearanceModeGuard, DynamicAppearanceMode } from '@/types/appearance-mode';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
@@ -78,8 +78,8 @@ export function AppThemeProvider({ children }: Props) {
 
   // Set Theme Mode
   useEffect(() => {
-    document.body.classList.remove(conditionalString(styles.light), conditionalString(styles.dark));
-    document.body.classList.add(conditionalString(styles[theme]));
+    document.body.classList.remove(...condArray(styles.light, styles.dark));
+    document.body.classList.add(...condArray(styles[theme]));
   }, [theme]);
 
   const context = useMemo<Context>(
diff --git a/packages/console/src/ds-components/ActionMenu/index.tsx b/packages/console/src/ds-components/ActionMenu/index.tsx
index b9641dc167fa..03ba6ec9b05f 100644
--- a/packages/console/src/ds-components/ActionMenu/index.tsx
+++ b/packages/console/src/ds-components/ActionMenu/index.tsx
@@ -9,7 +9,7 @@ import Button from '../Button';
 import Dropdown from '../Dropdown';
 import IconButton from '../IconButton';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export { default as ActionMenuItem } from '../Dropdown/DropdownItem';
 
diff --git a/packages/console/src/ds-components/Button/index.tsx b/packages/console/src/ds-components/Button/index.tsx
index bb94c797002c..5d7949090cae 100644
--- a/packages/console/src/ds-components/Button/index.tsx
+++ b/packages/console/src/ds-components/Button/index.tsx
@@ -11,7 +11,7 @@ import { isAbsoluteUrl } from '@/utils/url';
 import type DangerousRaw from '../DangerousRaw';
 import DynamicT from '../DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type ButtonType =
   | 'primary'
diff --git a/packages/console/src/ds-components/Card/index.tsx b/packages/console/src/ds-components/Card/index.tsx
index 220f2b6e9b92..bdc7f643fffc 100644
--- a/packages/console/src/ds-components/Card/index.tsx
+++ b/packages/console/src/ds-components/Card/index.tsx
@@ -2,7 +2,7 @@ import classNames from 'classnames';
 import type { Ref, ReactNode } from 'react';
 import { forwardRef } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/ds-components/CardTitle/index.tsx b/packages/console/src/ds-components/CardTitle/index.tsx
index a9d5d2b05546..2ed4d7f4cb49 100644
--- a/packages/console/src/ds-components/CardTitle/index.tsx
+++ b/packages/console/src/ds-components/CardTitle/index.tsx
@@ -12,7 +12,7 @@ import type DangerousRaw from '../DangerousRaw';
 import DynamicT from '../DynamicT';
 import TextLink from '../TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly title: AdminConsoleKey | ReactElement<typeof DangerousRaw>;
diff --git a/packages/console/src/ds-components/Checkbox/CategorizedCheckboxGroup/index.tsx b/packages/console/src/ds-components/Checkbox/CategorizedCheckboxGroup/index.tsx
index 1f07557df051..c0f68c2c7e7b 100644
--- a/packages/console/src/ds-components/Checkbox/CategorizedCheckboxGroup/index.tsx
+++ b/packages/console/src/ds-components/Checkbox/CategorizedCheckboxGroup/index.tsx
@@ -5,7 +5,7 @@ import DynamicT from '@/ds-components/DynamicT';
 
 import CheckboxGroup, { type Option } from '../CheckboxGroup';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type CheckboxOptionGroup<T> = {
   title: AdminConsoleKey;
diff --git a/packages/console/src/ds-components/Checkbox/Checkbox/index.tsx b/packages/console/src/ds-components/Checkbox/Checkbox/index.tsx
index 954aa3634326..52a998d71b46 100644
--- a/packages/console/src/ds-components/Checkbox/Checkbox/index.tsx
+++ b/packages/console/src/ds-components/Checkbox/Checkbox/index.tsx
@@ -5,7 +5,7 @@ import { useLayoutEffect, useState } from 'react';
 import { Tooltip } from '@/ds-components/Tip';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   /* eslint-disable react/boolean-prop-naming */
diff --git a/packages/console/src/ds-components/Checkbox/CheckboxGroup/index.tsx b/packages/console/src/ds-components/Checkbox/CheckboxGroup/index.tsx
index faeb433559a1..aff83f336163 100644
--- a/packages/console/src/ds-components/Checkbox/CheckboxGroup/index.tsx
+++ b/packages/console/src/ds-components/Checkbox/CheckboxGroup/index.tsx
@@ -6,7 +6,7 @@ import DynamicT from '@/ds-components/DynamicT';
 
 import Checkbox from '../Checkbox';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Option<T> = {
   title?: AdminConsoleKey;
diff --git a/packages/console/src/ds-components/CodeEditor/index.tsx b/packages/console/src/ds-components/CodeEditor/index.tsx
index 45d03d307fee..ffbbe8d50dd9 100644
--- a/packages/console/src/ds-components/CodeEditor/index.tsx
+++ b/packages/console/src/ds-components/CodeEditor/index.tsx
@@ -7,7 +7,7 @@ import { a11yDark as a11yDarkTheme } from 'react-syntax-highlighter/dist/esm/sty
 
 import CopyToClipboard from '../CopyToClipboard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { lineNumberContainerStyle, lineNumberStyle, customStyle } from './utils';
 
 type Props = {
diff --git a/packages/console/src/ds-components/ColorPicker/index.tsx b/packages/console/src/ds-components/ColorPicker/index.tsx
index f8d430233de6..d3c6a19c7185 100644
--- a/packages/console/src/ds-components/ColorPicker/index.tsx
+++ b/packages/console/src/ds-components/ColorPicker/index.tsx
@@ -6,7 +6,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import Dropdown from '../Dropdown';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly name?: string;
diff --git a/packages/console/src/ds-components/ConfirmModal/index.tsx b/packages/console/src/ds-components/ConfirmModal/index.tsx
index 4e18211c9050..9fe550ef6c91 100644
--- a/packages/console/src/ds-components/ConfirmModal/index.tsx
+++ b/packages/console/src/ds-components/ConfirmModal/index.tsx
@@ -5,13 +5,13 @@ import ReactModal from 'react-modal';
 
 import type { ButtonType } from '@/ds-components/Button';
 import Button from '@/ds-components/Button';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import type DangerousRaw from '../DangerousRaw';
 import ModalLayout from '../ModalLayout';
 import type { Props as ModalLayoutProps } from '../ModalLayout';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type ConfirmModalProps = {
   readonly children: ReactNode;
diff --git a/packages/console/src/ds-components/CopyToClipboard/index.tsx b/packages/console/src/ds-components/CopyToClipboard/index.tsx
index 03314fdf7f80..962ff8406e90 100644
--- a/packages/console/src/ds-components/CopyToClipboard/index.tsx
+++ b/packages/console/src/ds-components/CopyToClipboard/index.tsx
@@ -12,15 +12,15 @@ import {
 } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Copy from '@/assets/icons/copy.svg';
-import EyeClosed from '@/assets/icons/eye-closed.svg';
-import Eye from '@/assets/icons/eye.svg';
+import Copy from '@/assets/icons/copy.svg?react';
+import EyeClosed from '@/assets/icons/eye-closed.svg?react';
+import Eye from '@/assets/icons/eye.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 
 import IconButton from '../IconButton';
 import { Tooltip } from '../Tip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly value: string;
diff --git a/packages/console/src/ds-components/DataTransferBox/SourceDataItem/index.tsx b/packages/console/src/ds-components/DataTransferBox/SourceDataItem/index.tsx
index fa2a7d361531..3ebea6853c2a 100644
--- a/packages/console/src/ds-components/DataTransferBox/SourceDataItem/index.tsx
+++ b/packages/console/src/ds-components/DataTransferBox/SourceDataItem/index.tsx
@@ -3,7 +3,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import type { DataEntry } from '../type';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<TEntry extends DataEntry> = {
   readonly data: TEntry;
diff --git a/packages/console/src/ds-components/DataTransferBox/SourceGroupItem/index.tsx b/packages/console/src/ds-components/DataTransferBox/SourceGroupItem/index.tsx
index 48148afa5852..da53f98dede3 100644
--- a/packages/console/src/ds-components/DataTransferBox/SourceGroupItem/index.tsx
+++ b/packages/console/src/ds-components/DataTransferBox/SourceGroupItem/index.tsx
@@ -2,8 +2,8 @@ import classNames from 'classnames';
 import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import CaretExpanded from '@/assets/icons/caret-expanded.svg';
-import CaretFolded from '@/assets/icons/caret-folded.svg';
+import CaretExpanded from '@/assets/icons/caret-expanded.svg?react';
+import CaretFolded from '@/assets/icons/caret-folded.svg?react';
 import Checkbox from '@/ds-components/Checkbox';
 import IconButton from '@/ds-components/IconButton';
 import { onKeyDownHandler } from '@/utils/a11y';
@@ -11,7 +11,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 import SourceDataItem from '../SourceDataItem';
 import { type DataEntry, type DataGroup, type SelectedDataEntry } from '../type';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<TEntry extends DataEntry> = {
   readonly dataGroup: DataGroup<TEntry>;
diff --git a/packages/console/src/ds-components/DataTransferBox/SourcePanel/index.tsx b/packages/console/src/ds-components/DataTransferBox/SourcePanel/index.tsx
index 11c73f0cb871..b26923397fe9 100644
--- a/packages/console/src/ds-components/DataTransferBox/SourcePanel/index.tsx
+++ b/packages/console/src/ds-components/DataTransferBox/SourcePanel/index.tsx
@@ -2,16 +2,16 @@ import classNames from 'classnames';
 import { useState, type ChangeEvent, useCallback, useMemo } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Search from '@/assets/icons/search.svg';
+import Search from '@/assets/icons/search.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import TextInput from '@/ds-components/TextInput';
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import SourceDataItem from '../SourceDataItem';
 import SourceGroupItem from '../SourceGroupItem';
 import { type DataEntry, type DataGroup, type SelectedDataEntry } from '../type';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const appendUnique = <T extends DataEntry>(list: T[], items: T | T[]) => {
   const newEntries = Array.isArray(items) ? items : [items];
diff --git a/packages/console/src/ds-components/DataTransferBox/TargetDataItem/index.tsx b/packages/console/src/ds-components/DataTransferBox/TargetDataItem/index.tsx
index 4dad5d979b33..69b8417f4102 100644
--- a/packages/console/src/ds-components/DataTransferBox/TargetDataItem/index.tsx
+++ b/packages/console/src/ds-components/DataTransferBox/TargetDataItem/index.tsx
@@ -1,9 +1,9 @@
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 
 import { type DataEntry, type SelectedDataEntry } from '../type';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<TEntry extends DataEntry> = {
   readonly data: SelectedDataEntry<TEntry>;
diff --git a/packages/console/src/ds-components/DataTransferBox/TargetPanel/index.tsx b/packages/console/src/ds-components/DataTransferBox/TargetPanel/index.tsx
index 75a9381d4985..3637fbae170d 100644
--- a/packages/console/src/ds-components/DataTransferBox/TargetPanel/index.tsx
+++ b/packages/console/src/ds-components/DataTransferBox/TargetPanel/index.tsx
@@ -1,12 +1,12 @@
 import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import TargetDataItem from '../TargetDataItem';
 import { type DataEntry, type SelectedDataEntry } from '../type';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<TEntry extends DataEntry> = {
   readonly selectedData: Array<SelectedDataEntry<TEntry>>;
diff --git a/packages/console/src/ds-components/DataTransferBox/index.tsx b/packages/console/src/ds-components/DataTransferBox/index.tsx
index 1bf6266f97a3..85bfb843d25f 100644
--- a/packages/console/src/ds-components/DataTransferBox/index.tsx
+++ b/packages/console/src/ds-components/DataTransferBox/index.tsx
@@ -3,13 +3,13 @@ import classNames from 'classnames';
 import { type ReactElement } from 'react';
 
 import FormField from '@/ds-components/FormField';
-import * as transferLayout from '@/scss/transfer.module.scss';
+import transferLayout from '@/scss/transfer.module.scss';
 
 import type DangerousRaw from '../DangerousRaw';
 
 import SourcePanel from './SourcePanel';
 import TargetPanel from './TargetPanel';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type DataEntry, type DataGroup, type SelectedDataEntry } from './type';
 
 /**
diff --git a/packages/console/src/ds-components/Divider/index.tsx b/packages/console/src/ds-components/Divider/index.tsx
index 2b3e8077c2fa..2305bde70876 100644
--- a/packages/console/src/ds-components/Divider/index.tsx
+++ b/packages/console/src/ds-components/Divider/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/ds-components/DragDrop/DragDropProvider.tsx b/packages/console/src/ds-components/DragDrop/DragDropProvider.tsx
index 829c81799d93..4f430ff81413 100644
--- a/packages/console/src/ds-components/DragDrop/DragDropProvider.tsx
+++ b/packages/console/src/ds-components/DragDrop/DragDropProvider.tsx
@@ -4,7 +4,7 @@ import { createContext, useMemo, useState } from 'react';
 import { DndProvider } from 'react-dnd';
 import { HTML5Backend } from 'react-dnd-html5-backend';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/ds-components/Dropdown/DropdownItem.tsx b/packages/console/src/ds-components/Dropdown/DropdownItem.tsx
index 906b43d8978f..092675835b00 100644
--- a/packages/console/src/ds-components/Dropdown/DropdownItem.tsx
+++ b/packages/console/src/ds-components/Dropdown/DropdownItem.tsx
@@ -3,7 +3,7 @@ import type { MouseEvent, KeyboardEvent, ReactNode } from 'react';
 
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './DropdownItem.module.scss';
+import styles from './DropdownItem.module.scss';
 
 export type Props = {
   readonly onClick?: (event: MouseEvent<HTMLDivElement> | KeyboardEvent<HTMLDivElement>) => void;
diff --git a/packages/console/src/ds-components/Dropdown/index.tsx b/packages/console/src/ds-components/Dropdown/index.tsx
index 346b8e76365a..d404650a3b6f 100644
--- a/packages/console/src/ds-components/Dropdown/index.tsx
+++ b/packages/console/src/ds-components/Dropdown/index.tsx
@@ -15,7 +15,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import OverlayScrollbar from '../OverlayScrollbar';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export { default as DropdownItem } from './DropdownItem';
 
diff --git a/packages/console/src/ds-components/FormField/Skeleton.tsx b/packages/console/src/ds-components/FormField/Skeleton.tsx
index 004cf2b8498f..be9859401039 100644
--- a/packages/console/src/ds-components/FormField/Skeleton.tsx
+++ b/packages/console/src/ds-components/FormField/Skeleton.tsx
@@ -1,4 +1,4 @@
-import * as styles from './Skeleton.module.scss';
+import styles from './Skeleton.module.scss';
 
 type Props = {
   readonly formFieldCount: number;
diff --git a/packages/console/src/ds-components/FormField/index.tsx b/packages/console/src/ds-components/FormField/index.tsx
index 1a2ada001d1a..45a0fcc3a1c4 100644
--- a/packages/console/src/ds-components/FormField/index.tsx
+++ b/packages/console/src/ds-components/FormField/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 import type { ReactElement, ReactNode } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Tip from '@/assets/icons/tip.svg';
+import Tip from '@/assets/icons/tip.svg?react';
 import FeatureTag, { type Props as FeatureTagProps } from '@/components/FeatureTag';
 
 import type DangerousRaw from '../DangerousRaw';
@@ -13,7 +13,7 @@ import Spacer from '../Spacer';
 import { ToggleTip } from '../Tip';
 import type { Props as ToggleTipProps } from '../Tip/ToggleTip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly title: AdminConsoleKey | ReactElement<typeof DangerousRaw>;
diff --git a/packages/console/src/ds-components/IconButton/index.tsx b/packages/console/src/ds-components/IconButton/index.tsx
index 52afa0b2a980..86bb9af72b46 100644
--- a/packages/console/src/ds-components/IconButton/index.tsx
+++ b/packages/console/src/ds-components/IconButton/index.tsx
@@ -2,7 +2,7 @@ import classNames from 'classnames';
 import type { ForwardedRef, HTMLProps } from 'react';
 import { forwardRef, useRef } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = Omit<HTMLProps<HTMLButtonElement>, 'size' | 'type'> & {
   readonly size?: 'small' | 'medium' | 'large';
diff --git a/packages/console/src/ds-components/ImageWithErrorFallback/index.tsx b/packages/console/src/ds-components/ImageWithErrorFallback/index.tsx
index d3cd4700251d..550e6cc1ef76 100644
--- a/packages/console/src/ds-components/ImageWithErrorFallback/index.tsx
+++ b/packages/console/src/ds-components/ImageWithErrorFallback/index.tsx
@@ -2,8 +2,8 @@ import { Theme } from '@logto/schemas';
 import type { ImgHTMLAttributes, ReactElement } from 'react';
 import { cloneElement, useState } from 'react';
 
-import FallbackImageDark from '@/assets/images/broken-image-dark.svg';
-import FallbackImageLight from '@/assets/images/broken-image-light.svg';
+import FallbackImageDark from '@/assets/images/broken-image-dark.svg?react';
+import FallbackImageLight from '@/assets/images/broken-image-light.svg?react';
 import useTheme from '@/hooks/use-theme';
 
 type Props = {
diff --git a/packages/console/src/ds-components/InlineNotification/index.tsx b/packages/console/src/ds-components/InlineNotification/index.tsx
index 807c11166520..3e44fbc06cac 100644
--- a/packages/console/src/ds-components/InlineNotification/index.tsx
+++ b/packages/console/src/ds-components/InlineNotification/index.tsx
@@ -3,17 +3,17 @@ import classNames from 'classnames';
 import { forwardRef } from 'react';
 import type { ReactNode, Ref } from 'react';
 
-import Alert from '@/assets/icons/alert.svg';
-import Info from '@/assets/icons/info.svg';
-import Error from '@/assets/icons/toast-error.svg';
-import Success from '@/assets/icons/toast-success.svg';
+import Alert from '@/assets/icons/alert.svg?react';
+import Info from '@/assets/icons/info.svg?react';
+import Error from '@/assets/icons/toast-error.svg?react';
+import Success from '@/assets/icons/toast-success.svg?react';
 import type { Props as TextLinkProps } from '@/ds-components/TextLink';
 
 import Button from '../Button';
 import DynamicT from '../DynamicT';
 import TextLink from '../TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly severity?: 'info' | 'alert' | 'success' | 'error';
diff --git a/packages/console/src/ds-components/KeyValueInputField/index.tsx b/packages/console/src/ds-components/KeyValueInputField/index.tsx
index ecb9f36ff3f1..c72c22e880f5 100644
--- a/packages/console/src/ds-components/KeyValueInputField/index.tsx
+++ b/packages/console/src/ds-components/KeyValueInputField/index.tsx
@@ -1,12 +1,12 @@
 import { type FieldError } from 'react-hook-form';
 
-import CirclePlus from '@/assets/icons/circle-plus.svg';
-import Minus from '@/assets/icons/minus.svg';
+import CirclePlus from '@/assets/icons/circle-plus.svg?react';
+import Minus from '@/assets/icons/minus.svg?react';
 import Button from '@/ds-components/Button';
 import IconButton from '@/ds-components/IconButton';
 import TextInput, { type Props as TextInputProps } from '@/ds-components/TextInput';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FieldType = {
   key: string;
diff --git a/packages/console/src/ds-components/ModalHeader/index.tsx b/packages/console/src/ds-components/ModalHeader/index.tsx
index 2ab625550f47..d76c450e4f15 100644
--- a/packages/console/src/ds-components/ModalHeader/index.tsx
+++ b/packages/console/src/ds-components/ModalHeader/index.tsx
@@ -1,13 +1,13 @@
 import { type AdminConsoleKey } from '@logto/phrases';
 import { type ReactNode } from 'react';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 
 import CardTitle from '../CardTitle';
 import IconButton from '../IconButton';
 import Spacer from '../Spacer';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: AdminConsoleKey;
diff --git a/packages/console/src/ds-components/ModalLayout/index.tsx b/packages/console/src/ds-components/ModalLayout/index.tsx
index 6cdc2b1030b4..149c05f80848 100644
--- a/packages/console/src/ds-components/ModalLayout/index.tsx
+++ b/packages/console/src/ds-components/ModalLayout/index.tsx
@@ -1,14 +1,14 @@
 import classNames from 'classnames';
 import { type ReactElement, type ReactNode } from 'react';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 
 import Card from '../Card';
 import type { Props as CardTitleProps } from '../CardTitle';
 import CardTitle from '../CardTitle';
 import IconButton from '../IconButton';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/ds-components/MultiTextInput/index.tsx b/packages/console/src/ds-components/MultiTextInput/index.tsx
index cff6d1b75ac3..755a912bebf1 100644
--- a/packages/console/src/ds-components/MultiTextInput/index.tsx
+++ b/packages/console/src/ds-components/MultiTextInput/index.tsx
@@ -5,15 +5,15 @@ import type { KeyboardEvent } from 'react';
 import { useMemo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import CirclePlus from '@/assets/icons/circle-plus.svg';
-import Minus from '@/assets/icons/minus.svg';
+import CirclePlus from '@/assets/icons/circle-plus.svg?react';
+import Minus from '@/assets/icons/minus.svg?react';
 
 import Button from '../Button';
 import ConfirmModal from '../ConfirmModal';
 import IconButton from '../IconButton';
 import TextInput from '../TextInput';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import type { MultiTextInputError } from './types';
 
 export type Props = {
diff --git a/packages/console/src/ds-components/Pagination/index.tsx b/packages/console/src/ds-components/Pagination/index.tsx
index 4530f730efbe..102fcc4f70ba 100644
--- a/packages/console/src/ds-components/Pagination/index.tsx
+++ b/packages/console/src/ds-components/Pagination/index.tsx
@@ -9,7 +9,7 @@ import DangerousRaw from '../DangerousRaw';
 
 import Next from './Next';
 import Previous from './Previous';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly page: number;
diff --git a/packages/console/src/ds-components/RadioGroup/Radio.tsx b/packages/console/src/ds-components/RadioGroup/Radio.tsx
index ac097bc026a2..37f2068a1ae9 100644
--- a/packages/console/src/ds-components/RadioGroup/Radio.tsx
+++ b/packages/console/src/ds-components/RadioGroup/Radio.tsx
@@ -6,7 +6,7 @@ import { useCallback } from 'react';
 import type DangerousRaw from '../DangerousRaw';
 import DynamicT from '../DynamicT';
 
-import * as styles from './Radio.module.scss';
+import styles from './Radio.module.scss';
 
 function Check() {
   return (
diff --git a/packages/console/src/ds-components/RadioGroup/index.tsx b/packages/console/src/ds-components/RadioGroup/index.tsx
index 5e0df24d62b0..f5b1d9e93e90 100644
--- a/packages/console/src/ds-components/RadioGroup/index.tsx
+++ b/packages/console/src/ds-components/RadioGroup/index.tsx
@@ -5,7 +5,7 @@ import { Children, cloneElement, forwardRef, isValidElement } from 'react';
 
 import type { Props as RadioProps } from './Radio';
 import Radio from './Radio';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type RadioElement =
   | {
diff --git a/packages/console/src/ds-components/Search/index.tsx b/packages/console/src/ds-components/Search/index.tsx
index ef54f32d3370..ecf403305851 100644
--- a/packages/console/src/ds-components/Search/index.tsx
+++ b/packages/console/src/ds-components/Search/index.tsx
@@ -1,12 +1,12 @@
 import type { FormEventHandler, KeyboardEventHandler } from 'react';
 import { useEffect, useRef, useState } from 'react';
 
-import SearchIcon from '@/assets/icons/search.svg';
+import SearchIcon from '@/assets/icons/search.svg?react';
 
 import Button from '../Button';
 import TextInput from '../TextInput';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly defaultValue?: string;
diff --git a/packages/console/src/ds-components/Select/MultiSelect.tsx b/packages/console/src/ds-components/Select/MultiSelect.tsx
index 9bd33fb906f3..f3b52819cd91 100644
--- a/packages/console/src/ds-components/Select/MultiSelect.tsx
+++ b/packages/console/src/ds-components/Select/MultiSelect.tsx
@@ -4,7 +4,7 @@ import classNames from 'classnames';
 import { useEffect, useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import { Ring as Spinner } from '@/ds-components/Spinner';
 import { onKeyDownHandler } from '@/utils/a11y';
 
@@ -12,7 +12,7 @@ import Dropdown, { DropdownItem } from '../Dropdown';
 import IconButton from '../IconButton';
 import Tag from '../Tag';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Option<T> = {
   value: T;
diff --git a/packages/console/src/ds-components/Select/index.tsx b/packages/console/src/ds-components/Select/index.tsx
index c57eba9b759e..d8fc8163268e 100644
--- a/packages/console/src/ds-components/Select/index.tsx
+++ b/packages/console/src/ds-components/Select/index.tsx
@@ -3,17 +3,17 @@ import type { ReactEventHandler, ReactNode } from 'react';
 import { useEffect, useMemo, useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Close from '@/assets/icons/close.svg';
-import KeyboardArrowDown from '@/assets/icons/keyboard-arrow-down.svg';
-import KeyboardArrowUp from '@/assets/icons/keyboard-arrow-up.svg';
-import SearchIcon from '@/assets/icons/search.svg';
+import Close from '@/assets/icons/close.svg?react';
+import KeyboardArrowDown from '@/assets/icons/keyboard-arrow-down.svg?react';
+import KeyboardArrowUp from '@/assets/icons/keyboard-arrow-up.svg?react';
+import SearchIcon from '@/assets/icons/search.svg?react';
 import useWindowResize from '@/hooks/use-window-resize';
 import { onKeyDownHandler } from '@/utils/a11y';
 
 import Dropdown, { DropdownItem } from '../Dropdown';
 import IconButton from '../IconButton';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Option<T> = {
   value: T;
diff --git a/packages/console/src/ds-components/Spacer/index.tsx b/packages/console/src/ds-components/Spacer/index.tsx
index 448c789085ba..c1ec9a17b0c2 100644
--- a/packages/console/src/ds-components/Spacer/index.tsx
+++ b/packages/console/src/ds-components/Spacer/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Spacer() {
   return <div className={styles.spacer} />;
diff --git a/packages/console/src/ds-components/Spinner/index.tsx b/packages/console/src/ds-components/Spinner/index.tsx
index 6e409d38b6c8..960634b59cb2 100644
--- a/packages/console/src/ds-components/Spinner/index.tsx
+++ b/packages/console/src/ds-components/Spinner/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/ds-components/Switch/index.tsx b/packages/console/src/ds-components/Switch/index.tsx
index 2d999063ee39..c962217ceae2 100644
--- a/packages/console/src/ds-components/Switch/index.tsx
+++ b/packages/console/src/ds-components/Switch/index.tsx
@@ -5,7 +5,7 @@ import { forwardRef } from 'react';
 
 import DynamicT from '../DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props =
   | (Omit<HTMLProps<HTMLInputElement>, 'label'> & {
diff --git a/packages/console/src/ds-components/TabNav/TabNavItem.tsx b/packages/console/src/ds-components/TabNav/TabNavItem.tsx
index d3c3ab19bf7a..0a377705fdb6 100644
--- a/packages/console/src/ds-components/TabNav/TabNavItem.tsx
+++ b/packages/console/src/ds-components/TabNav/TabNavItem.tsx
@@ -5,7 +5,7 @@ import { Link } from 'react-router-dom';
 import useMatchTenantPath from '@/hooks/use-tenant-pathname';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './TabNavItem.module.scss';
+import styles from './TabNavItem.module.scss';
 
 type BaseProps = {
   isActive?: boolean;
diff --git a/packages/console/src/ds-components/TabNav/index.tsx b/packages/console/src/ds-components/TabNav/index.tsx
index 631d466240a6..88eb617c4351 100644
--- a/packages/console/src/ds-components/TabNav/index.tsx
+++ b/packages/console/src/ds-components/TabNav/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export { default as TabNavItem } from './TabNavItem';
 
diff --git a/packages/console/src/ds-components/TabWrapper/index.tsx b/packages/console/src/ds-components/TabWrapper/index.tsx
index 11bac4bad39c..97f5c3dd9f73 100644
--- a/packages/console/src/ds-components/TabWrapper/index.tsx
+++ b/packages/console/src/ds-components/TabWrapper/index.tsx
@@ -1,7 +1,7 @@
 import classNames from 'classnames';
 import type { ReactNode } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly isActive: boolean;
diff --git a/packages/console/src/ds-components/Table/Skeleton/index.tsx b/packages/console/src/ds-components/Table/Skeleton/index.tsx
index 2a8bc56c6e20..c58988fd08cc 100644
--- a/packages/console/src/ds-components/Table/Skeleton/index.tsx
+++ b/packages/console/src/ds-components/Table/Skeleton/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly columnSpans: number[];
diff --git a/packages/console/src/ds-components/Table/TableEmptyWrapper.tsx b/packages/console/src/ds-components/Table/TableEmptyWrapper.tsx
index 64879af9acf8..5f78abb18192 100644
--- a/packages/console/src/ds-components/Table/TableEmptyWrapper.tsx
+++ b/packages/console/src/ds-components/Table/TableEmptyWrapper.tsx
@@ -1,6 +1,6 @@
 import type { ReactNode } from 'react';
 
-import * as styles from './TableEmptyWrapper.module.scss';
+import styles from './TableEmptyWrapper.module.scss';
 
 type Props = {
   readonly columns: number;
diff --git a/packages/console/src/ds-components/Table/TableError.tsx b/packages/console/src/ds-components/Table/TableError.tsx
index d2a3b4637d64..61ff5091ad54 100644
--- a/packages/console/src/ds-components/Table/TableError.tsx
+++ b/packages/console/src/ds-components/Table/TableError.tsx
@@ -1,13 +1,13 @@
 import { Theme } from '@logto/schemas';
 import { useTranslation } from 'react-i18next';
 
-import RequestErrorDarkImage from '@/assets/images/request-error-dark.svg';
-import RequestErrorImage from '@/assets/images/request-error.svg';
+import RequestErrorDarkImage from '@/assets/images/request-error-dark.svg?react';
+import RequestErrorImage from '@/assets/images/request-error.svg?react';
 import useTheme from '@/hooks/use-theme';
 
 import Button from '../Button';
 
-import * as styles from './TableError.module.scss';
+import styles from './TableError.module.scss';
 
 type Props = {
   readonly title?: string;
diff --git a/packages/console/src/ds-components/Table/TablePlaceholder.tsx b/packages/console/src/ds-components/Table/TablePlaceholder.tsx
index e03654579f49..2464daa1dd8d 100644
--- a/packages/console/src/ds-components/Table/TablePlaceholder.tsx
+++ b/packages/console/src/ds-components/Table/TablePlaceholder.tsx
@@ -9,7 +9,7 @@ import useTheme from '@/hooks/use-theme';
 import DynamicT from '../DynamicT';
 import TextLink from '../TextLink';
 
-import * as styles from './TablePlaceholder.module.scss';
+import styles from './TablePlaceholder.module.scss';
 
 type Props = {
   readonly image: ReactNode;
diff --git a/packages/console/src/ds-components/Table/index.tsx b/packages/console/src/ds-components/Table/index.tsx
index 4a9010b8f944..ce51cfd752cf 100644
--- a/packages/console/src/ds-components/Table/index.tsx
+++ b/packages/console/src/ds-components/Table/index.tsx
@@ -12,7 +12,7 @@ import OverlayScrollbar from '../OverlayScrollbar';
 import Skeleton from './Skeleton';
 import TableEmptyWrapper from './TableEmptyWrapper';
 import TableError from './TableError';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import type { Column, RowGroup } from './types';
 
 export type Props<
diff --git a/packages/console/src/ds-components/Tag/index.tsx b/packages/console/src/ds-components/Tag/index.tsx
index 6d11b03997f6..3694cafdbaa6 100644
--- a/packages/console/src/ds-components/Tag/index.tsx
+++ b/packages/console/src/ds-components/Tag/index.tsx
@@ -2,10 +2,10 @@ import { conditional } from '@silverhand/essentials';
 import classNames from 'classnames';
 import type { HTMLProps, ReactNode } from 'react';
 
-import Failed from '@/assets/icons/failed.svg';
-import Success from '@/assets/icons/success.svg';
+import Failed from '@/assets/icons/failed.svg?react';
+import Success from '@/assets/icons/success.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = Pick<HTMLProps<HTMLDivElement>, 'className' | 'onClick'> & {
   readonly type?: 'property' | 'state' | 'result';
diff --git a/packages/console/src/ds-components/TextInput/NumericInput.tsx b/packages/console/src/ds-components/TextInput/NumericInput.tsx
index a622041594a2..462409a7030c 100644
--- a/packages/console/src/ds-components/TextInput/NumericInput.tsx
+++ b/packages/console/src/ds-components/TextInput/NumericInput.tsx
@@ -1,11 +1,11 @@
 import classNames from 'classnames';
 import { type ComponentProps } from 'react';
 
-import CaretDown from '@/assets/icons/caret-down.svg';
-import CaretUp from '@/assets/icons/caret-up.svg';
+import CaretDown from '@/assets/icons/caret-down.svg?react';
+import CaretUp from '@/assets/icons/caret-up.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './NumericInput.module.scss';
+import styles from './NumericInput.module.scss';
 import TextInput from './index';
 
 type ButtonProps = {
diff --git a/packages/console/src/ds-components/TextInput/index.tsx b/packages/console/src/ds-components/TextInput/index.tsx
index e13603c271ce..31e8754f5a6e 100644
--- a/packages/console/src/ds-components/TextInput/index.tsx
+++ b/packages/console/src/ds-components/TextInput/index.tsx
@@ -12,11 +12,11 @@ import {
   useState,
 } from 'react';
 
-import EyeClosed from '@/assets/icons/eye-closed.svg';
-import Eye from '@/assets/icons/eye.svg';
+import EyeClosed from '@/assets/icons/eye-closed.svg?react';
+import Eye from '@/assets/icons/eye.svg?react';
 import IconButton from '@/ds-components/IconButton';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = Omit<HTMLProps<HTMLInputElement>, 'size'> & {
   readonly error?: string | boolean | ReactElement;
diff --git a/packages/console/src/ds-components/TextLink/index.tsx b/packages/console/src/ds-components/TextLink/index.tsx
index 1539f986d34d..08b0b2906992 100644
--- a/packages/console/src/ds-components/TextLink/index.tsx
+++ b/packages/console/src/ds-components/TextLink/index.tsx
@@ -8,7 +8,7 @@ import { Link } from 'react-router-dom';
 import { LinkButton } from '@/ds-components/Button';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = AnchorHTMLAttributes<HTMLAnchorElement> &
   Partial<LinkProps> & {
diff --git a/packages/console/src/ds-components/Textarea/index.tsx b/packages/console/src/ds-components/Textarea/index.tsx
index 6da3741c52a5..01dfa80f9784 100644
--- a/packages/console/src/ds-components/Textarea/index.tsx
+++ b/packages/console/src/ds-components/Textarea/index.tsx
@@ -2,7 +2,7 @@ import classNames from 'classnames';
 import type { ForwardedRef, HTMLProps } from 'react';
 import { forwardRef } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = HTMLProps<HTMLTextAreaElement> & {
   readonly className?: string;
diff --git a/packages/console/src/ds-components/Tip/TipBubble/index.tsx b/packages/console/src/ds-components/Tip/TipBubble/index.tsx
index 18d2e5830efc..8803a2c6546f 100644
--- a/packages/console/src/ds-components/Tip/TipBubble/index.tsx
+++ b/packages/console/src/ds-components/Tip/TipBubble/index.tsx
@@ -5,7 +5,7 @@ import type { ForwardedRef, ReactNode, HTMLProps, RefObject } from 'react';
 
 import type { HorizontalAlignment, Position } from '@/types/positioning';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type TipBubblePlacement = 'top' | 'right' | 'bottom' | 'left';
 
diff --git a/packages/console/src/ds-components/Tip/ToggleTip/index.tsx b/packages/console/src/ds-components/Tip/ToggleTip/index.tsx
index db8fe54bd0b9..f3bce58e35a6 100644
--- a/packages/console/src/ds-components/Tip/ToggleTip/index.tsx
+++ b/packages/console/src/ds-components/Tip/ToggleTip/index.tsx
@@ -4,7 +4,7 @@ import { useCallback, useState, useRef } from 'react';
 import ReactModal from 'react-modal';
 
 import usePosition from '@/hooks/use-position';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import type { HorizontalAlignment } from '@/types/positioning';
 import { onKeyDownHandler } from '@/utils/a11y';
 
@@ -17,7 +17,7 @@ import {
   getHorizontalOffset,
 } from '../TipBubble/utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/ds-components/Tip/Tooltip/index.tsx b/packages/console/src/ds-components/Tip/Tooltip/index.tsx
index 1e7d9538fe8b..2bdfb7298c5d 100644
--- a/packages/console/src/ds-components/Tip/Tooltip/index.tsx
+++ b/packages/console/src/ds-components/Tip/Tooltip/index.tsx
@@ -15,7 +15,7 @@ import {
   getHorizontalOffset,
 } from '../TipBubble/utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/ds-components/Toast/index.tsx b/packages/console/src/ds-components/Toast/index.tsx
index 5e20eaf4eac6..e4011ba3d78e 100644
--- a/packages/console/src/ds-components/Toast/index.tsx
+++ b/packages/console/src/ds-components/Toast/index.tsx
@@ -1,10 +1,10 @@
 import classNames from 'classnames';
 import { Toaster, resolveValue } from 'react-hot-toast';
 
-import Error from '@/assets/icons/toast-error.svg';
-import Success from '@/assets/icons/toast-success.svg';
+import Error from '@/assets/icons/toast-error.svg?react';
+import Success from '@/assets/icons/toast-success.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Toast() {
   return (
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
index 4e067723fbab..4110aee0ac64 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
@@ -6,13 +6,13 @@ import { useCallback, useEffect, useState } from 'react';
 import { type FileRejection, useDropzone } from 'react-dropzone';
 import { useTranslation } from 'react-i18next';
 
-import UploaderIcon from '@/assets/icons/upload.svg';
+import UploaderIcon from '@/assets/icons/upload.svg?react';
 import useApi from '@/hooks/use-api';
 import { convertToFileExtensionArray, formatBytes } from '@/utils/uploader';
 
 import { Ring } from '../../Spinner';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props<T extends Record<string, unknown> = UserAssets> = {
   // eslint-disable-next-line react/boolean-prop-naming
diff --git a/packages/console/src/ds-components/Uploader/ImageUploader/index.tsx b/packages/console/src/ds-components/Uploader/ImageUploader/index.tsx
index 49bc45a7fc19..6b16009018af 100644
--- a/packages/console/src/ds-components/Uploader/ImageUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/ImageUploader/index.tsx
@@ -1,7 +1,7 @@
 import type { AllowedUploadMimeType } from '@logto/schemas';
 import classNames from 'classnames';
 
-import Delete from '@/assets/icons/delete.svg';
+import Delete from '@/assets/icons/delete.svg?react';
 import ImageWithErrorFallback from '@/ds-components/ImageWithErrorFallback';
 import useImageMimeTypes, { maxImageSizeLimit } from '@/hooks/use-image-mime-types';
 
@@ -9,7 +9,7 @@ import IconButton from '../../IconButton';
 import FileUploader from '../FileUploader';
 import type { Props as FileUploaderProps } from '../FileUploader';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = Omit<FileUploaderProps, 'maxSize' | 'allowedMimeTypes'> & {
   readonly allowedMimeTypes?: AllowedUploadMimeType[];
diff --git a/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx b/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
index 2b519a7f458a..ff8c6a08589a 100644
--- a/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
+++ b/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
@@ -7,7 +7,7 @@ import useImageMimeTypes from '@/hooks/use-image-mime-types';
 import ImageUploader from '../ImageUploader';
 import type { Props as ImageUploaderProps } from '../ImageUploader';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = Omit<ImageUploaderProps, 'onDelete' | 'onCompleted' | 'onUploadErrorChange'> & {
   readonly onChange: (value: string) => void;
diff --git a/packages/console/src/hooks/use-console-routes/index.tsx b/packages/console/src/hooks/use-console-routes/index.tsx
index f03eeec9e4a2..4b78bbc2de9c 100644
--- a/packages/console/src/hooks/use-console-routes/index.tsx
+++ b/packages/console/src/hooks/use-console-routes/index.tsx
@@ -1,12 +1,9 @@
 import { condArray } from '@silverhand/essentials';
-import { useMemo } from 'react';
+import { lazy, useMemo } from 'react';
 import { type RouteObject } from 'react-router-dom';
 
 import { isCloud } from '@/consts/env';
-import Dashboard from '@/pages/Dashboard';
-import GetStarted from '@/pages/GetStarted';
 import NotFound from '@/pages/NotFound';
-import SigningKeys from '@/pages/SigningKeys';
 
 import { apiResources } from './routes/api-resources';
 import { applications } from './routes/applications';
@@ -23,6 +20,10 @@ import { useTenantSettings } from './routes/tenant-settings';
 import { users } from './routes/users';
 import { webhooks } from './routes/webhooks';
 
+const Dashboard = lazy(async () => import('@/pages/Dashboard'));
+const GetStarted = lazy(async () => import('@/pages/GetStarted'));
+const SigningKeys = lazy(async () => import('@/pages/SigningKeys'));
+
 export const useConsoleRoutes = () => {
   const tenantSettings = useTenantSettings();
 
diff --git a/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx b/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx
index 4e284d237e49..3bdd236135dd 100644
--- a/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx
@@ -1,10 +1,16 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { ApiResourceDetailsTabs } from '@/consts';
-import ApiResourceDetails from '@/pages/ApiResourceDetails';
-import ApiResourcePermissions from '@/pages/ApiResourceDetails/ApiResourcePermissions';
-import ApiResourceSettings from '@/pages/ApiResourceDetails/ApiResourceSettings';
-import ApiResources from '@/pages/ApiResources';
+
+const ApiResources = lazy(async () => import('@/pages/ApiResources'));
+const ApiResourceDetails = lazy(async () => import('@/pages/ApiResourceDetails'));
+const ApiResourcePermissions = lazy(
+  async () => import('@/pages/ApiResourceDetails/ApiResourcePermissions')
+);
+const ApiResourceSettings = lazy(
+  async () => import('@/pages/ApiResourceDetails/ApiResourceSettings')
+);
 
 export const apiResources: RouteObject = {
   path: 'api-resources',
diff --git a/packages/console/src/hooks/use-console-routes/routes/applications.tsx b/packages/console/src/hooks/use-console-routes/routes/applications.tsx
index ea537f6c3d1c..e4c178db1750 100644
--- a/packages/console/src/hooks/use-console-routes/routes/applications.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/applications.tsx
@@ -1,9 +1,11 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { ApplicationDetailsTabs } from '@/consts';
-import ApplicationDetails from '@/pages/ApplicationDetails';
-import Applications from '@/pages/Applications';
-import AuditLogDetails from '@/pages/AuditLogDetails';
+
+const Applications = lazy(async () => import('@/pages/Applications'));
+const ApplicationDetails = lazy(async () => import('@/pages/ApplicationDetails'));
+const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
 
 export const applications: RouteObject = {
   path: 'applications',
diff --git a/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx b/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx
index 24094e4681c5..e529342119ca 100644
--- a/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx
@@ -1,7 +1,8 @@
+import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
 
-import AuditLogDetails from '@/pages/AuditLogDetails';
-import AuditLogs from '@/pages/AuditLogs';
+const AuditLogs = lazy(async () => import('@/pages/AuditLogs'));
+const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
 
 export const auditLogs: RouteObject = {
   path: 'audit-logs',
diff --git a/packages/console/src/hooks/use-console-routes/routes/connectors.tsx b/packages/console/src/hooks/use-console-routes/routes/connectors.tsx
index 5fcc4d50b2a3..dbe359ba2d7c 100644
--- a/packages/console/src/hooks/use-console-routes/routes/connectors.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/connectors.tsx
@@ -1,8 +1,10 @@
+import { lazy } from 'react';
 import { Navigate } from 'react-router-dom';
 
 import { ConnectorsTabs } from '@/consts';
-import ConnectorDetails from '@/pages/ConnectorDetails';
-import Connectors from '@/pages/Connectors';
+
+const Connectors = lazy(async () => import('@/pages/Connectors'));
+const ConnectorDetails = lazy(async () => import('@/pages/ConnectorDetails'));
 
 export const connectors = {
   path: 'connectors',
diff --git a/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx b/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx
index 9ed2653a1177..b5d8ec0379fb 100644
--- a/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx
@@ -1,7 +1,8 @@
+import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
 
-import CustomizeJwt from '@/pages/CustomizeJwt';
-import CustomizeJwtDetails from '@/pages/CustomizeJwtDetails';
+const CustomizeJwt = lazy(async () => import('@/pages/CustomizeJwt'));
+const CustomizeJwtDetails = lazy(async () => import('@/pages/CustomizeJwtDetails'));
 
 export const customizeJwt: RouteObject = {
   path: 'customize-jwt',
diff --git a/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx b/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx
index a363671658d5..caa7c1743982 100644
--- a/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx
@@ -1,8 +1,10 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { EnterpriseSsoDetailsTabs } from '@/consts/page-tabs';
-import EnterpriseSso from '@/pages/EnterpriseSso';
-import EnterpriseSsoDetails from '@/pages/EnterpriseSsoDetails';
+
+const EnterpriseSso = lazy(async () => import('@/pages/EnterpriseSso'));
+const EnterpriseSsoDetails = lazy(async () => import('@/pages/EnterpriseSsoDetails'));
 
 export const enterpriseSso: RouteObject = {
   path: 'enterprise-sso',
diff --git a/packages/console/src/hooks/use-console-routes/routes/mfa.tsx b/packages/console/src/hooks/use-console-routes/routes/mfa.tsx
index 8225a573d4c4..0ef3fde5acfc 100644
--- a/packages/console/src/hooks/use-console-routes/routes/mfa.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/mfa.tsx
@@ -1,5 +1,6 @@
+import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
 
-import Mfa from '@/pages/Mfa';
+const Mfa = lazy(async () => import('@/pages/Mfa'));
 
 export const mfa: RouteObject = { path: 'mfa', element: <Mfa /> };
diff --git a/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx b/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx
index 21d30eb6c0d5..aa69cf6e3876 100644
--- a/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx
@@ -1,12 +1,18 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { OrganizationRoleDetailsTabs, OrganizationTemplateTabs } from '@/consts';
-import OrganizationRoleDetails from '@/pages/OrganizationRoleDetails';
-import Permissions from '@/pages/OrganizationRoleDetails/Permissions';
-import Settings from '@/pages/OrganizationRoleDetails/Settings';
-import OrganizationTemplate from '@/pages/OrganizationTemplate';
-import OrganizationPermissions from '@/pages/OrganizationTemplate/OrganizationPermissions';
-import OrganizationRoles from '@/pages/OrganizationTemplate/OrganizationRoles';
+
+const OrganizationTemplate = lazy(async () => import('@/pages/OrganizationTemplate'));
+const OrganizationRoles = lazy(
+  async () => import('@/pages/OrganizationTemplate/OrganizationRoles')
+);
+const OrganizationPermissions = lazy(
+  async () => import('@/pages/OrganizationTemplate/OrganizationPermissions')
+);
+const OrganizationRoleDetails = lazy(async () => import('@/pages/OrganizationRoleDetails'));
+const Permissions = lazy(async () => import('@/pages/OrganizationRoleDetails/Permissions'));
+const Settings = lazy(async () => import('@/pages/OrganizationRoleDetails/Settings'));
 
 export const organizationTemplate: RouteObject[] = [
   {
diff --git a/packages/console/src/hooks/use-console-routes/routes/organizations.tsx b/packages/console/src/hooks/use-console-routes/routes/organizations.tsx
index 1c70a6738076..c8c95668aa32 100644
--- a/packages/console/src/hooks/use-console-routes/routes/organizations.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/organizations.tsx
@@ -1,12 +1,14 @@
 import { condArray } from '@silverhand/essentials';
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
-import OrganizationDetails from '@/pages/OrganizationDetails';
-import MachineToMachine from '@/pages/OrganizationDetails/MachineToMachine';
-import Members from '@/pages/OrganizationDetails/Members';
-import Settings from '@/pages/OrganizationDetails/Settings';
 import { OrganizationDetailsTabs } from '@/pages/OrganizationDetails/types';
-import Organizations from '@/pages/Organizations';
+
+const Organizations = lazy(async () => import('@/pages/Organizations'));
+const OrganizationDetails = lazy(async () => import('@/pages/OrganizationDetails'));
+const MachineToMachine = lazy(async () => import('@/pages/OrganizationDetails/MachineToMachine'));
+const Members = lazy(async () => import('@/pages/OrganizationDetails/Members'));
+const Settings = lazy(async () => import('@/pages/OrganizationDetails/Settings'));
 
 export const organizations: RouteObject = {
   path: 'organizations',
diff --git a/packages/console/src/hooks/use-console-routes/routes/profile.tsx b/packages/console/src/hooks/use-console-routes/routes/profile.tsx
index f4bb0268f086..423030de425c 100644
--- a/packages/console/src/hooks/use-console-routes/routes/profile.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/profile.tsx
@@ -1,9 +1,16 @@
+import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
 
-import ChangePasswordModal from '@/pages/Profile/containers/ChangePasswordModal';
-import LinkEmailModal from '@/pages/Profile/containers/LinkEmailModal';
-import VerificationCodeModal from '@/pages/Profile/containers/VerificationCodeModal';
-import VerifyPasswordModal from '@/pages/Profile/containers/VerifyPasswordModal';
+const ChangePasswordModal = lazy(
+  async () => import('@/pages/Profile/containers/ChangePasswordModal')
+);
+const LinkEmailModal = lazy(async () => import('@/pages/Profile/containers/LinkEmailModal'));
+const VerificationCodeModal = lazy(
+  async () => import('@/pages/Profile/containers/VerificationCodeModal')
+);
+const VerifyPasswordModal = lazy(
+  async () => import('@/pages/Profile/containers/VerifyPasswordModal')
+);
 
 export const profile: RouteObject[] = [
   { path: 'verify-password', element: <VerifyPasswordModal /> },
diff --git a/packages/console/src/hooks/use-console-routes/routes/roles.tsx b/packages/console/src/hooks/use-console-routes/routes/roles.tsx
index 536131a0bb71..51e38899e7a4 100644
--- a/packages/console/src/hooks/use-console-routes/routes/roles.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/roles.tsx
@@ -1,12 +1,14 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { RoleDetailsTabs } from '@/consts/page-tabs';
-import RoleDetails from '@/pages/RoleDetails';
-import RoleApplications from '@/pages/RoleDetails/RoleApplications';
-import RolePermissions from '@/pages/RoleDetails/RolePermissions';
-import RoleSettings from '@/pages/RoleDetails/RoleSettings';
-import RoleUsers from '@/pages/RoleDetails/RoleUsers';
-import Roles from '@/pages/Roles';
+
+const Roles = lazy(async () => import('@/pages/Roles'));
+const RoleDetails = lazy(async () => import('@/pages/RoleDetails'));
+const RolePermissions = lazy(async () => import('@/pages/RoleDetails/RolePermissions'));
+const RoleSettings = lazy(async () => import('@/pages/RoleDetails/RoleSettings'));
+const RoleUsers = lazy(async () => import('@/pages/RoleDetails/RoleUsers'));
+const RoleApplications = lazy(async () => import('@/pages/RoleDetails/RoleApplications'));
 
 export const roles: RouteObject = {
   path: 'roles',
diff --git a/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx b/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx
index 04fdd3d94dbd..63b4a2e8e1d0 100644
--- a/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx
@@ -1,8 +1,10 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
-import SignInExperience from '@/pages/SignInExperience';
 import { SignInExperienceTab } from '@/pages/SignInExperience/types';
 
+const SignInExperience = lazy(async () => import('@/pages/SignInExperience'));
+
 export const signInExperience: RouteObject = {
   path: 'sign-in-experience',
   children: [
diff --git a/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx b/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx
index fd33b2384e8c..5c025626e820 100644
--- a/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx
@@ -1,19 +1,22 @@
 import { condArray } from '@silverhand/essentials';
-import { useContext, useMemo } from 'react';
+import { lazy, useContext, useMemo } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { TenantSettingsTabs } from '@/consts';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import useCurrentTenantScopes from '@/hooks/use-current-tenant-scopes';
 import NotFound from '@/pages/NotFound';
-import TenantSettings from '@/pages/TenantSettings';
-import BillingHistory from '@/pages/TenantSettings/BillingHistory';
-import Subscription from '@/pages/TenantSettings/Subscription';
-import TenantBasicSettings from '@/pages/TenantSettings/TenantBasicSettings';
-import TenantDomainSettings from '@/pages/TenantSettings/TenantDomainSettings';
-import TenantMembers from '@/pages/TenantSettings/TenantMembers';
-import Invitations from '@/pages/TenantSettings/TenantMembers/Invitations';
-import Members from '@/pages/TenantSettings/TenantMembers/Members';
+
+const TenantSettings = lazy(async () => import('@/pages/TenantSettings'));
+const TenantBasicSettings = lazy(async () => import('@/pages/TenantSettings/TenantBasicSettings'));
+const TenantDomainSettings = lazy(
+  async () => import('@/pages/TenantSettings/TenantDomainSettings')
+);
+const TenantMembers = lazy(async () => import('@/pages/TenantSettings/TenantMembers'));
+const Invitations = lazy(async () => import('@/pages/TenantSettings/TenantMembers/Invitations'));
+const Members = lazy(async () => import('@/pages/TenantSettings/TenantMembers/Members'));
+const BillingHistory = lazy(async () => import('@/pages/TenantSettings/BillingHistory'));
+const Subscription = lazy(async () => import('@/pages/TenantSettings/Subscription'));
 
 export const useTenantSettings = () => {
   const { isDevTenant } = useContext(TenantsContext);
diff --git a/packages/console/src/hooks/use-console-routes/routes/users.tsx b/packages/console/src/hooks/use-console-routes/routes/users.tsx
index 39f85b6a8627..2a4d30f99c1b 100644
--- a/packages/console/src/hooks/use-console-routes/routes/users.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/users.tsx
@@ -1,13 +1,15 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { UserDetailsTabs } from '@/consts/page-tabs';
-import AuditLogDetails from '@/pages/AuditLogDetails';
-import UserDetails from '@/pages/UserDetails';
-import UserLogs from '@/pages/UserDetails/UserLogs';
-import UserOrganizations from '@/pages/UserDetails/UserOrganizations';
-import UserRoles from '@/pages/UserDetails/UserRoles';
-import UserSettings from '@/pages/UserDetails/UserSettings';
-import Users from '@/pages/Users';
+
+const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
+const UserDetails = lazy(async () => import('@/pages/UserDetails'));
+const UserLogs = lazy(async () => import('@/pages/UserDetails/UserLogs'));
+const UserOrganizations = lazy(async () => import('@/pages/UserDetails/UserOrganizations'));
+const UserRoles = lazy(async () => import('@/pages/UserDetails/UserRoles'));
+const UserSettings = lazy(async () => import('@/pages/UserDetails/UserSettings'));
+const Users = lazy(async () => import('@/pages/Users'));
 
 export const users: RouteObject = {
   path: 'users',
diff --git a/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx b/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx
index 2dc6c7c2a72f..e98231879112 100644
--- a/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx
@@ -1,11 +1,13 @@
+import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
 
 import { WebhookDetailsTabs } from '@/consts';
-import AuditLogDetails from '@/pages/AuditLogDetails';
-import WebhookDetails from '@/pages/WebhookDetails';
-import WebhookLogs from '@/pages/WebhookDetails/WebhookLogs';
-import WebhookSettings from '@/pages/WebhookDetails/WebhookSettings';
-import Webhooks from '@/pages/Webhooks';
+
+const WebhookDetails = lazy(async () => import('@/pages/WebhookDetails'));
+const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
+const WebhookSettings = lazy(async () => import('@/pages/WebhookDetails/WebhookSettings'));
+const WebhookLogs = lazy(async () => import('@/pages/WebhookDetails/WebhookLogs'));
+const Webhooks = lazy(async () => import('@/pages/Webhooks'));
 
 export const webhooks: RouteObject = {
   path: 'webhooks',
diff --git a/packages/console/src/icons/ConnectorPlatformIcon.tsx b/packages/console/src/icons/ConnectorPlatformIcon.tsx
index cd5397de9b99..a659122ec616 100644
--- a/packages/console/src/icons/ConnectorPlatformIcon.tsx
+++ b/packages/console/src/icons/ConnectorPlatformIcon.tsx
@@ -1,8 +1,8 @@
 import { ConnectorPlatform } from '@logto/schemas';
 
-import Native from '@/assets/icons/connector-platform-icon-native.svg';
-import Universal from '@/assets/icons/connector-platform-icon-universal.svg';
-import Web from '@/assets/icons/connector-platform-icon-web.svg';
+import Native from '@/assets/icons/connector-platform-icon-native.svg?react';
+import Universal from '@/assets/icons/connector-platform-icon-universal.svg?react';
+import Web from '@/assets/icons/connector-platform-icon-web.svg?react';
 
 type Props = {
   readonly platform: ConnectorPlatform;
diff --git a/packages/console/src/include.d/react-app.d.ts b/packages/console/src/include.d/react-app.d.ts
deleted file mode 100644
index c2ef4a4de00b..000000000000
--- a/packages/console/src/include.d/react-app.d.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copied from react-scripts/lib/react-app.d.ts
-
-declare module '*.avif' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.bmp' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.gif' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.jpg' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.jpeg' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.png' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.webp' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.svg' {
-  import type * as React from 'react';
-
-  export const ReactComponent: React.FunctionComponent<
-    React.SVGProps<SVGSVGElement> & { title?: string }
-  >;
-
-  const src: string;
-  export default src;
-}
-
-declare module '*.module.css' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
-
-declare module '*.module.scss' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
-
-declare module '*.module.sass' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
diff --git a/packages/console/src/include.d/react-router-dom.d.ts b/packages/console/src/include.d/react-router-dom.d.ts
index 56d37327af0e..ff4278d74e66 100644
--- a/packages/console/src/include.d/react-router-dom.d.ts
+++ b/packages/console/src/include.d/react-router-dom.d.ts
@@ -6,7 +6,6 @@
  * Reference: https://github.com/remix-run/react-router/issues/10241
  */
 
-// eslint-disable-next-line import/no-unassigned-import
 import 'react-router-dom';
 
 declare module 'react-router-dom' {
diff --git a/packages/console/src/include.d/vite-env.d.ts b/packages/console/src/include.d/vite-env.d.ts
new file mode 100644
index 000000000000..3b54c3d23948
--- /dev/null
+++ b/packages/console/src/include.d/vite-env.d.ts
@@ -0,0 +1,6 @@
+import 'vite/client';
+import 'vite-plugin-svgr/client';
+
+interface ImportMeta {
+  readonly env: Record<string, unknown>;
+}
diff --git a/packages/console/src/mdx-components/ApplicationCredentials/index.tsx b/packages/console/src/mdx-components/ApplicationCredentials/index.tsx
index b52ec1571b14..332fc172d6b7 100644
--- a/packages/console/src/mdx-components/ApplicationCredentials/index.tsx
+++ b/packages/console/src/mdx-components/ApplicationCredentials/index.tsx
@@ -6,7 +6,7 @@ import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import FormField from '@/ds-components/FormField';
 import TextLink from '@/ds-components/TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function ApplicationCredentials() {
   const { app } = useContext(GuideContext);
diff --git a/packages/console/src/mdx-components/DetailsSummary/index.tsx b/packages/console/src/mdx-components/DetailsSummary/index.tsx
index d5f5b7c86a7f..62ca486b0357 100644
--- a/packages/console/src/mdx-components/DetailsSummary/index.tsx
+++ b/packages/console/src/mdx-components/DetailsSummary/index.tsx
@@ -4,10 +4,10 @@ import { useState, useCallback } from 'react';
 import type { Height } from 'react-animate-height';
 import AnimateHeight from 'react-animate-height';
 
-import ArrowRight from '@/assets/icons/triangle-right.svg';
+import ArrowRight from '@/assets/icons/triangle-right.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children?: ReactNode[] | ReactNode;
diff --git a/packages/console/src/mdx-components/Mermaid/index.tsx b/packages/console/src/mdx-components/Mermaid/index.tsx
index 19164e753451..011e0fad6726 100644
--- a/packages/console/src/mdx-components/Mermaid/index.tsx
+++ b/packages/console/src/mdx-components/Mermaid/index.tsx
@@ -3,6 +3,7 @@ import { noop, yes } from '@silverhand/essentials';
 import { type Mermaid as MermaidType } from 'mermaid';
 import { useEffect } from 'react';
 
+import { normalizeEnv } from '@/consts/env';
 import useTheme from '@/hooks/use-theme';
 
 /**
@@ -14,14 +15,14 @@ const loadMermaid = async () => {
   // https://github.com/parcel-bundler/parcel/issues/7064#issuecomment-942441649
   const uri = 'https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs';
   // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-  const imported: { default: MermaidType } = await (process.env.NODE_ENV === 'development'
+  const imported: { default: MermaidType } = await (import.meta.env.DEV
     ? // eslint-disable-next-line no-eval -- https://github.com/parcel-bundler/parcel/issues/8316
       eval(`import('${uri}')`)
     : import(uri));
   return imported.default;
 };
 
-const mermaidPromise = yes(process.env.INTEGRATION_TEST)
+const mermaidPromise = yes(normalizeEnv(import.meta.env.INTEGRATION_TEST))
   ? // Mock Mermaid in integration tests to avoid issues with network requests and testing environment.
     Promise.resolve({
       initialize: noop,
diff --git a/packages/console/src/mdx-components/OidcCallbackUri/index.tsx b/packages/console/src/mdx-components/OidcCallbackUri/index.tsx
index 1502cf6a288b..71f8af9431d2 100644
--- a/packages/console/src/mdx-components/OidcCallbackUri/index.tsx
+++ b/packages/console/src/mdx-components/OidcCallbackUri/index.tsx
@@ -6,7 +6,7 @@ import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import FormField from '@/ds-components/FormField';
 import useCustomDomain from '@/hooks/use-custom-domain';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function OidcCallbackUri() {
   const { ssoConnector } = useContext(SsoConnectorContext);
diff --git a/packages/console/src/mdx-components/Sample/index.tsx b/packages/console/src/mdx-components/Sample/index.tsx
index a5a805c93e5b..9d734b87b294 100644
--- a/packages/console/src/mdx-components/Sample/index.tsx
+++ b/packages/console/src/mdx-components/Sample/index.tsx
@@ -7,7 +7,7 @@ import { LinkButton } from '@/ds-components/Button';
 import DangerousRaw from '@/ds-components/DangerousRaw';
 import Spacer from '@/ds-components/Spacer';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 /** The inline banner for displaying the sample info. */
 export default function Sample() {
diff --git a/packages/console/src/mdx-components/SsoSamlSpMetadata/index.tsx b/packages/console/src/mdx-components/SsoSamlSpMetadata/index.tsx
index 38de02ff236d..3d04c6110ccb 100644
--- a/packages/console/src/mdx-components/SsoSamlSpMetadata/index.tsx
+++ b/packages/console/src/mdx-components/SsoSamlSpMetadata/index.tsx
@@ -5,7 +5,7 @@ import { SsoConnectorContext } from '@/contexts/SsoConnectorContextProvider';
 import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import FormField from '@/ds-components/FormField';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 // Basic SAML SP config metadata, @see `packages/core/sso/src/types/saml`
 const samlServiceProviderMetadataGuard = z.object({
diff --git a/packages/console/src/mdx-components/Step/index.tsx b/packages/console/src/mdx-components/Step/index.tsx
index 74b8029a7d6a..2e7f73084ecb 100644
--- a/packages/console/src/mdx-components/Step/index.tsx
+++ b/packages/console/src/mdx-components/Step/index.tsx
@@ -4,7 +4,7 @@ import Index from '@/components/Index';
 import CardTitle from '@/ds-components/CardTitle';
 import DangerousRaw from '@/ds-components/DangerousRaw';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly index?: number;
diff --git a/packages/console/src/mdx-components/Steps/index.tsx b/packages/console/src/mdx-components/Steps/index.tsx
index 0f60f779e597..1d6a959723c5 100644
--- a/packages/console/src/mdx-components/Steps/index.tsx
+++ b/packages/console/src/mdx-components/Steps/index.tsx
@@ -11,7 +11,7 @@ import { type Props as StepProps } from '../Step';
 import Step from '../Step';
 
 import FurtherReadings from './FurtherReadings';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children:
diff --git a/packages/console/src/mdx-components/Tabs/index.tsx b/packages/console/src/mdx-components/Tabs/index.tsx
index 4883b684697c..7903aadb4478 100644
--- a/packages/console/src/mdx-components/Tabs/index.tsx
+++ b/packages/console/src/mdx-components/Tabs/index.tsx
@@ -11,7 +11,7 @@ import { useState, isValidElement, type ReactElement, cloneElement, useRef, Chil
 
 import type { Props as TabItemProps } from '../TabItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type MaybeArray<T> = T | T[];
 
diff --git a/packages/console/src/mdx-components/UriInputField/index.tsx b/packages/console/src/mdx-components/UriInputField/index.tsx
index 36cd2d3000d1..f38915c770c0 100644
--- a/packages/console/src/mdx-components/UriInputField/index.tsx
+++ b/packages/console/src/mdx-components/UriInputField/index.tsx
@@ -26,7 +26,7 @@ import type {
 import { trySubmitSafe } from '@/utils/form';
 import { uriValidator } from '@/utils/validator';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const nameToKey: Record<Name, AdminConsoleKey> = Object.freeze({
   redirectUris: 'application_details.redirect_uri',
diff --git a/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/CardItem.tsx b/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/CardItem.tsx
index 96061a0ed499..8e16db8dbeac 100644
--- a/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/CardItem.tsx
+++ b/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/CardItem.tsx
@@ -7,7 +7,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 
 import type { MultiCardSelectorOption } from '../types';
 
-import * as styles from './CardItem.module.scss';
+import styles from './CardItem.module.scss';
 
 type Props = {
   readonly option: MultiCardSelectorOption;
diff --git a/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/index.tsx b/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/index.tsx
index 6ae19a295d21..7ed883c2a968 100644
--- a/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/index.tsx
+++ b/packages/console/src/onboarding/components/CardSelector/MultiCardSelector/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 import type { MultiCardSelectorOption } from '../types';
 
 import CardItem from './CardItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly options: MultiCardSelectorOption[];
diff --git a/packages/console/src/onboarding/components/DemoConnectorNotice/index.tsx b/packages/console/src/onboarding/components/DemoConnectorNotice/index.tsx
index c59f133c0f8d..4ea1aa2e64ef 100644
--- a/packages/console/src/onboarding/components/DemoConnectorNotice/index.tsx
+++ b/packages/console/src/onboarding/components/DemoConnectorNotice/index.tsx
@@ -2,7 +2,7 @@ import { useTranslation } from 'react-i18next';
 
 import InlineNotification from '@/ds-components/InlineNotification';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function DemoConnectorNotice() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/onboarding/components/Topbar/index.tsx b/packages/console/src/onboarding/components/Topbar/index.tsx
index 07c7de8e6370..679f6b4686e6 100644
--- a/packages/console/src/onboarding/components/Topbar/index.tsx
+++ b/packages/console/src/onboarding/components/Topbar/index.tsx
@@ -1,6 +1,6 @@
-import CloudLogo from '@/assets/images/cloud-logo.svg';
+import CloudLogo from '@/assets/images/cloud-logo.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Topbar() {
   return (
diff --git a/packages/console/src/onboarding/index.tsx b/packages/console/src/onboarding/index.tsx
index 6794d0321d64..dd03850f0edf 100644
--- a/packages/console/src/onboarding/index.tsx
+++ b/packages/console/src/onboarding/index.tsx
@@ -9,7 +9,7 @@ import { usePlausiblePageview } from '@/hooks/use-plausible-pageview';
 
 import Topbar from './components/Topbar';
 import useUserOnboardingData from './hooks/use-user-onboarding-data';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import CreateTenant from './pages/CreateTenant';
 import SignInExperience from './pages/SignInExperience';
 import Welcome from './pages/Welcome';
diff --git a/packages/console/src/onboarding/pages/CreateTenant/index.tsx b/packages/console/src/onboarding/pages/CreateTenant/index.tsx
index a06a9731f401..02b4a3584c8f 100644
--- a/packages/console/src/onboarding/pages/CreateTenant/index.tsx
+++ b/packages/console/src/onboarding/pages/CreateTenant/index.tsx
@@ -7,8 +7,8 @@ import { Controller, FormProvider, useForm } from 'react-hook-form';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 
-import CreateTenantHeaderIconDark from '@/assets/icons/create-tenant-header-dark.svg';
-import CreateTenantHeaderIcon from '@/assets/icons/create-tenant-header.svg';
+import CreateTenantHeaderIconDark from '@/assets/icons/create-tenant-header-dark.svg?react';
+import CreateTenantHeaderIcon from '@/assets/icons/create-tenant-header.svg?react';
 import { createTenantApi, useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import ActionBar from '@/components/ActionBar';
 import { type CreateTenantData } from '@/components/CreateTenantModal/types';
@@ -23,7 +23,7 @@ import RadioGroup, { Radio } from '@/ds-components/RadioGroup';
 import TextInput from '@/ds-components/TextInput';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useTheme from '@/hooks/use-theme';
-import * as pageLayout from '@/onboarding/scss/layout.module.scss';
+import pageLayout from '@/onboarding/scss/layout.module.scss';
 import { OnboardingPage, OnboardingRoute } from '@/onboarding/types';
 import InviteEmailsInput from '@/pages/TenantSettings/TenantMembers/InviteEmailsInput';
 import { type InviteeEmailItem } from '@/pages/TenantSettings/TenantMembers/types';
diff --git a/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.tsx b/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.tsx
index 2133f3bfb4cc..e0c9c76cabdc 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.tsx
@@ -2,15 +2,15 @@ import { ConnectorType } from '@logto/connector-kit';
 import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Bulb from '@/assets/icons/bulb.svg';
-import LightBulb from '@/assets/icons/light-bulb.svg';
+import Bulb from '@/assets/icons/bulb.svg?react';
+import LightBulb from '@/assets/icons/light-bulb.svg?react';
 import Button from '@/ds-components/Button';
 import useConnectorGroups from '@/hooks/use-connector-groups';
 
 import { randomSieFormDataTemplate } from '../sie-config-templates';
 import { type OnboardingSieFormData } from '../types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly onInspired: (template: OnboardingSieFormData) => void;
diff --git a/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/PlatformTab.tsx b/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/PlatformTab.tsx
index a81784891e51..236faf46dcc4 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/PlatformTab.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/PlatformTab.tsx
@@ -6,7 +6,7 @@ import type { PreviewPlatform } from '@/components/SignInExperiencePreview/types
 import DynamicT from '@/ds-components/DynamicT';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './PlatformTab.module.scss';
+import styles from './PlatformTab.module.scss';
 
 type Props = {
   readonly isSelected: boolean;
diff --git a/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/index.tsx b/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/index.tsx
index 3badf5756ffb..69361da19196 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/index.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/Preview/PlatformTabs/index.tsx
@@ -1,9 +1,9 @@
-import Native from '@/assets/icons/connector-platform-icon-native.svg';
-import Web from '@/assets/icons/connector-platform-icon-web.svg';
+import Native from '@/assets/icons/connector-platform-icon-native.svg?react';
+import Web from '@/assets/icons/connector-platform-icon-web.svg?react';
 import { PreviewPlatform } from '@/components/SignInExperiencePreview/types';
 
 import PlatformTab from './PlatformTab';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly currentTab: PreviewPlatform;
diff --git a/packages/console/src/onboarding/pages/SignInExperience/Preview/index.tsx b/packages/console/src/onboarding/pages/SignInExperience/Preview/index.tsx
index 8a920b85df61..b7537ca6dae5 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/Preview/index.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/Preview/index.tsx
@@ -7,7 +7,7 @@ import SignInExperiencePreview from '@/components/SignInExperiencePreview';
 import { PreviewPlatform } from '@/components/SignInExperiencePreview/types';
 
 import PlatformTabs from './PlatformTabs';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly signInExperience?: SignInExperience;
diff --git a/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.tsx b/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.tsx
index 49fc7f2e0986..bf6a24cbd950 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.tsx
@@ -1,8 +1,8 @@
-import * as pageLayout from '@/onboarding/scss/layout.module.scss';
+import pageLayout from '@/onboarding/scss/layout.module.scss';
 
-import * as sieLayout from '../index.module.scss';
+import sieLayout from '../index.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/onboarding/pages/SignInExperience/index.tsx b/packages/console/src/onboarding/pages/SignInExperience/index.tsx
index e0579ef891e3..822b45025d2b 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/index.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/index.tsx
@@ -7,7 +7,7 @@ import { useTranslation } from 'react-i18next';
 import { useParams } from 'react-router-dom';
 import useSWR, { SWRConfig } from 'swr';
 
-import Tools from '@/assets/icons/tools.svg';
+import Tools from '@/assets/icons/tools.svg?react';
 import ActionBar from '@/components/ActionBar';
 import { GtagConversionId, reportConversion } from '@/components/Conversion/utils';
 import PageMeta from '@/components/PageMeta';
@@ -26,7 +26,7 @@ import useTenantApi from '@/onboarding/hooks/use-tenant-api';
 import useTenantSwrOptions from '@/onboarding/hooks/use-tenant-swr-options';
 import useTenantUserAssetsService from '@/onboarding/hooks/use-tenant-user-asset-service';
 import useUserOnboardingData from '@/onboarding/hooks/use-user-onboarding-data';
-import * as pageLayout from '@/onboarding/scss/layout.module.scss';
+import pageLayout from '@/onboarding/scss/layout.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 import { buildUrl } from '@/utils/url';
 import { uriValidator } from '@/utils/validator';
@@ -36,7 +36,7 @@ import Preview from './Preview';
 import Skeleton from './Skeleton';
 import SocialSelector from './SocialSelector';
 import { formDataParser } from './form-data-parser';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { authenticationOptions, identifierOptions } from './options';
 import { defaultOnboardingSieFormData } from './sie-config-templates';
 import { Authentication, type OnboardingSieFormData } from './types';
diff --git a/packages/console/src/onboarding/pages/SignInExperience/options.tsx b/packages/console/src/onboarding/pages/SignInExperience/options.tsx
index fcd4a588922f..00af0e1693b5 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/options.tsx
+++ b/packages/console/src/onboarding/pages/SignInExperience/options.tsx
@@ -1,20 +1,20 @@
 import { SignInIdentifier } from '@logto/schemas';
 
-import Envelop from '@/assets/icons/envelop.svg';
-import Keyboard from '@/assets/icons/keyboard.svg';
-import Label from '@/assets/icons/label.svg';
-import Lock from '@/assets/icons/lock.svg';
+import Envelop from '@/assets/icons/envelop.svg?react';
+import Keyboard from '@/assets/icons/keyboard.svg?react';
+import Label from '@/assets/icons/label.svg?react';
+import Lock from '@/assets/icons/lock.svg?react';
 import DangerousRaw from '@/ds-components/DangerousRaw';
 import type {
   MultiCardSelectorOption,
   CardSelectorOption,
 } from '@/onboarding/components/CardSelector';
 
-import Apple from '../../assets/icons/social-apple.svg';
-import Facebook from '../../assets/icons/social-facebook.svg';
-import Kakao from '../../assets/icons/social-kakao.svg';
-import Microsoft from '../../assets/icons/social-microsoft.svg';
-import Oidc from '../../assets/icons/social-oidc.svg';
+import Apple from '../../assets/icons/social-apple.svg?react';
+import Facebook from '../../assets/icons/social-facebook.svg?react';
+import Kakao from '../../assets/icons/social-kakao.svg?react';
+import Microsoft from '../../assets/icons/social-microsoft.svg?react';
+import Oidc from '../../assets/icons/social-oidc.svg?react';
 
 import { Authentication } from './types';
 
diff --git a/packages/console/src/onboarding/pages/Welcome/index.tsx b/packages/console/src/onboarding/pages/Welcome/index.tsx
index df471ab276f5..c22d207aca4a 100644
--- a/packages/console/src/onboarding/pages/Welcome/index.tsx
+++ b/packages/console/src/onboarding/pages/Welcome/index.tsx
@@ -5,7 +5,7 @@ import { Controller, useForm } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 import { useNavigate } from 'react-router-dom';
 
-import Case from '@/assets/icons/case.svg';
+import Case from '@/assets/icons/case.svg?react';
 import ActionBar from '@/components/ActionBar';
 import PageMeta from '@/components/PageMeta';
 import Button from '@/ds-components/Button';
@@ -13,14 +13,14 @@ import FormField from '@/ds-components/FormField';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
 import TextInput from '@/ds-components/TextInput';
 import useUserOnboardingData from '@/onboarding/hooks/use-user-onboarding-data';
-import * as pageLayout from '@/onboarding/scss/layout.module.scss';
+import pageLayout from '@/onboarding/scss/layout.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 import { CardSelector, MultiCardSelector } from '../../components/CardSelector';
 import { OnboardingPage } from '../../types';
 import { getOnboardingPage } from '../../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { stageOptions, additionalFeaturesOptions, projectOptions } from './options';
 
 function Welcome() {
diff --git a/packages/console/src/onboarding/pages/Welcome/options.tsx b/packages/console/src/onboarding/pages/Welcome/options.tsx
index f2b1a8ad9364..4a3283a1396e 100644
--- a/packages/console/src/onboarding/pages/Welcome/options.tsx
+++ b/packages/console/src/onboarding/pages/Welcome/options.tsx
@@ -1,7 +1,7 @@
 import { AdditionalFeatures, Project, Stage } from '@logto/schemas';
 
-import Building from '@/assets/icons/building.svg';
-import Pizza from '@/assets/icons/pizza.svg';
+import Building from '@/assets/icons/building.svg?react';
+import Pizza from '@/assets/icons/pizza.svg?react';
 import type {
   CardSelectorOption,
   MultiCardSelectorOption,
diff --git a/packages/console/src/pages/AcceptInvitation/SwitchAccount/index.tsx b/packages/console/src/pages/AcceptInvitation/SwitchAccount/index.tsx
index d7fc9d094a47..5de4edf8f842 100644
--- a/packages/console/src/pages/AcceptInvitation/SwitchAccount/index.tsx
+++ b/packages/console/src/pages/AcceptInvitation/SwitchAccount/index.tsx
@@ -1,11 +1,11 @@
 import { useTranslation } from 'react-i18next';
 
-import Logo from '@/assets/images/logo.svg';
+import Logo from '@/assets/images/logo.svg?react';
 import AppLoading from '@/components/AppLoading';
 import Button from '@/ds-components/Button';
 import useCurrentUser from '@/hooks/use-current-user';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly onClickSwitch: () => void;
diff --git a/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx b/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
index eb90aa05bc78..cdf79f74d8fb 100644
--- a/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
@@ -14,7 +14,7 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 import { hasReachedQuotaLimit } from '@/utils/quota';
 
diff --git a/packages/console/src/pages/ApiResourceDetails/components/GuideDrawer/index.tsx b/packages/console/src/pages/ApiResourceDetails/components/GuideDrawer/index.tsx
index 681916d5b6a6..299516669f8f 100644
--- a/packages/console/src/pages/ApiResourceDetails/components/GuideDrawer/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/components/GuideDrawer/index.tsx
@@ -2,8 +2,8 @@ import { type Resource } from '@logto/schemas';
 import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import ArrowLeft from '@/assets/icons/arrow-left.svg';
-import Close from '@/assets/icons/close.svg';
+import ArrowLeft from '@/assets/icons/arrow-left.svg?react';
+import Close from '@/assets/icons/close.svg?react';
 import { type SelectedGuide } from '@/components/Guide/GuideCard';
 import GuideCardGroup from '@/components/Guide/GuideCardGroup';
 import { useApiGuideMetadata } from '@/components/Guide/hooks';
@@ -12,7 +12,7 @@ import Spacer from '@/ds-components/Spacer';
 
 import ApiGuide from '../ApiGuide';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly apiResource: Resource;
diff --git a/packages/console/src/pages/ApiResourceDetails/components/GuideModal/index.tsx b/packages/console/src/pages/ApiResourceDetails/components/GuideModal/index.tsx
index 18b391ed3e4c..d0aeb108ae77 100644
--- a/packages/console/src/pages/ApiResourceDetails/components/GuideModal/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/components/GuideModal/index.tsx
@@ -2,11 +2,11 @@ import { type Resource } from '@logto/schemas';
 import Modal from 'react-modal';
 
 import ModalHeader from '@/components/Guide/ModalHeader';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import ApiGuide from '../ApiGuide';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly guideId: string;
diff --git a/packages/console/src/pages/ApiResourceDetails/index.tsx b/packages/console/src/pages/ApiResourceDetails/index.tsx
index 5e697217192c..7dc16dccae5b 100644
--- a/packages/console/src/pages/ApiResourceDetails/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/index.tsx
@@ -8,12 +8,12 @@ import { Trans, useTranslation } from 'react-i18next';
 import { Outlet, useLocation, useParams } from 'react-router-dom';
 import useSWR from 'swr';
 
-import ApiResourceDark from '@/assets/icons/api-resource-dark.svg';
-import ApiResource from '@/assets/icons/api-resource.svg';
-import Delete from '@/assets/icons/delete.svg';
-import File from '@/assets/icons/file.svg';
-import ManagementApiResourceDark from '@/assets/icons/management-api-resource-dark.svg';
-import ManagementApiResource from '@/assets/icons/management-api-resource.svg';
+import ApiResourceDark from '@/assets/icons/api-resource-dark.svg?react';
+import ApiResource from '@/assets/icons/api-resource.svg?react';
+import Delete from '@/assets/icons/delete.svg?react';
+import File from '@/assets/icons/file.svg?react';
+import ManagementApiResourceDark from '@/assets/icons/management-api-resource-dark.svg?react';
+import ManagementApiResource from '@/assets/icons/management-api-resource.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader, { type MenuItem } from '@/components/DetailsPage/DetailsPageHeader';
 import Drawer from '@/components/Drawer';
@@ -30,7 +30,7 @@ import useTheme from '@/hooks/use-theme';
 import GuideDrawer from './components/GuideDrawer';
 import GuideModal from './components/GuideModal';
 import ManagementApiNotice from './components/ManagementApiNotice';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type ApiResourceDetailsOutletContext } from './types';
 
 const icons = {
diff --git a/packages/console/src/pages/ApiResources/components/CreateForm/index.tsx b/packages/console/src/pages/ApiResources/components/CreateForm/index.tsx
index b19cc76de5b2..911196a813f7 100644
--- a/packages/console/src/pages/ApiResources/components/CreateForm/index.tsx
+++ b/packages/console/src/pages/ApiResources/components/CreateForm/index.tsx
@@ -10,7 +10,7 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import TextLink from '@/ds-components/TextLink';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 import Footer from './Footer';
diff --git a/packages/console/src/pages/ApiResources/components/GuideLibrary/index.tsx b/packages/console/src/pages/ApiResources/components/GuideLibrary/index.tsx
index 438f1a6a4b61..ce7cdb0b7055 100644
--- a/packages/console/src/pages/ApiResources/components/GuideLibrary/index.tsx
+++ b/packages/console/src/pages/ApiResources/components/GuideLibrary/index.tsx
@@ -11,7 +11,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 
 import CreateForm from '../CreateForm';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/ApiResources/components/GuideLibraryModal/index.tsx b/packages/console/src/pages/ApiResources/components/GuideLibraryModal/index.tsx
index 264dedd9f36f..369e48f87f0c 100644
--- a/packages/console/src/pages/ApiResources/components/GuideLibraryModal/index.tsx
+++ b/packages/console/src/pages/ApiResources/components/GuideLibraryModal/index.tsx
@@ -4,12 +4,12 @@ import Modal from 'react-modal';
 import ModalFooter from '@/components/Guide/ModalFooter';
 import ModalHeader from '@/components/Guide/ModalHeader';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import CreateForm from '../CreateForm';
 import GuideLibrary from '../GuideLibrary';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/console/src/pages/ApiResources/index.tsx b/packages/console/src/pages/ApiResources/index.tsx
index ec680119cc4f..a9aafb15660f 100644
--- a/packages/console/src/pages/ApiResources/index.tsx
+++ b/packages/console/src/pages/ApiResources/index.tsx
@@ -4,10 +4,10 @@ import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 import useSWR from 'swr';
 
-import ApiResourceDark from '@/assets/icons/api-resource-dark.svg';
-import ApiResource from '@/assets/icons/api-resource.svg';
-import ManagementApiResourceDark from '@/assets/icons/management-api-resource-dark.svg';
-import ManagementApiResource from '@/assets/icons/management-api-resource.svg';
+import ApiResourceDark from '@/assets/icons/api-resource-dark.svg?react';
+import ApiResource from '@/assets/icons/api-resource.svg?react';
+import ManagementApiResourceDark from '@/assets/icons/management-api-resource-dark.svg?react';
+import ManagementApiResource from '@/assets/icons/management-api-resource.svg?react';
 import ChargeNotification from '@/components/ChargeNotification';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
@@ -25,7 +25,7 @@ import useTheme from '@/hooks/use-theme';
 import { buildUrl } from '@/utils/url';
 
 import GuideLibraryModal from './components/GuideLibraryModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 const apiResourcesPathname = '/api-resources';
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
index 7ff5d422e9d6..910bf0bb6eca 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
@@ -28,7 +28,7 @@ import { emptyBranding } from '@/types/sign-in-experience';
 import { trySubmitSafe } from '@/utils/form';
 import { uriValidator } from '@/utils/validator';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useApplicationSignInExperienceSWR from './use-application-sign-in-experience-swr';
 import useSignInExperienceSWR from './use-sign-in-experience-swr';
 import { type ApplicationSignInExperienceForm, formatFormToSubmitData } from './utils';
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
index d50e34ac3017..c548dd8fef30 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
@@ -13,7 +13,7 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import Select from '@/ds-components/Select';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 type FormData = { name: string; expiration: string };
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
index 8fde0ff66789..512131c31d2a 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
@@ -11,10 +11,10 @@ import { useCallback, useContext, useMemo, useState } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import CaretDown from '@/assets/icons/caret-down.svg';
-import CaretUp from '@/assets/icons/caret-up.svg';
-import CirclePlus from '@/assets/icons/circle-plus.svg';
-import Plus from '@/assets/icons/plus.svg';
+import CaretDown from '@/assets/icons/caret-down.svg?react';
+import CaretUp from '@/assets/icons/caret-up.svg?react';
+import CirclePlus from '@/assets/icons/circle-plus.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import ActionsButton from '@/components/ActionsButton';
 import FormCard from '@/components/FormCard';
 import { isDevFeaturesEnabled } from '@/consts/env';
@@ -31,7 +31,7 @@ import useApi, { type RequestError } from '@/hooks/use-api';
 import useCustomDomain from '@/hooks/use-custom-domain';
 
 import CreateSecretModal from './CreateSecretModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const isLegacySecret = (secret: string) => !secret.startsWith(internalPrefix);
 
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx
index 594c24bd0bde..4c078f476aab 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx
@@ -2,8 +2,8 @@ import { type ApplicationResponse } from '@logto/schemas';
 import { useEffect, useMemo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import ArrowLeft from '@/assets/icons/arrow-left.svg';
-import Close from '@/assets/icons/close.svg';
+import ArrowLeft from '@/assets/icons/arrow-left.svg?react';
+import Close from '@/assets/icons/close.svg?react';
 import { type SelectedGuide } from '@/components/Guide/GuideCard';
 import GuideCardGroup from '@/components/Guide/GuideCardGroup';
 import { useAppGuideMetadata } from '@/components/Guide/hooks';
@@ -12,7 +12,7 @@ import Spacer from '@/ds-components/Spacer';
 
 import AppGuide from '../../components/AppGuide';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly app: ApplicationResponse;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineLogs/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineLogs/index.tsx
index 3651509e2d88..885b252bba5c 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineLogs/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineLogs/index.tsx
@@ -1,6 +1,6 @@
 import AuditLogTable from '@/components/AuditLogTable';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = { readonly applicationId: string };
 
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineToMachineApplicationRoles/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineToMachineApplicationRoles/index.tsx
index e65c1f84b88a..a4251cb434b6 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineToMachineApplicationRoles/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/MachineToMachineApplicationRoles/index.tsx
@@ -6,8 +6,8 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Plus from '@/assets/icons/plus.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
 import RoleAssignmentModal from '@/components/RoleAssignmentModal';
@@ -25,7 +25,7 @@ import useSearchParametersWatcher from '@/hooks/use-search-parameters-watcher';
 import useTheme from '@/hooks/use-theme';
 import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/ApplicationScopesManagementModal/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/ApplicationScopesManagementModal/index.tsx
index 47f952efcad6..2831f5a798bb 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/ApplicationScopesManagementModal/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/ApplicationScopesManagementModal/index.tsx
@@ -11,7 +11,7 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useActionTranslation from '@/hooks/use-action-translation';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 import { type ScopesTableRowDataType, type UserScopeTableRowDataType } from '../use-scopes-table';
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/index.tsx
index 82a33fa4956d..dcb7cac9e4bd 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/index.tsx
@@ -22,7 +22,7 @@ import { ScopeLevel } from './ApplicationScopesAssignmentModal/type';
 import ApplicationScopesManagementModal, {
   type EditableScopeData,
 } from './ApplicationScopesManagementModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useScopesTable from './use-scopes-table';
 
 type Props = {
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/use-scopes-table.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/use-scopes-table.tsx
index 19cfb5662450..c19a56354bbf 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/use-scopes-table.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/PermissionsCard/use-scopes-table.tsx
@@ -7,12 +7,12 @@ import {
 import { useCallback, type ReactNode } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Tip from '@/assets/icons/tip.svg';
+import Tip from '@/assets/icons/tip.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import { ToggleTip } from '@/ds-components/Tip';
 import useApi from '@/hooks/use-api';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type UserScopeTableRowDataType = {
   type: ApplicationUserConsentScopeType.UserScopes;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/index.tsx
index 92edc9f090a1..a7bee8c021da 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Permissions/index.tsx
@@ -2,7 +2,7 @@ import { type Application } from '@logto/schemas';
 
 import PermissionsCard from './PermissionsCard';
 import { ScopeLevel } from './PermissionsCard/ApplicationScopesAssignmentModal/type';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly application: Application;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/components/SessionForm.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/components/SessionForm.tsx
index cdf985ac17f6..c927251801b8 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/components/SessionForm.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/components/SessionForm.tsx
@@ -11,7 +11,7 @@ import { type RequestError } from '@/hooks/use-api';
 
 import { type ApplicationForm } from '../../utils';
 
-import * as styles from './SessionForm.module.scss';
+import styles from './SessionForm.module.scss';
 
 type Props = {
   readonly data: Application;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx
index 6fe5215b12d9..ac96e6ea9654 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.tsx
@@ -13,7 +13,7 @@ import { Trans, useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 import useSWRImmutable from 'swr/immutable';
 
-import ExternalLinkIcon from '@/assets/icons/external-link.svg';
+import ExternalLinkIcon from '@/assets/icons/external-link.svg?react';
 import DomainStatusTag from '@/components/DomainStatusTag';
 import FormCard from '@/components/FormCard';
 import OpenExternalLink from '@/components/OpenExternalLink';
@@ -35,7 +35,7 @@ import EndpointsAndCredentials from '../EndpointsAndCredentials';
 import { type ApplicationForm } from '../utils';
 
 import SessionForm from './components/SessionForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly data: Application;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
index f8186e9ad678..367a4868393a 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
@@ -9,8 +9,8 @@ import { toast } from 'react-hot-toast';
 import { Trans, useTranslation } from 'react-i18next';
 import { useParams } from 'react-router-dom';
 
-import Delete from '@/assets/icons/delete.svg';
-import File from '@/assets/icons/file.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import File from '@/assets/icons/file.svg?react';
 import ApplicationIcon from '@/components/ApplicationIcon';
 import DetailsForm from '@/components/DetailsForm';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
@@ -39,7 +39,7 @@ import MachineToMachineApplicationRoles from './MachineToMachineApplicationRoles
 import Permissions from './Permissions';
 import RefreshTokenSettings from './RefreshTokenSettings';
 import Settings from './Settings';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type ApplicationForm, applicationFormDataParser } from './utils';
 
 type Props = {
diff --git a/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx b/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx
index bf877fc86063..7408ddaae1d0 100644
--- a/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx
@@ -2,11 +2,11 @@ import type { ApplicationResponse } from '@logto/schemas';
 import Modal from 'react-modal';
 
 import ModalHeader from '@/components/Guide/ModalHeader';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import AppGuide from '../components/AppGuide';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly guideId: string;
diff --git a/packages/console/src/pages/Applications/components/GuideLibrary/index.tsx b/packages/console/src/pages/Applications/components/GuideLibrary/index.tsx
index daa96d3b30e6..ae447d9fcd71 100644
--- a/packages/console/src/pages/Applications/components/GuideLibrary/index.tsx
+++ b/packages/console/src/pages/Applications/components/GuideLibrary/index.tsx
@@ -5,7 +5,7 @@ import { useCallback, useContext, useMemo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 
-import SearchIcon from '@/assets/icons/search.svg';
+import SearchIcon from '@/assets/icons/search.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import FeatureTag from '@/components/FeatureTag';
 import { type SelectedGuide } from '@/components/Guide/GuideCard';
@@ -22,7 +22,7 @@ import { thirdPartyAppCategory } from '@/types/applications';
 
 import ProtectedAppCard from '../ProtectedAppCard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Applications/components/GuideLibraryModal/index.tsx b/packages/console/src/pages/Applications/components/GuideLibraryModal/index.tsx
index 345665363c50..eb3d2a2d770c 100644
--- a/packages/console/src/pages/Applications/components/GuideLibraryModal/index.tsx
+++ b/packages/console/src/pages/Applications/components/GuideLibraryModal/index.tsx
@@ -4,11 +4,11 @@ import Modal from 'react-modal';
 import { type SelectedGuide } from '@/components/Guide/GuideCard';
 import ModalFooter from '@/components/Guide/ModalFooter';
 import ModalHeader from '@/components/Guide/ModalHeader';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import GuideLibrary from '../GuideLibrary';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx b/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx
index 3e7bc46731c5..9ee16e101de9 100644
--- a/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx
+++ b/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx
@@ -3,8 +3,8 @@ import classNames from 'classnames';
 import { useState } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
-import ProtectedAppDarkIcon from '@/assets/icons/protected-app-dark.svg';
-import ProtectedAppIcon from '@/assets/icons/protected-app.svg';
+import ProtectedAppDarkIcon from '@/assets/icons/protected-app-dark.svg?react';
+import ProtectedAppIcon from '@/assets/icons/protected-app.svg?react';
 import { BetaTag } from '@/components/FeatureTag';
 import Button from '@/ds-components/Button';
 import TextLink from '@/ds-components/TextLink';
@@ -13,7 +13,7 @@ import useTheme from '@/hooks/use-theme';
 
 import ProtectedAppModal from '../ProtectedAppModal';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx b/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx
index a6f65db2049a..5a8fc4817de0 100644
--- a/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx
+++ b/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx
@@ -23,7 +23,7 @@ import useApi from '@/hooks/use-api';
 import useApplicationsUsage from '@/hooks/use-applications-usage';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Applications/components/ProtectedAppModal/index.tsx b/packages/console/src/pages/Applications/components/ProtectedAppModal/index.tsx
index b5403526f9ab..6e93ef7b86b9 100644
--- a/packages/console/src/pages/Applications/components/ProtectedAppModal/index.tsx
+++ b/packages/console/src/pages/Applications/components/ProtectedAppModal/index.tsx
@@ -2,7 +2,7 @@ import { type Application } from '@logto/schemas';
 import Modal from 'react-modal';
 
 import ModalLayout from '@/ds-components/ModalLayout';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import ProtectedAppForm from '../ProtectedAppForm';
 
diff --git a/packages/console/src/pages/Applications/components/TypeDescription/index.tsx b/packages/console/src/pages/Applications/components/TypeDescription/index.tsx
index ecb36d27f06d..dfecf63eb073 100644
--- a/packages/console/src/pages/Applications/components/TypeDescription/index.tsx
+++ b/packages/console/src/pages/Applications/components/TypeDescription/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 
 import ApplicationIcon from '@/components/ApplicationIcon';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: string;
diff --git a/packages/console/src/pages/Applications/index.tsx b/packages/console/src/pages/Applications/index.tsx
index 51ddd6312bf1..906ccc050660 100644
--- a/packages/console/src/pages/Applications/index.tsx
+++ b/packages/console/src/pages/Applications/index.tsx
@@ -4,7 +4,7 @@ import { useCallback, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 
-import Plus from '@/assets/icons/plus.svg';
+import Plus from '@/assets/icons/plus.svg?react';
 import ApplicationCreation from '@/components/ApplicationCreation';
 import ChargeNotification from '@/components/ChargeNotification';
 import { type SelectedGuide } from '@/components/Guide/GuideCard';
@@ -18,13 +18,13 @@ import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import Table from '@/ds-components/Table';
 import useApplicationsUsage from '@/hooks/use-applications-usage';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 import { buildUrl } from '@/utils/url';
 
 import GuideLibrary from './components/GuideLibrary';
 import GuideLibraryModal from './components/GuideLibraryModal';
 import useApplicationsData from './hooks/use-application-data';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const tabs = Object.freeze({
   thirdPartyApplications: 'third-party-applications',
diff --git a/packages/console/src/pages/AuditLogDetails/components/EventIcon/index.tsx b/packages/console/src/pages/AuditLogDetails/components/EventIcon/index.tsx
index 7dc1677939db..4ee5b6b1547c 100644
--- a/packages/console/src/pages/AuditLogDetails/components/EventIcon/index.tsx
+++ b/packages/console/src/pages/AuditLogDetails/components/EventIcon/index.tsx
@@ -1,9 +1,9 @@
 import { useTranslation } from 'react-i18next';
 
-import Failed from '@/assets/icons/failed.svg';
-import Success from '@/assets/icons/success.svg';
+import Failed from '@/assets/icons/failed.svg?react';
+import Success from '@/assets/icons/success.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isSuccess: boolean;
diff --git a/packages/console/src/pages/AuditLogDetails/index.tsx b/packages/console/src/pages/AuditLogDetails/index.tsx
index d08c1a54f927..8a3b824c6c65 100644
--- a/packages/console/src/pages/AuditLogDetails/index.tsx
+++ b/packages/console/src/pages/AuditLogDetails/index.tsx
@@ -22,7 +22,7 @@ import { isWebhookEventLogKey } from '@/pages/WebhookDetails/utils';
 import { getUserTitle } from '@/utils/user';
 
 import EventIcon from './components/EventIcon';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const getAuditLogDetailsRelatedResourceLink = (pathname: string) =>
   `${pathname.slice(0, pathname.lastIndexOf('/'))}`;
diff --git a/packages/console/src/pages/AuditLogs/index.tsx b/packages/console/src/pages/AuditLogs/index.tsx
index f56857c640d4..b8e7331dbdcd 100644
--- a/packages/console/src/pages/AuditLogs/index.tsx
+++ b/packages/console/src/pages/AuditLogs/index.tsx
@@ -1,7 +1,7 @@
 import AuditLogTable from '@/components/AuditLogTable';
 import PageMeta from '@/components/PageMeta';
 import CardTitle from '@/ds-components/CardTitle';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 
 function AuditLogs() {
   return (
diff --git a/packages/console/src/pages/ConnectorDetails/ConnectorContent/EmailServiceConnectorForm/index.tsx b/packages/console/src/pages/ConnectorDetails/ConnectorContent/EmailServiceConnectorForm/index.tsx
index 8506be3d35ee..b2b113514473 100644
--- a/packages/console/src/pages/ConnectorDetails/ConnectorContent/EmailServiceConnectorForm/index.tsx
+++ b/packages/console/src/pages/ConnectorDetails/ConnectorContent/EmailServiceConnectorForm/index.tsx
@@ -14,7 +14,7 @@ import useUserAssetsService from '@/hooks/use-user-assets-service';
 import { type ConnectorFormType } from '@/types/connector';
 import { uriValidator } from '@/utils/validator';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly extraInfo?: Record<string, unknown>;
diff --git a/packages/console/src/pages/ConnectorDetails/ConnectorTabs/index.tsx b/packages/console/src/pages/ConnectorDetails/ConnectorTabs/index.tsx
index 7d616e8d0d49..5fb48d97eb9a 100644
--- a/packages/console/src/pages/ConnectorDetails/ConnectorTabs/index.tsx
+++ b/packages/console/src/pages/ConnectorDetails/ConnectorTabs/index.tsx
@@ -10,7 +10,7 @@ import { ConnectorsTabs } from '@/consts/page-tabs';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import ConnectorPlatformIcon from '@/icons/ConnectorPlatformIcon';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly target: string;
diff --git a/packages/console/src/pages/ConnectorDetails/EmailUsage/index.tsx b/packages/console/src/pages/ConnectorDetails/EmailUsage/index.tsx
index 667b41aaa35d..ba5358da375c 100644
--- a/packages/console/src/pages/ConnectorDetails/EmailUsage/index.tsx
+++ b/packages/console/src/pages/ConnectorDetails/EmailUsage/index.tsx
@@ -1,9 +1,9 @@
 import { Theme } from '@logto/schemas';
 import { Trans, useTranslation } from 'react-i18next';
 
-import EmailSentIconDark from '@/assets/icons/email-sent-dark.svg';
-import EmailSentIconLight from '@/assets/icons/email-sent.svg';
-import Tip from '@/assets/icons/tip.svg';
+import EmailSentIconDark from '@/assets/icons/email-sent-dark.svg?react';
+import EmailSentIconLight from '@/assets/icons/email-sent.svg?react';
+import Tip from '@/assets/icons/tip.svg?react';
 import DynamicT from '@/ds-components/DynamicT';
 import IconButton from '@/ds-components/IconButton';
 import TextLink from '@/ds-components/TextLink';
@@ -11,7 +11,7 @@ import { ToggleTip } from '@/ds-components/Tip';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly usage: number;
diff --git a/packages/console/src/pages/ConnectorDetails/index.tsx b/packages/console/src/pages/ConnectorDetails/index.tsx
index 63647d569633..8d7303943074 100644
--- a/packages/console/src/pages/ConnectorDetails/index.tsx
+++ b/packages/console/src/pages/ConnectorDetails/index.tsx
@@ -8,9 +8,9 @@ import { useTranslation } from 'react-i18next';
 import { useLocation, useParams } from 'react-router-dom';
 import useSWR, { useSWRConfig } from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import File from '@/assets/icons/file.svg';
-import Reset from '@/assets/icons/reset.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import File from '@/assets/icons/file.svg?react';
+import Reset from '@/assets/icons/reset.svg?react';
 import ConnectorLogo from '@/components/ConnectorLogo';
 import CreateConnectorForm from '@/components/CreateConnectorForm';
 import DeleteConnectorConfirmModal from '@/components/DeleteConnectorConfirmModal';
@@ -34,7 +34,7 @@ import ConnectorContent from './ConnectorContent';
 import ConnectorTabs from './ConnectorTabs';
 import ConnectorTypeName from './ConnectorTypeName';
 import EmailUsage from './EmailUsage';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 // TODO: refactor path-related operation utils in both Connectors and ConnectorDetails page
 const getConnectorsPathname = (isSocial: boolean) =>
diff --git a/packages/console/src/pages/Connectors/ConnectorDeleteButton/index.tsx b/packages/console/src/pages/Connectors/ConnectorDeleteButton/index.tsx
index 9b76408aa657..654239c001d5 100644
--- a/packages/console/src/pages/Connectors/ConnectorDeleteButton/index.tsx
+++ b/packages/console/src/pages/Connectors/ConnectorDeleteButton/index.tsx
@@ -3,7 +3,7 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import { useSWRConfig } from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
+import Delete from '@/assets/icons/delete.svg?react';
 import DeleteConnectorConfirmModal from '@/components/DeleteConnectorConfirmModal';
 import IconButton from '@/ds-components/IconButton';
 import { Tooltip } from '@/ds-components/Tip';
diff --git a/packages/console/src/pages/Connectors/ConnectorName/index.tsx b/packages/console/src/pages/Connectors/ConnectorName/index.tsx
index 740780db6f8f..909f2075d159 100644
--- a/packages/console/src/pages/Connectors/ConnectorName/index.tsx
+++ b/packages/console/src/pages/Connectors/ConnectorName/index.tsx
@@ -17,7 +17,7 @@ import ConnectorPlatformIcon from '@/icons/ConnectorPlatformIcon';
 import type { ConnectorGroup } from '@/types/connector';
 
 import DemoTag from './DemoTag';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly connectorGroup: ConnectorGroup;
diff --git a/packages/console/src/pages/Connectors/ConnectorStatusField/index.tsx b/packages/console/src/pages/Connectors/ConnectorStatusField/index.tsx
index e3689612afeb..e93b55fa59cb 100644
--- a/packages/console/src/pages/Connectors/ConnectorStatusField/index.tsx
+++ b/packages/console/src/pages/Connectors/ConnectorStatusField/index.tsx
@@ -1,11 +1,11 @@
 import { Trans, useTranslation } from 'react-i18next';
 
-import Tip from '@/assets/icons/tip.svg';
+import Tip from '@/assets/icons/tip.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import TextLink from '@/ds-components/TextLink';
 import { ToggleTip } from '@/ds-components/Tip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function ConnectorStatusField() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/Connectors/Guide/index.tsx b/packages/console/src/pages/Connectors/Guide/index.tsx
index 68ce4d20c412..8d23122fdb4c 100644
--- a/packages/console/src/pages/Connectors/Guide/index.tsx
+++ b/packages/console/src/pages/Connectors/Guide/index.tsx
@@ -11,7 +11,7 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import Modal from 'react-modal';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import BasicForm from '@/components/ConnectorForm/BasicForm';
 import ConfigForm from '@/components/ConnectorForm/ConfigForm';
 import ConnectorTester from '@/components/ConnectorTester';
@@ -25,7 +25,7 @@ import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
 import useConnectorApi from '@/hooks/use-connector-api';
 import { useConnectorFormConfigParser } from '@/hooks/use-connector-form-config-parser';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import type { ConnectorFormType } from '@/types/connector';
 import { SyncProfileMode } from '@/types/connector';
 import { convertFactoryResponseToForm } from '@/utils/connector-form';
@@ -33,7 +33,7 @@ import { trySubmitSafe } from '@/utils/form';
 
 import { splitMarkdownByTitle } from '../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const targetErrorCode = 'connector.multiple_target_with_same_platform';
 
diff --git a/packages/console/src/pages/Connectors/SignInExperienceSetupNotice/index.tsx b/packages/console/src/pages/Connectors/SignInExperienceSetupNotice/index.tsx
index 7cfd0ac73199..c2f72a1f7069 100644
--- a/packages/console/src/pages/Connectors/SignInExperienceSetupNotice/index.tsx
+++ b/packages/console/src/pages/Connectors/SignInExperienceSetupNotice/index.tsx
@@ -6,7 +6,7 @@ import InlineNotification from '@/ds-components/InlineNotification';
 import TextLink from '@/ds-components/TextLink';
 import useUserPreferences from '@/hooks/use-user-preferences';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function SignInExperienceSetupNotice() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/Connectors/index.tsx b/packages/console/src/pages/Connectors/index.tsx
index fab02b7984ef..19b68d2762e6 100644
--- a/packages/console/src/pages/Connectors/index.tsx
+++ b/packages/console/src/pages/Connectors/index.tsx
@@ -7,9 +7,9 @@ import { useTranslation } from 'react-i18next';
 import { useParams } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
-import SocialConnectorEmptyDark from '@/assets/images/social-connector-empty-dark.svg';
-import SocialConnectorEmpty from '@/assets/images/social-connector-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import SocialConnectorEmptyDark from '@/assets/images/social-connector-empty-dark.svg?react';
+import SocialConnectorEmpty from '@/assets/images/social-connector-empty.svg?react';
 import CreateConnectorForm from '@/components/CreateConnectorForm';
 import ListPage from '@/components/ListPage';
 import { defaultEmailConnectorGroup, defaultSmsConnectorGroup } from '@/consts';
@@ -31,7 +31,7 @@ import ConnectorStatusField from './ConnectorStatusField';
 import ConnectorTypeColumn from './ConnectorTypeColumn';
 import Guide from './Guide';
 import SignInExperienceSetupNotice from './SignInExperienceSetupNotice';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const basePathname = '/connectors';
 const passwordlessPathname = `${basePathname}/${ConnectorsTabs.Passwordless}`;
diff --git a/packages/console/src/pages/CustomizeJwt/CustomizerItem/index.tsx b/packages/console/src/pages/CustomizeJwt/CustomizerItem/index.tsx
index 05c19a8436b7..73a22d4804ad 100644
--- a/packages/console/src/pages/CustomizeJwt/CustomizerItem/index.tsx
+++ b/packages/console/src/pages/CustomizeJwt/CustomizerItem/index.tsx
@@ -1,13 +1,13 @@
 import { LogtoJwtTokenKeyType } from '@logto/schemas';
 import { useTranslation } from 'react-i18next';
 
-import DeleteIcon from '@/assets/icons/delete.svg';
-import EditIcon from '@/assets/icons/edit.svg';
+import DeleteIcon from '@/assets/icons/delete.svg?react';
+import EditIcon from '@/assets/icons/edit.svg?react';
 import Button from '@/ds-components/Button';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import { getPagePath } from '@/pages/CustomizeJwt/utils/path';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tokenType: LogtoJwtTokenKeyType;
diff --git a/packages/console/src/pages/CustomizeJwt/index.tsx b/packages/console/src/pages/CustomizeJwt/index.tsx
index f1c9ee189ee2..3ab1fe19240e 100644
--- a/packages/console/src/pages/CustomizeJwt/index.tsx
+++ b/packages/console/src/pages/CustomizeJwt/index.tsx
@@ -13,7 +13,7 @@ import FormField from '@/ds-components/FormField';
 import CreateButton from './CreateButton';
 import CustomizerItem from './CustomizerItem';
 import DeleteConfirmModal from './DeleteConfirmModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useJwtCustomizer from './use-jwt-customizer';
 
 function CustomizeJwt() {
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/ActionButton/CodeRestoreButton.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/ActionButton/CodeRestoreButton.tsx
index 63ee433488b0..0d0a42f09454 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/ActionButton/CodeRestoreButton.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/ActionButton/CodeRestoreButton.tsx
@@ -1,10 +1,10 @@
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import RedoIcon from '@/assets/icons/redo.svg';
+import RedoIcon from '@/assets/icons/redo.svg?react';
 
 import ActionButton from './index';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/Dashboard/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/Dashboard/index.tsx
index 2042506c69ae..982e06fd5f89 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/Dashboard/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/Dashboard/index.tsx
@@ -1,10 +1,10 @@
 import classNames from 'classnames';
 import { type ReactNode } from 'react';
 
-import CloseIcon from '@/assets/icons/close.svg';
+import CloseIcon from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly title: string;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/index.tsx
index e71641e6001c..17fc7f3744da 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/MonacoCodeEditor/index.tsx
@@ -11,7 +11,7 @@ import { onKeyDownHandler } from '@/utils/a11y';
 import CodeRestoreButton from './ActionButton/CodeRestoreButton.js';
 import DashBoard, { type Props as DashboardProps } from './Dashboard';
 import { defaultOptions, logtoDarkTheme, logtoLightTheme } from './config.js';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import type { IStandaloneCodeEditor, ModelSettings } from './type.js';
 import useEditorHeight from './use-editor-height.js';
 
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/ErrorContent/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/ErrorContent/index.tsx
index a5520abf8ef5..3039ac2db597 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/ErrorContent/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/ErrorContent/index.tsx
@@ -1,6 +1,6 @@
 import { type TestResultData } from '@/pages/CustomizeJwtDetails/MainContent/ScriptSection/use-test-handler';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly testResult: TestResultData;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/index.tsx
index e1212e94d770..1111083beda1 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/ScriptSection/index.tsx
@@ -5,7 +5,7 @@ import { useCallback, useContext, useMemo } from 'react';
 import { Controller, useFormContext, useWatch } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import RunIcon from '@/assets/icons/start.svg';
+import RunIcon from '@/assets/icons/start.svg?react';
 import Button from '@/ds-components/Button';
 import { CodeEditorLoadingContext } from '@/pages/CustomizeJwtDetails/CodeEditorLoadingContext';
 import MonacoCodeEditor, {
@@ -20,7 +20,7 @@ import {
 import { buildEnvironmentVariablesTypeDefinition } from '@/pages/CustomizeJwtDetails/utils/type-definitions';
 
 import ErrorContent from './ErrorContent';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useTestHandler from './use-test-handler';
 
 function ScriptSection() {
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.tsx
index 5472e3e776b8..564d0aab2564 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.tsx
@@ -1,11 +1,11 @@
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import CaretExpandedIcon from '@/assets/icons/caret-expanded.svg';
+import CaretExpandedIcon from '@/assets/icons/caret-expanded.svg?react';
 import Card from '@/ds-components/Card';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export enum CardType {
   UserData = 'user_data',
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
index 76003b617a41..6c484b8c71f1 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx
@@ -19,11 +19,11 @@ import {
   jwtCustomizerGrantContextTypeDefinition,
 } from '@/pages/CustomizeJwtDetails/utils/type-definitions';
 
-import * as tabContentStyles from '../index.module.scss';
+import tabContentStyles from '../index.module.scss';
 
 import EnvironmentVariablesField from './EnvironmentVariablesField';
 import GuideCard, { CardType } from './GuideCard';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isActive: boolean;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/TestTab/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/TestTab/index.tsx
index 1a1c9c6ea3a9..2cfaa3d09369 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/TestTab/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/TestTab/index.tsx
@@ -15,9 +15,9 @@ import {
   userContextTestModel,
 } from '@/pages/CustomizeJwtDetails/utils/config';
 
-import * as tabContentStyles from '../index.module.scss';
+import tabContentStyles from '../index.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isActive: boolean;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/index.tsx
index a2a41c05ea8b..becd4e26fc0d 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/index.tsx
@@ -1,13 +1,13 @@
 import classNames from 'classnames';
 import { useState } from 'react';
 
-import BookIcon from '@/assets/icons/book.svg';
-import FlaskIcon from '@/assets/icons/conical-flask.svg';
+import BookIcon from '@/assets/icons/book.svg?react';
+import FlaskIcon from '@/assets/icons/conical-flask.svg?react';
 import Button from '@/ds-components/Button';
 
 import InstructionTab from './InstructionTab';
 import TestTab from './TestTab';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 enum Tab {
   DataSource = 'data_source_tab',
diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/MainContent/index.tsx
index 3dead2a6ea78..d99e51727f76 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/index.tsx
@@ -15,7 +15,7 @@ import { formatFormDataToRequestData, formatResponseDataToFormData } from '../ut
 
 import ScriptSection from './ScriptSection';
 import SettingsSection from './SettingsSection';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props<T extends LogtoJwtTokenKeyType> = {
   readonly className?: string;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.tsx
index 152247eea125..9a782b44821c 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 
 import Card from '@/ds-components/Card';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tokenType: LogtoJwtTokenKeyType;
diff --git a/packages/console/src/pages/CustomizeJwtDetails/index.tsx b/packages/console/src/pages/CustomizeJwtDetails/index.tsx
index abcfa2fc8212..56bbff3f6954 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/index.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/index.tsx
@@ -8,7 +8,7 @@ import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import { CodeEditorLoadingContext } from './CodeEditorLoadingContext';
 import MainContent from './MainContent';
 import PageLoadingSkeleton from './PageLoadingSkeleton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { pageParamsGuard, type Action } from './type';
 import useDataFetch from './use-data-fetch';
 
diff --git a/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx b/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
index 278292ada611..3eee22b503d7 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
+++ b/packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx
@@ -7,8 +7,8 @@ import {
 } from '@logto/schemas';
 import { type EditorProps } from '@monaco-editor/react';
 
-import TokenFileIcon from '@/assets/icons/token-file-icon.svg';
-import UserFileIcon from '@/assets/icons/user-file-icon.svg';
+import TokenFileIcon from '@/assets/icons/token-file-icon.svg?react';
+import UserFileIcon from '@/assets/icons/user-file-icon.svg?react';
 
 import type { ModelSettings } from '../MainContent/MonacoCodeEditor/type.js';
 
diff --git a/packages/console/src/pages/Dashboard/components/Block.tsx b/packages/console/src/pages/Dashboard/components/Block.tsx
index 407112d985fc..a058e9f015ef 100644
--- a/packages/console/src/pages/Dashboard/components/Block.tsx
+++ b/packages/console/src/pages/Dashboard/components/Block.tsx
@@ -2,9 +2,9 @@ import type { AdminConsoleKey } from '@logto/phrases';
 import { conditionalString } from '@silverhand/essentials';
 import classNames from 'classnames';
 
-import ArrowDown from '@/assets/icons/arrow-down.svg';
-import ArrowUp from '@/assets/icons/arrow-up.svg';
-import Tip from '@/assets/icons/tip.svg';
+import ArrowDown from '@/assets/icons/arrow-down.svg?react';
+import ArrowUp from '@/assets/icons/arrow-up.svg?react';
+import Tip from '@/assets/icons/tip.svg?react';
 import Card from '@/ds-components/Card';
 import DynamicT from '@/ds-components/DynamicT';
 import IconButton from '@/ds-components/IconButton';
@@ -12,7 +12,7 @@ import { ToggleTip } from '@/ds-components/Tip';
 import type { Props as ToggleTipProps } from '@/ds-components/Tip/ToggleTip';
 import { formatNumberWithComma } from '@/utils/number';
 
-import * as styles from './Block.module.scss';
+import styles from './Block.module.scss';
 
 type Props = {
   readonly count: number;
diff --git a/packages/console/src/pages/Dashboard/components/ChartTooltip/index.tsx b/packages/console/src/pages/Dashboard/components/ChartTooltip/index.tsx
index 141cd3d6f81e..2c93ddcc7cba 100644
--- a/packages/console/src/pages/Dashboard/components/ChartTooltip/index.tsx
+++ b/packages/console/src/pages/Dashboard/components/ChartTooltip/index.tsx
@@ -1,6 +1,6 @@
 import { formatNumberWithComma } from '@/utils/number';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly label?: string;
diff --git a/packages/console/src/pages/Dashboard/components/Skeleton/index.tsx b/packages/console/src/pages/Dashboard/components/Skeleton/index.tsx
index 1794cd9ac92d..f948a7fcf80a 100644
--- a/packages/console/src/pages/Dashboard/components/Skeleton/index.tsx
+++ b/packages/console/src/pages/Dashboard/components/Skeleton/index.tsx
@@ -1,6 +1,6 @@
 import Card from '@/ds-components/Card';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/pages/Dashboard/index.tsx b/packages/console/src/pages/Dashboard/index.tsx
index a0a1a30d9a48..ee2d27ebc977 100644
--- a/packages/console/src/pages/Dashboard/index.tsx
+++ b/packages/console/src/pages/Dashboard/index.tsx
@@ -22,7 +22,7 @@ import type { RequestError } from '@/hooks/use-api';
 import Block from './components/Block';
 import ChartTooltip from './components/ChartTooltip';
 import Skeleton from './components/Skeleton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import type { ActiveUsersResponse, NewUsersResponse, TotalUsersResponse } from './types';
 
 const tickStyle = {
diff --git a/packages/console/src/pages/EnterpriseSso/SsoConnectorLogo/index.tsx b/packages/console/src/pages/EnterpriseSso/SsoConnectorLogo/index.tsx
index bba65bbb36a8..6babe925c72e 100644
--- a/packages/console/src/pages/EnterpriseSso/SsoConnectorLogo/index.tsx
+++ b/packages/console/src/pages/EnterpriseSso/SsoConnectorLogo/index.tsx
@@ -5,7 +5,7 @@ import classNames from 'classnames';
 import ImageWithErrorFallback from '@/ds-components/ImageWithErrorFallback';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { pickLogoForCurrentThemeHelper } from './utils';
 
 type Props = {
diff --git a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/SsoConnectorRadio/index.tsx b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/SsoConnectorRadio/index.tsx
index ae5f2895ed81..805b22f2f6dc 100644
--- a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/SsoConnectorRadio/index.tsx
+++ b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/SsoConnectorRadio/index.tsx
@@ -4,7 +4,7 @@ import classNames from 'classnames';
 import ImageWithErrorFallback from '@/ds-components/ImageWithErrorFallback';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly data: SsoConnectorProviderDetail;
diff --git a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/index.tsx b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/index.tsx
index edac0cbb5328..6e9492c4b716 100644
--- a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/index.tsx
+++ b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/SsoConnectorRadioGroup/index.tsx
@@ -5,7 +5,7 @@ import { type ConnectorRadioGroupSize } from '@/components/CreateConnectorForm/C
 import RadioGroup, { Radio } from '@/ds-components/RadioGroup';
 
 import SsoConnectorRadio from './SsoConnectorRadio';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly name: string;
diff --git a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx
index 8525df33111d..aaa7e1d3917c 100644
--- a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx
+++ b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx
@@ -22,11 +22,11 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useApi, { type RequestError } from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 import SsoConnectorRadioGroup from './SsoConnectorRadioGroup';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { categorizeSsoConnectorProviders } from './utils';
 
 type Props = {
diff --git a/packages/console/src/pages/EnterpriseSso/index.tsx b/packages/console/src/pages/EnterpriseSso/index.tsx
index 74d78056a30e..e3d40158a185 100644
--- a/packages/console/src/pages/EnterpriseSso/index.tsx
+++ b/packages/console/src/pages/EnterpriseSso/index.tsx
@@ -5,9 +5,9 @@ import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
-import EnterpriseSsoConnectorEmptyDark from '@/assets/images/sso-connector-empty-dark.svg';
-import EnterpriseSsoConnectorEmpty from '@/assets/images/sso-connector-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import EnterpriseSsoConnectorEmptyDark from '@/assets/images/sso-connector-empty-dark.svg?react';
+import EnterpriseSsoConnectorEmpty from '@/assets/images/sso-connector-empty.svg?react';
 import ItemPreview from '@/components/ItemPreview';
 import ListPage from '@/components/ListPage';
 import { defaultPageSize } from '@/consts';
@@ -24,7 +24,7 @@ import { buildUrl } from '@/utils/url';
 
 import SsoConnectorLogo from './SsoConnectorLogo';
 import SsoCreationModal from './SsoCreationModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 const enterpriseSsoPathname = '/enterprise-sso';
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/FileReader/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/FileReader/index.tsx
index 67a2a4ebc9a1..d81d2320d1ef 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/FileReader/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/FileReader/index.tsx
@@ -4,17 +4,17 @@ import { useCallback } from 'react';
 import { useDropzone, type FileRejection, type Accept } from 'react-dropzone';
 import { type FieldError } from 'react-hook-form';
 
-import Delete from '@/assets/icons/delete.svg';
-import FileIconDark from '@/assets/icons/file-icon-dark.svg';
-import FileIcon from '@/assets/icons/file-icon.svg';
-import UploaderIcon from '@/assets/icons/upload.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import FileIconDark from '@/assets/icons/file-icon-dark.svg?react';
+import FileIcon from '@/assets/icons/file-icon.svg?react';
+import UploaderIcon from '@/assets/icons/upload.svg?react';
 import Button from '@/ds-components/Button';
 import IconButton from '@/ds-components/IconButton';
 import useTheme from '@/hooks/use-theme';
 
 import { calculateFileSize } from '../SamlMetadataForm/utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const fileSizeLimit = 500 * 1024; // 500 KB
 
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/ParsedConfigPreview/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/ParsedConfigPreview/index.tsx
index 7e7675d054fa..249fccdf9140 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/ParsedConfigPreview/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/ParsedConfigPreview/index.tsx
@@ -3,7 +3,7 @@ import { useTranslation } from 'react-i18next';
 
 import { type OidcProviderConfig } from '@/pages/EnterpriseSsoDetails/types/oidc';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly providerConfig: OidcProviderConfig;
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/index.tsx
index b8c52e4000dc..580a695f7a34 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/OidcMetadataForm/index.tsx
@@ -11,7 +11,7 @@ import { uriValidator } from '@/utils/validator';
 import { type OidcConnectorConfig, type OidcProviderConfig } from '../../types/oidc';
 
 import ParsedConfigPreview from './ParsedConfigPreview';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly providerConfig?: OidcProviderConfig;
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlAttributeMapping/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlAttributeMapping/index.tsx
index 08a6c6f0f8f1..7d9b6b2ce321 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlAttributeMapping/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlAttributeMapping/index.tsx
@@ -10,7 +10,7 @@ import {
   type SamlConnectorConfig,
 } from '@/pages/EnterpriseSsoDetails/types/saml';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly samlProviderConfig?: SamlProviderConfig;
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlConnectorForm.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlConnectorForm.tsx
index 5955515b86ce..889588787ec7 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlConnectorForm.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlConnectorForm.tsx
@@ -24,7 +24,7 @@ import { invalidConfigErrorCode, invalidMetadataErrorCode } from '../config';
 import SamlAttributeMapping from './SamlAttributeMapping';
 import SamlMetadataForm from './SamlMetadataForm';
 import SamlConnectorSpInfo from './ServiceProviderInfo/SamlConnectorSpInfo';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isDeleted: boolean;
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/ParsedConfigPreview/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/ParsedConfigPreview/index.tsx
index 9b0866c8bdf5..5305a2a2f294 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/ParsedConfigPreview/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/ParsedConfigPreview/index.tsx
@@ -8,7 +8,7 @@ import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import DynamicT from '@/ds-components/DynamicT';
 import { type SamlProviderConfig } from '@/pages/EnterpriseSsoDetails/types/saml';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly identityProviderConfig: SamlProviderConfig['identityProvider'];
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/SwitchFormatButton/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/SwitchFormatButton/index.tsx
index cf50520e9287..2b71c71996eb 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/SwitchFormatButton/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/SwitchFormatButton/index.tsx
@@ -2,13 +2,13 @@ import { type AdminConsoleKey } from '@logto/phrases';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import SwitchArrowIcon from '@/assets/icons/switch-arrow.svg';
-import Tick from '@/assets/icons/tick.svg';
+import SwitchArrowIcon from '@/assets/icons/switch-arrow.svg?react';
+import Tick from '@/assets/icons/tick.svg?react';
 import ActionMenu from '@/ds-components/ActionMenu';
 import { DropdownItem } from '@/ds-components/Dropdown';
 import DynamicT from '@/ds-components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly value: FormFormat;
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/index.tsx
index 434d27a09c2d..ecd5f263507e 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Connection/SamlMetadataForm/index.tsx
@@ -15,7 +15,7 @@ import FileReader, { type Props as FileReaderProps } from '../FileReader';
 
 import ParsedConfigPreview, { CertificatePreview } from './ParsedConfigPreview';
 import SwitchFormatButton, { FormFormat } from './SwitchFormatButton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type SamlMetadataFormFieldsProps = Pick<SamlMetadataFormProps, 'config'> & {
   readonly identityProviderConfig?: SamlProviderConfig['identityProvider'];
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Experience/DomainsInput/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Experience/DomainsInput/index.tsx
index e4e9e29f7764..9743f511a8d8 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Experience/DomainsInput/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Experience/DomainsInput/index.tsx
@@ -6,13 +6,13 @@ import { useRef, useState } from 'react';
 import { useFormContext } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import Tag from '@/ds-components/Tag';
 import { onKeyDownHandler } from '@/utils/a11y';
 
 import { domainRegExp } from './consts';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { domainOptionsParser, type Option } from './utils';
 
 export type DomainsFormType = {
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
index 6bdb2ffada5b..e355f8ab05d2 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
@@ -8,7 +8,7 @@ import ImageUploader from '@/ds-components/Uploader/ImageUploader';
 
 import type { FormType } from '../index.js';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const allowedMimeTypes: AllowedUploadMimeType[] = ['image/png', 'image/jpeg', 'image/svg+xml']; // Only allow `svg`, `png`, `jpg` and `jpeg` files.
 
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Experience/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Experience/index.tsx
index 0d6892e5d78e..c71defa799d1 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Experience/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Experience/index.tsx
@@ -32,7 +32,7 @@ import {
 } from './DomainsInput/consts';
 import { domainOptionsParser } from './DomainsInput/utils';
 import LogosUploader from './LogosUploader';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type DataType = Pick<
   SsoConnectorWithProviderConfig,
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/SsoGuide/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/SsoGuide/index.tsx
index 9e0f63b0e412..3c636237c407 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/SsoGuide/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/SsoGuide/index.tsx
@@ -8,7 +8,7 @@ import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
 import MdxProvider from '@/mdx-components/MdxProvider';
 import NotFound from '@/pages/NotFound';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly ssoConnector?: SsoConnectorWithProviderConfig;
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/index.tsx
index 9f69ecf66e52..c1da2a45ce53 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/index.tsx
@@ -4,8 +4,8 @@ import { useEffect, useState } from 'react';
 import { useLocation, useParams } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import File from '@/assets/icons/file.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import File from '@/assets/icons/file.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
 import Skeleton from '@/components/DetailsPage/Skeleton';
@@ -24,7 +24,7 @@ import Connection from './Connection';
 import Experience from './Experience';
 import SsoGuide from './SsoGuide';
 import { enterpriseSsoPathname } from './config';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useDeleteConnector from './use-delete-connector';
 
 const getSsoConnectorDetailsPathname = (ssoConnectorId: string, tab: EnterpriseSsoDetailsTabs) =>
diff --git a/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.tsx b/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.tsx
index e5d599d1bd21..cc97bfb37722 100644
--- a/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.tsx
+++ b/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.tsx
@@ -12,7 +12,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import ProtectedAppCard from '@/pages/Applications/components/ProtectedAppCard';
 import ProtectedAppForm from '@/pages/Applications/components/ProtectedAppForm';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function ProtectedAppCreationForm() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/GetStarted/index.tsx b/packages/console/src/pages/GetStarted/index.tsx
index 9e9879978da4..266541c89f94 100644
--- a/packages/console/src/pages/GetStarted/index.tsx
+++ b/packages/console/src/pages/GetStarted/index.tsx
@@ -3,12 +3,12 @@ import classNames from 'classnames';
 import { useCallback, useContext, useMemo, useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import CheckPreviewDark from '@/assets/icons/check-demo-dark.svg';
-import CheckPreview from '@/assets/icons/check-demo.svg';
-import CreateRoleDark from '@/assets/icons/create-role-dark.svg';
-import CreateRole from '@/assets/icons/create-role.svg';
-import SocialDark from '@/assets/icons/social-dark.svg';
-import Social from '@/assets/icons/social.svg';
+import CheckPreviewDark from '@/assets/icons/check-demo-dark.svg?react';
+import CheckPreview from '@/assets/icons/check-demo.svg?react';
+import CreateRoleDark from '@/assets/icons/create-role-dark.svg?react';
+import CreateRole from '@/assets/icons/create-role.svg?react';
+import SocialDark from '@/assets/icons/social-dark.svg?react';
+import Social from '@/assets/icons/social.svg?react';
 import ApplicationCreation from '@/components/ApplicationCreation';
 import { type SelectedGuide } from '@/components/Guide/GuideCard';
 import GuideCardGroup from '@/components/Guide/GuideCardGroup';
@@ -28,7 +28,7 @@ import useWindowResize from '@/hooks/use-window-resize';
 import CreateApiForm from '../ApiResources/components/CreateForm';
 
 import ProtectedAppCreationForm from './ProtectedAppCreationForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const icons = {
   [Theme.Light]: { PreviewIcon: CheckPreview, SocialIcon: Social, RbacIcon: CreateRole },
diff --git a/packages/console/src/pages/Mfa/MfaForm/FactorLabel/WebAuthnTipContent/index.tsx b/packages/console/src/pages/Mfa/MfaForm/FactorLabel/WebAuthnTipContent/index.tsx
index b854ef605ff0..19f167c7a609 100644
--- a/packages/console/src/pages/Mfa/MfaForm/FactorLabel/WebAuthnTipContent/index.tsx
+++ b/packages/console/src/pages/Mfa/MfaForm/FactorLabel/WebAuthnTipContent/index.tsx
@@ -1,6 +1,6 @@
 import DynamicT from '@/ds-components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function WebAuthnTipContent() {
   return (
diff --git a/packages/console/src/pages/Mfa/MfaForm/FactorLabel/index.tsx b/packages/console/src/pages/Mfa/MfaForm/FactorLabel/index.tsx
index 0ef88bc6f0b4..1c584a0c0f99 100644
--- a/packages/console/src/pages/Mfa/MfaForm/FactorLabel/index.tsx
+++ b/packages/console/src/pages/Mfa/MfaForm/FactorLabel/index.tsx
@@ -5,7 +5,7 @@ import MfaFactorTitle from '@/components/MfaFactorTitle';
 import DynamicT from '@/ds-components/DynamicT';
 
 import WebAuthnTipContent from './WebAuthnTipContent';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly type: MfaFactor;
diff --git a/packages/console/src/pages/Mfa/MfaForm/index.tsx b/packages/console/src/pages/Mfa/MfaForm/index.tsx
index 0188553f99e3..e4b6e9e92134 100644
--- a/packages/console/src/pages/Mfa/MfaForm/index.tsx
+++ b/packages/console/src/pages/Mfa/MfaForm/index.tsx
@@ -23,7 +23,7 @@ import { type MfaConfigForm, type MfaConfig } from '../types';
 
 import FactorLabel from './FactorLabel';
 import { policyOptionTitleMap } from './constants';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { convertMfaFormToConfig, convertMfaConfigToForm, validateBackupCodeFactor } from './utils';
 
 type Props = {
diff --git a/packages/console/src/pages/Mfa/PageWrapper/index.tsx b/packages/console/src/pages/Mfa/PageWrapper/index.tsx
index ccd5c3e8e517..b89dcdcf8953 100644
--- a/packages/console/src/pages/Mfa/PageWrapper/index.tsx
+++ b/packages/console/src/pages/Mfa/PageWrapper/index.tsx
@@ -8,7 +8,7 @@ import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import CardTitle from '@/ds-components/CardTitle';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/pages/Mfa/Skeleton/index.tsx b/packages/console/src/pages/Mfa/Skeleton/index.tsx
index 3bb6647fef8a..ec9abdb8bf69 100644
--- a/packages/console/src/pages/Mfa/Skeleton/index.tsx
+++ b/packages/console/src/pages/Mfa/Skeleton/index.tsx
@@ -1,6 +1,6 @@
 import { FormCardSkeleton } from '@/components/FormCard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/pages/NotFound/index.tsx b/packages/console/src/pages/NotFound/index.tsx
index 39e5e7985133..a256177e445e 100644
--- a/packages/console/src/pages/NotFound/index.tsx
+++ b/packages/console/src/pages/NotFound/index.tsx
@@ -2,13 +2,13 @@ import { Theme } from '@logto/schemas';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import NotFoundDarkImage from '@/assets/images/not-found-dark.svg';
-import NotFoundImage from '@/assets/images/not-found.svg';
+import NotFoundDarkImage from '@/assets/images/not-found-dark.svg?react';
+import NotFoundImage from '@/assets/images/not-found.svg?react';
 import PageMeta from '@/components/PageMeta';
 import Card from '@/ds-components/Card';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/OrganizationDetails/EditOrganizationRolesModal/index.tsx b/packages/console/src/pages/OrganizationDetails/EditOrganizationRolesModal/index.tsx
index 92835e31ed24..84fdde8a2946 100644
--- a/packages/console/src/pages/OrganizationDetails/EditOrganizationRolesModal/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/EditOrganizationRolesModal/index.tsx
@@ -10,7 +10,7 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import { type Option } from '@/ds-components/Select/MultiSelect';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { decapitalize } from '@/utils/string';
 
 type WithOrganizationRoles = {
diff --git a/packages/console/src/pages/OrganizationDetails/MachineToMachine/AddAppsToOrganization.tsx b/packages/console/src/pages/OrganizationDetails/MachineToMachine/AddAppsToOrganization.tsx
index 6ec5156e137e..bcaf531674c8 100644
--- a/packages/console/src/pages/OrganizationDetails/MachineToMachine/AddAppsToOrganization.tsx
+++ b/packages/console/src/pages/OrganizationDetails/MachineToMachine/AddAppsToOrganization.tsx
@@ -14,7 +14,7 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import { type Option } from '@/ds-components/Select/MultiSelect';
 import useActionTranslation from '@/hooks/use-action-translation';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 type Props = {
diff --git a/packages/console/src/pages/OrganizationDetails/MachineToMachine/index.tsx b/packages/console/src/pages/OrganizationDetails/MachineToMachine/index.tsx
index bf2db19e4b96..117102807aa7 100644
--- a/packages/console/src/pages/OrganizationDetails/MachineToMachine/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/MachineToMachine/index.tsx
@@ -4,7 +4,7 @@ import { useTranslation } from 'react-i18next';
 import { useOutletContext } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
+import Plus from '@/assets/icons/plus.svg?react';
 import ActionsButton from '@/components/ActionsButton';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ApplicationPreview from '@/components/ItemPreview/ApplicationPreview';
@@ -23,7 +23,7 @@ import EditOrganizationRolesModal from '../EditOrganizationRolesModal';
 import { type OrganizationDetailsOutletContext } from '../types';
 
 import AddAppsToOrganization from './AddAppsToOrganization';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 
diff --git a/packages/console/src/pages/OrganizationDetails/Members/AddMembersToOrganization.tsx b/packages/console/src/pages/OrganizationDetails/Members/AddMembersToOrganization.tsx
index b93209440131..332b22c1fbfe 100644
--- a/packages/console/src/pages/OrganizationDetails/Members/AddMembersToOrganization.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Members/AddMembersToOrganization.tsx
@@ -14,7 +14,7 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import { type Option } from '@/ds-components/Select/MultiSelect';
 import useActionTranslation from '@/hooks/use-action-translation';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 type Props = {
diff --git a/packages/console/src/pages/OrganizationDetails/Members/index.tsx b/packages/console/src/pages/OrganizationDetails/Members/index.tsx
index e4fd674956f5..36e2fea566bb 100644
--- a/packages/console/src/pages/OrganizationDetails/Members/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Members/index.tsx
@@ -4,7 +4,7 @@ import { useTranslation } from 'react-i18next';
 import { useOutletContext } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
+import Plus from '@/assets/icons/plus.svg?react';
 import ActionsButton from '@/components/ActionsButton';
 import DateTime from '@/components/DateTime';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
@@ -24,7 +24,7 @@ import EditOrganizationRolesModal from '../EditOrganizationRolesModal';
 import { type OrganizationDetailsOutletContext } from '../types';
 
 import AddMembersToOrganization from './AddMembersToOrganization';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 
diff --git a/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx b/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx
index 777ac6932509..3336682a967c 100644
--- a/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Settings/JitSettings.tsx
@@ -5,9 +5,9 @@ import { Controller, type UseFormReturn } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
 import useSWRInfinite from 'swr/infinite';
 
-import Minus from '@/assets/icons/minus.svg';
-import Plus from '@/assets/icons/plus.svg';
-import SsoIcon from '@/assets/icons/single-sign-on.svg';
+import Minus from '@/assets/icons/minus.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
+import SsoIcon from '@/assets/icons/single-sign-on.svg?react';
 import FormCard from '@/components/FormCard';
 import MultiOptionInput from '@/components/MultiOptionInput';
 import OrganizationRolesSelect from '@/components/OrganizationRolesSelect';
@@ -23,7 +23,7 @@ import useDocumentationUrl from '@/hooks/use-documentation-url';
 import SsoConnectorLogo from '@/pages/EnterpriseSso/SsoConnectorLogo';
 import { domainRegExp } from '@/pages/EnterpriseSsoDetails/Experience/DomainsInput/consts';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type FormData } from './utils';
 
 type Props = {
diff --git a/packages/console/src/pages/OrganizationDetails/Settings/index.tsx b/packages/console/src/pages/OrganizationDetails/Settings/index.tsx
index 56f672653b1e..deccae6d65f5 100644
--- a/packages/console/src/pages/OrganizationDetails/Settings/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Settings/index.tsx
@@ -24,7 +24,7 @@ import { trySubmitSafe } from '@/utils/form';
 import { type OrganizationDetailsOutletContext } from '../types';
 
 import JitSettings from './JitSettings';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { assembleData, isJsonObject, normalizeData, type FormData } from './utils';
 
 function Settings() {
diff --git a/packages/console/src/pages/OrganizationDetails/index.tsx b/packages/console/src/pages/OrganizationDetails/index.tsx
index 222998359eab..0fcc7d8df962 100644
--- a/packages/console/src/pages/OrganizationDetails/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/index.tsx
@@ -9,9 +9,9 @@ import { useTranslation } from 'react-i18next';
 import { Outlet, useParams } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import File from '@/assets/icons/file.svg';
-import OrganizationIcon from '@/assets/icons/organization-preview.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import File from '@/assets/icons/file.svg?react';
+import OrganizationIcon from '@/assets/icons/organization-preview.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
 import Drawer from '@/components/Drawer';
@@ -24,7 +24,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 
 import Introduction from '../Organizations/Introduction';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { OrganizationDetailsTabs, type OrganizationDetailsOutletContext } from './types';
 
 const pathname = '/organizations';
diff --git a/packages/console/src/pages/OrganizationRoleDetails/Permissions/ResourceName/index.tsx b/packages/console/src/pages/OrganizationRoleDetails/Permissions/ResourceName/index.tsx
index 8e1ace42c603..2ddb1ccd59e2 100644
--- a/packages/console/src/pages/OrganizationRoleDetails/Permissions/ResourceName/index.tsx
+++ b/packages/console/src/pages/OrganizationRoleDetails/Permissions/ResourceName/index.tsx
@@ -1,9 +1,9 @@
 import { type Resource } from '@logto/schemas';
 import useSWR from 'swr';
 
-import ResourceIcon from '@/assets/icons/resource.svg';
+import ResourceIcon from '@/assets/icons/resource.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly resourceId: string;
diff --git a/packages/console/src/pages/OrganizationRoleDetails/Permissions/index.tsx b/packages/console/src/pages/OrganizationRoleDetails/Permissions/index.tsx
index 5dde3b42be53..fdc7387c8090 100644
--- a/packages/console/src/pages/OrganizationRoleDetails/Permissions/index.tsx
+++ b/packages/console/src/pages/OrganizationRoleDetails/Permissions/index.tsx
@@ -4,7 +4,7 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import { useOutletContext } from 'react-router-dom';
 
-import Plus from '@/assets/icons/plus.svg';
+import Plus from '@/assets/icons/plus.svg?react';
 import ActionsButton from '@/components/ActionsButton';
 import Breakable from '@/components/Breakable';
 import EditScopeModal, { type EditScopeData } from '@/components/EditScopeModal';
@@ -21,7 +21,7 @@ import useSearchParametersWatcher from '@/hooks/use-search-parameters-watcher';
 import { type OrganizationRoleDetailsOutletContext } from '../types';
 
 import ResourceName from './ResourceName';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useOrganizationRoleScopes from './use-organization-role-scopes';
 
 type OrganizationRoleScope = OrganizationScope | Scope;
diff --git a/packages/console/src/pages/OrganizationRoleDetails/index.tsx b/packages/console/src/pages/OrganizationRoleDetails/index.tsx
index 1a52fc0f3045..7b9a9351634f 100644
--- a/packages/console/src/pages/OrganizationRoleDetails/index.tsx
+++ b/packages/console/src/pages/OrganizationRoleDetails/index.tsx
@@ -6,8 +6,8 @@ import { useTranslation } from 'react-i18next';
 import { Outlet, useLocation, useParams } from 'react-router-dom';
 import useSWR, { useSWRConfig } from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import OrgRoleIcon from '@/assets/icons/organization-role-feature.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import OrgRoleIcon from '@/assets/icons/organization-role-feature.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
 import PageMeta from '@/components/PageMeta';
@@ -19,7 +19,7 @@ import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import useApi, { type RequestError } from '@/hooks/use-api';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type OrganizationRoleDetailsOutletContext } from './types';
 
 // Console path for organization roles
diff --git a/packages/console/src/pages/OrganizationTemplate/OrganizationPermissions/index.tsx b/packages/console/src/pages/OrganizationTemplate/OrganizationPermissions/index.tsx
index d8343c0bd2b0..0ac4ab05c3ed 100644
--- a/packages/console/src/pages/OrganizationTemplate/OrganizationPermissions/index.tsx
+++ b/packages/console/src/pages/OrganizationTemplate/OrganizationPermissions/index.tsx
@@ -4,9 +4,9 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
-import PermissionsEmptyDark from '@/assets/images/permissions-empty-dark.svg';
-import PermissionsEmpty from '@/assets/images/permissions-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import PermissionsEmptyDark from '@/assets/images/permissions-empty-dark.svg?react';
+import PermissionsEmpty from '@/assets/images/permissions-empty.svg?react';
 import ActionsButton from '@/components/ActionsButton';
 import Breakable from '@/components/Breakable';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
@@ -23,7 +23,7 @@ import useDocumentationUrl from '@/hooks/use-documentation-url';
 import useSearchParametersWatcher from '@/hooks/use-search-parameters-watcher';
 import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function OrganizationPermissions() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/CreateOrganizationRoleModal.tsx b/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/CreateOrganizationRoleModal.tsx
index 6a4546547e30..455aa1041e71 100644
--- a/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/CreateOrganizationRoleModal.tsx
+++ b/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/CreateOrganizationRoleModal.tsx
@@ -13,10 +13,10 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import RadioGroup, { Radio } from '@/ds-components/RadioGroup';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormData = Pick<OrganizationRole, 'name' | 'description' | 'type'>;
 
diff --git a/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/index.tsx b/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/index.tsx
index 3a45cea1bccf..bc9bd2ac4584 100644
--- a/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/index.tsx
+++ b/packages/console/src/pages/OrganizationTemplate/OrganizationRoles/index.tsx
@@ -4,10 +4,10 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import OrgRoleIcon from '@/assets/icons/organization-role-feature.svg';
-import Plus from '@/assets/icons/plus.svg';
-import RolesEmptyDark from '@/assets/images/roles-empty-dark.svg';
-import RolesEmpty from '@/assets/images/roles-empty.svg';
+import OrgRoleIcon from '@/assets/icons/organization-role-feature.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
+import RolesEmptyDark from '@/assets/images/roles-empty-dark.svg?react';
+import RolesEmpty from '@/assets/images/roles-empty.svg?react';
 import Breakable from '@/components/Breakable';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
@@ -27,7 +27,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
 import CreateOrganizationRoleModal from './CreateOrganizationRoleModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function OrganizationRoles() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/OrganizationTemplate/index.tsx b/packages/console/src/pages/OrganizationTemplate/index.tsx
index 54621c1840dc..7c5b3174ad77 100644
--- a/packages/console/src/pages/OrganizationTemplate/index.tsx
+++ b/packages/console/src/pages/OrganizationTemplate/index.tsx
@@ -4,8 +4,8 @@ import classNames from 'classnames';
 import { useCallback, useContext, useState } from 'react';
 import { Outlet } from 'react-router-dom';
 
-import OrganizationEmptyDark from '@/assets/images/organization-empty-dark.svg';
-import OrganizationEmpty from '@/assets/images/organization-empty.svg';
+import OrganizationEmptyDark from '@/assets/images/organization-empty-dark.svg?react';
+import OrganizationEmpty from '@/assets/images/organization-empty.svg?react';
 import Drawer from '@/components/Drawer';
 import PageMeta from '@/components/PageMeta';
 import { OrganizationTemplateTabs, organizationTemplateLink } from '@/consts';
@@ -21,11 +21,11 @@ import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import TablePlaceholder from '@/ds-components/Table/TablePlaceholder';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 
 import Introduction from '../Organizations/Introduction';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const basePathname = '/organization-template';
 
diff --git a/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx b/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx
index fb6c54723e70..52870cc010e5 100644
--- a/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx
+++ b/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx
@@ -13,7 +13,7 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 type Props = {
diff --git a/packages/console/src/pages/Organizations/Introduction/components/FlexBox/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/FlexBox/index.tsx
index d201bd5f3a5d..a8e70c7202ef 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/FlexBox/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/FlexBox/index.tsx
@@ -1,7 +1,7 @@
 import classNames from 'classnames';
 import { type CSSProperties, type PropsWithChildren } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Organizations/Introduction/components/InteractiveDiagram/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/InteractiveDiagram/index.tsx
index 5adadf474353..e1af530f30b9 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/InteractiveDiagram/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/InteractiveDiagram/index.tsx
@@ -9,7 +9,7 @@ import User from '../User';
 import JohnVector from '../Vector/John';
 import SarahVector from '../Vector/Sarah';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function InteractiveDiagram() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.organizations' });
diff --git a/packages/console/src/pages/Organizations/Introduction/components/Panel/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/Panel/index.tsx
index fc9d774ee09d..e7550da4bdf4 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/Panel/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/Panel/index.tsx
@@ -1,7 +1,7 @@
 import classNames from 'classnames';
 import { type PropsWithChildren } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Organizations/Introduction/components/Permission/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/Permission/index.tsx
index 55e609a3c765..03801eb73e1b 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/Permission/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/Permission/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Organizations/Introduction/components/Role/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/Role/index.tsx
index 23cdc6ecd4a7..b15520ec97e6 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/Role/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/Role/index.tsx
@@ -5,7 +5,7 @@ import Tooltip from '@/ds-components/Tip/Tooltip';
 import FlexBox from '../FlexBox';
 import Permission from '../Permission';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Organizations/Introduction/components/Section/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/Section/index.tsx
index a32cbfb3cb74..0578b4d21222 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/Section/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/Section/index.tsx
@@ -3,7 +3,7 @@ import { type PropsWithChildren } from 'react';
 
 import FlexBox from '../FlexBox';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 /**
  * The section component with a gray background
diff --git a/packages/console/src/pages/Organizations/Introduction/components/User/index.tsx b/packages/console/src/pages/Organizations/Introduction/components/User/index.tsx
index 0b5f78e9d79e..76ff8fdc22c2 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/User/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/User/index.tsx
@@ -1,9 +1,9 @@
 import classNames from 'classnames';
 
-import UserIcon from '@/assets/icons/user.svg';
+import UserIcon from '@/assets/icons/user.svg?react';
 import Tooltip from '@/ds-components/Tip/Tooltip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/Organizations/Introduction/components/Vector/John.tsx b/packages/console/src/pages/Organizations/Introduction/components/Vector/John.tsx
index 93606c1b109d..e4ad70949105 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/Vector/John.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/Vector/John.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isActive?: boolean;
diff --git a/packages/console/src/pages/Organizations/Introduction/components/Vector/Sarah.tsx b/packages/console/src/pages/Organizations/Introduction/components/Vector/Sarah.tsx
index c1f5a2ce8f59..3d70bd513699 100644
--- a/packages/console/src/pages/Organizations/Introduction/components/Vector/Sarah.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/components/Vector/Sarah.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isActive?: boolean;
diff --git a/packages/console/src/pages/Organizations/Introduction/index.tsx b/packages/console/src/pages/Organizations/Introduction/index.tsx
index d49cda7115d5..02a76004d24b 100644
--- a/packages/console/src/pages/Organizations/Introduction/index.tsx
+++ b/packages/console/src/pages/Organizations/Introduction/index.tsx
@@ -2,8 +2,8 @@ import { Theme } from '@logto/schemas';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import OrganizationFeatureDark from '@/assets/icons/organization-feature-dark.svg';
-import OrganizationFeature from '@/assets/icons/organization-feature.svg';
+import OrganizationFeatureDark from '@/assets/icons/organization-feature-dark.svg?react';
+import OrganizationFeature from '@/assets/icons/organization-feature.svg?react';
 import Card from '@/ds-components/Card';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
 import useTheme from '@/hooks/use-theme';
@@ -15,7 +15,7 @@ import Permission from './components/Permission';
 import Role from './components/Role';
 import Section from './components/Section';
 import User from './components/User';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const icons = {
   [Theme.Light]: { OrganizationIcon: OrganizationFeature },
diff --git a/packages/console/src/pages/Organizations/OrganizationsTable/EmptyDataPlaceholder/index.tsx b/packages/console/src/pages/Organizations/OrganizationsTable/EmptyDataPlaceholder/index.tsx
index 183b121197bc..00480ef644c4 100644
--- a/packages/console/src/pages/Organizations/OrganizationsTable/EmptyDataPlaceholder/index.tsx
+++ b/packages/console/src/pages/Organizations/OrganizationsTable/EmptyDataPlaceholder/index.tsx
@@ -1,14 +1,14 @@
 import { Theme } from '@logto/schemas';
 import { useTranslation } from 'react-i18next';
 
-import Plus from '@/assets/icons/plus.svg';
-import OrganizationEmptyDark from '@/assets/images/organization-empty-dark.svg';
-import OrganizationEmpty from '@/assets/images/organization-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import OrganizationEmptyDark from '@/assets/images/organization-empty-dark.svg?react';
+import OrganizationEmpty from '@/assets/images/organization-empty.svg?react';
 import Button, { type Props as ButtonProps } from '@/ds-components/Button';
 import useConfigs from '@/hooks/use-configs';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   /** Override the default button properties in the placeholder */
diff --git a/packages/console/src/pages/Organizations/OrganizationsTable/index.tsx b/packages/console/src/pages/Organizations/OrganizationsTable/index.tsx
index 911c58e2f188..39f5ed69eceb 100644
--- a/packages/console/src/pages/Organizations/OrganizationsTable/index.tsx
+++ b/packages/console/src/pages/Organizations/OrganizationsTable/index.tsx
@@ -4,7 +4,7 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import OrganizationIcon from '@/assets/icons/organization-preview.svg';
+import OrganizationIcon from '@/assets/icons/organization-preview.svg?react';
 import NotFoundDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
 import ThemedIcon from '@/components/ThemedIcon';
@@ -15,7 +15,7 @@ import Table from '@/ds-components/Table';
 import { type RequestError } from '@/hooks/use-api';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import AssignedEntities from '@/pages/Roles/components/AssignedEntities';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 import { buildUrl } from '@/utils/url';
 
 import EmptyDataPlaceholder from './EmptyDataPlaceholder';
diff --git a/packages/console/src/pages/Organizations/index.tsx b/packages/console/src/pages/Organizations/index.tsx
index bd370fc673d1..e33508aef47c 100644
--- a/packages/console/src/pages/Organizations/index.tsx
+++ b/packages/console/src/pages/Organizations/index.tsx
@@ -2,7 +2,7 @@ import { ReservedPlanId } from '@logto/schemas';
 import { cond } from '@silverhand/essentials';
 import { useCallback, useContext, useState } from 'react';
 
-import Plus from '@/assets/icons/plus.svg';
+import Plus from '@/assets/icons/plus.svg?react';
 import PageMeta from '@/components/PageMeta';
 import { organizationsFeatureLink } from '@/consts';
 import { isCloud } from '@/consts/env';
@@ -14,12 +14,12 @@ import Card from '@/ds-components/Card';
 import CardTitle from '@/ds-components/CardTitle';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 
 import CreateOrganizationModal from './CreateOrganizationModal';
 import OrganizationsTable from './OrganizationsTable';
 import EmptyDataPlaceholder from './OrganizationsTable/EmptyDataPlaceholder';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const organizationsPathname = '/organizations';
 
diff --git a/packages/console/src/pages/Profile/components/CardContent/index.tsx b/packages/console/src/pages/Profile/components/CardContent/index.tsx
index 19b80ee82b8f..6a641f2c4624 100644
--- a/packages/console/src/pages/Profile/components/CardContent/index.tsx
+++ b/packages/console/src/pages/Profile/components/CardContent/index.tsx
@@ -8,7 +8,7 @@ import DynamicT from '@/ds-components/DynamicT';
 
 import NotSet from '../NotSet';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Action = {
   name: AdminConsoleKey;
diff --git a/packages/console/src/pages/Profile/components/ExperienceLikeModal/index.tsx b/packages/console/src/pages/Profile/components/ExperienceLikeModal/index.tsx
index 7c82358e6e56..ba443d51376c 100644
--- a/packages/console/src/pages/Profile/components/ExperienceLikeModal/index.tsx
+++ b/packages/console/src/pages/Profile/components/ExperienceLikeModal/index.tsx
@@ -5,12 +5,12 @@ import { Trans, useTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 import { useNavigate } from 'react-router-dom';
 
-import Arrow from '@/assets/icons/arrow-left.svg';
+import Arrow from '@/assets/icons/arrow-left.svg?react';
 import DynamicT from '@/ds-components/DynamicT';
 import TextLink from '@/ds-components/TextLink';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = PropsWithChildren<{
   readonly title: AdminConsoleKey;
diff --git a/packages/console/src/pages/Profile/components/LinkAccountSection/index.tsx b/packages/console/src/pages/Profile/components/LinkAccountSection/index.tsx
index 8a00dd71554f..7d9654366c17 100644
--- a/packages/console/src/pages/Profile/components/LinkAccountSection/index.tsx
+++ b/packages/console/src/pages/Profile/components/LinkAccountSection/index.tsx
@@ -8,7 +8,7 @@ import { appendPath, conditional } from '@silverhand/essentials';
 import { useCallback, useMemo } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
-import MailIcon from '@/assets/icons/mail.svg';
+import MailIcon from '@/assets/icons/mail.svg?react';
 import FormCard from '@/components/FormCard';
 import UnnamedTrans from '@/components/UnnamedTrans';
 import UserInfoCard from '@/components/UserInfoCard';
@@ -24,7 +24,7 @@ import type { Row } from '../CardContent';
 import CardContent from '../CardContent';
 import NotSet from '../NotSet';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly user: UserProfileResponse;
diff --git a/packages/console/src/pages/Profile/components/NotSet/index.tsx b/packages/console/src/pages/Profile/components/NotSet/index.tsx
index b142cc9adef3..21ecc2778354 100644
--- a/packages/console/src/pages/Profile/components/NotSet/index.tsx
+++ b/packages/console/src/pages/Profile/components/NotSet/index.tsx
@@ -1,6 +1,6 @@
 import { useTranslation } from 'react-i18next';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function NotSet() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/Profile/components/Skeleton/index.tsx b/packages/console/src/pages/Profile/components/Skeleton/index.tsx
index 87c5c5221fd5..50a3154b54ba 100644
--- a/packages/console/src/pages/Profile/components/Skeleton/index.tsx
+++ b/packages/console/src/pages/Profile/components/Skeleton/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/pages/Profile/containers/BasicUserInfoUpdateModal/index.tsx b/packages/console/src/pages/Profile/containers/BasicUserInfoUpdateModal/index.tsx
index 74b93ffb4241..ee5bfa6a9f2b 100644
--- a/packages/console/src/pages/Profile/containers/BasicUserInfoUpdateModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/BasicUserInfoUpdateModal/index.tsx
@@ -13,7 +13,7 @@ import ImageUploaderField from '@/ds-components/Uploader/ImageUploaderField';
 import { useStaticApi } from '@/hooks/use-api';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 import useUserAssetsService from '@/hooks/use-user-assets-service';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import { handleError } from '../../utils';
 
diff --git a/packages/console/src/pages/Profile/containers/ChangePasswordModal/index.tsx b/packages/console/src/pages/Profile/containers/ChangePasswordModal/index.tsx
index 9a209b174dab..2691f6e1ab2b 100644
--- a/packages/console/src/pages/Profile/containers/ChangePasswordModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/ChangePasswordModal/index.tsx
@@ -4,7 +4,7 @@ import { useForm } from 'react-hook-form';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 
-import ClearInput from '@/assets/icons/clear-input.svg';
+import ClearInput from '@/assets/icons/clear-input.svg?react';
 import { adminTenantEndpoint, meApi } from '@/consts';
 import Button from '@/ds-components/Button';
 import Checkbox from '@/ds-components/Checkbox';
diff --git a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/DeletionConfirmationModal/index.tsx b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/DeletionConfirmationModal/index.tsx
index db4c3492ec42..332ce24997c2 100644
--- a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/DeletionConfirmationModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/DeletionConfirmationModal/index.tsx
@@ -9,7 +9,7 @@ import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
 import ModalLayout from '@/ds-components/ModalLayout';
 
-import * as styles from '../../index.module.scss';
+import styles from '../../index.module.scss';
 import FinalConfirmationModal from '../FinalConfirmationModal';
 import TenantsList from '../TenantsList';
 
diff --git a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/FinalConfirmationModal/index.tsx b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/FinalConfirmationModal/index.tsx
index e71b4ad7e9af..984017263b58 100644
--- a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/FinalConfirmationModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/FinalConfirmationModal/index.tsx
@@ -10,9 +10,9 @@ import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useRedirectUri from '@/hooks/use-redirect-uri';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
-import * as styles from '../../index.module.scss';
+import styles from '../../index.module.scss';
 
 type Props = {
   readonly userId: string;
diff --git a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsIssuesModal/index.tsx b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsIssuesModal/index.tsx
index 1a0a6bba0bbc..472396df5b1c 100644
--- a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsIssuesModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsIssuesModal/index.tsx
@@ -5,7 +5,7 @@ import { type TenantResponse } from '@/cloud/types/router';
 import Button from '@/ds-components/Button';
 import ModalLayout from '@/ds-components/ModalLayout';
 
-import * as styles from '../../index.module.scss';
+import styles from '../../index.module.scss';
 import TenantsList from '../TenantsList';
 
 type Props = {
diff --git a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsList/index.tsx b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsList/index.tsx
index 464431d3e8ce..dd901fcde462 100644
--- a/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsList/index.tsx
+++ b/packages/console/src/pages/Profile/containers/DeleteAccountModal/components/TenantsList/index.tsx
@@ -1,6 +1,6 @@
 import { type TenantResponse } from '@/cloud/types/router';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly description: string;
diff --git a/packages/console/src/pages/Profile/containers/DeleteAccountModal/index.tsx b/packages/console/src/pages/Profile/containers/DeleteAccountModal/index.tsx
index 822ac27ddc67..6274b4bb5e0b 100644
--- a/packages/console/src/pages/Profile/containers/DeleteAccountModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/DeleteAccountModal/index.tsx
@@ -3,7 +3,7 @@ import { useContext } from 'react';
 import ReactModal from 'react-modal';
 
 import { TenantsContext } from '@/contexts/TenantsProvider';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import DeletionConfirmationModal from './components/DeletionConfirmationModal';
 import TenantsIssuesModal from './components/TenantsIssuesModal';
diff --git a/packages/console/src/pages/Profile/containers/VerificationCodeModal/index.tsx b/packages/console/src/pages/Profile/containers/VerificationCodeModal/index.tsx
index 31a660397a32..a5e217af1cfb 100644
--- a/packages/console/src/pages/Profile/containers/VerificationCodeModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/VerificationCodeModal/index.tsx
@@ -5,7 +5,7 @@ import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 import { useTimer } from 'react-timer-hook';
 
-import ArrowConnection from '@/assets/icons/arrow-connection.svg';
+import ArrowConnection from '@/assets/icons/arrow-connection.svg?react';
 import VerificationCodeInput, { defaultLength } from '@/components/VerificationCodeInput';
 import { adminTenantEndpoint, meApi } from '@/consts';
 import TextLink from '@/ds-components/TextLink';
@@ -17,7 +17,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import ExperienceLikeModal from '../../components/ExperienceLikeModal';
 import { handleError, parseLocationState } from '../../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const resendTimeout = 59;
 
diff --git a/packages/console/src/pages/Profile/containers/VerifyPasswordModal/index.tsx b/packages/console/src/pages/Profile/containers/VerifyPasswordModal/index.tsx
index b5d76284fcbb..cfd09b8e9b27 100644
--- a/packages/console/src/pages/Profile/containers/VerifyPasswordModal/index.tsx
+++ b/packages/console/src/pages/Profile/containers/VerifyPasswordModal/index.tsx
@@ -3,9 +3,9 @@ import { useForm } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 
-import ArrowConnection from '@/assets/icons/arrow-connection.svg';
-import PasswordHideIcon from '@/assets/icons/password-hide.svg';
-import PasswordShowIcon from '@/assets/icons/password-show.svg';
+import ArrowConnection from '@/assets/icons/arrow-connection.svg?react';
+import PasswordHideIcon from '@/assets/icons/password-hide.svg?react';
+import PasswordShowIcon from '@/assets/icons/password-show.svg?react';
 import { adminTenantEndpoint, meApi } from '@/consts';
 import Button from '@/ds-components/Button';
 import IconButton from '@/ds-components/IconButton';
@@ -17,7 +17,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import ExperienceLikeModal from '../../components/ExperienceLikeModal';
 import { handleError, parseLocationState } from '../../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormFields = {
   password: string;
diff --git a/packages/console/src/pages/Profile/index.tsx b/packages/console/src/pages/Profile/index.tsx
index 77e5e0676456..45ac4edd110b 100644
--- a/packages/console/src/pages/Profile/index.tsx
+++ b/packages/console/src/pages/Profile/index.tsx
@@ -22,7 +22,7 @@ import { usePlausiblePageview } from '@/hooks/use-plausible-pageview';
 import useSwrFetcher from '@/hooks/use-swr-fetcher';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useUserAssetsService from '@/hooks/use-user-assets-service';
-import * as pageLayout from '@/scss/page-layout.module.scss';
+import pageLayout from '@/scss/page-layout.module.scss';
 
 import BasicUserInfoSection from './components/BasicUserInfoSection';
 import CardContent from './components/CardContent';
@@ -30,7 +30,7 @@ import LinkAccountSection from './components/LinkAccountSection';
 import NotSet from './components/NotSet';
 import Skeleton from './components/Skeleton';
 import DeleteAccountModal from './containers/DeleteAccountModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 if (isDevFeaturesEnabled) {
   initLocalization();
diff --git a/packages/console/src/pages/RoleDetails/RoleApplications/index.tsx b/packages/console/src/pages/RoleDetails/RoleApplications/index.tsx
index 7c66743d50fa..2cc9dacf8ba4 100644
--- a/packages/console/src/pages/RoleDetails/RoleApplications/index.tsx
+++ b/packages/console/src/pages/RoleDetails/RoleApplications/index.tsx
@@ -6,8 +6,8 @@ import { useTranslation } from 'react-i18next';
 import { useOutletContext } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Plus from '@/assets/icons/plus.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import ApplicationIcon from '@/components/ApplicationIcon';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
@@ -26,7 +26,7 @@ import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
 import type { RoleDetailsOutletContext } from '../types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 
diff --git a/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx b/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx
index eb5b24cf43dd..9f7e85f148fe 100644
--- a/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx
+++ b/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx
@@ -13,7 +13,7 @@ import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { hasSurpassedQuotaLimit } from '@/utils/quota';
 
 type Props = {
diff --git a/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx b/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx
index b2991cf7e5cd..0aa9e4718128 100644
--- a/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx
+++ b/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx
@@ -6,8 +6,8 @@ import { useTranslation } from 'react-i18next';
 import { useOutletContext } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Plus from '@/assets/icons/plus.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import ApplicationName from '@/components/ApplicationName';
 import DateTime from '@/components/DateTime';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
@@ -27,7 +27,7 @@ import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
 import type { RoleDetailsOutletContext } from '../types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 
diff --git a/packages/console/src/pages/RoleDetails/index.tsx b/packages/console/src/pages/RoleDetails/index.tsx
index 6fa85c7851a4..a7faa442dd84 100644
--- a/packages/console/src/pages/RoleDetails/index.tsx
+++ b/packages/console/src/pages/RoleDetails/index.tsx
@@ -7,7 +7,7 @@ import { Trans, useTranslation } from 'react-i18next';
 import { Outlet, useLocation, useParams } from 'react-router-dom';
 import useSWR, { useSWRConfig } from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
+import Delete from '@/assets/icons/delete.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
 import RoleIcon from '@/components/RoleIcon';
@@ -22,7 +22,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useTheme from '@/hooks/use-theme';
 import useUserPreferences from '@/hooks/use-user-preferences';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type RoleDetailsOutletContext } from './types';
 
 function RoleDetails() {
diff --git a/packages/console/src/pages/Roles/components/AssignRoleModal/index.tsx b/packages/console/src/pages/Roles/components/AssignRoleModal/index.tsx
index 3f3b530d83b6..caaf8ba0456e 100644
--- a/packages/console/src/pages/Roles/components/AssignRoleModal/index.tsx
+++ b/packages/console/src/pages/Roles/components/AssignRoleModal/index.tsx
@@ -12,7 +12,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useApi from '@/hooks/use-api';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 const isUserEntity = (entity: User | Application): entity is User =>
   'customData' in entity || 'identities' in entity;
diff --git a/packages/console/src/pages/Roles/components/AssignedEntities/index.tsx b/packages/console/src/pages/Roles/components/AssignedEntities/index.tsx
index faed3b43775d..4569b2b02f0f 100644
--- a/packages/console/src/pages/Roles/components/AssignedEntities/index.tsx
+++ b/packages/console/src/pages/Roles/components/AssignedEntities/index.tsx
@@ -6,7 +6,7 @@ import ApplicationIcon from '@/components/ApplicationIcon';
 import UserAvatar from '@/components/UserAvatar';
 import DynamicT from '@/ds-components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type User = GetArrayElementType<RoleResponse['featuredUsers']>;
 type Application = GetArrayElementType<RoleResponse['featuredApplications']>;
diff --git a/packages/console/src/pages/Roles/components/CreateRoleForm/index.tsx b/packages/console/src/pages/Roles/components/CreateRoleForm/index.tsx
index f4433e6968c1..d7bbfec7e813 100644
--- a/packages/console/src/pages/Roles/components/CreateRoleForm/index.tsx
+++ b/packages/console/src/pages/Roles/components/CreateRoleForm/index.tsx
@@ -15,7 +15,7 @@ import useApi from '@/hooks/use-api';
 import { trySubmitSafe } from '@/utils/form';
 
 import Footer from './Footer';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type RadioOption = { key: AdminConsoleKey; value: RoleType };
 
diff --git a/packages/console/src/pages/Roles/components/CreateRoleModal/index.tsx b/packages/console/src/pages/Roles/components/CreateRoleModal/index.tsx
index e0763f4589ea..1351cb11563b 100644
--- a/packages/console/src/pages/Roles/components/CreateRoleModal/index.tsx
+++ b/packages/console/src/pages/Roles/components/CreateRoleModal/index.tsx
@@ -5,7 +5,7 @@ import { useTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import AssignRoleModal from '../AssignRoleModal';
 import type { Props as CreateRoleFormProps } from '../CreateRoleForm';
diff --git a/packages/console/src/pages/Roles/index.tsx b/packages/console/src/pages/Roles/index.tsx
index f3bd1106584e..1f864d8a595b 100644
--- a/packages/console/src/pages/Roles/index.tsx
+++ b/packages/console/src/pages/Roles/index.tsx
@@ -4,9 +4,9 @@ import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
-import RolesEmptyDark from '@/assets/images/roles-empty-dark.svg';
-import RolesEmpty from '@/assets/images/roles-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import RolesEmptyDark from '@/assets/images/roles-empty-dark.svg?react';
+import RolesEmpty from '@/assets/images/roles-empty.svg?react';
 import Breakable from '@/components/Breakable';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx
index 26196842229d..2859092b2717 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx
@@ -14,7 +14,7 @@ import Switch from '@/ds-components/Switch';
 import type { SignInExperienceForm } from '../../../types';
 import FormSectionTitle from '../../components/FormSectionTitle';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function BrandingForm() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
index 961c40bbf817..87fc79db8c1d 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
@@ -16,7 +16,7 @@ import useDocumentationUrl from '@/hooks/use-documentation-url';
 import type { SignInExperienceForm } from '../../../types';
 import FormSectionTitle from '../../components/FormSectionTitle';
 
-import * as brandingStyles from './index.module.scss';
+import brandingStyles from './index.module.scss';
 
 function CustomUiForm() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/AddLanguageSelector.tsx b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/AddLanguageSelector.tsx
index 5f50be6c9519..1397dfe2d4d1 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/AddLanguageSelector.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/AddLanguageSelector.tsx
@@ -4,15 +4,15 @@ import type { ChangeEvent } from 'react';
 import { useEffect, useRef, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Plus from '@/assets/icons/plus.svg';
-import SearchIcon from '@/assets/icons/search.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import SearchIcon from '@/assets/icons/search.svg?react';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
 import TextInput from '@/ds-components/TextInput';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as style from './AddLanguageSelector.module.scss';
+import style from './AddLanguageSelector.module.scss';
 
 type Props = {
   readonly options: LanguageTag[];
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageDetails.tsx b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageDetails.tsx
index fe64750ba4db..715b2af4e9e7 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageDetails.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageDetails.tsx
@@ -15,8 +15,8 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import useSWR, { useSWRConfig } from 'swr';
 
-import Clear from '@/assets/icons/clear.svg';
-import Delete from '@/assets/icons/delete.svg';
+import Clear from '@/assets/icons/clear.svg?react';
+import Delete from '@/assets/icons/delete.svg?react';
 import Button from '@/ds-components/Button';
 import ConfirmModal from '@/ds-components/ConfirmModal';
 import IconButton from '@/ds-components/IconButton';
@@ -31,7 +31,7 @@ import type { CustomPhraseResponse } from '@/types/custom-phrase';
 import { trySubmitSafe } from '@/utils/form';
 import { shouldRetryOnError } from '@/utils/request';
 
-import * as styles from './LanguageDetails.module.scss';
+import styles from './LanguageDetails.module.scss';
 import { hiddenLocalePhraseGroups, hiddenLocalePhrases } from './constants';
 import { LanguageEditorContext } from './use-language-editor-context';
 import { createEmptyUiTranslation, flattenTranslation } from './utils';
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageItem.tsx b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageItem.tsx
index e89b8be25f06..42ddb702693c 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageItem.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageItem.tsx
@@ -5,7 +5,7 @@ import { useEffect, useRef } from 'react';
 
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as style from './LanguageItem.module.scss';
+import style from './LanguageItem.module.scss';
 
 type Props = {
   readonly languageTag: LanguageTag;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageNav.tsx b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageNav.tsx
index a8afddc25936..41893751662b 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageNav.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/LanguageNav.tsx
@@ -6,7 +6,7 @@ import useUiLanguages from '@/hooks/use-ui-languages';
 
 import AddLanguageSelector from './AddLanguageSelector';
 import LanguageItem from './LanguageItem';
-import * as style from './LanguageNav.module.scss';
+import style from './LanguageNav.module.scss';
 import { LanguageEditorContext } from './use-language-editor-context';
 
 function LanguageNav() {
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/index.tsx
index 7c396e7f8130..e06d4e643a79 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/ManageLanguage/LanguageEditor/index.tsx
@@ -2,7 +2,7 @@ import { useContext, useEffect } from 'react';
 import { useTranslation } from 'react-i18next';
 import Modal from 'react-modal';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import Card from '@/ds-components/Card';
 import CardTitle from '@/ds-components/CardTitle';
 import ConfirmModal from '@/ds-components/ConfirmModal';
@@ -11,7 +11,7 @@ import useUiLanguages from '@/hooks/use-ui-languages';
 
 import LanguageDetails from './LanguageDetails';
 import LanguageNav from './LanguageNav';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useLanguageEditorContext, { LanguageEditorContext } from './use-language-editor-context';
 
 type Props = {
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/index.tsx
index eee106ee81ca..8f3b7ea8199e 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Content/LanguagesForm/index.tsx
@@ -16,7 +16,7 @@ import type { SignInExperienceForm } from '../../../types';
 import FormSectionTitle from '../../components/FormSectionTitle';
 
 import ManageLanguageButton from './ManageLanguage/ManageLanguageButton';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isManageLanguageVisible?: boolean;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/PasswordPolicy/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/PasswordPolicy/index.tsx
index 86207ae7715b..d2e885960ac3 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/PasswordPolicy/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/PasswordPolicy/index.tsx
@@ -18,7 +18,7 @@ import FormFieldDescription from '../components/FormFieldDescription';
 import FormSectionTitle from '../components/FormSectionTitle';
 import SignInExperienceTabWrapper from '../components/SignInExperienceTabWrapper';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type PasswordOptionProps = {
   readonly name: FieldPath<SignInExperienceForm>;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/AdvancedOptions/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/AdvancedOptions/index.tsx
index d158f9628ef7..36aa77a63397 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/AdvancedOptions/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/AdvancedOptions/index.tsx
@@ -9,7 +9,7 @@ import TextLink from '@/ds-components/TextLink';
 import type { SignInExperienceForm } from '../../../types';
 import FormSectionTitle from '../../components/FormSectionTitle';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function AdvancedOptions() {
   const { t } = useTranslation(undefined, {
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/AddButton.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/AddButton.tsx
index b0b6dcad6a3c..038ad3f19cc5 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/AddButton.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/AddButton.tsx
@@ -2,15 +2,15 @@ import type { SignInIdentifier } from '@logto/schemas';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import CirclePlus from '@/assets/icons/circle-plus.svg';
-import Plus from '@/assets/icons/plus.svg';
+import CirclePlus from '@/assets/icons/circle-plus.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import ActionMenu from '@/ds-components/ActionMenu';
 import type { Props as ButtonProps } from '@/ds-components/Button';
 import { DropdownItem } from '@/ds-components/Dropdown';
 
 import { signInIdentifierPhrase } from '../../../constants';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly options: SignInIdentifier[];
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/SignInMethodItem.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/SignInMethodItem.tsx
index d4739f6d688f..37b4771fc458 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/SignInMethodItem.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/SignInMethodItem.tsx
@@ -4,9 +4,9 @@ import { conditional } from '@silverhand/essentials';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import Draggable from '@/assets/icons/draggable.svg';
-import Minus from '@/assets/icons/minus.svg';
-import SwitchArrowIcon from '@/assets/icons/switch-arrow.svg';
+import Draggable from '@/assets/icons/draggable.svg?react';
+import Minus from '@/assets/icons/minus.svg?react';
+import SwitchArrowIcon from '@/assets/icons/switch-arrow.svg?react';
 import Checkbox from '@/ds-components/Checkbox';
 import IconButton from '@/ds-components/IconButton';
 import { Tooltip } from '@/ds-components/Tip';
@@ -15,7 +15,7 @@ import type { SignInMethod } from '@/pages/SignInExperience/types';
 import { signInIdentifierPhrase } from '../../../constants';
 import ConnectorSetupWarning from '../../components/ConnectorSetupWarning';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly signInMethod: SignInMethod;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/index.tsx
index f737fa918be3..aa56c2918d05 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignInForm/SignInMethodEditBox/index.tsx
@@ -13,7 +13,7 @@ import { getSignUpRequiredConnectorTypes, createSignInMethod } from '../../utils
 
 import AddButton from './AddButton';
 import SignInMethodItem from './SignInMethodItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function SignInMethodEditBox() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignUpForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignUpForm/index.tsx
index 3b327c5050c1..4cd264bc79a6 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignUpForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SignUpForm/index.tsx
@@ -26,7 +26,7 @@ import {
   getSignInMethodVerificationCodeCheckState,
 } from '../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function SignUpForm() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/AddButton/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/AddButton/index.tsx
index a7cdd22976bb..69301e404f9e 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/AddButton/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/AddButton/index.tsx
@@ -1,7 +1,7 @@
 import classNames from 'classnames';
 
-import CirclePlus from '@/assets/icons/circle-plus.svg';
-import Plus from '@/assets/icons/plus.svg';
+import CirclePlus from '@/assets/icons/circle-plus.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import ConnectorLogo from '@/components/ConnectorLogo';
 import UnnamedTrans from '@/components/UnnamedTrans';
 import ActionMenu from '@/ds-components/ActionMenu';
@@ -10,7 +10,7 @@ import { DropdownItem } from '@/ds-components/Dropdown';
 import ConnectorPlatformIcon from '@/icons/ConnectorPlatformIcon';
 import type { ConnectorGroup } from '@/types/connector';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly options: ConnectorGroup[];
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/SelectedConnectorItem/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/SelectedConnectorItem/index.tsx
index 3e8f68234ea2..3c18cf5f133d 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/SelectedConnectorItem/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/SelectedConnectorItem/index.tsx
@@ -1,12 +1,12 @@
-import Draggable from '@/assets/icons/draggable.svg';
-import Minus from '@/assets/icons/minus.svg';
+import Draggable from '@/assets/icons/draggable.svg?react';
+import Minus from '@/assets/icons/minus.svg?react';
 import ConnectorLogo from '@/components/ConnectorLogo';
 import UnnamedTrans from '@/components/UnnamedTrans';
 import IconButton from '@/ds-components/IconButton';
 import ConnectorPlatformIcon from '@/icons/ConnectorPlatformIcon';
 import type { ConnectorGroup } from '@/types/connector';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly data: ConnectorGroup;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/index.tsx
index 45df48b0bb12..fde179c70bc4 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/SocialSignInForm/SocialConnectorEditBox/index.tsx
@@ -10,7 +10,7 @@ import ConnectorSetupWarning from '../../components/ConnectorSetupWarning';
 
 import AddButton from './AddButton';
 import SelectedConnectorItem from './SelectedConnectorItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly value: string[];
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/components/ConnectorSetupWarning/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/components/ConnectorSetupWarning/index.tsx
index 3303848bbf85..f519b649e4bb 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/components/ConnectorSetupWarning/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignIn/components/ConnectorSetupWarning/index.tsx
@@ -6,7 +6,7 @@ import InlineNotification from '@/ds-components/InlineNotification';
 import TextLink from '@/ds-components/TextLink';
 import useEnabledConnectorTypes from '@/hooks/use-enabled-connector-types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type NoConnectorWarningPhrase = {
   [key in ConnectorType]: AdminConsoleKey;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/DiffSegment.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/DiffSegment.tsx
index c2717c7b6f79..83d2536e796f 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/DiffSegment.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/DiffSegment.tsx
@@ -1,6 +1,6 @@
 import type { ReactNode } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignInDiffSection.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignInDiffSection.tsx
index 3005b88e5055..4ae334f58ddb 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignInDiffSection.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignInDiffSection.tsx
@@ -10,7 +10,7 @@ import { signInIdentifierPhrase } from '../../constants';
 import { convertToSignInMethodsObject } from '../../utils/form';
 
 import DiffSegment from './DiffSegment';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly before: SignInMethod[];
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignUpDiffSection.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignUpDiffSection.tsx
index 783bf06d3927..6239b0935faf 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignUpDiffSection.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SignUpDiffSection.tsx
@@ -10,7 +10,7 @@ import { signUpIdentifierPhrase } from '../../constants';
 import { signUpFormDataParser } from '../../utils/parser';
 
 import DiffSegment from './DiffSegment';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly before: SignUp;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SocialTargetsDiffSection.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SocialTargetsDiffSection.tsx
index 5c134256d96c..89eeea84bde5 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SocialTargetsDiffSection.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/SignUpAndSignInDiffSection/SocialTargetsDiffSection.tsx
@@ -6,7 +6,7 @@ import { useTranslation } from 'react-i18next';
 import useConnectorGroups from '@/hooks/use-connector-groups';
 
 import DiffSegment from './DiffSegment';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly before: string[];
diff --git a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/index.tsx
index 38ec7fd02cc1..5fc62959663f 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/SignUpAndSignInChangePreview/index.tsx
@@ -2,7 +2,7 @@ import type { SignInExperience } from '@logto/schemas';
 import { useTranslation } from 'react-i18next';
 
 import SignUpAndSignInDiffSection from './SignUpAndSignInDiffSection';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly before: SignInExperience;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/components/FormFieldDescription/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/components/FormFieldDescription/index.tsx
index dc12d8f76293..9a7ea8bad00f 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/components/FormFieldDescription/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/components/FormFieldDescription/index.tsx
@@ -1,6 +1,6 @@
 import { type ReactNode } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: ReactNode;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/components/FormSectionTitle/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/components/FormSectionTitle/index.tsx
index ec8ca75191e4..1a06f0ea0752 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/components/FormSectionTitle/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/components/FormSectionTitle/index.tsx
@@ -2,7 +2,7 @@ import { type TFuncKey } from 'i18next';
 
 import DynamicT from '@/ds-components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: TFuncKey<'translation', 'admin_console.sign_in_exp'>;
diff --git a/packages/console/src/pages/SignInExperience/PageContent/components/SignInExperienceTabWrapper/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/components/SignInExperienceTabWrapper/index.tsx
index 774056ee0bb9..ca86c4ad034a 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/components/SignInExperienceTabWrapper/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/components/SignInExperienceTabWrapper/index.tsx
@@ -1,6 +1,6 @@
 import TabWrapper, { type Props as TabWrapperProps } from '@/ds-components/TabWrapper';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = Omit<TabWrapperProps, 'className'>;
 
diff --git a/packages/console/src/pages/SignInExperience/PageContent/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/index.tsx
index 32eebcad02f1..9185f048895e 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/index.tsx
@@ -25,7 +25,7 @@ import Content from './Content';
 import PasswordPolicy from './PasswordPolicy';
 import SignUpAndSignIn from './SignUpAndSignIn';
 import SignUpAndSignInChangePreview from './SignUpAndSignInChangePreview';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import {
   getBrandingErrorCount,
   getSignUpAndSignInErrorCount,
diff --git a/packages/console/src/pages/SignInExperience/Skeleton/index.tsx b/packages/console/src/pages/SignInExperience/Skeleton/index.tsx
index 1d7566e4b309..0107535a1f09 100644
--- a/packages/console/src/pages/SignInExperience/Skeleton/index.tsx
+++ b/packages/console/src/pages/SignInExperience/Skeleton/index.tsx
@@ -3,10 +3,10 @@ import classNames from 'classnames';
 import CardTitle from '@/ds-components/CardTitle';
 import Spacer from '@/ds-components/Spacer';
 
-import * as pageContentStyles from '../PageContent/index.module.scss';
-import * as pageStyles from '../index.module.scss';
+import pageContentStyles from '../PageContent/index.module.scss';
+import pageStyles from '../index.module.scss';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/pages/SignInExperience/Welcome/GuideModal.tsx b/packages/console/src/pages/SignInExperience/Welcome/GuideModal.tsx
index 24ccb6a0cde8..d37c4e40b3f4 100644
--- a/packages/console/src/pages/SignInExperience/Welcome/GuideModal.tsx
+++ b/packages/console/src/pages/SignInExperience/Welcome/GuideModal.tsx
@@ -5,7 +5,7 @@ import { useTranslation } from 'react-i18next';
 import Modal from 'react-modal';
 import useSWR from 'swr';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import Button from '@/ds-components/Button';
 import CardTitle from '@/ds-components/CardTitle';
 import IconButton from '@/ds-components/IconButton';
@@ -14,7 +14,7 @@ import Spacer from '@/ds-components/Spacer';
 import useApi from '@/hooks/use-api';
 import useConfigs from '@/hooks/use-configs';
 import useUserPreferences from '@/hooks/use-user-preferences';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 
 import BrandingForm from '../PageContent/Branding/BrandingForm';
@@ -25,7 +25,7 @@ import Preview from '../components/Preview';
 import usePreviewConfigs from '../hooks/use-preview-configs';
 import type { SignInExperienceForm } from '../types';
 
-import * as styles from './GuideModal.module.scss';
+import styles from './GuideModal.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/console/src/pages/SignInExperience/Welcome/index.tsx b/packages/console/src/pages/SignInExperience/Welcome/index.tsx
index 1a2e70a43d47..8504bf8f123d 100644
--- a/packages/console/src/pages/SignInExperience/Welcome/index.tsx
+++ b/packages/console/src/pages/SignInExperience/Welcome/index.tsx
@@ -2,13 +2,13 @@ import { Theme } from '@logto/schemas';
 import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import WelcomeImageDark from '@/assets/images/sign-in-experience-welcome-dark.svg';
-import WelcomeImage from '@/assets/images/sign-in-experience-welcome.svg';
+import WelcomeImageDark from '@/assets/images/sign-in-experience-welcome-dark.svg?react';
+import WelcomeImage from '@/assets/images/sign-in-experience-welcome.svg?react';
 import Button from '@/ds-components/Button';
 import useTheme from '@/hooks/use-theme';
 
 import GuideModal from './GuideModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly mutate: () => void;
diff --git a/packages/console/src/pages/SignInExperience/components/Preview/index.tsx b/packages/console/src/pages/SignInExperience/components/Preview/index.tsx
index 9dfecb51db48..03d680ab9819 100644
--- a/packages/console/src/pages/SignInExperience/components/Preview/index.tsx
+++ b/packages/console/src/pages/SignInExperience/components/Preview/index.tsx
@@ -13,7 +13,7 @@ import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import useConnectorGroups from '@/hooks/use-connector-groups';
 import useUiLanguages from '@/hooks/use-ui-languages';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isLivePreviewDisabled?: boolean;
diff --git a/packages/console/src/pages/SignInExperience/index.tsx b/packages/console/src/pages/SignInExperience/index.tsx
index 82fd1e0036d5..c0d6e99f05aa 100644
--- a/packages/console/src/pages/SignInExperience/index.tsx
+++ b/packages/console/src/pages/SignInExperience/index.tsx
@@ -13,7 +13,7 @@ import useUserAssetsService from '@/hooks/use-user-assets-service';
 import PageContent from './PageContent';
 import Skeleton from './Skeleton';
 import Welcome from './Welcome';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type PageWrapperProps = {
   readonly children: ReactNode;
diff --git a/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.tsx b/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.tsx
index 03e39e8a91c5..2db54e307c2f 100644
--- a/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.tsx
+++ b/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.tsx
@@ -9,7 +9,7 @@ import { toast } from 'react-hot-toast';
 import { Trans, useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
+import Delete from '@/assets/icons/delete.svg?react';
 import FormCard from '@/components/FormCard';
 import Button from '@/ds-components/Button';
 import DangerConfirmModal from '@/ds-components/DeleteConfirmModal';
@@ -20,7 +20,7 @@ import Table from '@/ds-components/Table';
 import Tag from '@/ds-components/Tag';
 import useApi, { type RequestError } from '@/hooks/use-api';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly keyType: LogtoOidcConfigKeyType;
diff --git a/packages/console/src/pages/SigningKeys/index.tsx b/packages/console/src/pages/SigningKeys/index.tsx
index f90263134a68..a288e446b5e5 100644
--- a/packages/console/src/pages/SigningKeys/index.tsx
+++ b/packages/console/src/pages/SigningKeys/index.tsx
@@ -6,7 +6,7 @@ import CardTitle from '@/ds-components/CardTitle';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
 
 import SigningKeyFormCard from './SigningKeyFormCard';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function SigningKeys() {
   const { getDocumentationUrl } = useDocumentationUrl();
diff --git a/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx
index 2489a2245ba6..cda09e151e64 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx
@@ -13,7 +13,7 @@ import { hasSurpassedQuotaLimit } from '@/utils/quota';
 
 import MauLimitExceedNotification from './MauLimitExceededNotification';
 import PaymentOverdueNotification from './PaymentOverdueNotification';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly subscription: Subscription;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx
index 9eeaf2e7b06b..a499d70158d5 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx
@@ -1,12 +1,12 @@
 import { cond } from '@silverhand/essentials';
 import classNames from 'classnames';
 
-import DescendArrow from '@/assets/icons/descend-arrow.svg';
-import Failed from '@/assets/icons/failed.svg';
+import DescendArrow from '@/assets/icons/descend-arrow.svg?react';
+import Failed from '@/assets/icons/failed.svg?react';
 import { type SubscriptionPlanQuota } from '@/types/subscriptions';
 
 import QuotaItemPhrase from './QuotaItemPhrase';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly quotaKey: keyof SubscriptionPlanQuota;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx
index 62b59cfdd734..2112587c642e 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 import { type SubscriptionPlanQuotaEntries } from '@/types/subscriptions';
 
 import DiffQuotaItem from './DiffQuotaItem';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly entries: SubscriptionPlanQuotaEntries;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx
index 67c75ce93c3c..9cac99cede15 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx
@@ -11,7 +11,7 @@ import {
 import { sortBy } from '@/utils/sort';
 
 import PlanQuotaList from './PlanQuotaList';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly planName: string;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx
index 18b61d9639e0..4c374ef76d54 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx
@@ -11,7 +11,7 @@ import {
 } from '@/types/subscriptions';
 
 import PlanQuotaDiffCard from './PlanQuotaDiffCard';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly currentPlan: SubscriptionPlan;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/TableDataContent/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/TableDataContent/index.tsx
index 0689fad1c945..a6c692ca041c 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/TableDataContent/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/TableDataContent/index.tsx
@@ -1,6 +1,6 @@
-import Success from '@/assets/icons/success.svg';
+import Success from '@/assets/icons/success.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly content: string;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/index.tsx
index 877b41b16571..174edf3d3da1 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/TableDataWrapper/index.tsx
@@ -1,11 +1,11 @@
 import classNames from 'classnames';
 
-import Tip from '@/assets/icons/tip.svg';
+import Tip from '@/assets/icons/tip.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import { ToggleTip } from '@/ds-components/Tip';
 
 import TableDataContent from './TableDataContent';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly value: string;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
index be8dfb770cbc..2dc6b805a609 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/PlanComparisonTable/index.tsx
@@ -14,7 +14,7 @@ import {
 import DynamicT from '@/ds-components/DynamicT';
 
 import TableDataWrapper from './TableDataWrapper';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const featuredPlanPhraseKey: AdminConsoleKey[] = [
   'subscription.free_plan',
diff --git a/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx
index 0280fb559dd6..6a2f5c52085d 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx
@@ -18,7 +18,7 @@ import { isDowngradePlan, parseExceededQuotaLimitError } from '@/utils/subscript
 
 import DowngradeConfirmModalContent from '../DowngradeConfirmModalContent';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly currentSubscriptionPlanId: string;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/index.tsx
index 69bb11865668..2a9e07cf8971 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/index.tsx
@@ -11,7 +11,7 @@ import Skeleton from '../components/Skeleton';
 import CurrentPlan from './CurrentPlan';
 import PlanComparisonTable from './PlanComparisonTable';
 import SwitchPlanActionBar from './SwitchPlanActionBar';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Subscription() {
   const { currentTenantId } = useContext(TenantsContext);
diff --git a/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteCard/index.tsx b/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteCard/index.tsx
index 789fb0353460..1918a4a9f401 100644
--- a/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteCard/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteCard/index.tsx
@@ -5,7 +5,7 @@ import FormCard from '@/components/FormCard';
 import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly currentTenantId: string;
diff --git a/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteModal/index.tsx b/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteModal/index.tsx
index 3cbfc189a258..160e1e89868b 100644
--- a/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteModal/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantBasicSettings/DeleteModal/index.tsx
@@ -6,7 +6,7 @@ import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import { tenantAbbreviatedTagNameMap } from '@/components/TenantEnvTag';
 import DeleteConfirmModal from '@/ds-components/DeleteConfirmModal';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/console/src/pages/TenantSettings/TenantBasicSettings/LeaveCard/index.tsx b/packages/console/src/pages/TenantSettings/TenantBasicSettings/LeaveCard/index.tsx
index 85a3f8e45fec..98ec0d15cbd0 100644
--- a/packages/console/src/pages/TenantSettings/TenantBasicSettings/LeaveCard/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantBasicSettings/LeaveCard/index.tsx
@@ -9,7 +9,7 @@ import FormField from '@/ds-components/FormField';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 import useCurrentUser from '@/hooks/use-current-user';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function LeaveCard() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantEnvironment/index.tsx b/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantEnvironment/index.tsx
index 655224eb649f..303a4be9aae4 100644
--- a/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantEnvironment/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantEnvironment/index.tsx
@@ -6,7 +6,7 @@ import { envTagsFeatureLink } from '@/consts';
 import TextLink from '@/ds-components/TextLink';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly tag: TenantTag;
diff --git a/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantRegion/index.tsx b/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantRegion/index.tsx
index 51661444743b..6e9455c43c20 100644
--- a/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantRegion/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantBasicSettings/ProfileForm/TenantRegion/index.tsx
@@ -6,7 +6,7 @@ import { trustAndSecurityLink } from '@/consts';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import TextLink from '@/ds-components/TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function TenantRegion() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/TenantSettings/TenantBasicSettings/index.tsx b/packages/console/src/pages/TenantSettings/TenantBasicSettings/index.tsx
index 13c3019efff1..e47fdc8f1626 100644
--- a/packages/console/src/pages/TenantSettings/TenantBasicSettings/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantBasicSettings/index.tsx
@@ -18,7 +18,7 @@ import DeleteCard from './DeleteCard';
 import DeleteModal from './DeleteModal';
 import LeaveCard from './LeaveCard';
 import ProfileForm from './ProfileForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type TenantSettingsForm } from './types.js';
 
 function TenantBasicSettings() {
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/AddDomainForm/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/AddDomainForm/index.tsx
index 538edeeb1202..2cc019b13f36 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/AddDomainForm/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/AddDomainForm/index.tsx
@@ -8,7 +8,7 @@ import TextInput from '@/ds-components/TextInput';
 import { onKeyDownHandler } from '@/utils/a11y';
 import { trySubmitSafe } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormData = {
   domain: string;
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/DnsRecordsTable/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/DnsRecordsTable/index.tsx
index 4f63c0dabb4c..e38619c4cffb 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/DnsRecordsTable/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/DnsRecordsTable/index.tsx
@@ -5,7 +5,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import { Ring } from '@/ds-components/Spinner';
 import Table from '@/ds-components/Table';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly records: DomainDnsRecords;
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/Step/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/Step/index.tsx
index 2e7a4c4adf31..9ff1641a9185 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/Step/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/Step/index.tsx
@@ -3,14 +3,14 @@ import { DomainStatus } from '@logto/schemas';
 import classNames from 'classnames';
 import { type ReactNode } from 'react';
 
-import Success from '@/assets/icons/success.svg';
-import Tip from '@/assets/icons/tip.svg';
+import Success from '@/assets/icons/success.svg?react';
+import Tip from '@/assets/icons/tip.svg?react';
 import DynamicT from '@/ds-components/DynamicT';
 import IconButton from '@/ds-components/IconButton';
 import { Ring } from '@/ds-components/Spinner';
 import ToggleTip from '@/ds-components/Tip/ToggleTip';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly step: number;
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/index.tsx
index 11e159f0ff7f..e675a6531e2f 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/ActivationProcess/index.tsx
@@ -6,7 +6,7 @@ import InlineNotification from '@/ds-components/InlineNotification';
 
 import DnsRecordsTable from './DnsRecordsTable';
 import Step from './Step';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly customDomain: CustomDomain;
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/CustomDomainHeader/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/CustomDomainHeader/index.tsx
index f81b5698791d..c037671ea45e 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/CustomDomainHeader/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/CustomDomainHeader/index.tsx
@@ -2,8 +2,8 @@ import { DomainStatus, type CustomDomain } from '@logto/schemas';
 import { toast } from 'react-hot-toast';
 import { Trans, useTranslation } from 'react-i18next';
 
-import Delete from '@/assets/icons/delete.svg';
-import More from '@/assets/icons/more.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import More from '@/assets/icons/more.svg?react';
 import DomainStatusTag from '@/components/DomainStatusTag';
 import OpenExternalLink from '@/components/OpenExternalLink';
 import ActionMenu, { ActionMenuItem } from '@/ds-components/ActionMenu';
@@ -12,7 +12,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import Spacer from '@/ds-components/Spacer';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly customDomain: CustomDomain;
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/index.tsx
index d9fccbf546b3..9be54eab8701 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/CustomDomain/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 
 import ActivationProcess from './ActivationProcess';
 import CustomDomainHeader from './CustomDomainHeader';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/DefaultDomain/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/DefaultDomain/index.tsx
index 3ded17d5f259..16825548d8ad 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/DefaultDomain/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/DefaultDomain/index.tsx
@@ -6,7 +6,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import Spacer from '@/ds-components/Spacer';
 import Tag from '@/ds-components/Tag';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function DefaultDomain() {
   const { tenantEndpoint } = useContext(AppDataContext);
diff --git a/packages/console/src/pages/TenantSettings/TenantDomainSettings/index.tsx b/packages/console/src/pages/TenantSettings/TenantDomainSettings/index.tsx
index d234ed13f4a8..27383cd0b9e4 100644
--- a/packages/console/src/pages/TenantSettings/TenantDomainSettings/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantDomainSettings/index.tsx
@@ -15,7 +15,7 @@ import Skeleton from '../components/Skeleton';
 import AddDomainForm from './AddDomainForm';
 import CustomDomain from './CustomDomain';
 import DefaultDomain from './DefaultDomain';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function TenantDomainSettings() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/EditMemberModal/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/EditMemberModal/index.tsx
index 3aa0904ef3e1..9f03577cdf92 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/EditMemberModal/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/EditMemberModal/index.tsx
@@ -13,9 +13,9 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import Select, { type Option } from '@/ds-components/Select';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 import useCurrentTenantScopes from '@/hooks/use-current-tenant-scopes';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
-import * as styles from '../index.module.scss';
+import styles from '../index.module.scss';
 
 type Props = {
   readonly user: TenantMemberResponse;
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/Invitations/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/Invitations/index.tsx
index 3d0e3e421d60..4d2819975bef 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/Invitations/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/Invitations/index.tsx
@@ -6,13 +6,13 @@ import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Invite from '@/assets/icons/invitation.svg';
-import More from '@/assets/icons/more.svg';
-import Plus from '@/assets/icons/plus.svg';
-import Redo from '@/assets/icons/redo.svg';
-import UsersEmptyDark from '@/assets/images/users-empty-dark.svg';
-import UsersEmpty from '@/assets/images/users-empty.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Invite from '@/assets/icons/invitation.svg?react';
+import More from '@/assets/icons/more.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
+import Redo from '@/assets/icons/redo.svg?react';
+import UsersEmptyDark from '@/assets/images/users-empty-dark.svg?react';
+import UsersEmpty from '@/assets/images/users-empty.svg?react';
 import { useAuthedCloudApi } from '@/cloud/hooks/use-cloud-api';
 import type { InvitationResponse, TenantInvitationResponse } from '@/cloud/types/router';
 import Breakable from '@/components/Breakable';
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/InviteEmailsInput/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/InviteEmailsInput/index.tsx
index 5108d0fc637c..a4c12950d7b8 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/InviteEmailsInput/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/InviteEmailsInput/index.tsx
@@ -5,14 +5,14 @@ import classNames from 'classnames';
 import { useEffect, useRef, useState } from 'react';
 import { useFormContext } from 'react-hook-form';
 
-import Close from '@/assets/icons/close.svg';
+import Close from '@/assets/icons/close.svg?react';
 import IconButton from '@/ds-components/IconButton';
 import Tag from '@/ds-components/Tag';
 import { onKeyDownHandler } from '@/utils/a11y';
 
 import type { InviteeEmailItem } from '../types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly formName?: string;
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx
index f1e4d9a5468e..35c1988f539d 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx
@@ -10,7 +10,7 @@ import Button, { LinkButton } from '@/ds-components/Button';
 
 import useTenantMembersUsage from '../../hooks';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly newInvitationCount?: number;
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/index.tsx
index 18d868b9aa9c..36daa0bedefd 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/index.tsx
@@ -11,11 +11,11 @@ import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import Select, { type Option } from '@/ds-components/Select';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import InviteEmailsInput from '../InviteEmailsInput';
 import useEmailInputUtils from '../InviteEmailsInput/hooks';
-import * as styles from '../index.module.scss';
+import styles from '../index.module.scss';
 import { type InviteMemberForm } from '../types';
 
 import Footer from './Footer';
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/index.tsx
index fe6c694d0631..b989698f90f6 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/index.tsx
@@ -3,9 +3,9 @@ import { useContext, useState } from 'react';
 import { Outlet } from 'react-router-dom';
 import useSWRMutation from 'swr/mutation';
 
-import InvitationIcon from '@/assets/icons/invitation.svg';
-import MembersIcon from '@/assets/icons/members.svg';
-import PlusIcon from '@/assets/icons/plus.svg';
+import InvitationIcon from '@/assets/icons/invitation.svg?react';
+import MembersIcon from '@/assets/icons/members.svg?react';
+import PlusIcon from '@/assets/icons/plus.svg?react';
 import { useAuthedCloudApi } from '@/cloud/hooks/use-cloud-api';
 import ChargeNotification from '@/components/ChargeNotification';
 import { TenantSettingsTabs } from '@/consts';
@@ -17,7 +17,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 
 import InviteMemberModal from './InviteMemberModal';
 import useTenantMembersUsage from './hooks';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function TenantMembers() {
   const { hasTenantMembersSurpassedLimit } = useTenantMembersUsage();
diff --git a/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx b/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx
index 06ba5acfa219..89ef0b0e4df4 100644
--- a/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx
+++ b/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx
@@ -18,7 +18,7 @@ import {
 } from '@/types/subscriptions';
 import { sortBy } from '@/utils/sort';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const excludedQuotaKeys = new Set<keyof SubscriptionPlanQuota>([
   'auditLogsRetentionDays',
diff --git a/packages/console/src/pages/TenantSettings/components/Skeleton/index.tsx b/packages/console/src/pages/TenantSettings/components/Skeleton/index.tsx
index 3bb6647fef8a..ec9abdb8bf69 100644
--- a/packages/console/src/pages/TenantSettings/components/Skeleton/index.tsx
+++ b/packages/console/src/pages/TenantSettings/components/Skeleton/index.tsx
@@ -1,6 +1,6 @@
 import { FormCardSkeleton } from '@/components/FormCard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Skeleton() {
   return (
diff --git a/packages/console/src/pages/TenantSettings/index.tsx b/packages/console/src/pages/TenantSettings/index.tsx
index e72881a7c4c2..1e9b013ccdec 100644
--- a/packages/console/src/pages/TenantSettings/index.tsx
+++ b/packages/console/src/pages/TenantSettings/index.tsx
@@ -8,7 +8,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import useCurrentTenantScopes from '@/hooks/use-current-tenant-scopes';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function TenantSettings() {
   const { isDevTenant } = useContext(TenantsContext);
diff --git a/packages/console/src/pages/UserDetails/UserLogs/index.tsx b/packages/console/src/pages/UserDetails/UserLogs/index.tsx
index 3af61a2f4a4c..528d1452bb30 100644
--- a/packages/console/src/pages/UserDetails/UserLogs/index.tsx
+++ b/packages/console/src/pages/UserDetails/UserLogs/index.tsx
@@ -4,7 +4,7 @@ import AuditLogTable from '@/components/AuditLogTable';
 
 import type { UserDetailsOutletContext } from '../types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function UserLogs() {
   const {
diff --git a/packages/console/src/pages/UserDetails/UserRoles/index.tsx b/packages/console/src/pages/UserDetails/UserRoles/index.tsx
index 6ce9aa53dda1..8e9020665ab7 100644
--- a/packages/console/src/pages/UserDetails/UserRoles/index.tsx
+++ b/packages/console/src/pages/UserDetails/UserRoles/index.tsx
@@ -7,8 +7,8 @@ import { useTranslation } from 'react-i18next';
 import { useOutletContext } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Plus from '@/assets/icons/plus.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Plus from '@/assets/icons/plus.svg?react';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
 import RoleAssignmentModal from '@/components/RoleAssignmentModal';
@@ -28,7 +28,7 @@ import { buildUrl, formatSearchKeyword } from '@/utils/url';
 
 import type { UserDetailsOutletContext } from '../types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 
diff --git a/packages/console/src/pages/UserDetails/UserSettings/UserMfaVerifications/index.tsx b/packages/console/src/pages/UserDetails/UserSettings/UserMfaVerifications/index.tsx
index ae8441f2796e..38266f701444 100644
--- a/packages/console/src/pages/UserDetails/UserSettings/UserMfaVerifications/index.tsx
+++ b/packages/console/src/pages/UserDetails/UserSettings/UserMfaVerifications/index.tsx
@@ -11,7 +11,7 @@ import useApi, { type RequestError } from '@/hooks/use-api';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 import { type UserMfaVerification } from '@/types/mfa';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly userId: string;
diff --git a/packages/console/src/pages/UserDetails/UserSettings/components/UserSocialIdentities/index.tsx b/packages/console/src/pages/UserDetails/UserSettings/components/UserSocialIdentities/index.tsx
index b27e34289270..aa4740e451d8 100644
--- a/packages/console/src/pages/UserDetails/UserSettings/components/UserSocialIdentities/index.tsx
+++ b/packages/console/src/pages/UserDetails/UserSettings/components/UserSocialIdentities/index.tsx
@@ -13,7 +13,7 @@ import type { RequestError } from '@/hooks/use-api';
 import useApi from '@/hooks/use-api';
 import { getConnectorGroups } from '@/pages/Connectors/utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly userId: string;
diff --git a/packages/console/src/pages/UserDetails/UserSettings/components/UserSsoIdentities/index.tsx b/packages/console/src/pages/UserDetails/UserSettings/components/UserSsoIdentities/index.tsx
index 4bf7e5fa8d12..fa21c6f9834f 100644
--- a/packages/console/src/pages/UserDetails/UserSettings/components/UserSsoIdentities/index.tsx
+++ b/packages/console/src/pages/UserDetails/UserSettings/components/UserSsoIdentities/index.tsx
@@ -13,7 +13,7 @@ import Table from '@/ds-components/Table';
 import type { RequestError } from '@/hooks/use-api';
 import SsoConnectorLogo from '@/pages/EnterpriseSso/SsoConnectorLogo';
 
-import * as styles from '../UserSocialIdentities/index.module.scss';
+import styles from '../UserSocialIdentities/index.module.scss';
 
 type Props = {
   readonly ssoIdentities: UserSsoIdentity[];
diff --git a/packages/console/src/pages/UserDetails/index.tsx b/packages/console/src/pages/UserDetails/index.tsx
index 8a7bc0d59eb4..612d52288538 100644
--- a/packages/console/src/pages/UserDetails/index.tsx
+++ b/packages/console/src/pages/UserDetails/index.tsx
@@ -7,10 +7,10 @@ import ReactModal from 'react-modal';
 import { Outlet, useLocation, useParams } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Forbidden from '@/assets/icons/forbidden.svg';
-import Reset from '@/assets/icons/reset.svg';
-import Shield from '@/assets/icons/shield.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Forbidden from '@/assets/icons/forbidden.svg?react';
+import Reset from '@/assets/icons/reset.svg?react';
+import Shield from '@/assets/icons/shield.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
 import PageMeta from '@/components/PageMeta';
@@ -22,7 +22,7 @@ import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import type { RequestError } from '@/hooks/use-api';
 import useApi from '@/hooks/use-api';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { buildUrl } from '@/utils/url';
 import { getUserTitle, getUserSubtitle } from '@/utils/user';
 
@@ -30,7 +30,7 @@ import UserAccountInformation from '../../components/UserAccountInformation';
 import SuspendedTag from '../Users/components/SuspendedTag';
 
 import ResetPasswordForm from './components/ResetPasswordForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type UserDetailsOutletContext } from './types';
 
 function UserDetails() {
diff --git a/packages/console/src/pages/Users/components/CreateForm/index.tsx b/packages/console/src/pages/Users/components/CreateForm/index.tsx
index 7b889250550b..75218f8c2c06 100644
--- a/packages/console/src/pages/Users/components/CreateForm/index.tsx
+++ b/packages/console/src/pages/Users/components/CreateForm/index.tsx
@@ -15,11 +15,11 @@ import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 import { generateRandomPassword } from '@/utils/password';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormData = Pick<CreateUser, 'name' | 'username' | 'primaryEmail' | 'primaryPhone'>;
 
diff --git a/packages/console/src/pages/Users/index.tsx b/packages/console/src/pages/Users/index.tsx
index 5d7803ac105f..f12f12ae2d9c 100644
--- a/packages/console/src/pages/Users/index.tsx
+++ b/packages/console/src/pages/Users/index.tsx
@@ -4,9 +4,9 @@ import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
-import UsersEmptyDark from '@/assets/images/users-empty-dark.svg';
-import UsersEmpty from '@/assets/images/users-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import UsersEmptyDark from '@/assets/images/users-empty-dark.svg?react';
+import UsersEmpty from '@/assets/images/users-empty.svg?react';
 import ApplicationName from '@/components/ApplicationName';
 import DateTime from '@/components/DateTime';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
diff --git a/packages/console/src/pages/WebhookDetails/WebhookLogs/index.tsx b/packages/console/src/pages/WebhookDetails/WebhookLogs/index.tsx
index d89f41a843af..399effcc4087 100644
--- a/packages/console/src/pages/WebhookDetails/WebhookLogs/index.tsx
+++ b/packages/console/src/pages/WebhookDetails/WebhookLogs/index.tsx
@@ -18,7 +18,7 @@ import { buildUrl } from '@/utils/url';
 import { type WebhookDetailsOutletContext } from '../types';
 import { buildHookEventLogKey, getHookEventKey } from '../utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const hookLogEventOptions = hookEvents.map((event) => ({
   title: event,
diff --git a/packages/console/src/pages/WebhookDetails/WebhookSettings/SigningKeyField/index.tsx b/packages/console/src/pages/WebhookDetails/WebhookSettings/SigningKeyField/index.tsx
index 3a72a2f5c681..68e4b5642b52 100644
--- a/packages/console/src/pages/WebhookDetails/WebhookSettings/SigningKeyField/index.tsx
+++ b/packages/console/src/pages/WebhookDetails/WebhookSettings/SigningKeyField/index.tsx
@@ -3,7 +3,7 @@ import { useCallback, useEffect, useState } from 'react';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 
-import Redo from '@/assets/icons/redo.svg';
+import Redo from '@/assets/icons/redo.svg?react';
 import Button from '@/ds-components/Button';
 import ConfirmModal from '@/ds-components/ConfirmModal';
 import CopyToClipboard from '@/ds-components/CopyToClipboard';
@@ -11,7 +11,7 @@ import DynamicT from '@/ds-components/DynamicT';
 import FormField from '@/ds-components/FormField';
 import useApi from '@/hooks/use-api';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly hookId: string;
diff --git a/packages/console/src/pages/WebhookDetails/WebhookSettings/TestWebhook/index.tsx b/packages/console/src/pages/WebhookDetails/WebhookSettings/TestWebhook/index.tsx
index 923d312d997a..5e026a456ad9 100644
--- a/packages/console/src/pages/WebhookDetails/WebhookSettings/TestWebhook/index.tsx
+++ b/packages/console/src/pages/WebhookDetails/WebhookSettings/TestWebhook/index.tsx
@@ -14,7 +14,7 @@ import useApi from '@/hooks/use-api';
 import { type WebhookDetailsFormType } from '@/pages/WebhookDetails/types';
 import { webhookDetailsParser } from '@/pages/WebhookDetails/utils';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useWebhookTestResult from './use-webhook-test-result';
 
 type Props = {
diff --git a/packages/console/src/pages/WebhookDetails/index.tsx b/packages/console/src/pages/WebhookDetails/index.tsx
index 52771e37f131..d18bd2094b9c 100644
--- a/packages/console/src/pages/WebhookDetails/index.tsx
+++ b/packages/console/src/pages/WebhookDetails/index.tsx
@@ -7,11 +7,11 @@ import { useTranslation } from 'react-i18next';
 import { Outlet, useLocation, useParams } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Delete from '@/assets/icons/delete.svg';
-import Forbidden from '@/assets/icons/forbidden.svg';
-import Shield from '@/assets/icons/shield.svg';
-import WebhookDark from '@/assets/icons/webhook-dark.svg';
-import Webhook from '@/assets/icons/webhook.svg';
+import Delete from '@/assets/icons/delete.svg?react';
+import Forbidden from '@/assets/icons/forbidden.svg?react';
+import Shield from '@/assets/icons/shield.svg?react';
+import WebhookDark from '@/assets/icons/webhook-dark.svg?react';
+import Webhook from '@/assets/icons/webhook.svg?react';
 import DetailsPage from '@/components/DetailsPage';
 import DetailsPageHeader from '@/components/DetailsPage/DetailsPageHeader';
 import PageMeta from '@/components/PageMeta';
@@ -25,7 +25,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useTheme from '@/hooks/use-theme';
 import { buildUrl } from '@/utils/url';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { type WebhookDetailsOutletContext } from './types';
 
 function WebhookDetails() {
diff --git a/packages/console/src/pages/Webhooks/CreateFormModal/index.tsx b/packages/console/src/pages/Webhooks/CreateFormModal/index.tsx
index 8522e936ebcf..b6ba73be8283 100644
--- a/packages/console/src/pages/Webhooks/CreateFormModal/index.tsx
+++ b/packages/console/src/pages/Webhooks/CreateFormModal/index.tsx
@@ -1,7 +1,7 @@
 import { type Hook } from '@logto/schemas';
 import Modal from 'react-modal';
 
-import * as modalStyles from '@/scss/modal.module.scss';
+import modalStyles from '@/scss/modal.module.scss';
 
 import CreateForm from './CreateForm';
 
diff --git a/packages/console/src/pages/Webhooks/index.tsx b/packages/console/src/pages/Webhooks/index.tsx
index ba20ba2a580d..eae94c7498c6 100644
--- a/packages/console/src/pages/Webhooks/index.tsx
+++ b/packages/console/src/pages/Webhooks/index.tsx
@@ -5,11 +5,11 @@ import { useTranslation } from 'react-i18next';
 import { useLocation } from 'react-router-dom';
 import useSWR from 'swr';
 
-import Plus from '@/assets/icons/plus.svg';
-import WebhookDark from '@/assets/icons/webhook-dark.svg';
-import Webhook from '@/assets/icons/webhook.svg';
-import WebhooksEmptyDark from '@/assets/images/webhooks-empty-dark.svg';
-import WebhooksEmpty from '@/assets/images/webhooks-empty.svg';
+import Plus from '@/assets/icons/plus.svg?react';
+import WebhookDark from '@/assets/icons/webhook-dark.svg?react';
+import Webhook from '@/assets/icons/webhook.svg?react';
+import WebhooksEmptyDark from '@/assets/images/webhooks-empty-dark.svg?react';
+import WebhooksEmpty from '@/assets/images/webhooks-empty.svg?react';
 import ItemPreview from '@/components/ItemPreview';
 import ListPage from '@/components/ListPage';
 import SuccessRate from '@/components/SuccessRate';
@@ -25,7 +25,7 @@ import useTheme from '@/hooks/use-theme';
 import { buildUrl } from '@/utils/url';
 
 import CreateFormModal from './CreateFormModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const pageSize = defaultPageSize;
 const webhooksPathname = '/webhooks';
diff --git a/packages/console/src/pages/Welcome/index.tsx b/packages/console/src/pages/Welcome/index.tsx
index f2d920b8b44d..8f907198ce9c 100644
--- a/packages/console/src/pages/Welcome/index.tsx
+++ b/packages/console/src/pages/Welcome/index.tsx
@@ -3,13 +3,13 @@ import classNames from 'classnames';
 import { useEffect } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import Logo from '@/assets/images/logo.svg';
+import Logo from '@/assets/images/logo.svg?react';
 import Button from '@/ds-components/Button';
 import useRedirectUri from '@/hooks/use-redirect-uri';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useTheme from '@/hooks/use-theme';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 function Welcome() {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
diff --git a/packages/console/svgo.config.json b/packages/console/svgo.config.json
deleted file mode 100644
index 3fe9143d0d20..000000000000
--- a/packages/console/svgo.config.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "plugins": [
-    {
-      "name": "preset-default",
-      "params": {
-        "overrides": {
-          "cleanupIDs": false,
-          "removeViewBox": false
-        }
-      }
-    }
-  ]
-}
diff --git a/packages/console/tsconfig.json b/packages/console/tsconfig.json
index 91e9c18de120..e6a5e449cc7a 100644
--- a/packages/console/tsconfig.json
+++ b/packages/console/tsconfig.json
@@ -3,12 +3,12 @@
   "compilerOptions": {
     "baseUrl": "./",
     "paths": {
-      "@/*": ["./src/*"],
-      "@cloud/*": ["./src/cloud/*"]
+      "@/*": ["./src/*"]
     }
   },
   "include": [
     "src",
-    "jest.*.ts"
+    "jest.*.ts",
+    "*.config.ts"
   ]
 }
diff --git a/packages/console/vite.config.ts b/packages/console/vite.config.ts
new file mode 100644
index 000000000000..4fcaf167c6ff
--- /dev/null
+++ b/packages/console/vite.config.ts
@@ -0,0 +1,55 @@
+import mdx from '@mdx-js/rollup';
+import react from '@vitejs/plugin-react';
+import dotenv from 'dotenv';
+import { findUp } from 'find-up';
+import rehypeMdxCodeProps from 'rehype-mdx-code-props';
+import remarkGfm from 'remark-gfm';
+import { defineConfig, mergeConfig, type UserConfig } from 'vite';
+import viteCompression from 'vite-plugin-compression';
+import svgr from 'vite-plugin-svgr';
+
+import { defaultConfig } from '../../vite.shared.config';
+
+// We need to explicitly import the `.env` file and use `define` later because we do not have a
+// prefix for our environment variables which it is required in Vite.
+// @see {@link https://vitejs.dev/config/shared-options.html#envprefix}
+dotenv.config({ path: await findUp('.env', {}) });
+
+const buildConfig = (mode: string): UserConfig => ({
+  base: `/${process.env.CONSOLE_PUBLIC_URL ?? 'console'}`,
+  envDir: '../../',
+  server: {
+    port: 5002,
+    hmr: {
+      port: 6002,
+    },
+  },
+  css: {
+    modules: {
+      generateScopedName: '__[hash:base64:5]__[local]',
+    },
+  },
+  plugins: [
+    {
+      enforce: 'pre',
+      ...mdx({
+        providerImportSource: '@mdx-js/react',
+        remarkPlugins: [remarkGfm],
+        rehypePlugins: [[rehypeMdxCodeProps, { tagName: 'code' }]],
+      }),
+    },
+    react(),
+    svgr(),
+    viteCompression({ disable: mode === 'development' }),
+  ],
+  define: {
+    'import.meta.env.IS_CLOUD': JSON.stringify(process.env.IS_CLOUD),
+    'import.meta.env.ADMIN_ENDPOINT': JSON.stringify(process.env.ADMIN_ENDPOINT),
+    'import.meta.env.DEV_FEATURES_ENABLED': JSON.stringify(process.env.DEV_FEATURES_ENABLED),
+    'import.meta.env.INTEGRATION_TEST': JSON.stringify(process.env.INTEGRATION_TEST),
+    // `@withtyped/client` needs this to be defined. We can optimize this later.
+    'process.env': {},
+  },
+});
+
+export default defineConfig(({ mode }) => mergeConfig(defaultConfig, buildConfig(mode)));
diff --git a/packages/core/src/app/init.ts b/packages/core/src/app/init.ts
index 642868071f35..bd5e99285559 100644
--- a/packages/core/src/app/init.ts
+++ b/packages/core/src/app/init.ts
@@ -1,5 +1,6 @@
 import fs from 'node:fs/promises';
 import http2 from 'node:http2';
+import path from 'node:path';
 
 import { appInsights } from '@logto/app-insights/node';
 import { ConsoleLog } from '@logto/shared';
@@ -33,7 +34,11 @@ export default async function initApp(app: Koa): Promise<void> {
     ctx.console = consoleLog;
 
     await koaLogger({
-      transporter: (string) => {
+      transporter: (string, [, _, requestPath]) => {
+        // Ignoring static file requests in development since vite will load a crazy amount of files
+        if (!EnvSet.values.isProduction && path.basename(requestPath).includes('.')) {
+          return;
+        }
         consoleLog.plain(string);
       },
     })(ctx, next);
diff --git a/packages/core/src/middleware/koa-security-headers.ts b/packages/core/src/middleware/koa-security-headers.ts
index cde61c93db20..a981598fcd53 100644
--- a/packages/core/src/middleware/koa-security-headers.ts
+++ b/packages/core/src/middleware/koa-security-headers.ts
@@ -36,7 +36,9 @@ export default function koaSecurityHeaders<StateT, ContextT, ResponseBodyT>(
   // Logto Cloud uses cloud service to serve the admin console; while Logto OSS uses a fixed path under the admin URL set.
   const adminOrigins = isCloud ? cloudUrlSet.origins : adminUrlSet.origins;
   const coreOrigins = urlSet.origins;
-  const developmentOrigins = conditionalArray(!isProduction && 'ws:');
+  const developmentOrigins = isProduction
+    ? []
+    : ['ws:', ...['6001', '6002', '6003'].map((port) => `ws://localhost:${port}`)];
   const logtoOrigin = 'https://*.logto.io';
   /** Google Sign-In (GSI) origin for Google One Tap. */
   const gsiOrigin = 'https://accounts.google.com/gsi/';
diff --git a/packages/core/src/middleware/koa-spa-proxy.ts b/packages/core/src/middleware/koa-spa-proxy.ts
index ffccfe53893c..da429efe1632 100644
--- a/packages/core/src/middleware/koa-spa-proxy.ts
+++ b/packages/core/src/middleware/koa-spa-proxy.ts
@@ -8,6 +8,7 @@ import type { IRouterParamContext } from 'koa-router';
 import { EnvSet } from '#src/env-set/index.js';
 import serveStatic from '#src/middleware/koa-serve-static.js';
 import type Queries from '#src/tenants/Queries.js';
+import { getConsoleLogFromContext } from '#src/utils/console.js';
 
 import serveCustomUiAssets from './koa-serve-custom-ui-assets.js';
 
@@ -35,7 +36,14 @@ export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext
     : proxy('*', {
         target: `http://localhost:${port}`,
         changeOrigin: true,
-        logs: true,
+        logs: (ctx, target) => {
+          // Ignoring static file requests in development since vite will load a crazy amount of files
+          if (path.basename(ctx.request.path).includes('.')) {
+            return;
+          }
+
+          getConsoleLogFromContext(ctx).plain(`\tproxy --> ${target}`);
+        },
         rewrite: (requestPath) => {
           const fullPath = '/' + path.join(prefix, requestPath);
           // Static files
@@ -45,7 +53,7 @@ export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext
 
           // In-app routes
           // We'll gradually migrate our single-page apps to use vite, which can directly return the full path
-          return packagePath === 'demo-app' ? fullPath : requestPath;
+          return packagePath === 'demo-app' || packagePath === 'console' ? fullPath : requestPath;
         },
       });
 
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index e1ee104e5416..4e27d25b2d09 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -31,14 +31,11 @@
     "@silverhand/ts-config-react": "6.0.0",
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
-    "buffer": "^6.0.0",
-    "cross-env": "^7.0.3",
     "eslint": "^8.56.0",
     "i18next": "^22.4.15",
     "i18next-browser-languagedetector": "^8.0.0",
     "jose": "^5.6.3",
     "lint-staged": "^15.0.0",
-    "postcss": "^8.4.31",
     "prettier": "^3.0.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
diff --git a/packages/demo-app/src/App.tsx b/packages/demo-app/src/App.tsx
index 7e49e0f55974..666bef60fcf0 100644
--- a/packages/demo-app/src/App.tsx
+++ b/packages/demo-app/src/App.tsx
@@ -5,7 +5,7 @@ import { useTranslation } from 'react-i18next';
 
 import '@/scss/normalized.scss';
 
-import * as styles from './App.module.scss';
+import styles from './App.module.scss';
 import Callback from './Callback';
 import DevPanel from './DevPanel';
 import congratsDark from './assets/congrats-dark.svg';
diff --git a/packages/demo-app/src/DevPanel.tsx b/packages/demo-app/src/DevPanel.tsx
index 469e2abdd681..84b09369f616 100644
--- a/packages/demo-app/src/DevPanel.tsx
+++ b/packages/demo-app/src/DevPanel.tsx
@@ -3,7 +3,7 @@ import { demoAppApplicationId } from '@logto/schemas';
 import { decodeJwt } from 'jose';
 import { useCallback, useState, type FormEventHandler } from 'react';
 
-import * as styles from './App.module.scss';
+import styles from './App.module.scss';
 import { getLocalData, setLocalData } from './utils';
 
 const safeDecodeJwt = (token: string) => {
diff --git a/packages/demo-app/vite.config.ts b/packages/demo-app/vite.config.ts
index 2951f9635ff7..9fa6033fbf29 100644
--- a/packages/demo-app/vite.config.ts
+++ b/packages/demo-app/vite.config.ts
@@ -1,6 +1,8 @@
-import { defineConfig } from 'vite';
+import { mergeConfig, type UserConfig } from 'vite';
 
-export default defineConfig({
+import { defaultConfig } from '../../vite.shared.config';
+
+const config: UserConfig = {
   base: '/demo-app',
   server: {
     port: 5003,
@@ -8,40 +10,6 @@ export default defineConfig({
       port: 6003,
     },
   },
-  resolve: {
-    alias: [
-      {
-        find: /^@\//,
-        replacement: '/src/',
-      },
-    ],
-  },
-  optimizeDeps: {
-    include: ['@logto/phrases', '@logto/phrases-experience', '@logto/schemas'],
-  },
-  build: {
-    sourcemap: process.env.NODE_ENV === 'production',
-    rollupOptions: {
-      output: {
-        manualChunks(id) {
-          if (/\/react[^/]*\//.test(id)) {
-            return 'react';
-          }
-
-          if (id.includes('/@logto/')) {
-            return 'logto';
-          }
+};
 
-          if (id.includes('/node_modules/')) {
-            return 'vendors';
-          }
-
-          const match = /\/lib\/locales\/([^/]+)/.exec(id);
-          if (match?.[1]) {
-            return `phrases-${match[1]}`;
-          }
-        },
-      },
-    },
-  },
-});
+export default mergeConfig(defaultConfig, config);
diff --git a/packages/phrases-experience/package.json b/packages/phrases-experience/package.json
index 4e9804a1c3ed..85158e667b19 100644
--- a/packages/phrases-experience/package.json
+++ b/packages/phrases-experience/package.json
@@ -43,7 +43,6 @@
   "devDependencies": {
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
-    "buffer": "^6.0.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index cacd0811fc88..59a997645101 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -39,6 +39,9 @@ importers:
       typescript:
         specifier: ^5.0.0
         version: 5.0.2
+      vite:
+        specifier: ^5.3.4
+        version: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/app-insights:
     dependencies:
@@ -63,7 +66,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -78,7 +81,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/cli:
     dependencies:
@@ -190,7 +193,7 @@ importers:
         version: 17.0.13
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       '@withtyped/server':
         specifier: ^0.13.6
         version: 0.13.6(zod@3.23.8)
@@ -208,7 +211,7 @@ importers:
         version: 18.0.0
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-alipay-native:
     dependencies:
@@ -263,7 +266,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -290,7 +293,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-alipay-web:
     dependencies:
@@ -345,7 +348,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -372,7 +375,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-aliyun-dm:
     dependencies:
@@ -418,7 +421,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -445,7 +448,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-aliyun-sms:
     dependencies:
@@ -491,7 +494,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -518,7 +521,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-apple:
     dependencies:
@@ -570,7 +573,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -597,7 +600,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-aws-ses:
     dependencies:
@@ -649,7 +652,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -676,7 +679,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-azuread:
     dependencies:
@@ -725,7 +728,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -752,7 +755,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-dingtalk-web:
     dependencies:
@@ -807,7 +810,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -834,7 +837,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-discord:
     dependencies:
@@ -880,7 +883,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -907,7 +910,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-facebook:
     dependencies:
@@ -953,7 +956,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -980,7 +983,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-feishu-web:
     dependencies:
@@ -1026,7 +1029,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1053,7 +1056,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-github:
     dependencies:
@@ -1102,7 +1105,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1129,7 +1132,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-google:
     dependencies:
@@ -1178,7 +1181,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1205,7 +1208,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-huggingface:
     dependencies:
@@ -1251,7 +1254,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1278,7 +1281,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-kakao:
     dependencies:
@@ -1324,7 +1327,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1351,7 +1354,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-logto-email:
     dependencies:
@@ -1400,7 +1403,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1427,7 +1430,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-logto-sms:
     dependencies:
@@ -1473,7 +1476,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1500,7 +1503,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-logto-social-demo:
     dependencies:
@@ -1546,7 +1549,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1573,7 +1576,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-mailgun:
     dependencies:
@@ -1619,7 +1622,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1646,7 +1649,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-mock-email:
     dependencies:
@@ -1692,7 +1695,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1719,7 +1722,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-mock-email-alternative:
     dependencies:
@@ -1765,7 +1768,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1792,7 +1795,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-mock-sms:
     dependencies:
@@ -1838,7 +1841,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1865,7 +1868,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-mock-social:
     dependencies:
@@ -1911,7 +1914,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -1938,7 +1941,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-naver:
     dependencies:
@@ -1984,7 +1987,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2011,7 +2014,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-oauth2:
     dependencies:
@@ -2066,7 +2069,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2093,7 +2096,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-oidc:
     dependencies:
@@ -2151,7 +2154,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2178,7 +2181,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-saml:
     dependencies:
@@ -2230,7 +2233,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2257,7 +2260,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-sendgrid-email:
     dependencies:
@@ -2303,7 +2306,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2330,7 +2333,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-smsaero:
     dependencies:
@@ -2376,7 +2379,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2403,7 +2406,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-smtp:
     dependencies:
@@ -2455,7 +2458,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2482,7 +2485,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-tencent-sms:
     dependencies:
@@ -2528,7 +2531,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2555,7 +2558,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-twilio-sms:
     dependencies:
@@ -2601,7 +2604,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2628,7 +2631,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-wechat-native:
     dependencies:
@@ -2674,7 +2677,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2701,7 +2704,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-wechat-web:
     dependencies:
@@ -2747,7 +2750,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2774,7 +2777,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/connectors/connector-wecom:
     dependencies:
@@ -2820,7 +2823,7 @@ importers:
         version: 6.0.2
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -2847,7 +2850,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/console:
     devDependencies:
@@ -2893,30 +2896,18 @@ importers:
       '@mdx-js/react':
         specifier: ^3.0.1
         version: 3.0.1(@types/react@18.3.3)(react@18.3.1)
+      '@mdx-js/rollup':
+        specifier: ^3.0.1
+        version: 3.0.1(rollup@4.14.3)
       '@monaco-editor/react':
         specifier: ^4.6.0
         version: 4.6.0(monaco-editor@0.47.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
-      '@parcel/compressor-brotli':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
-      '@parcel/compressor-gzip':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
-      '@parcel/core':
-        specifier: 2.9.3
-        version: 2.9.3
-      '@parcel/transformer-sass':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-svg-react':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/eslint-config-react':
         specifier: 6.0.2
-        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
+        version: 6.0.2(eslint@8.57.0)(postcss@8.4.39)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
       '@silverhand/essentials':
         specifier: ^2.9.1
         version: 2.9.1
@@ -2965,24 +2956,18 @@ importers:
       '@types/react-syntax-highlighter':
         specifier: ^15.5.1
         version: 15.5.1
+      '@vitejs/plugin-react':
+        specifier: ^4.3.1
+        version: 4.3.1(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
       '@withtyped/client':
         specifier: ^0.8.7
         version: 0.8.7(zod@3.23.8)
-      buffer:
-        specifier: ^6.0.0
-        version: 6.0.3
       classnames:
         specifier: ^2.3.1
         version: 2.3.1
       clean-deep:
         specifier: ^3.4.0
         version: 3.4.0
-      cross-env:
-        specifier: ^7.0.3
-        version: 7.0.3
-      csstype:
-        specifier: ^3.0.11
-        version: 3.0.11
       date-fns:
         specifier: ^2.29.3
         version: 2.29.3
@@ -3001,12 +2986,15 @@ importers:
       dnd-core:
         specifier: ^16.0.0
         version: 16.0.0
+      dotenv:
+        specifier: ^16.4.5
+        version: 16.4.5
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
-      history:
-        specifier: ^5.3.0
-        version: 5.3.0
+      find-up:
+        specifier: ^7.0.0
+        version: 7.0.0
       i18next:
         specifier: ^22.4.15
         version: 22.4.15
@@ -3052,21 +3040,15 @@ importers:
       overlayscrollbars-react:
         specifier: ^0.5.0
         version: 0.5.0(overlayscrollbars@2.0.3)(react@18.3.1)
-      parcel:
-        specifier: 2.9.3
-        version: 2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)
       postcss:
-        specifier: ^8.4.31
-        version: 8.4.31
+        specifier: ^8.4.39
+        version: 8.4.39
       postcss-modules:
         specifier: ^4.3.0
-        version: 4.3.0(postcss@8.4.31)
+        version: 4.3.1(postcss@8.4.39)
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      process:
-        specifier: ^0.11.10
-        version: 0.11.10
       prop-types:
         specifier: ^15.8.1
         version: 15.8.1
@@ -3119,8 +3101,8 @@ importers:
         specifier: ^8.1.3
         version: 8.1.3(react@18.3.1)
       react-router-dom:
-        specifier: ^6.10.0
-        version: 6.10.0(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+        specifier: ^6.25.1
+        version: 6.25.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-syntax-highlighter:
         specifier: ^15.5.0
         version: 15.5.0(react@18.3.1)
@@ -3142,15 +3124,21 @@ importers:
       swr:
         specifier: ^2.2.0
         version: 2.2.0(react@18.3.1)
-      ts-node:
-        specifier: ^10.9.2
-        version: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
-      tslib:
-        specifier: ^2.4.1
-        version: 2.4.1
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
+      vite:
+        specifier: ^5.3.4
+        version: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+      vite-plugin-compression:
+        specifier: ^0.5.1
+        version: 0.5.1(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
+      vite-plugin-prebundle:
+        specifier: ^0.0.4
+        version: 0.0.4(esbuild@0.21.5)(rollup@4.14.3)(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
+      vite-plugin-svgr:
+        specifier: ^4.2.0
+        version: 4.2.0(rollup@4.14.3)(typescript@5.5.3)(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -3493,7 +3481,7 @@ importers:
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
       '@silverhand/eslint-config-react':
         specifier: 6.0.2
-        version: 6.0.2(eslint@8.57.0)(postcss@8.4.31)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
+        version: 6.0.2(eslint@8.57.0)(postcss@8.4.39)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)
       '@silverhand/ts-config':
         specifier: 6.0.0
         version: 6.0.0(typescript@5.5.3)
@@ -3506,12 +3494,6 @@ importers:
       '@types/react-dom':
         specifier: ^18.3.0
         version: 18.3.0
-      buffer:
-        specifier: ^6.0.0
-        version: 6.0.3
-      cross-env:
-        specifier: ^7.0.3
-        version: 7.0.3
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -3527,9 +3509,6 @@ importers:
       lint-staged:
         specifier: ^15.0.0
         version: 15.0.2
-      postcss:
-        specifier: ^8.4.31
-        version: 8.4.31
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
@@ -3550,7 +3529,7 @@ importers:
         version: 5.5.3
       vite:
         specifier: ^5.3.4
-        version: 5.3.4(@types/node@20.12.7)(sass@1.77.8)
+        version: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -3770,7 +3749,7 @@ importers:
         version: 8.4.31
       postcss-modules:
         specifier: ^4.3.0
-        version: 4.3.0(postcss@8.4.31)
+        version: 4.3.1(postcss@8.4.31)
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
@@ -3969,9 +3948,6 @@ importers:
       '@silverhand/ts-config':
         specifier: 6.0.0
         version: 6.0.0(typescript@5.5.3)
-      buffer:
-        specifier: ^6.0.0
-        version: 6.0.3
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4038,7 +4014,7 @@ importers:
         version: 0.0.33
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       camelcase:
         specifier: ^8.0.0
         version: 8.0.0
@@ -4065,7 +4041,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/shared:
     dependencies:
@@ -4099,7 +4075,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4114,7 +4090,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/toolkit/connector-kit:
     dependencies:
@@ -4146,7 +4122,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4161,7 +4137,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/toolkit/core-kit:
     dependencies:
@@ -4205,7 +4181,7 @@ importers:
         version: 18.3.3
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4226,7 +4202,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
   packages/toolkit/language-kit:
     optionalDependencies:
@@ -4245,7 +4221,7 @@ importers:
         version: 20.10.4
       '@vitest/coverage-v8':
         specifier: ^2.0.0
-        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))
+        version: 2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -4260,7 +4236,7 @@ importers:
         version: 5.5.3
       vitest:
         specifier: ^2.0.0
-        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+        version: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
 
 packages:
 
@@ -4539,18 +4515,34 @@ packages:
     resolution: {integrity: sha512-y5+tLQyV8pg3fsiln67BVLD1P13Eg4lh5RW9mF0zUuvLrv9uIQ4MCL+CRT+FTsBlBjcIan6PGsLcBN0m3ClUyQ==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/code-frame@7.24.7':
+    resolution: {integrity: sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/compat-data@7.24.4':
     resolution: {integrity: sha512-vg8Gih2MLK+kOkHJp4gBEIkyaIi00jgWot2D9QOmmfLC8jINSOzmCLta6Bvz/JSBCqnegV0L80jhxkol5GWNfQ==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/compat-data@7.24.9':
+    resolution: {integrity: sha512-e701mcfApCJqMMueQI0Fb68Amflj83+dvAvHawoBpAz+GDjCIyGHzNwnefjsWJ3xiYAqqiQFoWbspGYBdb2/ng==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/core@7.24.4':
     resolution: {integrity: sha512-MBVlMXP+kkl5394RBLSxxk/iLTeVGuXTV3cIDXavPpMMqnSnt6apKgan/U8O3USWZCWZT/TbgfEpKa4uMgN4Dg==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/core@7.24.9':
+    resolution: {integrity: sha512-5e3FI4Q3M3Pbr21+5xJwCv6ZT6KmGkI0vw3Tozy5ODAQFTIWe37iT8Cr7Ice2Ntb+M3iSKCEWMB1MBgKrW3whg==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/generator@7.20.4':
     resolution: {integrity: sha512-luCf7yk/cm7yab6CAW1aiFnmEfBJplb/JojV56MYEK7ziWfGmFlTfmL9Ehwfy4gFhbjBfWO1wj7/TuSbVNEEtA==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/generator@7.24.10':
+    resolution: {integrity: sha512-o9HBZL1G2129luEUlG1hB4N/nlYNWHnpwlND9eOMclRqqu1YDy2sSYVCFUZwl8I1Gxh+QSRrP2vD7EpUmFVXxg==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/generator@7.24.4':
     resolution: {integrity: sha512-Xd6+v6SnjWVx/nus+y0l1sxMOTOMBkyL4+BIdbALyatQnAe/SRVjANeDPSCYaX+i1iJmuGSKf3Z+E+V/va1Hvw==}
     engines: {node: '>=6.9.0'}
@@ -4559,56 +4551,110 @@ packages:
     resolution: {integrity: sha512-9JB548GZoQVmzrFgp8o7KxdgkTGm6xs9DW0o/Pim72UDjzr5ObUQ6ZzYPqA+g9OTS2bBQoctLJrky0RDCAWRgQ==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-compilation-targets@7.24.8':
+    resolution: {integrity: sha512-oU+UoqCHdp+nWVDkpldqIQL/i/bvAv53tRqLG/s+cOXxe66zOYLU7ar/Xs3LdmBihrUMEUhwu6dMZwbNOYDwvw==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-environment-visitor@7.22.20':
     resolution: {integrity: sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-environment-visitor@7.24.7':
+    resolution: {integrity: sha512-DoiN84+4Gnd0ncbBOM9AZENV4a5ZiL39HYMyZJGZ/AZEykHYdJw0wW3kdcsh9/Kn+BRXHLkkklZ51ecPKmI1CQ==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-function-name@7.23.0':
     resolution: {integrity: sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-function-name@7.24.7':
+    resolution: {integrity: sha512-FyoJTsj/PEUWu1/TYRiXTIHc8lbw+TDYkZuoE43opPS5TrI7MyONBE1oNvfguEXAD9yhQRrVBnXdXzSLQl9XnA==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-hoist-variables@7.22.5':
     resolution: {integrity: sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-hoist-variables@7.24.7':
+    resolution: {integrity: sha512-MJJwhkoGy5c4ehfoRyrJ/owKeMl19U54h27YYftT0o2teQ3FJ3nQUf/I3LlJsX4l3qlw7WRXUmiyajvHXoTubQ==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-module-imports@7.24.3':
     resolution: {integrity: sha512-viKb0F9f2s0BCS22QSF308z/+1YWKV/76mwt61NBzS5izMzDPwdq1pTrzf+Li3npBWX9KdQbkeCt1jSAM7lZqg==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-module-imports@7.24.7':
+    resolution: {integrity: sha512-8AyH3C+74cgCVVXow/myrynrAGv+nTVg5vKu2nZph9x7RcRwzmh0VFallJuFTZ9mx6u4eSdXZfcOzSqTUm0HCA==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-module-transforms@7.23.3':
     resolution: {integrity: sha512-7bBs4ED9OmswdfDzpz4MpWgSrV7FXlc3zIagvLFjS5H+Mk7Snr21vQ6QwrsoCGMfNC4e4LQPdoULEt4ykz0SRQ==}
     engines: {node: '>=6.9.0'}
     peerDependencies:
       '@babel/core': ^7.0.0
 
+  '@babel/helper-module-transforms@7.24.9':
+    resolution: {integrity: sha512-oYbh+rtFKj/HwBQkFlUzvcybzklmVdVV3UU+mN7n2t/q3yGHbuVdNxyFvSBO1tfvjyArpHNcWMAzsSPdyI46hw==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0
+
   '@babel/helper-plugin-utils@7.20.2':
     resolution: {integrity: sha512-8RvlJG2mj4huQ4pZ+rU9lqKi9ZKiRmuvGuM2HlWmkmgOhbs6zEAw6IEiJ5cQqGbDzGZOhwuOQNtZMi/ENLjZoQ==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-plugin-utils@7.24.8':
+    resolution: {integrity: sha512-FFWx5142D8h2Mgr/iPVGH5G7w6jDn4jUSpZTyDnQO0Yn7Ks2Kuz6Pci8H6MPCoUJegd/UZQ3tAvfLCxQSnWWwg==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-simple-access@7.22.5':
     resolution: {integrity: sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-simple-access@7.24.7':
+    resolution: {integrity: sha512-zBAIvbCMh5Ts+b86r/CjU+4XGYIs+R1j951gxI3KmmxBMhCg4oQMsv6ZXQ64XOm/cvzfU1FmoCyt6+owc5QMYg==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-split-export-declaration@7.22.6':
     resolution: {integrity: sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-split-export-declaration@7.24.7':
+    resolution: {integrity: sha512-oy5V7pD+UvfkEATUKvIjvIAH/xCzfsFVw7ygW2SI6NClZzquT+mwdTfgfdbUiceh6iQO0CHtCPsyze/MZ2YbAA==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-string-parser@7.23.4':
     resolution: {integrity: sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-string-parser@7.24.8':
+    resolution: {integrity: sha512-pO9KhhRcuUyGnJWwyEgnRJTSIZHiT+vMD0kPeD+so0l7mxkMT19g3pjY9GTnHySck/hDzq+dtW/4VgnMkippsQ==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-validator-identifier@7.22.20':
     resolution: {integrity: sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-validator-identifier@7.24.7':
+    resolution: {integrity: sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helper-validator-option@7.23.5':
     resolution: {integrity: sha512-85ttAOMLsr53VgXkTbkx8oA6YTfT4q7/HzXSLEYmjcSTJPMPQtvq1BD79Byep5xMUYbGRzEpDsjUf3dyp54IKw==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helper-validator-option@7.24.8':
+    resolution: {integrity: sha512-xb8t9tD1MHLungh/AIoWYN+gVHaB9kwlu8gffXGSt3FFEIT7RjS+xWbc2vUD1UTZdIpKj/ab3rdqJ7ufngyi2Q==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/helpers@7.24.4':
     resolution: {integrity: sha512-FewdlZbSiwaVGlgT1DPANDuCHaDMiOo+D/IDYRFYjHOuv66xMSJ7fQwwODwRNAPkADIO/z1EoF/l2BCWlWABDw==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/helpers@7.24.8':
+    resolution: {integrity: sha512-gV2265Nkcz7weJJfvDoAEVzC1e2OTDpkGbEsebse8koXUJUXPsCMi7sRo/+SPMuMZ9MtUPnGwITTnQnU5YjyaQ==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/highlight@7.22.5':
     resolution: {integrity: sha512-BSKlD1hgnedS5XRnGOljZawtag7H1yPfQp0tdNJCHoH6AZ+Pcm9VvkrK59/Yy593Ypg0zMxH2BxD1VPYUQ7UIw==}
     engines: {node: '>=6.9.0'}
@@ -4617,11 +4663,20 @@ packages:
     resolution: {integrity: sha512-Yac1ao4flkTxTteCDZLEvdxg2fZfz1v8M4QpaGypq/WPDqg3ijHYbDfs+LG5hvzSoqaSZ9/Z9lKSP3CjZjv+pA==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/highlight@7.24.7':
+    resolution: {integrity: sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/parser@7.24.4':
     resolution: {integrity: sha512-zTvEBcghmeBma9QIGunWevvBAp4/Qu9Bdq+2k0Ot4fVMD6v3dsC9WOcRSKk7tRRyBM/53yKMJko9xOatGQAwSg==}
     engines: {node: '>=6.0.0'}
     hasBin: true
 
+  '@babel/parser@7.24.8':
+    resolution: {integrity: sha512-WzfbgXOkGzZiXXCqk43kKwZjzwx4oulxZi3nq2TYL9mOjQv6kYwul9mz6ID36njuL7Xkp6nJEfok848Zj10j/w==}
+    engines: {node: '>=6.0.0'}
+    hasBin: true
+
   '@babel/plugin-syntax-async-generators@7.8.4':
     resolution: {integrity: sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==}
     peerDependencies:
@@ -4695,12 +4750,20 @@ packages:
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@babel/runtime@7.17.9':
-    resolution: {integrity: sha512-lSiBBvodq29uShpWGNbgFdKYNiFDo5/HIYsaCEY9ff4sb10x9jizo2+pRrSyF4jKZCXqgzuqBOQKbUm90gQwJg==}
+  '@babel/plugin-transform-react-jsx-self@7.24.7':
+    resolution: {integrity: sha512-fOPQYbGSgH0HUp4UJO4sMBFjY6DuWq+2i8rixyUMb3CdGixs/gccURvYOAhajBdKDoGajFr3mUq5rH3phtkGzw==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
+  '@babel/plugin-transform-react-jsx-source@7.24.7':
+    resolution: {integrity: sha512-J2z+MWzZHVOemyLweMqngXrgGC42jQ//R0KdxqkIz/OrbVIIlhFI3WigZ5fO+nwFvBlncr4MGapd8vTyc7RPNQ==}
     engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
 
-  '@babel/runtime@7.19.4':
-    resolution: {integrity: sha512-EXpLCrk55f+cYqmHsSR+yD/0gAIMxxA9QK9lnQWzhMCvt+YmoBN7Zx94s++Kv0+unHk39vxNO8t+CMA2WSS3wA==}
+  '@babel/runtime@7.17.9':
+    resolution: {integrity: sha512-lSiBBvodq29uShpWGNbgFdKYNiFDo5/HIYsaCEY9ff4sb10x9jizo2+pRrSyF4jKZCXqgzuqBOQKbUm90gQwJg==}
     engines: {node: '>=6.9.0'}
 
   '@babel/runtime@7.21.0':
@@ -4719,14 +4782,26 @@ packages:
     resolution: {integrity: sha512-Bkf2q8lMB0AFpX0NFEqSbx1OkTHf0f+0j82mkw+ZpzBnkk7e9Ql0891vlfgi+kHwOk8tQjiQHpqh4LaSa0fKEA==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/template@7.24.7':
+    resolution: {integrity: sha512-jYqfPrU9JTF0PmPy1tLYHW4Mp4KlgxJD9l2nP9fD6yT/ICi554DmrWBAEYpIelzjHf1msDP3PxJIRt/nFNfBig==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/traverse@7.24.1':
     resolution: {integrity: sha512-xuU6o9m68KeqZbQuDt2TcKSxUw/mrsvavlEqQ1leZ/B+C9tk6E4sRWy97WaXgvq5E+nU3cXMxv3WKOCanVMCmQ==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/traverse@7.24.8':
+    resolution: {integrity: sha512-t0P1xxAPzEDcEPmjprAQq19NWum4K0EQPjMwZQZbHt+GiZqvjCHjj755Weq1YRPVzBI+3zSfvScfpnuIecVFJQ==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/types@7.24.0':
     resolution: {integrity: sha512-+j7a5c253RfKh8iABBhywc8NSfP5LURe7Uh4qpsh6jc+aLJguvmIUBdjSdEMQv2bENrCR5MfRdjGo7vzS/ob7w==}
     engines: {node: '>=6.9.0'}
 
+  '@babel/types@7.24.9':
+    resolution: {integrity: sha512-xm8XrMKz0IlUdocVbYJe0Z9xEgidU7msskG8BbhnTPK/HZ2z/7FP7ykqPgrUH+C+r414mNfNWam1f2vqOjqjYQ==}
+    engines: {node: '>=6.9.0'}
+
   '@bcoe/v8-coverage@0.2.3':
     resolution: {integrity: sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==}
 
@@ -5474,6 +5549,11 @@ packages:
       '@types/react': '>=16'
       react: '>=16'
 
+  '@mdx-js/rollup@3.0.1':
+    resolution: {integrity: sha512-j0II91OCm4ld+l5QVgXXMQGxVVcAWIQJakYWi1dv5pefDHASJyCYER2TsdH7Alf958GoFSM7ugukWyvDq/UY4A==}
+    peerDependencies:
+      rollup: '>=2'
+
   '@microsoft/applicationinsights-web-snippet@1.0.1':
     resolution: {integrity: sha512-2IHAOaLauc8qaAitvWS+U931T+ze+7MNWrDHY47IENP5y2UA0vqJDu67kWZDdpCN1fFC77sfgfB+HV7SrKshnQ==}
 
@@ -5920,6 +6000,10 @@ packages:
     peerDependencies:
       '@redis/client': ^1.0.0
 
+  '@remix-run/router@1.18.0':
+    resolution: {integrity: sha512-L3jkqmqoSVBVKHfpGZmLrex0lxR5SucGA0sUfFzGctehw+S/ggL9L/0NnC5mw6P8HUWpFZ3nQw3cRApjjWx9Sw==}
+    engines: {node: '>=14.0.0'}
+
   '@remix-run/router@1.5.0':
     resolution: {integrity: sha512-bkUDCp8o1MvFO+qxkODcbhSqRa6P2GXgrGZVpt0dCXNW2HCSCqYI0ZoAqEOSAjRWmmlKcYgFvN4B4S+zo/f8kg==}
     engines: {node: '>=14'}
@@ -6415,68 +6499,136 @@ packages:
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-add-jsx-attribute@8.0.0':
+    resolution: {integrity: sha512-b9MIk7yhdS1pMCZM8VeNfUlSKVRhsHZNMl5O9SfaX0l0t5wjdgu4IDzGB8bpnGBBOjGST3rRFVsaaEtI4W6f7g==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-remove-jsx-attribute@6.5.0':
     resolution: {integrity: sha512-8zYdkym7qNyfXpWvu4yq46k41pyNM9SOstoWhKlm+IfdCE1DdnRKeMUPsWIEO/DEkaWxJ8T9esNdG3QwQ93jBA==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-remove-jsx-attribute@8.0.0':
+    resolution: {integrity: sha512-BcCkm/STipKvbCl6b7QFrMh/vx00vIP63k2eM66MfHJzPr6O2U0jYEViXkHJWqXqQYjdeA9cuCl5KWmlwjDvbA==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-remove-jsx-empty-expression@6.5.0':
     resolution: {integrity: sha512-NFdxMq3xA42Kb1UbzCVxplUc0iqSyM9X8kopImvFnB+uSDdzIHOdbs1op8ofAvVRtbg4oZiyRl3fTYeKcOe9Iw==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0':
+    resolution: {integrity: sha512-5BcGCBfBxB5+XSDSWnhTThfI9jcO5f0Ai2V24gZpG+wXF14BzwxxdDb4g6trdOux0rhibGs385BeFMSmxtS3uA==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-replace-jsx-attribute-value@6.5.1':
     resolution: {integrity: sha512-8DPaVVE3fd5JKuIC29dqyMB54sA6mfgki2H2+swh+zNJoynC8pMPzOkidqHOSc6Wj032fhl8Z0TVn1GiPpAiJg==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0':
+    resolution: {integrity: sha512-KVQ+PtIjb1BuYT3ht8M5KbzWBhdAjjUPdlMtpuw/VjT8coTrItWX6Qafl9+ji831JaJcu6PJNKCV0bp01lBNzQ==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-svg-dynamic-title@6.5.1':
     resolution: {integrity: sha512-FwOEi0Il72iAzlkaHrlemVurgSQRDFbk0OC8dSvD5fSBPHltNh7JtLsxmZUhjYBZo2PpcU/RJvvi6Q0l7O7ogw==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-svg-dynamic-title@8.0.0':
+    resolution: {integrity: sha512-omNiKqwjNmOQJ2v6ge4SErBbkooV2aAWwaPFs2vUY7p7GhVkzRkJ00kILXQvRhA6miHnNpXv7MRnnSjdRjK8og==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-svg-em-dimensions@6.5.1':
     resolution: {integrity: sha512-gWGsiwjb4tw+ITOJ86ndY/DZZ6cuXMNE/SjcDRg+HLuCmwpcjOktwRF9WgAiycTqJD/QXqL2f8IzE2Rzh7aVXA==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-svg-em-dimensions@8.0.0':
+    resolution: {integrity: sha512-mURHYnu6Iw3UBTbhGwE/vsngtCIbHE43xCRK7kCw4t01xyGqb2Pd+WXekRRoFOBIY29ZoOhUCTEweDMdrjfi9g==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-transform-react-native-svg@6.5.1':
     resolution: {integrity: sha512-2jT3nTayyYP7kI6aGutkyfJ7UMGtuguD72OjeGLwVNyfPRBD8zQthlvL+fAbAKk5n9ZNcvFkp/b1lZ7VsYqVJg==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-transform-react-native-svg@8.1.0':
+    resolution: {integrity: sha512-Tx8T58CHo+7nwJ+EhUwx3LfdNSG9R2OKfaIXXs5soiy5HtgoAEkDay9LIimLOcG8dJQH1wPZp/cnAv6S9CrR1Q==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-plugin-transform-svg-component@6.5.1':
     resolution: {integrity: sha512-a1p6LF5Jt33O3rZoVRBqdxL350oge54iZWHNI6LJB5tQ7EelvD/Mb1mfBiZNAan0dt4i3VArkFRjA4iObuNykQ==}
     engines: {node: '>=12'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-plugin-transform-svg-component@8.0.0':
+    resolution: {integrity: sha512-DFx8xa3cZXTdb/k3kfPeaixecQLgKh5NVBMwD0AQxOzcZawK4oo1Jh9LbrcACUivsCA7TLG8eeWgrDXjTMhRmw==}
+    engines: {node: '>=12'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/babel-preset@6.5.1':
     resolution: {integrity: sha512-6127fvO/FF2oi5EzSQOAjo1LE3OtNVh11R+/8FXa+mHx1ptAaS4cknIjnUA7e6j6fwGGJ17NzaTJFUwOV2zwCw==}
     engines: {node: '>=10'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@svgr/babel-preset@8.1.0':
+    resolution: {integrity: sha512-7EYDbHE7MxHpv4sxvnVPngw5fuR6pw79SkcrILHJ/iMpuKySNCl5W1qcwPEpU+LgyRXOaAFgH0KhwD18wwg6ug==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
   '@svgr/core@6.5.1':
     resolution: {integrity: sha512-/xdLSWxK5QkqG524ONSjvg3V/FkNyCv538OIBdQqPNaAta3AsXj/Bd2FbvR87yMbXO2hFSWiAe/Q6IkVPDw+mw==}
     engines: {node: '>=10'}
 
+  '@svgr/core@8.1.0':
+    resolution: {integrity: sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==}
+    engines: {node: '>=14'}
+
   '@svgr/hast-util-to-babel-ast@6.5.1':
     resolution: {integrity: sha512-1hnUxxjd83EAxbL4a0JDJoD3Dao3hmjvyvyEV8PzWmLK3B9m9NPlW7GKjFyoWE8nM7HnXzPcmmSyOW8yOddSXw==}
     engines: {node: '>=10'}
 
+  '@svgr/hast-util-to-babel-ast@8.0.0':
+    resolution: {integrity: sha512-EbDKwO9GpfWP4jN9sGdYwPBU0kdomaPIL2Eu4YwmgP+sJeXT+L7bMwJUBnhzfH8Q2qMBqZ4fJwpCyYsAN3mt2Q==}
+    engines: {node: '>=14'}
+
   '@svgr/plugin-jsx@6.5.1':
     resolution: {integrity: sha512-+UdQxI3jgtSjCykNSlEMuy1jSRQlGC7pqBCPvkG/2dATdWo082zHTTK3uhnAju2/6XpE6B5mZ3z4Z8Ns01S8Gw==}
     engines: {node: '>=10'}
     peerDependencies:
       '@svgr/core': ^6.0.0
 
+  '@svgr/plugin-jsx@8.1.0':
+    resolution: {integrity: sha512-0xiIyBsLlr8quN+WyuxooNW9RJ0Dpr8uOnH/xrCVO8GLUcwHISwj1AG0k+LFzteTkAA0GbX0kj9q6Dk70PTiPA==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@svgr/core': '*'
+
   '@svgr/plugin-svgo@6.5.1':
     resolution: {integrity: sha512-omvZKf8ixP9z6GWgwbtmP9qQMPX4ODXi+wzbVZgomNFsUIlHA1sf4fThdwTWSsZGgvGAG6yE+b/F5gWUkcZ/iQ==}
     engines: {node: '>=10'}
@@ -6638,6 +6790,9 @@ packages:
   '@types/babel__core@7.1.19':
     resolution: {integrity: sha512-WEOTgRsbYkvA/KCsDwVEGkd7WAr1e3g31VHQ8zy5gul/V1qKullU/BU5I68X5v7V3GnB9eotmom4v5a5gjxorw==}
 
+  '@types/babel__core@7.20.5':
+    resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}
+
   '@types/babel__generator@7.6.4':
     resolution: {integrity: sha512-tFkciB9j2K755yrTALxD44McOrk+gfpIpvC3sxHjRawj6PfnQxrse4Clq5y/Rq+G3mrBurMax/lG8Qn2t9mSsg==}
 
@@ -7020,6 +7175,12 @@ packages:
   '@ungap/structured-clone@1.2.0':
     resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
 
+  '@vitejs/plugin-react@4.3.1':
+    resolution: {integrity: sha512-m/V2syj5CuVnaxcUJOQRel/Wr31FFXRFlnOoq1TVtkCxsY5veGMTEmpWHndrhB2U8ScHtCQB1e+4hWYExQc6Lg==}
+    engines: {node: ^14.18.0 || >=16.0.0}
+    peerDependencies:
+      vite: ^4.2.0 || ^5.0.0
+
   '@vitest/coverage-v8@2.0.0':
     resolution: {integrity: sha512-k2OgMH8e4AyUVsmLk2P3vT++VVaUQbvVaP5NJQDgXgv1q4lG56Z4nb26QNcxgk4ZLypmOrfultAShMo+okIOYw==}
     peerDependencies:
@@ -7119,10 +7280,6 @@ packages:
     peerDependencies:
       acorn: ^6.0.0 || ^7.0.0 || ^8.0.0
 
-  acorn-walk@8.2.0:
-    resolution: {integrity: sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==}
-    engines: {node: '>=0.4.0'}
-
   acorn-walk@8.3.2:
     resolution: {integrity: sha512-cjkyv4OtNCIeqhHrfS81QWXoCBPExR/J62oyEqepVw8WaQeSqpW2uhuLPh1m9eWhDuOo/jUXVTlifvesOWp/4A==}
     engines: {node: '>=0.4.0'}
@@ -7472,6 +7629,11 @@ packages:
     engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
     hasBin: true
 
+  browserslist@4.23.2:
+    resolution: {integrity: sha512-qkqSyistMYdxAcw+CzbZwlBy8AGmS/eEWs+sEV5TnLRGDOL+C5M2EnH6tlZyg0YoAxGJAFKh61En9BR941GnHA==}
+    engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
+    hasBin: true
+
   bser@2.1.1:
     resolution: {integrity: sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==}
 
@@ -7566,6 +7728,9 @@ packages:
   caniuse-lite@1.0.30001618:
     resolution: {integrity: sha512-p407+D1tIkDvsEAPS22lJxLQQaG8OTBEqo0KhzfABGk0TU4juBNDSfH0hyAp/HRyx+M8L17z/ltyhxh27FTfQg==}
 
+  caniuse-lite@1.0.30001643:
+    resolution: {integrity: sha512-ERgWGNleEilSrHM6iUz/zJNSQTP8Mr21wDWpdgvRwcTXGAq6jMtOUPP4dqFPTdKqZ2wKTdtB+uucZ3MRpAUSmg==}
+
   ccount@2.0.1:
     resolution: {integrity: sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==}
 
@@ -8448,6 +8613,9 @@ packages:
   electron-to-chromium@1.4.738:
     resolution: {integrity: sha512-lwKft2CLFztD+vEIpesrOtCrko/TFnEJlHFdRhazU7Y/jx5qc4cqsocfVrBg4So4gGe9lvxnbLIoev47WMpg+A==}
 
+  electron-to-chromium@1.5.0:
+    resolution: {integrity: sha512-Vb3xHHYnLseK8vlMJQKJYXJ++t4u1/qJ3vykuVrVjvdiOEhYyT1AuP4x03G8EnPmYvYOhe9T+dADTmthjRQMkA==}
+
   elkjs@0.9.3:
     resolution: {integrity: sha512-f/ZeWvW/BCXbhGEf1Ujp29EASo/lk1FDnETgNKwJrsVvGZhUWCZyg3xLJjAsxfOmt8KjswHmI5EwCQcPMpOYhQ==}
 
@@ -8565,6 +8733,10 @@ packages:
     resolution: {integrity: sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==}
     engines: {node: '>=6'}
 
+  escalade@3.1.2:
+    resolution: {integrity: sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==}
+    engines: {node: '>=6'}
+
   escape-html@1.0.3:
     resolution: {integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==}
 
@@ -9377,9 +9549,6 @@ packages:
   highlight.js@10.7.3:
     resolution: {integrity: sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A==}
 
-  history@5.3.0:
-    resolution: {integrity: sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==}
-
   hoist-non-react-statics@3.3.2:
     resolution: {integrity: sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==}
 
@@ -10383,56 +10552,62 @@ packages:
   libphonenumber-js@1.10.51:
     resolution: {integrity: sha512-vY2I+rQwrDQzoPds0JeTEpeWzbUJgqoV0O4v31PauHBb/e+1KCXKylHcDnBMgJZ9fH9mErsEbROJY3Z3JtqEmg==}
 
-  lightningcss-darwin-arm64@1.16.1:
-    resolution: {integrity: sha512-/J898YSAiGVqdybHdIF3Ao0Hbh2vyVVj5YNm3NznVzTSvkOi3qQCAtO97sfmNz+bSRHXga7ZPLm+89PpOM5gAg==}
+  lightningcss-darwin-arm64@1.25.1:
+    resolution: {integrity: sha512-G4Dcvv85bs5NLENcu/s1f7ehzE3D5ThnlWSDwE190tWXRQCQaqwcuHe+MGSVI/slm0XrxnaayXY+cNl3cSricw==}
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [darwin]
 
-  lightningcss-darwin-x64@1.16.1:
-    resolution: {integrity: sha512-vyKCNPRNRqke+5i078V+N0GLfMVLEaNcqIcv28hA/vUNRGk/90EDkDB9EndGay0MoPIrC2y0qE3Y74b/OyedqQ==}
+  lightningcss-darwin-x64@1.25.1:
+    resolution: {integrity: sha512-dYWuCzzfqRueDSmto6YU5SoGHvZTMU1Em9xvhcdROpmtOQLorurUZz8+xFxZ51lCO2LnYbfdjZ/gCqWEkwixNg==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [darwin]
 
-  lightningcss-linux-arm-gnueabihf@1.16.1:
-    resolution: {integrity: sha512-0AJC52l40VbrzkMJz6qRvlqVVGykkR2MgRS4bLjVC2ab0H0I/n4p6uPZXGvNIt5gw1PedeND/hq+BghNdgfuPQ==}
+  lightningcss-freebsd-x64@1.25.1:
+    resolution: {integrity: sha512-hXoy2s9A3KVNAIoKz+Fp6bNeY+h9c3tkcx1J3+pS48CqAt+5bI/R/YY4hxGL57fWAIquRjGKW50arltD6iRt/w==}
+    engines: {node: '>= 12.0.0'}
+    cpu: [x64]
+    os: [freebsd]
+
+  lightningcss-linux-arm-gnueabihf@1.25.1:
+    resolution: {integrity: sha512-tWyMgHFlHlp1e5iW3EpqvH5MvsgoN7ZkylBbG2R2LWxnvH3FuWCJOhtGcYx9Ks0Kv0eZOBud789odkYLhyf1ng==}
     engines: {node: '>= 12.0.0'}
     cpu: [arm]
     os: [linux]
 
-  lightningcss-linux-arm64-gnu@1.16.1:
-    resolution: {integrity: sha512-NqxYXsRvI3/Fb9AQLXKrYsU0Q61LqKz5It+Es9gidsfcw1lamny4lmlUgO3quisivkaLCxEkogaizcU6QeZeWQ==}
+  lightningcss-linux-arm64-gnu@1.25.1:
+    resolution: {integrity: sha512-Xjxsx286OT9/XSnVLIsFEDyDipqe4BcLeB4pXQ/FEA5+2uWCCuAEarUNQumRucnj7k6ftkAHUEph5r821KBccQ==}
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [linux]
 
-  lightningcss-linux-arm64-musl@1.16.1:
-    resolution: {integrity: sha512-VUPQ4dmB9yDQxpJF8/imtwNcbIPzlL6ArLHSUInOGxipDk1lOAklhUjbKUvlL3HVlDwD3WHCxggAY01WpFcjiA==}
+  lightningcss-linux-arm64-musl@1.25.1:
+    resolution: {integrity: sha512-IhxVFJoTW8wq6yLvxdPvyHv4NjzcpN1B7gjxrY3uaykQNXPHNIpChLB52+wfH+yS58zm1PL4LemUp8u9Cfp6Bw==}
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [linux]
 
-  lightningcss-linux-x64-gnu@1.16.1:
-    resolution: {integrity: sha512-A40Jjnbellnvh4YF+kt047GLnUU59iLN2LFRCyWQG+QqQZeXOCzXfTQ6EJB4yvHB1mQvWOVdAzVrtEmRw3Vh8g==}
+  lightningcss-linux-x64-gnu@1.25.1:
+    resolution: {integrity: sha512-RXIaru79KrREPEd6WLXfKfIp4QzoppZvD3x7vuTKkDA64PwTzKJ2jaC43RZHRt8BmyIkRRlmywNhTRMbmkPYpA==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [linux]
 
-  lightningcss-linux-x64-musl@1.16.1:
-    resolution: {integrity: sha512-VZf76GxW+8mk238tpw0u9R66gBi/m0YB0TvD54oeGiOqvTZ/mabkBkbsuXTSWcKYj8DSrLW+A42qu+6PLRsIgA==}
+  lightningcss-linux-x64-musl@1.25.1:
+    resolution: {integrity: sha512-TdcNqFsAENEEFr8fJWg0Y4fZ/nwuqTRsIr7W7t2wmDUlA8eSXVepeeONYcb+gtTj1RaXn/WgNLB45SFkz+XBZA==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [linux]
 
-  lightningcss-win32-x64-msvc@1.16.1:
-    resolution: {integrity: sha512-Djy+UzlTtJMayVJU3eFuUW5Gdo+zVTNPJhlYw25tNC9HAoMCkIdSDDrGsWEdEyibEV7xwB8ySTmLuxilfhBtgg==}
+  lightningcss-win32-x64-msvc@1.25.1:
+    resolution: {integrity: sha512-9KZZkmmy9oGDSrnyHuxP6iMhbsgChUiu/NSgOx+U1I/wTngBStDf2i2aGRCHvFqj19HqqBEI4WuGVQBa2V6e0A==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [win32]
 
-  lightningcss@1.16.1:
-    resolution: {integrity: sha512-zU8OTaps3VAodmI2MopfqqOQQ4A9L/2Eo7xoTH/4fNkecy6ftfiGwbbRMTQqtIqJjRg3f927e+lnyBBPhucY1Q==}
+  lightningcss@1.25.1:
+    resolution: {integrity: sha512-V0RMVZzK1+rCHpymRv4URK2lNhIRyO8g7U7zOFwVAhJuat74HtkjIQpQRKNCwFEYkRGpafOpmXXLoaoBcyVtBg==}
     engines: {node: '>= 12.0.0'}
 
   lilconfig@2.1.0:
@@ -11694,8 +11869,8 @@ packages:
     peerDependencies:
       postcss: ^8.1.0
 
-  postcss-modules@4.3.0:
-    resolution: {integrity: sha512-zoUttLDSsbWDinJM9jH37o7hulLRyEgH6fZm2PchxN7AZ8rkdWiALyNhnQ7+jg7cX9f10m6y5VhHsrjO0Mf/DA==}
+  postcss-modules@4.3.1:
+    resolution: {integrity: sha512-ItUhSUxBBdNamkT3KzIZwYNNRFKmkJrofvC2nWab3CPKhYBQ1f27XXh1PAPE27Psx58jeelPsxWB/+og+KEH0Q==}
     peerDependencies:
       postcss: ^8.0.0
 
@@ -11714,10 +11889,6 @@ packages:
     peerDependencies:
       postcss: ^8.4.29
 
-  postcss-selector-parser@6.0.11:
-    resolution: {integrity: sha512-zbARubNdogI9j7WY4nQJBiNqQf3sLS3wCP4WfOidu+p28LofJqDH1tcXypGrcmMHhDk2t9wGhCsYe/+szLTy1g==}
-    engines: {node: '>=4'}
-
   postcss-selector-parser@6.0.16:
     resolution: {integrity: sha512-A0RVJrX+IUkVZbW3ClroRWurercFhieevHB38sr2+l9eUClMqome3LmEmnhlNy+5Mr2EYN6B2Kaw9wYdd+VHiw==}
     engines: {node: '>=4'}
@@ -11737,10 +11908,6 @@ packages:
     resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==}
     engines: {node: ^10 || ^12 || >=14}
 
-  postcss@8.4.38:
-    resolution: {integrity: sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==}
-    engines: {node: ^10 || ^12 || >=14}
-
   postcss@8.4.39:
     resolution: {integrity: sha512-0vzE+lAiG7hZl1/9I8yzKLx3aR9Xbof3fBHKunvMfOCYAtMhrsnccJY2iTURb9EZd5+pLuiNV9/c/GZJOHsgIw==}
     engines: {node: ^10 || ^12 || >=14}
@@ -12091,6 +12258,10 @@ packages:
     peerDependencies:
       react: ^16 || ^17 || ^18
 
+  react-refresh@0.14.2:
+    resolution: {integrity: sha512-jCvmsr+1IUSMUyzOkRcvnVbX3ZYC6g9TDrDbFuFmRDq7PD4yaGbLKNQL6k2jnArV8hjYxh7hVhAZB6s9HDGpZA==}
+    engines: {node: '>=0.10.0'}
+
   react-refresh@0.9.0:
     resolution: {integrity: sha512-Gvzk7OZpiqKSkxsQvO/mbTN1poglhmAV7gR/DdIrRrSMXraRQQlfikRJOr3Nb9GTMPC5kof948Zy6jJZIFtDvQ==}
     engines: {node: '>=0.10.0'}
@@ -12108,12 +12279,25 @@ packages:
       react: '>=16.8'
       react-dom: '>=16.8'
 
+  react-router-dom@6.25.1:
+    resolution: {integrity: sha512-0tUDpbFvk35iv+N89dWNrJp+afLgd+y4VtorJZuOCXK0kkCWjEvb3vTJM++SYvMEpbVwXKf3FjeVveVEb6JpDQ==}
+    engines: {node: '>=14.0.0'}
+    peerDependencies:
+      react: '>=16.8'
+      react-dom: '>=16.8'
+
   react-router@6.10.0:
     resolution: {integrity: sha512-Nrg0BWpQqrC3ZFFkyewrflCud9dio9ME3ojHCF/WLsprJVzkq3q3UeEhMCAW1dobjeGbWgjNn/PVF6m46ANxXQ==}
     engines: {node: '>=14'}
     peerDependencies:
       react: '>=16.8'
 
+  react-router@6.25.1:
+    resolution: {integrity: sha512-u8ELFr5Z6g02nUtpPAggP73Jigj1mRePSwhS/2nkTrlPU5yEkH1vYzWNyvSnSzeeE2DNqWdH+P8OhIh9wuXhTw==}
+    engines: {node: '>=14.0.0'}
+    peerDependencies:
+      react: '>=16.8'
+
   react-side-effect@2.1.2:
     resolution: {integrity: sha512-PVjOcvVOyIILrYoyGEpDN3vmYNLdy1CajSFNt4TDsVQC5KpTijDvWVoR+/7Rz2xT978D8/ZtFceXxzsPwZEDvw==}
     peerDependencies:
@@ -12432,11 +12616,6 @@ packages:
   samlify@2.8.11:
     resolution: {integrity: sha512-EDO9CMba0rtHSek2NyUcS8brIxK1E521X5fT+1qLKTRkm1dddITeuPqU8/by4Lcf95ngMKjsn5Z600eVhXDqxQ==}
 
-  sass@1.56.1:
-    resolution: {integrity: sha512-VpEyKpyBPCxE7qGDtOcdJ6fFbcpOM+Emu7uZLxVrkX8KVU/Dp5UF7WLvzqRuUhB6mqqQt1xffLoG+AndxTZrCQ==}
-    engines: {node: '>=12.0.0'}
-    hasBin: true
-
   sass@1.77.8:
     resolution: {integrity: sha512-4UHg6prsrycW20fqLGPShtEvo/WyHRVRHwOP4DzkUrObWoWI05QBSfzU71TVB7PFaL104TwNaHpjlWXAZbQiNQ==}
     engines: {node: '>=14.0.0'}
@@ -13290,6 +13469,12 @@ packages:
     peerDependencies:
       browserslist: '>= 4.21.0'
 
+  update-browserslist-db@1.1.0:
+    resolution: {integrity: sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==}
+    hasBin: true
+    peerDependencies:
+      browserslist: '>= 4.21.0'
+
   uri-js@4.4.1:
     resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
 
@@ -13355,33 +13540,22 @@ packages:
     engines: {node: ^18.0.0 || >=20.0.0}
     hasBin: true
 
-  vite@5.3.3:
-    resolution: {integrity: sha512-NPQdeCU0Dv2z5fu+ULotpuq5yfCS1BzKUIPhNbP3YBfAMGJXbt2nS+sbTFu+qchaqWTD+H3JK++nRwr6XIcp6A==}
-    engines: {node: ^18.0.0 || >=20.0.0}
-    hasBin: true
+  vite-plugin-compression@0.5.1:
+    resolution: {integrity: sha512-5QJKBDc+gNYVqL/skgFAP81Yuzo9R+EAf19d+EtsMF/i8kFUpNi3J/H01QD3Oo8zBQn+NzoCIFkpPLynoOzaJg==}
     peerDependencies:
-      '@types/node': ^18.0.0 || >=20.0.0
-      less: '*'
-      lightningcss: ^1.21.0
-      sass: '*'
-      stylus: '*'
-      sugarss: '*'
-      terser: ^5.4.0
-    peerDependenciesMeta:
-      '@types/node':
-        optional: true
-      less:
-        optional: true
-      lightningcss:
-        optional: true
-      sass:
-        optional: true
-      stylus:
-        optional: true
-      sugarss:
-        optional: true
-      terser:
-        optional: true
+      vite: '>=2.0.0'
+
+  vite-plugin-prebundle@0.0.4:
+    resolution: {integrity: sha512-5r0KdY4swsZnU3bo7fuqGguYn73qy37I0bRPRye8OQLTinaa1jhHzK4I3CmouF0gnHcMBI1VSNpnuhPLK2BV2A==}
+    peerDependencies:
+      esbuild: ^0.17.0
+      rollup: ^3.0.0
+      vite: ^4.0.0
+
+  vite-plugin-svgr@4.2.0:
+    resolution: {integrity: sha512-SC7+FfVtNQk7So0XMjrrtLAbEC8qjFPifyD7+fs/E6aaNdVde6umlVVh0QuwDLdOMu7vp5RiGFsB70nj5yo0XA==}
+    peerDependencies:
+      vite: ^2.6.0 || 3 || 4 || 5
 
   vite@5.3.4:
     resolution: {integrity: sha512-Cw+7zL3ZG9/NZBB8C+8QbQZmR54GwqIz+WMI4b3JgdYJvX+ny9AjJXqkGQlDXSXRP9rP0B4tbciRMOVEKulVOA==}
@@ -13695,10 +13869,6 @@ packages:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
 
-  yocto-queue@1.0.0:
-    resolution: {integrity: sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==}
-    engines: {node: '>=12.20'}
-
   yocto-queue@1.1.1:
     resolution: {integrity: sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g==}
     engines: {node: '>=12.20'}
@@ -14431,8 +14601,15 @@ snapshots:
       '@babel/highlight': 7.24.2
       picocolors: 1.0.1
 
+  '@babel/code-frame@7.24.7':
+    dependencies:
+      '@babel/highlight': 7.24.7
+      picocolors: 1.0.1
+
   '@babel/compat-data@7.24.4': {}
 
+  '@babel/compat-data@7.24.9': {}
+
   '@babel/core@7.24.4':
     dependencies:
       '@ampproject/remapping': 2.3.0
@@ -14453,12 +14630,39 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@babel/core@7.24.9':
+    dependencies:
+      '@ampproject/remapping': 2.3.0
+      '@babel/code-frame': 7.24.7
+      '@babel/generator': 7.24.10
+      '@babel/helper-compilation-targets': 7.24.8
+      '@babel/helper-module-transforms': 7.24.9(@babel/core@7.24.9)
+      '@babel/helpers': 7.24.8
+      '@babel/parser': 7.24.8
+      '@babel/template': 7.24.7
+      '@babel/traverse': 7.24.8
+      '@babel/types': 7.24.9
+      convert-source-map: 2.0.0
+      debug: 4.3.5
+      gensync: 1.0.0-beta.2
+      json5: 2.2.3
+      semver: 6.3.1
+    transitivePeerDependencies:
+      - supports-color
+
   '@babel/generator@7.20.4':
     dependencies:
       '@babel/types': 7.24.0
       '@jridgewell/gen-mapping': 0.3.5
       jsesc: 2.5.2
 
+  '@babel/generator@7.24.10':
+    dependencies:
+      '@babel/types': 7.24.9
+      '@jridgewell/gen-mapping': 0.3.5
+      '@jridgewell/trace-mapping': 0.3.25
+      jsesc: 2.5.2
+
   '@babel/generator@7.24.4':
     dependencies:
       '@babel/types': 7.24.0
@@ -14474,21 +14678,49 @@ snapshots:
       lru-cache: 5.1.1
       semver: 6.3.1
 
+  '@babel/helper-compilation-targets@7.24.8':
+    dependencies:
+      '@babel/compat-data': 7.24.9
+      '@babel/helper-validator-option': 7.24.8
+      browserslist: 4.23.2
+      lru-cache: 5.1.1
+      semver: 6.3.1
+
   '@babel/helper-environment-visitor@7.22.20': {}
 
+  '@babel/helper-environment-visitor@7.24.7':
+    dependencies:
+      '@babel/types': 7.24.9
+
   '@babel/helper-function-name@7.23.0':
     dependencies:
       '@babel/template': 7.24.0
       '@babel/types': 7.24.0
 
+  '@babel/helper-function-name@7.24.7':
+    dependencies:
+      '@babel/template': 7.24.7
+      '@babel/types': 7.24.9
+
   '@babel/helper-hoist-variables@7.22.5':
     dependencies:
       '@babel/types': 7.24.0
 
+  '@babel/helper-hoist-variables@7.24.7':
+    dependencies:
+      '@babel/types': 7.24.9
+
   '@babel/helper-module-imports@7.24.3':
     dependencies:
       '@babel/types': 7.24.0
 
+  '@babel/helper-module-imports@7.24.7':
+    dependencies:
+      '@babel/traverse': 7.24.8
+      '@babel/types': 7.24.9
+    transitivePeerDependencies:
+      - supports-color
+
   '@babel/helper-module-transforms@7.23.3(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
@@ -14498,22 +14730,52 @@ snapshots:
       '@babel/helper-split-export-declaration': 7.22.6
       '@babel/helper-validator-identifier': 7.22.20
 
+  '@babel/helper-module-transforms@7.24.9(@babel/core@7.24.9)':
+    dependencies:
+      '@babel/core': 7.24.9
+      '@babel/helper-environment-visitor': 7.24.7
+      '@babel/helper-module-imports': 7.24.7
+      '@babel/helper-simple-access': 7.24.7
+      '@babel/helper-split-export-declaration': 7.24.7
+      '@babel/helper-validator-identifier': 7.24.7
+    transitivePeerDependencies:
+      - supports-color
+
   '@babel/helper-plugin-utils@7.20.2': {}
 
+  '@babel/helper-plugin-utils@7.24.8': {}
+
   '@babel/helper-simple-access@7.22.5':
     dependencies:
       '@babel/types': 7.24.0
 
+  '@babel/helper-simple-access@7.24.7':
+    dependencies:
+      '@babel/traverse': 7.24.8
+      '@babel/types': 7.24.9
+    transitivePeerDependencies:
+      - supports-color
+
   '@babel/helper-split-export-declaration@7.22.6':
     dependencies:
       '@babel/types': 7.24.0
 
+  '@babel/helper-split-export-declaration@7.24.7':
+    dependencies:
+      '@babel/types': 7.24.9
+
   '@babel/helper-string-parser@7.23.4': {}
 
+  '@babel/helper-string-parser@7.24.8': {}
+
   '@babel/helper-validator-identifier@7.22.20': {}
 
+  '@babel/helper-validator-identifier@7.24.7': {}
+
   '@babel/helper-validator-option@7.23.5': {}
 
+  '@babel/helper-validator-option@7.24.8': {}
+
   '@babel/helpers@7.24.4':
     dependencies:
       '@babel/template': 7.24.0
@@ -14522,6 +14784,11 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@babel/helpers@7.24.8':
+    dependencies:
+      '@babel/template': 7.24.7
+      '@babel/types': 7.24.9
+
   '@babel/highlight@7.22.5':
     dependencies:
       '@babel/helper-validator-identifier': 7.22.20
@@ -14535,10 +14802,21 @@ snapshots:
       js-tokens: 4.0.0
       picocolors: 1.0.1
 
+  '@babel/highlight@7.24.7':
+    dependencies:
+      '@babel/helper-validator-identifier': 7.24.7
+      chalk: 2.4.2
+      js-tokens: 4.0.0
+      picocolors: 1.0.1
+
   '@babel/parser@7.24.4':
     dependencies:
       '@babel/types': 7.24.0
 
+  '@babel/parser@7.24.8':
+    dependencies:
+      '@babel/types': 7.24.9
+
   '@babel/plugin-syntax-async-generators@7.8.4(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
@@ -14609,11 +14887,17 @@ snapshots:
       '@babel/core': 7.24.4
       '@babel/helper-plugin-utils': 7.20.2
 
-  '@babel/runtime@7.17.9':
+  '@babel/plugin-transform-react-jsx-self@7.24.7(@babel/core@7.24.9)':
     dependencies:
-      regenerator-runtime: 0.13.11
+      '@babel/core': 7.24.9
+      '@babel/helper-plugin-utils': 7.24.8
+
+  '@babel/plugin-transform-react-jsx-source@7.24.7(@babel/core@7.24.9)':
+    dependencies:
+      '@babel/core': 7.24.9
+      '@babel/helper-plugin-utils': 7.24.8
 
-  '@babel/runtime@7.19.4':
+  '@babel/runtime@7.17.9':
     dependencies:
       regenerator-runtime: 0.13.11
 
@@ -14637,6 +14921,12 @@ snapshots:
       '@babel/parser': 7.24.4
       '@babel/types': 7.24.0
 
+  '@babel/template@7.24.7':
+    dependencies:
+      '@babel/code-frame': 7.24.7
+      '@babel/parser': 7.24.8
+      '@babel/types': 7.24.9
+
   '@babel/traverse@7.24.1':
     dependencies:
       '@babel/code-frame': 7.24.2
@@ -14652,12 +14942,33 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@babel/traverse@7.24.8':
+    dependencies:
+      '@babel/code-frame': 7.24.7
+      '@babel/generator': 7.24.10
+      '@babel/helper-environment-visitor': 7.24.7
+      '@babel/helper-function-name': 7.24.7
+      '@babel/helper-hoist-variables': 7.24.7
+      '@babel/helper-split-export-declaration': 7.24.7
+      '@babel/parser': 7.24.8
+      '@babel/types': 7.24.9
+      debug: 4.3.5
+      globals: 11.12.0
+    transitivePeerDependencies:
+      - supports-color
+
   '@babel/types@7.24.0':
     dependencies:
       '@babel/helper-string-parser': 7.23.4
       '@babel/helper-validator-identifier': 7.22.20
       to-fast-properties: 2.0.0
 
+  '@babel/types@7.24.9':
+    dependencies:
+      '@babel/helper-string-parser': 7.24.8
+      '@babel/helper-validator-identifier': 7.24.7
+      to-fast-properties: 2.0.0
+
   '@bcoe/v8-coverage@0.2.3': {}
 
   '@braintree/sanitize-url@6.0.4': {}
@@ -14924,6 +15235,7 @@ snapshots:
   '@cspotcode/source-map-support@0.8.1':
     dependencies:
       '@jridgewell/trace-mapping': 0.3.9
+    optional: true
 
   '@csstools/css-parser-algorithms@2.6.1(@csstools/css-tokenizer@2.2.4)':
     dependencies:
@@ -15459,6 +15771,7 @@ snapshots:
     dependencies:
       '@jridgewell/resolve-uri': 3.1.0
       '@jridgewell/sourcemap-codec': 1.4.15
+    optional: true
 
   '@jsdevtools/ono@7.1.3': {}
 
@@ -15628,6 +15941,16 @@ snapshots:
       '@types/react': 18.3.3
       react: 18.3.1
 
+  '@mdx-js/rollup@3.0.1(rollup@4.14.3)':
+    dependencies:
+      '@mdx-js/mdx': 3.0.1
+      '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
+      rollup: 4.14.3
+      source-map: 0.7.4
+      vfile: 6.0.1
+    transitivePeerDependencies:
+      - supports-color
+
   '@microsoft/applicationinsights-web-snippet@1.0.1': {}
 
   '@mischnic/json-sourcemap@0.1.0':
@@ -15907,7 +16230,7 @@ snapshots:
       '@parcel/source-map': 2.1.1
       '@parcel/utils': 2.9.3
       browserslist: 4.21.4
-      lightningcss: 1.16.1
+      lightningcss: 1.25.1
       nullthrows: 1.1.1
     transitivePeerDependencies:
       - '@parcel/core'
@@ -16119,7 +16442,7 @@ snapshots:
       '@parcel/source-map': 2.1.1
       '@parcel/utils': 2.9.3
       browserslist: 4.21.4
-      lightningcss: 1.16.1
+      lightningcss: 1.25.1
       nullthrows: 1.1.1
     transitivePeerDependencies:
       - '@parcel/core'
@@ -16210,7 +16533,7 @@ snapshots:
     dependencies:
       '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
       '@parcel/source-map': 2.1.1
-      sass: 1.56.1
+      sass: 1.77.8
     transitivePeerDependencies:
       - '@parcel/core'
 
@@ -16396,6 +16719,8 @@ snapshots:
     dependencies:
       '@redis/client': 1.5.16
 
+  '@remix-run/router@1.18.0': {}
+
   '@remix-run/router@1.5.0': {}
 
   '@rollup/plugin-commonjs@26.0.1(rollup@4.12.0)':
@@ -16611,6 +16936,27 @@ snapshots:
       - supports-color
       - typescript
 
+  '@silverhand/eslint-config-react@6.0.2(eslint@8.57.0)(postcss@8.4.39)(prettier@3.0.0)(stylelint@15.11.0(typescript@5.5.3))(typescript@5.5.3)':
+    dependencies:
+      '@silverhand/eslint-config': 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
+      eslint-config-xo-react: 0.27.0(eslint-plugin-react-hooks@4.6.0(eslint@8.57.0))(eslint-plugin-react@7.34.1(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-jsx-a11y: 6.8.0(eslint@8.57.0)
+      eslint-plugin-react: 7.34.1(eslint@8.57.0)
+      eslint-plugin-react-hooks: 4.6.0(eslint@8.57.0)
+      postcss-scss: 4.0.9(postcss@8.4.39)
+      stylelint: 15.11.0(typescript@5.5.3)
+      stylelint-config-xo: 0.22.0(stylelint@15.11.0(typescript@5.5.3))
+      stylelint-scss: 6.2.1(stylelint@15.11.0(typescript@5.5.3))
+    transitivePeerDependencies:
+      - '@types/eslint'
+      - eslint
+      - eslint-import-resolver-node
+      - eslint-import-resolver-webpack
+      - postcss
+      - prettier
+      - supports-color
+      - typescript
+
   '@silverhand/eslint-config@6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)':
     dependencies:
       '@silverhand/eslint-plugin-fp': 2.5.0(eslint@8.57.0)
@@ -17054,34 +17400,66 @@ snapshots:
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-add-jsx-attribute@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-remove-jsx-attribute@6.5.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-remove-jsx-attribute@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-remove-jsx-empty-expression@6.5.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-replace-jsx-attribute-value@6.5.1(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-svg-dynamic-title@6.5.1(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-svg-dynamic-title@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-svg-em-dimensions@6.5.1(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-svg-em-dimensions@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-transform-react-native-svg@6.5.1(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-transform-react-native-svg@8.1.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-plugin-transform-svg-component@6.5.1(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
+  '@svgr/babel-plugin-transform-svg-component@8.0.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+
   '@svgr/babel-preset@6.5.1(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
@@ -17094,6 +17472,18 @@ snapshots:
       '@svgr/babel-plugin-transform-react-native-svg': 6.5.1(@babel/core@7.24.4)
       '@svgr/babel-plugin-transform-svg-component': 6.5.1(@babel/core@7.24.4)
 
+  '@svgr/babel-preset@8.1.0(@babel/core@7.24.4)':
+    dependencies:
+      '@babel/core': 7.24.4
+      '@svgr/babel-plugin-add-jsx-attribute': 8.0.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-remove-jsx-attribute': 8.0.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-remove-jsx-empty-expression': 8.0.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-replace-jsx-attribute-value': 8.0.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-svg-dynamic-title': 8.0.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-svg-em-dimensions': 8.0.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-transform-react-native-svg': 8.1.0(@babel/core@7.24.4)
+      '@svgr/babel-plugin-transform-svg-component': 8.0.0(@babel/core@7.24.4)
+
   '@svgr/core@6.5.1':
     dependencies:
       '@babel/core': 7.24.4
@@ -17104,11 +17494,27 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@svgr/core@8.1.0(typescript@5.5.3)':
+    dependencies:
+      '@babel/core': 7.24.4
+      '@svgr/babel-preset': 8.1.0(@babel/core@7.24.4)
+      camelcase: 6.3.0
+      cosmiconfig: 8.3.6(typescript@5.5.3)
+      snake-case: 3.0.4
+    transitivePeerDependencies:
+      - supports-color
+      - typescript
+
   '@svgr/hast-util-to-babel-ast@6.5.1':
     dependencies:
       '@babel/types': 7.24.0
       entities: 4.4.0
 
+  '@svgr/hast-util-to-babel-ast@8.0.0':
+    dependencies:
+      '@babel/types': 7.24.0
+      entities: 4.5.0
+
   '@svgr/plugin-jsx@6.5.1(@svgr/core@6.5.1)':
     dependencies:
       '@babel/core': 7.24.4
@@ -17119,6 +17525,16 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@svgr/plugin-jsx@8.1.0(@svgr/core@8.1.0(typescript@5.5.3))':
+    dependencies:
+      '@babel/core': 7.24.4
+      '@svgr/babel-preset': 8.1.0(@babel/core@7.24.4)
+      '@svgr/core': 8.1.0(typescript@5.5.3)
+      '@svgr/hast-util-to-babel-ast': 8.0.0
+      svg-parser: 2.0.4
+    transitivePeerDependencies:
+      - supports-color
+
   '@svgr/plugin-svgo@6.5.1(@svgr/core@6.5.1)':
     dependencies:
       '@svgr/core': 6.5.1
@@ -17186,7 +17602,7 @@ snapshots:
 
   '@testing-library/dom@10.0.0':
     dependencies:
-      '@babel/code-frame': 7.24.2
+      '@babel/code-frame': 7.24.7
       '@babel/runtime': 7.24.4
       '@types/aria-query': 5.0.1
       aria-query: 5.3.0
@@ -17220,13 +17636,17 @@ snapshots:
 
   '@trysound/sax@0.2.0': {}
 
-  '@tsconfig/node10@1.0.9': {}
+  '@tsconfig/node10@1.0.9':
+    optional: true
 
-  '@tsconfig/node12@1.0.11': {}
+  '@tsconfig/node12@1.0.11':
+    optional: true
 
-  '@tsconfig/node14@1.0.3': {}
+  '@tsconfig/node14@1.0.3':
+    optional: true
 
-  '@tsconfig/node16@1.0.4': {}
+  '@tsconfig/node16@1.0.4':
+    optional: true
 
   '@types/accepts@1.3.5':
     dependencies:
@@ -17250,6 +17670,14 @@ snapshots:
       '@types/babel__template': 7.4.1
       '@types/babel__traverse': 7.18.2
 
+  '@types/babel__core@7.20.5':
+    dependencies:
+      '@babel/parser': 7.24.4
+      '@babel/types': 7.24.0
+      '@types/babel__generator': 7.6.4
+      '@types/babel__template': 7.4.1
+      '@types/babel__traverse': 7.18.2
+
   '@types/babel__generator@7.6.4':
     dependencies:
       '@babel/types': 7.24.0
@@ -17725,7 +18153,18 @@ snapshots:
 
   '@ungap/structured-clone@1.2.0': {}
 
-  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))':
+  '@vitejs/plugin-react@4.3.1(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))':
+    dependencies:
+      '@babel/core': 7.24.9
+      '@babel/plugin-transform-react-jsx-self': 7.24.7(@babel/core@7.24.9)
+      '@babel/plugin-transform-react-jsx-source': 7.24.7(@babel/core@7.24.9)
+      '@types/babel__core': 7.20.5
+      react-refresh: 0.14.2
+      vite: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+    transitivePeerDependencies:
+      - supports-color
+
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
@@ -17740,11 +18179,11 @@ snapshots:
       std-env: 3.7.0
       strip-literal: 2.1.0
       test-exclude: 7.0.1
-      vitest: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+      vitest: 2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
@@ -17759,11 +18198,11 @@ snapshots:
       std-env: 3.7.0
       strip-literal: 2.1.0
       test-exclude: 7.0.1
-      vitest: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+      vitest: 2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
     transitivePeerDependencies:
       - supports-color
 
-  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8))':
+  '@vitest/coverage-v8@2.0.0(vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 0.2.3
@@ -17778,7 +18217,7 @@ snapshots:
       std-env: 3.7.0
       strip-literal: 2.1.0
       test-exclude: 7.0.1
-      vitest: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8)
+      vitest: 2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8)
     transitivePeerDependencies:
       - supports-color
 
@@ -17949,8 +18388,6 @@ snapshots:
     dependencies:
       acorn: 8.11.3
 
-  acorn-walk@8.2.0: {}
-
   acorn-walk@8.3.2: {}
 
   acorn@8.10.0: {}
@@ -18048,7 +18485,8 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  arg@4.1.3: {}
+  arg@4.1.3:
+    optional: true
 
   argparse@1.0.10:
     dependencies:
@@ -18353,6 +18791,13 @@ snapshots:
       node-releases: 2.0.14
       update-browserslist-db: 1.0.13(browserslist@4.23.0)
 
+  browserslist@4.23.2:
+    dependencies:
+      caniuse-lite: 1.0.30001643
+      electron-to-chromium: 1.5.0
+      node-releases: 2.0.14
+      update-browserslist-db: 1.1.0(browserslist@4.23.2)
+
   bser@2.1.1:
     dependencies:
       node-int64: 0.4.0
@@ -18445,6 +18890,8 @@ snapshots:
 
   caniuse-lite@1.0.30001618: {}
 
+  caniuse-lite@1.0.30001643: {}
+
   ccount@2.0.1: {}
 
   chai@5.1.1:
@@ -18788,7 +19235,8 @@ snapshots:
       - supports-color
       - ts-node
 
-  create-require@1.1.1: {}
+  create-require@1.1.1:
+    optional: true
 
   cross-env@7.0.3:
     dependencies:
@@ -19234,7 +19682,8 @@ snapshots:
 
   diff-sequences@29.6.3: {}
 
-  diff@4.0.2: {}
+  diff@4.0.2:
+    optional: true
 
   diff@5.2.0: {}
 
@@ -19324,6 +19773,8 @@ snapshots:
 
   electron-to-chromium@1.4.738: {}
 
+  electron-to-chromium@1.5.0: {}
+
   elkjs@0.9.3: {}
 
   emitter-listener@1.1.2:
@@ -19550,6 +20001,8 @@ snapshots:
 
   escalade@3.1.1: {}
 
+  escalade@3.1.2: {}
+
   escape-html@1.0.3: {}
 
   escape-string-regexp@1.0.5: {}
@@ -20563,10 +21016,6 @@ snapshots:
 
   highlight.js@10.7.3: {}
 
-  history@5.3.0:
-    dependencies:
-      '@babel/runtime': 7.19.4
-
   hoist-non-react-statics@3.3.2:
     dependencies:
       react-is: 16.13.1
@@ -20723,6 +21172,10 @@ snapshots:
     dependencies:
       postcss: 8.4.31
 
+  icss-utils@5.1.0(postcss@8.4.39):
+    dependencies:
+      postcss: 8.4.39
+
   identity-obj-proxy@3.0.0:
     dependencies:
       harmony-reflect: 1.6.2
@@ -21366,7 +21819,7 @@ snapshots:
       '@types/node': 20.12.7
       anymatch: 3.1.3
       fb-watchman: 2.0.2
-      graceful-fs: 4.2.10
+      graceful-fs: 4.2.11
       jest-regex-util: 29.4.3
       jest-util: 29.5.0
       jest-worker: 29.5.0
@@ -21888,7 +22341,7 @@ snapshots:
       content-disposition: 0.5.4
       content-type: 1.0.4
       cookies: 0.8.0
-      debug: 4.3.4
+      debug: 4.3.5
       delegates: 1.0.0
       depd: 2.0.0
       destroy: 1.0.4
@@ -21956,42 +22409,46 @@ snapshots:
 
   libphonenumber-js@1.10.51: {}
 
-  lightningcss-darwin-arm64@1.16.1:
+  lightningcss-darwin-arm64@1.25.1:
+    optional: true
+
+  lightningcss-darwin-x64@1.25.1:
     optional: true
 
-  lightningcss-darwin-x64@1.16.1:
+  lightningcss-freebsd-x64@1.25.1:
     optional: true
 
-  lightningcss-linux-arm-gnueabihf@1.16.1:
+  lightningcss-linux-arm-gnueabihf@1.25.1:
     optional: true
 
-  lightningcss-linux-arm64-gnu@1.16.1:
+  lightningcss-linux-arm64-gnu@1.25.1:
     optional: true
 
-  lightningcss-linux-arm64-musl@1.16.1:
+  lightningcss-linux-arm64-musl@1.25.1:
     optional: true
 
-  lightningcss-linux-x64-gnu@1.16.1:
+  lightningcss-linux-x64-gnu@1.25.1:
     optional: true
 
-  lightningcss-linux-x64-musl@1.16.1:
+  lightningcss-linux-x64-musl@1.25.1:
     optional: true
 
-  lightningcss-win32-x64-msvc@1.16.1:
+  lightningcss-win32-x64-msvc@1.25.1:
     optional: true
 
-  lightningcss@1.16.1:
+  lightningcss@1.25.1:
     dependencies:
       detect-libc: 1.0.3
     optionalDependencies:
-      lightningcss-darwin-arm64: 1.16.1
-      lightningcss-darwin-x64: 1.16.1
-      lightningcss-linux-arm-gnueabihf: 1.16.1
-      lightningcss-linux-arm64-gnu: 1.16.1
-      lightningcss-linux-arm64-musl: 1.16.1
-      lightningcss-linux-x64-gnu: 1.16.1
-      lightningcss-linux-x64-musl: 1.16.1
-      lightningcss-win32-x64-msvc: 1.16.1
+      lightningcss-darwin-arm64: 1.25.1
+      lightningcss-darwin-x64: 1.25.1
+      lightningcss-freebsd-x64: 1.25.1
+      lightningcss-linux-arm-gnueabihf: 1.25.1
+      lightningcss-linux-arm64-gnu: 1.25.1
+      lightningcss-linux-arm64-musl: 1.25.1
+      lightningcss-linux-x64-gnu: 1.25.1
+      lightningcss-linux-x64-musl: 1.25.1
+      lightningcss-win32-x64-msvc: 1.25.1
 
   lilconfig@2.1.0: {}
 
@@ -22207,7 +22664,8 @@ snapshots:
     dependencies:
       semver: 7.6.0
 
-  make-error@1.3.6: {}
+  make-error@1.3.6:
+    optional: true
 
   makeerror@1.0.12:
     dependencies:
@@ -23320,7 +23778,7 @@ snapshots:
 
   p-limit@4.0.0:
     dependencies:
-      yocto-queue: 1.0.0
+      yocto-queue: 1.1.1
 
   p-limit@6.0.0:
     dependencies:
@@ -23622,24 +24080,45 @@ snapshots:
     dependencies:
       postcss: 8.4.31
 
+  postcss-modules-extract-imports@3.0.0(postcss@8.4.39):
+    dependencies:
+      postcss: 8.4.39
+
   postcss-modules-local-by-default@4.0.0(postcss@8.4.31):
     dependencies:
       icss-utils: 5.1.0(postcss@8.4.31)
       postcss: 8.4.31
-      postcss-selector-parser: 6.0.11
+      postcss-selector-parser: 6.0.16
+      postcss-value-parser: 4.2.0
+
+  postcss-modules-local-by-default@4.0.0(postcss@8.4.39):
+    dependencies:
+      icss-utils: 5.1.0(postcss@8.4.39)
+      postcss: 8.4.39
+      postcss-selector-parser: 6.0.16
       postcss-value-parser: 4.2.0
 
   postcss-modules-scope@3.0.0(postcss@8.4.31):
     dependencies:
       postcss: 8.4.31
-      postcss-selector-parser: 6.0.11
+      postcss-selector-parser: 6.0.16
+
+  postcss-modules-scope@3.0.0(postcss@8.4.39):
+    dependencies:
+      postcss: 8.4.39
+      postcss-selector-parser: 6.0.16
 
   postcss-modules-values@4.0.0(postcss@8.4.31):
     dependencies:
       icss-utils: 5.1.0(postcss@8.4.31)
       postcss: 8.4.31
 
-  postcss-modules@4.3.0(postcss@8.4.31):
+  postcss-modules-values@4.0.0(postcss@8.4.39):
+    dependencies:
+      icss-utils: 5.1.0(postcss@8.4.39)
+      postcss: 8.4.39
+
+  postcss-modules@4.3.1(postcss@8.4.31):
     dependencies:
       generic-names: 4.0.0
       icss-replace-symbols: 1.1.0
@@ -23651,29 +24130,40 @@ snapshots:
       postcss-modules-values: 4.0.0(postcss@8.4.31)
       string-hash: 1.1.3
 
+  postcss-modules@4.3.1(postcss@8.4.39):
+    dependencies:
+      generic-names: 4.0.0
+      icss-replace-symbols: 1.1.0
+      lodash.camelcase: 4.3.0
+      postcss: 8.4.39
+      postcss-modules-extract-imports: 3.0.0(postcss@8.4.39)
+      postcss-modules-local-by-default: 4.0.0(postcss@8.4.39)
+      postcss-modules-scope: 3.0.0(postcss@8.4.39)
+      postcss-modules-values: 4.0.0(postcss@8.4.39)
+      string-hash: 1.1.3
+
   postcss-resolve-nested-selector@0.1.1: {}
 
-  postcss-safe-parser@6.0.0(postcss@8.4.38):
+  postcss-safe-parser@6.0.0(postcss@8.4.39):
     dependencies:
-      postcss: 8.4.38
+      postcss: 8.4.39
 
   postcss-scss@4.0.9(postcss@8.4.31):
     dependencies:
       postcss: 8.4.31
 
-  postcss-selector-parser@6.0.11:
+  postcss-scss@4.0.9(postcss@8.4.39):
     dependencies:
-      cssesc: 3.0.0
-      util-deprecate: 1.0.2
+      postcss: 8.4.39
 
   postcss-selector-parser@6.0.16:
     dependencies:
       cssesc: 3.0.0
       util-deprecate: 1.0.2
 
-  postcss-sorting@8.0.2(postcss@8.4.38):
+  postcss-sorting@8.0.2(postcss@8.4.39):
     dependencies:
-      postcss: 8.4.38
+      postcss: 8.4.39
 
   postcss-value-parser@3.3.1: {}
 
@@ -23685,12 +24175,6 @@ snapshots:
       picocolors: 1.0.0
       source-map-js: 1.0.2
 
-  postcss@8.4.38:
-    dependencies:
-      nanoid: 3.3.7
-      picocolors: 1.0.0
-      source-map-js: 1.2.0
-
   postcss@8.4.39:
     dependencies:
       nanoid: 3.3.7
@@ -24037,6 +24521,8 @@ snapshots:
       prop-types: 15.8.1
       react: 18.3.1
 
+  react-refresh@0.14.2: {}
+
   react-refresh@0.9.0: {}
 
   react-resize-detector@7.1.2(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
@@ -24052,11 +24538,23 @@ snapshots:
       react-dom: 18.3.1(react@18.3.1)
       react-router: 6.10.0(react@18.3.1)
 
+  react-router-dom@6.25.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
+    dependencies:
+      '@remix-run/router': 1.18.0
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
+      react-router: 6.25.1(react@18.3.1)
+
   react-router@6.10.0(react@18.3.1):
     dependencies:
       '@remix-run/router': 1.5.0
       react: 18.3.1
 
+  react-router@6.25.1(react@18.3.1):
+    dependencies:
+      '@remix-run/router': 1.18.0
+      react: 18.3.1
+
   react-side-effect@2.1.2(react@18.3.1):
     dependencies:
       react: 18.3.1
@@ -24514,18 +25012,11 @@ snapshots:
       xml-escape: 1.1.0
       xpath: 0.0.32
 
-  sass@1.56.1:
-    dependencies:
-      chokidar: 3.5.3
-      immutable: 4.1.0
-      source-map-js: 1.0.2
-
   sass@1.77.8:
     dependencies:
       chokidar: 3.5.3
       immutable: 4.1.0
       source-map-js: 1.2.0
-    optional: true
 
   sax@1.2.4: {}
 
@@ -24926,8 +25417,8 @@ snapshots:
 
   stylelint-order@6.0.4(stylelint@15.11.0(typescript@5.5.3)):
     dependencies:
-      postcss: 8.4.38
-      postcss-sorting: 8.0.2(postcss@8.4.38)
+      postcss: 8.4.39
+      postcss-sorting: 8.0.2(postcss@8.4.39)
       stylelint: 15.11.0(typescript@5.5.3)
 
   stylelint-scss@6.2.1(stylelint@15.11.0(typescript@5.5.3)):
@@ -24968,9 +25459,9 @@ snapshots:
       micromatch: 4.0.5
       normalize-path: 3.0.0
       picocolors: 1.0.0
-      postcss: 8.4.38
+      postcss: 8.4.39
       postcss-resolve-nested-selector: 0.1.1
-      postcss-safe-parser: 6.0.0(postcss@8.4.38)
+      postcss-safe-parser: 6.0.0(postcss@8.4.39)
       postcss-selector-parser: 6.0.16
       postcss-value-parser: 4.2.0
       resolve-from: 5.0.0
@@ -25001,7 +25492,7 @@ snapshots:
     dependencies:
       component-emitter: 1.3.0
       cookiejar: 2.1.4
-      debug: 4.3.4
+      debug: 4.3.5
       fast-safe-stringify: 2.1.1
       form-data: 4.0.0
       formidable: 3.5.1
@@ -25051,7 +25542,7 @@ snapshots:
       css-select: 4.3.0
       css-tree: 1.1.3
       csso: 4.2.0
-      picocolors: 1.0.0
+      picocolors: 1.0.1
       stable: 0.1.8
 
   swr@2.2.0(react@18.3.1):
@@ -25231,8 +25722,8 @@ snapshots:
       '@tsconfig/node14': 1.0.3
       '@tsconfig/node16': 1.0.4
       '@types/node': 20.12.7
-      acorn: 8.10.0
-      acorn-walk: 8.2.0
+      acorn: 8.11.3
+      acorn-walk: 8.3.2
       arg: 4.1.3
       create-require: 1.1.1
       diff: 4.0.2
@@ -25252,8 +25743,8 @@ snapshots:
       '@tsconfig/node14': 1.0.3
       '@tsconfig/node16': 1.0.4
       '@types/node': 20.12.7
-      acorn: 8.10.0
-      acorn-walk: 8.2.0
+      acorn: 8.11.3
+      acorn-walk: 8.3.2
       arg: 4.1.3
       create-require: 1.1.1
       diff: 4.0.2
@@ -25263,6 +25754,7 @@ snapshots:
       yn: 3.1.1
     optionalDependencies:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+    optional: true
 
   ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3):
     dependencies:
@@ -25487,7 +25979,7 @@ snapshots:
     dependencies:
       browserslist: 4.21.4
       escalade: 3.1.1
-      picocolors: 1.0.0
+      picocolors: 1.0.1
 
   update-browserslist-db@1.0.13(browserslist@4.23.0):
     dependencies:
@@ -25495,6 +25987,12 @@ snapshots:
       escalade: 3.1.1
       picocolors: 1.0.1
 
+  update-browserslist-db@1.1.0(browserslist@4.23.2):
+    dependencies:
+      browserslist: 4.23.2
+      escalade: 3.1.2
+      picocolors: 1.0.1
+
   uri-js@4.4.1:
     dependencies:
       punycode: 2.3.0
@@ -25529,7 +26027,8 @@ snapshots:
       kleur: 4.1.4
       sade: 1.8.1
 
-  v8-compile-cache-lib@3.0.1: {}
+  v8-compile-cache-lib@3.0.1:
+    optional: true
 
   v8-to-istanbul@9.2.0:
     dependencies:
@@ -25555,13 +26054,13 @@ snapshots:
       unist-util-stringify-position: 4.0.0
       vfile-message: 4.0.2
 
-  vite-node@2.0.0(@types/node@20.10.4)(sass@1.77.8):
+  vite-node@2.0.0(@types/node@20.10.4)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       cac: 6.7.14
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.3.3(@types/node@20.10.4)(sass@1.77.8)
+      vite: 5.3.4(@types/node@20.10.4)(lightningcss@1.25.1)(sass@1.77.8)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -25572,13 +26071,13 @@ snapshots:
       - supports-color
       - terser
 
-  vite-node@2.0.0(@types/node@20.11.20)(sass@1.77.8):
+  vite-node@2.0.0(@types/node@20.11.20)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       cac: 6.7.14
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.3.3(@types/node@20.11.20)(sass@1.77.8)
+      vite: 5.3.4(@types/node@20.11.20)(lightningcss@1.25.1)(sass@1.77.8)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -25589,13 +26088,13 @@ snapshots:
       - supports-color
       - terser
 
-  vite-node@2.0.0(@types/node@20.12.7)(sass@1.77.8):
+  vite-node@2.0.0(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       cac: 6.7.14
       debug: 4.3.5
       pathe: 1.1.2
       picocolors: 1.0.1
-      vite: 5.3.3(@types/node@20.12.7)(sass@1.77.8)
+      vite: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -25606,37 +26105,59 @@ snapshots:
       - supports-color
       - terser
 
-  vite@5.3.3(@types/node@20.10.4)(sass@1.77.8):
+  vite-plugin-compression@0.5.1(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)):
     dependencies:
+      chalk: 4.1.2
+      debug: 4.3.5
+      fs-extra: 10.1.0
+      vite: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+    transitivePeerDependencies:
+      - supports-color
+
+  vite-plugin-prebundle@0.0.4(esbuild@0.21.5)(rollup@4.14.3)(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)):
+    dependencies:
+      debug: 4.3.5
       esbuild: 0.21.5
-      postcss: 8.4.39
+      pathe: 1.1.2
       rollup: 4.14.3
-    optionalDependencies:
-      '@types/node': 20.10.4
-      fsevents: 2.3.3
-      sass: 1.77.8
+      vite: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+    transitivePeerDependencies:
+      - supports-color
+
+  vite-plugin-svgr@4.2.0(rollup@4.14.3)(typescript@5.5.3)(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)):
+    dependencies:
+      '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
+      '@svgr/core': 8.1.0(typescript@5.5.3)
+      '@svgr/plugin-jsx': 8.1.0(@svgr/core@8.1.0(typescript@5.5.3))
+      vite: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+    transitivePeerDependencies:
+      - rollup
+      - supports-color
+      - typescript
 
-  vite@5.3.3(@types/node@20.11.20)(sass@1.77.8):
+  vite@5.3.4(@types/node@20.10.4)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.4.39
       rollup: 4.14.3
     optionalDependencies:
-      '@types/node': 20.11.20
+      '@types/node': 20.10.4
       fsevents: 2.3.3
+      lightningcss: 1.25.1
       sass: 1.77.8
 
-  vite@5.3.3(@types/node@20.12.7)(sass@1.77.8):
+  vite@5.3.4(@types/node@20.11.20)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.4.39
       rollup: 4.14.3
     optionalDependencies:
-      '@types/node': 20.12.7
+      '@types/node': 20.11.20
       fsevents: 2.3.3
+      lightningcss: 1.25.1
       sass: 1.77.8
 
-  vite@5.3.4(@types/node@20.12.7)(sass@1.77.8):
+  vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.4.39
@@ -25644,9 +26165,10 @@ snapshots:
     optionalDependencies:
       '@types/node': 20.12.7
       fsevents: 2.3.3
+      lightningcss: 1.25.1
       sass: 1.77.8
 
-  vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8):
+  vitest@2.0.0(@types/node@20.10.4)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@vitest/expect': 2.0.0
@@ -25663,8 +26185,8 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.3.3(@types/node@20.10.4)(sass@1.77.8)
-      vite-node: 2.0.0(@types/node@20.10.4)(sass@1.77.8)
+      vite: 5.3.4(@types/node@20.10.4)(lightningcss@1.25.1)(sass@1.77.8)
+      vite-node: 2.0.0(@types/node@20.10.4)(lightningcss@1.25.1)(sass@1.77.8)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.10.4
@@ -25679,7 +26201,7 @@ snapshots:
       - supports-color
       - terser
 
-  vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8):
+  vitest@2.0.0(@types/node@20.11.20)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@vitest/expect': 2.0.0
@@ -25696,8 +26218,8 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.3.3(@types/node@20.11.20)(sass@1.77.8)
-      vite-node: 2.0.0(@types/node@20.11.20)(sass@1.77.8)
+      vite: 5.3.4(@types/node@20.11.20)(lightningcss@1.25.1)(sass@1.77.8)
+      vite-node: 2.0.0(@types/node@20.11.20)(lightningcss@1.25.1)(sass@1.77.8)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.11.20
@@ -25712,7 +26234,7 @@ snapshots:
       - supports-color
       - terser
 
-  vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(sass@1.77.8):
+  vitest@2.0.0(@types/node@20.12.7)(happy-dom@14.12.3)(jsdom@20.0.2)(lightningcss@1.25.1)(sass@1.77.8):
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@vitest/expect': 2.0.0
@@ -25729,8 +26251,8 @@ snapshots:
       std-env: 3.7.0
       tinybench: 2.8.0
       tinypool: 1.0.0
-      vite: 5.3.3(@types/node@20.12.7)(sass@1.77.8)
-      vite-node: 2.0.0(@types/node@20.12.7)(sass@1.77.8)
+      vite: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+      vite-node: 2.0.0(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
       why-is-node-running: 2.2.2
     optionalDependencies:
       '@types/node': 20.12.7
@@ -26004,12 +26526,11 @@ snapshots:
 
   ylru@1.2.1: {}
 
-  yn@3.1.1: {}
+  yn@3.1.1:
+    optional: true
 
   yocto-queue@0.1.0: {}
 
-  yocto-queue@1.0.0: {}
-
   yocto-queue@1.1.1: {}
 
   zod-to-ts@1.2.0(typescript@5.5.3)(zod@3.23.8):
diff --git a/vite.shared.config.ts b/vite.shared.config.ts
new file mode 100644
index 000000000000..10b5ab015535
--- /dev/null
+++ b/vite.shared.config.ts
@@ -0,0 +1,39 @@
+/** @fileoverview The common config for frontend projects. */
+
+import { UserConfig } from 'vite';
+import fs from 'fs';
+
+export const defaultConfig: UserConfig = {
+  resolve: {
+    alias: [
+      {
+        find: /^@\//,
+        replacement: '/src/',
+      },
+    ],
+  },
+  optimizeDeps: {
+    include: ['@logto/phrases', '@logto/phrases-experience', '@logto/schemas'],
+  },
+  build: {
+    sourcemap: false,
+    rollupOptions: {
+      output: {
+        manualChunks(id) {
+          if (id.includes('/@logto/')) {
+            return 'logto';
+          }
+
+          if (id.includes('/node_modules/')) {
+            return 'vendors';
+          }
+
+          const match = /\/lib\/locales\/([^/]+)/.exec(id);
+          if (match?.[1]) {
+            return `phrases-${match[1]}`;
+          }
+        },
+      },
+    },
+  },
+};

From 3bf756f2b5ebfec228860bebb1e95ee0f3a92150 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 24 Jul 2024 13:52:44 +0800
Subject: [PATCH 093/135] refactor(experience): use vite

---
 .changeset/sour-windows-wave.md               |   12 +
 .dockerignore                                 |    1 -
 .npmrc                                        |    6 -
 .scripts/package.sh                           |    2 +-
 .vscode/tsx.code-snippets                     |    2 +-
 Dockerfile                                    |    3 +-
 package.json                                  |    4 -
 .../console/src/assets/docs/guides/README.md  |    3 +
 .../console/src/components/Markdown/index.tsx |    2 +
 packages/core/src/middleware/koa-spa-proxy.ts |   10 +-
 packages/demo-app/src/include.d/vite-end.d.ts |    2 +
 packages/demo-app/src/index.tsx               |    2 -
 packages/experience/.eslintrc.cjs             |   22 +
 packages/experience/.parcelrc                 |   16 -
 packages/experience/.parcelrc.arm64           |   20 -
 packages/experience/{src => }/index.html      |    2 +-
 packages/experience/jest.config.ts            |    2 +-
 packages/experience/package.json              |   52 +-
 .../experience/src/Layout/AppLayout/index.tsx |    2 +-
 .../src/Layout/LandingPageLayout/index.tsx    |    2 +-
 .../src/Layout/SecondaryPageLayout/index.tsx  |    2 +-
 .../src/Layout/SectionLayout/index.tsx        |    2 +-
 .../src/Layout/StaticPageLayout/index.tsx     |    2 +-
 .../src/Providers/AppBoundary/AppMeta.tsx     |    2 +-
 .../IframeModalProvider/IframeModal/index.tsx |    2 +-
 .../src/components/BrandingHeader/index.tsx   |    4 +-
 .../src/components/Button/IconButton.tsx      |    2 +-
 .../src/components/Button/MfaFactorButton.tsx |   12 +-
 .../components/Button/RotatingRingIcon.tsx    |    4 +-
 .../components/Button/SocialLinkButton.tsx    |    4 +-
 .../src/components/Button/index.tsx           |    2 +-
 .../src/components/Checkbox/index.tsx         |    4 +-
 .../src/components/ConfirmModal/AcModal.tsx   |    6 +-
 .../components/ConfirmModal/MobileModal.tsx   |    4 +-
 .../src/components/Divider/index.tsx          |    2 +-
 .../src/components/ErrorMessage/index.tsx     |    2 +-
 .../InputField/NotchedBorder/index.tsx        |    2 +-
 .../InputFields/InputField/index.tsx          |    2 +-
 .../InputFields/PasswordInputField/index.tsx  |    4 +-
 .../SmartInputField/AnimatedPrefix/index.tsx  |    2 +-
 .../CountryCodeDropdown/index.tsx             |    6 +-
 .../CountryCodeSelector/index.tsx             |    4 +-
 .../InputFields/SmartInputField/index.tsx     |    2 +-
 .../components/LoadingLayer/LoadingIcon.tsx   |    4 +-
 .../src/components/LoadingLayer/index.tsx     |    2 +-
 .../src/components/LoadingMask/index.tsx      |    2 +-
 .../src/components/LogtoSignature/index.tsx   |    8 +-
 .../src/components/NavBar/index.tsx           |    6 +-
 .../Notification/AppNotification/index.tsx    |    4 +-
 .../Notification/InlineNotification/index.tsx |    2 +-
 .../components/SwitchMfaFactorsLink/index.tsx |    2 +-
 .../src/components/TermsLinks/index.tsx       |    2 +-
 .../src/components/TextLink/index.tsx         |    2 +-
 .../experience/src/components/Toast/index.tsx |    2 +-
 .../src/components/VerificationCode/index.tsx |    2 +-
 packages/experience/src/constants/env.ts      |    4 -
 .../DevelopmentTenantNotification/index.tsx   |    2 +-
 .../src/containers/MfaFactorList/index.tsx    |    2 +-
 .../src/containers/SetPassword/Lite.tsx       |    2 +-
 .../containers/SetPassword/SetPassword.tsx    |    4 +-
 .../containers/SetPassword/TogglePassword.tsx |    2 +-
 .../src/containers/SocialLanding/index.tsx    |    2 +-
 .../containers/SocialLinkAccount/index.tsx    |    2 +-
 .../src/containers/SocialSignInList/index.tsx |    2 +-
 .../TermsAndPrivacyCheckbox/index.tsx         |    2 +-
 .../containers/TotpCodeVerification/index.tsx |    2 +-
 .../VerificationCode/PasswordSignInLink.tsx   |    2 +-
 .../src/containers/VerificationCode/index.tsx |    2 +-
 .../experience/src/include.d/react-app.d.ts   |   65 -
 .../src/include.d/react-router-dom.d.ts       |    1 -
 .../experience/src/include.d/vite-env.d.ts    |    2 +
 .../experience/src/pages/Callback/index.tsx   |    2 +-
 .../OrganizationItem/index.tsx                |    6 +-
 .../OrganizationSelectorModal/index.tsx       |    2 +-
 .../Consent/OrganizationSelector/index.tsx    |    4 +-
 .../src/pages/Consent/ScopeGroup/index.tsx    |    6 +-
 .../pages/Consent/ScopesListCard/index.tsx    |    2 +-
 .../src/pages/Consent/UserProfile/index.tsx   |    4 +-
 .../experience/src/pages/Consent/index.tsx    |    2 +-
 .../Continue/IdentifierProfileForm/index.tsx  |    2 +-
 .../SocialIdentityNotification.tsx            |    2 +-
 .../experience/src/pages/ErrorPage/index.tsx  |    6 +-
 .../ForgotPasswordForm/index.tsx              |    2 +-
 .../MfaBinding/BackupCodeBinding/index.tsx    |    2 +-
 .../TotpBinding/SecretSection/index.tsx       |    2 +-
 .../pages/MfaBinding/TotpBinding/index.tsx    |    2 +-
 .../MfaBinding/WebAuthnBinding/index.tsx      |    2 +-
 .../BackupCodeVerification/index.tsx          |    2 +-
 .../TotpVerification/index.tsx                |    2 +-
 .../WebAuthnVerification/index.tsx            |    2 +-
 .../Register/IdentifierRegisterForm/index.tsx |    4 +-
 .../experience/src/pages/Register/index.tsx   |    2 +-
 .../SignIn/IdentifierSignInForm/index.tsx     |    4 +-
 packages/experience/src/pages/SignIn/Main.tsx |    2 +-
 .../pages/SignIn/PasswordSignInForm/index.tsx |    4 +-
 .../experience/src/pages/SignIn/index.tsx     |    2 +-
 .../PasswordForm/VerificationCodeLink.tsx     |    2 +-
 .../SignInPassword/PasswordForm/index.tsx     |    2 +-
 .../pages/SingleSignOnConnectors/index.tsx    |    2 +-
 .../src/pages/SingleSignOnEmail/index.tsx     |    4 +-
 .../src/pages/SocialLanding/index.tsx         |    2 +-
 packages/experience/tsconfig.json             |    2 +-
 packages/experience/vite.config.ts            |   54 +
 .../toolkit/core-kit/declaration/index.ts     |    1 -
 .../core-kit/declaration/react-app.d.ts       |   65 -
 pnpm-lock.yaml                                | 1760 +----------------
 vite.shared.config.ts                         |   35 +-
 107 files changed, 342 insertions(+), 2040 deletions(-)
 create mode 100644 .changeset/sour-windows-wave.md
 delete mode 100644 .npmrc
 create mode 100644 packages/demo-app/src/include.d/vite-end.d.ts
 create mode 100644 packages/experience/.eslintrc.cjs
 delete mode 100644 packages/experience/.parcelrc
 delete mode 100644 packages/experience/.parcelrc.arm64
 rename packages/experience/{src => }/index.html (88%)
 delete mode 100644 packages/experience/src/constants/env.ts
 delete mode 100644 packages/experience/src/include.d/react-app.d.ts
 create mode 100644 packages/experience/src/include.d/vite-env.d.ts
 create mode 100644 packages/experience/vite.config.ts
 delete mode 100644 packages/toolkit/core-kit/declaration/react-app.d.ts

diff --git a/.changeset/sour-windows-wave.md b/.changeset/sour-windows-wave.md
new file mode 100644
index 000000000000..9f0cd2183365
--- /dev/null
+++ b/.changeset/sour-windows-wave.md
@@ -0,0 +1,12 @@
+---
+"@logto/experience": minor
+"@logto/demo-app": minor
+"@logto/console": minor
+---
+
+use Vite for transpilation and bundling
+
+Removed ParcelJS and replaced with Vite. No breaking changes should be expected, but use a minor version bump to catch your attention.
+
+> [!Important]
+> The browserlist configuration for `@logto/experience` and been synced with what is stated in README.md.
diff --git a/.dockerignore b/.dockerignore
index f0ffc0d34b78..63ef24f823ba 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -33,5 +33,4 @@ dump.rdb
 .devcontainer
 .github
 .husky
-.parcel-cache
 .vscode
diff --git a/.npmrc b/.npmrc
deleted file mode 100644
index 573e44e096ee..000000000000
--- a/.npmrc
+++ /dev/null
@@ -1,6 +0,0 @@
-# Hoist for Parcel
-public-hoist-pattern[]=@parcel/*
-public-hoist-pattern[]=postcss
-public-hoist-pattern[]=process
-public-hoist-pattern[]=*eslint*
-public-hoist-pattern[]=buffer
diff --git a/.scripts/package.sh b/.scripts/package.sh
index c7654930ab8d..7e2720b18406 100755
--- a/.scripts/package.sh
+++ b/.scripts/package.sh
@@ -18,7 +18,7 @@ fi
 
 # Some node packages use `src` as their dist folder, so ignore them from the rm list in the end
 find \
-.git .changeset .devcontainer .github .husky .parcel-cache .scripts .vscode pnpm-*.yaml *.js \
+.git .changeset .devcontainer .github .husky .scripts .vscode pnpm-*.yaml *.js \
 packages/**/src \
 packages/**/*.config.js packages/**/*.config.ts packages/**/tsconfig*.json \
 ! -path '**/node_modules/**' \
diff --git a/.vscode/tsx.code-snippets b/.vscode/tsx.code-snippets
index 2f1caf11c1b6..be2b52bab506 100644
--- a/.vscode/tsx.code-snippets
+++ b/.vscode/tsx.code-snippets
@@ -10,7 +10,7 @@
 		"scope": "javascriptreact,typescriptreact",
 		"prefix": "isc",
 		"body": [
-			"import * as styles from './index.module.scss';",
+			"import styles from './index.module.scss';",
 			"$0"
 		],
 		"description": "Import SCSS styles from the same directory."
diff --git a/Dockerfile b/Dockerfile
index 7cbb6d9fdcf5..ecce9c4c4862 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,6 @@ RUN apk add --no-cache python3 make g++ rsync
 COPY . .
 
 ### Install dependencies and build ###
-RUN node .scripts/update-parcelrc.js
 RUN pnpm i
 
 ### Set if dev features enabled ###
@@ -35,7 +34,7 @@ RUN rm -rf node_modules packages/**/node_modules
 RUN NODE_ENV=production pnpm i
 
 ### Clean up ###
-RUN rm -rf .scripts .parcel-cache pnpm-*.yaml packages/cloud
+RUN rm -rf .scripts pnpm-*.yaml packages/cloud
 
 ###### [STAGE] Seal ######
 FROM node:20-alpine as app
diff --git a/package.json b/package.json
index dcdf6ccb1112..db517658c671 100644
--- a/package.json
+++ b/package.json
@@ -52,9 +52,5 @@
   },
   "dependencies": {
     "@logto/cli": "workspace:^1.1.0"
-  },
-  "//": "@see https://parceljs.org/features/dependency-resolution/#package-exports",
-  "@parcel/resolver-default": {
-    "packageExports": true
   }
 }
diff --git a/packages/console/src/assets/docs/guides/README.md b/packages/console/src/assets/docs/guides/README.md
index 29f0f0dea24e..c2517133e505 100644
--- a/packages/console/src/assets/docs/guides/README.md
+++ b/packages/console/src/assets/docs/guides/README.md
@@ -52,6 +52,9 @@ Images and other assets (if any) should be placed in the `assets` directory of t
 
 ### Update metadata
 
+> [!Note]
+> This section is outdated and we should test if it's still necessary.
+
 Since Parcel doesn't support dynamic import (see [#112](https://github.com/parcel-bundler/parcel/issues/112) [#125](https://github.com/parcel-bundler/parcel/issues/125)), we need to run `node generate-metadata.js` to update the metadata in `index.ts`, thus we can use it in the guide components with React lazy loading.
 
 This may be fixed by replacing Parcel with something else.
diff --git a/packages/console/src/components/Markdown/index.tsx b/packages/console/src/components/Markdown/index.tsx
index ef077e022d65..7fb575a7474d 100644
--- a/packages/console/src/components/Markdown/index.tsx
+++ b/packages/console/src/components/Markdown/index.tsx
@@ -4,6 +4,8 @@ import classNames from 'classnames';
 import { memo, useRef } from 'react';
 import ReactMarkdown from 'react-markdown';
 import remarkGfm from 'remark-gfm';
+
+// TODO: @charles double check if this is still needed
 /**
  * Workaround for the markdown crash issue in the parcel dev build. It seems parcel does
  * something clever in dev mode and messing up the `hastToReact` module. Manually adding
diff --git a/packages/core/src/middleware/koa-spa-proxy.ts b/packages/core/src/middleware/koa-spa-proxy.ts
index da429efe1632..9ad11eb8f54d 100644
--- a/packages/core/src/middleware/koa-spa-proxy.ts
+++ b/packages/core/src/middleware/koa-spa-proxy.ts
@@ -45,15 +45,7 @@ export default function koaSpaProxy<StateT, ContextT extends IRouterParamContext
           getConsoleLogFromContext(ctx).plain(`\tproxy --> ${target}`);
         },
         rewrite: (requestPath) => {
-          const fullPath = '/' + path.join(prefix, requestPath);
-          // Static files
-          if (requestPath.includes('.')) {
-            return fullPath;
-          }
-
-          // In-app routes
-          // We'll gradually migrate our single-page apps to use vite, which can directly return the full path
-          return packagePath === 'demo-app' || packagePath === 'console' ? fullPath : requestPath;
+          return '/' + path.join(prefix, requestPath);
         },
       });
 
diff --git a/packages/demo-app/src/include.d/vite-end.d.ts b/packages/demo-app/src/include.d/vite-end.d.ts
new file mode 100644
index 000000000000..590e602497c8
--- /dev/null
+++ b/packages/demo-app/src/include.d/vite-end.d.ts
@@ -0,0 +1,2 @@
+// eslint-disable-next-line import/no-unassigned-import
+import 'vite/client';
diff --git a/packages/demo-app/src/index.tsx b/packages/demo-app/src/index.tsx
index 2a650d5cd5d3..2fff32634072 100644
--- a/packages/demo-app/src/index.tsx
+++ b/packages/demo-app/src/index.tsx
@@ -1,6 +1,4 @@
 import { createRoot } from 'react-dom/client';
-// eslint-disable-next-line import/no-unassigned-import
-import '@logto/core-kit/declaration';
 
 import App from './App';
 
diff --git a/packages/experience/.eslintrc.cjs b/packages/experience/.eslintrc.cjs
new file mode 100644
index 000000000000..40bcfa69ac07
--- /dev/null
+++ b/packages/experience/.eslintrc.cjs
@@ -0,0 +1,22 @@
+/** @type {import('eslint').Linter.Config} */
+module.exports = {
+  extends: '@silverhand/react',
+  rules: {
+    'jsx-a11y/no-autofocus': 'off',
+    'unicorn/prefer-string-replace-all': 'off',
+  },
+  overrides: [
+    {
+      files: ['*.config.js', '*.config.ts', '*.d.ts'],
+      rules: {
+        'import/no-unused-modules': 'off',
+      },
+    },
+    {
+      files: ['*.d.ts'],
+      rules: {
+        'import/no-unassigned-import': 'off',
+      },
+    },
+  ],
+};
diff --git a/packages/experience/.parcelrc b/packages/experience/.parcelrc
deleted file mode 100644
index 4dc2b9f04e5c..000000000000
--- a/packages/experience/.parcelrc
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  "extends": "@parcel/config-default",
-  "transformers": {
-    "**/assets/icons/*.svg": [
-      "@parcel/transformer-svg-react"
-    ]
-  },
-  "compressors": {
-    "*.{html,css,js,svg,map}": [
-      "...",
-      "@parcel/compressor-gzip",
-      "@parcel/compressor-brotli"
-    ]
-  },
-  "resolvers": ["parcel-resolver-ignore", "..."]
-}
diff --git a/packages/experience/.parcelrc.arm64 b/packages/experience/.parcelrc.arm64
deleted file mode 100644
index 8066b68ca344..000000000000
--- a/packages/experience/.parcelrc.arm64
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "extends": "@parcel/config-default",
-  "optimizers": {
-    // Disable optimizers in arm64 arch https://github.com/parcel-bundler/parcel/issues/7402
-    "*.{jpg,jpeg,png}": []
-  },
-  "transformers": {
-    "**/assets/icons/*.svg": [
-      "@parcel/transformer-svg-react"
-    ]
-  },
-  "compressors": {
-    "*.{html,css,js,svg,map}": [
-      "...",
-      "@parcel/compressor-gzip",
-      "@parcel/compressor-brotli"
-    ]
-  },
-  "resolvers": ["parcel-resolver-ignore", "..."]
-}
diff --git a/packages/experience/src/index.html b/packages/experience/index.html
similarity index 88%
rename from packages/experience/src/index.html
rename to packages/experience/index.html
index 8b5cb68dc513..2cdf8212863f 100644
--- a/packages/experience/src/index.html
+++ b/packages/experience/index.html
@@ -14,7 +14,7 @@
 <body>
   <noscript>You need to enable JavaScript to run this app.</noscript>
   <div id="app"></div>
-  <script type="module" src="index.tsx"></script>
+  <script type="module" src="src/index.tsx"></script>
 </body>
 
 </html>
diff --git a/packages/experience/jest.config.ts b/packages/experience/jest.config.ts
index 588c079456c5..e9a92e6ea483 100644
--- a/packages/experience/jest.config.ts
+++ b/packages/experience/jest.config.ts
@@ -25,7 +25,7 @@ const config: Config.InitialOptions = {
     '\\.(png)$': 'jest-transform-stub',
   },
   moduleNameMapper: {
-    '^@/(.*)$': '<rootDir>/src/$1',
+    '^@/([^?]*)(\\?.*)?$': '<rootDir>/src/$1',
     '^@logto/shared/(.*)$': '<rootDir>/../shared/lib/$1',
     '\\.module\\.(css|sass|scss)$': 'identity-obj-proxy',
   },
diff --git a/packages/experience/package.json b/packages/experience/package.json
index d71876be75b7..3151875bc9ff 100644
--- a/packages/experience/package.json
+++ b/packages/experience/package.json
@@ -9,10 +9,10 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "start": "parcel src/index.html",
-    "dev": "cross-env PORT=5001 parcel src/index.html --no-cache --hmr-port 6001",
+    "start": "vite",
+    "dev": "vite",
     "check": "tsc --noEmit",
-    "build": "pnpm check && rm -rf dist && parcel build src/index.html --no-autoinstall --no-cache --detailed-report",
+    "build": "pnpm check && vite build",
     "lint": "eslint --ext .ts --ext .tsx src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"src/**/*.scss\"",
@@ -27,11 +27,6 @@
     "@logto/phrases": "workspace:^1.12.0",
     "@logto/phrases-experience": "workspace:^1.7.0",
     "@logto/schemas": "workspace:^1.18.0",
-    "@parcel/compressor-brotli": "2.9.3",
-    "@parcel/compressor-gzip": "2.9.3",
-    "@parcel/core": "2.9.3",
-    "@parcel/transformer-sass": "2.9.3",
-    "@parcel/transformer-svg-react": "2.9.3",
     "@react-spring/shared": "^9.6.1",
     "@react-spring/web": "^9.6.1",
     "@silverhand/eslint-config": "6.0.1",
@@ -52,11 +47,13 @@
     "@types/react-helmet": "^6.1.6",
     "@types/react-modal": "^3.13.1",
     "@types/react-router-dom": "^5.3.2",
+    "@vitejs/plugin-react": "^4.3.1",
+    "browserslist": "^4.23.2",
+    "browserslist-to-esbuild": "^2.1.1",
     "camelcase-keys": "^9.1.3",
     "classnames": "^2.3.1",
     "color": "^4.2.3",
     "core-js": "^3.34.0",
-    "cross-env": "^7.0.3",
     "eslint": "^8.56.0",
     "i18next": "^22.4.15",
     "i18next-browser-languagedetector": "^8.0.0",
@@ -69,8 +66,6 @@
     "ky": "^1.2.3",
     "libphonenumber-js": "^1.10.51",
     "lint-staged": "^15.0.0",
-    "parcel": "2.9.3",
-    "parcel-resolver-ignore": "^2.1.3",
     "postcss": "^8.4.31",
     "postcss-modules": "^4.3.0",
     "prettier": "^3.0.0",
@@ -90,42 +85,13 @@
     "tiny-cookie": "^2.4.1",
     "typescript": "^5.5.3",
     "use-debounced-loader": "^0.1.1",
-    "zod": "^3.23.8"
+    "vite": "^5.3.4",
+    "vite-plugin-compression": "^0.5.1",
+    "vite-plugin-svgr": "^4.2.0"
   },
   "engines": {
     "node": "^20.9.0"
   },
-  "//": "https://github.com/parcel-bundler/parcel/issues/7636",
-  "targets": {
-    "default": {
-      "engines": {
-        "browsers": [
-          "defaults",
-          ">0.3%",
-          "Chrome >= 52",
-          "Firefox >= 55",
-          "Safari >= 10",
-          "Edge >= 13",
-          "iOS >= 10",
-          "Electron >= 0.36"
-        ]
-      }
-    }
-  },
-  "parcelIgnore": [
-    "^/api/.+"
-  ],
-  "alias": {
-    "@/*": "./src/$1",
-    "superstruct": "./node_modules/superstruct/dist/index.mjs"
-  },
-  "eslintConfig": {
-    "extends": "@silverhand/react",
-    "rules": {
-      "jsx-a11y/no-autofocus": "off",
-      "unicorn/prefer-string-replace-all": "off"
-    }
-  },
   "stylelint": {
     "extends": "@silverhand/eslint-config-react/.stylelintrc"
   },
diff --git a/packages/experience/src/Layout/AppLayout/index.tsx b/packages/experience/src/Layout/AppLayout/index.tsx
index 167a75174141..1b0ce7beb26c 100644
--- a/packages/experience/src/Layout/AppLayout/index.tsx
+++ b/packages/experience/src/Layout/AppLayout/index.tsx
@@ -7,7 +7,7 @@ import usePlatform from '@/hooks/use-platform';
 import { layoutClassNames } from '@/utils/consts';
 
 import CustomContent from './CustomContent';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const AppLayout = () => {
   const { isMobile } = usePlatform();
diff --git a/packages/experience/src/Layout/LandingPageLayout/index.tsx b/packages/experience/src/Layout/LandingPageLayout/index.tsx
index 8902e71f6882..06cb52fcb785 100644
--- a/packages/experience/src/Layout/LandingPageLayout/index.tsx
+++ b/packages/experience/src/Layout/LandingPageLayout/index.tsx
@@ -10,7 +10,7 @@ import PageMeta from '@/components/PageMeta';
 import { layoutClassNames } from '@/utils/consts';
 import { getBrandingLogoUrl } from '@/utils/logo';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type ThirdPartyBranding = ConsentInfoResponse['application']['branding'];
 
diff --git a/packages/experience/src/Layout/SecondaryPageLayout/index.tsx b/packages/experience/src/Layout/SecondaryPageLayout/index.tsx
index 775e4eeb86e6..95cdb2f54f69 100644
--- a/packages/experience/src/Layout/SecondaryPageLayout/index.tsx
+++ b/packages/experience/src/Layout/SecondaryPageLayout/index.tsx
@@ -8,7 +8,7 @@ import usePlatform from '@/hooks/use-platform';
 
 import { InlineNotification } from '../../components/Notification';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: TFuncKey;
diff --git a/packages/experience/src/Layout/SectionLayout/index.tsx b/packages/experience/src/Layout/SectionLayout/index.tsx
index 106826722e5f..2ad4d101a035 100644
--- a/packages/experience/src/Layout/SectionLayout/index.tsx
+++ b/packages/experience/src/Layout/SectionLayout/index.tsx
@@ -3,7 +3,7 @@ import { type ReactNode } from 'react';
 
 import DynamicT from '@/components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title: TFuncKey;
diff --git a/packages/experience/src/Layout/StaticPageLayout/index.tsx b/packages/experience/src/Layout/StaticPageLayout/index.tsx
index 06c1b6252ea1..8204e4df2ebc 100644
--- a/packages/experience/src/Layout/StaticPageLayout/index.tsx
+++ b/packages/experience/src/Layout/StaticPageLayout/index.tsx
@@ -1,4 +1,4 @@
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: React.ReactNode;
diff --git a/packages/experience/src/Providers/AppBoundary/AppMeta.tsx b/packages/experience/src/Providers/AppBoundary/AppMeta.tsx
index 10aca13e0c0a..5b1d0403f872 100644
--- a/packages/experience/src/Providers/AppBoundary/AppMeta.tsx
+++ b/packages/experience/src/Providers/AppBoundary/AppMeta.tsx
@@ -10,7 +10,7 @@ import defaultAppleTouchLogo from '@/assets/apple-touch-icon.png';
 import defaultFavicon from '@/assets/favicon.png';
 import { type SignInExperienceResponse } from '@/types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const themeToFavicon = Object.freeze({
   [Theme.Light]: 'favicon',
diff --git a/packages/experience/src/Providers/IframeModalProvider/IframeModal/index.tsx b/packages/experience/src/Providers/IframeModalProvider/IframeModal/index.tsx
index 9993d47a1e23..0db5d5866eab 100644
--- a/packages/experience/src/Providers/IframeModalProvider/IframeModal/index.tsx
+++ b/packages/experience/src/Providers/IframeModalProvider/IframeModal/index.tsx
@@ -6,7 +6,7 @@ import LoadingBar from 'react-top-loading-bar';
 
 import NavBar from '@/components/NavBar';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type ModalProps = {
   readonly className?: string;
diff --git a/packages/experience/src/components/BrandingHeader/index.tsx b/packages/experience/src/components/BrandingHeader/index.tsx
index cfc1c0c32462..584ed72d0f71 100644
--- a/packages/experience/src/components/BrandingHeader/index.tsx
+++ b/packages/experience/src/components/BrandingHeader/index.tsx
@@ -2,11 +2,11 @@ import type { Nullable } from '@silverhand/essentials';
 import classNames from 'classnames';
 import type { TFuncKey } from 'i18next';
 
-import ConnectIcon from '@/assets/icons/connect-icon.svg';
+import ConnectIcon from '@/assets/icons/connect-icon.svg?react';
 
 import DynamicT from '../DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/components/Button/IconButton.tsx b/packages/experience/src/components/Button/IconButton.tsx
index c709f9bd6aed..f6fa57bc093a 100644
--- a/packages/experience/src/components/Button/IconButton.tsx
+++ b/packages/experience/src/components/Button/IconButton.tsx
@@ -2,7 +2,7 @@ import classNames from 'classnames';
 import type { HTMLProps, Ref } from 'react';
 import { forwardRef } from 'react';
 
-import * as styles from './IconButton.module.scss';
+import styles from './IconButton.module.scss';
 
 export type Props = Omit<HTMLProps<HTMLButtonElement>, 'type'>;
 
diff --git a/packages/experience/src/components/Button/MfaFactorButton.tsx b/packages/experience/src/components/Button/MfaFactorButton.tsx
index 2d52d0ac2e88..be8a5d0c2109 100644
--- a/packages/experience/src/components/Button/MfaFactorButton.tsx
+++ b/packages/experience/src/components/Button/MfaFactorButton.tsx
@@ -2,15 +2,15 @@ import { MfaFactor } from '@logto/schemas';
 import classNames from 'classnames';
 import { type TFuncKey } from 'i18next';
 
-import ArrowNext from '@/assets/icons/arrow-next.svg';
-import FactorBackupCode from '@/assets/icons/factor-backup-code.svg';
-import FactorTotp from '@/assets/icons/factor-totp.svg';
-import FactorWebAuthn from '@/assets/icons/factor-webauthn.svg';
+import ArrowNext from '@/assets/icons/arrow-next.svg?react';
+import FactorBackupCode from '@/assets/icons/factor-backup-code.svg?react';
+import FactorTotp from '@/assets/icons/factor-totp.svg?react';
+import FactorWebAuthn from '@/assets/icons/factor-webauthn.svg?react';
 
 import DynamicT from '../DynamicT';
 
-import * as mfaFactorButtonStyles from './MfaFactorButton.module.scss';
-import * as styles from './index.module.scss';
+import mfaFactorButtonStyles from './MfaFactorButton.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly factor: MfaFactor;
diff --git a/packages/experience/src/components/Button/RotatingRingIcon.tsx b/packages/experience/src/components/Button/RotatingRingIcon.tsx
index ef29529fedad..0c8d18b87f3d 100644
--- a/packages/experience/src/components/Button/RotatingRingIcon.tsx
+++ b/packages/experience/src/components/Button/RotatingRingIcon.tsx
@@ -1,6 +1,6 @@
-import Ring from '@/assets/icons/loading-ring.svg';
+import Ring from '@/assets/icons/loading-ring.svg?react';
 
-import * as RotatingRingIconStyles from './RotatingRingIcon.module.scss';
+import RotatingRingIconStyles from './RotatingRingIcon.module.scss';
 
 const RotatingRingIcon = () => <Ring className={RotatingRingIconStyles.icon} />;
 
diff --git a/packages/experience/src/components/Button/SocialLinkButton.tsx b/packages/experience/src/components/Button/SocialLinkButton.tsx
index ddfec56613be..e9b598f5101b 100644
--- a/packages/experience/src/components/Button/SocialLinkButton.tsx
+++ b/packages/experience/src/components/Button/SocialLinkButton.tsx
@@ -3,8 +3,8 @@ import { useTranslation } from 'react-i18next';
 import { useDebouncedLoader } from 'use-debounced-loader';
 
 import RotatingRingIcon from './RotatingRingIcon';
-import * as socialLinkButtonStyles from './SocialLinkButton.module.scss';
-import * as styles from './index.module.scss';
+import socialLinkButtonStyles from './SocialLinkButton.module.scss';
+import styles from './index.module.scss';
 
 export type Props = {
   readonly isDisabled?: boolean;
diff --git a/packages/experience/src/components/Button/index.tsx b/packages/experience/src/components/Button/index.tsx
index 2166df5c7452..549aea5f71fe 100644
--- a/packages/experience/src/components/Button/index.tsx
+++ b/packages/experience/src/components/Button/index.tsx
@@ -6,7 +6,7 @@ import { useDebouncedLoader } from 'use-debounced-loader';
 import DynamicT from '../DynamicT';
 
 import RotatingRingIcon from './RotatingRingIcon';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type ButtonType = 'primary' | 'secondary';
 
diff --git a/packages/experience/src/components/Checkbox/index.tsx b/packages/experience/src/components/Checkbox/index.tsx
index 33afbcaa54cf..423f994e5cb2 100644
--- a/packages/experience/src/components/Checkbox/index.tsx
+++ b/packages/experience/src/components/Checkbox/index.tsx
@@ -2,9 +2,9 @@ import classNames from 'classnames';
 import type { InputHTMLAttributes, Ref } from 'react';
 import { forwardRef } from 'react';
 
-import CheckBox from '@/assets/icons/checkbox-icon.svg';
+import CheckBox from '@/assets/icons/checkbox-icon.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly size?: 'small' | 'default';
diff --git a/packages/experience/src/components/ConfirmModal/AcModal.tsx b/packages/experience/src/components/ConfirmModal/AcModal.tsx
index 17c454783d68..724b1e5f636b 100644
--- a/packages/experience/src/components/ConfirmModal/AcModal.tsx
+++ b/packages/experience/src/components/ConfirmModal/AcModal.tsx
@@ -3,14 +3,14 @@ import { useRef } from 'react';
 import { useTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 
-import CloseIcon from '@/assets/icons/close-icon.svg';
+import CloseIcon from '@/assets/icons/close-icon.svg?react';
 import Button from '@/components/Button';
 import IconButton from '@/components/Button/IconButton';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as modalStyles from '../../scss/modal.module.scss';
+import modalStyles from '../../scss/modal.module.scss';
 
-import * as styles from './Acmodal.module.scss';
+import styles from './Acmodal.module.scss';
 import type { ModalProps } from './type';
 
 const AcModal = ({
diff --git a/packages/experience/src/components/ConfirmModal/MobileModal.tsx b/packages/experience/src/components/ConfirmModal/MobileModal.tsx
index 0e888fa5db29..a47c87a79947 100644
--- a/packages/experience/src/components/ConfirmModal/MobileModal.tsx
+++ b/packages/experience/src/components/ConfirmModal/MobileModal.tsx
@@ -3,9 +3,9 @@ import ReactModal from 'react-modal';
 
 import Button from '@/components/Button';
 
-import * as modalStyles from '../../scss/modal.module.scss';
+import modalStyles from '../../scss/modal.module.scss';
 
-import * as styles from './MobileModal.module.scss';
+import styles from './MobileModal.module.scss';
 import type { ModalProps } from './type';
 
 const MobileModal = ({
diff --git a/packages/experience/src/components/Divider/index.tsx b/packages/experience/src/components/Divider/index.tsx
index 19d4a37ca2e8..d865e1cebf31 100644
--- a/packages/experience/src/components/Divider/index.tsx
+++ b/packages/experience/src/components/Divider/index.tsx
@@ -3,7 +3,7 @@ import type { TFuncKey } from 'i18next';
 
 import DynamicT from '../DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/components/ErrorMessage/index.tsx b/packages/experience/src/components/ErrorMessage/index.tsx
index f92af6ed96c7..64d2fd789623 100644
--- a/packages/experience/src/components/ErrorMessage/index.tsx
+++ b/packages/experience/src/components/ErrorMessage/index.tsx
@@ -3,7 +3,7 @@ import type { TFuncKey } from 'i18next';
 import type { ReactNode } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type RemovePrefix<T extends string, Prefix extends T> = T extends `${Prefix}${string}` ? never : T;
 
diff --git a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.tsx b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.tsx
index c4137b3093b6..f8e097e47a4a 100644
--- a/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.tsx
+++ b/packages/experience/src/components/InputFields/InputField/NotchedBorder/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly label: string;
diff --git a/packages/experience/src/components/InputFields/InputField/index.tsx b/packages/experience/src/components/InputFields/InputField/index.tsx
index a12c1d786d3e..345a1e73cbba 100644
--- a/packages/experience/src/components/InputFields/InputField/index.tsx
+++ b/packages/experience/src/components/InputFields/InputField/index.tsx
@@ -14,7 +14,7 @@ import {
 import ErrorMessage from '@/components/ErrorMessage';
 
 import NotchedBorder from './NotchedBorder';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = Omit<HTMLProps<HTMLInputElement>, 'prefix'> & {
   readonly className?: string;
diff --git a/packages/experience/src/components/InputFields/PasswordInputField/index.tsx b/packages/experience/src/components/InputFields/PasswordInputField/index.tsx
index a5dd13bf2f57..253e1c5dd96f 100644
--- a/packages/experience/src/components/InputFields/PasswordInputField/index.tsx
+++ b/packages/experience/src/components/InputFields/PasswordInputField/index.tsx
@@ -2,8 +2,8 @@ import type { Nullable } from '@silverhand/essentials';
 import type { Ref } from 'react';
 import { forwardRef, useRef, useImperativeHandle } from 'react';
 
-import PasswordHideIcon from '@/assets/icons/password-hide-icon.svg';
-import PasswordShowIcon from '@/assets/icons/password-show-icon.svg';
+import PasswordHideIcon from '@/assets/icons/password-hide-icon.svg?react';
+import PasswordShowIcon from '@/assets/icons/password-show-icon.svg?react';
 import IconButton from '@/components/Button/IconButton';
 import useToggle from '@/hooks/use-toggle';
 
diff --git a/packages/experience/src/components/InputFields/SmartInputField/AnimatedPrefix/index.tsx b/packages/experience/src/components/InputFields/SmartInputField/AnimatedPrefix/index.tsx
index d505158048c4..5ecaf67c3b8f 100644
--- a/packages/experience/src/components/InputFields/SmartInputField/AnimatedPrefix/index.tsx
+++ b/packages/experience/src/components/InputFields/SmartInputField/AnimatedPrefix/index.tsx
@@ -3,7 +3,7 @@ import { useSpring, animated, config } from '@react-spring/web';
 import type { Nullable } from '@silverhand/essentials';
 import { cloneElement, useCallback, useRef, useState } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children: JSX.Element; // Limit to one element
diff --git a/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/CountryCodeDropdown/index.tsx b/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/CountryCodeDropdown/index.tsx
index 73944705b965..715a2b101372 100644
--- a/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/CountryCodeDropdown/index.tsx
+++ b/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/CountryCodeDropdown/index.tsx
@@ -6,8 +6,8 @@ import { useCallback, useLayoutEffect, useMemo, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 
-import CheckMark from '@/assets/icons/check-mark.svg';
-import SearchIcon from '@/assets/icons/search-icon.svg';
+import CheckMark from '@/assets/icons/check-mark.svg?react';
+import SearchIcon from '@/assets/icons/search-icon.svg?react';
 import InputField from '@/components/InputFields/InputField';
 import NavBar from '@/components/NavBar';
 import useDebounce from '@/hooks/use-debounce';
@@ -15,7 +15,7 @@ import usePlatform from '@/hooks/use-platform';
 import { onKeyDownHandler } from '@/utils/a11y';
 import type { CountryMetaData } from '@/utils/country-code';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/index.tsx b/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/index.tsx
index 1a039f8337c4..a9e1af60cece 100644
--- a/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/index.tsx
+++ b/packages/experience/src/components/InputFields/SmartInputField/CountryCodeSelector/index.tsx
@@ -3,12 +3,12 @@ import classNames from 'classnames';
 import type { ForwardedRef } from 'react';
 import { useState, useMemo, forwardRef } from 'react';
 
-import DownArrowIcon from '@/assets/icons/arrow-down.svg';
+import DownArrowIcon from '@/assets/icons/arrow-down.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 import { getCountryList, getDefaultCountryCallingCode } from '@/utils/country-code';
 
 import CountryCodeDropdown from './CountryCodeDropdown';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/components/InputFields/SmartInputField/index.tsx b/packages/experience/src/components/InputFields/SmartInputField/index.tsx
index 3c2ec06490fd..fa4f062bdc10 100644
--- a/packages/experience/src/components/InputFields/SmartInputField/index.tsx
+++ b/packages/experience/src/components/InputFields/SmartInputField/index.tsx
@@ -4,7 +4,7 @@ import type { Nullable } from '@silverhand/essentials';
 import type { HTMLProps, Ref } from 'react';
 import { useEffect, useImperativeHandle, useRef, forwardRef } from 'react';
 
-import ClearIcon from '@/assets/icons/clear-icon.svg';
+import ClearIcon from '@/assets/icons/clear-icon.svg?react';
 import IconButton from '@/components/Button/IconButton';
 
 import InputField from '../InputField';
diff --git a/packages/experience/src/components/LoadingLayer/LoadingIcon.tsx b/packages/experience/src/components/LoadingLayer/LoadingIcon.tsx
index fa800dee5008..8a13e9f1002f 100644
--- a/packages/experience/src/components/LoadingLayer/LoadingIcon.tsx
+++ b/packages/experience/src/components/LoadingLayer/LoadingIcon.tsx
@@ -1,8 +1,8 @@
 import classNames from 'classnames';
 
-import LoadingSvg from '@/assets/icons/loading-icon.svg';
+import LoadingSvg from '@/assets/icons/loading-icon.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/components/LoadingLayer/index.tsx b/packages/experience/src/components/LoadingLayer/index.tsx
index 52b43e236bcf..fb5c69cf256f 100644
--- a/packages/experience/src/components/LoadingLayer/index.tsx
+++ b/packages/experience/src/components/LoadingLayer/index.tsx
@@ -1,7 +1,7 @@
 import LoadingMask from '../LoadingMask';
 
 import LoadingIcon from './LoadingIcon';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export { default as LoadingIcon } from './LoadingIcon';
 
diff --git a/packages/experience/src/components/LoadingMask/index.tsx b/packages/experience/src/components/LoadingMask/index.tsx
index b77e4435113e..e70fb65560cd 100644
--- a/packages/experience/src/components/LoadingMask/index.tsx
+++ b/packages/experience/src/components/LoadingMask/index.tsx
@@ -1,6 +1,6 @@
 import { type ReactNode } from 'react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly children?: ReactNode;
diff --git a/packages/experience/src/components/LogtoSignature/index.tsx b/packages/experience/src/components/LogtoSignature/index.tsx
index d70526a6cece..4af7cd47fe5b 100644
--- a/packages/experience/src/components/LogtoSignature/index.tsx
+++ b/packages/experience/src/components/LogtoSignature/index.tsx
@@ -2,11 +2,11 @@ import { Theme } from '@logto/schemas';
 import { useContext } from 'react';
 
 import PageContext from '@/Providers/PageContextProvider/PageContext';
-import LogtoLogtoDark from '@/assets/icons/logto-logo-dark.svg';
-import LogtoLogoLight from '@/assets/icons/logto-logo-light.svg';
-import LogtoLogoShadow from '@/assets/icons/logto-logo-shadow.svg';
+import LogtoLogtoDark from '@/assets/icons/logto-logo-dark.svg?react';
+import LogtoLogoLight from '@/assets/icons/logto-logo-light.svg?react';
+import LogtoLogoShadow from '@/assets/icons/logto-logo-shadow.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const logtoUrl = `https://logto.io/?${new URLSearchParams({
   utm_source: 'sign_in',
diff --git a/packages/experience/src/components/NavBar/index.tsx b/packages/experience/src/components/NavBar/index.tsx
index 3ee1a4566a1f..abcfdab530d3 100644
--- a/packages/experience/src/components/NavBar/index.tsx
+++ b/packages/experience/src/components/NavBar/index.tsx
@@ -3,11 +3,11 @@ import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useNavigate } from 'react-router-dom';
 
-import ArrowPrev from '@/assets/icons/arrow-prev.svg';
-import NavClose from '@/assets/icons/nav-close.svg';
+import ArrowPrev from '@/assets/icons/arrow-prev.svg?react';
+import NavClose from '@/assets/icons/nav-close.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title?: string;
diff --git a/packages/experience/src/components/Notification/AppNotification/index.tsx b/packages/experience/src/components/Notification/AppNotification/index.tsx
index 48aba527b00c..1446ca469a1d 100644
--- a/packages/experience/src/components/Notification/AppNotification/index.tsx
+++ b/packages/experience/src/components/Notification/AppNotification/index.tsx
@@ -2,10 +2,10 @@ import classNames from 'classnames';
 import type { CSSProperties, ForwardedRef, ReactNode } from 'react';
 import { forwardRef } from 'react';
 
-import InfoIcon from '@/assets/icons/info-icon.svg';
+import InfoIcon from '@/assets/icons/info-icon.svg?react';
 import TextLink from '@/components/TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 /* eslint-disable react/require-default-props */
 type Props = {
diff --git a/packages/experience/src/components/Notification/InlineNotification/index.tsx b/packages/experience/src/components/Notification/InlineNotification/index.tsx
index 83f77d76146b..2c65edf2acbd 100644
--- a/packages/experience/src/components/Notification/InlineNotification/index.tsx
+++ b/packages/experience/src/components/Notification/InlineNotification/index.tsx
@@ -3,7 +3,7 @@ import type { TFuncKey } from 'i18next';
 
 import DynamicT from '@/components/DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/components/SwitchMfaFactorsLink/index.tsx b/packages/experience/src/components/SwitchMfaFactorsLink/index.tsx
index 3439e853c039..3b5acc112e81 100644
--- a/packages/experience/src/components/SwitchMfaFactorsLink/index.tsx
+++ b/packages/experience/src/components/SwitchMfaFactorsLink/index.tsx
@@ -1,4 +1,4 @@
-import SwitchIcon from '@/assets/icons/switch-icon.svg';
+import SwitchIcon from '@/assets/icons/switch-icon.svg?react';
 import { UserMfaFlow } from '@/types';
 import { type MfaFlowState } from '@/types/guard';
 
diff --git a/packages/experience/src/components/TermsLinks/index.tsx b/packages/experience/src/components/TermsLinks/index.tsx
index 3922539dd70e..3b5208ca40b3 100644
--- a/packages/experience/src/components/TermsLinks/index.tsx
+++ b/packages/experience/src/components/TermsLinks/index.tsx
@@ -2,7 +2,7 @@ import { useTranslation } from 'react-i18next';
 
 import TextLink, { type Props as TextLinkProps } from '@/components/TextLink';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly linkType?: TextLinkProps['type'];
diff --git a/packages/experience/src/components/TextLink/index.tsx b/packages/experience/src/components/TextLink/index.tsx
index 9621d5626f9e..9e613d4c584f 100644
--- a/packages/experience/src/components/TextLink/index.tsx
+++ b/packages/experience/src/components/TextLink/index.tsx
@@ -11,7 +11,7 @@ import usePlatform from '@/hooks/use-platform';
 
 import DynamicT from '../DynamicT';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Props = AnchorHTMLAttributes<HTMLAnchorElement> & {
   readonly className?: string;
diff --git a/packages/experience/src/components/Toast/index.tsx b/packages/experience/src/components/Toast/index.tsx
index c5dfedb67322..25c46e114ee7 100644
--- a/packages/experience/src/components/Toast/index.tsx
+++ b/packages/experience/src/components/Toast/index.tsx
@@ -1,7 +1,7 @@
 import { useEffect, useState } from 'react';
 import ReactModal from 'react-modal';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly message: string;
diff --git a/packages/experience/src/components/VerificationCode/index.tsx b/packages/experience/src/components/VerificationCode/index.tsx
index 36816cd3cd05..627452d3fb2d 100644
--- a/packages/experience/src/components/VerificationCode/index.tsx
+++ b/packages/experience/src/components/VerificationCode/index.tsx
@@ -3,7 +3,7 @@ import { useMemo, useRef, useCallback, useEffect } from 'react';
 
 import ErrorMessage from '@/components/ErrorMessage';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export const defaultLength = 6;
 
diff --git a/packages/experience/src/constants/env.ts b/packages/experience/src/constants/env.ts
deleted file mode 100644
index d30c92c950e9..000000000000
--- a/packages/experience/src/constants/env.ts
+++ /dev/null
@@ -1,4 +0,0 @@
-import { yes } from '@silverhand/essentials';
-
-export const isDevFeaturesEnabled =
-  process.env.NODE_ENV !== 'production' || yes(process.env.DEV_FEATURES_ENABLED);
diff --git a/packages/experience/src/containers/DevelopmentTenantNotification/index.tsx b/packages/experience/src/containers/DevelopmentTenantNotification/index.tsx
index 36bcab2b7bf0..852a63948139 100644
--- a/packages/experience/src/containers/DevelopmentTenantNotification/index.tsx
+++ b/packages/experience/src/containers/DevelopmentTenantNotification/index.tsx
@@ -2,7 +2,7 @@ import { useContext, useEffect, useRef } from 'react';
 import { useTranslation } from 'react-i18next';
 
 import PageContext from '@/Providers/PageContextProvider/PageContext';
-import DevIcon from '@/assets/icons/dev-icon.svg';
+import DevIcon from '@/assets/icons/dev-icon.svg?react';
 import usePlatform from '@/hooks/use-platform';
 
 /**
diff --git a/packages/experience/src/containers/MfaFactorList/index.tsx b/packages/experience/src/containers/MfaFactorList/index.tsx
index c213498a325c..535555a9eccd 100644
--- a/packages/experience/src/containers/MfaFactorList/index.tsx
+++ b/packages/experience/src/containers/MfaFactorList/index.tsx
@@ -8,7 +8,7 @@ import useStartWebAuthnProcessing from '@/hooks/use-start-webauthn-processing';
 import { UserMfaFlow } from '@/types';
 import { type MfaFlowState } from '@/types/guard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly flow: UserMfaFlow;
diff --git a/packages/experience/src/containers/SetPassword/Lite.tsx b/packages/experience/src/containers/SetPassword/Lite.tsx
index e3c831d76135..a0ab77abddf8 100644
--- a/packages/experience/src/containers/SetPassword/Lite.tsx
+++ b/packages/experience/src/containers/SetPassword/Lite.tsx
@@ -8,7 +8,7 @@ import ErrorMessage from '@/components/ErrorMessage';
 import { PasswordInputField } from '@/components/InputFields';
 
 import HiddenIdentifierInput from './HiddenIdentifierInput';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/containers/SetPassword/SetPassword.tsx b/packages/experience/src/containers/SetPassword/SetPassword.tsx
index 0505c7bcf4d7..d668270d8e98 100644
--- a/packages/experience/src/containers/SetPassword/SetPassword.tsx
+++ b/packages/experience/src/containers/SetPassword/SetPassword.tsx
@@ -3,7 +3,7 @@ import { useCallback, useEffect, useState } from 'react';
 import { useForm } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import ClearIcon from '@/assets/icons/clear-icon.svg';
+import ClearIcon from '@/assets/icons/clear-icon.svg?react';
 import Button from '@/components/Button';
 import IconButton from '@/components/Button/IconButton';
 import ErrorMessage from '@/components/ErrorMessage';
@@ -11,7 +11,7 @@ import { InputField } from '@/components/InputFields';
 
 import HiddenIdentifierInput from './HiddenIdentifierInput';
 import TogglePassword from './TogglePassword';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/containers/SetPassword/TogglePassword.tsx b/packages/experience/src/containers/SetPassword/TogglePassword.tsx
index 64e593393df6..4f302d82151a 100644
--- a/packages/experience/src/containers/SetPassword/TogglePassword.tsx
+++ b/packages/experience/src/containers/SetPassword/TogglePassword.tsx
@@ -3,7 +3,7 @@ import { useTranslation } from 'react-i18next';
 import Checkbox from '@/components/Checkbox';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isChecked?: boolean;
diff --git a/packages/experience/src/containers/SocialLanding/index.tsx b/packages/experience/src/containers/SocialLanding/index.tsx
index 0342d629b591..9df755cf0559 100644
--- a/packages/experience/src/containers/SocialLanding/index.tsx
+++ b/packages/experience/src/containers/SocialLanding/index.tsx
@@ -3,7 +3,7 @@ import classNames from 'classnames';
 import { LoadingIcon } from '@/components/LoadingLayer';
 import useConnectors from '@/hooks/use-connectors';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/containers/SocialLinkAccount/index.tsx b/packages/experience/src/containers/SocialLinkAccount/index.tsx
index 54852e41ea83..5733b65b2832 100644
--- a/packages/experience/src/containers/SocialLinkAccount/index.tsx
+++ b/packages/experience/src/containers/SocialLinkAccount/index.tsx
@@ -11,7 +11,7 @@ import useSocialRegister from '@/hooks/use-social-register';
 import type { SocialRelatedUserInfo } from '@/types/guard';
 import { maskEmail, maskPhone } from '@/utils/format';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useBindSocialRelatedUser from './use-social-link-related-user';
 
 type Props = {
diff --git a/packages/experience/src/containers/SocialSignInList/index.tsx b/packages/experience/src/containers/SocialSignInList/index.tsx
index 24c902482277..a1f337fc82b3 100644
--- a/packages/experience/src/containers/SocialSignInList/index.tsx
+++ b/packages/experience/src/containers/SocialSignInList/index.tsx
@@ -6,7 +6,7 @@ import SocialLinkButton from '@/components/Button/SocialLinkButton';
 import useNativeMessageListener from '@/hooks/use-native-message-listener';
 import { getLogoUrl } from '@/utils/logo';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useSocial from './use-social';
 
 type Props = {
diff --git a/packages/experience/src/containers/TermsAndPrivacyCheckbox/index.tsx b/packages/experience/src/containers/TermsAndPrivacyCheckbox/index.tsx
index 424f2078a892..3ff868b56661 100644
--- a/packages/experience/src/containers/TermsAndPrivacyCheckbox/index.tsx
+++ b/packages/experience/src/containers/TermsAndPrivacyCheckbox/index.tsx
@@ -7,7 +7,7 @@ import TermsLinks from '@/components/TermsLinks';
 import useTerms from '@/hooks/use-terms';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/containers/TotpCodeVerification/index.tsx b/packages/experience/src/containers/TotpCodeVerification/index.tsx
index 6fb473000437..a15080bb5aa8 100644
--- a/packages/experience/src/containers/TotpCodeVerification/index.tsx
+++ b/packages/experience/src/containers/TotpCodeVerification/index.tsx
@@ -5,7 +5,7 @@ import Button from '@/components/Button';
 import VerificationCodeInput from '@/components/VerificationCode';
 import { type UserMfaFlow } from '@/types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useTotpCodeVerification from './use-totp-code-verification';
 
 const totpCodeLength = 6;
diff --git a/packages/experience/src/containers/VerificationCode/PasswordSignInLink.tsx b/packages/experience/src/containers/VerificationCode/PasswordSignInLink.tsx
index aea7cdafec93..4719af732172 100644
--- a/packages/experience/src/containers/VerificationCode/PasswordSignInLink.tsx
+++ b/packages/experience/src/containers/VerificationCode/PasswordSignInLink.tsx
@@ -1,4 +1,4 @@
-import SwitchIcon from '@/assets/icons/switch-icon.svg';
+import SwitchIcon from '@/assets/icons/switch-icon.svg?react';
 import TextLink from '@/components/TextLink';
 import { UserFlow } from '@/types';
 
diff --git a/packages/experience/src/containers/VerificationCode/index.tsx b/packages/experience/src/containers/VerificationCode/index.tsx
index f24bfd9276c3..26ee193fe9df 100644
--- a/packages/experience/src/containers/VerificationCode/index.tsx
+++ b/packages/experience/src/containers/VerificationCode/index.tsx
@@ -9,7 +9,7 @@ import VerificationCodeInput, { defaultLength } from '@/components/VerificationC
 import { UserFlow } from '@/types';
 
 import PasswordSignInLink from './PasswordSignInLink';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useResendVerificationCode from './use-resend-verification-code';
 import { getCodeVerificationHookByFlow } from './utils';
 
diff --git a/packages/experience/src/include.d/react-app.d.ts b/packages/experience/src/include.d/react-app.d.ts
deleted file mode 100644
index c2ef4a4de00b..000000000000
--- a/packages/experience/src/include.d/react-app.d.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copied from react-scripts/lib/react-app.d.ts
-
-declare module '*.avif' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.bmp' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.gif' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.jpg' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.jpeg' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.png' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.webp' {
-  const src: string;
-  export default src;
-}
-
-declare module '*.svg' {
-  import type * as React from 'react';
-
-  export const ReactComponent: React.FunctionComponent<
-    React.SVGProps<SVGSVGElement> & { title?: string }
-  >;
-
-  const src: string;
-  export default src;
-}
-
-declare module '*.module.css' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
-
-declare module '*.module.scss' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
-
-declare module '*.module.sass' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
diff --git a/packages/experience/src/include.d/react-router-dom.d.ts b/packages/experience/src/include.d/react-router-dom.d.ts
index 56d37327af0e..ff4278d74e66 100644
--- a/packages/experience/src/include.d/react-router-dom.d.ts
+++ b/packages/experience/src/include.d/react-router-dom.d.ts
@@ -6,7 +6,6 @@
  * Reference: https://github.com/remix-run/react-router/issues/10241
  */
 
-// eslint-disable-next-line import/no-unassigned-import
 import 'react-router-dom';
 
 declare module 'react-router-dom' {
diff --git a/packages/experience/src/include.d/vite-env.d.ts b/packages/experience/src/include.d/vite-env.d.ts
new file mode 100644
index 000000000000..eb5ce13cd2b9
--- /dev/null
+++ b/packages/experience/src/include.d/vite-env.d.ts
@@ -0,0 +1,2 @@
+import 'vite/client';
+import 'vite-plugin-svgr/client';
diff --git a/packages/experience/src/pages/Callback/index.tsx b/packages/experience/src/pages/Callback/index.tsx
index bc141106fc57..a0e922499a8b 100644
--- a/packages/experience/src/pages/Callback/index.tsx
+++ b/packages/experience/src/pages/Callback/index.tsx
@@ -4,7 +4,7 @@ import { useParams } from 'react-router-dom';
 import StaticPageLayout from '@/Layout/StaticPageLayout';
 import SocialLanding from '@/containers/SocialLanding';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useSocialCallbackHandler from './use-social-callback-handler';
 
 type Parameters = {
diff --git a/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.tsx b/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.tsx
index f7f0abb034ca..435966dd4340 100644
--- a/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.tsx
+++ b/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.tsx
@@ -2,11 +2,11 @@ import { type ConsentInfoResponse } from '@logto/schemas';
 import classNames from 'classnames';
 import { type ReactNode } from 'react';
 
-import CheckMark from '@/assets/icons/check-mark.svg';
-import OrganizationIcon from '@/assets/icons/organization-icon.svg';
+import CheckMark from '@/assets/icons/check-mark.svg?react';
+import OrganizationIcon from '@/assets/icons/organization-icon.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export type Organization = Exclude<ConsentInfoResponse['organizations'], undefined>[number];
 
diff --git a/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationSelectorModal/index.tsx b/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationSelectorModal/index.tsx
index 99c780efcb5a..dacf13ec93ee 100644
--- a/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationSelectorModal/index.tsx
+++ b/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationSelectorModal/index.tsx
@@ -6,7 +6,7 @@ import usePlatform from '@/hooks/use-platform';
 import OrganizationItem from '../OrganizationItem';
 import { type Organization } from '../OrganizationItem';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly isOpen: boolean;
diff --git a/packages/experience/src/pages/Consent/OrganizationSelector/index.tsx b/packages/experience/src/pages/Consent/OrganizationSelector/index.tsx
index e89ccd5d7be5..f9f6e2ab54ae 100644
--- a/packages/experience/src/pages/Consent/OrganizationSelector/index.tsx
+++ b/packages/experience/src/pages/Consent/OrganizationSelector/index.tsx
@@ -3,13 +3,13 @@ import classNames from 'classnames';
 import { useState, useRef } from 'react';
 import { useTranslation } from 'react-i18next';
 
-import ExpandableIcon from '@/assets/icons/expandable-icon.svg';
+import ExpandableIcon from '@/assets/icons/expandable-icon.svg?react';
 
 import ScopeGroup from '../ScopeGroup';
 
 import OrganizationItem, { type Organization } from './OrganizationItem';
 import OrganizationSelectorModal from './OrganizationSelectorModal';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 export { type Organization } from './OrganizationItem';
 
diff --git a/packages/experience/src/pages/Consent/ScopeGroup/index.tsx b/packages/experience/src/pages/Consent/ScopeGroup/index.tsx
index 5559c6dd54a5..73402b7f1d42 100644
--- a/packages/experience/src/pages/Consent/ScopeGroup/index.tsx
+++ b/packages/experience/src/pages/Consent/ScopeGroup/index.tsx
@@ -2,11 +2,11 @@ import { type Nullable } from '@silverhand/essentials';
 import classNames from 'classnames';
 import { useState, useCallback } from 'react';
 
-import DownArrowIcon from '@/assets/icons/arrow-down.svg';
-import CheckMark from '@/assets/icons/check-mark.svg';
+import DownArrowIcon from '@/assets/icons/arrow-down.svg?react';
+import CheckMark from '@/assets/icons/check-mark.svg?react';
 import { onKeyDownHandler } from '@/utils/a11y';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type ScopeGroupProps = {
   readonly groupName: string;
diff --git a/packages/experience/src/pages/Consent/ScopesListCard/index.tsx b/packages/experience/src/pages/Consent/ScopesListCard/index.tsx
index 8a562ea10268..4d499ce8695e 100644
--- a/packages/experience/src/pages/Consent/ScopesListCard/index.tsx
+++ b/packages/experience/src/pages/Consent/ScopesListCard/index.tsx
@@ -5,7 +5,7 @@ import { useTranslation } from 'react-i18next';
 
 import ScopeGroup from '../ScopeGroup';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const isUserScope = (scope: string): scope is UserScope =>
   Object.values<string>(UserScope).includes(scope);
diff --git a/packages/experience/src/pages/Consent/UserProfile/index.tsx b/packages/experience/src/pages/Consent/UserProfile/index.tsx
index 3c037020eabf..5de5278a61a3 100644
--- a/packages/experience/src/pages/Consent/UserProfile/index.tsx
+++ b/packages/experience/src/pages/Consent/UserProfile/index.tsx
@@ -2,9 +2,9 @@ import { type ConsentInfoResponse } from '@logto/schemas';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
 
-import UserAvatar from '@/assets/icons/default-user-avatar.svg';
+import UserAvatar from '@/assets/icons/default-user-avatar.svg?react';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly user: ConsentInfoResponse['user'];
diff --git a/packages/experience/src/pages/Consent/index.tsx b/packages/experience/src/pages/Consent/index.tsx
index 3c594989a168..15b69846bf92 100644
--- a/packages/experience/src/pages/Consent/index.tsx
+++ b/packages/experience/src/pages/Consent/index.tsx
@@ -15,7 +15,7 @@ import useGlobalRedirectTo from '@/hooks/use-global-redirect-to';
 import OrganizationSelector, { type Organization } from './OrganizationSelector';
 import ScopesListCard from './ScopesListCard';
 import UserProfile from './UserProfile';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import { getRedirectUriOrigin } from './util';
 
 const Consent = () => {
diff --git a/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx b/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx
index b26484ed6493..28b965639149 100644
--- a/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx
+++ b/packages/experience/src/pages/Continue/IdentifierProfileForm/index.tsx
@@ -12,7 +12,7 @@ import type {
 } from '@/components/InputFields/SmartInputField';
 import { getGeneralIdentifierErrorMessage, validateIdentifierField } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/pages/Continue/SetEmailOrPhone/SocialIdentityNotification.tsx b/packages/experience/src/pages/Continue/SetEmailOrPhone/SocialIdentityNotification.tsx
index 0cc7bd3882fa..8c67d4a64141 100644
--- a/packages/experience/src/pages/Continue/SetEmailOrPhone/SocialIdentityNotification.tsx
+++ b/packages/experience/src/pages/Continue/SetEmailOrPhone/SocialIdentityNotification.tsx
@@ -7,7 +7,7 @@ import type { VerificationCodeIdentifier } from '@/types';
 import { registeredSocialIdentityStateGuard } from '@/types/guard';
 import { maskEmail } from '@/utils/format';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const SocialIdentityNotification = ({
   missingProfileTypes,
diff --git a/packages/experience/src/pages/ErrorPage/index.tsx b/packages/experience/src/pages/ErrorPage/index.tsx
index c104632d454e..b58f536aa2ee 100644
--- a/packages/experience/src/pages/ErrorPage/index.tsx
+++ b/packages/experience/src/pages/ErrorPage/index.tsx
@@ -4,13 +4,13 @@ import { useContext } from 'react';
 
 import StaticPageLayout from '@/Layout/StaticPageLayout';
 import PageContext from '@/Providers/PageContextProvider/PageContext';
-import EmptyStateDark from '@/assets/icons/empty-state-dark.svg';
-import EmptyState from '@/assets/icons/empty-state.svg';
+import EmptyStateDark from '@/assets/icons/empty-state-dark.svg?react';
+import EmptyState from '@/assets/icons/empty-state.svg?react';
 import DynamicT from '@/components/DynamicT';
 import NavBar from '@/components/NavBar';
 import PageMeta from '@/components/PageMeta';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly title?: TFuncKey;
diff --git a/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx b/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx
index f05fd259bc58..ec8d810a2054 100644
--- a/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx
+++ b/packages/experience/src/pages/ForgotPassword/ForgotPasswordForm/index.tsx
@@ -12,7 +12,7 @@ import type { VerificationCodeIdentifier } from '@/types';
 import { UserFlow } from '@/types';
 import { getGeneralIdentifierErrorMessage, validateIdentifierField } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx b/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx
index bf5f29b3df08..1cf8cda40b56 100644
--- a/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx
+++ b/packages/experience/src/pages/MfaBinding/BackupCodeBinding/index.tsx
@@ -14,7 +14,7 @@ import { UserMfaFlow } from '@/types';
 import { backupCodeBindingStateGuard } from '@/types/guard';
 import { isNativeWebview } from '@/utils/native-sdk';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const BackupCodeBinding = () => {
   const { copyText, downloadText } = useTextHandler();
diff --git a/packages/experience/src/pages/MfaBinding/TotpBinding/SecretSection/index.tsx b/packages/experience/src/pages/MfaBinding/TotpBinding/SecretSection/index.tsx
index 640433d688ce..6536081a89ec 100644
--- a/packages/experience/src/pages/MfaBinding/TotpBinding/SecretSection/index.tsx
+++ b/packages/experience/src/pages/MfaBinding/TotpBinding/SecretSection/index.tsx
@@ -8,7 +8,7 @@ import usePlatform from '@/hooks/use-platform';
 import useTextHandler from '@/hooks/use-text-handler';
 import { type TotpBindingState } from '@/types/guard';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const SecretSection = ({ secret, secretQrCode }: TotpBindingState) => {
   const { t } = useTranslation();
diff --git a/packages/experience/src/pages/MfaBinding/TotpBinding/index.tsx b/packages/experience/src/pages/MfaBinding/TotpBinding/index.tsx
index 7e4497e74a93..7d4bd534b4e0 100644
--- a/packages/experience/src/pages/MfaBinding/TotpBinding/index.tsx
+++ b/packages/experience/src/pages/MfaBinding/TotpBinding/index.tsx
@@ -12,7 +12,7 @@ import { totpBindingStateGuard } from '@/types/guard';
 
 import SecretSection from './SecretSection';
 import VerificationSection from './VerificationSection';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const TotpBinding = () => {
   const { state } = useLocation();
diff --git a/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx b/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx
index 9eca7bc9889c..610fb5c4ef3f 100644
--- a/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx
+++ b/packages/experience/src/pages/MfaBinding/WebAuthnBinding/index.tsx
@@ -13,7 +13,7 @@ import { UserMfaFlow } from '@/types';
 import { webAuthnStateGuard } from '@/types/guard';
 import { isWebAuthnOptions } from '@/utils/webauthn';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const WebAuthnBinding = () => {
   const { state } = useLocation();
diff --git a/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx b/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx
index f7defbeb07c5..7d861cc65cc5 100644
--- a/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx
+++ b/packages/experience/src/pages/MfaVerification/BackupCodeVerification/index.tsx
@@ -13,7 +13,7 @@ import useSendMfaPayload from '@/hooks/use-send-mfa-payload';
 import ErrorPage from '@/pages/ErrorPage';
 import { UserMfaFlow } from '@/types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormState = {
   code: string;
diff --git a/packages/experience/src/pages/MfaVerification/TotpVerification/index.tsx b/packages/experience/src/pages/MfaVerification/TotpVerification/index.tsx
index 04d38a498b5b..7e9bc76d1c3c 100644
--- a/packages/experience/src/pages/MfaVerification/TotpVerification/index.tsx
+++ b/packages/experience/src/pages/MfaVerification/TotpVerification/index.tsx
@@ -6,7 +6,7 @@ import useMfaFlowState from '@/hooks/use-mfa-factors-state';
 import ErrorPage from '@/pages/ErrorPage';
 import { UserMfaFlow } from '@/types';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const TotpVerification = () => {
   const flowState = useMfaFlowState();
diff --git a/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx b/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx
index 1f25f16f462d..e825f06847a7 100644
--- a/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx
+++ b/packages/experience/src/pages/MfaVerification/WebAuthnVerification/index.tsx
@@ -12,7 +12,7 @@ import { UserMfaFlow } from '@/types';
 import { webAuthnStateGuard } from '@/types/guard';
 import { isWebAuthnOptions } from '@/utils/webauthn';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const WebAuthnVerification = () => {
   const { state } = useLocation();
diff --git a/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx b/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx
index 3d03e1b1834f..254bf28bdb34 100644
--- a/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx
+++ b/packages/experience/src/pages/Register/IdentifierRegisterForm/index.tsx
@@ -5,7 +5,7 @@ import { Controller, useForm } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
-import LockIcon from '@/assets/icons/lock.svg';
+import LockIcon from '@/assets/icons/lock.svg?react';
 import Button from '@/components/Button';
 import ErrorMessage from '@/components/ErrorMessage';
 import { SmartInputField } from '@/components/InputFields';
@@ -15,7 +15,7 @@ import useSingleSignOnWatch from '@/hooks/use-single-sign-on-watch';
 import useTerms from '@/hooks/use-terms';
 import { getGeneralIdentifierErrorMessage, validateIdentifierField } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useOnSubmit from './use-on-submit';
 
 type Props = {
diff --git a/packages/experience/src/pages/Register/index.tsx b/packages/experience/src/pages/Register/index.tsx
index 60f808a258dd..7a33b3771a6c 100644
--- a/packages/experience/src/pages/Register/index.tsx
+++ b/packages/experience/src/pages/Register/index.tsx
@@ -18,7 +18,7 @@ import useTerms from '@/hooks/use-terms';
 import ErrorPage from '../ErrorPage';
 
 import IdentifierRegisterForm from './IdentifierRegisterForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const RegisterFooter = () => {
   const { t } = useTranslation();
diff --git a/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx b/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx
index 5049b7f17d82..b39654907628 100644
--- a/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx
+++ b/packages/experience/src/pages/SignIn/IdentifierSignInForm/index.tsx
@@ -5,7 +5,7 @@ import { useForm, Controller } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
-import LockIcon from '@/assets/icons/lock.svg';
+import LockIcon from '@/assets/icons/lock.svg?react';
 import Button from '@/components/Button';
 import ErrorMessage from '@/components/ErrorMessage';
 import { SmartInputField } from '@/components/InputFields';
@@ -15,7 +15,7 @@ import useSingleSignOnWatch from '@/hooks/use-single-sign-on-watch';
 import useTerms from '@/hooks/use-terms';
 import { getGeneralIdentifierErrorMessage, validateIdentifierField } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useOnSubmit from './use-on-submit';
 
 type Props = {
diff --git a/packages/experience/src/pages/SignIn/Main.tsx b/packages/experience/src/pages/SignIn/Main.tsx
index 2060bffeb4dc..051c03ff9e8e 100644
--- a/packages/experience/src/pages/SignIn/Main.tsx
+++ b/packages/experience/src/pages/SignIn/Main.tsx
@@ -6,7 +6,7 @@ import useTerms from '@/hooks/use-terms';
 
 import IdentifierSignInForm from './IdentifierSignInForm';
 import PasswordSignInForm from './PasswordSignInForm';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly signInMethods: SignIn['methods'];
diff --git a/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx b/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx
index 47c91e213f4c..5d6589c6796c 100644
--- a/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx
+++ b/packages/experience/src/pages/SignIn/PasswordSignInForm/index.tsx
@@ -5,7 +5,7 @@ import { useForm, Controller } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
-import LockIcon from '@/assets/icons/lock.svg';
+import LockIcon from '@/assets/icons/lock.svg?react';
 import Button from '@/components/Button';
 import ErrorMessage from '@/components/ErrorMessage';
 import { SmartInputField, PasswordInputField } from '@/components/InputFields';
@@ -18,7 +18,7 @@ import useSingleSignOnWatch from '@/hooks/use-single-sign-on-watch';
 import useTerms from '@/hooks/use-terms';
 import { getGeneralIdentifierErrorMessage, validateIdentifierField } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type Props = {
   readonly className?: string;
diff --git a/packages/experience/src/pages/SignIn/index.tsx b/packages/experience/src/pages/SignIn/index.tsx
index 369e01424311..5c0cc9496792 100644
--- a/packages/experience/src/pages/SignIn/index.tsx
+++ b/packages/experience/src/pages/SignIn/index.tsx
@@ -18,7 +18,7 @@ import useTerms from '@/hooks/use-terms';
 import ErrorPage from '../ErrorPage';
 
 import Main from './Main';
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const SignInFooters = () => {
   const { t } = useTranslation();
diff --git a/packages/experience/src/pages/SignInPassword/PasswordForm/VerificationCodeLink.tsx b/packages/experience/src/pages/SignInPassword/PasswordForm/VerificationCodeLink.tsx
index 18da2ae5976d..04294ffe77e0 100644
--- a/packages/experience/src/pages/SignInPassword/PasswordForm/VerificationCodeLink.tsx
+++ b/packages/experience/src/pages/SignInPassword/PasswordForm/VerificationCodeLink.tsx
@@ -1,6 +1,6 @@
 import { useEffect } from 'react';
 
-import SwitchIcon from '@/assets/icons/switch-icon.svg';
+import SwitchIcon from '@/assets/icons/switch-icon.svg?react';
 import TextLink from '@/components/TextLink';
 import useSendVerificationCode from '@/hooks/use-send-verification-code';
 import useToast from '@/hooks/use-toast';
diff --git a/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx b/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx
index 207c3cb2b185..7707ee22bb0d 100644
--- a/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx
+++ b/packages/experience/src/pages/SignInPassword/PasswordForm/index.tsx
@@ -13,7 +13,7 @@ import ForgotPasswordLink from '@/containers/ForgotPasswordLink';
 import usePasswordSignIn from '@/hooks/use-password-sign-in';
 import { useForgotPasswordSettings } from '@/hooks/use-sie';
 
-import * as styles from '../index.module.scss';
+import styles from '../index.module.scss';
 
 import VerificationCodeLink from './VerificationCodeLink';
 
diff --git a/packages/experience/src/pages/SingleSignOnConnectors/index.tsx b/packages/experience/src/pages/SingleSignOnConnectors/index.tsx
index fb17d5b5993d..343f39494fc2 100644
--- a/packages/experience/src/pages/SingleSignOnConnectors/index.tsx
+++ b/packages/experience/src/pages/SingleSignOnConnectors/index.tsx
@@ -9,7 +9,7 @@ import useNativeMessageListener from '@/hooks/use-native-message-listener';
 import useSingleSignOn from '@/hooks/use-single-sign-on';
 import { getLogoUrl } from '@/utils/logo';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 const SingleSignOnConnectors = () => {
   const { theme } = useContext(PageContext);
diff --git a/packages/experience/src/pages/SingleSignOnEmail/index.tsx b/packages/experience/src/pages/SingleSignOnEmail/index.tsx
index 3abe821ff31d..e9ff29c3d2ec 100644
--- a/packages/experience/src/pages/SingleSignOnEmail/index.tsx
+++ b/packages/experience/src/pages/SingleSignOnEmail/index.tsx
@@ -4,7 +4,7 @@ import { Controller, useForm } from 'react-hook-form';
 
 import SecondaryPageLayout from '@/Layout/SecondaryPageLayout';
 import UserInteractionContext from '@/Providers/UserInteractionContextProvider/UserInteractionContext';
-import LockIcon from '@/assets/icons/lock.svg';
+import LockIcon from '@/assets/icons/lock.svg?react';
 import Button from '@/components/Button';
 import ErrorMessage from '@/components/ErrorMessage';
 import SmartInputField, {
@@ -13,7 +13,7 @@ import SmartInputField, {
 import useOnSubmit from '@/hooks/use-check-single-sign-on';
 import { getGeneralIdentifierErrorMessage, validateIdentifierField } from '@/utils/form';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 
 type FormState = {
   identifier: IdentifierInputValue;
diff --git a/packages/experience/src/pages/SocialLanding/index.tsx b/packages/experience/src/pages/SocialLanding/index.tsx
index 6f187a7b6e9d..30dd478c0d92 100644
--- a/packages/experience/src/pages/SocialLanding/index.tsx
+++ b/packages/experience/src/pages/SocialLanding/index.tsx
@@ -4,7 +4,7 @@ import { useParams } from 'react-router-dom';
 import StaticPageLayout from '@/Layout/StaticPageLayout';
 import SocialLandingContainer from '@/containers/SocialLanding';
 
-import * as styles from './index.module.scss';
+import styles from './index.module.scss';
 import useSocialLandingHandler from './use-social-landing-handler';
 
 type Parameters = {
diff --git a/packages/experience/tsconfig.json b/packages/experience/tsconfig.json
index 7d925ad2940f..0b0bd435e53e 100644
--- a/packages/experience/tsconfig.json
+++ b/packages/experience/tsconfig.json
@@ -10,6 +10,6 @@
   },
   "include": [
     "src",
-    "jest.config.ts"
+    "*.config.ts"
   ]
 }
diff --git a/packages/experience/vite.config.ts b/packages/experience/vite.config.ts
new file mode 100644
index 000000000000..16c2f11675ed
--- /dev/null
+++ b/packages/experience/vite.config.ts
@@ -0,0 +1,54 @@
+import react from '@vitejs/plugin-react';
+import browserslistToEsbuild from 'browserslist-to-esbuild';
+import { defineConfig, mergeConfig, type UserConfig } from 'vite';
+import viteCompression from 'vite-plugin-compression';
+import svgr from 'vite-plugin-svgr';
+
+import { defaultConfig, manualChunks } from '../../vite.shared.config';
+
+const buildConfig = (mode: string): UserConfig => ({
+  server: {
+    port: 5001,
+    hmr: {
+      port: 6001,
+    },
+  },
+  css: {
+    modules: {
+      generateScopedName:
+        // Keep backward compatibility with the old CSS modules naming in production
+        mode === 'development' ? '__[hash:base64:5]__[local]' : '[hash:base64:5]_[local]',
+    },
+  },
+  plugins: [react(), svgr(), viteCompression({ disable: mode === 'development' })],
+  build: {
+    // Use the same browserslist configuration as in README.md.
+    // Consider using the esbuild target directly in the future.
+    target: browserslistToEsbuild('> 0.5%, last 2 versions, Firefox ESR, not dead'),
+    rollupOptions: {
+      output: {
+        manualChunks: (id, meta) => {
+          // Caution: React-related packages should be bundled together otherwise it will cause runtime errors
+          // Update this list if necessary when adding new React-related packages
+          if (/\/node_modules\/(react|react-[^/]*|@react-spring)\//.test(id)) {
+            return 'react';
+          }
+
+          if (/\/node_modules\/i18next[^/]*\//.test(id)) {
+            return 'i18next';
+          }
+
+          for (const largePackage of ['libphonenumber-js', 'core-js']) {
+            if (id.includes(`/node_modules/${largePackage}/`)) {
+              return largePackage;
+            }
+          }
+
+          return manualChunks(id, meta);
+        },
+      },
+    },
+  },
+});
+
+export default defineConfig(({ mode }) => mergeConfig(defaultConfig, buildConfig(mode)));
diff --git a/packages/toolkit/core-kit/declaration/index.ts b/packages/toolkit/core-kit/declaration/index.ts
index 85057a1440de..069e028542eb 100644
--- a/packages/toolkit/core-kit/declaration/index.ts
+++ b/packages/toolkit/core-kit/declaration/index.ts
@@ -1,4 +1,3 @@
 /* eslint-disable import/no-unassigned-import */
-import './react-app.d';
 import './dom.d';
 /* eslint-enable import/no-unassigned-import */
diff --git a/packages/toolkit/core-kit/declaration/react-app.d.ts b/packages/toolkit/core-kit/declaration/react-app.d.ts
deleted file mode 100644
index 05f26074d4f5..000000000000
--- a/packages/toolkit/core-kit/declaration/react-app.d.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copied from react-scripts/lib/react-app.d.ts
-
-declare module '*.avif' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.bmp' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.gif' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.jpg' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.jpeg' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.png' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.webp' {
-  const source: string;
-  export default source;
-}
-
-declare module '*.svg' {
-  import * as React from 'react';
-
-  export const ReactComponent: React.FunctionComponent<
-    React.SVGProps<SVGSVGElement> & { title?: string }
-  >;
-
-  const source: string;
-  export default source;
-}
-
-declare module '*.module.css' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
-
-declare module '*.module.scss' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
-
-declare module '*.module.sass' {
-  const classes: Readonly<Record<string, string>>;
-  export default classes;
-  export = classes;
-}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 59a997645101..e7769155696d 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3612,21 +3612,6 @@ importers:
       '@logto/schemas':
         specifier: workspace:^1.18.0
         version: link:../schemas
-      '@parcel/compressor-brotli':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
-      '@parcel/compressor-gzip':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
-      '@parcel/core':
-        specifier: 2.9.3
-        version: 2.9.3
-      '@parcel/transformer-sass':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-svg-react':
-        specifier: 2.9.3
-        version: 2.9.3(@parcel/core@2.9.3)
       '@react-spring/shared':
         specifier: ^9.6.1
         version: 9.6.1(react@18.3.1)
@@ -3687,6 +3672,15 @@ importers:
       '@types/react-router-dom':
         specifier: ^5.3.2
         version: 5.3.2
+      '@vitejs/plugin-react':
+        specifier: ^4.3.1
+        version: 4.3.1(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
+      browserslist:
+        specifier: ^4.23.2
+        version: 4.23.2
+      browserslist-to-esbuild:
+        specifier: ^2.1.1
+        version: 2.1.1(browserslist@4.23.2)
       camelcase-keys:
         specifier: ^9.1.3
         version: 9.1.3
@@ -3699,9 +3693,6 @@ importers:
       core-js:
         specifier: ^3.34.0
         version: 3.34.0
-      cross-env:
-        specifier: ^7.0.3
-        version: 7.0.3
       eslint:
         specifier: ^8.56.0
         version: 8.57.0
@@ -3738,12 +3729,6 @@ importers:
       lint-staged:
         specifier: ^15.0.0
         version: 15.0.2
-      parcel:
-        specifier: 2.9.3
-        version: 2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)
-      parcel-resolver-ignore:
-        specifier: ^2.1.3
-        version: 2.1.3(parcel@2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0))
       postcss:
         specifier: ^8.4.31
         version: 8.4.31
@@ -3801,9 +3786,15 @@ importers:
       use-debounced-loader:
         specifier: ^0.1.1
         version: 0.1.1(react@18.3.1)
-      zod:
-        specifier: ^3.23.8
-        version: 3.23.8
+      vite:
+        specifier: ^5.3.4
+        version: 5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8)
+      vite-plugin-compression:
+        specifier: ^0.5.1
+        version: 0.5.1(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
+      vite-plugin-svgr:
+        specifier: ^4.2.0
+        version: 4.2.0(rollup@4.14.3)(typescript@5.5.3)(vite@5.3.4(@types/node@20.12.7)(lightningcss@1.25.1)(sass@1.77.8))
 
   packages/integration-tests:
     dependencies:
@@ -5449,12 +5440,6 @@ packages:
   '@levischuck/tiny-cbor@0.2.2':
     resolution: {integrity: sha512-f5CnPw997Y2GQ8FAvtuVVC19FX8mwNNC+1XJcIi16n/LTJifKO6QBgGLgN3YEmqtGMk17SKSuoWES3imJVxAVw==}
 
-  '@lezer/common@0.15.12':
-    resolution: {integrity: sha512-edfwCxNLnzq5pBA/yaIhwJ3U3Kz8VAUOTRg0hhxaizaI1N+qxV7EXDv/kLCkLeq2RzSFvxexlaj5Mzfn2kY0Ig==}
-
-  '@lezer/lr@0.15.8':
-    resolution: {integrity: sha512-bM6oE6VQZ6hIFxDNKk8bKPa14hqFrV07J/vHGOeiAbJReIaQXmkVb6xQu4MR+JBTLa5arGRyAAjJe1qaQt3Uvg==}
-
   '@lit-labs/ssr-dom-shim@1.2.0':
     resolution: {integrity: sha512-yWJKmpGE6lUURKAaIltoPIE/wrbY3TEkqQt+X0m+7fQNnAv0keydnYvbiJFP1PnMhizmIWRWOG5KLhYyc/xl+g==}
 
@@ -5476,36 +5461,6 @@ packages:
   '@lit/reactive-element@2.0.4':
     resolution: {integrity: sha512-GFn91inaUa2oHLak8awSIigYz0cU0Payr1rcFsrkf5OJ5eSPxElyZfKh0f2p9FsTiZWXQdWGJeXZICEfXXYSXQ==}
 
-  '@lmdb/lmdb-darwin-arm64@2.7.11':
-    resolution: {integrity: sha512-r6+vYq2vKzE+vgj/rNVRMwAevq0+ZR9IeMFIqcSga+wMtMdXQ27KqQ7uS99/yXASg29bos7yHP3yk4x6Iio0lw==}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@lmdb/lmdb-darwin-x64@2.7.11':
-    resolution: {integrity: sha512-jhj1aB4K8ycRL1HOQT5OtzlqOq70jxUQEWRN9Gqh3TIDN30dxXtiHi6EWF516tzw6v2+3QqhDMJh8O6DtTGG8Q==}
-    cpu: [x64]
-    os: [darwin]
-
-  '@lmdb/lmdb-linux-arm64@2.7.11':
-    resolution: {integrity: sha512-7xGEfPPbmVJWcY2Nzqo11B9Nfxs+BAsiiaY/OcT4aaTDdykKeCjvKMQJA3KXCtZ1AtiC9ljyGLi+BfUwdulY5A==}
-    cpu: [arm64]
-    os: [linux]
-
-  '@lmdb/lmdb-linux-arm@2.7.11':
-    resolution: {integrity: sha512-dHfLFVSrw/v5X5lkwp0Vl7+NFpEeEYKfMG2DpdFJnnG1RgHQZngZxCaBagFoaJGykRpd2DYF1AeuXBFrAUAXfw==}
-    cpu: [arm]
-    os: [linux]
-
-  '@lmdb/lmdb-linux-x64@2.7.11':
-    resolution: {integrity: sha512-vUKI3JrREMQsXX8q0Eq5zX2FlYCKWMmLiCyyJNfZK0Uyf14RBg9VtB3ObQ41b4swYh2EWaltasWVe93Y8+KDng==}
-    cpu: [x64]
-    os: [linux]
-
-  '@lmdb/lmdb-win32-x64@2.7.11':
-    resolution: {integrity: sha512-BJwkHlSUgtB+Ei52Ai32M1AOMerSlzyIGA/KC4dAGL+GGwVMdwG8HGCOA2TxP3KjhbgDPMYkv7bt/NmOmRIFng==}
-    cpu: [x64]
-    os: [win32]
-
   '@logto/affiliate@0.1.0':
     resolution: {integrity: sha512-yDWSZMI2Qo/xoYU92tnwSP/gnSvq8+CLK5DqD/4brO42QJa7xjt7eA+HSyuMmSUrKffY2nP3riU81gs+nR8DkA==}
     engines: {node: ^18.12.0}
@@ -5557,10 +5512,6 @@ packages:
   '@microsoft/applicationinsights-web-snippet@1.0.1':
     resolution: {integrity: sha512-2IHAOaLauc8qaAitvWS+U931T+ze+7MNWrDHY47IENP5y2UA0vqJDu67kWZDdpCN1fFC77sfgfB+HV7SrKshnQ==}
 
-  '@mischnic/json-sourcemap@0.1.0':
-    resolution: {integrity: sha512-dQb3QnfNqmQNYA4nFSN/uLaByIic58gOXq4Y4XqLOWmOrw73KmJPt/HLyG0wvn1bnR6mBKs/Uwvkh+Hns1T0XA==}
-    engines: {node: '>=12.0.0'}
-
   '@monaco-editor/loader@1.4.0':
     resolution: {integrity: sha512-00ioBig0x642hytVspPl7DbQyaSWRaolYie/UFNjoTdvoKPzo6xrXLhTk9ixgIKcLH5b5vDOjVNiGyY+uDCUlg==}
     peerDependencies:
@@ -5573,36 +5524,6 @@ packages:
       react: ^16.8.0 || ^17.0.0 || ^18.0.0
       react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0
 
-  '@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2':
-    resolution: {integrity: sha512-9bfjwDxIDWmmOKusUcqdS4Rw+SETlp9Dy39Xui9BEGEk19dDwH0jhipwFzEff/pFg95NKymc6TOTbRKcWeRqyQ==}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.2':
-    resolution: {integrity: sha512-lwriRAHm1Yg4iDf23Oxm9n/t5Zpw1lVnxYU3HnJPTi2lJRkKTrps1KVgvL6m7WvmhYVt/FIsssWay+k45QHeuw==}
-    cpu: [x64]
-    os: [darwin]
-
-  '@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.2':
-    resolution: {integrity: sha512-FU20Bo66/f7He9Fp9sP2zaJ1Q8L9uLPZQDub/WlUip78JlPeMbVL8546HbZfcW9LNciEXc8d+tThSJjSC+tmsg==}
-    cpu: [arm64]
-    os: [linux]
-
-  '@msgpackr-extract/msgpackr-extract-linux-arm@3.0.2':
-    resolution: {integrity: sha512-MOI9Dlfrpi2Cuc7i5dXdxPbFIgbDBGgKR5F2yWEa6FVEtSWncfVNKW5AKjImAQ6CZlBK9tympdsZJ2xThBiWWA==}
-    cpu: [arm]
-    os: [linux]
-
-  '@msgpackr-extract/msgpackr-extract-linux-x64@3.0.2':
-    resolution: {integrity: sha512-gsWNDCklNy7Ajk0vBBf9jEx04RUxuDQfBse918Ww+Qb9HCPoGzS+XJTLe96iN3BVK7grnLiYghP/M4L8VsaHeA==}
-    cpu: [x64]
-    os: [linux]
-
-  '@msgpackr-extract/msgpackr-extract-win32-x64@3.0.2':
-    resolution: {integrity: sha512-O+6Gs8UeDbyFpbSh2CPEz/UOrrdWPTBYNblZK5CxxLisYt4kGX3Sc+czffFonyjiGSq3jWLwJS/CCJc7tBr4sQ==}
-    cpu: [x64]
-    os: [win32]
-
   '@nodelib/fs.scandir@2.1.5':
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
@@ -5662,248 +5583,6 @@ packages:
   '@otplib/preset-v11@12.0.1':
     resolution: {integrity: sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==}
 
-  '@parcel/bundler-default@2.9.3':
-    resolution: {integrity: sha512-JjJK8dq39/UO/MWI/4SCbB1t/qgpQRFnFDetAAAezQ8oN++b24u1fkMDa/xqQGjbuPmGeTds5zxGgYs7id7PYg==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/cache@2.9.3':
-    resolution: {integrity: sha512-Bj/H2uAJJSXtysG7E/x4EgTrE2hXmm7td/bc97K8M9N7+vQjxf7xb0ebgqe84ePVMkj4MVQSMEJkEucXVx4b0Q==}
-    engines: {node: '>= 12.0.0'}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/codeframe@2.9.3':
-    resolution: {integrity: sha512-z7yTyD6h3dvduaFoHpNqur74/2yDWL++33rjQjIjCaXREBN6dKHoMGMizzo/i4vbiI1p9dDox2FIDEHCMQxqdA==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/compressor-brotli@2.9.3':
-    resolution: {integrity: sha512-yLxTous+fPIaw8v8kR5UdWLzJTL7e3ISThNWsu9w9L4vqK0DUUIUePvwZjSNiYQcxFu9L/1X3vlKSzHv3TvS0Q==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/compressor-gzip@2.9.3':
-    resolution: {integrity: sha512-ffQDpPlr3XzqDa/Gwgj7kFPMKYPHnpTZCYnoFW0zzHJTI0umDUULb2XHRke804yiHplKA6fcj2TQjC5FU1beYw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/compressor-raw@2.9.3':
-    resolution: {integrity: sha512-jz3t4/ICMsHEqgiTmv5i1DJva2k5QRpZlBELVxfY+QElJTVe8edKJ0TiKcBxh2hx7sm4aUigGmp7JiqqHRRYmA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/config-default@2.9.3':
-    resolution: {integrity: sha512-tqN5tF7QnVABDZAu76co5E6N8mA9n8bxiWdK4xYyINYFIEHgX172oRTqXTnhEMjlMrdmASxvnGlbaPBaVnrCTw==}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/core@2.9.3':
-    resolution: {integrity: sha512-4KlM1Zr/jpsqWuMXr2zmGsaOUs1zMMFh9vfCNKRZkptf+uk8I3sugHbNdo+F5B+4e2yMuOEb1zgAmvJLeuH6ww==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/diagnostic@2.9.3':
-    resolution: {integrity: sha512-6jxBdyB3D7gP4iE66ghUGntWt2v64E6EbD4AetZk+hNJpgudOOPsKTovcMi/i7I4V0qD7WXSF4tvkZUoac0jwA==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/events@2.9.3':
-    resolution: {integrity: sha512-K0Scx+Bx9f9p1vuShMzNwIgiaZUkxEnexaKYHYemJrM7pMAqxIuIqhnvwurRCsZOVLUJPDDNJ626cWTc5vIq+A==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/fs-search@2.9.3':
-    resolution: {integrity: sha512-nsNz3bsOpwS+jphcd+XjZL3F3PDq9lik0O8HPm5f6LYkqKWT+u/kgQzA8OkAHCR3q96LGiHxUywHPEBc27vI4Q==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/fs@2.9.3':
-    resolution: {integrity: sha512-/PrRKgCRw22G7rNPSpgN3Q+i2nIkZWuvIOAdMG4KWXC4XLp8C9jarNaWd5QEQ75amjhQSl3oUzABzkdCtkKrgg==}
-    engines: {node: '>= 12.0.0'}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/graph@2.9.3':
-    resolution: {integrity: sha512-3LmRJmF8+OprAr6zJT3X2s8WAhLKkrhi6RsFlMWHifGU5ED1PFcJWFbOwJvSjcAhMQJP0fErcFIK1Ludv3Vm3g==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/hash@2.9.3':
-    resolution: {integrity: sha512-qlH5B85XLzVAeijgKPjm1gQu35LoRYX/8igsjnN8vOlbc3O8BYAUIutU58fbHbtE8MJPbxQQUw7tkTjeoujcQQ==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/logger@2.9.3':
-    resolution: {integrity: sha512-5FNBszcV6ilGFcijEOvoNVG6IUJGsnMiaEnGQs7Fvc1dktTjEddnoQbIYhcSZL63wEmzBZOgkT5yDMajJ/41jw==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/markdown-ansi@2.9.3':
-    resolution: {integrity: sha512-/Q4X8F2aN8UNjAJrQ5NfK2OmZf6shry9DqetUSEndQ0fHonk78WKt6LT0zSKEBEW/bB/bXk6mNMsCup6L8ibjQ==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/namer-default@2.9.3':
-    resolution: {integrity: sha512-1ynFEcap48/Ngzwwn318eLYpLUwijuuZoXQPCsEQ21OOIOtfhFQJaPwXTsw6kRitshKq76P2aafE0BioGSqxcA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/node-resolver-core@3.0.3':
-    resolution: {integrity: sha512-AjxNcZVHHJoNT/A99PKIdFtwvoze8PAiC3yz8E/dRggrDIOboUEodeQYV5Aq++aK76uz/iOP0tST2T8A5rhb1A==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/optimizer-css@2.9.3':
-    resolution: {integrity: sha512-RK1QwcSdWDNUsFvuLy0hgnYKtPQebzCb0vPPzqs6LhL+vqUu9utOyRycGaQffHCkHVQP6zGlN+KFssd7YtFGhA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/optimizer-htmlnano@2.9.3':
-    resolution: {integrity: sha512-9g/KBck3c6DokmJfvJ5zpHFBiCSolaGrcsTGx8C3YPdCTVTI9P1TDCwUxvAr4LjpcIRSa82wlLCI+nF6sSgxKA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/optimizer-image@2.9.3':
-    resolution: {integrity: sha512-530YzthE7kmecnNhPbkAK+26yQNt69pfJrgE0Ev0BZaM1Wu2+33nki7o8qvkTkikhPrurEJLGIXt1qKmbKvCbA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/optimizer-svgo@2.9.3':
-    resolution: {integrity: sha512-ytQS0wY5JJhWU4mL0wfhYDUuHcfuw+Gy2+JcnTm1t1AZXHlOTbU6EzRWNqBShsgXjvdrQQXizAe3B6GFFlFJVQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/optimizer-swc@2.9.3':
-    resolution: {integrity: sha512-GQINNeqtdpL1ombq/Cpwi6IBk02wKJ/JJbYbyfHtk8lxlq13soenpwOlzJ5T9D2fdG+FUhai9NxpN5Ss4lNoAg==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/package-manager@2.9.3':
-    resolution: {integrity: sha512-NH6omcNTEupDmW4Lm1e4NUYBjdqkURxgZ4CNESESInHJe6tblVhNB8Rpr1ar7zDar7cly9ILr8P6N3Ei7bTEjg==}
-    engines: {node: '>= 12.0.0'}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/packager-css@2.9.3':
-    resolution: {integrity: sha512-mePiWiYZOULY6e1RdAIJyRoYqXqGci0srOaVZYaP7mnrzvJgA63kaZFFsDiEWghunQpMUuUjM2x/vQVHzxmhKQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/packager-html@2.9.3':
-    resolution: {integrity: sha512-0Ex+O0EaZf9APNERRNGgGto02hFJ6f5RQEvRWBK55WAV1rXeU+kpjC0c0qZvnUaUtXfpWMsEBkevJCwDkUMeMg==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/packager-js@2.9.3':
-    resolution: {integrity: sha512-V5xwkoE3zQ3R+WqAWhA1KGQ791FvJeW6KonOlMI1q76Djjgox68hhObqcLu66AmYNhR2R/wUpkP18hP2z8dSFw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/packager-raw@2.9.3':
-    resolution: {integrity: sha512-oPQTNoYanQ2DdJyL61uPYK2py83rKOT8YVh2QWAx0zsSli6Kiy64U3+xOCYWgDVCrHw9+9NpQMuAdSiFg4cq8g==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/packager-svg@2.9.3':
-    resolution: {integrity: sha512-p/Ya6UO9DAkaCUFxfFGyeHZDp9YPAlpdnh1OChuwqSFOXFjjeXuoK4KLT+ZRalVBo2Jo8xF70oKMZw4MVvaL7Q==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/plugin@2.9.3':
-    resolution: {integrity: sha512-qN85Gqr2GMuxX1dT1mnuO9hOcvlEv1lrYrCxn7CJN2nUhbwcfG+LEvcrCzCOJ6XtIHm+ZBV9h9p7FfoPLvpw+g==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/profiler@2.9.3':
-    resolution: {integrity: sha512-pyHc9lw8VZDfgZoeZWZU9J0CVEv1Zw9O5+e0DJPDPHuXJYr72ZAOhbljtU3owWKAeW+++Q2AZWkbUGEOjI/e6g==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/reporter-cli@2.9.3':
-    resolution: {integrity: sha512-pZiEvQpuXFuQBafMHxkDmwH8CnnK9sWHwa3bSbsnt385aUahtE8dpY0LKt+K1zfB6degKoczN6aWVj9WycQuZQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/reporter-dev-server@2.9.3':
-    resolution: {integrity: sha512-s6eboxdLEtRSvG52xi9IiNbcPKC0XMVmvTckieue2EqGDbDcaHQoHmmwkk0rNq0/Z/UxelGcQXoIYC/0xq3ykQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/reporter-tracer@2.9.3':
-    resolution: {integrity: sha512-9cXpKWk0m6d6d+4+TlAdOe8XIPaFEIKGWMWG+5SFAQE08u3olet4PSvd49F4+ZZo5ftRE7YI3j6xNbXvJT8KGw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/resolver-default@2.9.3':
-    resolution: {integrity: sha512-8ESJk1COKvDzkmOnppNXoDamNMlYVIvrKc2RuFPmp8nKVj47R6NwMgvwxEaatyPzvkmyTpq5RvG9I3HFc+r4Cw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/runtime-browser-hmr@2.9.3':
-    resolution: {integrity: sha512-EgiDIDrVAWpz7bOzWXqVinQkaFjLwT34wsonpXAbuI7f7r00d52vNAQC9AMu+pTijA3gyKoJ+Q4NWPMZf7ACDA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/runtime-js@2.9.3':
-    resolution: {integrity: sha512-EvIy+qXcKnB5qxHhe96zmJpSAViNVXHfQI5RSdZ2a7CPwORwhTI+zPNT9sb7xb/WwFw/WuTTgzT40b41DceU6Q==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/runtime-react-refresh@2.9.3':
-    resolution: {integrity: sha512-XBgryZQIyCmi6JwEfMUCmINB3l1TpTp9a2iFxmYNpzHlqj4Ve0saKaqWOVRLvC945ZovWIBzcSW2IYqWKGtbAA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/runtime-service-worker@2.9.3':
-    resolution: {integrity: sha512-qLJLqv1mMdWL7gyh8aKBFFAuEiJkhUUgLKpdn6eSfH/R7kTtb76WnOwqUrhvEI9bZFUM/8Pa1bzJnPpqSOM+Sw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/source-map@2.1.1':
-    resolution: {integrity: sha512-Ejx1P/mj+kMjQb8/y5XxDUn4reGdr+WyKYloBljpppUy8gs42T+BNoEOuRYqDVdgPc6NxduzIDoJS9pOFfV5Ew==}
-    engines: {node: ^12.18.3 || >=14}
-
-  '@parcel/transformer-babel@2.9.3':
-    resolution: {integrity: sha512-pURtEsnsp3h6tOBDuzh9wRvVtw4PgIlqwAArIWdrG7iwqOUYv9D8ME4+ePWEu7MQWAp58hv9pTJtqWv4T+Sq8A==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-css@2.9.3':
-    resolution: {integrity: sha512-duWMdbEBBPjg3fQdXF16iWIdThetDZvCs2TpUD7xOlXH6kR0V5BJy8ONFT15u1RCqIV9hSNGaS3v3I9YRNY5zQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-html@2.9.3':
-    resolution: {integrity: sha512-0NU4omcHzFXA1seqftAXA2KNZaMByoKaNdXnLgBgtCGDiYvOcL+6xGHgY6pw9LvOh5um10KI5TxSIMILoI7VtA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-image@2.9.3':
-    resolution: {integrity: sha512-7CEe35RaPadQzLIuxzTtIxnItvOoy46hcbXtOdDt6lmVa4omuOygZYRIya2lsGIP4JHvAaALMb5nt99a1uTwJg==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/transformer-js@2.9.3':
-    resolution: {integrity: sha512-Z2MVVg5FYcPOfxlUwxqb5l9yjTMEqE3KI3zq2MBRUme6AV07KxLmCDF23b6glzZlHWQUE8MXzYCTAkOPCcPz+Q==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
-  '@parcel/transformer-json@2.9.3':
-    resolution: {integrity: sha512-yNL27dbOLhkkrjaQjiQ7Im9VOxmkfuuSNSmS0rA3gEjVcm07SLKRzWkAaPnyx44Lb6bzyOTWwVrb9aMmxgADpA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-postcss@2.9.3':
-    resolution: {integrity: sha512-HoDvPqKzhpmvMmHqQhDnt8F1vH61m6plpGiYaYnYv2Om4HHi5ZIq9bO+9QLBnTKfaZ7ndYSefTKOxTYElg7wyw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-posthtml@2.9.3':
-    resolution: {integrity: sha512-2fQGgrzRmaqbWf3y2/T6xhqrNjzqMMKksqJzvc8TMfK6f2kg3Ddjv158eaSW2JdkV39aY7tvAOn5f1uzo74BMA==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-raw@2.9.3':
-    resolution: {integrity: sha512-oqdPzMC9QzWRbY9J6TZEqltknjno+dY24QWqf8ondmdF2+W+/2mRDu59hhCzQrqUHgTq4FewowRZmSfpzHxwaQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-react-refresh-wrap@2.9.3':
-    resolution: {integrity: sha512-cb9NyU6oJlDblFIlzqIE8AkvRQVGl2IwJNKwD4PdE7Y6sq2okGEPG4hOw3k/Y9JVjM4/2pUORqvjSRhWwd9oVQ==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-sass@2.9.3':
-    resolution: {integrity: sha512-i9abj9bKg3xCHghJyTM3rUVxIEn9n1Rl+DFdpyNAD8VZ52COfOshFDQOWNuhU1hEnJOFYCjnfcO0HRTsg3dWmg==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-svg-react@2.9.3':
-    resolution: {integrity: sha512-RXmCn58CkCBhpsS1AaRBrSRla0U5JN3r3hb7kQvEb+d7chGnsxCCWsBxtlrxPUjoUFLdQli9rhpCTkiyOBXY2A==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/transformer-svg@2.9.3':
-    resolution: {integrity: sha512-ypmE+dzB09IMCdEAkOsSxq1dEIm2A3h67nAFz4qbfHbwNgXBUuy/jB3ZMwXN/cO0f7SBh/Ap8Jhq6vmGqB5tWw==}
-    engines: {node: '>= 12.0.0', parcel: ^2.9.3}
-
-  '@parcel/types@2.9.3':
-    resolution: {integrity: sha512-NSNY8sYtRhvF1SqhnIGgGvJocyWt1K8Tnw5cVepm0g38ywtX6mwkBvMkmeehXkII4mSUn+frD9wGsydTunezvA==}
-
-  '@parcel/utils@2.9.3':
-    resolution: {integrity: sha512-cesanjtj/oLehW8Waq9JFPmAImhoiHX03ihc3JTWkrvJYSbD7wYKCDgPAM3JiRAqvh1LZ6P699uITrYWNoRLUg==}
-    engines: {node: '>= 12.0.0'}
-
-  '@parcel/watcher@2.0.7':
-    resolution: {integrity: sha512-gc3hoS6e+2XdIQ4HHljDB1l0Yx2EWh/sBBtCEFNKGSMlwASWeAQsOY/fPbxOBcZ/pg0jBh4Ga+4xHlZc4faAEQ==}
-    engines: {node: '>= 10.0.0'}
-
-  '@parcel/workers@2.9.3':
-    resolution: {integrity: sha512-zRrDuZJzTevrrwElYosFztgldhqW6G9q5zOeQXfVQFkkEJCNfg36ixeiofKRU8uu2x+j+T6216mhMNB6HiuY+w==}
-    engines: {node: '>= 12.0.0'}
-    peerDependencies:
-      '@parcel/core': ^2.9.3
-
   '@parse5/tools@0.3.0':
     resolution: {integrity: sha512-zxRyTHkqb7WQMV8kTNBKWb1BeOFUKXBXTBWuxg9H9hfvQB3IwP6Iw2U75Ia5eyRxPNltmY7E8YAlz6zWwUnjKg==}
 
@@ -6493,148 +6172,74 @@ packages:
     resolution: {integrity: sha512-IHk53BVw6MPMi2Gsn+hCng8rFA3ZmR3Rk7GllxDUW9qFJl/hiSvskn7XldkECapQVkIg/1dHpMAxI9xSTaLLSA==}
     engines: {node: '>=14.0.0'}
 
-  '@svgr/babel-plugin-add-jsx-attribute@6.5.1':
-    resolution: {integrity: sha512-9PYGcXrAxitycIjRmZB+Q0JaN07GZIWaTBIGQzfaZv+qr1n8X1XUEJ5rZ/vx6OVD9RRYlrNnXWExQXcmZeD/BQ==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-add-jsx-attribute@8.0.0':
     resolution: {integrity: sha512-b9MIk7yhdS1pMCZM8VeNfUlSKVRhsHZNMl5O9SfaX0l0t5wjdgu4IDzGB8bpnGBBOjGST3rRFVsaaEtI4W6f7g==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-remove-jsx-attribute@6.5.0':
-    resolution: {integrity: sha512-8zYdkym7qNyfXpWvu4yq46k41pyNM9SOstoWhKlm+IfdCE1DdnRKeMUPsWIEO/DEkaWxJ8T9esNdG3QwQ93jBA==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-remove-jsx-attribute@8.0.0':
     resolution: {integrity: sha512-BcCkm/STipKvbCl6b7QFrMh/vx00vIP63k2eM66MfHJzPr6O2U0jYEViXkHJWqXqQYjdeA9cuCl5KWmlwjDvbA==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-remove-jsx-empty-expression@6.5.0':
-    resolution: {integrity: sha512-NFdxMq3xA42Kb1UbzCVxplUc0iqSyM9X8kopImvFnB+uSDdzIHOdbs1op8ofAvVRtbg4oZiyRl3fTYeKcOe9Iw==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0':
     resolution: {integrity: sha512-5BcGCBfBxB5+XSDSWnhTThfI9jcO5f0Ai2V24gZpG+wXF14BzwxxdDb4g6trdOux0rhibGs385BeFMSmxtS3uA==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-replace-jsx-attribute-value@6.5.1':
-    resolution: {integrity: sha512-8DPaVVE3fd5JKuIC29dqyMB54sA6mfgki2H2+swh+zNJoynC8pMPzOkidqHOSc6Wj032fhl8Z0TVn1GiPpAiJg==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0':
     resolution: {integrity: sha512-KVQ+PtIjb1BuYT3ht8M5KbzWBhdAjjUPdlMtpuw/VjT8coTrItWX6Qafl9+ji831JaJcu6PJNKCV0bp01lBNzQ==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-svg-dynamic-title@6.5.1':
-    resolution: {integrity: sha512-FwOEi0Il72iAzlkaHrlemVurgSQRDFbk0OC8dSvD5fSBPHltNh7JtLsxmZUhjYBZo2PpcU/RJvvi6Q0l7O7ogw==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-svg-dynamic-title@8.0.0':
     resolution: {integrity: sha512-omNiKqwjNmOQJ2v6ge4SErBbkooV2aAWwaPFs2vUY7p7GhVkzRkJ00kILXQvRhA6miHnNpXv7MRnnSjdRjK8og==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-svg-em-dimensions@6.5.1':
-    resolution: {integrity: sha512-gWGsiwjb4tw+ITOJ86ndY/DZZ6cuXMNE/SjcDRg+HLuCmwpcjOktwRF9WgAiycTqJD/QXqL2f8IzE2Rzh7aVXA==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-svg-em-dimensions@8.0.0':
     resolution: {integrity: sha512-mURHYnu6Iw3UBTbhGwE/vsngtCIbHE43xCRK7kCw4t01xyGqb2Pd+WXekRRoFOBIY29ZoOhUCTEweDMdrjfi9g==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-transform-react-native-svg@6.5.1':
-    resolution: {integrity: sha512-2jT3nTayyYP7kI6aGutkyfJ7UMGtuguD72OjeGLwVNyfPRBD8zQthlvL+fAbAKk5n9ZNcvFkp/b1lZ7VsYqVJg==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-transform-react-native-svg@8.1.0':
     resolution: {integrity: sha512-Tx8T58CHo+7nwJ+EhUwx3LfdNSG9R2OKfaIXXs5soiy5HtgoAEkDay9LIimLOcG8dJQH1wPZp/cnAv6S9CrR1Q==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-plugin-transform-svg-component@6.5.1':
-    resolution: {integrity: sha512-a1p6LF5Jt33O3rZoVRBqdxL350oge54iZWHNI6LJB5tQ7EelvD/Mb1mfBiZNAan0dt4i3VArkFRjA4iObuNykQ==}
-    engines: {node: '>=12'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-plugin-transform-svg-component@8.0.0':
     resolution: {integrity: sha512-DFx8xa3cZXTdb/k3kfPeaixecQLgKh5NVBMwD0AQxOzcZawK4oo1Jh9LbrcACUivsCA7TLG8eeWgrDXjTMhRmw==}
     engines: {node: '>=12'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/babel-preset@6.5.1':
-    resolution: {integrity: sha512-6127fvO/FF2oi5EzSQOAjo1LE3OtNVh11R+/8FXa+mHx1ptAaS4cknIjnUA7e6j6fwGGJ17NzaTJFUwOV2zwCw==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@babel/core': ^7.0.0-0
-
   '@svgr/babel-preset@8.1.0':
     resolution: {integrity: sha512-7EYDbHE7MxHpv4sxvnVPngw5fuR6pw79SkcrILHJ/iMpuKySNCl5W1qcwPEpU+LgyRXOaAFgH0KhwD18wwg6ug==}
     engines: {node: '>=14'}
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
-  '@svgr/core@6.5.1':
-    resolution: {integrity: sha512-/xdLSWxK5QkqG524ONSjvg3V/FkNyCv538OIBdQqPNaAta3AsXj/Bd2FbvR87yMbXO2hFSWiAe/Q6IkVPDw+mw==}
-    engines: {node: '>=10'}
-
   '@svgr/core@8.1.0':
     resolution: {integrity: sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==}
     engines: {node: '>=14'}
 
-  '@svgr/hast-util-to-babel-ast@6.5.1':
-    resolution: {integrity: sha512-1hnUxxjd83EAxbL4a0JDJoD3Dao3hmjvyvyEV8PzWmLK3B9m9NPlW7GKjFyoWE8nM7HnXzPcmmSyOW8yOddSXw==}
-    engines: {node: '>=10'}
-
   '@svgr/hast-util-to-babel-ast@8.0.0':
     resolution: {integrity: sha512-EbDKwO9GpfWP4jN9sGdYwPBU0kdomaPIL2Eu4YwmgP+sJeXT+L7bMwJUBnhzfH8Q2qMBqZ4fJwpCyYsAN3mt2Q==}
     engines: {node: '>=14'}
 
-  '@svgr/plugin-jsx@6.5.1':
-    resolution: {integrity: sha512-+UdQxI3jgtSjCykNSlEMuy1jSRQlGC7pqBCPvkG/2dATdWo082zHTTK3uhnAju2/6XpE6B5mZ3z4Z8Ns01S8Gw==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@svgr/core': ^6.0.0
-
   '@svgr/plugin-jsx@8.1.0':
     resolution: {integrity: sha512-0xiIyBsLlr8quN+WyuxooNW9RJ0Dpr8uOnH/xrCVO8GLUcwHISwj1AG0k+LFzteTkAA0GbX0kj9q6Dk70PTiPA==}
     engines: {node: '>=14'}
     peerDependencies:
       '@svgr/core': '*'
 
-  '@svgr/plugin-svgo@6.5.1':
-    resolution: {integrity: sha512-omvZKf8ixP9z6GWgwbtmP9qQMPX4ODXi+wzbVZgomNFsUIlHA1sf4fThdwTWSsZGgvGAG6yE+b/F5gWUkcZ/iQ==}
-    engines: {node: '>=10'}
-    peerDependencies:
-      '@svgr/core': '*'
-
   '@swc/core-darwin-arm64@1.3.52':
     resolution: {integrity: sha512-Y+4YDN7mAhMgqLVMjpIOagFg93uWdQRsJXd3NAXo24CAJXLBuXsiXQdJVdhGavQkF0+NuhFSTGrzB8TknzWQkg==}
     engines: {node: '>=10'}
@@ -6759,10 +6364,6 @@ packages:
   '@tootallnate/quickjs-emscripten@0.23.0':
     resolution: {integrity: sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA==}
 
-  '@trysound/sax@0.2.0':
-    resolution: {integrity: sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==}
-    engines: {node: '>=10.13.0'}
-
   '@tsconfig/node10@1.0.9':
     resolution: {integrity: sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==}
 
@@ -6985,9 +6586,6 @@ packages:
   '@types/oidc-provider@8.4.4':
     resolution: {integrity: sha512-+SlmKc4qlCJLjpw6Du/8cXw18JsPEYyQwoy+xheLkiuNsCz1mPEYI/lRXLQHvfJD9TH6+2/WDTLZQ2UUJ5G4bw==}
 
-  '@types/parse-json@4.0.0':
-    resolution: {integrity: sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==}
-
   '@types/parse5@6.0.3':
     resolution: {integrity: sha512-SuT16Q1K51EAVPz1K29DJ/sXjhSQ0zjvsypYJ6tlwVsRV9jwW5Adq2ch8Dq8kDBCkYnELS7N7VNCSB5nC56t/g==}
 
@@ -7256,9 +6854,6 @@ packages:
     resolution: {integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==}
     engines: {node: '>=6.5'}
 
-  abortcontroller-polyfill@1.7.5:
-    resolution: {integrity: sha512-JMJ5soJWP18htbbxJjG7bG6yuI6pRhgJ0scHHTfkUjf6wjP912xZWvM+A4sJK3gqd9E8fcPbDnOefbA9Th/FIQ==}
-
   accepts@1.3.7:
     resolution: {integrity: sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==}
     engines: {node: '>= 0.6'}
@@ -7570,9 +7165,6 @@ packages:
   bare-path@2.1.1:
     resolution: {integrity: sha512-OHM+iwRDRMDBsSW7kl3dO62JyHdBKO3B25FB9vNQBPcGHMo4+eA8Yj41Lfbk3pS/seDY+siNge0LdRTulAau/A==}
 
-  base-x@3.0.9:
-    resolution: {integrity: sha512-H7JU6iBHTal1gp56aKoaa//YUxEaAOUiydvrV/pILqIHXTtqxSkATOnDA2u+jZ/61sD+L/412+7kzXRtWukhpQ==}
-
   base64-js@1.5.1:
     resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
 
@@ -7597,9 +7189,6 @@ packages:
   bluebird@3.7.2:
     resolution: {integrity: sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==}
 
-  boolbase@1.0.0:
-    resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==}
-
   boolean@3.1.4:
     resolution: {integrity: sha512-3hx0kwU3uzG6ReQ3pnaFQPSktpBw6RHN3/ivDKEuU8g1XSfafowyvDnadjv1xp8IZqhtSukxlwv9bF6FhX8m0w==}
 
@@ -7619,15 +7208,12 @@ packages:
   breakword@1.0.5:
     resolution: {integrity: sha512-ex5W9DoOQ/LUEU3PMdLs9ua/CYZl1678NUkKOdUSi8Aw5F1idieaiRURCBFJCwVcrD1J8Iy3vfWSloaMwO2qFg==}
 
-  browserslist@4.21.4:
-    resolution: {integrity: sha512-CBHJJdDmgjl3daYjN5Cp5kbTf1mUhZoS+beLklHIvkOWscs83YAhLlF3Wsh/lciQYAcbBJgTOD44VtG31ZM4Hw==}
-    engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
-    hasBin: true
-
-  browserslist@4.23.0:
-    resolution: {integrity: sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ==}
-    engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
+  browserslist-to-esbuild@2.1.1:
+    resolution: {integrity: sha512-KN+mty6C3e9AN8Z5dI1xeN15ExcRNeISoC3g7V0Kax/MMF9MSoYA2G7lkTTcVUFntiEjkpI0HNgqJC1NjdyNUw==}
+    engines: {node: '>=18'}
     hasBin: true
+    peerDependencies:
+      browserslist: '*'
 
   browserslist@4.23.2:
     resolution: {integrity: sha512-qkqSyistMYdxAcw+CzbZwlBy8AGmS/eEWs+sEV5TnLRGDOL+C5M2EnH6tlZyg0YoAxGJAFKh61En9BR941GnHA==}
@@ -7725,9 +7311,6 @@ packages:
     resolution: {integrity: sha512-8WB3Jcas3swSvjIeA2yvCJ+Miyz5l1ZmB6HFb9R1317dt9LCQoswg/BGrmAmkWVEszSrrg4RwmO46qIm2OEnSA==}
     engines: {node: '>=16'}
 
-  caniuse-lite@1.0.30001618:
-    resolution: {integrity: sha512-p407+D1tIkDvsEAPS22lJxLQQaG8OTBEqo0KhzfABGk0TU4juBNDSfH0hyAp/HRyx+M8L17z/ltyhxh27FTfQg==}
-
   caniuse-lite@1.0.30001643:
     resolution: {integrity: sha512-ERgWGNleEilSrHM6iUz/zJNSQTP8Mr21wDWpdgvRwcTXGAq6jMtOUPP4dqFPTdKqZ2wKTdtB+uucZ3MRpAUSmg==}
 
@@ -7794,10 +7377,6 @@ packages:
     resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==}
     engines: {node: '>=18'}
 
-  chrome-trace-event@1.0.3:
-    resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==}
-    engines: {node: '>=6.0'}
-
   chromium-bidi@0.5.17:
     resolution: {integrity: sha512-BqOuIWUgTPj8ayuBFJUYCCuwIcwjBsb3/614P7tt1bEPJ4i1M0kCdIl0Wi9xhtswBXnfO2bTpTMkHD71H8rJMg==}
     peerDependencies:
@@ -8023,10 +7602,6 @@ packages:
       cosmiconfig: '>=8.2'
       typescript: '>=4'
 
-  cosmiconfig@7.1.0:
-    resolution: {integrity: sha512-AdmX6xUzdNASswsFtmwSt7Vj8po9IuqXm0UXz7QKPuEUmPB4XyjGfaAr2PSuELMwkRMVH1EpIkX5bTZGRB3eCA==}
-    engines: {node: '>=10'}
-
   cosmiconfig@8.3.6:
     resolution: {integrity: sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA==}
     engines: {node: '>=14'}
@@ -8057,11 +7632,6 @@ packages:
   create-require@1.1.1:
     resolution: {integrity: sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==}
 
-  cross-env@7.0.3:
-    resolution: {integrity: sha512-+/HKd6EgcQCJGh2PSjZuUitQBQynKor4wrFbRg4DtAgS1aWO+gU52xpH7M9ScGgXSYmAVS9bIJ8EzuaGw0oNAw==}
-    engines: {node: '>=10.14', npm: '>=6', yarn: '>=1'}
-    hasBin: true
-
   cross-fetch@4.0.0:
     resolution: {integrity: sha512-e4a5N8lVvuLgAWgnCrLr2PP0YyDOTHa9H/Rj54dirp61qXnNq46m82bRhNqIA5VccJtWBvPTFRV3TtvHUKPB1g==}
 
@@ -8076,13 +7646,6 @@ packages:
     resolution: {integrity: sha512-Nj5YcaGgBtuUmn1D7oHqPW0c9iui7xsTsj5lIX8ZgevdfhmjFfKB3r8moHJtNJnctnYXJyYX5I1pp90HM4TPgQ==}
     engines: {node: '>=12 || >=16'}
 
-  css-select@4.3.0:
-    resolution: {integrity: sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==}
-
-  css-tree@1.1.3:
-    resolution: {integrity: sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==}
-    engines: {node: '>=8.0.0'}
-
   css-tree@2.3.1:
     resolution: {integrity: sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw==}
     engines: {node: ^10 || ^12.20.0 || ^14.13.0 || >=15.0.0}
@@ -8090,19 +7653,11 @@ packages:
   css-unit-converter@1.1.2:
     resolution: {integrity: sha512-IiJwMC8rdZE0+xiEZHeru6YoONC4rfPMqGm2W85jMIbkFvv5nFTwJVFHam2eFrN6txmoUYFAFXiv8ICVeTO0MA==}
 
-  css-what@6.1.0:
-    resolution: {integrity: sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==}
-    engines: {node: '>= 6'}
-
   cssesc@3.0.0:
     resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
     engines: {node: '>=4'}
     hasBin: true
 
-  csso@4.2.0:
-    resolution: {integrity: sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==}
-    engines: {node: '>=8.0.0'}
-
   cssom@0.3.8:
     resolution: {integrity: sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==}
 
@@ -8553,27 +8108,14 @@ packages:
   dom-helpers@3.4.0:
     resolution: {integrity: sha512-LnuPJ+dwqKDIyotW1VzmOZ5TONUN7CwkCR5hrgawTUbkBGYdeoNLZo6nNfGkCrjtE1nXXaj7iMMpDa8/d9WoIA==}
 
-  dom-serializer@1.4.1:
-    resolution: {integrity: sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==}
-
-  domelementtype@2.3.0:
-    resolution: {integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==}
-
   domexception@4.0.0:
     resolution: {integrity: sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==}
     engines: {node: '>=12'}
     deprecated: Use your platform's native DOMException instead
 
-  domhandler@4.3.1:
-    resolution: {integrity: sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==}
-    engines: {node: '>= 4'}
-
   dompurify@3.1.5:
     resolution: {integrity: sha512-lwG+n5h8QNpxtyrJW/gJWckL+1/DQiYMX8f7t8Z2AZTPw1esVrqjI63i7Zc2Gz0aKzLVMYC1V1PL/ky+aY/NgA==}
 
-  domutils@2.8.0:
-    resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==}
-
   dot-case@3.0.4:
     resolution: {integrity: sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w==}
 
@@ -8581,17 +8123,10 @@ packages:
     resolution: {integrity: sha512-QM8q3zDe58hqUqjraQOmzZ1LIH9SWQJTlEKCH4kJ2oQvLZk7RbQXvtDM2XEq3fwkV9CCvvH4LA0AV+ogFsBM2Q==}
     engines: {node: '>=8'}
 
-  dotenv-expand@5.1.0:
-    resolution: {integrity: sha512-YXQl1DSa4/PQyRfgrv6aoNjhasp/p4qs9FjJ4q4cQk+8m4r6k4ZSiEyytKG8f8W9gi8WsQtIObNmKd+tMzNTmA==}
-
   dotenv@16.4.5:
     resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==}
     engines: {node: '>=12'}
 
-  dotenv@7.0.0:
-    resolution: {integrity: sha512-M3NhsLbV1i6HuGzBUH8vXrtxOk+tWmzWKDMbAVSUp3Zsjm7ywFeuwrUXhmhQyRK1q5B5GGy7hcXPbj3bnfZg2g==}
-    engines: {node: '>=6'}
-
   duplexer@0.1.2:
     resolution: {integrity: sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==}
 
@@ -8607,12 +8142,6 @@ packages:
   ee-first@1.1.1:
     resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==}
 
-  electron-to-chromium@1.4.281:
-    resolution: {integrity: sha512-yer0w5wCYdFoZytfmbNhwiGI/3cW06+RV7E23ln4490DVMxs7PvYpbsrSmAiBn/V6gode8wvJlST2YfWgvzWIg==}
-
-  electron-to-chromium@1.4.738:
-    resolution: {integrity: sha512-lwKft2CLFztD+vEIpesrOtCrko/TFnEJlHFdRhazU7Y/jx5qc4cqsocfVrBg4So4gGe9lvxnbLIoev47WMpg+A==}
-
   electron-to-chromium@1.5.0:
     resolution: {integrity: sha512-Vb3xHHYnLseK8vlMJQKJYXJ++t4u1/qJ3vykuVrVjvdiOEhYyT1AuP4x03G8EnPmYvYOhe9T+dADTmthjRQMkA==}
 
@@ -8656,17 +8185,6 @@ packages:
   ent@2.2.0:
     resolution: {integrity: sha512-GHrMyVZQWvTIdDtpiEXdHZnFQKzeO09apj8Cbl4pKWy4i0Oprcq17usfDt5aO63swf0JOeMWjWQE/LzgSRuWpA==}
 
-  entities@2.2.0:
-    resolution: {integrity: sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==}
-
-  entities@3.0.1:
-    resolution: {integrity: sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==}
-    engines: {node: '>=0.12'}
-
-  entities@4.4.0:
-    resolution: {integrity: sha512-oYp7156SP8LkeGD0GF85ad1X9Ai79WtRsZ2gxJqtBuzH+98YUV6jkHEKlZkMbcrjJjIVJNIDP/3WL9wQkoPbWA==}
-    engines: {node: '>=0.12'}
-
   entities@4.5.0:
     resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
     engines: {node: '>=0.12'}
@@ -9317,10 +8835,6 @@ packages:
     resolution: {integrity: sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==}
     engines: {node: '>=8.0.0'}
 
-  get-port@4.2.0:
-    resolution: {integrity: sha512-/b3jarXkH8KJoOMQc3uVGHASwGLPq3gSFJ7tgJm2diza+bydJPTGOibin2steecKeOylE8oY2JERlVWkAJO6yw==}
-    engines: {node: '>=6'}
-
   get-set-props@0.1.0:
     resolution: {integrity: sha512-7oKuKzAGKj0ag+eWZwcGw2fjiZ78tXnXQoBgY0aU7ZOxTu4bB7hSuQSDgtKy978EDH062P5FmD2EWiDpQS9K9Q==}
     engines: {node: '>=0.10.0'}
@@ -9584,38 +9098,6 @@ packages:
   html-url-attributes@3.0.0:
     resolution: {integrity: sha512-/sXbVCWayk6GDVg3ctOX6nxaVj7So40FcFAnWlWGNAB1LpYKcV5Cd10APjPjW80O7zYW2MsjBV4zZ7IZO5fVow==}
 
-  htmlnano@2.0.3:
-    resolution: {integrity: sha512-S4PGGj9RbdgW8LhbILNK7W9JhmYP8zmDY7KDV/8eCiJBQJlbmltp5I0gv8c5ntLljfdxxfmJ+UJVSqyH4mb41A==}
-    peerDependencies:
-      cssnano: ^5.0.11
-      postcss: ^8.3.11
-      purgecss: ^5.0.0
-      relateurl: ^0.2.7
-      srcset: 4.0.0
-      svgo: ^2.8.0
-      terser: ^5.10.0
-      uncss: ^0.17.3
-    peerDependenciesMeta:
-      cssnano:
-        optional: true
-      postcss:
-        optional: true
-      purgecss:
-        optional: true
-      relateurl:
-        optional: true
-      srcset:
-        optional: true
-      svgo:
-        optional: true
-      terser:
-        optional: true
-      uncss:
-        optional: true
-
-  htmlparser2@7.2.0:
-    resolution: {integrity: sha512-H7MImA4MS6cw7nbyURtLPO1Tms7C5H602LRETv95z1MxO/7CP7rDVROehUYeYBUYEON94NXXDEPmZuq+hX4sog==}
-
   http-assert@1.5.0:
     resolution: {integrity: sha512-uPpH7OKX4H25hBmU6G1jWNaqJGpTXxey+YOUizJUAgu0AjLUeC8D73hTrhvDS5D+GJN1DN1+hhc/eF/wpxtp0w==}
     engines: {node: '>= 0.8'}
@@ -9945,9 +9427,6 @@ packages:
   is-js-type@2.0.0:
     resolution: {integrity: sha512-Aj13l47+uyTjlQNHtXBV8Cji3jb037vxwMWCgopRR8h6xocgBGW3qG8qGlIOEmbXQtkKShKuBM9e8AA1OeQ+xw==}
 
-  is-json@2.0.1:
-    resolution: {integrity: sha512-6BEnpVn1rcf3ngfmViLM6vjUjGErbdrL4rwlv+u1NO1XO8kqT4YGL8+19Q+Z/bas8tY90BTWMk2+fW1g6hQjbA==}
-
   is-map@2.0.3:
     resolution: {integrity: sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==}
     engines: {node: '>= 0.4'}
@@ -10639,10 +10118,6 @@ packages:
   lit@3.1.4:
     resolution: {integrity: sha512-q6qKnKXHy2g1kjBaNfcoLlgbI3+aSOZ9Q4tiGa9bGYXq5RBXxkVTqTIVmP2VWMp29L4GyvCFm8ZQ2o56eUAMyA==}
 
-  lmdb@2.7.11:
-    resolution: {integrity: sha512-x9bD4hVp7PFLUoELL8RglbNXhAMt5CYhkmss+CEau9KlNoilsTzNi9QDsPZb3KMpOGZXG6jmXhW3bBxE2XVztw==}
-    hasBin: true
-
   load-tsconfig@0.2.5:
     resolution: {integrity: sha512-IXO6OCs9yg8tMKzfPZ1YmheJbZCiEsnBdcB03l0OcfK9prKnJb96siuHCr5Fl37/yo9DnKU+TLpxzTUspw9shg==}
     engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
@@ -10904,9 +10379,6 @@ packages:
   mdast-util-to-string@4.0.0:
     resolution: {integrity: sha512-0H44vDimn51F0YwvxSJSm0eCDOJTRlmN0R1yBh4HLj9wiV1Dn0QoXGbvFAWj2hSItVTlCmBF1hqKlIyUBVFLPg==}
 
-  mdn-data@2.0.14:
-    resolution: {integrity: sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==}
-
   mdn-data@2.0.30:
     resolution: {integrity: sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA==}
 
@@ -10922,6 +10394,10 @@ packages:
     resolution: {integrity: sha512-BhXM0Au22RwUneMPwSCnyhTOizdWoIEPU9sp0Aqa1PnDMR5Wv2FGXYDjuzJEIX+Eo2Rb8xuYe5jrnm5QowQFkw==}
     engines: {node: '>=16.10'}
 
+  meow@13.2.0:
+    resolution: {integrity: sha512-pxQJQzB6djGPXh08dacEloMFopsOqGVRKFPYvPOt9XDZ1HasbgDZA74CJGreSU4G3Ak7EFJGoiH2auq+yXISgA==}
+    engines: {node: '>=18'}
+
   meow@6.1.1:
     resolution: {integrity: sha512-3YffViIt2QWgTy6Pale5QpopX/IvU3LPL03jOTqp6pGj3VjesdO/U8CuHMKpnQr4shCNCM5fd5XFFvIIl6JBHg==}
     engines: {node: '>=8'}
@@ -11224,13 +10700,6 @@ packages:
   ms@2.1.3:
     resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
 
-  msgpackr-extract@3.0.2:
-    resolution: {integrity: sha512-SdzXp4kD/Qf8agZ9+iTu6eql0m3kWm1A2y1hkpTeVNENutaB0BwHlSvAIaMxwntmRUAUjon2V4L8Z/njd0Ct8A==}
-    hasBin: true
-
-  msgpackr@1.8.5:
-    resolution: {integrity: sha512-mpPs3qqTug6ahbblkThoUY2DQdNXcm4IapwOS3Vm/87vmpzLVelvp9h3It1y9l1VPpiFLV11vfOXnmeEwiIXwg==}
-
   mute-stream@0.0.8:
     resolution: {integrity: sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA==}
 
@@ -11297,12 +10766,6 @@ packages:
     resolution: {integrity: sha512-+EQMm5W9K8YnBE2Ceg4hnJynaCZmvK8ZlFXQ2fxGwtkOkBUq8GpQLTks2m1jpvse9XDxMDDOHgOWpiznFuh0bA==}
     engines: {node: '>= 18'}
 
-  node-addon-api@3.2.1:
-    resolution: {integrity: sha512-mmcei9JghVNDYydghQmeDX8KoAm0FAiYyIcUt/N4nhyAipB17pllZQDOJD2fotxABnt4Mdz+dKTO7eftLg4d0A==}
-
-  node-addon-api@4.3.0:
-    resolution: {integrity: sha512-73sE9+3UaLYYFmDsFZnqCInzPyh3MqIwZO9cw58yIqAZhONrrabrYyYe3TuIqtIiOuTXVhsGau8hcrhhwSsDIQ==}
-
   node-fetch@2.7.0:
     resolution: {integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==}
     engines: {node: 4.x || >=6.0.0}
@@ -11316,20 +10779,8 @@ packages:
     resolution: {integrity: sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==}
     engines: {node: '>= 6.13.0'}
 
-  node-gyp-build-optional-packages@5.0.6:
-    resolution: {integrity: sha512-2ZJErHG4du9G3/8IWl/l9Bp5BBFy63rno5GVmjQijvTuUZKsl6g8RB4KH/x3NLcV5ZBb4GsXmAuTYr6dRml3Gw==}
-    hasBin: true
-
-  node-gyp-build-optional-packages@5.0.7:
-    resolution: {integrity: sha512-YlCCc6Wffkx0kHkmam79GKvDQ6x+QZkMjFGrIMxgFNILFvGSbCp2fCBC55pGTT9gVaz8Na5CLmxt/urtzRv36w==}
-    hasBin: true
-
-  node-gyp-build@4.5.0:
-    resolution: {integrity: sha512-2iGbaQBV+ITgCz76ZEjmhUKAKVf7xfY1sRl4UiKQspfZMH2h06SyhNsnSVy50cwkFQDGLyif6m/6uFXHkOZ6rg==}
-    hasBin: true
-
-  node-int64@0.4.0:
-    resolution: {integrity: sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw==}
+  node-int64@0.4.0:
+    resolution: {integrity: sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw==}
 
   node-mocks-http@1.12.1:
     resolution: {integrity: sha512-jrA7Sn3qI6GsHgWtUW3gMj0vO6Yz0nJjzg3jRZYjcfj4tzi8oWPauDK1qHVJoAxTbwuDHF1JiM9GISZ/ocI/ig==}
@@ -11338,9 +10789,6 @@ packages:
   node-releases@2.0.14:
     resolution: {integrity: sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==}
 
-  node-releases@2.0.6:
-    resolution: {integrity: sha512-PiVXnNuFm5+iYkLBNeq5211hvO38y63T0i2KKh2KnUs3RpzJ+JtODFjkD8yjLwnDkTYF1eKXheUwdssR+NRZdg==}
-
   node-rsa@1.1.1:
     resolution: {integrity: sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==}
 
@@ -11386,12 +10834,6 @@ packages:
     resolution: {integrity: sha512-sJOdmRGrY2sjNTRMbSvluQqg+8X7ZK61yvzBEIDhz4f8z1TZFYABsqjjCBd/0PUNE9M6QDgHJXQkGUEm7Q+l9Q==}
     engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
 
-  nth-check@2.1.1:
-    resolution: {integrity: sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==}
-
-  nullthrows@1.1.1:
-    resolution: {integrity: sha512-2vPPEi+Z7WqML2jZYddDIfy5Dqb0r2fze2zTxNNknZaFpVHU3mFB3R+DWeJWGVx0ecvttSGlJTI+WG+8Z4cDWw==}
-
   nwsapi@2.2.2:
     resolution: {integrity: sha512-90yv+6538zuvUMnN+zCr8LuV6bPFdq50304114vJYJ8RDyK8D5O9Phpbd6SZWgI7PwzmmfN1upeOJlvybDSgCw==}
 
@@ -11496,9 +10938,6 @@ packages:
     resolution: {integrity: sha512-ANIvzobt1rls2BDny5fWZ3ZVKyD6nscLvfFRpQgfWsythlcsVUC9kL0zq6j2Z5z9wwp1kd7wpsD/T9qNPVLCaQ==}
     engines: {node: '>=18'}
 
-  ordered-binary@1.4.0:
-    resolution: {integrity: sha512-EHQ/jk4/a9hLupIKxTfUsQRej1Yd/0QLQs3vGvIqg5ZtCYSzNhkzHoZc7Zf4e4kUlDaC3Uw8Q/1opOLNN2OKRQ==}
-
   os-homedir@1.0.2:
     resolution: {integrity: sha512-B5JU3cabzk8c67mRRd3ECmROafjYMXbuzlwtqdM8IbS8ktlTix8aFGb2bAGKrSRIlnfKwovGUUr72JUPyOb6kQ==}
     engines: {node: '>=0.10.0'}
@@ -11619,17 +11058,6 @@ packages:
   pako@1.0.11:
     resolution: {integrity: sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==}
 
-  parcel-resolver-ignore@2.1.3:
-    resolution: {integrity: sha512-C8uLvR4o7SPRSsQ/Nylm1/PdsLwn/Z9bzCs66qT3XIebJC7ojaFFF3MDl/mie5audngjcFF8wzU0AoEQkZq2pA==}
-    engines: {parcel: '>=2.0.0'}
-    peerDependencies:
-      parcel: '>=2.0.0'
-
-  parcel@2.9.3:
-    resolution: {integrity: sha512-2GTVocFkwblV/TIg9AmT7TI2fO4xdWkyN8aFUEVtiVNWt96GTR3FgQyHFValfCbcj1k9Xf962Ws2hYXYUr9k1Q==}
-    engines: {node: '>= 12.0.0'}
-    hasBin: true
-
   parent-module@1.0.1:
     resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
     engines: {node: '>=6'}
@@ -11951,22 +11379,6 @@ packages:
   postgres-range@1.1.2:
     resolution: {integrity: sha512-CmPJDSpd3/xYJrtw/tI0Cv029B0zMtnesUOHCZmgvypGBLn+eExXcjCS5OY7mpiw6imYEvd2IMD36sAOYA9U1w==}
 
-  posthtml-parser@0.10.2:
-    resolution: {integrity: sha512-PId6zZ/2lyJi9LiKfe+i2xv57oEjJgWbsHGGANwos5AvdQp98i6AtamAl8gzSVFGfQ43Glb5D614cvZf012VKg==}
-    engines: {node: '>=12'}
-
-  posthtml-parser@0.11.0:
-    resolution: {integrity: sha512-QecJtfLekJbWVo/dMAA+OSwY79wpRmbqS5TeXvXSX+f0c6pW4/SE6inzZ2qkU7oAMCPqIDkZDvd/bQsSFUnKyw==}
-    engines: {node: '>=12'}
-
-  posthtml-render@3.0.0:
-    resolution: {integrity: sha512-z+16RoxK3fUPgwaIgH9NGnK1HKY9XIDpydky5eQGgAFVXTCSezalv9U2jQuNV+Z9qV1fDWNzldcw4eK0SSbqKA==}
-    engines: {node: '>=12'}
-
-  posthtml@0.16.6:
-    resolution: {integrity: sha512-JcEmHlyLK/o0uGAlj65vgg+7LIms0xKXe60lcDOTU7oVX/3LuEuLwrQpW3VJ7de5TaFKiW4kWkaIpJL42FEgxQ==}
-    engines: {node: '>=12.0.0'}
-
   preferred-pm@3.0.3:
     resolution: {integrity: sha512-+wZgbxNES/KlJs9q40F/1sfOd/j7f1O9JaHcW5Dsn3aUUOZg3L2bjpVUcKV2jvtElYfoTuQiNeMfQJ4kwUAhCQ==}
     engines: {node: '>=10'}
@@ -12185,9 +11597,6 @@ packages:
     peerDependencies:
       react: '>=16.13.1'
 
-  react-error-overlay@6.0.9:
-    resolution: {integrity: sha512-nQTTcUu+ATDbrSD1BZHr5kgSD4oF8OFjxun8uAaL8RwPBacGBNPf/yAuVVdx17N8XNzRDMrZ9XcKZHCjPW+9ew==}
-
   react-fast-compare@3.2.1:
     resolution: {integrity: sha512-xTYf9zFim2pEif/Fw16dBiXpe0hoy5PxcD8+OwBnTtNLfIm3g6WxhKNurY+6OmdH1u6Ta/W/Vl6vjbYP1MFnDg==}
 
@@ -12262,10 +11671,6 @@ packages:
     resolution: {integrity: sha512-jCvmsr+1IUSMUyzOkRcvnVbX3ZYC6g9TDrDbFuFmRDq7PD4yaGbLKNQL6k2jnArV8hjYxh7hVhAZB6s9HDGpZA==}
     engines: {node: '>=0.10.0'}
 
-  react-refresh@0.9.0:
-    resolution: {integrity: sha512-Gvzk7OZpiqKSkxsQvO/mbTN1poglhmAV7gR/DdIrRrSMXraRQQlfikRJOr3Nb9GTMPC5kof948Zy6jJZIFtDvQ==}
-    engines: {node: '>=0.10.0'}
-
   react-resize-detector@7.1.2:
     resolution: {integrity: sha512-zXnPJ2m8+6oq9Nn8zsep/orts9vQv3elrpA+R8XTcW7DVVUJ9vwDwMXaBtykAYjMnkCIaOoK9vObyR7ZgFNlOw==}
     peerDependencies:
@@ -12831,14 +12236,6 @@ packages:
     resolution: {integrity: sha512-e2ExBX6iDHoCDC1zN2NvZV49UMhKVLvvwrDjzSVHFS3TKHKtIpl2nMDQkdlbTjDVvf2bxRYBq9iXAAMZvZpGVA==}
     engines: {node: '>=0.10'}
 
-  srcset@4.0.0:
-    resolution: {integrity: sha512-wvLeHgcVHKO8Sc/H/5lkGreJQVeYMm9rlmt8PuR1xE31rIuXhuzznUUqAt8MqLhB3MqJdFzlNAfpcWnxiFUcPw==}
-    engines: {node: '>=12'}
-
-  stable@0.1.8:
-    resolution: {integrity: sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==}
-    deprecated: 'Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility'
-
   stack-chain@1.3.7:
     resolution: {integrity: sha512-D8cWtWVdIe/jBA7v5p5Hwl5yOSOrmZPWDPe2KxQ5UAGD+nxbxU0lKXA4h85Ta6+qgdKVL3vUxsbIZjc1kBG7ug==}
 
@@ -13072,11 +12469,6 @@ packages:
   svg-tags@1.0.0:
     resolution: {integrity: sha512-ovssysQTa+luh7A5Weu3Rta6FJlFBBbInjOh722LIt6klpU2/HtdUbszju/G4devcvk8PGt7FCLv5wftu3THUA==}
 
-  svgo@2.8.0:
-    resolution: {integrity: sha512-+N/Q9kV1+F+UeWYoSiULYo4xYSDQlTgb+ayMobAXPwMnLvop7oxKMo9OzIrX5x3eS4L4f2UHhc9axXwY8DpChg==}
-    engines: {node: '>=10.13.0'}
-    hasBin: true
-
   swr@2.2.0:
     resolution: {integrity: sha512-AjqHOv2lAhkuUdIiBu9xbuettzAzWXmCEcLONNKJRba87WAefz8Ca9d6ds/SzrPc235n1IxWYdhJ2zF3MNUaoQ==}
     peerDependencies:
@@ -13152,9 +12544,6 @@ packages:
   through@2.3.8:
     resolution: {integrity: sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==}
 
-  timsort@0.3.0:
-    resolution: {integrity: sha512-qsdtZH+vMoCARQtyod4imc2nIJwg9Cc7lPRrw9CzF8ZKR0khdr8+2nX80PBhET3tcyTtJDxAffGh2rXH4tyU8A==}
-
   tiny-cookie@2.4.1:
     resolution: {integrity: sha512-h8ueaMyvUd/9ZfRqCfa1t+0tXqfVFhdK8WpLHz8VXMqsiaj3Sqg64AOCH/xevLQGZk0ZV+/75ouITdkvp3taVA==}
 
@@ -13457,18 +12846,6 @@ packages:
     resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==}
     engines: {node: '>= 0.8'}
 
-  update-browserslist-db@1.0.10:
-    resolution: {integrity: sha512-OztqDenkfFkbSG+tRxBeAnCVPckDBcvibKd35yDONx6OU8N7sqgwc7rCbkJ/WcYtVRZ4ba68d6byhC21GFh7sQ==}
-    hasBin: true
-    peerDependencies:
-      browserslist: '>= 4.21.0'
-
-  update-browserslist-db@1.0.13:
-    resolution: {integrity: sha512-xebP81SNcPuNpPP3uzeW1NYXxI3rxyJzF3pD6sH4jE7o/IX+WtSpwnVU+qIsDPyk0d3hmFQ7mjqc6AtV604hbg==}
-    hasBin: true
-    peerDependencies:
-      browserslist: '>= 4.21.0'
-
   update-browserslist-db@1.1.0:
     resolution: {integrity: sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==}
     hasBin: true
@@ -13498,10 +12875,6 @@ packages:
   util-deprecate@1.0.2:
     resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
 
-  utility-types@3.10.0:
-    resolution: {integrity: sha512-O11mqxmi7wMKCo6HKFt5AhO4BwY3VV68YU07tgxfz8zJTIxr4BpsezN49Ffwy9j3ZpwwJp4fkRwjRzq3uWE6Rg==}
-    engines: {node: '>= 4'}
-
   uuid@8.3.2:
     resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
     hasBin: true
@@ -13632,9 +13005,6 @@ packages:
   wcwidth@1.0.1:
     resolution: {integrity: sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==}
 
-  weak-lru-cache@1.2.2:
-    resolution: {integrity: sha512-DEAoo25RfSYMuTGc9vPJzZcZullwIqRDSI9LOy+fkCJPi6hykCnfKaXTuPBDuXAUcqHXyOgFtHNp/kB2FjYHbw==}
-
   web-worker@1.3.0:
     resolution: {integrity: sha512-BSR9wyRsy/KOValMgd5kMyr3JzpdeoR9KVId8u5GVlTTAtNChlsE4yTxeY7zMdNSyOmoKBv8NH2qeRY9Tg+IaA==}
 
@@ -13794,9 +13164,6 @@ packages:
     resolution: {integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==}
     engines: {node: '>=0.4'}
 
-  xxhash-wasm@0.4.2:
-    resolution: {integrity: sha512-/eyHVRJQCirEkSZ1agRSCwriMhwlyUcFkXD5TPVSLP+IPzjsqMVzZwdoczLp1SoQU0R3dxz1RpIK+4YNQbCVOA==}
-
   y18n@4.0.3:
     resolution: {integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==}
 
@@ -13817,10 +13184,6 @@ packages:
     resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==}
     engines: {node: '>=18'}
 
-  yaml@1.10.2:
-    resolution: {integrity: sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==}
-    engines: {node: '>= 6'}
-
   yaml@2.3.3:
     resolution: {integrity: sha512-zw0VAJxgeZ6+++/su5AFoqBbZbrEakwu+X0M5HmcwUiBL7AzcuPKjj5we4xfQLp78LkEMpD0cOnUhmgOVy3KdQ==}
     engines: {node: '>= 14'}
@@ -14674,7 +14037,7 @@ snapshots:
     dependencies:
       '@babel/compat-data': 7.24.4
       '@babel/helper-validator-option': 7.23.5
-      browserslist: 4.23.0
+      browserslist: 4.23.2
       lru-cache: 5.1.1
       semver: 6.3.1
 
@@ -15791,12 +15154,6 @@ snapshots:
 
   '@levischuck/tiny-cbor@0.2.2': {}
 
-  '@lezer/common@0.15.12': {}
-
-  '@lezer/lr@0.15.8':
-    dependencies:
-      '@lezer/common': 0.15.12
-
   '@lit-labs/ssr-dom-shim@1.2.0': {}
 
   '@lit/context@1.1.2':
@@ -15829,24 +15186,6 @@ snapshots:
     dependencies:
       '@lit-labs/ssr-dom-shim': 1.2.0
 
-  '@lmdb/lmdb-darwin-arm64@2.7.11':
-    optional: true
-
-  '@lmdb/lmdb-darwin-x64@2.7.11':
-    optional: true
-
-  '@lmdb/lmdb-linux-arm64@2.7.11':
-    optional: true
-
-  '@lmdb/lmdb-linux-arm@2.7.11':
-    optional: true
-
-  '@lmdb/lmdb-linux-x64@2.7.11':
-    optional: true
-
-  '@lmdb/lmdb-win32-x64@2.7.11':
-    optional: true
-
   '@logto/affiliate@0.1.0':
     dependencies:
       '@silverhand/essentials': 2.9.1
@@ -15953,12 +15292,6 @@ snapshots:
 
   '@microsoft/applicationinsights-web-snippet@1.0.1': {}
 
-  '@mischnic/json-sourcemap@0.1.0':
-    dependencies:
-      '@lezer/common': 0.15.12
-      '@lezer/lr': 0.15.8
-      json5: 2.2.3
-
   '@monaco-editor/loader@1.4.0(monaco-editor@0.47.0)':
     dependencies:
       monaco-editor: 0.47.0
@@ -15968,635 +15301,76 @@ snapshots:
     dependencies:
       '@monaco-editor/loader': 1.4.0(monaco-editor@0.47.0)
       monaco-editor: 0.47.0
-      react: 18.3.1
-      react-dom: 18.3.1(react@18.3.1)
-
-  '@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2':
-    optional: true
-
-  '@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.2':
-    optional: true
-
-  '@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.2':
-    optional: true
-
-  '@msgpackr-extract/msgpackr-extract-linux-arm@3.0.2':
-    optional: true
-
-  '@msgpackr-extract/msgpackr-extract-linux-x64@3.0.2':
-    optional: true
-
-  '@msgpackr-extract/msgpackr-extract-win32-x64@3.0.2':
-    optional: true
-
-  '@nodelib/fs.scandir@2.1.5':
-    dependencies:
-      '@nodelib/fs.stat': 2.0.5
-      run-parallel: 1.2.0
-
-  '@nodelib/fs.stat@2.0.5': {}
-
-  '@nodelib/fs.walk@1.2.8':
-    dependencies:
-      '@nodelib/fs.scandir': 2.1.5
-      fastq: 1.13.0
-
-  '@opentelemetry/api@1.8.0': {}
-
-  '@opentelemetry/core@1.23.0(@opentelemetry/api@1.8.0)':
-    dependencies:
-      '@opentelemetry/api': 1.8.0
-      '@opentelemetry/semantic-conventions': 1.23.0
-
-  '@opentelemetry/instrumentation@0.41.2(@opentelemetry/api@1.8.0)':
-    dependencies:
-      '@opentelemetry/api': 1.8.0
-      '@types/shimmer': 1.0.2
-      import-in-the-middle: 1.4.2
-      require-in-the-middle: 7.2.0
-      semver: 7.6.0
-      shimmer: 1.2.1
-    transitivePeerDependencies:
-      - supports-color
-
-  '@opentelemetry/resources@1.23.0(@opentelemetry/api@1.8.0)':
-    dependencies:
-      '@opentelemetry/api': 1.8.0
-      '@opentelemetry/core': 1.23.0(@opentelemetry/api@1.8.0)
-      '@opentelemetry/semantic-conventions': 1.23.0
-
-  '@opentelemetry/sdk-trace-base@1.23.0(@opentelemetry/api@1.8.0)':
-    dependencies:
-      '@opentelemetry/api': 1.8.0
-      '@opentelemetry/core': 1.23.0(@opentelemetry/api@1.8.0)
-      '@opentelemetry/resources': 1.23.0(@opentelemetry/api@1.8.0)
-      '@opentelemetry/semantic-conventions': 1.23.0
-
-  '@opentelemetry/semantic-conventions@1.23.0': {}
-
-  '@otplib/core@12.0.1': {}
-
-  '@otplib/plugin-crypto@12.0.1':
-    dependencies:
-      '@otplib/core': 12.0.1
-
-  '@otplib/plugin-thirty-two@12.0.1':
-    dependencies:
-      '@otplib/core': 12.0.1
-      thirty-two: 1.0.2
-
-  '@otplib/preset-default@12.0.1':
-    dependencies:
-      '@otplib/core': 12.0.1
-      '@otplib/plugin-crypto': 12.0.1
-      '@otplib/plugin-thirty-two': 12.0.1
-
-  '@otplib/preset-v11@12.0.1':
-    dependencies:
-      '@otplib/core': 12.0.1
-      '@otplib/plugin-crypto': 12.0.1
-      '@otplib/plugin-thirty-two': 12.0.1
-
-  '@parcel/bundler-default@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/graph': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/cache@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/fs': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/logger': 2.9.3
-      '@parcel/utils': 2.9.3
-      lmdb: 2.7.11
-
-  '@parcel/codeframe@2.9.3':
-    dependencies:
-      chalk: 4.1.2
-
-  '@parcel/compressor-brotli@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/compressor-gzip@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/compressor-raw@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/config-default@2.9.3(@parcel/core@2.9.3)(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)':
-    dependencies:
-      '@parcel/bundler-default': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/compressor-raw': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/core': 2.9.3
-      '@parcel/namer-default': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/optimizer-css': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/optimizer-htmlnano': 2.9.3(@parcel/core@2.9.3)(postcss@8.4.31)(srcset@4.0.0)
-      '@parcel/optimizer-image': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/optimizer-svgo': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/optimizer-swc': 2.9.3(@parcel/core@2.9.3)(@swc/helpers@0.5.1)
-      '@parcel/packager-css': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/packager-html': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/packager-js': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/packager-raw': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/packager-svg': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/reporter-dev-server': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/resolver-default': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/runtime-browser-hmr': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/runtime-js': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/runtime-react-refresh': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/runtime-service-worker': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-babel': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-css': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-html': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-image': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-js': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-json': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-postcss': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-posthtml': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-raw': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-react-refresh-wrap': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/transformer-svg': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@swc/helpers'
-      - cssnano
-      - postcss
-      - purgecss
-      - relateurl
-      - srcset
-      - terser
-      - uncss
-
-  '@parcel/core@2.9.3':
-    dependencies:
-      '@mischnic/json-sourcemap': 0.1.0
-      '@parcel/cache': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/events': 2.9.3
-      '@parcel/fs': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/graph': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/logger': 2.9.3
-      '@parcel/package-manager': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/profiler': 2.9.3
-      '@parcel/source-map': 2.1.1
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-      abortcontroller-polyfill: 1.7.5
-      base-x: 3.0.9
-      browserslist: 4.21.4
-      clone: 2.1.2
-      dotenv: 7.0.0
-      dotenv-expand: 5.1.0
-      json5: 2.2.3
-      msgpackr: 1.8.5
-      nullthrows: 1.1.1
-      semver: 7.6.0
-
-  '@parcel/diagnostic@2.9.3':
-    dependencies:
-      '@mischnic/json-sourcemap': 0.1.0
-      nullthrows: 1.1.1
-
-  '@parcel/events@2.9.3': {}
-
-  '@parcel/fs-search@2.9.3': {}
-
-  '@parcel/fs@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/fs-search': 2.9.3
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      '@parcel/watcher': 2.0.7
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-
-  '@parcel/graph@2.9.3':
-    dependencies:
-      nullthrows: 1.1.1
-
-  '@parcel/hash@2.9.3':
-    dependencies:
-      xxhash-wasm: 0.4.2
-
-  '@parcel/logger@2.9.3':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/events': 2.9.3
-
-  '@parcel/markdown-ansi@2.9.3':
-    dependencies:
-      chalk: 4.1.2
-
-  '@parcel/namer-default@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/node-resolver-core@3.0.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@mischnic/json-sourcemap': 0.1.0
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/fs': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-      semver: 7.6.0
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/optimizer-css@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      browserslist: 4.21.4
-      lightningcss: 1.25.1
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/optimizer-htmlnano@2.9.3(@parcel/core@2.9.3)(postcss@8.4.31)(srcset@4.0.0)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      htmlnano: 2.0.3(postcss@8.4.31)(srcset@4.0.0)(svgo@2.8.0)
-      nullthrows: 1.1.1
-      posthtml: 0.16.6
-      svgo: 2.8.0
-    transitivePeerDependencies:
-      - '@parcel/core'
-      - cssnano
-      - postcss
-      - purgecss
-      - relateurl
-      - srcset
-      - terser
-      - uncss
-
-  '@parcel/optimizer-image@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-
-  '@parcel/optimizer-svgo@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      svgo: 2.8.0
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/optimizer-swc@2.9.3(@parcel/core@2.9.3)(@swc/helpers@0.5.1)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-      - '@swc/helpers'
-
-  '@parcel/package-manager@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/fs': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/logger': 2.9.3
-      '@parcel/node-resolver-core': 3.0.3(@parcel/core@2.9.3)
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-      semver: 7.6.0
-
-  '@parcel/packager-css@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/packager-html@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-      posthtml: 0.16.6
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/packager-js@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      globals: 13.20.0
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/packager-raw@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/packager-svg@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      posthtml: 0.16.6
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/plugin@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/profiler@2.9.3':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/events': 2.9.3
-      chrome-trace-event: 1.0.3
-
-  '@parcel/reporter-cli@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      chalk: 4.1.2
-      term-size: 2.2.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/reporter-dev-server@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/reporter-tracer@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      chrome-trace-event: 1.0.3
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/resolver-default@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/node-resolver-core': 3.0.3(@parcel/core@2.9.3)
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/runtime-browser-hmr@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/runtime-js@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/runtime-react-refresh@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      react-error-overlay: 6.0.9
-      react-refresh: 0.9.0
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/runtime-service-worker@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/source-map@2.1.1':
-    dependencies:
-      detect-libc: 1.0.3
-
-  '@parcel/transformer-babel@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      browserslist: 4.21.4
-      json5: 2.2.3
-      nullthrows: 1.1.1
-      semver: 7.6.0
-    transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/transformer-css@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      browserslist: 4.21.4
-      lightningcss: 1.25.1
-      nullthrows: 1.1.1
-    transitivePeerDependencies:
-      - '@parcel/core'
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
 
-  '@parcel/transformer-html@2.9.3(@parcel/core@2.9.3)':
+  '@nodelib/fs.scandir@2.1.5':
     dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      nullthrows: 1.1.1
-      posthtml: 0.16.6
-      posthtml-parser: 0.10.2
-      posthtml-render: 3.0.0
-      semver: 7.6.0
-      srcset: 4.0.0
-    transitivePeerDependencies:
-      - '@parcel/core'
+      '@nodelib/fs.stat': 2.0.5
+      run-parallel: 1.2.0
 
-  '@parcel/transformer-image@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-      nullthrows: 1.1.1
+  '@nodelib/fs.stat@2.0.5': {}
 
-  '@parcel/transformer-js@2.9.3(@parcel/core@2.9.3)':
+  '@nodelib/fs.walk@1.2.8':
     dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/utils': 2.9.3
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-      '@swc/helpers': 0.5.1
-      browserslist: 4.21.4
-      nullthrows: 1.1.1
-      regenerator-runtime: 0.13.11
-      semver: 7.6.0
+      '@nodelib/fs.scandir': 2.1.5
+      fastq: 1.13.0
 
-  '@parcel/transformer-json@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      json5: 2.2.3
-    transitivePeerDependencies:
-      - '@parcel/core'
+  '@opentelemetry/api@1.8.0': {}
 
-  '@parcel/transformer-postcss@2.9.3(@parcel/core@2.9.3)':
+  '@opentelemetry/core@1.23.0(@opentelemetry/api@1.8.0)':
     dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      clone: 2.1.2
-      nullthrows: 1.1.1
-      postcss-value-parser: 4.2.0
-      semver: 7.6.0
-    transitivePeerDependencies:
-      - '@parcel/core'
+      '@opentelemetry/api': 1.8.0
+      '@opentelemetry/semantic-conventions': 1.23.0
 
-  '@parcel/transformer-posthtml@2.9.3(@parcel/core@2.9.3)':
+  '@opentelemetry/instrumentation@0.41.2(@opentelemetry/api@1.8.0)':
     dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
-      posthtml: 0.16.6
-      posthtml-parser: 0.10.2
-      posthtml-render: 3.0.0
+      '@opentelemetry/api': 1.8.0
+      '@types/shimmer': 1.0.2
+      import-in-the-middle: 1.4.2
+      require-in-the-middle: 7.2.0
       semver: 7.6.0
+      shimmer: 1.2.1
     transitivePeerDependencies:
-      - '@parcel/core'
-
-  '@parcel/transformer-raw@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-    transitivePeerDependencies:
-      - '@parcel/core'
+      - supports-color
 
-  '@parcel/transformer-react-refresh-wrap@2.9.3(@parcel/core@2.9.3)':
+  '@opentelemetry/resources@1.23.0(@opentelemetry/api@1.8.0)':
     dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      react-refresh: 0.9.0
-    transitivePeerDependencies:
-      - '@parcel/core'
+      '@opentelemetry/api': 1.8.0
+      '@opentelemetry/core': 1.23.0(@opentelemetry/api@1.8.0)
+      '@opentelemetry/semantic-conventions': 1.23.0
 
-  '@parcel/transformer-sass@2.9.3(@parcel/core@2.9.3)':
+  '@opentelemetry/sdk-trace-base@1.23.0(@opentelemetry/api@1.8.0)':
     dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      sass: 1.77.8
-    transitivePeerDependencies:
-      - '@parcel/core'
+      '@opentelemetry/api': 1.8.0
+      '@opentelemetry/core': 1.23.0(@opentelemetry/api@1.8.0)
+      '@opentelemetry/resources': 1.23.0(@opentelemetry/api@1.8.0)
+      '@opentelemetry/semantic-conventions': 1.23.0
 
-  '@parcel/transformer-svg-react@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      '@svgr/core': 6.5.1
-      '@svgr/plugin-jsx': 6.5.1(@svgr/core@6.5.1)
-      '@svgr/plugin-svgo': 6.5.1(@svgr/core@6.5.1)
-    transitivePeerDependencies:
-      - '@parcel/core'
-      - supports-color
+  '@opentelemetry/semantic-conventions@1.23.0': {}
 
-  '@parcel/transformer-svg@2.9.3(@parcel/core@2.9.3)':
-    dependencies:
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/plugin': 2.9.3(@parcel/core@2.9.3)
-      nullthrows: 1.1.1
-      posthtml: 0.16.6
-      posthtml-parser: 0.10.2
-      posthtml-render: 3.0.0
-      semver: 7.6.0
-    transitivePeerDependencies:
-      - '@parcel/core'
+  '@otplib/core@12.0.1': {}
 
-  '@parcel/types@2.9.3(@parcel/core@2.9.3)':
+  '@otplib/plugin-crypto@12.0.1':
     dependencies:
-      '@parcel/cache': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/fs': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/package-manager': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/source-map': 2.1.1
-      '@parcel/workers': 2.9.3(@parcel/core@2.9.3)
-      utility-types: 3.10.0
-    transitivePeerDependencies:
-      - '@parcel/core'
+      '@otplib/core': 12.0.1
 
-  '@parcel/utils@2.9.3':
+  '@otplib/plugin-thirty-two@12.0.1':
     dependencies:
-      '@parcel/codeframe': 2.9.3
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/hash': 2.9.3
-      '@parcel/logger': 2.9.3
-      '@parcel/markdown-ansi': 2.9.3
-      '@parcel/source-map': 2.1.1
-      chalk: 4.1.2
-      nullthrows: 1.1.1
+      '@otplib/core': 12.0.1
+      thirty-two: 1.0.2
 
-  '@parcel/watcher@2.0.7':
+  '@otplib/preset-default@12.0.1':
     dependencies:
-      node-addon-api: 3.2.1
-      node-gyp-build: 4.5.0
+      '@otplib/core': 12.0.1
+      '@otplib/plugin-crypto': 12.0.1
+      '@otplib/plugin-thirty-two': 12.0.1
 
-  '@parcel/workers@2.9.3(@parcel/core@2.9.3)':
+  '@otplib/preset-v11@12.0.1':
     dependencies:
-      '@parcel/core': 2.9.3
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/logger': 2.9.3
-      '@parcel/profiler': 2.9.3
-      '@parcel/types': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      nullthrows: 1.1.1
+      '@otplib/core': 12.0.1
+      '@otplib/plugin-crypto': 12.0.1
+      '@otplib/plugin-thirty-two': 12.0.1
 
   '@parse5/tools@0.3.0':
     dependencies:
@@ -16966,10 +15740,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -17396,82 +16170,38 @@ snapshots:
       '@smithy/types': 2.12.0
       tslib: 2.6.2
 
-  '@svgr/babel-plugin-add-jsx-attribute@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-add-jsx-attribute@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-remove-jsx-attribute@6.5.0(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-remove-jsx-attribute@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-remove-jsx-empty-expression@6.5.0(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-replace-jsx-attribute-value@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-svg-dynamic-title@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-svg-dynamic-title@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-svg-em-dimensions@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-svg-em-dimensions@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-transform-react-native-svg@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-transform-react-native-svg@8.1.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-plugin-transform-svg-component@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-
   '@svgr/babel-plugin-transform-svg-component@8.0.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
 
-  '@svgr/babel-preset@6.5.1(@babel/core@7.24.4)':
-    dependencies:
-      '@babel/core': 7.24.4
-      '@svgr/babel-plugin-add-jsx-attribute': 6.5.1(@babel/core@7.24.4)
-      '@svgr/babel-plugin-remove-jsx-attribute': 6.5.0(@babel/core@7.24.4)
-      '@svgr/babel-plugin-remove-jsx-empty-expression': 6.5.0(@babel/core@7.24.4)
-      '@svgr/babel-plugin-replace-jsx-attribute-value': 6.5.1(@babel/core@7.24.4)
-      '@svgr/babel-plugin-svg-dynamic-title': 6.5.1(@babel/core@7.24.4)
-      '@svgr/babel-plugin-svg-em-dimensions': 6.5.1(@babel/core@7.24.4)
-      '@svgr/babel-plugin-transform-react-native-svg': 6.5.1(@babel/core@7.24.4)
-      '@svgr/babel-plugin-transform-svg-component': 6.5.1(@babel/core@7.24.4)
-
   '@svgr/babel-preset@8.1.0(@babel/core@7.24.4)':
     dependencies:
       '@babel/core': 7.24.4
@@ -17484,16 +16214,6 @@ snapshots:
       '@svgr/babel-plugin-transform-react-native-svg': 8.1.0(@babel/core@7.24.4)
       '@svgr/babel-plugin-transform-svg-component': 8.0.0(@babel/core@7.24.4)
 
-  '@svgr/core@6.5.1':
-    dependencies:
-      '@babel/core': 7.24.4
-      '@svgr/babel-preset': 6.5.1(@babel/core@7.24.4)
-      '@svgr/plugin-jsx': 6.5.1(@svgr/core@6.5.1)
-      camelcase: 6.3.0
-      cosmiconfig: 7.1.0
-    transitivePeerDependencies:
-      - supports-color
-
   '@svgr/core@8.1.0(typescript@5.5.3)':
     dependencies:
       '@babel/core': 7.24.4
@@ -17505,26 +16225,11 @@ snapshots:
       - supports-color
       - typescript
 
-  '@svgr/hast-util-to-babel-ast@6.5.1':
-    dependencies:
-      '@babel/types': 7.24.0
-      entities: 4.4.0
-
   '@svgr/hast-util-to-babel-ast@8.0.0':
     dependencies:
       '@babel/types': 7.24.0
       entities: 4.5.0
 
-  '@svgr/plugin-jsx@6.5.1(@svgr/core@6.5.1)':
-    dependencies:
-      '@babel/core': 7.24.4
-      '@svgr/babel-preset': 6.5.1(@babel/core@7.24.4)
-      '@svgr/core': 6.5.1
-      '@svgr/hast-util-to-babel-ast': 6.5.1
-      svg-parser: 2.0.4
-    transitivePeerDependencies:
-      - supports-color
-
   '@svgr/plugin-jsx@8.1.0(@svgr/core@8.1.0(typescript@5.5.3))':
     dependencies:
       '@babel/core': 7.24.4
@@ -17535,13 +16240,6 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@svgr/plugin-svgo@6.5.1(@svgr/core@6.5.1)':
-    dependencies:
-      '@svgr/core': 6.5.1
-      cosmiconfig: 7.1.0
-      deepmerge: 4.3.1
-      svgo: 2.8.0
-
   '@swc/core-darwin-arm64@1.3.52':
     optional: true
 
@@ -17589,6 +16287,7 @@ snapshots:
   '@swc/helpers@0.5.1':
     dependencies:
       tslib: 2.6.2
+    optional: true
 
   '@swc/jest@0.2.26(@swc/core@1.3.52(@swc/helpers@0.5.1))':
     dependencies:
@@ -17634,8 +16333,6 @@ snapshots:
 
   '@tootallnate/quickjs-emscripten@0.23.0': {}
 
-  '@trysound/sax@0.2.0': {}
-
   '@tsconfig/node10@1.0.9':
     optional: true
 
@@ -17913,8 +16610,6 @@ snapshots:
       '@types/koa': 2.15.0
       '@types/node': 20.12.7
 
-  '@types/parse-json@4.0.0': {}
-
   '@types/parse5@6.0.3': {}
 
   '@types/pg@8.11.2':
@@ -18359,8 +17054,6 @@ snapshots:
     dependencies:
       event-target-shim: 5.0.1
 
-  abortcontroller-polyfill@1.7.5: {}
-
   accepts@1.3.7:
     dependencies:
       mime-types: 2.1.35
@@ -18730,10 +17423,6 @@ snapshots:
       bare-os: 2.2.1
     optional: true
 
-  base-x@3.0.9:
-    dependencies:
-      safe-buffer: 5.2.1
-
   base64-js@1.5.1: {}
 
   basic-ftp@5.0.3: {}
@@ -18754,8 +17443,6 @@ snapshots:
 
   bluebird@3.7.2: {}
 
-  boolbase@1.0.0: {}
-
   boolean@3.1.4: {}
 
   bowser@2.11.0: {}
@@ -18777,19 +17464,10 @@ snapshots:
     dependencies:
       wcwidth: 1.0.1
 
-  browserslist@4.21.4:
+  browserslist-to-esbuild@2.1.1(browserslist@4.23.2):
     dependencies:
-      caniuse-lite: 1.0.30001618
-      electron-to-chromium: 1.4.281
-      node-releases: 2.0.6
-      update-browserslist-db: 1.0.10(browserslist@4.21.4)
-
-  browserslist@4.23.0:
-    dependencies:
-      caniuse-lite: 1.0.30001618
-      electron-to-chromium: 1.4.738
-      node-releases: 2.0.14
-      update-browserslist-db: 1.0.13(browserslist@4.23.0)
+      browserslist: 4.23.2
+      meow: 13.2.0
 
   browserslist@4.23.2:
     dependencies:
@@ -18888,8 +17566,6 @@ snapshots:
 
   camelcase@8.0.0: {}
 
-  caniuse-lite@1.0.30001618: {}
-
   caniuse-lite@1.0.30001643: {}
 
   ccount@2.0.1: {}
@@ -18953,8 +17629,6 @@ snapshots:
 
   chownr@3.0.0: {}
 
-  chrome-trace-event@1.0.3: {}
-
   chromium-bidi@0.5.17(devtools-protocol@0.0.1262051):
     dependencies:
       devtools-protocol: 0.0.1262051
@@ -19151,7 +17825,7 @@ snapshots:
 
   core-js-compat@3.37.0:
     dependencies:
-      browserslist: 4.23.0
+      browserslist: 4.23.2
 
   core-js@3.34.0: {}
 
@@ -19166,14 +17840,6 @@ snapshots:
       jiti: 1.21.0
       typescript: 5.0.2
 
-  cosmiconfig@7.1.0:
-    dependencies:
-      '@types/parse-json': 4.0.0
-      import-fresh: 3.3.0
-      parse-json: 5.2.0
-      path-type: 4.0.0
-      yaml: 1.10.2
-
   cosmiconfig@8.3.6(typescript@5.0.2):
     dependencies:
       import-fresh: 3.3.0
@@ -19238,10 +17904,6 @@ snapshots:
   create-require@1.1.1:
     optional: true
 
-  cross-env@7.0.3:
-    dependencies:
-      cross-spawn: 7.0.3
-
   cross-fetch@4.0.0:
     dependencies:
       node-fetch: 2.7.0
@@ -19262,19 +17924,6 @@ snapshots:
 
   css-functions-list@3.2.1: {}
 
-  css-select@4.3.0:
-    dependencies:
-      boolbase: 1.0.0
-      css-what: 6.1.0
-      domhandler: 4.3.1
-      domutils: 2.8.0
-      nth-check: 2.1.1
-
-  css-tree@1.1.3:
-    dependencies:
-      mdn-data: 2.0.14
-      source-map: 0.6.1
-
   css-tree@2.3.1:
     dependencies:
       mdn-data: 2.0.30
@@ -19282,14 +17931,8 @@ snapshots:
 
   css-unit-converter@1.1.2: {}
 
-  css-what@6.1.0: {}
-
   cssesc@3.0.0: {}
 
-  csso@4.2.0:
-    dependencies:
-      css-tree: 1.1.3
-
   cssom@0.3.8: {}
 
   cssom@0.5.0: {}
@@ -19657,7 +18300,8 @@ snapshots:
 
   detect-indent@6.1.0: {}
 
-  detect-libc@1.0.3: {}
+  detect-libc@1.0.3:
+    optional: true
 
   detect-newline@3.1.0: {}
 
@@ -19713,30 +18357,12 @@ snapshots:
     dependencies:
       '@babel/runtime': 7.24.4
 
-  dom-serializer@1.4.1:
-    dependencies:
-      domelementtype: 2.3.0
-      domhandler: 4.3.1
-      entities: 2.2.0
-
-  domelementtype@2.3.0: {}
-
   domexception@4.0.0:
     dependencies:
       webidl-conversions: 7.0.0
 
-  domhandler@4.3.1:
-    dependencies:
-      domelementtype: 2.3.0
-
   dompurify@3.1.5: {}
 
-  domutils@2.8.0:
-    dependencies:
-      dom-serializer: 1.4.1
-      domelementtype: 2.3.0
-      domhandler: 4.3.1
-
   dot-case@3.0.4:
     dependencies:
       no-case: 3.0.4
@@ -19746,12 +18372,8 @@ snapshots:
     dependencies:
       is-obj: 2.0.0
 
-  dotenv-expand@5.1.0: {}
-
   dotenv@16.4.5: {}
 
-  dotenv@7.0.0: {}
-
   duplexer@0.1.2: {}
 
   duplexify@4.1.3:
@@ -19769,10 +18391,6 @@ snapshots:
 
   ee-first@1.1.1: {}
 
-  electron-to-chromium@1.4.281: {}
-
-  electron-to-chromium@1.4.738: {}
-
   electron-to-chromium@1.5.0: {}
 
   elkjs@0.9.3: {}
@@ -19808,12 +18426,6 @@ snapshots:
 
   ent@2.2.0: {}
 
-  entities@2.2.0: {}
-
-  entities@3.0.1: {}
-
-  entities@4.4.0: {}
-
   entities@4.5.0: {}
 
   env-paths@2.2.1: {}
@@ -20061,13 +18673,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -20078,14 +18690,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -20107,7 +18719,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -20117,7 +18729,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -20709,8 +19321,6 @@ snapshots:
 
   get-package-type@0.1.0: {}
 
-  get-port@4.2.0: {}
-
   get-set-props@0.1.0: {}
 
   get-stack-trace@2.1.1:
@@ -21046,23 +19656,6 @@ snapshots:
 
   html-url-attributes@3.0.0: {}
 
-  htmlnano@2.0.3(postcss@8.4.31)(srcset@4.0.0)(svgo@2.8.0):
-    dependencies:
-      cosmiconfig: 7.1.0
-      posthtml: 0.16.6
-      timsort: 0.3.0
-    optionalDependencies:
-      postcss: 8.4.31
-      srcset: 4.0.0
-      svgo: 2.8.0
-
-  htmlparser2@7.2.0:
-    dependencies:
-      domelementtype: 2.3.0
-      domhandler: 4.3.1
-      domutils: 2.8.0
-      entities: 3.0.1
-
   http-assert@1.5.0:
     dependencies:
       deep-equal: 1.0.1
@@ -21186,7 +19779,8 @@ snapshots:
 
   ignore@5.3.1: {}
 
-  immutable@4.1.0: {}
+  immutable@4.1.0:
+    optional: true
 
   import-fresh@3.3.0:
     dependencies:
@@ -21398,8 +19992,6 @@ snapshots:
     dependencies:
       js-types: 1.0.0
 
-  is-json@2.0.1: {}
-
   is-map@2.0.3: {}
 
   is-module@1.0.0: {}
@@ -21706,7 +20298,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -22449,6 +21041,7 @@ snapshots:
       lightningcss-linux-x64-gnu: 1.25.1
       lightningcss-linux-x64-musl: 1.25.1
       lightningcss-win32-x64-msvc: 1.25.1
+    optional: true
 
   lilconfig@2.1.0: {}
 
@@ -22496,21 +21089,6 @@ snapshots:
       lit-element: 4.0.6
       lit-html: 3.1.4
 
-  lmdb@2.7.11:
-    dependencies:
-      msgpackr: 1.8.5
-      node-addon-api: 4.3.0
-      node-gyp-build-optional-packages: 5.0.6
-      ordered-binary: 1.4.0
-      weak-lru-cache: 1.2.2
-    optionalDependencies:
-      '@lmdb/lmdb-darwin-arm64': 2.7.11
-      '@lmdb/lmdb-darwin-x64': 2.7.11
-      '@lmdb/lmdb-linux-arm': 2.7.11
-      '@lmdb/lmdb-linux-arm64': 2.7.11
-      '@lmdb/lmdb-linux-x64': 2.7.11
-      '@lmdb/lmdb-win32-x64': 2.7.11
-
   load-tsconfig@0.2.5: {}
 
   load-yaml-file@0.2.0:
@@ -22868,8 +21446,6 @@ snapshots:
     dependencies:
       '@types/mdast': 4.0.1
 
-  mdn-data@2.0.14: {}
-
   mdn-data@2.0.30: {}
 
   media-typer@0.3.0: {}
@@ -22891,6 +21467,8 @@ snapshots:
 
   meow@12.1.1: {}
 
+  meow@13.2.0: {}
+
   meow@6.1.1:
     dependencies:
       '@types/minimist': 1.2.2
@@ -23411,22 +21989,6 @@ snapshots:
 
   ms@2.1.3: {}
 
-  msgpackr-extract@3.0.2:
-    dependencies:
-      node-gyp-build-optional-packages: 5.0.7
-    optionalDependencies:
-      '@msgpackr-extract/msgpackr-extract-darwin-arm64': 3.0.2
-      '@msgpackr-extract/msgpackr-extract-darwin-x64': 3.0.2
-      '@msgpackr-extract/msgpackr-extract-linux-arm': 3.0.2
-      '@msgpackr-extract/msgpackr-extract-linux-arm64': 3.0.2
-      '@msgpackr-extract/msgpackr-extract-linux-x64': 3.0.2
-      '@msgpackr-extract/msgpackr-extract-win32-x64': 3.0.2
-    optional: true
-
-  msgpackr@1.8.5:
-    optionalDependencies:
-      msgpackr-extract: 3.0.2
-
   mute-stream@0.0.8: {}
 
   mz@2.7.0:
@@ -23487,23 +22049,12 @@ snapshots:
       json-stringify-safe: 5.0.1
       propagate: 2.0.1
 
-  node-addon-api@3.2.1: {}
-
-  node-addon-api@4.3.0: {}
-
   node-fetch@2.7.0:
     dependencies:
       whatwg-url: 5.0.0
 
   node-forge@1.3.1: {}
 
-  node-gyp-build-optional-packages@5.0.6: {}
-
-  node-gyp-build-optional-packages@5.0.7:
-    optional: true
-
-  node-gyp-build@4.5.0: {}
-
   node-int64@0.4.0: {}
 
   node-mocks-http@1.12.1:
@@ -23521,8 +22072,6 @@ snapshots:
 
   node-releases@2.0.14: {}
 
-  node-releases@2.0.6: {}
-
   node-rsa@1.1.1:
     dependencies:
       asn1: 0.2.6
@@ -23576,12 +22125,6 @@ snapshots:
     dependencies:
       path-key: 4.0.0
 
-  nth-check@2.1.1:
-    dependencies:
-      boolbase: 1.0.0
-
-  nullthrows@1.1.1: {}
-
   nwsapi@2.2.2: {}
 
   obj-props@1.4.0: {}
@@ -23731,8 +22274,6 @@ snapshots:
       string-width: 7.0.0
       strip-ansi: 7.1.0
 
-  ordered-binary@1.4.0: {}
-
   os-homedir@1.0.2: {}
 
   os-tmpdir@1.0.2: {}
@@ -23843,36 +22384,6 @@ snapshots:
 
   pako@1.0.11: {}
 
-  parcel-resolver-ignore@2.1.3(parcel@2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)):
-    dependencies:
-      parcel: 2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)
-
-  parcel@2.9.3(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0):
-    dependencies:
-      '@parcel/config-default': 2.9.3(@parcel/core@2.9.3)(@swc/helpers@0.5.1)(postcss@8.4.31)(srcset@4.0.0)
-      '@parcel/core': 2.9.3
-      '@parcel/diagnostic': 2.9.3
-      '@parcel/events': 2.9.3
-      '@parcel/fs': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/logger': 2.9.3
-      '@parcel/package-manager': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/reporter-cli': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/reporter-dev-server': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/reporter-tracer': 2.9.3(@parcel/core@2.9.3)
-      '@parcel/utils': 2.9.3
-      chalk: 4.1.2
-      commander: 7.2.0
-      get-port: 4.2.0
-    transitivePeerDependencies:
-      - '@swc/helpers'
-      - cssnano
-      - postcss
-      - purgecss
-      - relateurl
-      - srcset
-      - terser
-      - uncss
-
   parent-module@1.0.1:
     dependencies:
       callsites: 3.1.0
@@ -24205,23 +22716,6 @@ snapshots:
 
   postgres-range@1.1.2: {}
 
-  posthtml-parser@0.10.2:
-    dependencies:
-      htmlparser2: 7.2.0
-
-  posthtml-parser@0.11.0:
-    dependencies:
-      htmlparser2: 7.2.0
-
-  posthtml-render@3.0.0:
-    dependencies:
-      is-json: 2.0.1
-
-  posthtml@0.16.6:
-    dependencies:
-      posthtml-parser: 0.11.0
-      posthtml-render: 3.0.0
-
   preferred-pm@3.0.3:
     dependencies:
       find-up: 5.0.0
@@ -24444,8 +22938,6 @@ snapshots:
       '@babel/runtime': 7.24.4
       react: 18.3.1
 
-  react-error-overlay@6.0.9: {}
-
   react-fast-compare@3.2.1: {}
 
   react-helmet@6.1.0(react@18.3.1):
@@ -24523,8 +23015,6 @@ snapshots:
 
   react-refresh@0.14.2: {}
 
-  react-refresh@0.9.0: {}
-
   react-resize-detector@7.1.2(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
     dependencies:
       lodash: 4.17.21
@@ -25017,6 +23507,7 @@ snapshots:
       chokidar: 3.5.3
       immutable: 4.1.0
       source-map-js: 1.2.0
+    optional: true
 
   sax@1.2.4: {}
 
@@ -25230,10 +23721,6 @@ snapshots:
 
   sql-parse@0.1.5: {}
 
-  srcset@4.0.0: {}
-
-  stable@0.1.8: {}
-
   stack-chain@1.3.7: {}
 
   stack-utils@2.0.5:
@@ -25535,16 +24022,6 @@ snapshots:
 
   svg-tags@1.0.0: {}
 
-  svgo@2.8.0:
-    dependencies:
-      '@trysound/sax': 0.2.0
-      commander: 7.2.0
-      css-select: 4.3.0
-      css-tree: 1.1.3
-      csso: 4.2.0
-      picocolors: 1.0.1
-      stable: 0.1.8
-
   swr@2.2.0(react@18.3.1):
     dependencies:
       react: 18.3.1
@@ -25645,8 +24122,6 @@ snapshots:
 
   through@2.3.8: {}
 
-  timsort@0.3.0: {}
-
   tiny-cookie@2.4.1: {}
 
   tinybench@2.8.0: {}
@@ -25714,27 +24189,6 @@ snapshots:
 
   ts-interface-checker@0.1.13: {}
 
-  ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3):
-    dependencies:
-      '@cspotcode/source-map-support': 0.8.1
-      '@tsconfig/node10': 1.0.9
-      '@tsconfig/node12': 1.0.11
-      '@tsconfig/node14': 1.0.3
-      '@tsconfig/node16': 1.0.4
-      '@types/node': 20.12.7
-      acorn: 8.11.3
-      acorn-walk: 8.3.2
-      arg: 4.1.3
-      create-require: 1.1.1
-      diff: 4.0.2
-      make-error: 1.3.6
-      typescript: 5.5.3
-      v8-compile-cache-lib: 3.0.1
-      yn: 3.1.1
-    optionalDependencies:
-      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
-    optional: true
-
   ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
@@ -25975,18 +24429,6 @@ snapshots:
 
   unpipe@1.0.0: {}
 
-  update-browserslist-db@1.0.10(browserslist@4.21.4):
-    dependencies:
-      browserslist: 4.21.4
-      escalade: 3.1.1
-      picocolors: 1.0.1
-
-  update-browserslist-db@1.0.13(browserslist@4.23.0):
-    dependencies:
-      browserslist: 4.23.0
-      escalade: 3.1.1
-      picocolors: 1.0.1
-
   update-browserslist-db@1.1.0(browserslist@4.23.2):
     dependencies:
       browserslist: 4.23.2
@@ -26014,8 +24456,6 @@ snapshots:
 
   util-deprecate@1.0.2: {}
 
-  utility-types@3.10.0: {}
-
   uuid@8.3.2: {}
 
   uuid@9.0.1: {}
@@ -26295,8 +24735,6 @@ snapshots:
     dependencies:
       defaults: 1.0.4
 
-  weak-lru-cache@1.2.2: {}
-
   web-worker@1.3.0: {}
 
   webidl-conversions@3.0.1: {}
@@ -26456,8 +24894,6 @@ snapshots:
 
   xtend@4.0.2: {}
 
-  xxhash-wasm@0.4.2: {}
-
   y18n@4.0.3: {}
 
   y18n@5.0.8: {}
@@ -26470,8 +24906,6 @@ snapshots:
 
   yallist@5.0.0: {}
 
-  yaml@1.10.2: {}
-
   yaml@2.3.3: {}
 
   yaml@2.4.5: {}
diff --git a/vite.shared.config.ts b/vite.shared.config.ts
index 10b5ab015535..44cee6999fa2 100644
--- a/vite.shared.config.ts
+++ b/vite.shared.config.ts
@@ -1,7 +1,21 @@
 /** @fileoverview The common config for frontend projects. */
 
-import { UserConfig } from 'vite';
-import fs from 'fs';
+import { Rollup, UserConfig } from 'vite';
+
+export const manualChunks: Rollup.GetManualChunk = (id) => {
+  if (id.includes('/@logto/')) {
+    return 'logto';
+  }
+
+  if (id.includes('/node_modules/')) {
+    return 'vendors';
+  }
+
+  const match = /\/lib\/locales\/([^/]+)/.exec(id);
+  if (match?.[1]) {
+    return `phrases-${match[1]}`;
+  }
+};
 
 export const defaultConfig: UserConfig = {
   resolve: {
@@ -18,22 +32,7 @@ export const defaultConfig: UserConfig = {
   build: {
     sourcemap: false,
     rollupOptions: {
-      output: {
-        manualChunks(id) {
-          if (id.includes('/@logto/')) {
-            return 'logto';
-          }
-
-          if (id.includes('/node_modules/')) {
-            return 'vendors';
-          }
-
-          const match = /\/lib\/locales\/([^/]+)/.exec(id);
-          if (match?.[1]) {
-            return `phrases-${match[1]}`;
-          }
-        },
-      },
+      output: { manualChunks },
     },
   },
 };

From aeec3b11412a23d888c8ba0be8a08b69fe297cc4 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 24 Jul 2024 13:55:41 +0800
Subject: [PATCH 094/135] refactor(console): use local mermaid import

---
 packages/console/src/consts/env.ts            |  2 +-
 .../src/mdx-components/Mermaid/index.tsx      | 30 ++-----------------
 .../src/middleware/koa-security-headers.ts    |  4 +--
 vite.shared.config.ts                         |  2 +-
 4 files changed, 5 insertions(+), 33 deletions(-)

diff --git a/packages/console/src/consts/env.ts b/packages/console/src/consts/env.ts
index f8239c099b38..77a15384b455 100644
--- a/packages/console/src/consts/env.ts
+++ b/packages/console/src/consts/env.ts
@@ -2,7 +2,7 @@ import { yes } from '@silverhand/essentials';
 
 import { storageKeys } from './storage';
 
-export const normalizeEnv = (value: unknown) =>
+const normalizeEnv = (value: unknown) =>
   value === null || value === undefined ? undefined : String(value);
 
 const isProduction = import.meta.env.PROD;
diff --git a/packages/console/src/mdx-components/Mermaid/index.tsx b/packages/console/src/mdx-components/Mermaid/index.tsx
index 011e0fad6726..664d6f5ba713 100644
--- a/packages/console/src/mdx-components/Mermaid/index.tsx
+++ b/packages/console/src/mdx-components/Mermaid/index.tsx
@@ -1,35 +1,8 @@
 import { Theme } from '@logto/schemas';
-import { noop, yes } from '@silverhand/essentials';
-import { type Mermaid as MermaidType } from 'mermaid';
 import { useEffect } from 'react';
 
-import { normalizeEnv } from '@/consts/env';
 import useTheme from '@/hooks/use-theme';
 
-/**
- * Load Mermaid asynchronously from jsDelivr to avoid Parcel bundling issues. Parcel does not
- * bundle Mermaid correctly for production builds, so we need to load it dynamically from a CDN.
- */
-const loadMermaid = async () => {
-  // Define this variable to "outsmart" the detection of the dynamic import by Parcel:
-  // https://github.com/parcel-bundler/parcel/issues/7064#issuecomment-942441649
-  const uri = 'https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs';
-  // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-  const imported: { default: MermaidType } = await (import.meta.env.DEV
-    ? // eslint-disable-next-line no-eval -- https://github.com/parcel-bundler/parcel/issues/8316
-      eval(`import('${uri}')`)
-    : import(uri));
-  return imported.default;
-};
-
-const mermaidPromise = yes(normalizeEnv(import.meta.env.INTEGRATION_TEST))
-  ? // Mock Mermaid in integration tests to avoid issues with network requests and testing environment.
-    Promise.resolve({
-      initialize: noop,
-      run: noop,
-    })
-  : loadMermaid();
-
 type Props = {
   readonly children: string;
 };
@@ -44,7 +17,8 @@ export default function Mermaid({ children }: Props) {
 
   useEffect(() => {
     (async () => {
-      const mermaid = await mermaidPromise;
+      const { default: mermaid } = await import('mermaid');
+
       mermaid.initialize({
         startOnLoad: false,
         theme: themeToMermaidTheme[theme],
diff --git a/packages/core/src/middleware/koa-security-headers.ts b/packages/core/src/middleware/koa-security-headers.ts
index a981598fcd53..5e320373950c 100644
--- a/packages/core/src/middleware/koa-security-headers.ts
+++ b/packages/core/src/middleware/koa-security-headers.ts
@@ -45,10 +45,8 @@ export default function koaSecurityHeaders<StateT, ContextT, ResponseBodyT>(
 
   // We have the following use cases:
   //
-  // 1. We use `react-monaco-editor` for code editing in the admin console. It loads the monaco
+  // - We use `react-monaco-editor` for code editing in the admin console. It loads the monaco
   // editor asynchronously from jsDelivr.
-  // 2. We use `mermaid` for rendering diagrams in the admin console. It loads the mermaid library
-  // asynchronously from jsDelivr since Parcel has issues with loading it directly in production.
   //
   // Allow the CDN src in the CSP.
   // Allow blob: for monaco editor to load worker scripts
diff --git a/vite.shared.config.ts b/vite.shared.config.ts
index 44cee6999fa2..b48c54abc195 100644
--- a/vite.shared.config.ts
+++ b/vite.shared.config.ts
@@ -30,7 +30,7 @@ export const defaultConfig: UserConfig = {
     include: ['@logto/phrases', '@logto/phrases-experience', '@logto/schemas'],
   },
   build: {
-    sourcemap: false,
+    sourcemap: true,
     rollupOptions: {
       output: { manualChunks },
     },

From 07f33d7278a784a7a800918fb9a675b515164582 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Wed, 24 Jul 2024 21:46:04 +0800
Subject: [PATCH 095/135] fix(console): use correct public url (#6325)

---
 packages/console/vite.config.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/console/vite.config.ts b/packages/console/vite.config.ts
index 4fcaf167c6ff..86aaa72cff32 100644
--- a/packages/console/vite.config.ts
+++ b/packages/console/vite.config.ts
@@ -16,7 +16,7 @@ import { defaultConfig } from '../../vite.shared.config';
 dotenv.config({ path: await findUp('.env', {}) });
 
 const buildConfig = (mode: string): UserConfig => ({
-  base: `/${process.env.CONSOLE_PUBLIC_URL ?? 'console'}`,
+  base: `${process.env.CONSOLE_PUBLIC_URL ?? '/console'}`,
   envDir: '../../',
   server: {
     port: 5002,

From d7b6987b48097175de0de1dd9249459497e4a8b0 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Thu, 25 Jul 2024 10:07:28 +0800
Subject: [PATCH 096/135] refactor(console, experience): optimize bundling
 (#6326)

* refactor(console, experience): optimize bundling

* fix: use correct favicon paths

* chore: use dynamic react dependency checking in bundling
---
 packages/console/index.html        |  4 +--
 packages/console/package.json      |  1 -
 packages/console/vite.config.ts    | 30 +++++++++++++++++++-
 packages/demo-app/index.html       |  4 +--
 packages/experience/vite.config.ts |  7 +----
 pnpm-lock.yaml                     | 44 +++++++++++++++++++++---------
 vite.shared.config.ts              | 18 ++++++++++--
 7 files changed, 81 insertions(+), 27 deletions(-)

diff --git a/packages/console/index.html b/packages/console/index.html
index c20b63d96c2f..a5603fdf399e 100644
--- a/packages/console/index.html
+++ b/packages/console/index.html
@@ -3,8 +3,8 @@
 
 <head>
     <meta charset="utf-8" />
-    <link rel="apple-touch-icon" sizes="180x180" href="./apple-touch-icon.png">
-    <link rel="icon" href="./favicon.ico" />
+    <link rel="apple-touch-icon" sizes="180x180" href="./src/apple-touch-icon.png">
+    <link rel="icon" href="./src/favicon.ico" />
 </head>
 
 <body>
diff --git a/packages/console/package.json b/packages/console/package.json
index 0257eaed5397..aee57fe6cc09 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -37,7 +37,6 @@
     "@logto/react": "^3.0.12",
     "@logto/schemas": "workspace:^1.18.0",
     "@logto/shared": "workspace:^3.1.1",
-    "@mdx-js/mdx": "^3.0.1",
     "@mdx-js/react": "^3.0.1",
     "@mdx-js/rollup": "^3.0.1",
     "@monaco-editor/react": "^4.6.0",
diff --git a/packages/console/vite.config.ts b/packages/console/vite.config.ts
index 86aaa72cff32..27d6fb8aca63 100644
--- a/packages/console/vite.config.ts
+++ b/packages/console/vite.config.ts
@@ -8,7 +8,7 @@ import { defineConfig, mergeConfig, type UserConfig } from 'vite';
 import viteCompression from 'vite-plugin-compression';
 import svgr from 'vite-plugin-svgr';
 
-import { defaultConfig } from '../../vite.shared.config';
+import { defaultConfig, manualChunks } from '../../vite.shared.config';
 
 // We need to explicitly import the `.env` file and use `define` later because we do not have a
 // prefix for our environment variables which it is required in Vite.
@@ -50,6 +50,34 @@ const buildConfig = (mode: string): UserConfig => ({
     // `@withtyped/client` needs this to be defined. We can optimize this later.
     'process.env': {},
   },
+  build: {
+    rollupOptions: {
+      output: {
+        // Tip: You can use `pnpx vite-bundle-visualizer` to analyze the bundle size
+        manualChunks: (id, meta) => {
+          if (/\/node_modules\/(cose-base|layout-base|cytoscape|cytoscape-[^/]*)\//.test(id)) {
+            return 'cytoscape';
+          }
+
+          for (const largePackage of [
+            'libphonenumber-js',
+            'mermaid',
+            'elkjs',
+            'katex',
+            'refractor',
+            'lodash',
+            'lodash-es',
+          ]) {
+            if (id.includes(`/node_modules/${largePackage}/`)) {
+              return largePackage;
+            }
+          }
+
+          return manualChunks(id, meta);
+        },
+      },
+    },
+  },
 });
 
 export default defineConfig(({ mode }) => mergeConfig(defaultConfig, buildConfig(mode)));
diff --git a/packages/demo-app/index.html b/packages/demo-app/index.html
index be606dcc0a20..188fa3eff529 100644
--- a/packages/demo-app/index.html
+++ b/packages/demo-app/index.html
@@ -3,8 +3,8 @@
 
 <head>
     <meta charset="utf-8" />
-    <link rel="apple-touch-icon" sizes="180x180" href="./apple-touch-icon.png">
-    <link rel="icon" href="./favicon.ico" />
+    <link rel="apple-touch-icon" sizes="180x180" href="./src/apple-touch-icon.png">
+    <link rel="icon" href="./src/ffavicon.ico" />
     <title>Logto Live Preview</title>
 </head>
 
diff --git a/packages/experience/vite.config.ts b/packages/experience/vite.config.ts
index 16c2f11675ed..fd98110b280d 100644
--- a/packages/experience/vite.config.ts
+++ b/packages/experience/vite.config.ts
@@ -27,13 +27,8 @@ const buildConfig = (mode: string): UserConfig => ({
     target: browserslistToEsbuild('> 0.5%, last 2 versions, Firefox ESR, not dead'),
     rollupOptions: {
       output: {
+        // Tip: You can use `pnpx vite-bundle-visualizer` to analyze the bundle size
         manualChunks: (id, meta) => {
-          // Caution: React-related packages should be bundled together otherwise it will cause runtime errors
-          // Update this list if necessary when adding new React-related packages
-          if (/\/node_modules\/(react|react-[^/]*|@react-spring)\//.test(id)) {
-            return 'react';
-          }
-
           if (/\/node_modules\/i18next[^/]*\//.test(id)) {
             return 'i18next';
           }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index e7769155696d..86b76b1e100e 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -2890,9 +2890,6 @@ importers:
       '@logto/shared':
         specifier: workspace:^3.1.1
         version: link:../shared
-      '@mdx-js/mdx':
-        specifier: ^3.0.1
-        version: 3.0.1
       '@mdx-js/react':
         specifier: ^3.0.1
         version: 3.0.1(@types/react@18.3.3)(react@18.3.1)
@@ -15740,10 +15737,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -18673,13 +18670,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18690,14 +18687,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18719,7 +18716,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18729,7 +18726,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3
@@ -20298,7 +20295,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)
+      ts-node: 10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -24189,6 +24186,27 @@ snapshots:
 
   ts-interface-checker@0.1.13: {}
 
+  ts-node@10.9.2(@swc/core@1.3.52(@swc/helpers@0.5.1))(@types/node@20.12.7)(typescript@5.5.3):
+    dependencies:
+      '@cspotcode/source-map-support': 0.8.1
+      '@tsconfig/node10': 1.0.9
+      '@tsconfig/node12': 1.0.11
+      '@tsconfig/node14': 1.0.3
+      '@tsconfig/node16': 1.0.4
+      '@types/node': 20.12.7
+      acorn: 8.11.3
+      acorn-walk: 8.3.2
+      arg: 4.1.3
+      create-require: 1.1.1
+      diff: 4.0.2
+      make-error: 1.3.6
+      typescript: 5.5.3
+      v8-compile-cache-lib: 3.0.1
+      yn: 3.1.1
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+    optional: true
+
   ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
diff --git a/vite.shared.config.ts b/vite.shared.config.ts
index b48c54abc195..5be30a792fd4 100644
--- a/vite.shared.config.ts
+++ b/vite.shared.config.ts
@@ -2,9 +2,23 @@
 
 import { Rollup, UserConfig } from 'vite';
 
-export const manualChunks: Rollup.GetManualChunk = (id) => {
+export const manualChunks: Rollup.GetManualChunk = (id, { getModuleInfo }) => {
+  const hasReactDependency = (id: string): boolean => {
+    return getModuleInfo(id)
+      ?.importedIds
+      .some((importedId) =>
+        importedId.includes('react') ||
+        importedId.includes('react-dom')
+      ) ?? false;
+  }
+
+  // Caution: React-related packages should be bundled together otherwise it will cause runtime errors
+  if (id.includes('/node_modules/') && hasReactDependency(id)) {
+    return 'react';
+  }
+
   if (id.includes('/@logto/')) {
-    return 'logto';
+    return '@logto';
   }
 
   if (id.includes('/node_modules/')) {

From 29e9bfce03f280a43cc438dabf2b880b94970074 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Thu, 25 Jul 2024 11:40:12 +0800
Subject: [PATCH 097/135] refactor(core): rename some file names and methods
 (#6321)

* refactor(core): rename some files name and methods

rename some files name and methods, fix some comments

* chore: update comments

update comments

* chore: update comments

update comments

* chore: polish the words

polish the words
---
 .../experience/classes/experience-interaction.ts     | 12 ++++++------
 .../{validators => libraries}/mfa-validator.ts       |  0
 .../{validators => libraries}/password-validator.ts  |  0
 .../{validators => libraries}/profile-validator.ts   |  0
 .../{validators => libraries}/provision-library.ts   |  8 ++++----
 .../sign-in-experience-validator.test.ts             |  0
 .../sign-in-experience-validator.ts                  |  0
 .../new-password-identity-verification.ts            |  6 +++---
 .../verifications/verification-records-map.ts        | 10 ++++++----
 9 files changed, 19 insertions(+), 17 deletions(-)
 rename packages/core/src/routes/experience/classes/{validators => libraries}/mfa-validator.ts (100%)
 rename packages/core/src/routes/experience/classes/{validators => libraries}/password-validator.ts (100%)
 rename packages/core/src/routes/experience/classes/{validators => libraries}/profile-validator.ts (100%)
 rename packages/core/src/routes/experience/classes/{validators => libraries}/provision-library.ts (96%)
 rename packages/core/src/routes/experience/classes/{validators => libraries}/sign-in-experience-validator.test.ts (100%)
 rename packages/core/src/routes/experience/classes/{validators => libraries}/sign-in-experience-validator.ts (100%)

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index e69ad74e55e4..88fdf9f79e90 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -14,11 +14,11 @@ import {
   getNewUserProfileFromVerificationRecord,
   identifyUserByVerificationRecord,
 } from './helpers.js';
+import { MfaValidator } from './libraries/mfa-validator.js';
+import { ProfileValidator } from './libraries/profile-validator.js';
+import { ProvisionLibrary } from './libraries/provision-library.js';
+import { SignInExperienceValidator } from './libraries/sign-in-experience-validator.js';
 import { toUserSocialIdentityData } from './utils.js';
-import { MfaValidator } from './validators/mfa-validator.js';
-import { ProfileValidator } from './validators/profile-validator.js';
-import { ProvisionLibrary } from './validators/provision-library.js';
-import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
   buildVerificationRecord,
   verificationRecordDataGuard,
@@ -283,7 +283,7 @@ export default class ExperienceInteraction {
     // TODO: missing profile fields validation
 
     if (enterpriseSsoIdentity) {
-      await this.provisionLibrary.provisionNewSsoIdentity(user.id, enterpriseSsoIdentity);
+      await this.provisionLibrary.addSsoIdentityToUser(user.id, enterpriseSsoIdentity);
     }
 
     const { provider } = this.tenant;
@@ -361,7 +361,7 @@ export default class ExperienceInteraction {
     const newProfile = await getNewUserProfileFromVerificationRecord(verificationRecord);
     await this.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
 
-    const user = await this.provisionLibrary.provisionNewUser(newProfile);
+    const user = await this.provisionLibrary.createUser(newProfile);
 
     this.userId = user.id;
   }
diff --git a/packages/core/src/routes/experience/classes/validators/mfa-validator.ts b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
similarity index 100%
rename from packages/core/src/routes/experience/classes/validators/mfa-validator.ts
rename to packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
diff --git a/packages/core/src/routes/experience/classes/validators/password-validator.ts b/packages/core/src/routes/experience/classes/libraries/password-validator.ts
similarity index 100%
rename from packages/core/src/routes/experience/classes/validators/password-validator.ts
rename to packages/core/src/routes/experience/classes/libraries/password-validator.ts
diff --git a/packages/core/src/routes/experience/classes/validators/profile-validator.ts b/packages/core/src/routes/experience/classes/libraries/profile-validator.ts
similarity index 100%
rename from packages/core/src/routes/experience/classes/validators/profile-validator.ts
rename to packages/core/src/routes/experience/classes/libraries/profile-validator.ts
diff --git a/packages/core/src/routes/experience/classes/validators/provision-library.ts b/packages/core/src/routes/experience/classes/libraries/provision-library.ts
similarity index 96%
rename from packages/core/src/routes/experience/classes/validators/provision-library.ts
rename to packages/core/src/routes/experience/classes/libraries/provision-library.ts
index a8610b7b67fe..3167b366acad 100644
--- a/packages/core/src/routes/experience/classes/validators/provision-library.ts
+++ b/packages/core/src/routes/experience/classes/libraries/provision-library.ts
@@ -43,10 +43,10 @@ export class ProvisionLibrary {
   /**
    * Insert a new user into the Logto database using the provided profile.
    *
-   * - Provision the organization for the new user based on the profile
-   * - OSS only, new user provisioning
+   * - Provision all JIT organizations for the user if necessary.
+   * - Assign the first user to the admin role and the default tenant organization membership. [OSS only]
    */
-  async provisionNewUser(profile: InteractionProfile) {
+  async createUser(profile: InteractionProfile) {
     const {
       libraries: {
         users: { generateUserId, insertUser },
@@ -89,7 +89,7 @@ export class ProvisionLibrary {
     return user;
   }
 
-  async provisionNewSsoIdentity(
+  async addSsoIdentityToUser(
     userId: string,
     enterpriseSsoIdentity: Required<InteractionProfile>['enterpriseSsoIdentity']
   ) {
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts b/packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.test.ts
similarity index 100%
rename from packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.test.ts
rename to packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.test.ts
diff --git a/packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts
similarity index 100%
rename from packages/core/src/routes/experience/classes/validators/sign-in-experience-validator.ts
rename to packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts
diff --git a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
index 8b51787f87d6..dceaddb0b535 100644
--- a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
@@ -13,10 +13,10 @@ import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
+import { PasswordValidator } from '../libraries/password-validator.js';
+import { ProfileValidator } from '../libraries/profile-validator.js';
+import { SignInExperienceValidator } from '../libraries/sign-in-experience-validator.js';
 import { interactionIdentifierToUserProfile } from '../utils.js';
-import { PasswordValidator } from '../validators/password-validator.js';
-import { ProfileValidator } from '../validators/profile-validator.js';
-import { SignInExperienceValidator } from '../validators/sign-in-experience-validator.js';
 
 import { type VerificationRecord } from './verification-record.js';
 
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts b/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts
index dc60760f31a0..3645d13d42e4 100644
--- a/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts
+++ b/packages/core/src/routes/experience/classes/verifications/verification-records-map.ts
@@ -1,13 +1,15 @@
 /**
  * @fileoverview
  *
- * Since `Map` in TS does not support  key value type mapping,
- * we have to manually define a `setValue` method to ensure correct key will be set
  * This class is used to store and manage all the verification records.
  *
- * Extends the Map class and adds a `setValue` method to ensure the key value type mapping.
+ * Since `Map` in TS does not support key - value type mapping,
+ * we have to manually define a `setValue` method to ensure correct key will be set.
+ *
+ * - Extends the Map class and add a `setValue` method to ensure the key value type mapping.
+ * - Override the `get` method to return the correct value type.
+ * - Override the `set` method to throw an error to prevent using it directly.
  */
-
 import { type VerificationType } from '@logto/schemas';
 
 import { type VerificationRecord, type VerificationRecordMap } from './index.js';

From 89b8662a15a16d5ff290f1b9fe0d6b87528bc762 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Thu, 25 Jul 2024 12:00:34 +0800
Subject: [PATCH 098/135] fix(console): check scope only when data is ready
 (#6329)

---
 .../console/src/containers/ConsoleContent/hooks.ts     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/console/src/containers/ConsoleContent/hooks.ts b/packages/console/src/containers/ConsoleContent/hooks.ts
index d08b9913629e..c02e05fe59c5 100644
--- a/packages/console/src/containers/ConsoleContent/hooks.ts
+++ b/packages/console/src/containers/ConsoleContent/hooks.ts
@@ -22,7 +22,7 @@ const useTenantScopeListener = () => {
   const { clearAccessToken, clearAllTokens, getOrganizationTokenClaims, signIn } = useLogto();
   const [tokenClaims, setTokenClaims] = useState<string[]>();
   const redirectUri = useRedirectUri();
-  const { scopes = [], isLoading } = useCurrentTenantScopes();
+  const { scopes, isLoading } = useCurrentTenantScopes();
 
   useEffect(() => {
     (async () => {
@@ -33,20 +33,20 @@ const useTenantScopeListener = () => {
   }, [currentTenantId, getOrganizationTokenClaims]);
 
   useEffect(() => {
-    if (isCloud && !isLoading && scopes.length === 0) {
+    if (isCloud && !isLoading && scopes?.length === 0) {
       // User has no access to the current tenant. Navigate to root and it will return to the
       // last visited tenant, or fallback to the page where the user can create a new tenant.
       removeTenant(currentTenantId);
       navigateTenant('');
     }
-  }, [currentTenantId, isLoading, navigateTenant, removeTenant, scopes.length]);
+  }, [currentTenantId, isLoading, navigateTenant, removeTenant, scopes?.length]);
 
   useEffect(() => {
     if (!isCloud || isLoading || tokenClaims === undefined) {
       return;
     }
-    const hasScopesGranted = scopes.some((scope) => !tokenClaims.includes(scope));
-    const hasScopesRevoked = tokenClaims.some((claim) => !scopes.includes(claim));
+    const hasScopesGranted = scopes?.some((scope) => !tokenClaims.includes(scope));
+    const hasScopesRevoked = tokenClaims.some((claim) => !scopes?.includes(claim));
     if (hasScopesGranted) {
       (async () => {
         // User has been newly granted scopes. Need to re-consent to obtain the additional scopes.

From 248ee7fb08beee286902aa7541ec74bc70992387 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Thu, 25 Jul 2024 13:41:10 +0800
Subject: [PATCH 099/135] feat(core,schemas): implement profile fulfillment
 flow (#6293)

* feat(core,schemas): implement profile fulfillment flow

implement profile fulfillment flow

* fix(test): fix integration tests

fix integration tests

* fix(core): fix rebase issue

fix rebase issue

* refactor(core): refactor the interaction set profile flow

refactor the interaction set profile flow
---
 .../classes/experience-interaction.ts         | 128 +++++++++++------
 .../classes/libraries/password-validator.ts   |  22 ++-
 .../classes/libraries/profile-validator.ts    | 116 +++++++++++++++-
 .../libraries/sign-in-experience-validator.ts |  34 +++++
 .../src/routes/experience/classes/profile.ts  | 129 ++++++++++++++++++
 .../verifications/code-verification.ts        |   6 +
 .../new-password-identity-verification.ts     |   2 +-
 packages/core/src/routes/experience/const.ts  |   1 +
 packages/core/src/routes/experience/index.ts  |  13 +-
 .../src/routes/experience/profile-routes.ts   | 108 +++++++++++++++
 packages/core/src/routes/experience/types.ts  |  21 ++-
 .../enterprise-sso.test.ts                    |   5 +-
 .../sign-in-interaction/social.test.ts        |   8 ++
 .../phrases/src/locales/en/errors/session.ts  |   2 +
 packages/schemas/src/types/interactions.ts    |  23 ++++
 15 files changed, 561 insertions(+), 57 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/profile.ts
 create mode 100644 packages/core/src/routes/experience/profile-routes.ts

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index 88fdf9f79e90..ed48b7755c14 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -8,16 +8,21 @@ import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
+import {
+  interactionProfileGuard,
+  type Interaction,
+  type InteractionContext,
+  type InteractionProfile,
+} from '../types.js';
 
 import {
   getNewUserProfileFromVerificationRecord,
   identifyUserByVerificationRecord,
 } from './helpers.js';
 import { MfaValidator } from './libraries/mfa-validator.js';
-import { ProfileValidator } from './libraries/profile-validator.js';
 import { ProvisionLibrary } from './libraries/provision-library.js';
 import { SignInExperienceValidator } from './libraries/sign-in-experience-validator.js';
+import { Profile } from './profile.js';
 import { toUserSocialIdentityData } from './utils.js';
 import {
   buildVerificationRecord,
@@ -50,8 +55,8 @@ const interactionStorageGuard = z.object({
  */
 export default class ExperienceInteraction {
   public readonly signInExperienceValidator: SignInExperienceValidator;
-  public readonly profileValidator: ProfileValidator;
   public readonly provisionLibrary: ProvisionLibrary;
+  readonly profile: Profile;
 
   /** The user verification record list for the current interaction. */
   private readonly verificationRecords = new VerificationRecordsMap();
@@ -59,7 +64,6 @@ export default class ExperienceInteraction {
   private userId?: string;
   private userCache?: User;
   /** The user provided profile data in the current interaction that needs to be stored to database. */
-  #profile?: InteractionProfile;
   /** The interaction event for the current interaction. */
   #interactionEvent?: InteractionEvent;
 
@@ -79,8 +83,14 @@ export default class ExperienceInteraction {
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
     this.provisionLibrary = new ProvisionLibrary(tenant, ctx);
 
+    const interactionContext: InteractionContext = {
+      getIdentifierUser: async () => this.getIdentifiedUser(),
+      getVerificationRecordByTypeAndId: (type, verificationId) =>
+        this.getVerificationRecordByTypeAndId(type, verificationId),
+    };
+
     if (!interactionDetails) {
-      this.profileValidator = new ProfileValidator(libraries, queries);
+      this.profile = new Profile(libraries, queries, {}, interactionContext);
       return;
     }
 
@@ -92,14 +102,11 @@ export default class ExperienceInteraction {
       new RequestError({ code: 'session.interaction_not_found', status: 404 })
     );
 
-    const { verificationRecords = [], profile, userId, interactionEvent } = result.data;
+    const { verificationRecords = [], profile = {}, userId, interactionEvent } = result.data;
 
     this.#interactionEvent = interactionEvent;
     this.userId = userId;
-    this.#profile = profile;
-
-    // Profile validator requires the userId for existing user profile update validation
-    this.profileValidator = new ProfileValidator(libraries, queries);
+    this.profile = new Profile(libraries, queries, profile, interactionContext);
 
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
@@ -203,14 +210,15 @@ export default class ExperienceInteraction {
 
   /**
    * Validate the interaction verification records against the sign-in experience and user MFA settings.
-   *
    * The interaction is verified if at least one user enabled MFA verification record is present and verified.
+   *
+   * @throws — RequestError with 404 if the if the user is not identified or not found
+   * @throws {RequestError} with 403 if the mfa verification is required but not verified
    */
   public async guardMfaVerificationStatus() {
     const user = await this.getIdentifiedUser();
     const mfaSettings = await this.signInExperienceValidator.getMfaSettings();
     const mfaValidator = new MfaValidator(mfaSettings, user);
-
     const isVerified = mfaValidator.isMfaVerified(this.verificationRecordsArray);
 
     assertThat(
@@ -242,7 +250,16 @@ export default class ExperienceInteraction {
     this.ctx.prependAllLogEntries({ interaction: interactionData });
   }
 
-  /** Submit the current interaction result to the OIDC provider and clear the interaction data */
+  /**
+   * Submit the current interaction result to the OIDC provider and clear the interaction data
+   *
+   * @throws {RequestError} with 404 if the interaction event is not set
+   * @throws {RequestError} with 404 if the user is not identified
+   * @throws {RequestError} with 403 if the mfa verification is required but not verified
+   * @throws {RequestError} with 422 if the profile data is conflicting with the current user account
+   * @throws {RequestError} with 422 if the profile data is not unique across users
+   * @throws {RequestError} with 422 if the required profile fields are missing
+   **/
   public async submit() {
     const {
       queries: { users: userQueries, userSsoIdentities: userSsoIdentitiesQueries },
@@ -257,14 +274,37 @@ export default class ExperienceInteraction {
     // Identified
     const user = await this.getIdentifiedUser();
 
-    // Verified
-    if (this.#interactionEvent !== InteractionEvent.ForgotPassword) {
-      await this.guardMfaVerificationStatus();
+    // Forgot Password: No need to verify MFAs and profile data for forgot password flow
+    if (this.#interactionEvent === InteractionEvent.ForgotPassword) {
+      const { passwordEncrypted, passwordEncryptionMethod } = this.profile.data;
+
+      assertThat(
+        passwordEncrypted && passwordEncryptionMethod,
+        new RequestError({ code: 'user.new_password_required_in_profile', status: 422 })
+      );
+
+      await userQueries.updateUserById(user.id, {
+        passwordEncrypted,
+        passwordEncryptionMethod,
+      });
+
+      await this.cleanUp();
+
+      // TODO: User data updated hook
+
+      return;
     }
 
-    const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.#profile ?? {};
+    // Verified
+    await this.guardMfaVerificationStatus();
+
+    // Revalidate the new profile data if any
+    await this.profile.validateAvailability();
+
+    // Profile fulfilled
+    await this.profile.assertUserMandatoryProfileFulfilled();
 
-    // TODO: profile updates validation
+    const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.profile.data;
 
     // Update user profile
     await userQueries.updateUserById(user.id, {
@@ -280,8 +320,6 @@ export default class ExperienceInteraction {
       lastSignInAt: Date.now(),
     });
 
-    // TODO: missing profile fields validation
-
     if (enterpriseSsoIdentity) {
       await this.provisionLibrary.addSsoIdentityToUser(user.id, enterpriseSsoIdentity);
     }
@@ -292,6 +330,8 @@ export default class ExperienceInteraction {
       login: { accountId: user.id },
     });
 
+    // TODO: PostInteractionHooks
+
     this.ctx.body = { redirectTo };
   }
 
@@ -302,7 +342,7 @@ export default class ExperienceInteraction {
     return {
       interactionEvent,
       userId,
-      profile: this.#profile,
+      profile: this.profile.data,
       verificationRecords: this.verificationRecordsArray.map((record) => record.toJson()),
     };
   }
@@ -343,44 +383,36 @@ export default class ExperienceInteraction {
       return;
     }
 
-    // Sync social/enterprise SSO identity profile data
+    // Update the current interaction with the identified user
+    this.userCache = user;
+    this.userId = id;
+
+    // Sync social/enterprise SSO identity profile data.
+    // Note: The profile data is not saved to the user profile until the user submits the interaction.
+    // Also no need to validate the synced profile data availability as it is already validated during the identification process.
     if (syncedProfile) {
-      this.setProfile(syncedProfile);
+      this.profile.unsafeSet(syncedProfile);
     }
-
-    this.userId = id;
   }
 
   /**
    * Create a new user using the verification record.
    *
-   * @throws {RequestError} with 422 if the profile data is not unique across users
    * @throws {RequestError} with 400 if the verification record is invalid for creating a new user or not verified
+   * @throws {RequestError} with 422 if the profile data is not unique across users
    */
   private async createNewUser(verificationRecord: VerificationRecord) {
     const newProfile = await getNewUserProfileFromVerificationRecord(verificationRecord);
-    await this.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
+    await this.profile.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
 
     const user = await this.provisionLibrary.createUser(newProfile);
 
     this.userId = user.id;
   }
 
-  /**
-   * Private method to set the profile data without validation.
-   */
-  private setProfile(profile: InteractionProfile) {
-    this.#profile = {
-      ...this.#profile,
-      ...profile,
-    };
-  }
-
   /**
    * Assert the interaction is identified and return the identified user.
-   *
-   * @throws RequestError with 400 if the user is not identified
-   * @throws RequestError with 404 if the user is not found
+   * @throws RequestError with 404 if the if the user is not identified or not found
    */
   private async getIdentifiedUser(): Promise<User> {
     if (this.userCache) {
@@ -388,7 +420,13 @@ export default class ExperienceInteraction {
     }
 
     // Identified
-    assertThat(this.userId, 'session.identifier_not_found');
+    assertThat(
+      this.userId,
+      new RequestError({
+        code: 'session.identifier_not_found',
+        status: 404,
+      })
+    );
 
     const {
       queries: { users: userQueries },
@@ -403,4 +441,12 @@ export default class ExperienceInteraction {
   private getVerificationRecordById(verificationId: string) {
     return this.verificationRecordsArray.find((record) => record.id === verificationId);
   }
+
+  /**
+   * Clean up the interaction storage.
+   */
+  private async cleanUp() {
+    const { provider } = this.tenant;
+    await provider.interactionResult(this.ctx.req, this.ctx.res, {});
+  }
 }
diff --git a/packages/core/src/routes/experience/classes/libraries/password-validator.ts b/packages/core/src/routes/experience/classes/libraries/password-validator.ts
index edc0693200ac..6d8b7bfb77b1 100644
--- a/packages/core/src/routes/experience/classes/libraries/password-validator.ts
+++ b/packages/core/src/routes/experience/classes/libraries/password-validator.ts
@@ -1,8 +1,10 @@
 import { PasswordPolicyChecker, type UserInfo } from '@logto/core-kit';
-import { type SignInExperience, type User } from '@logto/schemas';
+import { UsersPasswordEncryptionMethod, type SignInExperience, type User } from '@logto/schemas';
+import { argon2Verify } from 'hash-wasm';
 
 import RequestError from '#src/errors/RequestError/index.js';
 import { encryptUserPassword } from '#src/libraries/user.utils.js';
+import assertThat from '#src/utils/assert-that.js';
 
 import { type InteractionProfile } from '../../types.js';
 
@@ -32,8 +34,10 @@ export class PasswordValidator {
   }
 
   /**
-   * Validate password against the password policy
-   * @throws {RequestError} with status 422 if the password does not meet the policy
+   * Validate password against the given password policy and current user's profile.
+   *
+   * @throws {RequestError} with status code 422 if the password is against the policy.
+   * @throws {RequestError} with status code 422 if the password is the same as the current user's password.
    */
   public async validatePassword(password: string, profile: InteractionProfile) {
     const userInfo = getUserInfo({
@@ -49,6 +53,18 @@ export class PasswordValidator {
     if (issues.length > 0) {
       throw new RequestError({ code: 'password.rejected', status: 422 }, { issues });
     }
+
+    if (this.user) {
+      const { passwordEncrypted: oldPasswordEncrypted, passwordEncryptionMethod } = this.user;
+
+      assertThat(
+        !oldPasswordEncrypted ||
+          // If the password is not encrypted with Argon2i, allow to reset the same password with Argon2i
+          passwordEncryptionMethod !== UsersPasswordEncryptionMethod.Argon2i ||
+          !(await argon2Verify({ password, hash: oldPasswordEncrypted })),
+        new RequestError({ code: 'user.same_password', status: 422 })
+      );
+    }
   }
 
   public async createPasswordDigest(password: string) {
diff --git a/packages/core/src/routes/experience/classes/libraries/profile-validator.ts b/packages/core/src/routes/experience/classes/libraries/profile-validator.ts
index f5eb01d14667..2fd08232a89d 100644
--- a/packages/core/src/routes/experience/classes/libraries/profile-validator.ts
+++ b/packages/core/src/routes/experience/classes/libraries/profile-validator.ts
@@ -1,17 +1,15 @@
+import { type User, MissingProfile } from '@logto/schemas';
+
 import RequestError from '#src/errors/RequestError/index.js';
-import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
 import type { InteractionProfile } from '../../types.js';
 
 export class ProfileValidator {
-  constructor(
-    private readonly libraries: Libraries,
-    private readonly queries: Queries
-  ) {}
+  constructor(private readonly queries: Queries) {}
 
-  public async guardProfileUniquenessAcrossUsers(profile: InteractionProfile) {
+  public async guardProfileUniquenessAcrossUsers(profile: InteractionProfile = {}) {
     const { hasUser, hasUserWithEmail, hasUserWithPhone, hasUserWithIdentity } = this.queries.users;
     const { userSsoIdentities } = this.queries;
 
@@ -78,4 +76,110 @@ export class ProfileValidator {
       );
     }
   }
+
+  /**
+   * Validate the profile existence in the current user account
+   *
+   * @remarks
+   * This method is used to validate the profile for the register and sign-in interaction only
+   * In the register and sign-in interaction, password can only be set if it does not exist in the current user account.
+   *
+   */
+  public guardProfileNotExistInCurrentUserAccount(user: User, profile: InteractionProfile = {}) {
+    const { username, primaryEmail, primaryPhone, passwordEncrypted } = profile;
+
+    if (username) {
+      assertThat(
+        !user.username,
+        new RequestError({
+          code: 'user.username_exists_in_profile',
+          status: 422,
+        })
+      );
+    }
+
+    if (primaryEmail) {
+      assertThat(
+        !user.primaryEmail,
+        new RequestError({
+          code: 'user.email_exists_in_profile',
+          status: 422,
+        })
+      );
+    }
+
+    if (primaryPhone) {
+      assertThat(
+        !user.primaryPhone,
+        new RequestError({
+          code: 'user.phone_exists_in_profile',
+          status: 422,
+        })
+      );
+    }
+
+    if (passwordEncrypted) {
+      assertThat(
+        !user.passwordEncrypted,
+        new RequestError({
+          code: 'user.password_exists_in_profile',
+          status: 422,
+        })
+      );
+    }
+  }
+
+  // eslint-disable-next-line complexity
+  public getMissingUserProfile(
+    profile: InteractionProfile,
+    user: User,
+    mandatoryUserProfile: Set<MissingProfile>
+  ): Set<MissingProfile> {
+    const missingProfile = new Set<MissingProfile>();
+
+    if (mandatoryUserProfile.has(MissingProfile.password)) {
+      // Social and enterprise SSO identities can take place the role of password
+      const isUserPasswordSet =
+        Boolean(user.passwordEncrypted) || Object.keys(user.identities).length > 0;
+      const isProfilePasswordSet = Boolean(
+        profile.passwordEncrypted ?? profile.socialIdentity ?? profile.enterpriseSsoIdentity
+      );
+
+      if (!isUserPasswordSet && !isProfilePasswordSet) {
+        missingProfile.add(MissingProfile.password);
+      }
+    }
+
+    if (mandatoryUserProfile.has(MissingProfile.username) && !user.username && !profile.username) {
+      missingProfile.add(MissingProfile.username);
+    }
+
+    if (
+      mandatoryUserProfile.has(MissingProfile.emailOrPhone) &&
+      !user.primaryPhone &&
+      !user.primaryEmail &&
+      !profile.primaryPhone &&
+      !profile.primaryEmail
+    ) {
+      missingProfile.add(MissingProfile.emailOrPhone);
+    }
+
+    if (
+      mandatoryUserProfile.has(MissingProfile.email) &&
+      !user.primaryEmail &&
+      !profile.primaryEmail
+    ) {
+      missingProfile.add(MissingProfile.email);
+    }
+
+    if (
+      mandatoryUserProfile.has(MissingProfile.phone) &&
+      !user.primaryPhone &&
+      !profile.primaryPhone
+    ) {
+      missingProfile.add(MissingProfile.phone);
+    }
+
+    return missingProfile;
+  }
 }
diff --git a/packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts b/packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts
index 201db65a9ad7..ca4ab9e2b8d7 100644
--- a/packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts
+++ b/packages/core/src/routes/experience/classes/libraries/sign-in-experience-validator.ts
@@ -1,5 +1,6 @@
 import {
   InteractionEvent,
+  MissingProfile,
   type SignInExperience,
   SignInIdentifier,
   SignInMode,
@@ -128,6 +129,39 @@ export class SignInExperienceValidator {
     return this.signInExperienceDataCache;
   }
 
+  public async getMandatoryUserProfileBySignUpMethods(): Promise<Set<MissingProfile>> {
+    const {
+      signUp: { identifiers, password },
+    } = await this.getSignInExperienceData();
+    const mandatoryUserProfile = new Set<MissingProfile>();
+
+    if (password) {
+      mandatoryUserProfile.add(MissingProfile.password);
+    }
+
+    if (identifiers.includes(SignInIdentifier.Username)) {
+      mandatoryUserProfile.add(MissingProfile.username);
+    }
+
+    if (
+      identifiers.includes(SignInIdentifier.Email) &&
+      identifiers.includes(SignInIdentifier.Phone)
+    ) {
+      mandatoryUserProfile.add(MissingProfile.emailOrPhone);
+      return mandatoryUserProfile;
+    }
+
+    if (identifiers.includes(SignInIdentifier.Email)) {
+      mandatoryUserProfile.add(MissingProfile.email);
+    }
+
+    if (identifiers.includes(SignInIdentifier.Phone)) {
+      mandatoryUserProfile.add(MissingProfile.phone);
+    }
+
+    return mandatoryUserProfile;
+  }
+
   /**
    * Guard the verification records contains email identifier with SSO enabled
    *
diff --git a/packages/core/src/routes/experience/classes/profile.ts b/packages/core/src/routes/experience/classes/profile.ts
new file mode 100644
index 000000000000..8761fd33805c
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/profile.ts
@@ -0,0 +1,129 @@
+import { type VerificationType } from '@logto/schemas';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+
+import { type InteractionContext, type InteractionProfile } from '../types.js';
+
+import { PasswordValidator } from './libraries/password-validator.js';
+import { ProfileValidator } from './libraries/profile-validator.js';
+import { SignInExperienceValidator } from './libraries/sign-in-experience-validator.js';
+
+export class Profile {
+  readonly profileValidator: ProfileValidator;
+  private readonly signInExperienceValidator: SignInExperienceValidator;
+  #data: InteractionProfile;
+
+  constructor(
+    private readonly libraries: Libraries,
+    queries: Queries,
+    data: InteractionProfile,
+    private readonly interactionContext: InteractionContext
+  ) {
+    this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
+    this.profileValidator = new ProfileValidator(queries);
+    this.#data = data;
+  }
+
+  get data() {
+    return this.#data;
+  }
+
+  /**
+   * Set the identified email or phone to the profile using the verification record.
+   *
+   * @throws {RequestError} 422 if the profile data already exists in the current user account.
+   * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
+   */
+  async setProfileByVerificationRecord(
+    type: VerificationType.EmailVerificationCode | VerificationType.PhoneVerificationCode,
+    verificationId: string
+  ) {
+    const verificationRecord = this.interactionContext.getVerificationRecordByTypeAndId(
+      type,
+      verificationId
+    );
+    const profile = verificationRecord.toUserProfile();
+    await this.setProfileWithValidation(profile);
+  }
+
+  /**
+   * Set the profile data with validation.
+   *
+   * @throws {RequestError} 422 if the profile data already exists in the current user account.
+   * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
+   */
+  async setProfileWithValidation(profile: InteractionProfile) {
+    const user = await this.interactionContext.getIdentifierUser();
+    this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, profile);
+    await this.profileValidator.guardProfileUniquenessAcrossUsers(profile);
+    this.unsafeSet(profile);
+  }
+
+  /**
+   * Set password with password policy validation.
+   *
+   * @param reset - If true the password will be set without checking if it already exists in the current user account.
+   * @throws {RequestError} 422 if the password does not meet the password policy.
+   * @throws {RequestError} 422 if the password is the same as the current user's password.
+   */
+  async setPasswordDigestWithValidation(password: string, reset = false) {
+    const user = await this.interactionContext.getIdentifierUser();
+    const passwordPolicy = await this.signInExperienceValidator.getPasswordPolicy();
+    const passwordValidator = new PasswordValidator(passwordPolicy, user);
+    await passwordValidator.validatePassword(password, this.#data);
+    const passwordDigests = await passwordValidator.createPasswordDigest(password);
+
+    if (!reset) {
+      this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, passwordDigests);
+    }
+
+    this.unsafeSet(passwordDigests);
+  }
+
+  /**
+   * Verifies the profile data is valid.
+   *
+   * @throws {RequestError} 422 if the profile data already exists in the current user account.
+   * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
+   */
+  async validateAvailability() {
+    const user = await this.interactionContext.getIdentifierUser();
+    this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, this.#data);
+    await this.profileValidator.guardProfileUniquenessAcrossUsers(this.#data);
+  }
+
+  /**
+   * Checks if the user has fulfilled the mandatory profile fields.
+   */
+  async assertUserMandatoryProfileFulfilled() {
+    const user = await this.interactionContext.getIdentifierUser();
+    const mandatoryProfileFields =
+      await this.signInExperienceValidator.getMandatoryUserProfileBySignUpMethods();
+
+    const missingProfile = this.profileValidator.getMissingUserProfile(
+      this.#data,
+      user,
+      mandatoryProfileFields
+    );
+
+    if (missingProfile.size === 0) {
+      return;
+    }
+
+    // TODO: find missing profile fields from the social identity if any
+
+    throw new RequestError(
+      { code: 'user.missing_profile', status: 422 },
+      { missingProfile: [...missingProfile] }
+    );
+  }
+
+  unsafeSet(profile: InteractionProfile) {
+    this.#data = {
+      ...this.#data,
+      ...profile,
+    };
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/verifications/code-verification.ts b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
index 0ccbc2f89712..d67d265ec1ec 100644
--- a/packages/core/src/routes/experience/classes/verifications/code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/code-verification.ts
@@ -5,6 +5,7 @@ import {
   VerificationType,
   type User,
   type VerificationCodeIdentifier,
+  type VerificationCodeSignInIdentifier,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { z } from 'zod';
@@ -67,6 +68,11 @@ export type CodeVerificationRecordData<T extends CodeVerificationType = CodeVeri
   verified: boolean;
 };
 
+export const identifierCodeVerificationTypeMap = Object.freeze({
+  [SignInIdentifier.Email]: VerificationType.EmailVerificationCode,
+  [SignInIdentifier.Phone]: VerificationType.PhoneVerificationCode,
+}) satisfies Record<VerificationCodeSignInIdentifier, CodeVerificationType>;
+
 /**
  * This is the parent class for `EmailCodeVerification` and `PhoneCodeVerification`. Not publicly exposed.
  */
diff --git a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
index dceaddb0b535..c3f8ccd48f43 100644
--- a/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/new-password-identity-verification.ts
@@ -81,7 +81,7 @@ export class NewPasswordIdentityVerification
     this.identifier = identifier;
     this.passwordEncrypted = passwordEncrypted;
     this.passwordEncryptionMethod = passwordEncryptionMethod;
-    this.profileValidator = new ProfileValidator(libraries, queries);
+    this.profileValidator = new ProfileValidator(queries);
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
   }
 
diff --git a/packages/core/src/routes/experience/const.ts b/packages/core/src/routes/experience/const.ts
index 6eaac0ffe736..ee67580eceb2 100644
--- a/packages/core/src/routes/experience/const.ts
+++ b/packages/core/src/routes/experience/const.ts
@@ -4,4 +4,5 @@ export const experienceRoutes = Object.freeze({
   prefix,
   identification: `${prefix}/identification`,
   verification: `${prefix}/verification`,
+  profile: `${prefix}/profile`,
 });
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index db5d895d8f35..a7d4125ee2e0 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -24,6 +24,7 @@ import { experienceRoutes } from './const.js';
 import koaExperienceInteraction, {
   type WithExperienceInteractionContext,
 } from './middleware/koa-experience-interaction.js';
+import profileRoutes from './profile-routes.js';
 import backupCodeVerificationRoutes from './verification-routes/backup-code-verification.js';
 import enterpriseSsoVerificationRoutes from './verification-routes/enterprise-sso-verification.js';
 import newPasswordIdentityVerificationRoutes from './verification-routes/new-password-identity-verification.js';
@@ -128,10 +129,12 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
   router.post(
     `${experienceRoutes.prefix}/submit`,
     koaGuard({
-      status: [200, 400, 403, 422],
-      response: z.object({
-        redirectTo: z.string(),
-      }),
+      status: [200, 400, 403, 404, 422],
+      response: z
+        .object({
+          redirectTo: z.string(),
+        })
+        .optional(),
     }),
     async (ctx, next) => {
       await ctx.experienceInteraction.submit();
@@ -147,4 +150,6 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
   totpVerificationRoutes(router, tenant);
   backupCodeVerificationRoutes(router, tenant);
   newPasswordIdentityVerificationRoutes(router, tenant);
+
+  profileRoutes(router, tenant);
 }
diff --git a/packages/core/src/routes/experience/profile-routes.ts b/packages/core/src/routes/experience/profile-routes.ts
new file mode 100644
index 000000000000..be731f12cd4e
--- /dev/null
+++ b/packages/core/src/routes/experience/profile-routes.ts
@@ -0,0 +1,108 @@
+import { InteractionEvent, SignInIdentifier, updateProfileApiPayloadGuard } from '@logto/schemas';
+import type Router from 'koa-router';
+import { z } from 'zod';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
+import koaGuard from '#src/middleware/koa-guard.js';
+import type TenantContext from '#src/tenants/TenantContext.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { identifierCodeVerificationTypeMap } from './classes/verifications/code-verification.js';
+import { experienceRoutes } from './const.js';
+import { type WithExperienceInteractionContext } from './middleware/koa-experience-interaction.js';
+
+export default function interactionProfileRoutes<T extends WithLogContext>(
+  router: Router<unknown, WithExperienceInteractionContext<T>>,
+  tenant: TenantContext
+) {
+  router.post(
+    `${experienceRoutes.profile}`,
+    koaGuard({
+      body: updateProfileApiPayloadGuard,
+      status: [204, 400, 403, 404, 422],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction, guard } = ctx;
+
+      // Guard current interaction event is not ForgotPassword
+      assertThat(
+        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
+        new RequestError({
+          code: 'session.not_supported_for_forgot_password',
+          statue: 400,
+        })
+      );
+
+      // Guard MFA verification status
+      await experienceInteraction.guardMfaVerificationStatus();
+
+      const profilePayload = guard.body;
+
+      switch (profilePayload.type) {
+        case SignInIdentifier.Email:
+        case SignInIdentifier.Phone: {
+          const verificationType = identifierCodeVerificationTypeMap[profilePayload.type];
+          await experienceInteraction.profile.setProfileByVerificationRecord(
+            verificationType,
+            profilePayload.verificationId
+          );
+          break;
+        }
+        case SignInIdentifier.Username: {
+          await experienceInteraction.profile.setProfileWithValidation({
+            username: profilePayload.value,
+          });
+          break;
+        }
+        case 'password': {
+          await experienceInteraction.profile.setPasswordDigestWithValidation(profilePayload.value);
+        }
+      }
+
+      await experienceInteraction.save();
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+
+  router.put(
+    `${experienceRoutes.profile}/password`,
+    koaGuard({
+      body: z.object({
+        password: z.string(),
+      }),
+      status: [204, 400, 404, 422],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction, guard } = ctx;
+      const { password } = guard.body;
+
+      assertThat(
+        experienceInteraction.interactionEvent === InteractionEvent.ForgotPassword,
+        new RequestError({
+          code: 'session.invalid_interaction_type',
+          status: 400,
+        })
+      );
+
+      // Guard interaction is identified
+      assertThat(
+        experienceInteraction.identifiedUserId,
+        new RequestError({
+          code: 'session.identifier_not_found',
+          status: 404,
+        })
+      );
+
+      await experienceInteraction.profile.setPasswordDigestWithValidation(password, true);
+      await experienceInteraction.save();
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+}
diff --git a/packages/core/src/routes/experience/types.ts b/packages/core/src/routes/experience/types.ts
index 9e0bb69e89de..2aad367e7d0c 100644
--- a/packages/core/src/routes/experience/types.ts
+++ b/packages/core/src/routes/experience/types.ts
@@ -1,8 +1,16 @@
 import { type SocialUserInfo, socialUserInfoGuard, type ToZodObject } from '@logto/connector-kit';
-import { type CreateUser, Users, UserSsoIdentities, type UserSsoIdentity } from '@logto/schemas';
+import {
+  type CreateUser,
+  type User,
+  Users,
+  UserSsoIdentities,
+  type UserSsoIdentity,
+} from '@logto/schemas';
 import type Provider from 'oidc-provider';
 import { z } from 'zod';
 
+import { type VerificationRecordMap } from './classes/verifications/index.js';
+
 export type Interaction = Awaited<ReturnType<Provider['interactionDetails']>>;
 
 export type InteractionProfile = {
@@ -51,3 +59,14 @@ export const interactionProfileGuard = Users.createGuard
       })
       .optional(),
   }) satisfies ToZodObject<InteractionProfile>;
+
+/**
+ * The interaction context provides the callback functions to get the user and verification record from the interaction
+ */
+export type InteractionContext = {
+  getIdentifierUser: () => Promise<User>;
+  getVerificationRecordByTypeAndId: <K extends keyof VerificationRecordMap>(
+    type: K,
+    verificationId: string
+  ) => VerificationRecordMap[K];
+};
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
index 39cea62d3c6c..557758395ea6 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/enterprise-sso.test.ts
@@ -15,7 +15,10 @@ devFeatureTest.describe('enterprise sso sign-in and sign-up', () => {
 
   beforeAll(async () => {
     await ssoConnectorApi.createMockOidcConnector([domain]);
-    await updateSignInExperience({ singleSignOnEnabled: true });
+    await updateSignInExperience({
+      singleSignOnEnabled: true,
+      signUp: { identifiers: [], password: false, verify: false },
+    });
   });
 
   afterAll(async () => {
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
index e74d9fd0e8b1..f32eff6ab23e 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@@ -6,6 +6,7 @@ import {
   mockSocialConnectorTarget,
 } from '#src/__mocks__/connectors-mock.js';
 import { deleteUser, getUser } from '#src/api/admin-user.js';
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
 import { clearConnectorsByTypes, setSocialConnector } from '#src/helpers/connector.js';
 import { signInWithSocial } from '#src/helpers/experience/index.js';
 import { generateNewUser } from '#src/helpers/user.js';
@@ -18,6 +19,13 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
 
   beforeAll(async () => {
     await clearConnectorsByTypes([ConnectorType.Social]);
+    await updateSignInExperience({
+      signUp: {
+        identifiers: [],
+        password: false,
+        verify: false,
+      },
+    });
 
     const { id: socialConnectorId } = await setSocialConnector();
     connectorIdMap.set(mockSocialConnectorId, socialConnectorId);
diff --git a/packages/phrases/src/locales/en/errors/session.ts b/packages/phrases/src/locales/en/errors/session.ts
index ab6e00e11896..1be79523d350 100644
--- a/packages/phrases/src/locales/en/errors/session.ts
+++ b/packages/phrases/src/locales/en/errors/session.ts
@@ -22,6 +22,8 @@ const session = {
   identifier_not_found: 'User identifier not found. Please go back and sign in again.',
   interaction_not_found:
     'Interaction session not found. Please go back and start the session again.',
+  invalid_interaction_type:
+    'This operation is not supported for the current interaction. Please initiate a new session.',
   not_supported_for_forgot_password: 'This operation is not supported for forgot password.',
   identity_conflict:
     'Identity mismatch detected. Please initiate a new session to proceed with a different identity.',
diff --git a/packages/schemas/src/types/interactions.ts b/packages/schemas/src/types/interactions.ts
index c58ab56f638f..84b99faca21f 100644
--- a/packages/schemas/src/types/interactions.ts
+++ b/packages/schemas/src/types/interactions.ts
@@ -1,3 +1,4 @@
+/* eslint-disable max-lines */
 import { emailRegEx, phoneRegEx, usernameRegEx } from '@logto/core-kit';
 import { z } from 'zod';
 
@@ -163,6 +164,27 @@ export const CreateExperienceApiPayloadGuard = z.object({
   interactionEvent: z.nativeEnum(InteractionEvent),
 }) satisfies ToZodObject<CreateExperienceApiPayload>;
 
+/** Payload type for `POST /api/experience/profile */
+export const updateProfileApiPayloadGuard = z.discriminatedUnion('type', [
+  z.object({
+    type: z.literal(SignInIdentifier.Username),
+    value: z.string(),
+  }),
+  z.object({
+    type: z.literal('password'),
+    value: z.string(),
+  }),
+  z.object({
+    type: z.literal(SignInIdentifier.Email),
+    verificationId: z.string(),
+  }),
+  z.object({
+    type: z.literal(SignInIdentifier.Phone),
+    verificationId: z.string(),
+  }),
+]);
+export type UpdateProfileApiPayload = z.infer<typeof updateProfileApiPayloadGuard>;
+
 // ====== Experience API payload guard and types definitions end ======
 
 /**
@@ -410,3 +432,4 @@ export const verifyMfaResultGuard = z.object({
 });
 
 export type VerifyMfaResult = z.infer<typeof verifyMfaResultGuard>;
+/* eslint-enable max-lines */

From 9d2770cc27ebb908b8ab719778f6592e9c867508 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Thu, 25 Jul 2024 14:08:42 +0800
Subject: [PATCH 100/135] test(core): add profile fulfillment integration tests
 (#6294)

* test(core): add profile fufillment integration tests

add profile fufillment integration tests

* fix: fix integration tests

fix integration tests

* refactor(test): rebase and update the latest profile api

rebase and update the latest profile api
---
 .../src/client/experience/const.ts            |   1 +
 .../src/client/experience/index.ts            |  15 ++
 .../src/helpers/experience/index.ts           |  18 +-
 .../profile/fulfill-user-profiles.test.ts     | 184 ++++++++++++++++++
 .../profile/reset-password.test.ts            | 158 +++++++++++++++
 .../verification-code.test.ts                 |  27 +++
 .../sign-in-interaction/password.test.ts      |  75 ++++++-
 .../sign-in-interaction/social.test.ts        | 107 +++++++++-
 8 files changed, 569 insertions(+), 16 deletions(-)
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/profile/fulfill-user-profiles.test.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/profile/reset-password.test.ts

diff --git a/packages/integration-tests/src/client/experience/const.ts b/packages/integration-tests/src/client/experience/const.ts
index 00b4b99351fb..dfd3d22a7a21 100644
--- a/packages/integration-tests/src/client/experience/const.ts
+++ b/packages/integration-tests/src/client/experience/const.ts
@@ -3,5 +3,6 @@ const prefix = 'experience';
 export const experienceRoutes = {
   verification: `${prefix}/verification`,
   identification: `${prefix}/identification`,
+  profile: `${prefix}/profile`,
   prefix,
 };
diff --git a/packages/integration-tests/src/client/experience/index.ts b/packages/integration-tests/src/client/experience/index.ts
index b52713e55232..c58cba5c0a13 100644
--- a/packages/integration-tests/src/client/experience/index.ts
+++ b/packages/integration-tests/src/client/experience/index.ts
@@ -4,6 +4,7 @@ import {
   type InteractionEvent,
   type NewPasswordIdentityVerificationPayload,
   type PasswordVerificationPayload,
+  type UpdateProfileApiPayload,
   type VerificationCodeIdentifier,
 } from '@logto/schemas';
 
@@ -196,4 +197,18 @@ export class ExperienceClient extends MockClient {
       })
       .json<{ verificationId: string }>();
   }
+
+  public async resetPassword(payload: { password: string }) {
+    return api.put(`${experienceRoutes.profile}/password`, {
+      headers: { cookie: this.interactionCookie },
+      json: payload,
+    });
+  }
+
+  public async updateProfile(payload: UpdateProfileApiPayload) {
+    return api.post(`${experienceRoutes.profile}`, {
+      headers: { cookie: this.interactionCookie },
+      json: payload,
+    });
+  }
 }
diff --git a/packages/integration-tests/src/helpers/experience/index.ts b/packages/integration-tests/src/helpers/experience/index.ts
index f14dcf9786b3..78958df6a9c8 100644
--- a/packages/integration-tests/src/helpers/experience/index.ts
+++ b/packages/integration-tests/src/helpers/experience/index.ts
@@ -11,6 +11,7 @@ import {
 } from '@logto/schemas';
 
 import { type ExperienceClient } from '#src/client/experience/index.js';
+import { generatePassword } from '#src/utils.js';
 
 import { initExperienceClient, logoutClient, processSession } from '../client.js';
 import { expectRejects } from '../index.js';
@@ -104,7 +105,8 @@ export const identifyUserWithUsernamePassword = async (
 };
 
 export const registerNewUserWithVerificationCode = async (
-  identifier: VerificationCodeIdentifier
+  identifier: VerificationCodeIdentifier,
+  options?: { fulfillPassword?: boolean }
 ) => {
   const client = await initExperienceClient();
 
@@ -125,6 +127,20 @@ export const registerNewUserWithVerificationCode = async (
     verificationId: verifiedVerificationId,
   });
 
+  if (options?.fulfillPassword) {
+    await expectRejects(client.submitInteraction(), {
+      code: 'user.missing_profile',
+      status: 422,
+    });
+
+    const password = generatePassword();
+
+    await client.updateProfile({
+      type: 'password',
+      value: password,
+    });
+  }
+
   const { redirectTo } = await client.submitInteraction();
 
   const userId = await processSession(client, redirectTo);
diff --git a/packages/integration-tests/src/tests/api/experience-api/profile/fulfill-user-profiles.test.ts b/packages/integration-tests/src/tests/api/experience-api/profile/fulfill-user-profiles.test.ts
new file mode 100644
index 000000000000..cc0cbc0386ac
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/profile/fulfill-user-profiles.test.ts
@@ -0,0 +1,184 @@
+import { ConnectorType } from '@logto/connector-kit';
+import { InteractionEvent, MfaFactor, SignInIdentifier } from '@logto/schemas';
+import { authenticator } from 'otplib';
+
+import { createUserMfaVerification } from '#src/api/admin-user.js';
+import { initExperienceClient } from '#src/helpers/client.js';
+import {
+  clearConnectorsByTypes,
+  setEmailConnector,
+  setSmsConnector,
+} from '#src/helpers/connector.js';
+import { identifyUserWithUsernamePassword } from '#src/helpers/experience/index.js';
+import { successfullyVerifyTotp } from '#src/helpers/experience/totp-verification.js';
+import {
+  successfullySendVerificationCode,
+  successfullyVerifyVerificationCode,
+} from '#src/helpers/experience/verification-code.js';
+import { expectRejects } from '#src/helpers/index.js';
+import {
+  enableAllPasswordSignInMethods,
+  enableMandatoryMfaWithTotpAndBackupCode,
+  resetMfaSettings,
+} from '#src/helpers/sign-in-experience.js';
+import { generateNewUserProfile, UserApiTest } from '#src/helpers/user.js';
+import { devFeatureTest, generateEmail } from '#src/utils.js';
+
+devFeatureTest.describe('Fulfill User Profiles', () => {
+  const userApi = new UserApiTest();
+
+  beforeAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Email, ConnectorType.Sms]);
+    await Promise.all([setEmailConnector(), setSmsConnector()]);
+    await enableAllPasswordSignInMethods();
+  });
+
+  afterEach(async () => {
+    await userApi.cleanUp();
+  });
+
+  it('should throw 400 if the interaction event is ForgotPassword', async () => {
+    const client = await initExperienceClient();
+
+    await client.initInteraction({ interactionEvent: InteractionEvent.ForgotPassword });
+
+    await expectRejects(
+      client.updateProfile({ type: SignInIdentifier.Username, value: 'username' }),
+      {
+        status: 400,
+        code: 'session.not_supported_for_forgot_password',
+      }
+    );
+  });
+
+  it('should throw 404 if the interaction is not identified', async () => {
+    const client = await initExperienceClient();
+
+    await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+    await expectRejects(
+      client.updateProfile({ type: SignInIdentifier.Username, value: 'username' }),
+      {
+        status: 404,
+        code: 'session.identifier_not_found',
+      }
+    );
+  });
+
+  it('should throw 422 if the profile field is already exist in current user account', async () => {
+    const { username, password } = generateNewUserProfile({ username: true, password: true });
+
+    await userApi.create({ username, password });
+
+    const client = await initExperienceClient();
+    await identifyUserWithUsernamePassword(client, username, password);
+
+    await expectRejects(
+      client.updateProfile({ type: SignInIdentifier.Username, value: 'username' }),
+      {
+        status: 422,
+        code: 'user.username_exists_in_profile',
+      }
+    );
+
+    await expectRejects(client.updateProfile({ type: 'password', value: 'password' }), {
+      status: 422,
+      code: 'user.password_exists_in_profile',
+    });
+  });
+
+  it('should throw 422 if the profile field is used by another user', async () => {
+    const { username, password } = generateNewUserProfile({ username: true, password: true });
+    await userApi.create({ username, password });
+
+    const { primaryEmail } = generateNewUserProfile({ primaryEmail: true });
+    await userApi.create({ primaryEmail });
+
+    const client = await initExperienceClient();
+    await identifyUserWithUsernamePassword(client, username, password);
+
+    const { verificationId, code: verificationCode } = await successfullySendVerificationCode(
+      client,
+      {
+        identifier: { type: SignInIdentifier.Email, value: primaryEmail },
+        interactionEvent: InteractionEvent.SignIn,
+      }
+    );
+
+    await successfullyVerifyVerificationCode(client, {
+      identifier: { type: SignInIdentifier.Email, value: primaryEmail },
+      verificationId,
+      code: verificationCode,
+    });
+
+    await expectRejects(client.updateProfile({ type: SignInIdentifier.Email, verificationId }), {
+      status: 422,
+      code: 'user.email_already_in_use',
+    });
+  });
+
+  describe('MFA verification status is required', () => {
+    beforeAll(async () => {
+      await enableMandatoryMfaWithTotpAndBackupCode();
+    });
+    afterAll(async () => {
+      await resetMfaSettings();
+    });
+
+    it('should throw 422 if the mfa is enabled but not verified', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+      await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      await expectRejects(
+        client.updateProfile({ type: SignInIdentifier.Username, value: 'username' }),
+        {
+          status: 403,
+          code: 'session.mfa.require_mfa_verification',
+        }
+      );
+    });
+
+    it('should update the profile successfully if the mfa is enabled and verified', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      const response = await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      if (response.type !== MfaFactor.TOTP) {
+        throw new Error('unexpected mfa type');
+      }
+
+      const { secret } = response;
+      const code = authenticator.generate(secret);
+
+      await successfullyVerifyTotp(client, { code });
+
+      const email = generateEmail();
+
+      const { verificationId, code: verificationCode } = await successfullySendVerificationCode(
+        client,
+        {
+          identifier: { type: SignInIdentifier.Email, value: email },
+          interactionEvent: InteractionEvent.SignIn,
+        }
+      );
+
+      await successfullyVerifyVerificationCode(client, {
+        identifier: { type: SignInIdentifier.Email, value: email },
+        verificationId,
+        code: verificationCode,
+      });
+
+      await expect(
+        client.updateProfile({ type: SignInIdentifier.Email, verificationId })
+      ).resolves.not.toThrow();
+    });
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/profile/reset-password.test.ts b/packages/integration-tests/src/tests/api/experience-api/profile/reset-password.test.ts
new file mode 100644
index 000000000000..daa42e21d5be
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/profile/reset-password.test.ts
@@ -0,0 +1,158 @@
+import { ConnectorType, InteractionEvent, SignInIdentifier } from '@logto/schemas';
+
+import { updateSignInExperience } from '#src/api/sign-in-experience.js';
+import { type ExperienceClient } from '#src/client/experience/index.js';
+import { initExperienceClient } from '#src/helpers/client.js';
+import { clearConnectorsByTypes, setEmailConnector } from '#src/helpers/connector.js';
+import { signInWithPassword } from '#src/helpers/experience/index.js';
+import {
+  successfullySendVerificationCode,
+  successfullyVerifyVerificationCode,
+} from '#src/helpers/experience/verification-code.js';
+import { expectRejects } from '#src/helpers/index.js';
+import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
+import { generateNewUserProfile, UserApiTest } from '#src/helpers/user.js';
+import { devFeatureTest, generatePassword } from '#src/utils.js';
+
+const initAndIdentifyForgotPasswordInteraction = async (
+  client: ExperienceClient,
+  email: string
+) => {
+  await client.initInteraction({ interactionEvent: InteractionEvent.ForgotPassword });
+  const { verificationId, code } = await successfullySendVerificationCode(client, {
+    identifier: { type: SignInIdentifier.Email, value: email },
+    interactionEvent: InteractionEvent.ForgotPassword,
+  });
+  await successfullyVerifyVerificationCode(client, {
+    identifier: { type: SignInIdentifier.Email, value: email },
+    verificationId,
+    code,
+  });
+  await client.identifyUser({ verificationId });
+};
+
+devFeatureTest.describe('Reset Password', () => {
+  const userApi = new UserApiTest();
+
+  beforeAll(async () => {
+    await clearConnectorsByTypes([ConnectorType.Email]);
+    await setEmailConnector();
+    await enableAllPasswordSignInMethods();
+  });
+
+  afterEach(async () => {
+    await userApi.cleanUp();
+
+    // Reset password policy to default value
+    await updateSignInExperience({
+      passwordPolicy: {},
+    });
+  });
+
+  it('should 400 if the interaction is not ForgotPassword', async () => {
+    const client = await initExperienceClient();
+
+    await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+    await expectRejects(client.resetPassword({ password: 'password' }), {
+      status: 400,
+      code: 'session.invalid_interaction_type',
+    });
+  });
+
+  it('should throw 404 if the interaction is not identified', async () => {
+    const client = await initExperienceClient();
+
+    await client.initInteraction({ interactionEvent: InteractionEvent.ForgotPassword });
+
+    await expectRejects(client.resetPassword({ password: 'password' }), {
+      status: 404,
+      code: 'session.identifier_not_found',
+    });
+  });
+
+  it('should throw 422 if identify the user using VerificationType other than CodeVerification', async () => {
+    const { username, password } = generateNewUserProfile({ username: true, password: true });
+    await userApi.create({ username, password });
+    const client = await initExperienceClient();
+    await client.initInteraction({ interactionEvent: InteractionEvent.ForgotPassword });
+    const { verificationId } = await client.verifyPassword({
+      identifier: { type: SignInIdentifier.Username, value: username },
+      password,
+    });
+
+    await expectRejects(client.identifyUser({ verificationId }), {
+      status: 422,
+      code: 'session.not_supported_for_forgot_password',
+    });
+  });
+
+  it('should throw 422 if the password is same as the current password', async () => {
+    const { primaryEmail, password } = generateNewUserProfile({
+      primaryEmail: true,
+      password: true,
+    });
+    await userApi.create({ primaryEmail, password });
+    const client = await initExperienceClient();
+
+    await initAndIdentifyForgotPasswordInteraction(client, primaryEmail);
+
+    await expectRejects(client.resetPassword({ password }), {
+      status: 422,
+      code: 'user.same_password',
+    });
+  });
+
+  it('should throw 422 if the password violates password policy (using email as password)', async () => {
+    await updateSignInExperience({
+      passwordPolicy: {
+        length: { min: 8, max: 32 },
+        characterTypes: { min: 3 },
+        rejects: {
+          pwned: true,
+          repetitionAndSequence: true,
+          userInfo: true,
+        },
+      },
+    });
+
+    const { primaryEmail, password } = generateNewUserProfile({
+      primaryEmail: true,
+      password: true,
+    });
+
+    await userApi.create({ primaryEmail, password });
+
+    const client = await initExperienceClient();
+
+    await initAndIdentifyForgotPasswordInteraction(client, primaryEmail);
+
+    await expectRejects(client.resetPassword({ password: primaryEmail }), {
+      status: 422,
+      code: 'password.rejected',
+    });
+  });
+
+  it('should reset password successfully', async () => {
+    const { primaryEmail, password } = generateNewUserProfile({
+      primaryEmail: true,
+      password: true,
+    });
+    await userApi.create({ primaryEmail, password });
+
+    const newPassword = generatePassword();
+
+    const client = await initExperienceClient();
+
+    await initAndIdentifyForgotPasswordInteraction(client, primaryEmail);
+
+    await client.resetPassword({ password: newPassword });
+
+    await client.submitInteraction();
+
+    await signInWithPassword({
+      identifier: { type: SignInIdentifier.Email, value: primaryEmail },
+      password: newPassword,
+    });
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts b/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts
index c210797d41eb..e247b3c862c9 100644
--- a/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/register-interaction/verification-code.test.ts
@@ -98,4 +98,31 @@ devFeatureTest.describe('Register interaction with verification code happy path'
       await deleteUser(user.id);
     }
   );
+
+  describe('fulfill password', () => {
+    beforeAll(async () => {
+      await enableAllVerificationCodeSignInMethods({
+        identifiers: [SignInIdentifier.Email, SignInIdentifier.Phone],
+        password: true,
+        verify: true,
+      });
+    });
+
+    it.each(verificationIdentifierType)(
+      'Should register with verification code using %p and fulfill the password successfully',
+      async (identifier) => {
+        const userId = await registerNewUserWithVerificationCode(
+          {
+            type: identifier,
+            value: identifier === SignInIdentifier.Email ? generateEmail() : generatePhone(),
+          },
+          {
+            fulfillPassword: true,
+          }
+        );
+
+        await deleteUser(userId);
+      }
+    );
+  });
 });
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts
index fcf9a6093cbd..ca57ba29716d 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/password.test.ts
@@ -1,10 +1,23 @@
-import { SignInIdentifier } from '@logto/schemas';
+import { InteractionEvent, SignInIdentifier } from '@logto/schemas';
 
-import { deleteUser } from '#src/api/admin-user.js';
-import { signInWithPassword } from '#src/helpers/experience/index.js';
-import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
+import { deleteUser, getUser } from '#src/api/admin-user.js';
+import { initExperienceClient, logoutClient, processSession } from '#src/helpers/client.js';
+import { setEmailConnector, setSmsConnector } from '#src/helpers/connector.js';
+import {
+  identifyUserWithUsernamePassword,
+  signInWithPassword,
+} from '#src/helpers/experience/index.js';
+import {
+  successfullySendVerificationCode,
+  successfullyVerifyVerificationCode,
+} from '#src/helpers/experience/verification-code.js';
+import { expectRejects } from '#src/helpers/index.js';
+import {
+  enableAllPasswordSignInMethods,
+  enableAllVerificationCodeSignInMethods,
+} from '#src/helpers/sign-in-experience.js';
 import { generateNewUser } from '#src/helpers/user.js';
-import { devFeatureTest } from '#src/utils.js';
+import { devFeatureTest, generateEmail } from '#src/utils.js';
 
 const identifiersTypeToUserProfile = Object.freeze({
   username: 'username',
@@ -15,6 +28,7 @@ const identifiersTypeToUserProfile = Object.freeze({
 devFeatureTest.describe('sign-in with password verification happy path', () => {
   beforeAll(async () => {
     await enableAllPasswordSignInMethods();
+    await Promise.all([setEmailConnector(), setSmsConnector()]);
   });
 
   it.each(Object.values(SignInIdentifier))(
@@ -36,4 +50,55 @@ devFeatureTest.describe('sign-in with password verification happy path', () => {
       await deleteUser(user.id);
     }
   );
+
+  it('sign-in with username and password and fulfill the email', async () => {
+    await enableAllVerificationCodeSignInMethods({
+      identifiers: [SignInIdentifier.Email],
+      password: true,
+      verify: true,
+    });
+
+    const { userProfile, user } = await generateNewUser({
+      username: true,
+      password: true,
+    });
+    const { username, password } = userProfile;
+
+    const primaryEmail = generateEmail();
+
+    const client = await initExperienceClient();
+
+    await identifyUserWithUsernamePassword(client, username, password);
+
+    await expectRejects(client.submitInteraction(), {
+      code: 'user.missing_profile',
+      status: 422,
+    });
+
+    const { verificationId, code: verificationCode } = await successfullySendVerificationCode(
+      client,
+      {
+        identifier: { type: SignInIdentifier.Email, value: primaryEmail },
+        interactionEvent: InteractionEvent.SignIn,
+      }
+    );
+
+    await successfullyVerifyVerificationCode(client, {
+      identifier: { type: SignInIdentifier.Email, value: primaryEmail },
+      verificationId,
+      code: verificationCode,
+    });
+
+    await client.updateProfile({ type: SignInIdentifier.Email, verificationId });
+
+    const { redirectTo } = await client.submitInteraction();
+    await processSession(client, redirectTo);
+    await logoutClient(client);
+
+    const { primaryEmail: syncedEmail } = await getUser(user.id);
+
+    expect(syncedEmail).toBe(primaryEmail);
+
+    await deleteUser(user.id);
+  });
 });
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
index f32eff6ab23e..a13bcb6260a3 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@@ -1,4 +1,5 @@
 import { ConnectorType } from '@logto/connector-kit';
+import { InteractionEvent, SignInIdentifier } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 
 import {
@@ -6,11 +7,21 @@ import {
   mockSocialConnectorTarget,
 } from '#src/__mocks__/connectors-mock.js';
 import { deleteUser, getUser } from '#src/api/admin-user.js';
-import { updateSignInExperience } from '#src/api/sign-in-experience.js';
-import { clearConnectorsByTypes, setSocialConnector } from '#src/helpers/connector.js';
+import { initExperienceClient, logoutClient, processSession } from '#src/helpers/client.js';
+import {
+  clearConnectorsByTypes,
+  setEmailConnector,
+  setSocialConnector,
+} from '#src/helpers/connector.js';
 import { signInWithSocial } from '#src/helpers/experience/index.js';
+import {
+  successFullyCreateSocialVerification,
+  successFullyVerifySocialAuthorization,
+} from '#src/helpers/experience/social-verification.js';
+import { expectRejects } from '#src/helpers/index.js';
+import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
 import { generateNewUser } from '#src/helpers/user.js';
-import { devFeatureTest, generateEmail } from '#src/utils.js';
+import { devFeatureTest, generateEmail, generateUsername } from '#src/utils.js';
 
 devFeatureTest.describe('social sign-in and sign-up', () => {
   const connectorIdMap = new Map<string, string>();
@@ -18,16 +29,15 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
   const email = generateEmail();
 
   beforeAll(async () => {
-    await clearConnectorsByTypes([ConnectorType.Social]);
-    await updateSignInExperience({
-      signUp: {
-        identifiers: [],
-        password: false,
-        verify: false,
-      },
+    await enableAllPasswordSignInMethods({
+      identifiers: [],
+      password: false,
+      verify: false,
     });
+    await clearConnectorsByTypes([ConnectorType.Social, ConnectorType.Email]);
 
     const { id: socialConnectorId } = await setSocialConnector();
+    await setEmailConnector();
     connectorIdMap.set(mockSocialConnectorId, socialConnectorId);
   });
 
@@ -112,4 +122,81 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
 
     await deleteUser(userId);
   });
+
+  describe('fulfill missing user profile', () => {
+    const state = 'state';
+    const redirectUri = 'http://localhost:3000';
+
+    it('should successfully sign-up with social and fulfill missing username', async () => {
+      const connectorId = connectorIdMap.get(mockSocialConnectorId)!;
+
+      await enableAllPasswordSignInMethods({
+        identifiers: [SignInIdentifier.Username],
+        password: true,
+        verify: false,
+      });
+
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+
+      const { verificationId } = await successFullyCreateSocialVerification(client, connectorId, {
+        redirectUri,
+        state,
+      });
+
+      await successFullyVerifySocialAuthorization(client, connectorId, {
+        verificationId,
+        connectorData: {
+          state,
+          redirectUri,
+          code: 'fake_code',
+          userId: generateStandardId(),
+        },
+      });
+
+      await expectRejects(client.identifyUser({ verificationId }), {
+        code: 'user.identity_not_exist',
+        status: 404,
+      });
+
+      await client.updateInteractionEvent({ interactionEvent: InteractionEvent.Register });
+      await client.identifyUser({ verificationId });
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'user.missing_profile',
+        status: 422,
+      });
+
+      await client.updateProfile({ type: SignInIdentifier.Username, value: generateUsername() });
+
+      const { redirectTo } = await client.submitInteraction();
+      const userId = await processSession(client, redirectTo);
+      await logoutClient(client);
+      await deleteUser(userId);
+    });
+
+    it('should directly sync trusted email', async () => {
+      await enableAllPasswordSignInMethods({
+        identifiers: [SignInIdentifier.Email],
+        password: true,
+        verify: true,
+      });
+
+      const userId = await signInWithSocial(
+        connectorIdMap.get(mockSocialConnectorId)!,
+        {
+          id: socialUserId,
+          email,
+        },
+        {
+          registerNewUser: true,
+        }
+      );
+
+      const { primaryEmail } = await getUser(userId);
+      expect(primaryEmail).toBe(email);
+
+      await deleteUser(userId);
+    });
+  });
 });

From a2e457e8efd520373e1c7e6b6502afbda298b8e5 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Thu, 25 Jul 2024 17:00:57 +0800
Subject: [PATCH 101/135] fix(console): css loaded svg should be rendered
 properly (#6333)

---
 .../src/components/SignInExperiencePreview/index.module.scss  | 2 +-
 .../console/src/ds-components/TextInput/index.module.scss     | 2 +-
 .../pages/SignInExperience/InspireMe/index.module.scss        | 2 +-
 packages/console/src/pages/Welcome/index.module.scss          | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/console/src/components/SignInExperiencePreview/index.module.scss b/packages/console/src/components/SignInExperiencePreview/index.module.scss
index 4948109aad7c..c8d4d83a7ea2 100644
--- a/packages/console/src/components/SignInExperiencePreview/index.module.scss
+++ b/packages/console/src/components/SignInExperiencePreview/index.module.scss
@@ -87,7 +87,7 @@
   }
 
   &.disabled {
-    background: url('raw:../../assets/images/blur-preview.svg') 0 0 / 100% auto no-repeat;
+    background: url('../../assets/images/blur-preview.svg') 0 0 / 100% auto no-repeat;
   }
 
   .placeholder {
diff --git a/packages/console/src/ds-components/TextInput/index.module.scss b/packages/console/src/ds-components/TextInput/index.module.scss
index b4f49b325850..d41280be68c0 100644
--- a/packages/console/src/ds-components/TextInput/index.module.scss
+++ b/packages/console/src/ds-components/TextInput/index.module.scss
@@ -76,7 +76,7 @@
       &::-webkit-calendar-picker-indicator {
         background-image: none;
         background-color: var(--color-text-secondary);
-        mask-image: url('raw:../../assets/icons/calendar-outline.svg');
+        mask-image: url('../../assets/icons/calendar-outline.svg');
         mask-size: 20px 20px;
         width: 16px;
         height: 18px;
diff --git a/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.module.scss b/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.module.scss
index 093171e5d0ba..9dfcb66129c6 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.module.scss
+++ b/packages/console/src/onboarding/pages/SignInExperience/InspireMe/index.module.scss
@@ -33,7 +33,7 @@
       &:not(:active),
       &:active {
         &:hover {
-          background: var(--color-layer-1) center / 90% no-repeat url('raw:../../../assets/images/fireworks.svg');
+          background: var(--color-layer-1) center / 90% no-repeat url('../../../assets/images/fireworks.svg');
         }
       }
 
diff --git a/packages/console/src/pages/Welcome/index.module.scss b/packages/console/src/pages/Welcome/index.module.scss
index c2edbf43e929..feae887b7967 100644
--- a/packages/console/src/pages/Welcome/index.module.scss
+++ b/packages/console/src/pages/Welcome/index.module.scss
@@ -12,11 +12,11 @@
   background-repeat: no-repeat;
 
   &.light {
-    background-image: url('raw:../../assets/images/welcome.svg');
+    background-image: url('../../assets/images/welcome.svg');
   }
 
   &.dark {
-    background-image: url('raw:../../assets/images/welcome-dark.svg');
+    background-image: url('../../assets/images/welcome-dark.svg');
   }
 }
 

From f76252e0d2dd59da8328ce519927070083e59b41 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Thu, 25 Jul 2024 17:34:59 +0800
Subject: [PATCH 102/135] fix(core): fix some webhook api body status 404 bug
 (#6311)

* fix(core): fix some webhook api body status 404 bug

fix some webhook api body status 404 bug

* fix(core): improve the webhook trigger logic

improve the webhook trigger logic

* chore: add changeset

add changeset

* chore: update the changeset

update the changeset
---
 .changeset/fast-rats-talk.md                       | 14 ++++++++++++++
 packages/core/src/routes/role.ts                   |  7 +++++--
 packages/core/src/utils/SchemaRouter.ts            |  9 +++++----
 .../src/tests/api/hook/WebhookMockServer.ts        |  1 +
 .../src/tests/api/hook/hook.trigger.data.test.ts   |  2 ++
 .../integration-tests/src/tests/api/hook/utils.ts  |  1 +
 6 files changed, 28 insertions(+), 6 deletions(-)
 create mode 100644 .changeset/fast-rats-talk.md

diff --git a/.changeset/fast-rats-talk.md b/.changeset/fast-rats-talk.md
new file mode 100644
index 000000000000..437a34e400bd
--- /dev/null
+++ b/.changeset/fast-rats-talk.md
@@ -0,0 +1,14 @@
+---
+"@logto/core": patch
+---
+
+fix the status code 404 error in webhook events payload
+
+Impact webhook events:
+
+- `Role.Scopes.Updated`
+- `Organizations.Membership.Updates`
+
+Issue: These webhook event payloads were returning a API response status code of 404 when the webhook was triggered.
+Expected: A status code of 200 should be returned, as we only trigger the webhook when the request is successful.
+Fix: All webhook event contexts should be created and inserted into the webhook pipeline after the response body and status code are properly set.
diff --git a/packages/core/src/routes/role.ts b/packages/core/src/routes/role.ts
index be078c110f74..5d072f9fccfb 100644
--- a/packages/core/src/routes/role.ts
+++ b/packages/core/src/routes/role.ts
@@ -174,7 +174,12 @@ export default function roleRoutes<T extends ManagementApiRouter>(
         await insertRolesScopes(
           scopeIds.map((scopeId) => ({ id: generateStandardId(), roleId: role.id, scopeId }))
         );
+      }
+
+      ctx.body = role;
 
+      // Hook context must be triggered after the response is set.
+      if (scopeIds) {
         // Trigger the `Role.Scopes.Updated` event if scopeIds are provided. Should not break the request
         await trySafe(async () => {
           // Align the response type with POST /roles/:id/scopes
@@ -188,8 +193,6 @@ export default function roleRoutes<T extends ManagementApiRouter>(
         });
       }
 
-      ctx.body = role;
-
       return next();
     }
   );
diff --git a/packages/core/src/utils/SchemaRouter.ts b/packages/core/src/utils/SchemaRouter.ts
index 520758c93079..c8c3ae3c1bcf 100644
--- a/packages/core/src/utils/SchemaRouter.ts
+++ b/packages/core/src/utils/SchemaRouter.ts
@@ -1,4 +1,4 @@
-import { type SchemaLike, type GeneratedSchema, type DataHookEvent } from '@logto/schemas';
+import { type DataHookEvent, type GeneratedSchema, type SchemaLike } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { type DeepPartial, isPlainObject } from '@silverhand/essentials';
 import camelcase from 'camelcase';
@@ -257,8 +257,8 @@ export default class SchemaRouter<
             [columns.relationSchemaId]: relationId,
           })) ?? [])
         );
-        appendHookContext(ctx, id);
         ctx.status = 201;
+        appendHookContext(ctx, id);
         return next();
       }
     );
@@ -277,8 +277,8 @@ export default class SchemaRouter<
         } = ctx.guard;
 
         await relationQueries.replace(id, relationIds ?? []);
-        appendHookContext(ctx, id);
         ctx.status = 204;
+        appendHookContext(ctx, id);
         return next();
       }
     );
@@ -302,9 +302,10 @@ export default class SchemaRouter<
           // eslint-disable-next-line @typescript-eslint/no-non-null-assertion -- `koaGuard()` ensures the value is not `undefined`
           [columns.relationSchemaId]: relationId!,
         });
+
+        ctx.status = 204;
         // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         appendHookContext(ctx, id!);
-        ctx.status = 204;
         return next();
       }
     );
diff --git a/packages/integration-tests/src/tests/api/hook/WebhookMockServer.ts b/packages/integration-tests/src/tests/api/hook/WebhookMockServer.ts
index 1b9c77b09779..1644ff62738c 100644
--- a/packages/integration-tests/src/tests/api/hook/WebhookMockServer.ts
+++ b/packages/integration-tests/src/tests/api/hook/WebhookMockServer.ts
@@ -76,6 +76,7 @@ export const mockHookResponseGuard = z.object({
         event: hookEventGuard,
         createdAt: z.string(),
         hookId: z.string(),
+        status: z.number().optional(),
       })
       .catchall(z.any()),
     // Use the raw payload for signature verification
diff --git a/packages/integration-tests/src/tests/api/hook/hook.trigger.data.test.ts b/packages/integration-tests/src/tests/api/hook/hook.trigger.data.test.ts
index d01b14f9ff29..0562b297a594 100644
--- a/packages/integration-tests/src/tests/api/hook/hook.trigger.data.test.ts
+++ b/packages/integration-tests/src/tests/api/hook/hook.trigger.data.test.ts
@@ -47,6 +47,7 @@ const mockHookResponseGuard = z.object({
         .optional()
         .transform((value) => value?.toUpperCase()),
       matchedRoute: z.string().optional(),
+      status: z.number().optional(),
     })
     .catchall(z.any()),
   // Keep the raw payload for signature verification
@@ -364,6 +365,7 @@ describe('data hook events coverage and signature verification', () => {
 
     const webhookResult = await getWebhookResult(key);
     expect(webhookResult).toBeDefined();
+    expect(webhookResult?.payload.status).not.toBe(404);
     assert(webhookResult, new Error('webhookResult is undefined'));
 
     const { signature, rawPayload } = webhookResult;
diff --git a/packages/integration-tests/src/tests/api/hook/utils.ts b/packages/integration-tests/src/tests/api/hook/utils.ts
index 13fdea640426..e4157d97eb30 100644
--- a/packages/integration-tests/src/tests/api/hook/utils.ts
+++ b/packages/integration-tests/src/tests/api/hook/utils.ts
@@ -46,6 +46,7 @@ export const assertHookLogResult = async (
     const { body } = mockHookResponseGuard.parse(payload.response);
     expect(verifySignature(body.rawPayload, signingKey, body.signature)).toBeTruthy();
     expect(body.payload).toEqual(expect.objectContaining(assertions.hookPayload));
+    expect(body.payload.status).not.toBe(404);
   }
 
   if (assertions.errorMessage) {

From f8f34f0e878f987c9ce1654a766e3c8e2db37b5b Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Thu, 25 Jul 2024 17:35:19 +0800
Subject: [PATCH 103/135] feat(core): implement the WebAuthn verification
 (#6308)

feat(core): implement the webauthn verification

implement the webauthn verification
---
 .../classes/libraries/mfa-validator.ts        |   2 +-
 .../experience/classes/verifications/index.ts |  11 +
 .../classes/verifications/web-authn.ts        | 271 ++++++++++++++++++
 packages/core/src/routes/experience/index.ts  |   2 +
 .../verification-routes/totp-verification.ts  |   3 -
 .../web-authn-verification.ts                 | 192 +++++++++++++
 .../verifications/mfa-payload-verification.ts |  20 +-
 7 files changed, 487 insertions(+), 14 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/verifications/web-authn.ts
 create mode 100644 packages/core/src/routes/experience/verification-routes/web-authn-verification.ts

diff --git a/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
index c1882b1d1474..9f31ff3f0fba 100644
--- a/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
+++ b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
@@ -110,8 +110,8 @@ export class MfaValidator {
     // Filter out the verified MFA verification records
     const mfaVerificationRecords = verificationRecords.filter(({ type, isVerified }) => {
       return (
-        isVerified &&
         isMfaVerificationRecordType(type) &&
+        isVerified &&
         // Check if the verification type is enabled in the user's MFA settings
         enabledMfaFactors.some((factor) => factor.type === mfaVerificationTypeToMfaFactorMap[type])
       );
diff --git a/packages/core/src/routes/experience/classes/verifications/index.ts b/packages/core/src/routes/experience/classes/verifications/index.ts
index db9f601d5d2e..6175bc8d0e19 100644
--- a/packages/core/src/routes/experience/classes/verifications/index.ts
+++ b/packages/core/src/routes/experience/classes/verifications/index.ts
@@ -42,6 +42,11 @@ import {
   type TotpVerificationRecordData,
 } from './totp-verification.js';
 import { type VerificationRecord as GenericVerificationRecord } from './verification-record.js';
+import {
+  WebAuthnVerification,
+  webAuthnVerificationRecordDataGuard,
+  type WebAuthnVerificationRecordData,
+} from './web-authn.js';
 
 export type VerificationRecordData =
   | PasswordVerificationRecordData
@@ -51,6 +56,7 @@ export type VerificationRecordData =
   | EnterpriseSsoVerificationRecordData
   | TotpVerificationRecordData
   | BackupCodeVerificationRecordData
+  | WebAuthnVerificationRecordData
   | NewPasswordIdentityVerificationRecordData;
 
 // This is to ensure the keys of the map are the same as the type of the verification record
@@ -67,6 +73,7 @@ export type VerificationRecordMap = AssertVerificationMap<{
   [VerificationType.EnterpriseSso]: EnterpriseSsoVerification;
   [VerificationType.TOTP]: TotpVerification;
   [VerificationType.BackupCode]: BackupCodeVerification;
+  [VerificationType.WebAuthn]: WebAuthnVerification;
   [VerificationType.NewPasswordIdentity]: NewPasswordIdentityVerification;
 }>;
 
@@ -89,6 +96,7 @@ export const verificationRecordDataGuard = z.discriminatedUnion('type', [
   enterPriseSsoVerificationRecordDataGuard,
   totpVerificationRecordDataGuard,
   backupCodeVerificationRecordDataGuard,
+  webAuthnVerificationRecordDataGuard,
   newPasswordIdentityVerificationRecordDataGuard,
 ]);
 
@@ -122,6 +130,9 @@ export const buildVerificationRecord = (
     case VerificationType.BackupCode: {
       return new BackupCodeVerification(libraries, queries, data);
     }
+    case VerificationType.WebAuthn: {
+      return new WebAuthnVerification(libraries, queries, data);
+    }
     case VerificationType.NewPasswordIdentity: {
       return new NewPasswordIdentityVerification(libraries, queries, data);
     }
diff --git a/packages/core/src/routes/experience/classes/verifications/web-authn.ts b/packages/core/src/routes/experience/classes/verifications/web-authn.ts
new file mode 100644
index 000000000000..d3d2d2bccdbb
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/verifications/web-authn.ts
@@ -0,0 +1,271 @@
+import { type ToZodObject } from '@logto/connector-kit';
+import {
+  type BindWebAuthn,
+  bindWebAuthnGuard,
+  type BindWebAuthnPayload,
+  MfaFactor,
+  VerificationType,
+  type WebAuthnRegistrationOptions,
+  type WebAuthnVerificationPayload,
+} from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { conditional } from '@silverhand/essentials';
+import { isoBase64URL } from '@simplewebauthn/server/helpers';
+import { type PublicKeyCredentialRequestOptionsJSON } from 'node_modules/@simplewebauthn/server/esm/deps.js';
+import { z } from 'zod';
+
+import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
+import {
+  generateWebAuthnAuthenticationOptions,
+  generateWebAuthnRegistrationOptions,
+  verifyWebAuthnAuthentication,
+  verifyWebAuthnRegistration,
+} from '#src/routes/interaction/utils/webauthn.js';
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { type VerificationRecord } from './verification-record.js';
+
+export type WebAuthnVerificationRecordData = {
+  id: string;
+  type: VerificationType.WebAuthn;
+  /** UserId is required for verifying or binding new TOTP */
+  userId: string;
+  verified: boolean;
+  /** The challenge generated for the WebAuthn registration */
+  registrationChallenge?: string;
+  /** The challenge generated for the WebAuthn authentication */
+  authenticationChallenge?: string;
+  registrationInfo?: BindWebAuthn;
+};
+
+export const webAuthnVerificationRecordDataGuard = z.object({
+  id: z.string(),
+  type: z.literal(VerificationType.WebAuthn),
+  userId: z.string(),
+  verified: z.boolean(),
+  registrationChallenge: z.string().optional(),
+  authenticationChallenge: z.string().optional(),
+  registrationInfo: bindWebAuthnGuard.optional(),
+}) satisfies ToZodObject<WebAuthnVerificationRecordData>;
+
+export class WebAuthnVerification implements VerificationRecord<VerificationType.WebAuthn> {
+  /**
+   * Factory method to create a new WebAuthnVerification instance
+   *
+   * @param userId The user id is required for generating and verifying WebAuthn options.
+   * A WebAuthnVerification instance can only be created if the interaction is identified.
+   */
+  static create(libraries: Libraries, queries: Queries, userId: string) {
+    return new WebAuthnVerification(libraries, queries, {
+      id: generateStandardId(),
+      type: VerificationType.WebAuthn,
+      verified: false,
+      userId,
+    });
+  }
+
+  readonly id;
+  readonly type = VerificationType.WebAuthn;
+  readonly userId;
+  private verified;
+  private registrationChallenge?: string;
+  private readonly authenticationChallenge?: string;
+  private registrationInfo?: BindWebAuthn;
+
+  constructor(
+    private readonly libraries: Libraries,
+    private readonly queries: Queries,
+    data: WebAuthnVerificationRecordData
+  ) {
+    const {
+      id,
+      userId,
+      verified,
+      registrationChallenge,
+      authenticationChallenge,
+      registrationInfo,
+    } = webAuthnVerificationRecordDataGuard.parse(data);
+
+    this.id = id;
+    this.userId = userId;
+    this.verified = verified;
+    this.registrationChallenge = registrationChallenge;
+    this.authenticationChallenge = authenticationChallenge;
+    this.registrationInfo = registrationInfo;
+  }
+
+  get isVerified() {
+    return this.verified;
+  }
+
+  /**
+   * @remarks
+   * This method is used to generate the WebAuthn registration options for the user.
+   * The WebAuthn registration options is used to register a new WebAuthn credential for the user.
+   *
+   * Refers to the {@link generateWebAuthnRegistrationOptions} function in  `interaction/utils/webauthn.ts` file.
+   * Keep it as the single source of truth for generating the WebAuthn registration options.
+   * TODO: Consider relocating the function under a shared folder
+   */
+  async generateWebAuthnRegistrationOptions(
+    ctx: WithLogContext
+  ): Promise<WebAuthnRegistrationOptions> {
+    const { hostname } = ctx.URL;
+    const user = await this.findUser();
+
+    const registrationOptions = await generateWebAuthnRegistrationOptions({
+      user,
+      rpId: hostname,
+    });
+
+    this.registrationChallenge = registrationOptions.challenge;
+
+    return registrationOptions;
+  }
+
+  /**
+   * @remarks
+   * This method is used to verify the WebAuthn registration for the user.
+   * This method will verify the WebAuthn registration response and store the registration information in the instance.
+   * Refers to the {@link verifyBindWebAuthn} function in  `interaction/verifications/mfa-payload-verification.ts` file.
+   *
+   * @throw {RequestError} with status 400, if no pending WebAuthn registration challenge is found.
+   * @throw {RequestError} with status 400, if the WebAuthn registration verification failed or the registration information is not found.
+   */
+  async verifyWebAuthnRegistration(
+    ctx: WithLogContext,
+    payload: Omit<BindWebAuthnPayload, 'type'>
+  ) {
+    const { hostname, origin } = ctx.URL;
+    const {
+      request: {
+        headers: { 'user-agent': userAgent = '' },
+      },
+    } = ctx;
+
+    assertThat(this.registrationChallenge, 'session.mfa.pending_info_not_found');
+
+    const { verified, registrationInfo } = await verifyWebAuthnRegistration(
+      payload,
+      this.registrationChallenge,
+      hostname,
+      origin
+    );
+
+    assertThat(verified, 'session.mfa.webauthn_verification_failed');
+    assertThat(registrationInfo, 'session.mfa.webauthn_verification_failed');
+
+    const { credentialID, credentialPublicKey, counter } = registrationInfo;
+
+    this.verified = true;
+
+    this.registrationInfo = {
+      type: MfaFactor.WebAuthn,
+      credentialId: credentialID,
+      publicKey: isoBase64URL.fromBuffer(credentialPublicKey),
+      counter,
+      agent: userAgent,
+      transports: [],
+    };
+  }
+
+  /**
+   * @remarks
+   * This method is used to generate the WebAuthn authentication options for the user.
+   * The WebAuthn authentication options is used to authenticate the user using existing WebAuthn credentials.
+   *
+   * Refers to the {@link generateWebAuthnAuthenticationOptions} function in  `interaction/utils/webauthn.ts` file.
+   * Keep it as the single source of truth for generating the WebAuthn authentication options.
+   * TODO: Consider relocating the function under a shared folder
+   *
+   * @throws {RequestError} with status 400, if no WebAuthn credentials are found for the user.
+   */
+  async generateWebAuthnAuthenticationOptions(
+    ctx: WithLogContext
+  ): Promise<PublicKeyCredentialRequestOptionsJSON> {
+    const { hostname } = ctx.URL;
+    const { mfaVerifications } = await this.findUser();
+
+    const authenticationOptions = await generateWebAuthnAuthenticationOptions({
+      mfaVerifications,
+      rpId: hostname,
+    });
+
+    return authenticationOptions;
+  }
+
+  /**
+   * @remarks
+   * This method is used to verify the WebAuthn authentication for the user.
+   * Refers to the {@link verifyMfaPayloadVerification} function in `interaction/verifications/mfa-payload-verification.ts` file.
+   *
+   * @throws {RequestError} with status 400, if no pending WebAuthn authentication challenge is found.
+   * @throws {RequestError} with status 400, if the WebAuthn authentication verification failed.
+   */
+  async verifyWebAuthnAuthentication(
+    ctx: WithLogContext,
+    payload: Omit<WebAuthnVerificationPayload, 'type'>
+  ) {
+    const { hostname, origin } = ctx.URL;
+    const { mfaVerifications } = await this.findUser();
+
+    assertThat(this.authenticationChallenge, 'session.mfa.pending_info_not_found');
+
+    const { result, newCounter } = await verifyWebAuthnAuthentication({
+      payload,
+      challenge: this.authenticationChallenge,
+      rpId: hostname,
+      origin,
+      mfaVerifications,
+    });
+
+    assertThat(result, 'session.mfa.webauthn_verification_failed');
+
+    this.verified = true;
+
+    // Update the counter and last used time
+    const { updateUserById } = this.queries.users;
+    await updateUserById(this.userId, {
+      mfaVerifications: mfaVerifications.map((mfa) => {
+        if (mfa.type !== MfaFactor.WebAuthn || mfa.id !== result.id) {
+          return mfa;
+        }
+
+        return {
+          ...mfa,
+          lastUsedAt: new Date().toISOString(),
+          ...conditional(newCounter !== undefined && { counter: newCounter }),
+        };
+      }),
+    });
+  }
+
+  toJson(): WebAuthnVerificationRecordData {
+    const {
+      id,
+      userId,
+      verified,
+      type,
+      registrationChallenge,
+      authenticationChallenge,
+      registrationInfo,
+    } = this;
+
+    return {
+      id,
+      type,
+      userId,
+      verified,
+      registrationChallenge,
+      authenticationChallenge,
+      registrationInfo,
+    };
+  }
+
+  private async findUser() {
+    const { findUserById } = this.queries.users;
+    return findUserById(this.userId);
+  }
+}
diff --git a/packages/core/src/routes/experience/index.ts b/packages/core/src/routes/experience/index.ts
index a7d4125ee2e0..c452102b4600 100644
--- a/packages/core/src/routes/experience/index.ts
+++ b/packages/core/src/routes/experience/index.ts
@@ -32,6 +32,7 @@ import passwordVerificationRoutes from './verification-routes/password-verificat
 import socialVerificationRoutes from './verification-routes/social-verification.js';
 import totpVerificationRoutes from './verification-routes/totp-verification.js';
 import verificationCodeRoutes from './verification-routes/verification-code.js';
+import webAuthnVerificationRoute from './verification-routes/web-authn-verification.js';
 
 type RouterContext<T> = T extends Router<unknown, infer Context> ? Context : never;
 
@@ -148,6 +149,7 @@ export default function experienceApiRoutes<T extends AnonymousRouter>(
   socialVerificationRoutes(router, tenant);
   enterpriseSsoVerificationRoutes(router, tenant);
   totpVerificationRoutes(router, tenant);
+  webAuthnVerificationRoute(router, tenant);
   backupCodeVerificationRoutes(router, tenant);
   newPasswordIdentityVerificationRoutes(router, tenant);
 
diff --git a/packages/core/src/routes/experience/verification-routes/totp-verification.ts b/packages/core/src/routes/experience/verification-routes/totp-verification.ts
index ba875a88edbc..ed826e223ed3 100644
--- a/packages/core/src/routes/experience/verification-routes/totp-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/totp-verification.ts
@@ -33,9 +33,6 @@ export default function totpVerificationRoutes<T extends WithLogContext>(
 
       assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
 
-      // TODO: Check if the MFA is enabled
-      // TODO: Check if the interaction is fully verified
-
       const totpVerification = TotpVerification.create(
         libraries,
         queries,
diff --git a/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts b/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts
new file mode 100644
index 000000000000..313663329f8e
--- /dev/null
+++ b/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts
@@ -0,0 +1,192 @@
+import {
+  bindWebAuthnPayloadGuard,
+  VerificationType,
+  webAuthnRegistrationOptionsGuard,
+  webAuthnVerificationPayloadGuard,
+} from '@logto/schemas';
+import type Router from 'koa-router';
+import { z } from 'zod';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
+import koaGuard from '#src/middleware/koa-guard.js';
+import type TenantContext from '#src/tenants/TenantContext.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { WebAuthnVerification } from '../classes/verifications/web-authn.js';
+import { experienceRoutes } from '../const.js';
+import { type WithExperienceInteractionContext } from '../middleware/koa-experience-interaction.js';
+
+export default function webAuthnVerificationRoute<T extends WithLogContext>(
+  router: Router<unknown, WithExperienceInteractionContext<T>>,
+  tenantContext: TenantContext
+) {
+  const { libraries, queries } = tenantContext;
+
+  router.post(
+    `${experienceRoutes.verification}/web-authn/registration`,
+    koaGuard({
+      response: z.object({
+        verificationId: z.string(),
+        registrationOptions: webAuthnRegistrationOptionsGuard,
+      }),
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
+
+      const webAuthnVerification = WebAuthnVerification.create(
+        libraries,
+        queries,
+        experienceInteraction.identifiedUserId
+      );
+
+      const registrationOptions = await webAuthnVerification.generateWebAuthnRegistrationOptions(
+        ctx
+      );
+
+      experienceInteraction.setVerificationRecord(webAuthnVerification);
+
+      await experienceInteraction.save();
+
+      ctx.body = {
+        verificationId: webAuthnVerification.id,
+        registrationOptions,
+      };
+
+      ctx.status = 200;
+
+      return next();
+    }
+  );
+
+  router.post(
+    `${experienceRoutes.verification}/web-authn/registration/verify`,
+    koaGuard({
+      body: z.object({
+        verificationId: z.string(),
+        payload: bindWebAuthnPayloadGuard,
+      }),
+      response: z.object({
+        verificationId: z.string(),
+      }),
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+      const { verificationId, payload } = ctx.guard.body;
+
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
+
+      const webAuthnVerification = experienceInteraction.getVerificationRecordByTypeAndId(
+        VerificationType.WebAuthn,
+        verificationId
+      );
+
+      assertThat(
+        webAuthnVerification.userId === experienceInteraction.identifiedUserId,
+        new RequestError({
+          code: 'session.verification_session_not_found',
+          status: 404,
+        })
+      );
+
+      await webAuthnVerification.verifyWebAuthnRegistration(ctx, payload);
+
+      await experienceInteraction.save();
+
+      ctx.body = {
+        verificationId: webAuthnVerification.id,
+      };
+
+      ctx.status = 200;
+
+      return next();
+    }
+  );
+
+  router.post(
+    `${experienceRoutes.verification}/web-authn/authentication`,
+    koaGuard({
+      response: z.object({
+        verificationId: z.string(),
+        authenticationOptions: webAuthnRegistrationOptionsGuard,
+      }),
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
+
+      const webAuthnVerification = WebAuthnVerification.create(
+        libraries,
+        queries,
+        experienceInteraction.identifiedUserId
+      );
+
+      const authenticationOptions =
+        await webAuthnVerification.generateWebAuthnAuthenticationOptions(ctx);
+
+      experienceInteraction.setVerificationRecord(webAuthnVerification);
+
+      await experienceInteraction.save();
+
+      ctx.body = {
+        verificationId: webAuthnVerification.id,
+        authenticationOptions,
+      };
+
+      ctx.status = 200;
+
+      return next();
+    }
+  );
+
+  router.post(
+    `${experienceRoutes.verification}/web-authn/authentication/verify`,
+    koaGuard({
+      body: z.object({
+        verificationId: z.string(),
+        payload: webAuthnVerificationPayloadGuard,
+      }),
+      response: z.object({
+        verificationId: z.string(),
+      }),
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+      const { verificationId, payload } = ctx.guard.body;
+
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
+
+      const webAuthnVerification = experienceInteraction.getVerificationRecordByTypeAndId(
+        VerificationType.WebAuthn,
+        verificationId
+      );
+
+      assertThat(
+        webAuthnVerification.userId === experienceInteraction.identifiedUserId,
+        new RequestError({
+          code: 'session.verification_session_not_found',
+          status: 404,
+        })
+      );
+
+      await webAuthnVerification.verifyWebAuthnAuthentication(ctx, payload);
+
+      await experienceInteraction.save();
+
+      ctx.body = {
+        verificationId: webAuthnVerification.id,
+      };
+
+      ctx.status = 200;
+
+      return next();
+    }
+  );
+}
diff --git a/packages/core/src/routes/interaction/verifications/mfa-payload-verification.ts b/packages/core/src/routes/interaction/verifications/mfa-payload-verification.ts
index 4fb697516408..460716e252a9 100644
--- a/packages/core/src/routes/interaction/verifications/mfa-payload-verification.ts
+++ b/packages/core/src/routes/interaction/verifications/mfa-payload-verification.ts
@@ -1,22 +1,22 @@
 import {
   MfaFactor,
+  type BackupCodeVerificationPayload,
+  type BindBackupCode,
+  type BindBackupCodePayload,
+  type BindMfa,
+  type BindMfaPayload,
   type BindTotp,
   type BindTotpPayload,
-  type BindMfaPayload,
-  type BindMfa,
+  type BindWebAuthn,
+  type BindWebAuthnPayload,
+  type MfaVerificationBackupCode,
+  type MfaVerifications,
+  type MfaVerificationTotp,
   type TotpVerificationPayload,
   type User,
-  type MfaVerificationTotp,
   type VerifyMfaPayload,
   type VerifyMfaResult,
-  type BindWebAuthn,
-  type BindWebAuthnPayload,
-  type MfaVerifications,
   type WebAuthnVerificationPayload,
-  type BindBackupCode,
-  type BindBackupCodePayload,
-  type MfaVerificationBackupCode,
-  type BackupCodeVerificationPayload,
 } from '@logto/schemas';
 import { pick } from '@silverhand/essentials';
 import { isoBase64URL } from '@simplewebauthn/server/helpers';

From 6477c6deef5c82a3e0516ebde70aadff90942981 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Thu, 25 Jul 2024 17:55:57 +0800
Subject: [PATCH 104/135] feat(schemas): add custom data to application (#6309)

* feat(core,schemas): add application custom data

add application custom data

* test(core): add update application with new custom data test

add update application with new custom data test
---
 .changeset/clever-lemons-yawn.md              | 12 +++++
 packages/core/src/__mocks__/index.ts          | 18 ++++----
 .../application-custom-data.openapi.json      | 24 ++++++++++
 .../applications/application-custom-data.ts   | 33 +++++++++++++
 .../src/routes/applications/application.ts    | 26 ++++++-----
 .../integration-tests/src/api/application.ts  | 19 ++++++--
 .../application-custom-data.test.ts           | 46 +++++++++++++++++++
 ...5392-add-application-custom-data-column.ts | 18 ++++++++
 packages/schemas/src/seeds/application.ts     |  1 +
 packages/schemas/tables/applications.sql      |  1 +
 10 files changed, 174 insertions(+), 24 deletions(-)
 create mode 100644 .changeset/clever-lemons-yawn.md
 create mode 100644 packages/core/src/routes/applications/application-custom-data.openapi.json
 create mode 100644 packages/core/src/routes/applications/application-custom-data.ts
 create mode 100644 packages/integration-tests/src/tests/api/application/application-custom-data.test.ts
 create mode 100644 packages/schemas/alterations/next-1721645392-add-application-custom-data-column.ts

diff --git a/.changeset/clever-lemons-yawn.md b/.changeset/clever-lemons-yawn.md
new file mode 100644
index 000000000000..2185090319a9
--- /dev/null
+++ b/.changeset/clever-lemons-yawn.md
@@ -0,0 +1,12 @@
+---
+"@logto/schemas": minor
+"@logto/core": minor
+---
+
+add `custom_data` to applications
+
+Introduce a new property `custom_data` to the `Application` schema. This property is an arbitrary object that can be used to store custom data for an application.
+
+Added a new API to update the custom data of an application:
+
+- `PATCH /applications/:applicationId/custom-data`
diff --git a/packages/core/src/__mocks__/index.ts b/packages/core/src/__mocks__/index.ts
index bd093c9ebd05..4ac19901871e 100644
--- a/packages/core/src/__mocks__/index.ts
+++ b/packages/core/src/__mocks__/index.ts
@@ -4,32 +4,32 @@ import type {
   Application,
   ApplicationsRole,
   LogtoConfig,
-  Passcode,
   OidcConfigKey,
+  Passcode,
   Resource,
   Role,
   Scope,
   UsersRole,
 } from '@logto/schemas';
 import {
-  RoleType,
   ApplicationType,
-  LogtoOidcConfigKey,
   DomainStatus,
-  LogtoJwtTokenKey,
   internalPrefix,
+  LogtoJwtTokenKey,
+  LogtoOidcConfigKey,
+  RoleType,
 } from '@logto/schemas';
 
 import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
 import { mockId } from '#src/test-utils/nanoid.js';
 
-export * from './connector.js';
-export * from './sign-in-experience.js';
 export * from './cloud-connection.js';
-export * from './user.js';
+export * from './connector.js';
 export * from './domain.js';
-export * from './sso.js';
 export * from './protected-app.js';
+export * from './sign-in-experience.js';
+export * from './sso.js';
+export * from './user.js';
 
 export const mockApplication: Application = {
   tenantId: 'fake_tenant',
@@ -50,6 +50,7 @@ export const mockApplication: Application = {
   protectedAppMetadata: null,
   isThirdParty: false,
   createdAt: 1_645_334_775_356,
+  customData: {},
 };
 
 export const mockProtectedApplication: Omit<Application, 'protectedAppMetadata'> & {
@@ -78,6 +79,7 @@ export const mockProtectedApplication: Omit<Application, 'protectedAppMetadata'>
   },
   isThirdParty: false,
   createdAt: 1_645_334_775_356,
+  customData: {},
 };
 
 export const mockCustomDomain = {
diff --git a/packages/core/src/routes/applications/application-custom-data.openapi.json b/packages/core/src/routes/applications/application-custom-data.openapi.json
new file mode 100644
index 000000000000..dd4bd878e337
--- /dev/null
+++ b/packages/core/src/routes/applications/application-custom-data.openapi.json
@@ -0,0 +1,24 @@
+{
+  "paths": {
+    "/api/applications/{applicationId}/custom-data": {
+      "patch": {
+        "summary": "Update application custom data",
+        "description": "Update the custom data of an application.",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "description": "An arbitrary JSON object."
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "The updated custom data in JSON."
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/packages/core/src/routes/applications/application-custom-data.ts b/packages/core/src/routes/applications/application-custom-data.ts
new file mode 100644
index 000000000000..6af47260b2f8
--- /dev/null
+++ b/packages/core/src/routes/applications/application-custom-data.ts
@@ -0,0 +1,33 @@
+import { jsonObjectGuard } from '@logto/connector-kit';
+import { z } from 'zod';
+
+import koaGuard from '#src/middleware/koa-guard.js';
+
+import { type ManagementApiRouter, type RouterInitArgs } from '../types.js';
+
+export default function applicationCustomDataRoutes<T extends ManagementApiRouter>(
+  ...[router, { queries }]: RouterInitArgs<T>
+) {
+  router.patch(
+    '/applications/:applicationId/custom-data',
+    koaGuard({
+      params: z.object({ applicationId: z.string() }),
+      body: jsonObjectGuard,
+      response: jsonObjectGuard,
+    }),
+    async (ctx, next) => {
+      const { applicationId } = ctx.guard.params;
+      const patchPayload = ctx.guard.body;
+
+      const { customData } = await queries.applications.findApplicationById(applicationId);
+
+      const application = await queries.applications.updateApplicationById(applicationId, {
+        customData: { ...customData, ...patchPayload },
+      });
+
+      ctx.body = application.customData;
+
+      return next();
+    }
+  );
+}
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 05d92c84c0e5..6afa1b2528e1 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -1,11 +1,11 @@
 import type { Role } from '@logto/schemas';
 import {
-  demoAppApplicationId,
-  buildDemoAppDataForTenant,
-  InternalRole,
-  ApplicationType,
   Applications,
+  ApplicationType,
+  buildDemoAppDataForTenant,
+  demoAppApplicationId,
   hasSecrets,
+  InternalRole,
 } from '@logto/schemas';
 import { generateStandardId, generateStandardSecret } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
@@ -21,6 +21,7 @@ import { parseSearchParamsForSearch } from '#src/utils/search.js';
 
 import type { ManagementApiRouter, RouterInitArgs } from '../types.js';
 
+import applicationCustomDataRoutes from './application-custom-data.js';
 import { generateInternalSecret } from './application-secret.js';
 import { applicationCreateGuard, applicationPatchGuard } from './types.js';
 
@@ -38,15 +39,14 @@ const parseIsThirdPartQueryParam = (isThirdPartyQuery: 'true' | 'false' | undefi
 const applicationTypeGuard = z.nativeEnum(ApplicationType);
 
 export default function applicationRoutes<T extends ManagementApiRouter>(
-  ...[
-    router,
-    {
-      queries,
-      id: tenantId,
-      libraries: { quota, protectedApps },
-    },
-  ]: RouterInitArgs<T>
+  ...[router, tenant]: RouterInitArgs<T>
 ) {
+  const {
+    queries,
+    id: tenantId,
+    libraries: { quota, protectedApps },
+  } = tenant;
+
   router.get(
     '/applications',
     koaPagination({ isOptional: true }),
@@ -346,4 +346,6 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       return next();
     }
   );
+
+  applicationCustomDataRoutes(router, tenant);
 }
diff --git a/packages/integration-tests/src/api/application.ts b/packages/integration-tests/src/api/application.ts
index 522c71765ade..c0f68b989ec7 100644
--- a/packages/integration-tests/src/api/application.ts
+++ b/packages/integration-tests/src/api/application.ts
@@ -1,13 +1,13 @@
 import {
   ApplicationType,
   type Application,
+  type ApplicationSecret,
   type CreateApplication,
+  type CreateApplicationSecret,
   type OidcClientMetadata,
-  type Role,
-  type ProtectedAppMetadata,
   type OrganizationWithRoles,
-  type CreateApplicationSecret,
-  type ApplicationSecret,
+  type ProtectedAppMetadata,
+  type Role,
 } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
 
@@ -150,3 +150,14 @@ export const deleteApplicationSecret = async (applicationId: string, secretName:
 
 export const deleteLegacyApplicationSecret = async (applicationId: string) =>
   authedAdminApi.delete(`applications/${applicationId}/legacy-secret`);
+
+export const patchApplicationCustomData = async (
+  applicationId: string,
+  customData: Record<string, unknown>
+) => {
+  return authedAdminApi
+    .patch(`applications/${applicationId}/custom-data`, {
+      json: customData,
+    })
+    .json<Record<string, unknown>>();
+};
diff --git a/packages/integration-tests/src/tests/api/application/application-custom-data.test.ts b/packages/integration-tests/src/tests/api/application/application-custom-data.test.ts
new file mode 100644
index 000000000000..508ec08a09c2
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/application/application-custom-data.test.ts
@@ -0,0 +1,46 @@
+import { ApplicationType } from '@logto/schemas';
+
+import {
+  createApplication,
+  deleteApplication,
+  getApplication,
+  patchApplicationCustomData,
+  updateApplication,
+} from '#src/api/application.js';
+
+describe('application custom data API', () => {
+  it('should patch application custom data successfully', async () => {
+    const applicationName = 'test-create-app';
+    const applicationType = ApplicationType.SPA;
+    const application = await createApplication(applicationName, applicationType);
+
+    const customData = { key: 'value' };
+    const result = await patchApplicationCustomData(application.id, customData);
+
+    expect(result.key).toEqual(customData.key);
+
+    const fetchedApplication = await getApplication(application.id);
+
+    expect(fetchedApplication.customData.key).toEqual(customData.key);
+
+    await deleteApplication(application.id);
+  });
+
+  it('should put application custom data successfully', async () => {
+    const applicationName = 'test-create-app';
+    const applicationType = ApplicationType.SPA;
+    const application = await createApplication(applicationName, applicationType);
+    const customData = { key: 'foo' };
+
+    const result = await patchApplicationCustomData(application.id, customData);
+
+    expect(result.key).toEqual(customData.key);
+
+    await updateApplication(application.id, {
+      customData: { key: 'bar' },
+    });
+
+    const fetchedApplication = await getApplication(application.id);
+    expect(fetchedApplication.customData.key).toEqual('bar');
+  });
+});
diff --git a/packages/schemas/alterations/next-1721645392-add-application-custom-data-column.ts b/packages/schemas/alterations/next-1721645392-add-application-custom-data-column.ts
new file mode 100644
index 000000000000..543948586e93
--- /dev/null
+++ b/packages/schemas/alterations/next-1721645392-add-application-custom-data-column.ts
@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table applications add column custom_data jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table applications drop column custom_data;
+    `);
+  },
+};
+
+export default alteration;
diff --git a/packages/schemas/src/seeds/application.ts b/packages/schemas/src/seeds/application.ts
index b62f530a5b28..6d61c4856b29 100644
--- a/packages/schemas/src/seeds/application.ts
+++ b/packages/schemas/src/seeds/application.ts
@@ -30,6 +30,7 @@ export const buildDemoAppDataForTenant = (tenantId: string): Application => ({
   protectedAppMetadata: null,
   isThirdParty: false,
   createdAt: 0,
+  customData: {},
 });
 
 export const createDefaultAdminConsoleApplication = (): Readonly<CreateApplication> =>
diff --git a/packages/schemas/tables/applications.sql b/packages/schemas/tables/applications.sql
index ca7a70a6d004..3c8cfd313132 100644
--- a/packages/schemas/tables/applications.sql
+++ b/packages/schemas/tables/applications.sql
@@ -13,6 +13,7 @@ create table applications (
   oidc_client_metadata jsonb /* @use OidcClientMetadata */ not null,
   custom_client_metadata jsonb /* @use CustomClientMetadata */ not null default '{}'::jsonb,
   protected_app_metadata jsonb /* @use ProtectedAppMetadata */,
+  custom_data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
   is_third_party boolean not null default false,
   created_at timestamptz not null default(now()),
   primary key (id)

From e76d4e6e5359b0d0390c76a35f48feb026bf55b7 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Thu, 25 Jul 2024 17:59:48 +0800
Subject: [PATCH 105/135] refactor(console): increase custom ui assets upload
 timeout to 5 mins (#6319)

refactor(console): increase custom ui assets upload timeout to 5mins
---
 .../src/components/CustomUiAssetsUploader/index.tsx      | 3 +++
 .../src/ds-components/Uploader/FileUploader/index.tsx    | 9 ++++++++-
 packages/console/src/hooks/use-api.ts                    | 5 ++++-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.tsx b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
index 070cdbdc025d..498721dd2b7b 100644
--- a/packages/console/src/components/CustomUiAssetsUploader/index.tsx
+++ b/packages/console/src/components/CustomUiAssetsUploader/index.tsx
@@ -13,6 +13,8 @@ import FileIcon from '../FileIcon';
 
 import styles from './index.module.scss';
 
+const requestTimeout = 300_000; // 5 minutes
+
 type Props = {
   // eslint-disable-next-line react/boolean-prop-naming
   readonly disabled?: boolean;
@@ -51,6 +53,7 @@ function CustomUiAssetsUploader({ disabled, value, onChange }: Props) {
   if (showUploader) {
     return (
       <FileUploader<{ customUiAssetId: string }>
+        defaultApiInstanceTimeout={requestTimeout}
         disabled={disabled}
         allowedMimeTypes={allowedMimeTypes}
         maxSize={maxUploadFileSize}
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
index 4110aee0ac64..7183266a6aeb 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
@@ -18,6 +18,11 @@ export type Props<T extends Record<string, unknown> = UserAssets> = {
   // eslint-disable-next-line react/boolean-prop-naming
   readonly disabled?: boolean;
   readonly maxSize: number; // In bytes
+  /**
+   * The timeout for the default api instance, in milliseconds.
+   * Will not be applied if a custom API instance is provided.
+   */
+  readonly defaultApiInstanceTimeout?: number;
   readonly allowedMimeTypes: AllowedUploadMimeType[];
   readonly actionDescription?: string;
   readonly onCompleted: (response: T) => void;
@@ -25,6 +30,7 @@ export type Props<T extends Record<string, unknown> = UserAssets> = {
   readonly className?: string;
   /**
    * Specify which API instance to use for the upload request. For example, you can use admin tenant API instead.
+   * The `timeout` prop will not be applied to this instance.
    * Defaults to the return value of `useApi()`.
    */
   readonly apiInstance?: KyInstance;
@@ -37,6 +43,7 @@ export type Props<T extends Record<string, unknown> = UserAssets> = {
 function FileUploader<T extends Record<string, unknown> = UserAssets>({
   disabled,
   maxSize,
+  defaultApiInstanceTimeout,
   allowedMimeTypes,
   actionDescription,
   onCompleted,
@@ -57,7 +64,7 @@ function FileUploader<T extends Record<string, unknown> = UserAssets>({
     };
   }, [onUploadErrorChange, uploadError]);
 
-  const api = useApi();
+  const api = useApi({ timeout: defaultApiInstanceTimeout });
 
   const onDrop = useCallback(
     async (acceptedFiles: File[] = [], fileRejection: FileRejection[] = []) => {
diff --git a/packages/console/src/hooks/use-api.ts b/packages/console/src/hooks/use-api.ts
index 2bb1445595f7..747fab8ff14c 100644
--- a/packages/console/src/hooks/use-api.ts
+++ b/packages/console/src/hooks/use-api.ts
@@ -40,6 +40,7 @@ export type StaticApiProps = {
   prefixUrl?: URL;
   hideErrorToast?: boolean | LogtoErrorCode[];
   resourceIndicator: string;
+  timeout?: number;
 };
 
 const useGlobalRequestErrorHandler = (toastDisabledErrorCodes?: LogtoErrorCode[]) => {
@@ -110,6 +111,7 @@ export const useStaticApi = ({
   prefixUrl,
   hideErrorToast,
   resourceIndicator,
+  timeout = requestTimeout,
 }: StaticApiProps): KyInstance => {
   const { isAuthenticated, getAccessToken, getOrganizationToken } = useLogto();
   const { i18n } = useTranslation(undefined, { keyPrefix: 'admin_console' });
@@ -125,7 +127,7 @@ export const useStaticApi = ({
     () =>
       ky.create({
         prefixUrl,
-        timeout: requestTimeout,
+        timeout,
         hooks: {
           beforeError: conditionalArray(
             !disableGlobalErrorHandling &&
@@ -156,6 +158,7 @@ export const useStaticApi = ({
       getOrganizationToken,
       getAccessToken,
       i18n.language,
+      timeout,
     ]
   );
 

From 9dac30b6600666c98352f3de82eaa57120819c1d Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Mon, 15 Jul 2024 11:32:24 +0800
Subject: [PATCH 106/135] refactor: update logto/core cloud API usage

---
 packages/core/src/libraries/quota.ts          | 121 +++++++++++++++++-
 .../core/src/middleware/koa-quota-guard.ts    |  22 +++-
 .../src/routes/applications/application.ts    |  22 +++-
 packages/core/src/routes/connector/index.ts   |   5 +-
 packages/core/src/routes/domain.ts            |   8 +-
 packages/core/src/routes/hook.ts              |   7 +-
 .../src/routes/logto-config/jwt-customizer.ts |  14 +-
 .../src/routes/organization-role/index.ts     |   9 +-
 .../src/routes/organization-scope/index.ts    |   9 +-
 .../core/src/routes/organization/index.ts     |   9 +-
 packages/core/src/routes/resource.scope.ts    |   5 +-
 packages/core/src/routes/resource.ts          |   7 +-
 packages/core/src/routes/role.scope.ts        |   5 +-
 packages/core/src/routes/role.ts              |  16 ++-
 .../src/routes/sign-in-experience/index.ts    |   8 +-
 .../core/src/routes/sso-connector/index.ts    |   7 +-
 packages/core/src/routes/subject-token.ts     |   4 +-
 packages/core/src/test-utils/quota.ts         |   2 +
 packages/core/src/utils/subscription/index.ts |  30 ++++-
 packages/core/src/utils/subscription/types.ts |  20 +++
 20 files changed, 295 insertions(+), 35 deletions(-)

diff --git a/packages/core/src/libraries/quota.ts b/packages/core/src/libraries/quota.ts
index 13f69429cb59..e82b67569837 100644
--- a/packages/core/src/libraries/quota.ts
+++ b/packages/core/src/libraries/quota.ts
@@ -5,8 +5,12 @@ import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
-import { getTenantSubscriptionPlan } from '#src/utils/subscription/index.js';
-import { type FeatureQuota } from '#src/utils/subscription/types.js';
+import {
+  getTenantSubscriptionPlan,
+  getTenantSubscriptionQuotaAndUsage,
+  getTenantSubscriptionScopeUsage,
+} from '#src/utils/subscription/index.js';
+import { type SubscriptionQuota, type FeatureQuota } from '#src/utils/subscription/types.js';
 
 import { type CloudConnectionLibrary } from './cloud-connection.js';
 import { type ConnectorLibrary } from './connector.js';
@@ -33,6 +37,7 @@ export const createQuotaLibrary = (
 
   const { getLogtoConnectors } = connectorLibrary;
 
+  /** @deprecated */
   const tenantUsageQueries: Record<
     keyof FeatureQuota,
     (queryKey?: string) => Promise<{ count: number }>
@@ -77,6 +82,7 @@ export const createQuotaLibrary = (
     bringYourUiEnabled: notNumber,
   };
 
+  /** @deprecated */
   const getTenantUsage = async (key: keyof FeatureQuota, queryKey?: string): Promise<number> => {
     const query = tenantUsageQueries[key];
     const { count } = await query(queryKey);
@@ -84,6 +90,7 @@ export const createQuotaLibrary = (
     return count;
   };
 
+  /** @deprecated */
   const guardKey = async (key: keyof FeatureQuota, queryKey?: string) => {
     const { isCloud, isIntegrationTest } = EnvSet.values;
 
@@ -136,5 +143,113 @@ export const createQuotaLibrary = (
     }
   };
 
-  return { guardKey };
+  // `SubscriptionQuota` and `SubscriptionUsage` are sharing keys.
+  const newGuardKey = async (key: keyof SubscriptionQuota) => {
+    const { isCloud, isIntegrationTest } = EnvSet.values;
+
+    // Cloud only feature, skip in non-cloud environments
+    if (!isCloud) {
+      return;
+    }
+
+    // Disable in integration tests
+    if (isIntegrationTest) {
+      return;
+    }
+
+    const { quota: fullQuota, usage: fullUsage } = await getTenantSubscriptionQuotaAndUsage(
+      cloudConnection
+    );
+    const { [key]: limit } = fullQuota;
+    const { [key]: usage } = fullUsage;
+
+    if (limit === null) {
+      return;
+    }
+
+    if (typeof limit === 'boolean') {
+      assertThat(
+        limit,
+        new RequestError({
+          code: 'subscription.limit_exceeded',
+          status: 403,
+          data: {
+            key,
+          },
+        })
+      );
+    } else if (typeof limit === 'number') {
+      // See the definition of `SubscriptionQuota` and `SubscriptionUsage` in `types.ts`, this should never happen.
+      assertThat(
+        typeof usage === 'number',
+        new TypeError('Usage must be with the same type as the limit.')
+      );
+
+      assertThat(
+        usage < limit,
+        new RequestError({
+          code: 'subscription.limit_exceeded',
+          status: 403,
+          data: {
+            key,
+            limit,
+            usage,
+          },
+        })
+      );
+    } else {
+      throw new TypeError('Unsupported subscription quota type');
+    }
+  };
+
+  const scopesGuardKey = async (entityName: 'resources' | 'roles', entityId: string) => {
+    const { isCloud, isIntegrationTest } = EnvSet.values;
+
+    // Cloud only feature, skip in non-cloud environments
+    if (!isCloud) {
+      return;
+    }
+
+    // Disable in integration tests
+    if (isIntegrationTest) {
+      return;
+    }
+
+    const {
+      quota: { scopesPerResourceLimit, scopesPerRoleLimit },
+    } = await getTenantSubscriptionQuotaAndUsage(cloudConnection);
+    const scopeUsages = await getTenantSubscriptionScopeUsage(cloudConnection, entityName);
+    const usage = scopeUsages[entityId] ?? 0;
+
+    if (entityName === 'resources') {
+      assertThat(
+        scopesPerResourceLimit === null || scopesPerResourceLimit > usage,
+        new RequestError({
+          code: 'subscription.limit_exceeded',
+          status: 403,
+          data: {
+            key: 'scopesPerResourceLimit',
+            limit: scopesPerResourceLimit,
+            usage,
+          },
+        })
+      );
+      return;
+    }
+
+    assertThat(
+      scopesPerRoleLimit === null || scopesPerRoleLimit > usage,
+      new RequestError({
+        code: 'subscription.limit_exceeded',
+        status: 403,
+        data: {
+          key: 'scopesPerRoleLimit',
+          limit: scopesPerRoleLimit,
+          usage,
+        },
+      })
+    );
+  };
+
+  return { guardKey, newGuardKey, scopesGuardKey };
 };
diff --git a/packages/core/src/middleware/koa-quota-guard.ts b/packages/core/src/middleware/koa-quota-guard.ts
index 7790b85775cf..9241e8b7e6e6 100644
--- a/packages/core/src/middleware/koa-quota-guard.ts
+++ b/packages/core/src/middleware/koa-quota-guard.ts
@@ -1,10 +1,11 @@
 import type { MiddlewareType } from 'koa';
 
 import { type QuotaLibrary } from '#src/libraries/quota.js';
-import { type FeatureQuota } from '#src/utils/subscription/types.js';
+import { type SubscriptionQuota, type FeatureQuota } from '#src/utils/subscription/types.js';
 
 type Method = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'COPY' | 'HEAD' | 'OPTIONS';
 
+/** @deprecated */
 type UsageGuardConfig = {
   key: keyof FeatureQuota;
   quota: QuotaLibrary;
@@ -12,6 +13,11 @@ type UsageGuardConfig = {
   methods?: Method[];
 };
 
+type NewUsageGuardConfig = Omit<UsageGuardConfig, 'key'> & {
+  key: keyof SubscriptionQuota;
+};
+
+/** @deprecated */
 export default function koaQuotaGuard<StateT, ContextT, ResponseBodyT>({
   key,
   quota,
@@ -25,3 +31,17 @@ export default function koaQuotaGuard<StateT, ContextT, ResponseBodyT>({
     return next();
   };
 }
+
+export function newKoaQuotaGuard<StateT, ContextT, ResponseBodyT>({
+  key,
+  quota,
+  methods,
+}: NewUsageGuardConfig): MiddlewareType<StateT, ContextT, ResponseBodyT> {
+  return async (ctx, next) => {
+    // eslint-disable-next-line no-restricted-syntax
+    if (!methods || methods.includes(ctx.method.toUpperCase() as Method)) {
+      await quota.newGuardKey(key);
+    }
+    return next();
+  };
+}
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 6afa1b2528e1..7116582276df 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -1,3 +1,5 @@
+// TODO: @darcyYe refactor this file later to remove disable max line comment
+/* eslint-disable max-lines */
 import type { Role } from '@logto/schemas';
 import {
   Applications,
@@ -146,13 +148,26 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       response: Applications.guard,
       status: [200, 400, 422, 500],
     }),
+    // eslint-disable-next-line complexity
     async (ctx, next) => {
       const { oidcClientMetadata, protectedAppMetadata, ...rest } = ctx.guard.body;
 
+      const {
+        values: { isDevFeaturesEnabled },
+      } = EnvSet;
+
       await Promise.all([
-        rest.type === ApplicationType.MachineToMachine && quota.guardKey('machineToMachineLimit'),
-        rest.isThirdParty && quota.guardKey('thirdPartyApplicationsLimit'),
-        quota.guardKey('applicationsLimit'),
+        rest.type === ApplicationType.MachineToMachine &&
+          (isDevFeaturesEnabled
+            ? quota.newGuardKey('machineToMachineLimit')
+            : quota.guardKey('machineToMachineLimit')),
+        rest.isThirdParty &&
+          (isDevFeaturesEnabled
+            ? quota.newGuardKey('thirdPartyApplicationsLimit')
+            : quota.guardKey('thirdPartyApplicationsLimit')),
+        isDevFeaturesEnabled
+          ? quota.newGuardKey('applicationsLimit')
+          : quota.guardKey('applicationsLimit'),
       ]);
 
       assertThat(
@@ -349,3 +364,4 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
 
   applicationCustomDataRoutes(router, tenant);
 }
+/* eslint-enable max-lines */
diff --git a/packages/core/src/routes/connector/index.ts b/packages/core/src/routes/connector/index.ts
index 2cb3c9a688b1..76a2e90d14ab 100644
--- a/packages/core/src/routes/connector/index.ts
+++ b/packages/core/src/routes/connector/index.ts
@@ -7,6 +7,7 @@ import { conditional } from '@silverhand/essentials';
 import cleanDeep from 'clean-deep';
 import { string, object } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import { type QuotaLibrary } from '#src/libraries/quota.js';
 import koaGuard from '#src/middleware/koa-guard.js';
@@ -26,7 +27,9 @@ const guardConnectorsQuota = async (
   quota: QuotaLibrary
 ) => {
   if (factory.type === ConnectorType.Social) {
-    await quota.guardKey('socialConnectorsLimit');
+    await (EnvSet.values.isDevFeaturesEnabled
+      ? quota.newGuardKey('socialConnectorsLimit')
+      : quota.guardKey('socialConnectorsLimit'));
   }
 };
 
diff --git a/packages/core/src/routes/domain.ts b/packages/core/src/routes/domain.ts
index 6a394d3af722..1b88ee896189 100644
--- a/packages/core/src/routes/domain.ts
+++ b/packages/core/src/routes/domain.ts
@@ -2,6 +2,7 @@ import { Domains, domainResponseGuard, domainSelectFields } from '@logto/schemas
 import { pick } from '@silverhand/essentials';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
@@ -56,7 +57,12 @@ export default function domainRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/domains',
-    koaQuotaGuard({ key: 'customDomainEnabled', quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? // We removed custom domain paywall in new pricing model
+        async (ctx, next) => {
+          return next();
+        }
+      : koaQuotaGuard({ key: 'customDomainEnabled', quota }),
     koaGuard({
       body: Domains.createGuard.pick({ domain: true }),
       response: domainResponseGuard,
diff --git a/packages/core/src/routes/hook.ts b/packages/core/src/routes/hook.ts
index 34755c6c711e..e3dc0920b83f 100644
--- a/packages/core/src/routes/hook.ts
+++ b/packages/core/src/routes/hook.ts
@@ -14,10 +14,11 @@ import { conditional, deduplicate, yes } from '@silverhand/essentials';
 import { subDays } from 'date-fns';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import { type AllowedKeyPrefix } from '#src/queries/log.js';
 import assertThat from '#src/utils/assert-that.js';
 
@@ -157,7 +158,9 @@ export default function hookRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/hooks',
-    koaQuotaGuard({ key: 'hooksLimit', quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'hooksLimit', quota })
+      : koaQuotaGuard({ key: 'hooksLimit', quota }),
     koaGuard({
       body: Hooks.createGuard.omit({ id: true, signingKey: true }).extend({
         event: hookEventGuard.optional(),
diff --git a/packages/core/src/routes/logto-config/jwt-customizer.ts b/packages/core/src/routes/logto-config/jwt-customizer.ts
index 437601a0af40..31c63d38ba61 100644
--- a/packages/core/src/routes/logto-config/jwt-customizer.ts
+++ b/packages/core/src/routes/logto-config/jwt-customizer.ts
@@ -16,7 +16,7 @@ import { EnvSet } from '#src/env-set/index.js';
 import RequestError, { formatZodError } from '#src/errors/RequestError/index.js';
 import { JwtCustomizerLibrary } from '#src/libraries/jwt-customizer.js';
 import koaGuard, { parse } from '#src/middleware/koa-guard.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import { getConsoleLogFromContext } from '#src/utils/console.js';
 
 import type { ManagementApiRouter, RouterInitArgs } from '../types.js';
@@ -61,7 +61,9 @@ export default function logtoConfigJwtCustomizerRoutes<T extends ManagementApiRo
       response: accessTokenJwtCustomizerGuard.or(clientCredentialsJwtCustomizerGuard),
       status: [200, 201, 400, 403],
     }),
-    koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota })
+      : koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
     async (ctx, next) => {
       const { isCloud, isIntegrationTest } = EnvSet.values;
       if (tenantId === adminTenantId && isCloud && !isIntegrationTest) {
@@ -112,7 +114,9 @@ export default function logtoConfigJwtCustomizerRoutes<T extends ManagementApiRo
       response: accessTokenJwtCustomizerGuard.or(clientCredentialsJwtCustomizerGuard),
       status: [200, 400, 404],
     }),
-    koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota })
+      : koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
     async (ctx, next) => {
       const { isIntegrationTest } = EnvSet.values;
 
@@ -215,7 +219,9 @@ export default function logtoConfigJwtCustomizerRoutes<T extends ManagementApiRo
       response: jsonObjectGuard,
       status: [200, 400, 403, 422],
     }),
-    koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota })
+      : koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
     async (ctx, next) => {
       const { body } = ctx.guard;
 
diff --git a/packages/core/src/routes/organization-role/index.ts b/packages/core/src/routes/organization-role/index.ts
index 44ba5404b92b..84fef012ce78 100644
--- a/packages/core/src/routes/organization-role/index.ts
+++ b/packages/core/src/routes/organization-role/index.ts
@@ -8,10 +8,11 @@ import {
 import { generateStandardId } from '@logto/shared';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import { buildManagementApiContext } from '#src/libraries/hook/utils.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import { organizationRoleSearchKeys } from '#src/queries/organization/index.js';
 import SchemaRouter from '#src/utils/SchemaRouter.js';
 import { parseSearchOptions } from '#src/utils/search.js';
@@ -44,7 +45,11 @@ export default function organizationRoleRoutes<T extends ManagementApiRouter>(
     unknown,
     ManagementApiRouterContext
   >(OrganizationRoles, roles, {
-    middlewares: [koaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] })],
+    middlewares: [
+      EnvSet.values.isDevFeaturesEnabled
+        ? newKoaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] })
+        : koaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] }),
+    ],
     disabled: { get: true, post: true },
     errorHandler,
     searchFields: ['name'],
diff --git a/packages/core/src/routes/organization-scope/index.ts b/packages/core/src/routes/organization-scope/index.ts
index f86f07ab5210..5d40fc6c55f0 100644
--- a/packages/core/src/routes/organization-scope/index.ts
+++ b/packages/core/src/routes/organization-scope/index.ts
@@ -1,6 +1,7 @@
 import { OrganizationScopes } from '@logto/schemas';
 
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import { EnvSet } from '#src/env-set/index.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import SchemaRouter from '#src/utils/SchemaRouter.js';
 
 import { errorHandler } from '../organization/utils.js';
@@ -18,7 +19,11 @@ export default function organizationScopeRoutes<T extends ManagementApiRouter>(
   ]: RouterInitArgs<T>
 ) {
   const router = new SchemaRouter(OrganizationScopes, scopes, {
-    middlewares: [koaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] })],
+    middlewares: [
+      EnvSet.values.isDevFeaturesEnabled
+        ? newKoaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] })
+        : koaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] }),
+    ],
     errorHandler,
     searchFields: ['name'],
   });
diff --git a/packages/core/src/routes/organization/index.ts b/packages/core/src/routes/organization/index.ts
index cf0916813931..b548485a7209 100644
--- a/packages/core/src/routes/organization/index.ts
+++ b/packages/core/src/routes/organization/index.ts
@@ -2,9 +2,10 @@ import { type OrganizationWithFeatured, Organizations, featuredUserGuard } from
 import { yes } from '@silverhand/essentials';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import SchemaRouter from '#src/utils/SchemaRouter.js';
 import { parseSearchOptions } from '#src/utils/search.js';
 
@@ -30,7 +31,11 @@ export default function organizationRoutes<T extends ManagementApiRouter>(
   ] = args;
 
   const router = new SchemaRouter(Organizations, organizations, {
-    middlewares: [koaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] })],
+    middlewares: [
+      EnvSet.values.isDevFeaturesEnabled
+        ? newKoaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] })
+        : koaQuotaGuard({ key: 'organizationsEnabled', quota, methods: ['POST', 'PUT'] }),
+    ],
     errorHandler,
     searchFields: ['name'],
     disabled: { get: true },
diff --git a/packages/core/src/routes/resource.scope.ts b/packages/core/src/routes/resource.scope.ts
index f3905bdbbcb7..584a527c57eb 100644
--- a/packages/core/src/routes/resource.scope.ts
+++ b/packages/core/src/routes/resource.scope.ts
@@ -3,6 +3,7 @@ import { generateStandardId } from '@logto/shared';
 import { tryThat } from '@silverhand/essentials';
 import { object, string } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
@@ -89,7 +90,9 @@ export default function resourceScopeRoutes<T extends ManagementApiRouter>(
         body,
       } = ctx.guard;
 
-      await quota.guardKey('scopesPerResourceLimit', resourceId);
+      await (EnvSet.values.isDevFeaturesEnabled
+        ? quota.scopesGuardKey('resources', resourceId)
+        : quota.guardKey('scopesPerResourceLimit', resourceId));
 
       assertThat(!/\s/.test(body.name), 'scope.name_with_space');
 
diff --git a/packages/core/src/routes/resource.ts b/packages/core/src/routes/resource.ts
index 6d2bd88ca301..1553cb5c7a26 100644
--- a/packages/core/src/routes/resource.ts
+++ b/packages/core/src/routes/resource.ts
@@ -3,10 +3,11 @@ import { generateStandardId } from '@logto/shared';
 import { yes } from '@silverhand/essentials';
 import { boolean, object, string } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import assertThat from '#src/utils/assert-that.js';
 import { attachScopesToResources } from '#src/utils/resource.js';
 
@@ -76,7 +77,9 @@ export default function resourceRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/resources',
-    koaQuotaGuard({ key: 'resourcesLimit', quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'resourcesLimit', quota })
+      : koaQuotaGuard({ key: 'resourcesLimit', quota }),
     koaGuard({
       // Intentionally omit `isDefault` since it'll affect other rows.
       // Use the dedicated API `PATCH /resources/:id/is-default` to update.
diff --git a/packages/core/src/routes/role.scope.ts b/packages/core/src/routes/role.scope.ts
index e5d97065a8af..c716cbba8afe 100644
--- a/packages/core/src/routes/role.scope.ts
+++ b/packages/core/src/routes/role.scope.ts
@@ -3,6 +3,7 @@ import { generateStandardId } from '@logto/shared';
 import { tryThat } from '@silverhand/essentials';
 import { object, string } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
@@ -93,7 +94,9 @@ export default function roleScopeRoutes<T extends ManagementApiRouter>(
         body: { scopeIds },
       } = ctx.guard;
 
-      await quota.guardKey('scopesPerRoleLimit', id);
+      await (EnvSet.values.isDevFeaturesEnabled
+        ? quota.scopesGuardKey('roles', id)
+        : quota.guardKey('scopesPerRoleLimit', id));
 
       await validateRoleScopeAssignment(scopeIds, id);
       await insertRolesScopes(
diff --git a/packages/core/src/routes/role.ts b/packages/core/src/routes/role.ts
index 5d072f9fccfb..5f30519af789 100644
--- a/packages/core/src/routes/role.ts
+++ b/packages/core/src/routes/role.ts
@@ -4,6 +4,7 @@ import { generateStandardId } from '@logto/shared';
 import { pickState, trySafe, tryThat } from '@silverhand/essentials';
 import { number, object, string, z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import { buildManagementApiContext } from '#src/libraries/hook/utils.js';
 import koaGuard from '#src/middleware/koa-guard.js';
@@ -150,9 +151,18 @@ export default function roleRoutes<T extends ManagementApiRouter>(
       // `rolesLimit` is actually the limit of user roles, keep this name for backward compatibility.
       // We have optional `type` when creating a new role, if `type` is not provided, use `User` as default.
       // `machineToMachineRolesLimit` is the limit of machine to machine roles, and is independent to `rolesLimit`.
-      await quota.guardKey(
-        roleBody.type === RoleType.MachineToMachine ? 'machineToMachineRolesLimit' : 'rolesLimit'
-      );
+      await (EnvSet.values.isDevFeaturesEnabled
+        ? quota.newGuardKey(
+            roleBody.type === RoleType.MachineToMachine
+              ? 'machineToMachineRolesLimit'
+              : // In new pricing model, we rename `rolesLimit` to `userRolesLimit`, which is easier to be distinguished from `machineToMachineRolesLimit`.
+                'userRolesLimit'
+          )
+        : quota.guardKey(
+            roleBody.type === RoleType.MachineToMachine
+              ? 'machineToMachineRolesLimit'
+              : 'rolesLimit'
+          ));
 
       assertThat(
         !(await findRoleByRoleName(roleBody.name)),
diff --git a/packages/core/src/routes/sign-in-experience/index.ts b/packages/core/src/routes/sign-in-experience/index.ts
index 9700158cdccc..46c9d32c7ec7 100644
--- a/packages/core/src/routes/sign-in-experience/index.ts
+++ b/packages/core/src/routes/sign-in-experience/index.ts
@@ -2,6 +2,7 @@ import { DemoConnector } from '@logto/connector-kit';
 import { ConnectorType, SignInExperiences } from '@logto/schemas';
 import { literal, object, string, z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import { validateSignUp, validateSignIn } from '#src/libraries/sign-in-experience/index.js';
 import { validateMfa } from '#src/libraries/sign-in-experience/mfa.js';
 import koaGuard from '#src/middleware/koa-guard.js';
@@ -18,7 +19,7 @@ export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
   const { deleteConnectorById } = queries.connectors;
   const {
     signInExperiences: { validateLanguageInfo },
-    quota: { guardKey },
+    quota: { guardKey, newGuardKey },
   } = libraries;
   const { getLogtoConnectors } = connectors;
 
@@ -55,6 +56,7 @@ export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
       response: SignInExperiences.guard,
       status: [200, 400, 404, 422],
     }),
+    // eslint-disable-next-line complexity
     async (ctx, next) => {
       const {
         query: { removeUnusedDemoSocialConnector },
@@ -89,7 +91,9 @@ export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
 
       if (mfa) {
         if (mfa.factors.length > 0) {
-          await guardKey('mfaEnabled');
+          await (EnvSet.values.isDevFeaturesEnabled
+            ? newGuardKey('mfaEnabled')
+            : guardKey('mfaEnabled'));
         }
         validateMfa(mfa);
       }
diff --git a/packages/core/src/routes/sso-connector/index.ts b/packages/core/src/routes/sso-connector/index.ts
index db95ed9026d5..cf611fbc65af 100644
--- a/packages/core/src/routes/sso-connector/index.ts
+++ b/packages/core/src/routes/sso-connector/index.ts
@@ -7,10 +7,11 @@ import { generateStandardShortId } from '@logto/shared';
 import { assert, conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import { ssoConnectorCreateGuard, ssoConnectorPatchGuard } from '#src/routes/sso-connector/type.js';
 import { ssoConnectorFactories } from '#src/sso/index.js';
 import { isSupportedSsoConnector, isSupportedSsoProvider } from '#src/sso/utils.js';
@@ -68,7 +69,9 @@ export default function singleSignOnConnectorsRoutes<T extends ManagementApiRout
   /* Create a new single sign on connector */
   router.post(
     pathname,
-    koaQuotaGuard({ key: 'ssoEnabled', quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'enterpriseSsoLimit', quota })
+      : koaQuotaGuard({ key: 'ssoEnabled', quota }),
     koaGuard({
       body: ssoConnectorCreateGuard,
       response: SsoConnectors.guard,
diff --git a/packages/core/src/routes/subject-token.ts b/packages/core/src/routes/subject-token.ts
index d27247314762..2a6d1899214b 100644
--- a/packages/core/src/routes/subject-token.ts
+++ b/packages/core/src/routes/subject-token.ts
@@ -5,7 +5,7 @@ import { object, string } from 'zod';
 
 import { subjectTokenExpiresIn, subjectTokenPrefix } from '#src/constants/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 
 import { type RouterInitArgs, type ManagementApiRouter } from './types.js';
 
@@ -25,7 +25,7 @@ export default function subjectTokenRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/subject-tokens',
-    koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
+    newKoaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
     koaGuard({
       body: object({
         userId: string(),
diff --git a/packages/core/src/test-utils/quota.ts b/packages/core/src/test-utils/quota.ts
index 3dbb88b80b89..7413eddbbf2e 100644
--- a/packages/core/src/test-utils/quota.ts
+++ b/packages/core/src/test-utils/quota.ts
@@ -5,5 +5,7 @@ const { jest } = import.meta;
 export const createMockQuotaLibrary = (): QuotaLibrary => {
   return {
     guardKey: jest.fn(),
+    newGuardKey: jest.fn(),
+    scopesGuardKey: jest.fn(),
   };
 };
diff --git a/packages/core/src/utils/subscription/index.ts b/packages/core/src/utils/subscription/index.ts
index 884abb5533b8..b398688847a3 100644
--- a/packages/core/src/utils/subscription/index.ts
+++ b/packages/core/src/utils/subscription/index.ts
@@ -2,7 +2,7 @@ import { type CloudConnectionLibrary } from '#src/libraries/cloud-connection.js'
 
 import assertThat from '../assert-that.js';
 
-import { type SubscriptionPlan } from './types.js';
+import { type SubscriptionQuota, type SubscriptionUsage, type SubscriptionPlan } from './types.js';
 
 export const getTenantSubscriptionPlan = async (
   cloudConnection: CloudConnectionLibrary
@@ -18,3 +18,31 @@ export const getTenantSubscriptionPlan = async (
 
   return plan;
 };
+
+export const getTenantSubscriptionQuotaAndUsage = async (
+  cloudConnection: CloudConnectionLibrary
+): Promise<{
+  quota: SubscriptionQuota;
+  usage: SubscriptionUsage;
+}> => {
+  const client = await cloudConnection.getClient();
+  const [quota, usage] = await Promise.all([
+    client.get('/api/tenants/my/subscription/quota'),
+    client.get('/api/tenants/my/subscription/usage'),
+  ]);
+
+  return { quota, usage };
+};
+
+export const getTenantSubscriptionScopeUsage = async (
+  cloudConnection: CloudConnectionLibrary,
+  entityName: 'resources' | 'roles'
+): Promise<Record<string, number>> => {
+  const client = await cloudConnection.getClient();
+  const scopeUsages = await client.get('/api/tenants/my/subscription/usage/:entityName/scopes', {
+    params: { entityName },
+    search: {},
+  });
+
+  return scopeUsages;
+};
diff --git a/packages/core/src/utils/subscription/types.ts b/packages/core/src/utils/subscription/types.ts
index 86153882a21e..1bbaf386eb87 100644
--- a/packages/core/src/utils/subscription/types.ts
+++ b/packages/core/src/utils/subscription/types.ts
@@ -15,3 +15,23 @@ export type FeatureQuota = Omit<
   SubscriptionPlan['quota'],
   'tenantLimit' | 'mauLimit' | 'auditLogsRetentionDays' | 'standardConnectorsLimit' | 'tokenLimit'
 >;
+
+/**
+ * The type of the response of the `GET /api/tenants/:tenantId/subscription/quota` endpoint.
+ * It is the same as the response type of `GET /api/tenants/my/subscription/quota` endpoint.
+ *
+ * @remarks
+ * The `auditLogsRetentionDays` will be handled by cron job in Azure Functions, outdated audit logs will be removed automatically.
+ */
+export type SubscriptionQuota = Omit<
+  RouteResponseType<GetRoutes['/api/tenants/:tenantId/subscription/quota']>,
+  'auditLogsRetentionDays'
+>;
+
+/**
+ * The type of the response of the `GET /api/tenants/:tenantId/subscription/usage` endpoint.
+ * It is the same as the response type of `GET /api/tenants/my/subscription/usage` endpoint.
+ */
+export type SubscriptionUsage = RouteResponseType<
+  GetRoutes['/api/tenants/:tenantId/subscription/usage']
+>;

From 5f98d67754a5c08fea09cae25e1392e19b18da58 Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Thu, 18 Jul 2024 11:29:29 +0800
Subject: [PATCH 107/135] refactor: update code according to CR

---
 packages/core/src/libraries/quota.ts          | 33 ++++++++++++-------
 .../src/libraries/sign-in-experience/index.ts | 10 ++++--
 .../core/src/middleware/koa-quota-guard.ts    |  2 +-
 .../src/routes/applications/application.ts    |  6 ++--
 packages/core/src/routes/connector/index.ts   |  2 +-
 packages/core/src/routes/resource.scope.ts    |  2 +-
 packages/core/src/routes/role.scope.ts        |  2 +-
 packages/core/src/routes/role.ts              |  2 +-
 .../custom-ui-assets/index.ts                 |  8 +++--
 .../src/routes/sign-in-experience/index.ts    |  4 +--
 packages/core/src/routes/subject-token.ts     |  7 ++--
 packages/core/src/test-utils/quota.ts         |  4 +--
 packages/core/src/utils/subscription/index.ts | 18 ++++++++--
 packages/core/src/utils/subscription/types.ts |  2 ++
 14 files changed, 70 insertions(+), 32 deletions(-)

diff --git a/packages/core/src/libraries/quota.ts b/packages/core/src/libraries/quota.ts
index e82b67569837..d4da96ab4275 100644
--- a/packages/core/src/libraries/quota.ts
+++ b/packages/core/src/libraries/quota.ts
@@ -143,8 +143,7 @@ export const createQuotaLibrary = (
     }
   };
 
-  // `SubscriptionQuota` and `SubscriptionUsage` are sharing keys.
-  const newGuardKey = async (key: keyof SubscriptionQuota) => {
+  const guardTenantUsageByKey = async (key: keyof SubscriptionQuota) => {
     const { isCloud, isIntegrationTest } = EnvSet.values;
 
     // Cloud only feature, skip in non-cloud environments
@@ -160,6 +159,8 @@ export const createQuotaLibrary = (
     const { quota: fullQuota, usage: fullUsage } = await getTenantSubscriptionQuotaAndUsage(
       cloudConnection
     );
+
+    // Type `SubscriptionQuota` and type `SubscriptionUsage` are sharing keys, this design helps us to compare the usage with the quota limit in a easier way.
     const { [key]: limit } = fullQuota;
     const { [key]: usage } = fullUsage;
 
@@ -178,7 +179,10 @@ export const createQuotaLibrary = (
           },
         })
       );
-    } else if (typeof limit === 'number') {
+      return;
+    }
+
+    if (typeof limit === 'number') {
       // See the definition of `SubscriptionQuota` and `SubscriptionUsage` in `types.ts`, this should never happen.
       assertThat(
         typeof usage === 'number',
@@ -197,12 +201,14 @@ export const createQuotaLibrary = (
           },
         })
       );
-    } else {
-      throw new TypeError('Unsupported subscription quota type');
+
+      return;
     }
+
+    throw new TypeError('Unsupported subscription quota type');
   };
 
-  const scopesGuardKey = async (entityName: 'resources' | 'roles', entityId: string) => {
+  const guardEntityScopesUsage = async (entityName: 'resources' | 'roles', entityId: string) => {
     const { isCloud, isIntegrationTest } = EnvSet.values;
 
     // Cloud only feature, skip in non-cloud environments
@@ -215,10 +221,15 @@ export const createQuotaLibrary = (
       return;
     }
 
-    const {
-      quota: { scopesPerResourceLimit, scopesPerRoleLimit },
-    } = await getTenantSubscriptionQuotaAndUsage(cloudConnection);
-    const scopeUsages = await getTenantSubscriptionScopeUsage(cloudConnection, entityName);
+    const [
+      {
+        quota: { scopesPerResourceLimit, scopesPerRoleLimit },
+      },
+      scopeUsages,
+    ] = await Promise.all([
+      getTenantSubscriptionQuotaAndUsage(cloudConnection),
+      getTenantSubscriptionScopeUsage(cloudConnection, entityName),
+    ]);
     const usage = scopeUsages[entityId] ?? 0;
 
     if (entityName === 'resources') {
@@ -251,5 +262,5 @@ export const createQuotaLibrary = (
     );
   };
 
-  return { guardKey, newGuardKey, scopesGuardKey };
+  return { guardKey, guardTenantUsageByKey, guardEntityScopesUsage };
 };
diff --git a/packages/core/src/libraries/sign-in-experience/index.ts b/packages/core/src/libraries/sign-in-experience/index.ts
index a98f80c63053..fa19513b732e 100644
--- a/packages/core/src/libraries/sign-in-experience/index.ts
+++ b/packages/core/src/libraries/sign-in-experience/index.ts
@@ -7,7 +7,7 @@ import type {
   SignInExperience,
   SsoConnectorMetadata,
 } from '@logto/schemas';
-import { ConnectorType } from '@logto/schemas';
+import { ConnectorType, ReservedPlanId } from '@logto/schemas';
 import { deduplicate, pick, trySafe } from '@silverhand/essentials';
 import deepmerge from 'deepmerge';
 
@@ -19,7 +19,7 @@ import type { SsoConnectorLibrary } from '#src/libraries/sso-connector.js';
 import { ssoConnectorFactories } from '#src/sso/index.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
-import { getTenantSubscriptionPlan } from '#src/utils/subscription/index.js';
+import { getTenantSubscription, getTenantSubscriptionPlan } from '#src/utils/subscription/index.js';
 import { isKeyOfI18nPhrases } from '#src/utils/translation.js';
 
 import { type CloudConnectionLibrary } from '../cloud-connection.js';
@@ -113,8 +113,12 @@ export const createSignInExperienceLibrary = (
       return false;
     }
 
-    const plan = await getTenantSubscriptionPlan(cloudConnection);
+    if (EnvSet.values.isDevFeaturesEnabled) {
+      const subscription = await getTenantSubscription(cloudConnection);
+      return subscription.planId === ReservedPlanId.Development;
+    }
 
+    const plan = await getTenantSubscriptionPlan(cloudConnection);
     return plan.id === developmentTenantPlanId;
   }, ['is-development-tenant']);
 
diff --git a/packages/core/src/middleware/koa-quota-guard.ts b/packages/core/src/middleware/koa-quota-guard.ts
index 9241e8b7e6e6..e17f875e799b 100644
--- a/packages/core/src/middleware/koa-quota-guard.ts
+++ b/packages/core/src/middleware/koa-quota-guard.ts
@@ -40,7 +40,7 @@ export function newKoaQuotaGuard<StateT, ContextT, ResponseBodyT>({
   return async (ctx, next) => {
     // eslint-disable-next-line no-restricted-syntax
     if (!methods || methods.includes(ctx.method.toUpperCase() as Method)) {
-      await quota.newGuardKey(key);
+      await quota.guardTenantUsageByKey(key);
     }
     return next();
   };
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 7116582276df..a855aca49f11 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -159,14 +159,14 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
       await Promise.all([
         rest.type === ApplicationType.MachineToMachine &&
           (isDevFeaturesEnabled
-            ? quota.newGuardKey('machineToMachineLimit')
+            ? quota.guardTenantUsageByKey('machineToMachineLimit')
             : quota.guardKey('machineToMachineLimit')),
         rest.isThirdParty &&
           (isDevFeaturesEnabled
-            ? quota.newGuardKey('thirdPartyApplicationsLimit')
+            ? quota.guardTenantUsageByKey('thirdPartyApplicationsLimit')
             : quota.guardKey('thirdPartyApplicationsLimit')),
         isDevFeaturesEnabled
-          ? quota.newGuardKey('applicationsLimit')
+          ? quota.guardTenantUsageByKey('applicationsLimit')
           : quota.guardKey('applicationsLimit'),
       ]);
 
diff --git a/packages/core/src/routes/connector/index.ts b/packages/core/src/routes/connector/index.ts
index 76a2e90d14ab..9a65d33286c8 100644
--- a/packages/core/src/routes/connector/index.ts
+++ b/packages/core/src/routes/connector/index.ts
@@ -28,7 +28,7 @@ const guardConnectorsQuota = async (
 ) => {
   if (factory.type === ConnectorType.Social) {
     await (EnvSet.values.isDevFeaturesEnabled
-      ? quota.newGuardKey('socialConnectorsLimit')
+      ? quota.guardTenantUsageByKey('socialConnectorsLimit')
       : quota.guardKey('socialConnectorsLimit'));
   }
 };
diff --git a/packages/core/src/routes/resource.scope.ts b/packages/core/src/routes/resource.scope.ts
index 584a527c57eb..93991fd34389 100644
--- a/packages/core/src/routes/resource.scope.ts
+++ b/packages/core/src/routes/resource.scope.ts
@@ -91,7 +91,7 @@ export default function resourceScopeRoutes<T extends ManagementApiRouter>(
       } = ctx.guard;
 
       await (EnvSet.values.isDevFeaturesEnabled
-        ? quota.scopesGuardKey('resources', resourceId)
+        ? quota.guardEntityScopesUsage('resources', resourceId)
         : quota.guardKey('scopesPerResourceLimit', resourceId));
 
       assertThat(!/\s/.test(body.name), 'scope.name_with_space');
diff --git a/packages/core/src/routes/role.scope.ts b/packages/core/src/routes/role.scope.ts
index c716cbba8afe..5c69655af098 100644
--- a/packages/core/src/routes/role.scope.ts
+++ b/packages/core/src/routes/role.scope.ts
@@ -95,7 +95,7 @@ export default function roleScopeRoutes<T extends ManagementApiRouter>(
       } = ctx.guard;
 
       await (EnvSet.values.isDevFeaturesEnabled
-        ? quota.scopesGuardKey('roles', id)
+        ? quota.guardEntityScopesUsage('roles', id)
         : quota.guardKey('scopesPerRoleLimit', id));
 
       await validateRoleScopeAssignment(scopeIds, id);
diff --git a/packages/core/src/routes/role.ts b/packages/core/src/routes/role.ts
index 5f30519af789..cd1b18eeedf7 100644
--- a/packages/core/src/routes/role.ts
+++ b/packages/core/src/routes/role.ts
@@ -152,7 +152,7 @@ export default function roleRoutes<T extends ManagementApiRouter>(
       // We have optional `type` when creating a new role, if `type` is not provided, use `User` as default.
       // `machineToMachineRolesLimit` is the limit of machine to machine roles, and is independent to `rolesLimit`.
       await (EnvSet.values.isDevFeaturesEnabled
-        ? quota.newGuardKey(
+        ? quota.guardTenantUsageByKey(
             roleBody.type === RoleType.MachineToMachine
               ? 'machineToMachineRolesLimit'
               : // In new pricing model, we rename `rolesLimit` to `userRolesLimit`, which is easier to be distinguished from `machineToMachineRolesLimit`.
diff --git a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
index f11b48054979..505f7e73d6e9 100644
--- a/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
+++ b/packages/core/src/routes/sign-in-experience/custom-ui-assets/index.ts
@@ -8,7 +8,7 @@ import { object, z } from 'zod';
 import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
-import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 import SystemContext from '#src/tenants/SystemContext.js';
 import assertThat from '#src/utils/assert-that.js';
 import { getConsoleLogFromContext } from '#src/utils/console.js';
@@ -35,7 +35,11 @@ export default function customUiAssetsRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/sign-in-exp/default/custom-ui-assets',
-    koaQuotaGuard({ key: 'bringYourUiEnabled', quota }),
+    // Manually add this to avoid the case that the dev feature guard is removed but the quota guard is not being updated accordingly.
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'bringYourUiEnabled', quota })
+      : koaQuotaGuard({ key: 'bringYourUiEnabled', quota }),
     koaGuard({
       files: object({
         file: uploadFileGuard.array().min(1).max(1),
diff --git a/packages/core/src/routes/sign-in-experience/index.ts b/packages/core/src/routes/sign-in-experience/index.ts
index 46c9d32c7ec7..b698da24a199 100644
--- a/packages/core/src/routes/sign-in-experience/index.ts
+++ b/packages/core/src/routes/sign-in-experience/index.ts
@@ -19,7 +19,7 @@ export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
   const { deleteConnectorById } = queries.connectors;
   const {
     signInExperiences: { validateLanguageInfo },
-    quota: { guardKey, newGuardKey },
+    quota: { guardKey, guardTenantUsageByKey },
   } = libraries;
   const { getLogtoConnectors } = connectors;
 
@@ -92,7 +92,7 @@ export default function signInExperiencesRoutes<T extends ManagementApiRouter>(
       if (mfa) {
         if (mfa.factors.length > 0) {
           await (EnvSet.values.isDevFeaturesEnabled
-            ? newGuardKey('mfaEnabled')
+            ? guardTenantUsageByKey('mfaEnabled')
             : guardKey('mfaEnabled'));
         }
         validateMfa(mfa);
diff --git a/packages/core/src/routes/subject-token.ts b/packages/core/src/routes/subject-token.ts
index 2a6d1899214b..1873c68fc4f3 100644
--- a/packages/core/src/routes/subject-token.ts
+++ b/packages/core/src/routes/subject-token.ts
@@ -4,8 +4,9 @@ import { addSeconds } from 'date-fns';
 import { object, string } from 'zod';
 
 import { subjectTokenExpiresIn, subjectTokenPrefix } from '#src/constants/index.js';
+import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
-import { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
+import koaQuotaGuard, { newKoaQuotaGuard } from '#src/middleware/koa-quota-guard.js';
 
 import { type RouterInitArgs, type ManagementApiRouter } from './types.js';
 
@@ -25,7 +26,9 @@ export default function subjectTokenRoutes<T extends ManagementApiRouter>(
 
   router.post(
     '/subject-tokens',
-    newKoaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
+    EnvSet.values.isDevFeaturesEnabled
+      ? newKoaQuotaGuard({ key: 'subjectTokenEnabled', quota })
+      : koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
     koaGuard({
       body: object({
         userId: string(),
diff --git a/packages/core/src/test-utils/quota.ts b/packages/core/src/test-utils/quota.ts
index 7413eddbbf2e..d995f17b9efe 100644
--- a/packages/core/src/test-utils/quota.ts
+++ b/packages/core/src/test-utils/quota.ts
@@ -5,7 +5,7 @@ const { jest } = import.meta;
 export const createMockQuotaLibrary = (): QuotaLibrary => {
   return {
     guardKey: jest.fn(),
-    newGuardKey: jest.fn(),
-    scopesGuardKey: jest.fn(),
+    guardTenantUsageByKey: jest.fn(),
+    guardEntityScopesUsage: jest.fn(),
   };
 };
diff --git a/packages/core/src/utils/subscription/index.ts b/packages/core/src/utils/subscription/index.ts
index b398688847a3..c6e701b62394 100644
--- a/packages/core/src/utils/subscription/index.ts
+++ b/packages/core/src/utils/subscription/index.ts
@@ -2,14 +2,28 @@ import { type CloudConnectionLibrary } from '#src/libraries/cloud-connection.js'
 
 import assertThat from '../assert-that.js';
 
-import { type SubscriptionQuota, type SubscriptionUsage, type SubscriptionPlan } from './types.js';
+import {
+  type SubscriptionQuota,
+  type SubscriptionUsage,
+  type SubscriptionPlan,
+  type Subscription,
+} from './types.js';
+
+export const getTenantSubscription = async (
+  cloudConnection: CloudConnectionLibrary
+): Promise<Subscription> => {
+  const client = await cloudConnection.getClient();
+  const subscription = await client.get('/api/tenants/my/subscription');
+
+  return subscription;
+};
 
 export const getTenantSubscriptionPlan = async (
   cloudConnection: CloudConnectionLibrary
 ): Promise<SubscriptionPlan> => {
   const client = await cloudConnection.getClient();
   const [subscription, plans] = await Promise.all([
-    client.get('/api/tenants/my/subscription'),
+    getTenantSubscription(cloudConnection),
     client.get('/api/subscription-plans'),
   ]);
   const plan = plans.find(({ id }) => id === subscription.planId);
diff --git a/packages/core/src/utils/subscription/types.ts b/packages/core/src/utils/subscription/types.ts
index 1bbaf386eb87..e1ae1b6d15a4 100644
--- a/packages/core/src/utils/subscription/types.ts
+++ b/packages/core/src/utils/subscription/types.ts
@@ -9,6 +9,8 @@ type RouteResponseType<T extends { search?: unknown; body?: unknown; response?:
 
 export type SubscriptionPlan = RouteResponseType<GetRoutes['/api/subscription-plans']>[number];
 
+export type Subscription = RouteResponseType<GetRoutes['/api/tenants/:tenantId/subscription']>;
+
 // Since `standardConnectorsLimit` will be removed in the upcoming pricing V2, no need to guard it.
 // `tokenLimit` is not guarded in backend.
 export type FeatureQuota = Omit<

From ac40ef17d707879c0beeec3895a2c39082df4318 Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Fri, 26 Jul 2024 11:18:21 +0800
Subject: [PATCH 108/135] refactor(console): update admin console using new
 pricing model (#6295)

* refactor(console): update cloud API calls

* refactor: update code according to CR

* refactor: correct component usage
---
 packages/console/src/cloud/types/router.ts    |  20 +++
 .../CreateForm/Footer/index.tsx               |   7 +-
 .../components/ChargeNotification/index.tsx   |   5 +-
 .../CreateConnectorForm/Footer/index.tsx      |  68 ++++++---
 .../SkuCardItem/FeaturedSkuContent/index.tsx  |  35 +++++
 .../use-featured-sku-content.ts               |  77 ++++++++++
 .../SkuCardItem/index.tsx                     | 100 +++++++++++++
 .../SelectTenantPlanModal/index.tsx           |  82 ++++++++---
 .../src/components/MauExceededModal/index.tsx |  16 ++-
 .../src/components/PlanDescription/index.tsx  |  14 +-
 .../console/src/components/PlanName/index.tsx |  10 +-
 .../src/components/PlanUsage/index.tsx        |  22 ++-
 .../TenantDropdownItem/TenantStatusTag.tsx    |  29 +++-
 .../TenantDropdownItem/index.tsx              |  16 ++-
 packages/console/src/consts/plan-quotas.ts    |  29 ++++
 .../console/src/consts/quota-item-phrases.ts  | 115 +++++++++++++++
 packages/console/src/consts/tenants.ts        |  90 +++++++++++-
 .../src/containers/AppContent/index.tsx       |  25 +++-
 .../SubscriptionDataProvider/index.tsx        |  22 ++-
 .../SubscriptionDataProvider/types.ts         |  24 +++-
 .../use-new-subscription-data.ts              |  64 +++++++++
 .../src/hooks/use-api-resources-usage.ts      |  55 +++++---
 .../src/hooks/use-applications-usage.ts       | 118 +++++++++++-----
 packages/console/src/hooks/use-logto-skus.ts  |  52 +++++++
 .../src/hooks/use-new-subscription-quota.ts   |  19 +++
 .../use-new-subscription-scopes-usage.ts      |  33 +++++
 .../src/hooks/use-new-subscription-usage.ts   |  19 +++
 packages/console/src/hooks/use-subscribe.ts   |  23 +++
 .../src/hooks/use-subscription-plans.ts       |   1 +
 .../src/hooks/use-subscription-usage.ts       |   1 +
 .../CreatePermissionModal/index.tsx           |  34 +++--
 .../components/CreateForm/Footer.tsx          |  13 +-
 .../components/ProtectedAppForm/index.tsx     |  20 ++-
 .../pages/CustomizeJwt/CreateButton/index.tsx |  14 +-
 .../EnterpriseSso/SsoCreationModal/index.tsx  |  11 +-
 .../console/src/pages/Mfa/MfaForm/index.tsx   |   8 +-
 .../src/pages/OrganizationTemplate/index.tsx  |  10 +-
 .../CreateOrganizationModal/index.tsx         |  10 +-
 .../console/src/pages/Organizations/index.tsx |  10 +-
 .../AssignPermissionsModal/index.tsx          |  30 ++--
 .../components/CreateRoleForm/Footer.tsx      |  49 +++++--
 .../MauLimitExceededNotification/index.tsx    |  50 ++++++-
 .../Subscription/CurrentPlan/index.tsx        |  39 ++++--
 .../DiffQuotaItem/SkuQuotaItemPhrase.tsx      |  43 ++++++
 .../PlanQuotaList/DiffQuotaItem/index.tsx     |  39 ++++++
 .../PlanQuotaDiffCard/PlanQuotaList/index.tsx |  32 +++--
 .../PlanQuotaDiffCard/index.tsx               |  27 +++-
 .../DowngradeConfirmModalContent/index.tsx    |  37 ++++-
 .../SwitchPlanActionBar/index.tsx             | 131 ++++++++++++++----
 .../TenantSettings/Subscription/index.tsx     |  15 +-
 .../InviteMemberModal/Footer/index.tsx        |  10 +-
 .../TenantSettings/TenantMembers/hooks.ts     |  57 +++++---
 .../index.tsx                                 | 103 +++++++++++++-
 .../Webhooks/CreateFormModal/CreateForm.tsx   |  31 +++--
 packages/console/src/types/skus.ts            |  14 ++
 packages/console/src/types/subscriptions.ts   |   1 +
 packages/console/src/utils/quota.ts           |  42 ++++++
 packages/console/src/utils/subscription.ts    |  54 +++++++-
 58 files changed, 1843 insertions(+), 282 deletions(-)
 create mode 100644 packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/index.tsx
 create mode 100644 packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/use-featured-sku-content.ts
 create mode 100644 packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/index.tsx
 create mode 100644 packages/console/src/contexts/SubscriptionDataProvider/use-new-subscription-data.ts
 create mode 100644 packages/console/src/hooks/use-logto-skus.ts
 create mode 100644 packages/console/src/hooks/use-new-subscription-quota.ts
 create mode 100644 packages/console/src/hooks/use-new-subscription-scopes-usage.ts
 create mode 100644 packages/console/src/hooks/use-new-subscription-usage.ts
 create mode 100644 packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/SkuQuotaItemPhrase.tsx
 create mode 100644 packages/console/src/types/skus.ts

diff --git a/packages/console/src/cloud/types/router.ts b/packages/console/src/cloud/types/router.ts
index ed175b7afda6..7d6cf2f10bc8 100644
--- a/packages/console/src/cloud/types/router.ts
+++ b/packages/console/src/cloud/types/router.ts
@@ -11,10 +11,30 @@ export type SubscriptionPlanResponse = GuardedResponse<
   GetRoutes['/api/subscription-plans']
 >[number];
 
+export type LogtoSkuResponse = GetArrayElementType<GuardedResponse<GetRoutes['/api/skus']>>;
+
 export type Subscription = GuardedResponse<GetRoutes['/api/tenants/:tenantId/subscription']>;
 
+/** @deprecated */
 export type SubscriptionUsage = GuardedResponse<GetRoutes['/api/tenants/:tenantId/usage']>;
 
+/* ===== Use `New` in the naming to avoid confusion with legacy types ===== */
+/** The response of `GET /api/tenants/my/subscription/quota` has the same response type. */
+export type NewSubscriptionQuota = GuardedResponse<
+  GetRoutes['/api/tenants/:tenantId/subscription/quota']
+>;
+
+/** The response of `GET /api/tenants/my/subscription/usage` has the same response type. */
+export type NewSubscriptionUsage = GuardedResponse<
+  GetRoutes['/api/tenants/:tenantId/subscription/usage']
+>;
+
+/** The response of `GET /api/tenants/my/subscription/usage/:entityName/scopes` has the same response type. */
+export type NewSubscriptionScopeUsage = GuardedResponse<
+  GetRoutes['/api/tenants/:tenantId/subscription/usage/:entityName/scopes']
+>;
+/* ===== Use `New` in the naming to avoid confusion with legacy types ===== */
+
 export type InvoicesResponse = GuardedResponse<GetRoutes['/api/tenants/:tenantId/invoices']>;
 
 export type InvitationResponse = GuardedResponse<GetRoutes['/api/invitations/:invitationId']>;
diff --git a/packages/console/src/components/ApplicationCreation/CreateForm/Footer/index.tsx b/packages/console/src/components/ApplicationCreation/CreateForm/Footer/index.tsx
index 0928e6cf9805..f199335592f3 100644
--- a/packages/console/src/components/ApplicationCreation/CreateForm/Footer/index.tsx
+++ b/packages/console/src/components/ApplicationCreation/CreateForm/Footer/index.tsx
@@ -5,6 +5,7 @@ import { Trans, useTranslation } from 'react-i18next';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import useApplicationsUsage from '@/hooks/use-applications-usage';
@@ -17,7 +18,7 @@ type Props = {
 };
 
 function Footer({ selectedType, isLoading, onClickCreate, isThirdParty }: Props) {
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku } = useContext(SubscriptionDataContext);
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.upsell.paywall' });
   const {
     hasAppsReachedLimit,
@@ -32,7 +33,7 @@ function Footer({ selectedType, isLoading, onClickCreate, isThirdParty }: Props)
       selectedType === ApplicationType.MachineToMachine &&
       hasMachineToMachineAppsReachedLimit &&
       // For paid plan (pro plan), we don't guard the m2m app creation since it's an add-on feature.
-      planId === ReservedPlanId.Free
+      (isDevFeaturesEnabled ? currentSku.id : planId) === ReservedPlanId.Free
     ) {
       return (
         <QuotaGuardFooter>
@@ -68,7 +69,7 @@ function Footer({ selectedType, isLoading, onClickCreate, isThirdParty }: Props)
           <Trans
             components={{
               a: <ContactUsPhraseLink />,
-              planName: <PlanName name={planName} />,
+              planName: <PlanName skuId={currentSku.id} name={planName} />,
             }}
           >
             {t('applications', { count: quota.applicationsLimit ?? 0 })}
diff --git a/packages/console/src/components/ChargeNotification/index.tsx b/packages/console/src/components/ChargeNotification/index.tsx
index 2fd62a5f4dfb..e2ce6ffe3ce0 100644
--- a/packages/console/src/components/ChargeNotification/index.tsx
+++ b/packages/console/src/components/ChargeNotification/index.tsx
@@ -5,6 +5,7 @@ import { useContext } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
 import { newPlansBlogLink } from '@/consts';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import InlineNotification from '@/ds-components/InlineNotification';
 import TextLink from '@/ds-components/TextLink';
@@ -38,7 +39,7 @@ function ChargeNotification({
   checkedFlagKey,
 }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.upsell' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku } = useContext(SubscriptionDataContext);
   const { configs, updateConfigs } = useConfigs();
 
   // Display null when loading
@@ -52,7 +53,7 @@ function ChargeNotification({
     Boolean(checkedChargeNotification?.[checkedFlagKey]) ||
     !hasSurpassedLimit ||
     // No charge notification for free plan
-    currentPlan.id === ReservedPlanId.Free
+    (isDevFeaturesEnabled ? currentSku.id : currentPlan.id) === ReservedPlanId.Free
   ) {
     return null;
   }
diff --git a/packages/console/src/components/CreateConnectorForm/Footer/index.tsx b/packages/console/src/components/CreateConnectorForm/Footer/index.tsx
index 53c7b4032cb0..8c86cce555cc 100644
--- a/packages/console/src/components/CreateConnectorForm/Footer/index.tsx
+++ b/packages/console/src/components/CreateConnectorForm/Footer/index.tsx
@@ -10,10 +10,11 @@ import { Trans, useTranslation } from 'react-i18next';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import { type ConnectorGroup } from '@/types/connector';
-import { hasReachedQuotaLimit } from '@/utils/quota';
+import { hasReachedQuotaLimit, hasReachedSubscriptionQuotaLimit } from '@/utils/quota';
 
 type Props = {
   readonly isCreatingSocialConnector: boolean;
@@ -31,35 +32,51 @@ function Footer({
   onClickCreateButton,
 }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.upsell.paywall' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku, currentSubscriptionUsage, currentSubscriptionQuota } =
+    useContext(SubscriptionDataContext);
 
   const standardConnectorCount = useMemo(
     () =>
-      existingConnectors.filter(
-        ({ isStandard, isDemo, type }) => isStandard && !isDemo && type === ConnectorType.Social
-      ).length,
+      isDevFeaturesEnabled
+        ? // No more standard connector limit in new pricing model.
+          0
+        : existingConnectors.filter(
+            ({ isStandard, isDemo, type }) => isStandard && !isDemo && type === ConnectorType.Social
+          ).length,
     [existingConnectors]
   );
 
   const socialConnectorCount = useMemo(
     () =>
-      existingConnectors.filter(
-        ({ isStandard, isDemo, type }) => !isStandard && !isDemo && type === ConnectorType.Social
-      ).length,
-    [existingConnectors]
+      isDevFeaturesEnabled
+        ? currentSubscriptionUsage.socialConnectorsLimit
+        : existingConnectors.filter(
+            ({ isStandard, isDemo, type }) =>
+              !isStandard && !isDemo && type === ConnectorType.Social
+          ).length,
+    [existingConnectors, currentSubscriptionUsage.socialConnectorsLimit]
   );
 
-  const isStandardConnectorsReachLimit = hasReachedQuotaLimit({
-    quotaKey: 'standardConnectorsLimit',
-    plan: currentPlan,
-    usage: standardConnectorCount,
-  });
+  const isStandardConnectorsReachLimit = isDevFeaturesEnabled
+    ? // No more standard connector limit in new pricing model.
+      false
+    : hasReachedQuotaLimit({
+        quotaKey: 'standardConnectorsLimit',
+        plan: currentPlan,
+        usage: standardConnectorCount,
+      });
 
-  const isSocialConnectorsReachLimit = hasReachedQuotaLimit({
-    quotaKey: 'socialConnectorsLimit',
-    plan: currentPlan,
-    usage: socialConnectorCount,
-  });
+  const isSocialConnectorsReachLimit = isDevFeaturesEnabled
+    ? hasReachedSubscriptionQuotaLimit({
+        quotaKey: 'socialConnectorsLimit',
+        usage: currentSubscriptionUsage.socialConnectorsLimit,
+        quota: currentSubscriptionQuota,
+      })
+    : hasReachedQuotaLimit({
+        quotaKey: 'socialConnectorsLimit',
+        plan: currentPlan,
+        usage: socialConnectorCount,
+      });
 
   if (isCreatingSocialConnector && selectedConnectorGroup) {
     const { id: planId, name: planName, quota } = currentPlan;
@@ -70,13 +87,15 @@ function Footer({
           <Trans
             components={{
               a: <ContactUsPhraseLink />,
-              planName: <PlanName name={planName} />,
+              planName: <PlanName skuId={currentSku.id} name={planName} />,
             }}
           >
             {quota.standardConnectorsLimit === 0
               ? t('standard_connectors_feature')
               : t(
-                  planId === ReservedPlanId.Pro ? 'standard_connectors_pro' : 'standard_connectors',
+                  (isDevFeaturesEnabled ? currentSku.id : planId) === ReservedPlanId.Pro
+                    ? 'standard_connectors_pro'
+                    : 'standard_connectors',
                   {
                     count: quota.standardConnectorsLimit ?? 0,
                   }
@@ -92,11 +111,14 @@ function Footer({
           <Trans
             components={{
               a: <ContactUsPhraseLink />,
-              planName: <PlanName name={planName} />,
+              planName: <PlanName skuId={currentSku.id} name={planName} />,
             }}
           >
             {t('social_connectors', {
-              count: quota.socialConnectorsLimit ?? 0,
+              count:
+                (isDevFeaturesEnabled
+                  ? currentSubscriptionQuota.socialConnectorsLimit
+                  : quota.socialConnectorsLimit) ?? 0,
             })}
           </Trans>
         </QuotaGuardFooter>
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/index.tsx b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/index.tsx
new file mode 100644
index 000000000000..6ecbbeead512
--- /dev/null
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/index.tsx
@@ -0,0 +1,35 @@
+import classNames from 'classnames';
+
+import Failed from '@/assets/icons/failed.svg?react';
+import Success from '@/assets/icons/success.svg?react';
+
+import styles from '../../PlanCardItem/FeaturedPlanContent/index.module.scss';
+
+import useFeaturedSkuContent from './use-featured-sku-content';
+
+type Props = {
+  readonly skuId: string;
+};
+
+function FeaturedSkuContent({ skuId }: Props) {
+  const contentData = useFeaturedSkuContent(skuId);
+
+  return (
+    <ul className={styles.list}>
+      {contentData.map(({ title, isAvailable }) => {
+        return (
+          <li key={title}>
+            {isAvailable ? (
+              <Success className={classNames(styles.icon, styles.success)} />
+            ) : (
+              <Failed className={classNames(styles.icon, styles.failed)} />
+            )}
+            {title}
+          </li>
+        );
+      })}
+    </ul>
+  );
+}
+
+export default FeaturedSkuContent;
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/use-featured-sku-content.ts b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/use-featured-sku-content.ts
new file mode 100644
index 000000000000..70662e19b033
--- /dev/null
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/FeaturedSkuContent/use-featured-sku-content.ts
@@ -0,0 +1,77 @@
+import { ReservedPlanId } from '@logto/schemas';
+import { cond } from '@silverhand/essentials';
+import { useMemo } from 'react';
+import { useTranslation } from 'react-i18next';
+
+import {
+  freePlanAuditLogsRetentionDays,
+  freePlanM2mLimit,
+  freePlanMauLimit,
+  freePlanPermissionsLimit,
+  freePlanRoleLimit,
+  proPlanAuditLogsRetentionDays,
+} from '@/consts/subscriptions';
+
+type ContentData = {
+  readonly title: string;
+  readonly isAvailable: boolean;
+};
+
+const useFeaturedSkuContent = (skuId: string) => {
+  const { t } = useTranslation(undefined, {
+    keyPrefix: 'admin_console.upsell.featured_plan_content',
+  });
+
+  const contentData: ContentData[] = useMemo(() => {
+    const isFreePlan = skuId === ReservedPlanId.Free;
+    const planPhraseKey = isFreePlan ? 'free_plan' : 'pro_plan';
+
+    return [
+      {
+        title: t(`mau.${planPhraseKey}`, { ...cond(isFreePlan && { count: freePlanMauLimit }) }),
+        isAvailable: true,
+      },
+      {
+        title: t(`m2m.${planPhraseKey}`, { ...cond(isFreePlan && { count: freePlanM2mLimit }) }),
+        isAvailable: true,
+      },
+      {
+        title: t('third_party_apps'),
+        isAvailable: !isFreePlan,
+      },
+      {
+        title: t('mfa'),
+        isAvailable: !isFreePlan,
+      },
+      {
+        title: t('sso'),
+        isAvailable: !isFreePlan,
+      },
+      {
+        title: t(`role_and_permissions.${planPhraseKey}`, {
+          ...cond(
+            isFreePlan && {
+              roleCount: freePlanRoleLimit,
+              permissionCount: freePlanPermissionsLimit,
+            }
+          ),
+        }),
+        isAvailable: true,
+      },
+      {
+        title: t('organizations'),
+        isAvailable: !isFreePlan,
+      },
+      {
+        title: t('audit_logs', {
+          count: isFreePlan ? freePlanAuditLogsRetentionDays : proPlanAuditLogsRetentionDays,
+        }),
+        isAvailable: true,
+      },
+    ];
+  }, [t, skuId]);
+
+  return contentData;
+};
+
+export default useFeaturedSkuContent;
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/index.tsx b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/index.tsx
new file mode 100644
index 000000000000..81fbcb7c64e8
--- /dev/null
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/SkuCardItem/index.tsx
@@ -0,0 +1,100 @@
+import { maxFreeTenantLimit, adminTenantId, ReservedPlanId } from '@logto/schemas';
+import classNames from 'classnames';
+import { useContext, useMemo } from 'react';
+import { Trans, useTranslation } from 'react-i18next';
+
+import ArrowRight from '@/assets/icons/arrow-right.svg?react';
+import { type LogtoSkuResponse } from '@/cloud/types/router';
+import PlanDescription from '@/components/PlanDescription';
+import PlanName from '@/components/PlanName';
+import { pricingLink } from '@/consts';
+import { TenantsContext } from '@/contexts/TenantsProvider';
+import Button, { type Props as ButtonProps } from '@/ds-components/Button';
+import DangerousRaw from '@/ds-components/DangerousRaw';
+import DynamicT from '@/ds-components/DynamicT';
+import TextLink from '@/ds-components/TextLink';
+
+import styles from '../PlanCardItem/index.module.scss';
+
+import FeaturedSkuContent from './FeaturedSkuContent';
+
+type Props = {
+  readonly sku: LogtoSkuResponse;
+  readonly onSelect: () => void;
+  readonly buttonProps?: Partial<ButtonProps>;
+};
+
+function SkuCardItem({ sku, onSelect, buttonProps }: Props) {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.upsell.create_tenant' });
+  const { tenants } = useContext(TenantsContext);
+  const { unitPrice: basePrice, id: skuId } = sku;
+
+  const isFreeSku = skuId === ReservedPlanId.Free;
+
+  const isFreeTenantExceeded = useMemo(
+    () =>
+      /** Should not block admin tenant owners from creating more than three tenants */
+      !tenants.some(({ id }) => id === adminTenantId) &&
+      tenants.filter(({ planId }) => planId === ReservedPlanId.Free).length >= maxFreeTenantLimit,
+    [tenants]
+  );
+
+  return (
+    <div className={styles.container}>
+      <div className={styles.planInfo}>
+        <div className={styles.title}>
+          <PlanName skuId={skuId} name={skuId} />
+        </div>
+        <div className={styles.priceInfo}>
+          <div className={styles.priceLabel}>{t('base_price')}</div>
+          <div className={styles.price}>
+            ${t('monthly_price', { value: (basePrice ?? 0) / 100 })}
+          </div>
+        </div>
+        <div className={styles.description}>
+          <PlanDescription skuId={skuId} planId={skuId} />
+        </div>
+      </div>
+      <div className={styles.content}>
+        <FeaturedSkuContent skuId={skuId} />
+        {isFreeSku && isFreeTenantExceeded && (
+          <div className={classNames(styles.tip, styles.exceedFreeTenantsTip)}>
+            {t('free_tenants_limit', { count: maxFreeTenantLimit })}
+          </div>
+        )}
+        {!isFreeSku && (
+          <div className={styles.tip}>
+            <TextLink
+              isTrailingIcon
+              href={pricingLink}
+              targetBlank="noopener"
+              icon={<ArrowRight className={styles.linkIcon} />}
+              className={styles.link}
+            >
+              <DynamicT forKey="upsell.create_tenant.view_all_features" />
+            </TextLink>
+          </div>
+        )}
+        <Button
+          title={
+            <DangerousRaw>
+              <Trans components={{ name: <PlanName skuId={skuId} name={skuId} /> }}>
+                {t('select_plan')}
+              </Trans>
+            </DangerousRaw>
+          }
+          type={isFreeSku ? 'outline' : 'primary'}
+          size="large"
+          onClick={onSelect}
+          {...buttonProps}
+          disabled={(isFreeSku && isFreeTenantExceeded) || buttonProps?.disabled}
+        />
+      </div>
+      {skuId === ReservedPlanId.Pro && (
+        <div className={styles.mostPopularTag}>{t('most_popular')}</div>
+      )}
+    </div>
+  );
+}
+
+export default SkuCardItem;
diff --git a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx
index 2d4f796a641e..f7bfbfdbbd0f 100644
--- a/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx
+++ b/packages/console/src/components/CreateTenantModal/SelectTenantPlanModal/index.tsx
@@ -5,21 +5,24 @@ import { Trans, useTranslation } from 'react-i18next';
 import Modal from 'react-modal';
 
 import { useCloudApi, toastResponseError } from '@/cloud/hooks/use-cloud-api';
-import { type TenantResponse } from '@/cloud/types/router';
+import { type TenantResponse, type LogtoSkuResponse } from '@/cloud/types/router';
 import { GtagConversionId, reportToGoogle } from '@/components/Conversion/utils';
 import { pricingLink } from '@/consts';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import DangerousRaw from '@/ds-components/DangerousRaw';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextLink from '@/ds-components/TextLink';
+import useLogtoSkus from '@/hooks/use-logto-skus';
 import useSubscribe from '@/hooks/use-subscribe';
 import useSubscriptionPlans from '@/hooks/use-subscription-plans';
 import modalStyles from '@/scss/modal.module.scss';
 import { type SubscriptionPlan } from '@/types/subscriptions';
-import { pickupFeaturedPlans } from '@/utils/subscription';
+import { pickupFeaturedPlans, pickupFeaturedLogtoSkus } from '@/utils/subscription';
 
 import { type CreateTenantData } from '../types';
 
 import PlanCardItem from './PlanCardItem';
+import SkuCardItem from './SkuCardItem';
 import styles from './index.module.scss';
 
 type Props = {
@@ -28,21 +31,27 @@ type Props = {
 };
 
 function SelectTenantPlanModal({ tenantData, onClose }: Props) {
-  const [isSubmitting, setIsSubmitting] = useState<string>();
+  const [processingPlanId, setProcessingPlanId] = useState<string>();
+  const [processingSkuId, setProcessingSkuId] = useState<string>();
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+
   const { data: subscriptionPlans } = useSubscriptionPlans();
+  const { data: logtoSkus } = useLogtoSkus();
+
   const { subscribe } = useSubscribe();
   const cloudApi = useCloudApi({ hideErrorToast: true });
+
   const reservedPlans = conditional(subscriptionPlans && pickupFeaturedPlans(subscriptionPlans));
+  const reservedBasicLogtoSkus = conditional(logtoSkus && pickupFeaturedLogtoSkus(logtoSkus));
 
-  if (!reservedPlans || !tenantData) {
+  if (!reservedPlans || !reservedBasicLogtoSkus || !tenantData) {
     return null;
   }
 
   const handleSelectPlan = async (plan: SubscriptionPlan) => {
     const { id: planId } = plan;
     try {
-      setIsSubmitting(planId);
+      setProcessingPlanId(planId);
       if (planId === ReservedPlanId.Free) {
         const { name, tag, regionName } = tenantData;
         const newTenant = await cloudApi.post('/api/tenants', { body: { name, tag, regionName } });
@@ -56,7 +65,28 @@ function SelectTenantPlanModal({ tenantData, onClose }: Props) {
     } catch (error: unknown) {
       void toastResponseError(error);
     } finally {
-      setIsSubmitting(undefined);
+      setProcessingPlanId(undefined);
+    }
+  };
+
+  const handleSelectSku = async (logtoSku: LogtoSkuResponse) => {
+    const { id: skuId } = logtoSku;
+    try {
+      setProcessingSkuId(skuId);
+      if (skuId === ReservedPlanId.Free) {
+        const { name, tag, regionName } = tenantData;
+        const newTenant = await cloudApi.post('/api/tenants', { body: { name, tag, regionName } });
+
+        reportToGoogle(GtagConversionId.CreateProductionTenant, { transactionId: newTenant.id });
+        onClose(newTenant);
+        return;
+      }
+
+      await subscribe({ skuId, planId: skuId, tenantData });
+    } catch (error: unknown) {
+      void toastResponseError(error);
+    } finally {
+      setProcessingSkuId(undefined);
     }
   };
 
@@ -83,19 +113,33 @@ function SelectTenantPlanModal({ tenantData, onClose }: Props) {
         onClose={onClose}
       >
         <div className={styles.container}>
-          {reservedPlans.map((plan) => (
-            <PlanCardItem
-              key={plan.id}
-              plan={plan}
-              buttonProps={{
-                isLoading: isSubmitting === plan.id,
-                disabled: Boolean(isSubmitting),
-              }}
-              onSelect={() => {
-                void handleSelectPlan(plan);
-              }}
-            />
-          ))}
+          {isDevFeaturesEnabled
+            ? reservedBasicLogtoSkus.map((logtoSku) => (
+                <SkuCardItem
+                  key={logtoSku.id}
+                  sku={logtoSku}
+                  buttonProps={{
+                    isLoading: processingSkuId === logtoSku.id,
+                    disabled: Boolean(processingSkuId),
+                  }}
+                  onSelect={() => {
+                    void handleSelectSku(logtoSku);
+                  }}
+                />
+              ))
+            : reservedPlans.map((plan) => (
+                <PlanCardItem
+                  key={plan.id}
+                  plan={plan}
+                  buttonProps={{
+                    isLoading: processingPlanId === plan.id,
+                    disabled: Boolean(processingPlanId),
+                  }}
+                  onSelect={() => {
+                    void handleSelectPlan(plan);
+                  }}
+                />
+              ))}
         </div>
       </ModalLayout>
     </Modal>
diff --git a/packages/console/src/components/MauExceededModal/index.tsx b/packages/console/src/components/MauExceededModal/index.tsx
index 947e53835136..835a14b40073 100644
--- a/packages/console/src/components/MauExceededModal/index.tsx
+++ b/packages/console/src/components/MauExceededModal/index.tsx
@@ -4,6 +4,7 @@ import ReactModal from 'react-modal';
 
 import PlanUsage from '@/components/PlanUsage';
 import { contactEmailLink } from '@/consts';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { subscriptionPage } from '@/consts/pages';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
@@ -21,7 +22,13 @@ import styles from './index.module.scss';
 function MauExceededModal() {
   const { currentTenant } = useContext(TenantsContext);
   const { usage } = currentTenant ?? {};
-  const { currentPlan, currentSubscription } = useContext(SubscriptionDataContext);
+  const {
+    currentPlan,
+    currentSubscription,
+    currentSku,
+    currentSubscriptionQuota,
+    currentSubscriptionUsage,
+  } = useContext(SubscriptionDataContext);
 
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { navigate } = useTenantPathname();
@@ -40,7 +47,10 @@ function MauExceededModal() {
     name: planName,
   } = currentPlan;
 
-  const isMauExceeded = mauLimit !== null && usage.activeUsers >= mauLimit;
+  const isMauExceeded = isDevFeaturesEnabled
+    ? currentSubscriptionQuota.mauLimit !== null &&
+      currentSubscriptionUsage.mauLimit >= currentSubscriptionQuota.mauLimit
+    : mauLimit !== null && usage.activeUsers >= mauLimit;
 
   if (!isMauExceeded) {
     return null;
@@ -76,7 +86,7 @@ function MauExceededModal() {
         <InlineNotification severity="error">
           <Trans
             components={{
-              planName: <PlanName name={planName} />,
+              planName: <PlanName skuId={currentSku.id} name={planName} />,
             }}
           >
             {t('upsell.mau_exceeded_modal.notification')}
diff --git a/packages/console/src/components/PlanDescription/index.tsx b/packages/console/src/components/PlanDescription/index.tsx
index f39a94c1b664..1db3e078542e 100644
--- a/packages/console/src/components/PlanDescription/index.tsx
+++ b/packages/console/src/components/PlanDescription/index.tsx
@@ -1,4 +1,5 @@
 import { ReservedPlanId } from '@logto/schemas';
+import { conditional } from '@silverhand/essentials';
 import { type TFuncKey } from 'i18next';
 
 import DynamicT from '@/ds-components/DynamicT';
@@ -11,10 +12,17 @@ const registeredPlanDescriptionPhrasesMap: Record<
   [ReservedPlanId.Pro]: 'pro_plan_description',
 };
 
-type Props = { readonly planId: string };
+type Props = {
+  /** Temporarily mark as optional. */
+  readonly skuId?: string;
+  /** @deprecated */
+  readonly planId: string;
+};
 
-function PlanDescription({ planId }: Props) {
-  const description = registeredPlanDescriptionPhrasesMap[planId];
+function PlanDescription({ skuId, planId }: Props) {
+  const description =
+    conditional(skuId && registeredPlanDescriptionPhrasesMap[skuId]) ??
+    registeredPlanDescriptionPhrasesMap[planId];
 
   if (!description) {
     return null;
diff --git a/packages/console/src/components/PlanName/index.tsx b/packages/console/src/components/PlanName/index.tsx
index 2dc5f8e77b48..abd91e3a02d2 100644
--- a/packages/console/src/components/PlanName/index.tsx
+++ b/packages/console/src/components/PlanName/index.tsx
@@ -1,3 +1,4 @@
+import { conditional } from '@silverhand/essentials';
 import { type TFuncKey } from 'i18next';
 import { useTranslation } from 'react-i18next';
 
@@ -15,12 +16,17 @@ const registeredPlanNamePhraseMap: Record<
 };
 
 type Props = {
+  /** Temporarily use optional for backward compatibility. */
+  readonly skuId?: string;
+  /** @deprecated */
   readonly name: string;
 };
 
-function PlanName({ name }: Props) {
+// TODO: rename the component once new pricing model is ready, should be `SkuName`.
+function PlanName({ skuId, name }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.subscription' });
-  const planNamePhrase = registeredPlanNamePhraseMap[name];
+  const planNamePhrase =
+    conditional(skuId && registeredPlanNamePhraseMap[skuId]) ?? registeredPlanNamePhraseMap[name];
 
   /**
    * Note: fallback to the plan name if the phrase is not registered.
diff --git a/packages/console/src/components/PlanUsage/index.tsx b/packages/console/src/components/PlanUsage/index.tsx
index 0a27d441c435..69f42fbfdf67 100644
--- a/packages/console/src/components/PlanUsage/index.tsx
+++ b/packages/console/src/components/PlanUsage/index.tsx
@@ -1,8 +1,11 @@
 import { conditional } from '@silverhand/essentials';
 import classNames from 'classnames';
 import dayjs from 'dayjs';
+import { useContext } from 'react';
 
 import { type SubscriptionUsage, type Subscription } from '@/cloud/types/router';
+import { isDevFeaturesEnabled } from '@/consts/env';
+import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import DynamicT from '@/ds-components/DynamicT';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 import { formatPeriod } from '@/utils/subscription';
@@ -10,17 +13,28 @@ import { formatPeriod } from '@/utils/subscription';
 import styles from './index.module.scss';
 
 type Props = {
+  /** @deprecated */
   readonly subscriptionUsage: SubscriptionUsage;
+  /** @deprecated */
   readonly currentSubscription: Subscription;
+  /** @deprecated */
   readonly currentPlan: SubscriptionPlan;
 };
 
 function PlanUsage({ subscriptionUsage, currentSubscription, currentPlan }: Props) {
-  const { currentPeriodStart, currentPeriodEnd } = currentSubscription;
-  const { activeUsers } = subscriptionUsage;
   const {
-    quota: { mauLimit },
-  } = currentPlan;
+    currentSubscriptionQuota,
+    currentSubscriptionUsage,
+    currentSubscription: currentSubscriptionFromNewPricingModel,
+  } = useContext(SubscriptionDataContext);
+
+  const { currentPeriodStart, currentPeriodEnd } = isDevFeaturesEnabled
+    ? currentSubscriptionFromNewPricingModel
+    : currentSubscription;
+
+  const [activeUsers, mauLimit] = isDevFeaturesEnabled
+    ? [currentSubscriptionUsage.mauLimit, currentSubscriptionQuota.mauLimit]
+    : [subscriptionUsage.activeUsers, currentPlan.quota.mauLimit];
 
   const usagePercent = conditional(mauLimit && activeUsers / mauLimit);
 
diff --git a/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/TenantStatusTag.tsx b/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/TenantStatusTag.tsx
index 394c31d99c76..6dd5b94bb6b8 100644
--- a/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/TenantStatusTag.tsx
+++ b/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/TenantStatusTag.tsx
@@ -1,15 +1,26 @@
-import { type TenantResponse } from '@/cloud/types/router';
+import { conditional } from '@silverhand/essentials';
+
+import {
+  type TenantResponse,
+  type NewSubscriptionUsage,
+  type NewSubscriptionQuota,
+} from '@/cloud/types/router';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import DynamicT from '@/ds-components/DynamicT';
 import Tag from '@/ds-components/Tag';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 
 type Props = {
   readonly tenantData: TenantResponse;
-  readonly tenantPlan: SubscriptionPlan;
+  readonly tenantSubscriptionPlan: SubscriptionPlan;
+  readonly tenantStatus: {
+    usage: NewSubscriptionUsage;
+    quota: NewSubscriptionQuota;
+  };
   readonly className?: string;
 };
 
-function TenantStatusTag({ tenantData, tenantPlan, className }: Props) {
+function TenantStatusTag({ tenantData, tenantSubscriptionPlan, tenantStatus, className }: Props) {
   const { usage, openInvoices, isSuspended } = tenantData;
 
   /**
@@ -35,13 +46,21 @@ function TenantStatusTag({ tenantData, tenantPlan, className }: Props) {
     );
   }
 
+  const { usage: tenantUsage, quota: tenantQuota } = tenantStatus;
+
   const { activeUsers } = usage;
 
   const {
     quota: { mauLimit },
-  } = tenantPlan;
+  } = tenantSubscriptionPlan;
 
-  const isMauExceeded = mauLimit !== null && activeUsers >= mauLimit;
+  const isMauExceeded =
+    conditional(
+      isDevFeaturesEnabled &&
+        tenantQuota.mauLimit !== null &&
+        tenantUsage.mauLimit >= tenantQuota.mauLimit
+    ) ??
+    (mauLimit !== null && activeUsers >= mauLimit);
 
   if (isMauExceeded) {
     return (
diff --git a/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx b/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx
index 444f4ba4c6e6..f2191ce6bedc 100644
--- a/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx
+++ b/packages/console/src/components/Topbar/TenantSelector/TenantDropdownItem/index.tsx
@@ -26,13 +26,18 @@ function TenantDropdownItem({ tenantData, isSelected, onClick }: Props) {
     subscription: { planId },
   } = tenantData;
 
-  const { subscriptionPlans } = useContext(SubscriptionDataContext);
-  const tenantPlan = useMemo(
+  const {
+    subscriptionPlans,
+    currentSku,
+    currentSubscriptionUsage: usage,
+    currentSubscriptionQuota: quota,
+  } = useContext(SubscriptionDataContext);
+  const tenantSubscriptionPlan = useMemo(
     () => subscriptionPlans.find((plan) => plan.id === planId),
     [subscriptionPlans, planId]
   );
 
-  if (!tenantPlan) {
+  if (!tenantSubscriptionPlan) {
     return null;
   }
 
@@ -44,7 +49,8 @@ function TenantDropdownItem({ tenantData, isSelected, onClick }: Props) {
           <TenantEnvTag tag={tag} />
           <TenantStatusTag
             tenantData={tenantData}
-            tenantPlan={tenantPlan}
+            tenantStatus={{ usage, quota }}
+            tenantSubscriptionPlan={tenantSubscriptionPlan}
             className={styles.statusTag}
           />
         </div>
@@ -52,7 +58,7 @@ function TenantDropdownItem({ tenantData, isSelected, onClick }: Props) {
           {tag === TenantTag.Development ? (
             <DynamicT forKey="subscription.no_subscription" />
           ) : (
-            <PlanName name={tenantPlan.name} />
+            <PlanName skuId={currentSku.id} name={tenantSubscriptionPlan.name} />
           )}
         </div>
       </div>
diff --git a/packages/console/src/consts/plan-quotas.ts b/packages/console/src/consts/plan-quotas.ts
index 2a271279cbd7..d6111c134ccf 100644
--- a/packages/console/src/consts/plan-quotas.ts
+++ b/packages/console/src/consts/plan-quotas.ts
@@ -1,5 +1,6 @@
 import { ReservedPlanId } from '@logto/schemas';
 
+import { type LogtoSkuQuota } from '@/types/skus';
 import { type SubscriptionPlanQuota } from '@/types/subscriptions';
 
 /**
@@ -35,9 +36,37 @@ export const planQuotaItemOrder: Array<keyof SubscriptionPlanQuota> = [
   'ticketSupportResponseTime',
 ];
 
+/**
+ * Define the order of quota items in the downgrade plan notification modal and not eligible for downgrade plan modal.
+ */
+export const skuQuotaItemOrder: Array<keyof LogtoSkuQuota> = [
+  'mauLimit',
+  'tokenLimit',
+  'applicationsLimit',
+  'machineToMachineLimit',
+  'thirdPartyApplicationsLimit',
+  'resourcesLimit',
+  'scopesPerResourceLimit',
+  'socialConnectorsLimit',
+  'mfaEnabled',
+  'enterpriseSsoLimit',
+  'userRolesLimit',
+  'machineToMachineRolesLimit',
+  'scopesPerRoleLimit',
+  'organizationsEnabled',
+  'auditLogsRetentionDays',
+  'hooksLimit',
+  'customJwtEnabled',
+  'subjectTokenEnabled',
+  'bringYourUiEnabled',
+  'ticketSupportResponseTime',
+];
+
 /**
  * Unreleased quota keys will be added here, and it will effect the following:
  * - Related quota items will have a "Coming soon" tag in the plan selection component.
  * - Related quota items will be hidden from the downgrade plan notification modal.
  */
 export const comingSoonQuotaKeys: Array<keyof SubscriptionPlanQuota> = [];
+
+export const comingSoonSkuQuotaKeys: Array<keyof LogtoSkuQuota> = [];
diff --git a/packages/console/src/consts/quota-item-phrases.ts b/packages/console/src/consts/quota-item-phrases.ts
index 3a6dec712f32..c80de6e88fb9 100644
--- a/packages/console/src/consts/quota-item-phrases.ts
+++ b/packages/console/src/consts/quota-item-phrases.ts
@@ -1,7 +1,9 @@
 import { type TFuncKey } from 'i18next';
 
+import { type LogtoSkuQuota } from '@/types/skus';
 import { type SubscriptionPlanQuota } from '@/types/subscriptions';
 
+/** @deprecated */
 export const quotaItemPhrasesMap: Record<
   keyof SubscriptionPlanQuota,
   TFuncKey<'translation', 'admin_console.subscription.quota_item'>
@@ -32,6 +34,7 @@ export const quotaItemPhrasesMap: Record<
   bringYourUiEnabled: 'bring_your_ui_enabled.name',
 };
 
+/** @deprecated */
 export const quotaItemUnlimitedPhrasesMap: Record<
   keyof SubscriptionPlanQuota,
   TFuncKey<'translation', 'admin_console.subscription.quota_item'>
@@ -62,6 +65,7 @@ export const quotaItemUnlimitedPhrasesMap: Record<
   bringYourUiEnabled: 'bring_your_ui_enabled.unlimited',
 };
 
+/** @deprecated */
 export const quotaItemLimitedPhrasesMap: Record<
   keyof SubscriptionPlanQuota,
   TFuncKey<'translation', 'admin_console.subscription.quota_item'>
@@ -92,6 +96,7 @@ export const quotaItemLimitedPhrasesMap: Record<
   bringYourUiEnabled: 'bring_your_ui_enabled.limited',
 };
 
+/** @deprecated */
 export const quotaItemNotEligiblePhrasesMap: Record<
   keyof SubscriptionPlanQuota,
   TFuncKey<'translation', 'admin_console.subscription.quota_item'>
@@ -121,3 +126,113 @@ export const quotaItemNotEligiblePhrasesMap: Record<
   subjectTokenEnabled: 'impersonation_enabled.not_eligible',
   bringYourUiEnabled: 'bring_your_ui_enabled.not_eligible',
 };
+
+/* === for new pricing model === */
+export const skuQuotaItemPhrasesMap: Record<
+  keyof LogtoSkuQuota,
+  TFuncKey<'translation', 'admin_console.subscription.quota_item'>
+> = {
+  mauLimit: 'mau_limit.name',
+  tokenLimit: 'token_limit.name',
+  applicationsLimit: 'applications_limit.name',
+  machineToMachineLimit: 'machine_to_machine_limit.name',
+  thirdPartyApplicationsLimit: 'third_party_applications_limit.name',
+  resourcesLimit: 'resources_limit.name',
+  scopesPerResourceLimit: 'scopes_per_resource_limit.name',
+  socialConnectorsLimit: 'social_connectors_limit.name',
+  userRolesLimit: 'roles_limit.name',
+  machineToMachineRolesLimit: 'machine_to_machine_roles_limit.name',
+  scopesPerRoleLimit: 'scopes_per_role_limit.name',
+  hooksLimit: 'hooks_limit.name',
+  auditLogsRetentionDays: 'audit_logs_retention_days.name',
+  ticketSupportResponseTime: 'email_ticket_support.name',
+  mfaEnabled: 'mfa_enabled.name',
+  organizationsEnabled: 'organizations_enabled.name',
+  enterpriseSsoLimit: 'sso_enabled.name',
+  tenantMembersLimit: 'tenant_members_limit.name',
+  customJwtEnabled: 'custom_jwt_enabled.name',
+  subjectTokenEnabled: 'impersonation_enabled.name',
+  bringYourUiEnabled: 'bring_your_ui_enabled.name',
+};
+
+export const skuQuotaItemUnlimitedPhrasesMap: Record<
+  keyof LogtoSkuQuota,
+  TFuncKey<'translation', 'admin_console.subscription.quota_item'>
+> = {
+  mauLimit: 'mau_limit.unlimited',
+  tokenLimit: 'token_limit.unlimited',
+  applicationsLimit: 'applications_limit.unlimited',
+  machineToMachineLimit: 'machine_to_machine_limit.unlimited',
+  thirdPartyApplicationsLimit: 'third_party_applications_limit.unlimited',
+  resourcesLimit: 'resources_limit.unlimited',
+  scopesPerResourceLimit: 'scopes_per_resource_limit.unlimited',
+  socialConnectorsLimit: 'social_connectors_limit.unlimited',
+  userRolesLimit: 'roles_limit.unlimited',
+  machineToMachineRolesLimit: 'machine_to_machine_roles_limit.unlimited',
+  scopesPerRoleLimit: 'scopes_per_role_limit.unlimited',
+  hooksLimit: 'hooks_limit.unlimited',
+  auditLogsRetentionDays: 'audit_logs_retention_days.unlimited',
+  ticketSupportResponseTime: 'email_ticket_support.unlimited',
+  mfaEnabled: 'mfa_enabled.unlimited',
+  organizationsEnabled: 'organizations_enabled.unlimited',
+  enterpriseSsoLimit: 'sso_enabled.unlimited',
+  tenantMembersLimit: 'tenant_members_limit.unlimited',
+  customJwtEnabled: 'custom_jwt_enabled.unlimited',
+  subjectTokenEnabled: 'impersonation_enabled.unlimited',
+  bringYourUiEnabled: 'bring_your_ui_enabled.unlimited',
+};
+
+export const skuQuotaItemLimitedPhrasesMap: Record<
+  keyof LogtoSkuQuota,
+  TFuncKey<'translation', 'admin_console.subscription.quota_item'>
+> = {
+  mauLimit: 'mau_limit.limited',
+  tokenLimit: 'token_limit.limited',
+  applicationsLimit: 'applications_limit.limited',
+  machineToMachineLimit: 'machine_to_machine_limit.limited',
+  thirdPartyApplicationsLimit: 'third_party_applications_limit.limited',
+  resourcesLimit: 'resources_limit.limited',
+  scopesPerResourceLimit: 'scopes_per_resource_limit.limited',
+  socialConnectorsLimit: 'social_connectors_limit.limited',
+  userRolesLimit: 'roles_limit.limited',
+  machineToMachineRolesLimit: 'machine_to_machine_roles_limit.limited',
+  scopesPerRoleLimit: 'scopes_per_role_limit.limited',
+  hooksLimit: 'hooks_limit.limited',
+  auditLogsRetentionDays: 'audit_logs_retention_days.limited',
+  ticketSupportResponseTime: 'email_ticket_support.limited',
+  mfaEnabled: 'mfa_enabled.limited',
+  organizationsEnabled: 'organizations_enabled.limited',
+  enterpriseSsoLimit: 'sso_enabled.limited',
+  tenantMembersLimit: 'tenant_members_limit.limited',
+  customJwtEnabled: 'custom_jwt_enabled.limited',
+  subjectTokenEnabled: 'impersonation_enabled.limited',
+  bringYourUiEnabled: 'bring_your_ui_enabled.limited',
+};
+
+export const skuQuotaItemNotEligiblePhrasesMap: Record<
+  keyof LogtoSkuQuota,
+  TFuncKey<'translation', 'admin_console.subscription.quota_item'>
+> = {
+  mauLimit: 'mau_limit.not_eligible',
+  tokenLimit: 'token_limit.not_eligible',
+  applicationsLimit: 'applications_limit.not_eligible',
+  machineToMachineLimit: 'machine_to_machine_limit.not_eligible',
+  thirdPartyApplicationsLimit: 'third_party_applications_limit.not_eligible',
+  resourcesLimit: 'resources_limit.not_eligible',
+  scopesPerResourceLimit: 'scopes_per_resource_limit.not_eligible',
+  socialConnectorsLimit: 'social_connectors_limit.not_eligible',
+  userRolesLimit: 'roles_limit.not_eligible',
+  machineToMachineRolesLimit: 'machine_to_machine_roles_limit.not_eligible',
+  scopesPerRoleLimit: 'scopes_per_role_limit.not_eligible',
+  hooksLimit: 'hooks_limit.not_eligible',
+  auditLogsRetentionDays: 'audit_logs_retention_days.not_eligible',
+  ticketSupportResponseTime: 'email_ticket_support.not_eligible',
+  mfaEnabled: 'mfa_enabled.not_eligible',
+  organizationsEnabled: 'organizations_enabled.not_eligible',
+  enterpriseSsoLimit: 'sso_enabled.not_eligible',
+  tenantMembersLimit: 'tenant_members_limit.not_eligible',
+  customJwtEnabled: 'custom_jwt_enabled.not_eligible',
+  subjectTokenEnabled: 'impersonation_enabled.not_eligible',
+  bringYourUiEnabled: 'bring_your_ui_enabled.not_eligible',
+};
+/* === for new pricing model === */
diff --git a/packages/console/src/consts/tenants.ts b/packages/console/src/consts/tenants.ts
index 05bc17173a05..133aa531b0b7 100644
--- a/packages/console/src/consts/tenants.ts
+++ b/packages/console/src/consts/tenants.ts
@@ -1,8 +1,14 @@
 import { ReservedPlanId, TenantTag, defaultManagementApi } from '@logto/schemas';
 import dayjs from 'dayjs';
 
-import { type TenantResponse } from '@/cloud/types/router';
+import {
+  type NewSubscriptionQuota,
+  type LogtoSkuResponse,
+  type TenantResponse,
+  type NewSubscriptionUsage,
+} from '@/cloud/types/router';
 import { RegionName } from '@/components/Region';
+import { LogtoSkuType } from '@/types/skus';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 
 import { adminEndpoint, isCloud } from './env';
@@ -76,6 +82,88 @@ export const defaultSubscriptionPlan: SubscriptionPlan = {
   },
 };
 
+/**
+ * - For cloud, the initial tenant's subscription plan will be fetched from the cloud API.
+ * - OSS has a fixed subscription plan with `development` id and no cloud API to dynamically fetch the subscription plan.
+ */
+export const defaultLogtoSku: LogtoSkuResponse = {
+  id: ReservedPlanId.Development,
+  name: 'Logto Development plan',
+  createdAt: new Date(),
+  updatedAt: new Date(),
+  type: LogtoSkuType.Basic,
+  unitPrice: 0,
+  quota: {
+    // A soft limit for abuse monitoring
+    mauLimit: 100,
+    tokenLimit: null,
+    applicationsLimit: null,
+    machineToMachineLimit: null,
+    resourcesLimit: null,
+    scopesPerResourceLimit: null,
+    socialConnectorsLimit: null,
+    userRolesLimit: null,
+    machineToMachineRolesLimit: null,
+    scopesPerRoleLimit: null,
+    hooksLimit: null,
+    auditLogsRetentionDays: 14,
+    mfaEnabled: true,
+    organizationsEnabled: true,
+    enterpriseSsoLimit: null,
+    thirdPartyApplicationsLimit: null,
+    tenantMembersLimit: 20,
+    customJwtEnabled: true,
+    subjectTokenEnabled: true,
+    bringYourUiEnabled: true,
+  },
+};
+
+/** Quota for Free plan */
+export const defaultSubscriptionQuota: NewSubscriptionQuota = {
+  mauLimit: 50_000,
+  tokenLimit: 500_000,
+  applicationsLimit: 3,
+  machineToMachineLimit: 1,
+  resourcesLimit: 1,
+  scopesPerResourceLimit: 1,
+  socialConnectorsLimit: 3,
+  userRolesLimit: 1,
+  machineToMachineRolesLimit: 1,
+  scopesPerRoleLimit: 1,
+  hooksLimit: 1,
+  auditLogsRetentionDays: 3,
+  mfaEnabled: false,
+  organizationsEnabled: false,
+  enterpriseSsoLimit: 0,
+  thirdPartyApplicationsLimit: 0,
+  tenantMembersLimit: 1,
+  customJwtEnabled: false,
+  subjectTokenEnabled: false,
+  bringYourUiEnabled: false,
+};
+
+export const defaultSubscriptionUsage: NewSubscriptionUsage = {
+  mauLimit: 0,
+  tokenLimit: 0,
+  applicationsLimit: 0,
+  machineToMachineLimit: 0,
+  resourcesLimit: 0,
+  scopesPerResourceLimit: 0,
+  socialConnectorsLimit: 0,
+  userRolesLimit: 0,
+  machineToMachineRolesLimit: 0,
+  scopesPerRoleLimit: 0,
+  hooksLimit: 0,
+  mfaEnabled: false,
+  organizationsEnabled: false,
+  enterpriseSsoLimit: 0,
+  thirdPartyApplicationsLimit: 0,
+  tenantMembersLimit: 0,
+  customJwtEnabled: false,
+  subjectTokenEnabled: false,
+  bringYourUiEnabled: false,
+};
+
 const getAdminTenantEndpoint = () => {
   // Allow endpoint override for dev or testing
   if (adminEndpoint) {
diff --git a/packages/console/src/containers/AppContent/index.tsx b/packages/console/src/containers/AppContent/index.tsx
index 8722f0381bb1..a5c74174853a 100644
--- a/packages/console/src/containers/AppContent/index.tsx
+++ b/packages/console/src/containers/AppContent/index.tsx
@@ -6,6 +6,7 @@ import AppLoading from '@/components/AppLoading';
 import Topbar from '@/components/Topbar';
 import { isCloud } from '@/consts/env';
 import SubscriptionDataProvider from '@/contexts/SubscriptionDataProvider';
+import useNewSubscriptionData from '@/contexts/SubscriptionDataProvider/use-new-subscription-data';
 import useSubscriptionData from '@/contexts/SubscriptionDataProvider/use-subscription-data';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import useScroll from '@/hooks/use-scroll';
@@ -24,18 +25,38 @@ export default function AppContent() {
   const { currentTenant } = useContext(TenantsContext);
   const isTenantSuspended = isCloud && currentTenant?.isSuspended;
   const { isLoading: isLoadingSubscriptionData, ...subscriptionDta } = useSubscriptionData();
+  const {
+    isLoading: isLoadingNewSubscriptionData,
+    logtoSkus,
+    currentSku,
+    currentSubscriptionQuota,
+    currentSubscriptionUsage,
+    currentSubscriptionScopeResourceUsage,
+    currentSubscriptionScopeRoleUsage,
+  } = useNewSubscriptionData();
 
   const scrollableContent = useRef<HTMLDivElement>(null);
   const { scrollTop } = useScroll(scrollableContent.current);
 
-  const isLoading = isLoadingPreference || isLoadingSubscriptionData;
+  const isLoading =
+    isLoadingPreference || isLoadingSubscriptionData || isLoadingNewSubscriptionData;
 
   if (isLoading || !currentTenant) {
     return <AppLoading />;
   }
 
   return (
-    <SubscriptionDataProvider subscriptionData={subscriptionDta}>
+    <SubscriptionDataProvider
+      subscriptionData={{
+        ...subscriptionDta,
+        logtoSkus,
+        currentSku,
+        currentSubscriptionQuota,
+        currentSubscriptionUsage,
+        currentSubscriptionScopeResourceUsage,
+        currentSubscriptionScopeRoleUsage,
+      }}
+    >
       <div className={styles.app}>
         <Topbar className={conditional(scrollTop && styles.topbarShadow)} />
         {isTenantSuspended && <TenantSuspendedPage />}
diff --git a/packages/console/src/contexts/SubscriptionDataProvider/index.tsx b/packages/console/src/contexts/SubscriptionDataProvider/index.tsx
index 85b874af71c6..fea1c98e87e1 100644
--- a/packages/console/src/contexts/SubscriptionDataProvider/index.tsx
+++ b/packages/console/src/contexts/SubscriptionDataProvider/index.tsx
@@ -1,12 +1,18 @@
 import { noop } from '@silverhand/essentials';
 import { createContext, type ReactNode } from 'react';
 
-import { defaultSubscriptionPlan, defaultTenantResponse } from '@/consts';
+import {
+  defaultSubscriptionPlan,
+  defaultLogtoSku,
+  defaultTenantResponse,
+  defaultSubscriptionQuota,
+  defaultSubscriptionUsage,
+} from '@/consts';
 // Used in the docs
 // eslint-disable-next-line unused-imports/no-unused-imports
 import TenantAccess from '@/containers/TenantAccess';
 
-import { type Context } from './types';
+import { type FullContext } from './types';
 
 const defaultSubscription = defaultTenantResponse.subscription;
 
@@ -14,15 +20,23 @@ const defaultSubscription = defaultTenantResponse.subscription;
  * This context provides the subscription plans and subscription data of the current tenant.
  * CAUTION: You should only use this data context under the {@link TenantAccess} component
  */
-export const SubscriptionDataContext = createContext<Context>({
+export const SubscriptionDataContext = createContext<FullContext>({
   subscriptionPlans: [],
   currentPlan: defaultSubscriptionPlan,
   currentSubscription: defaultSubscription,
   onCurrentSubscriptionUpdated: noop,
+  /* ==== For new pricing model ==== */
+  logtoSkus: [],
+  currentSku: defaultLogtoSku,
+  currentSubscriptionQuota: defaultSubscriptionQuota,
+  currentSubscriptionUsage: defaultSubscriptionUsage,
+  currentSubscriptionScopeResourceUsage: {},
+  currentSubscriptionScopeRoleUsage: {},
+  /* ==== For new pricing model ==== */
 });
 
 type Props = {
-  readonly subscriptionData: Context;
+  readonly subscriptionData: FullContext;
   readonly children: ReactNode;
 };
 
diff --git a/packages/console/src/contexts/SubscriptionDataProvider/types.ts b/packages/console/src/contexts/SubscriptionDataProvider/types.ts
index 65be35ce84df..5bbc83528e3d 100644
--- a/packages/console/src/contexts/SubscriptionDataProvider/types.ts
+++ b/packages/console/src/contexts/SubscriptionDataProvider/types.ts
@@ -1,9 +1,31 @@
-import { type Subscription } from '@/cloud/types/router';
+import {
+  type LogtoSkuResponse,
+  type Subscription,
+  type NewSubscriptionQuota,
+  type NewSubscriptionUsage,
+  type NewSubscriptionScopeUsage,
+} from '@/cloud/types/router';
 import { type SubscriptionPlan } from '@/types/subscriptions';
 
 export type Context = {
+  /** @deprecated */
   subscriptionPlans: SubscriptionPlan[];
+  /** @deprecated */
   currentPlan: SubscriptionPlan;
   currentSubscription: Subscription;
   onCurrentSubscriptionUpdated: (subscription?: Subscription) => void;
 };
+
+type NewSubscriptionSupplementContext = {
+  logtoSkus: LogtoSkuResponse[];
+  currentSku: LogtoSkuResponse;
+  currentSubscriptionQuota: NewSubscriptionQuota;
+  currentSubscriptionUsage: NewSubscriptionUsage;
+  currentSubscriptionScopeResourceUsage: NewSubscriptionScopeUsage;
+  currentSubscriptionScopeRoleUsage: NewSubscriptionScopeUsage;
+};
+
+export type NewSubscriptionContext = Omit<Context, 'subscriptionPlans' | 'currentPlan'> &
+  NewSubscriptionSupplementContext;
+
+export type FullContext = Context & NewSubscriptionSupplementContext;
diff --git a/packages/console/src/contexts/SubscriptionDataProvider/use-new-subscription-data.ts b/packages/console/src/contexts/SubscriptionDataProvider/use-new-subscription-data.ts
new file mode 100644
index 000000000000..5e7791007f8f
--- /dev/null
+++ b/packages/console/src/contexts/SubscriptionDataProvider/use-new-subscription-data.ts
@@ -0,0 +1,64 @@
+import { cond, condString } from '@silverhand/essentials';
+import { useContext, useMemo } from 'react';
+
+import {
+  defaultLogtoSku,
+  defaultTenantResponse,
+  defaultSubscriptionQuota,
+  defaultSubscriptionUsage,
+} from '@/consts';
+import { isCloud } from '@/consts/env';
+import { TenantsContext } from '@/contexts/TenantsProvider';
+import useLogtoSkus from '@/hooks/use-logto-skus';
+import useNewSubscriptionQuota from '@/hooks/use-new-subscription-quota';
+import useNewSubscriptionScopeUsage from '@/hooks/use-new-subscription-scopes-usage';
+import useNewSubscriptionUsage from '@/hooks/use-new-subscription-usage';
+
+import useSubscription from '../../hooks/use-subscription';
+
+import { type NewSubscriptionContext } from './types';
+
+const useNewSubscriptionData: () => NewSubscriptionContext & { isLoading: boolean } = () => {
+  const { currentTenant } = useContext(TenantsContext);
+  const { isLoading: isLogtoSkusLoading, data: fetchedLogtoSkus } = useLogtoSkus();
+  const {
+    data: currentSubscription,
+    isLoading: isSubscriptionLoading,
+    mutate: mutateSubscription,
+  } = useSubscription(condString(currentTenant?.id));
+  const { data: currentSubscriptionQuota, isLoading: isSubscriptionQuotaLoading } =
+    useNewSubscriptionQuota(condString(currentTenant?.id));
+  const { data: currentSubscriptionUsage, isLoading: isSubscriptionUsageLoading } =
+    useNewSubscriptionUsage(condString(currentTenant?.id));
+  const {
+    scopeResourceUsage: { data: scopeResourceUsage, isLoading: isScopePerResourceUsageLoading },
+    scopeRoleUsage: { data: scopeRoleUsage, isLoading: isScopePerRoleUsageLoading },
+  } = useNewSubscriptionScopeUsage(condString(currentTenant?.id));
+
+  const logtoSkus = useMemo(() => cond(isCloud && fetchedLogtoSkus) ?? [], [fetchedLogtoSkus]);
+
+  const currentSku = useMemo(
+    () => logtoSkus.find((logtoSku) => logtoSku.id === currentTenant?.planId) ?? defaultLogtoSku,
+    [currentTenant?.planId, logtoSkus]
+  );
+
+  return {
+    isLoading:
+      isSubscriptionLoading ||
+      isLogtoSkusLoading ||
+      isSubscriptionQuotaLoading ||
+      isSubscriptionUsageLoading ||
+      isScopePerResourceUsageLoading ||
+      isScopePerRoleUsageLoading,
+    logtoSkus,
+    currentSku,
+    currentSubscription: currentSubscription ?? defaultTenantResponse.subscription,
+    onCurrentSubscriptionUpdated: mutateSubscription,
+    currentSubscriptionQuota: currentSubscriptionQuota ?? defaultSubscriptionQuota,
+    currentSubscriptionUsage: currentSubscriptionUsage ?? defaultSubscriptionUsage,
+    currentSubscriptionScopeResourceUsage: scopeResourceUsage ?? {},
+    currentSubscriptionScopeRoleUsage: scopeRoleUsage ?? {},
+  };
+};
+
+export default useNewSubscriptionData;
diff --git a/packages/console/src/hooks/use-api-resources-usage.ts b/packages/console/src/hooks/use-api-resources-usage.ts
index 331f329b9760..5adbc1fe3e8b 100644
--- a/packages/console/src/hooks/use-api-resources-usage.ts
+++ b/packages/console/src/hooks/use-api-resources-usage.ts
@@ -3,12 +3,18 @@ import { useContext, useMemo } from 'react';
 import useSWR from 'swr';
 
 import { type ApiResource } from '@/consts';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
-import { hasReachedQuotaLimit, hasSurpassedQuotaLimit } from '@/utils/quota';
+import {
+  hasReachedQuotaLimit,
+  hasReachedSubscriptionQuotaLimit,
+  hasSurpassedQuotaLimit,
+  hasSurpassedSubscriptionQuotaLimit,
+} from '@/utils/quota';
 
 const useApiResourcesUsage = () => {
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSubscriptionQuota, currentSubscriptionUsage } =
+    useContext(SubscriptionDataContext);
 
   /**
    * Note: we only need to fetch all resources when the user is in cloud environment.
@@ -17,28 +23,43 @@ const useApiResourcesUsage = () => {
   const { data: allResources } = useSWR<ApiResource[]>(isCloud && 'api/resources');
 
   const resourceCount = useMemo(
-    () => allResources?.filter(({ indicator }) => !isManagementApi(indicator)).length ?? 0,
-    [allResources]
+    () =>
+      isDevFeaturesEnabled
+        ? currentSubscriptionUsage.resourcesLimit
+        : allResources?.filter(({ indicator }) => !isManagementApi(indicator)).length ?? 0,
+    [allResources, currentSubscriptionUsage.resourcesLimit]
   );
 
   const hasReachedLimit = useMemo(
     () =>
-      hasReachedQuotaLimit({
-        quotaKey: 'resourcesLimit',
-        plan: currentPlan,
-        usage: resourceCount,
-      }),
-    [currentPlan, resourceCount]
+      isDevFeaturesEnabled
+        ? hasReachedSubscriptionQuotaLimit({
+            quotaKey: 'resourcesLimit',
+            usage: currentSubscriptionUsage.resourcesLimit,
+            quota: currentSubscriptionQuota,
+          })
+        : hasReachedQuotaLimit({
+            quotaKey: 'resourcesLimit',
+            plan: currentPlan,
+            usage: resourceCount,
+          }),
+    [currentPlan, resourceCount, currentSubscriptionQuota, currentSubscriptionUsage.resourcesLimit]
   );
 
   const hasSurpassedLimit = useMemo(
     () =>
-      hasSurpassedQuotaLimit({
-        quotaKey: 'resourcesLimit',
-        plan: currentPlan,
-        usage: resourceCount,
-      }),
-    [currentPlan, resourceCount]
+      isDevFeaturesEnabled
+        ? hasSurpassedSubscriptionQuotaLimit({
+            quotaKey: 'resourcesLimit',
+            usage: currentSubscriptionUsage.resourcesLimit,
+            quota: currentSubscriptionQuota,
+          })
+        : hasSurpassedQuotaLimit({
+            quotaKey: 'resourcesLimit',
+            plan: currentPlan,
+            usage: resourceCount,
+          }),
+    [currentPlan, resourceCount, currentSubscriptionQuota, currentSubscriptionUsage.resourcesLimit]
   );
 
   return {
diff --git a/packages/console/src/hooks/use-applications-usage.ts b/packages/console/src/hooks/use-applications-usage.ts
index 99f42183dfab..37900c38283d 100644
--- a/packages/console/src/hooks/use-applications-usage.ts
+++ b/packages/console/src/hooks/use-applications-usage.ts
@@ -2,12 +2,18 @@ import { type Application, ApplicationType } from '@logto/schemas';
 import { useContext, useMemo } from 'react';
 import useSWR from 'swr';
 
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
-import { hasReachedQuotaLimit, hasSurpassedQuotaLimit } from '@/utils/quota';
+import {
+  hasReachedQuotaLimit,
+  hasReachedSubscriptionQuotaLimit,
+  hasSurpassedQuotaLimit,
+  hasSurpassedSubscriptionQuotaLimit,
+} from '@/utils/quota';
 
 const useApplicationsUsage = () => {
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSubscriptionQuota, currentSubscriptionUsage } =
+    useContext(SubscriptionDataContext);
 
   /**
    * Note: we only need to fetch all applications when the user is in cloud environment.
@@ -17,53 +23,103 @@ const useApplicationsUsage = () => {
 
   const m2mAppCount = useMemo(
     () =>
-      allApplications?.filter(({ type }) => type === ApplicationType.MachineToMachine).length ?? 0,
-    [allApplications]
+      isDevFeaturesEnabled
+        ? currentSubscriptionUsage.machineToMachineLimit
+        : allApplications?.filter(({ type }) => type === ApplicationType.MachineToMachine).length ??
+          0,
+    [allApplications, currentSubscriptionUsage.machineToMachineLimit]
   );
 
   const thirdPartyAppCount = useMemo(
-    () => allApplications?.filter(({ isThirdParty }) => isThirdParty).length ?? 0,
-    [allApplications]
+    () =>
+      isDevFeaturesEnabled
+        ? currentSubscriptionUsage.thirdPartyApplicationsLimit
+        : allApplications?.filter(({ isThirdParty }) => isThirdParty).length ?? 0,
+    [allApplications, currentSubscriptionUsage.thirdPartyApplicationsLimit]
   );
 
   const hasMachineToMachineAppsReachedLimit = useMemo(
     () =>
-      hasReachedQuotaLimit({
-        quotaKey: 'machineToMachineLimit',
-        plan: currentPlan,
-        usage: m2mAppCount,
-      }),
-    [currentPlan, m2mAppCount]
+      isDevFeaturesEnabled
+        ? hasReachedSubscriptionQuotaLimit({
+            quotaKey: 'machineToMachineLimit',
+            usage: currentSubscriptionUsage.machineToMachineLimit,
+            quota: currentSubscriptionQuota,
+          })
+        : hasReachedQuotaLimit({
+            quotaKey: 'machineToMachineLimit',
+            plan: currentPlan,
+            usage: m2mAppCount,
+          }),
+    [
+      currentPlan,
+      m2mAppCount,
+      currentSubscriptionUsage.machineToMachineLimit,
+      currentSubscriptionQuota,
+    ]
   );
 
   const hasMachineToMachineAppsSurpassedLimit = useMemo(
     () =>
-      hasSurpassedQuotaLimit({
-        quotaKey: 'machineToMachineLimit',
-        plan: currentPlan,
-        usage: m2mAppCount,
-      }),
-    [currentPlan, m2mAppCount]
+      isDevFeaturesEnabled
+        ? hasSurpassedSubscriptionQuotaLimit({
+            quotaKey: 'machineToMachineLimit',
+            usage: currentSubscriptionUsage.machineToMachineLimit,
+            quota: currentSubscriptionQuota,
+          })
+        : hasSurpassedQuotaLimit({
+            quotaKey: 'machineToMachineLimit',
+            plan: currentPlan,
+            usage: m2mAppCount,
+          }),
+    [
+      currentPlan,
+      m2mAppCount,
+      currentSubscriptionUsage.machineToMachineLimit,
+      currentSubscriptionQuota,
+    ]
   );
 
   const hasThirdPartyAppsReachedLimit = useMemo(
     () =>
-      hasReachedQuotaLimit({
-        quotaKey: 'thirdPartyApplicationsLimit',
-        plan: currentPlan,
-        usage: thirdPartyAppCount,
-      }),
-    [currentPlan, thirdPartyAppCount]
+      isDevFeaturesEnabled
+        ? hasReachedSubscriptionQuotaLimit({
+            quotaKey: 'thirdPartyApplicationsLimit',
+            usage: currentSubscriptionUsage.thirdPartyApplicationsLimit,
+            quota: currentSubscriptionQuota,
+          })
+        : hasReachedQuotaLimit({
+            quotaKey: 'thirdPartyApplicationsLimit',
+            plan: currentPlan,
+            usage: thirdPartyAppCount,
+          }),
+    [
+      currentPlan,
+      thirdPartyAppCount,
+      currentSubscriptionUsage.thirdPartyApplicationsLimit,
+      currentSubscriptionQuota,
+    ]
   );
 
   const hasAppsReachedLimit = useMemo(
     () =>
-      hasReachedQuotaLimit({
-        quotaKey: 'applicationsLimit',
-        plan: currentPlan,
-        usage: allApplications?.length ?? 0,
-      }),
-    [allApplications?.length, currentPlan]
+      isDevFeaturesEnabled
+        ? hasReachedSubscriptionQuotaLimit({
+            quotaKey: 'applicationsLimit',
+            usage: currentSubscriptionUsage.applicationsLimit,
+            quota: currentSubscriptionQuota,
+          })
+        : hasReachedQuotaLimit({
+            quotaKey: 'applicationsLimit',
+            plan: currentPlan,
+            usage: allApplications?.length ?? 0,
+          }),
+    [
+      allApplications?.length,
+      currentPlan,
+      currentSubscriptionUsage.applicationsLimit,
+      currentSubscriptionQuota,
+    ]
   );
 
   return {
diff --git a/packages/console/src/hooks/use-logto-skus.ts b/packages/console/src/hooks/use-logto-skus.ts
new file mode 100644
index 000000000000..211ce9b98397
--- /dev/null
+++ b/packages/console/src/hooks/use-logto-skus.ts
@@ -0,0 +1,52 @@
+import { type Optional } from '@silverhand/essentials';
+import { useMemo } from 'react';
+import useSWRImmutable from 'swr/immutable';
+
+import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
+import { type LogtoSkuResponse } from '@/cloud/types/router';
+import { isCloud } from '@/consts/env';
+import { featuredPlanIdOrder } from '@/consts/subscriptions';
+// Used in the docs
+// eslint-disable-next-line unused-imports/no-unused-imports
+import TenantAccess from '@/containers/TenantAccess';
+import { LogtoSkuType } from '@/types/skus';
+import { sortBy } from '@/utils/sort';
+import { addSupportQuota } from '@/utils/subscription';
+
+/**
+ * Fetch Logto SKUs from the cloud API.
+ * Note: If you want to retrieve Logto SKUs under the {@link TenantAccess} component, use `SubscriptionDataContext` instead.
+ */
+const useLogtoSkus = () => {
+  const cloudApi = useCloudApi();
+
+  const useSwrResponse = useSWRImmutable<LogtoSkuResponse[], Error>(
+    isCloud && '/api/skus',
+    async () =>
+      cloudApi.get('/api/skus', {
+        search: { type: LogtoSkuType.Basic },
+      })
+  );
+
+  const { data: logtoSkuResponse } = useSwrResponse;
+
+  const logtoSkus: Optional<LogtoSkuResponse[]> = useMemo(() => {
+    if (!logtoSkuResponse) {
+      return;
+    }
+
+    return logtoSkuResponse
+      .map((logtoSku) => addSupportQuota(logtoSku))
+      .slice()
+      .sort(({ id: previousId }, { id: nextId }) =>
+        sortBy(featuredPlanIdOrder)(previousId, nextId)
+      );
+  }, [logtoSkuResponse]);
+
+  return {
+    ...useSwrResponse,
+    data: logtoSkus,
+  };
+};
+
+export default useLogtoSkus;
diff --git a/packages/console/src/hooks/use-new-subscription-quota.ts b/packages/console/src/hooks/use-new-subscription-quota.ts
new file mode 100644
index 000000000000..8e679983f39c
--- /dev/null
+++ b/packages/console/src/hooks/use-new-subscription-quota.ts
@@ -0,0 +1,19 @@
+import useSWR from 'swr';
+
+import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
+import { type NewSubscriptionQuota } from '@/cloud/types/router';
+import { isCloud } from '@/consts/env';
+
+const useNewSubscriptionQuota = (tenantId: string) => {
+  const cloudApi = useCloudApi();
+
+  return useSWR<NewSubscriptionQuota, Error>(
+    isCloud && `/api/tenants/${tenantId}/subscription/quota`,
+    async () =>
+      cloudApi.get('/api/tenants/:tenantId/subscription/quota', {
+        params: { tenantId },
+      })
+  );
+};
+
+export default useNewSubscriptionQuota;
diff --git a/packages/console/src/hooks/use-new-subscription-scopes-usage.ts b/packages/console/src/hooks/use-new-subscription-scopes-usage.ts
new file mode 100644
index 000000000000..011f5cbd34be
--- /dev/null
+++ b/packages/console/src/hooks/use-new-subscription-scopes-usage.ts
@@ -0,0 +1,33 @@
+import useSWR from 'swr';
+
+import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
+import { type NewSubscriptionScopeUsage } from '@/cloud/types/router';
+import { isCloud } from '@/consts/env';
+
+const useNewSubscriptionScopeUsage = (tenantId: string) => {
+  const cloudApi = useCloudApi();
+
+  const resourceEntityName = 'resources';
+  const roleEntityName = 'roles';
+
+  return {
+    scopeResourceUsage: useSWR<NewSubscriptionScopeUsage, Error>(
+      isCloud && `/api/tenants/${tenantId}/subscription/usage/${resourceEntityName}/scopes`,
+      async () =>
+        cloudApi.get('/api/tenants/:tenantId/subscription/usage/:entityName/scopes', {
+          params: { tenantId, entityName: resourceEntityName },
+          search: {},
+        })
+    ),
+    scopeRoleUsage: useSWR<NewSubscriptionScopeUsage, Error>(
+      isCloud && `/api/tenants/${tenantId}/subscription/usage/${roleEntityName}/scopes`,
+      async () =>
+        cloudApi.get('/api/tenants/:tenantId/subscription/usage/:entityName/scopes', {
+          params: { tenantId, entityName: roleEntityName },
+          search: {},
+        })
+    ),
+  };
+};
+
+export default useNewSubscriptionScopeUsage;
diff --git a/packages/console/src/hooks/use-new-subscription-usage.ts b/packages/console/src/hooks/use-new-subscription-usage.ts
new file mode 100644
index 000000000000..b0af93689011
--- /dev/null
+++ b/packages/console/src/hooks/use-new-subscription-usage.ts
@@ -0,0 +1,19 @@
+import useSWR from 'swr';
+
+import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
+import { type NewSubscriptionUsage } from '@/cloud/types/router';
+import { isCloud } from '@/consts/env';
+
+const useNewSubscriptionUsage = (tenantId: string) => {
+  const cloudApi = useCloudApi();
+
+  return useSWR<NewSubscriptionUsage, Error>(
+    isCloud && `/api/tenants/${tenantId}/subscription/usage`,
+    async () =>
+      cloudApi.get('/api/tenants/:tenantId/subscription/usage', {
+        params: { tenantId },
+      })
+  );
+};
+
+export default useNewSubscriptionUsage;
diff --git a/packages/console/src/hooks/use-subscribe.ts b/packages/console/src/hooks/use-subscribe.ts
index 6bb49a252467..bf3332fab3d7 100644
--- a/packages/console/src/hooks/use-subscribe.ts
+++ b/packages/console/src/hooks/use-subscribe.ts
@@ -7,6 +7,7 @@ import { useTranslation } from 'react-i18next';
 
 import { toastResponseError, useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type CreateTenantData } from '@/components/CreateTenantModal/types';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { checkoutStateQueryKey } from '@/consts/subscriptions';
 import { GlobalRoute, TenantsContext } from '@/contexts/TenantsProvider';
 import { createLocalCheckoutSession } from '@/utils/checkout';
@@ -15,6 +16,12 @@ import { dropLeadingSlash } from '@/utils/url';
 import useTenantPathname from './use-tenant-pathname';
 
 type SubscribeProps = {
+  /**
+   * @remarks
+   * Temporarily mark this as optional for backward compatibility, in new pricing model we should always provide `skuId`.
+   */
+  skuId?: string;
+  /** @deprecated in new pricing model */
   planId: string;
   callbackPage?: string;
   tenantId?: string;
@@ -30,6 +37,7 @@ const useSubscribe = () => {
   const [isSubscribeLoading, setIsSubscribeLoading] = useState(false);
 
   const subscribe = async ({
+    skuId,
     planId,
     callbackPage,
     tenantId,
@@ -54,6 +62,7 @@ const useSubscribe = () => {
     try {
       const { redirectUri, sessionId } = await cloudApi.post('/api/checkout-session', {
         body: {
+          skuId,
           planId,
           successCallbackUrl,
           tenantId,
@@ -88,6 +97,20 @@ const useSubscribe = () => {
       },
     });
 
+    // Should not use hard-coded plan update here, need to update the tenant's subscription data with response from corresponding API.
+    if (isDevFeaturesEnabled) {
+      const { id, ...rest } = await cloudApi.get('/api/tenants/:tenantId/subscription', {
+        params: {
+          tenantId,
+        },
+      });
+      updateTenant(tenantId, {
+        planId: rest.planId,
+        subscription: rest,
+      });
+      return;
+    }
+
     /**
      * Note: need to update the tenant's subscription cache data,
      * since the cancel subscription flow will not redirect to the stripe payment page.
diff --git a/packages/console/src/hooks/use-subscription-plans.ts b/packages/console/src/hooks/use-subscription-plans.ts
index eff34f682765..1ae69bd16f75 100644
--- a/packages/console/src/hooks/use-subscription-plans.ts
+++ b/packages/console/src/hooks/use-subscription-plans.ts
@@ -14,6 +14,7 @@ import { sortBy } from '@/utils/sort';
 import { addSupportQuotaToPlan } from '@/utils/subscription';
 
 /**
+ * @deprecated
  * Fetch subscription plans from the cloud API.
  * Note: If you want to retrieve subscription plans under the {@link TenantAccess} component, use `SubscriptionDataContext` instead.
  */
diff --git a/packages/console/src/hooks/use-subscription-usage.ts b/packages/console/src/hooks/use-subscription-usage.ts
index 0381ce6aebfa..728424f055b2 100644
--- a/packages/console/src/hooks/use-subscription-usage.ts
+++ b/packages/console/src/hooks/use-subscription-usage.ts
@@ -4,6 +4,7 @@ import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type SubscriptionUsage } from '@/cloud/types/router';
 import { isCloud } from '@/consts/env';
 
+/** @deprecated */
 const useSubscriptionUsage = (tenantId: string) => {
   const cloudApi = useCloudApi();
 
diff --git a/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx b/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
index cdf79f74d8fb..ee90978e266d 100644
--- a/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
@@ -8,6 +8,7 @@ import ReactModal from 'react-modal';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
@@ -16,10 +17,11 @@ import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
 import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
-import { hasReachedQuotaLimit } from '@/utils/quota';
+import { hasReachedQuotaLimit, hasReachedSubscriptionQuotaLimit } from '@/utils/quota';
 
 type Props = {
   readonly resourceId: string;
+  /** @deprecated get usage from cloud API after migrating to new pricing model */
   readonly totalResourceCount: number;
   readonly onClose: (scope?: Scope) => void;
 };
@@ -27,7 +29,12 @@ type Props = {
 type CreatePermissionFormData = Pick<CreateScope, 'name' | 'description'>;
 
 function CreatePermissionModal({ resourceId, totalResourceCount, onClose }: Props) {
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const {
+    currentPlan,
+    currentSku,
+    currentSubscriptionQuota,
+    currentSubscriptionScopeResourceUsage,
+  } = useContext(SubscriptionDataContext);
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
   const {
@@ -52,11 +59,17 @@ function CreatePermissionModal({ resourceId, totalResourceCount, onClose }: Prop
     })
   );
 
-  const isScopesPerResourceReachLimit = hasReachedQuotaLimit({
-    quotaKey: 'scopesPerResourceLimit',
-    plan: currentPlan,
-    usage: totalResourceCount,
-  });
+  const isScopesPerResourceReachLimit = isDevFeaturesEnabled
+    ? hasReachedSubscriptionQuotaLimit({
+        quotaKey: 'scopesPerResourceLimit',
+        usage: currentSubscriptionScopeResourceUsage[resourceId] ?? 0,
+        quota: currentSubscriptionQuota,
+      })
+    : hasReachedQuotaLimit({
+        quotaKey: 'scopesPerResourceLimit',
+        plan: currentPlan,
+        usage: totalResourceCount,
+      });
 
   return (
     <ReactModal
@@ -81,11 +94,14 @@ function CreatePermissionModal({ resourceId, totalResourceCount, onClose }: Prop
               <Trans
                 components={{
                   a: <ContactUsPhraseLink />,
-                  planName: <PlanName name={currentPlan.name} />,
+                  planName: <PlanName skuId={currentSku.id} name={currentPlan.name} />,
                 }}
               >
                 {t('upsell.paywall.scopes_per_resource', {
-                  count: currentPlan.quota.scopesPerResourceLimit ?? 0,
+                  count:
+                    (isDevFeaturesEnabled
+                      ? currentSubscriptionQuota.scopesPerResourceLimit
+                      : currentPlan.quota.scopesPerResourceLimit) ?? 0,
                 })}
               </Trans>
             </QuotaGuardFooter>
diff --git a/packages/console/src/pages/ApiResources/components/CreateForm/Footer.tsx b/packages/console/src/pages/ApiResources/components/CreateForm/Footer.tsx
index 3ac6a3ea8b18..fcfdc4498852 100644
--- a/packages/console/src/pages/ApiResources/components/CreateForm/Footer.tsx
+++ b/packages/console/src/pages/ApiResources/components/CreateForm/Footer.tsx
@@ -5,6 +5,7 @@ import { Trans, useTranslation } from 'react-i18next';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import useApiResourcesUsage from '@/hooks/use-api-resources-usage';
@@ -16,7 +17,11 @@ type Props = {
 
 function Footer({ isCreationLoading, onClickCreate }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const {
+    currentPlan,
+    currentSubscriptionUsage: { resourcesLimit },
+    currentSku,
+  } = useContext(SubscriptionDataContext);
   const { hasReachedLimit } = useApiResourcesUsage();
 
   if (
@@ -24,18 +29,18 @@ function Footer({ isCreationLoading, onClickCreate }: Props) {
     /**
      * We don't guard API resources quota limit for paid plan, since it's an add-on feature
      */
-    currentPlan.id === ReservedPlanId.Free
+    (isDevFeaturesEnabled ? currentSku.id : currentPlan.id) === ReservedPlanId.Free
   ) {
     return (
       <QuotaGuardFooter>
         <Trans
           components={{
             a: <ContactUsPhraseLink />,
-            planName: <PlanName name={currentPlan.name} />,
+            planName: <PlanName skuId={currentSku.id} name={currentPlan.name} />,
           }}
         >
           {t('upsell.paywall.resources', {
-            count: currentPlan.quota.resourcesLimit ?? 0,
+            count: (isDevFeaturesEnabled ? resourcesLimit : currentPlan.quota.resourcesLimit) ?? 0,
           })}
         </Trans>
       </QuotaGuardFooter>
diff --git a/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx b/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx
index 5a8fc4817de0..3d334c0b1ff5 100644
--- a/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx
+++ b/packages/console/src/pages/Applications/components/ProtectedAppForm/index.tsx
@@ -13,7 +13,7 @@ import useSWRImmutable from 'swr/immutable';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
-import { isCloud } from '@/consts/env';
+import { isDevFeaturesEnabled, isCloud } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button, { type Props as ButtonProps } from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
@@ -36,6 +36,8 @@ type Props = {
   readonly onCreateSuccess?: (createdApp: Application) => void;
 };
 
+// TODO: refactor this component to reduce complexity
+// eslint-disable-next-line complexity
 function ProtectedAppForm({
   className,
   buttonAlignment = 'right',
@@ -46,9 +48,12 @@ function ProtectedAppForm({
   onCreateSuccess,
 }: Props) {
   const { data } = useSWRImmutable<ProtectedAppsDomainConfig>(isCloud && 'api/systems/application');
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const {
+    currentPlan: { name: planName, quota },
+    currentSku,
+    currentSubscriptionQuota,
+  } = useContext(SubscriptionDataContext);
   const { hasAppsReachedLimit } = useApplicationsUsage();
-  const { name: planName, quota } = currentPlan;
   const defaultDomain = data?.protectedApps.defaultDomain ?? '';
   const { navigate } = useTenantPathname();
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
@@ -203,10 +208,15 @@ function ProtectedAppForm({
           <Trans
             components={{
               a: <ContactUsPhraseLink />,
-              planName: <PlanName name={planName} />,
+              planName: <PlanName skuId={currentSku.id} name={planName} />,
             }}
           >
-            {t('upsell.paywall.applications', { count: quota.applicationsLimit ?? 0 })}
+            {t('upsell.paywall.applications', {
+              count:
+                (isDevFeaturesEnabled
+                  ? currentSubscriptionQuota.applicationsLimit
+                  : quota.applicationsLimit) ?? 0,
+            })}
           </Trans>
         </QuotaGuardFooter>
       ) : (
diff --git a/packages/console/src/pages/CustomizeJwt/CreateButton/index.tsx b/packages/console/src/pages/CustomizeJwt/CreateButton/index.tsx
index fe95b0c5b942..5c91a51ab186 100644
--- a/packages/console/src/pages/CustomizeJwt/CreateButton/index.tsx
+++ b/packages/console/src/pages/CustomizeJwt/CreateButton/index.tsx
@@ -3,6 +3,7 @@ import { useCallback, useContext } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
@@ -19,13 +20,14 @@ function CreateButton({ tokenType }: Props) {
   const { show } = useConfirmModal();
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
-  const { currentPlan } = useContext(SubscriptionDataContext);
-  const {
-    quota: { customJwtEnabled },
-  } = currentPlan;
+  const { currentPlan, currentSubscriptionQuota } = useContext(SubscriptionDataContext);
+
+  const isCustomJwtEnabled = isDevFeaturesEnabled
+    ? currentSubscriptionQuota.customJwtEnabled
+    : currentPlan.quota.customJwtEnabled;
 
   const onCreateButtonClick = useCallback(async () => {
-    if (customJwtEnabled) {
+    if (isCustomJwtEnabled) {
       navigate(link);
       return;
     }
@@ -50,7 +52,7 @@ function CreateButton({ tokenType }: Props) {
       // Navigate to subscription page by default
       navigate('/tenant-settings/subscription');
     }
-  }, [customJwtEnabled, link, navigate, show, t]);
+  }, [isCustomJwtEnabled, link, navigate, show, t]);
 
   return (
     <Button
diff --git a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx
index aaa7e1d3917c..83e22617a8c4 100644
--- a/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx
+++ b/packages/console/src/pages/EnterpriseSso/SsoCreationModal/index.tsx
@@ -14,7 +14,7 @@ import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import Skeleton from '@/components/CreateConnectorForm/Skeleton';
 import { getConnectorRadioGroupSize } from '@/components/CreateConnectorForm/utils';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import DynamicT from '@/ds-components/DynamicT';
@@ -42,10 +42,15 @@ const duplicateConnectorNameErrorCode = 'single_sign_on.duplicate_connector_name
 
 function SsoCreationModal({ isOpen, onClose: rawOnClose }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSubscriptionQuota } = useContext(SubscriptionDataContext);
   const [selectedProviderName, setSelectedProviderName] = useState<string>();
 
-  const isSsoEnabled = !isCloud || currentPlan.quota.ssoEnabled;
+  const isSsoEnabled =
+    !isCloud ||
+    (isDevFeaturesEnabled
+      ? currentSubscriptionQuota.enterpriseSsoLimit === null ||
+        currentSubscriptionQuota.enterpriseSsoLimit > 0
+      : currentPlan.quota.ssoEnabled);
 
   const { data, error } = useSWR<SsoConnectorProvidersResponse, RequestError>(
     'api/sso-connector-providers'
diff --git a/packages/console/src/pages/Mfa/MfaForm/index.tsx b/packages/console/src/pages/Mfa/MfaForm/index.tsx
index e4b6e9e92134..d3174466d8c8 100644
--- a/packages/console/src/pages/Mfa/MfaForm/index.tsx
+++ b/packages/console/src/pages/Mfa/MfaForm/index.tsx
@@ -8,7 +8,7 @@ import DetailsForm from '@/components/DetailsForm';
 import FormCard from '@/components/FormCard';
 import InlineUpsell from '@/components/InlineUpsell';
 import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import DynamicT from '@/ds-components/DynamicT';
 import FormField from '@/ds-components/FormField';
@@ -32,8 +32,10 @@ type Props = {
 };
 
 function MfaForm({ data, onMfaUpdated }: Props) {
-  const { currentPlan } = useContext(SubscriptionDataContext);
-  const isMfaDisabled = isCloud && !currentPlan.quota.mfaEnabled;
+  const { currentPlan, currentSubscriptionQuota } = useContext(SubscriptionDataContext);
+  const isMfaDisabled =
+    isCloud &&
+    !(isDevFeaturesEnabled ? currentSubscriptionQuota.mfaEnabled : currentPlan.quota.mfaEnabled);
 
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { getDocumentationUrl } = useDocumentationUrl();
diff --git a/packages/console/src/pages/OrganizationTemplate/index.tsx b/packages/console/src/pages/OrganizationTemplate/index.tsx
index 7c5b3174ad77..5bac489e03d4 100644
--- a/packages/console/src/pages/OrganizationTemplate/index.tsx
+++ b/packages/console/src/pages/OrganizationTemplate/index.tsx
@@ -9,7 +9,7 @@ import OrganizationEmpty from '@/assets/images/organization-empty.svg?react';
 import Drawer from '@/components/Drawer';
 import PageMeta from '@/components/PageMeta';
 import { OrganizationTemplateTabs, organizationTemplateLink } from '@/consts';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { subscriptionPage } from '@/consts/pages';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
@@ -32,9 +32,13 @@ const basePathname = '/organization-template';
 function OrganizationTemplate() {
   const { getDocumentationUrl } = useDocumentationUrl();
   const [isGuideDrawerOpen, setIsGuideDrawerOpen] = useState(false);
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSubscriptionQuota } = useContext(SubscriptionDataContext);
   const { isDevTenant } = useContext(TenantsContext);
-  const isOrganizationsDisabled = isCloud && !currentPlan.quota.organizationsEnabled;
+  const isOrganizationsDisabled =
+    isCloud &&
+    !(isDevFeaturesEnabled
+      ? currentSubscriptionQuota.organizationsEnabled
+      : currentPlan.quota.organizationsEnabled);
   const { navigate } = useTenantPathname();
 
   const handleUpgradePlan = useCallback(() => {
diff --git a/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx b/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx
index 52870cc010e5..99e323122c29 100644
--- a/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx
+++ b/packages/console/src/pages/Organizations/CreateOrganizationModal/index.tsx
@@ -6,7 +6,7 @@ import ReactModal from 'react-modal';
 
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
@@ -24,8 +24,12 @@ type Props = {
 function CreateOrganizationModal({ isOpen, onClose }: Props) {
   const api = useApi();
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
-  const isOrganizationsDisabled = isCloud && !currentPlan.quota.organizationsEnabled;
+  const { currentPlan, currentSubscriptionQuota } = useContext(SubscriptionDataContext);
+  const isOrganizationsDisabled =
+    isCloud &&
+    !(isDevFeaturesEnabled
+      ? currentSubscriptionQuota.organizationsEnabled
+      : currentPlan.quota.organizationsEnabled);
 
   const {
     reset,
diff --git a/packages/console/src/pages/Organizations/index.tsx b/packages/console/src/pages/Organizations/index.tsx
index e33508aef47c..9cba9b3c52e8 100644
--- a/packages/console/src/pages/Organizations/index.tsx
+++ b/packages/console/src/pages/Organizations/index.tsx
@@ -5,7 +5,7 @@ import { useCallback, useContext, useState } from 'react';
 import Plus from '@/assets/icons/plus.svg?react';
 import PageMeta from '@/components/PageMeta';
 import { organizationsFeatureLink } from '@/consts';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { subscriptionPage } from '@/consts/pages';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
@@ -25,13 +25,17 @@ const organizationsPathname = '/organizations';
 
 function Organizations() {
   const { getDocumentationUrl } = useDocumentationUrl();
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSubscriptionQuota } = useContext(SubscriptionDataContext);
   const { isDevTenant } = useContext(TenantsContext);
 
   const { navigate } = useTenantPathname();
   const [isCreating, setIsCreating] = useState(false);
 
-  const isOrganizationsDisabled = isCloud && !currentPlan.quota.organizationsEnabled;
+  const isOrganizationsDisabled =
+    isCloud &&
+    !(isDevFeaturesEnabled
+      ? currentSubscriptionQuota.organizationsEnabled
+      : currentPlan.quota.organizationsEnabled);
 
   const upgradePlan = useCallback(() => {
     navigate(subscriptionPage);
diff --git a/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx b/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx
index 9f7e85f148fe..82d3be01c8b4 100644
--- a/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx
+++ b/packages/console/src/pages/RoleDetails/RolePermissions/components/AssignPermissionsModal/index.tsx
@@ -8,24 +8,27 @@ import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
 import RoleScopesTransfer from '@/components/RoleScopesTransfer';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useApi from '@/hooks/use-api';
 import modalStyles from '@/scss/modal.module.scss';
-import { hasSurpassedQuotaLimit } from '@/utils/quota';
+import { hasSurpassedQuotaLimit, hasSurpassedSubscriptionQuotaLimit } from '@/utils/quota';
 
 type Props = {
   readonly roleId: string;
   readonly roleType: RoleType;
+  /** @deprecated get usage from cloud API after migrating to new pricing model */
   readonly totalRoleScopeCount: number;
   readonly onClose: (success?: boolean) => void;
 };
 
 function AssignPermissionsModal({ roleId, roleType, totalRoleScopeCount, onClose }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku, currentSubscriptionScopeRoleUsage, currentSubscriptionQuota } =
+    useContext(SubscriptionDataContext);
   const [isSubmitting, setIsSubmitting] = useState(false);
   const [scopes, setScopes] = useState<ScopeResponse[]>([]);
 
@@ -49,11 +52,17 @@ function AssignPermissionsModal({ roleId, roleType, totalRoleScopeCount, onClose
     }
   };
 
-  const shouldBlockScopeAssignment = hasSurpassedQuotaLimit({
-    quotaKey: 'scopesPerRoleLimit',
-    plan: currentPlan,
-    usage: totalRoleScopeCount + scopes.length,
-  });
+  const shouldBlockScopeAssignment = isDevFeaturesEnabled
+    ? hasSurpassedSubscriptionQuotaLimit({
+        quotaKey: 'scopesPerRoleLimit',
+        usage: (currentSubscriptionScopeRoleUsage[roleId] ?? 0) + scopes.length,
+        quota: currentSubscriptionQuota,
+      })
+    : hasSurpassedQuotaLimit({
+        quotaKey: 'scopesPerRoleLimit',
+        plan: currentPlan,
+        usage: totalRoleScopeCount + scopes.length,
+      });
 
   return (
     <ReactModal
@@ -79,11 +88,14 @@ function AssignPermissionsModal({ roleId, roleType, totalRoleScopeCount, onClose
               <Trans
                 components={{
                   a: <ContactUsPhraseLink />,
-                  planName: <PlanName name={currentPlan.name} />,
+                  planName: <PlanName skuId={currentSku.id} name={currentPlan.name} />,
                 }}
               >
                 {t('upsell.paywall.scopes_per_role', {
-                  count: currentPlan.quota.scopesPerRoleLimit ?? 0,
+                  count:
+                    (isDevFeaturesEnabled
+                      ? currentSubscriptionQuota.scopesPerRoleLimit
+                      : currentPlan.quota.scopesPerRoleLimit) ?? 0,
                 })}
               </Trans>
             </QuotaGuardFooter>
diff --git a/packages/console/src/pages/Roles/components/CreateRoleForm/Footer.tsx b/packages/console/src/pages/Roles/components/CreateRoleForm/Footer.tsx
index caa854fa8948..db85cf193c4a 100644
--- a/packages/console/src/pages/Roles/components/CreateRoleForm/Footer.tsx
+++ b/packages/console/src/pages/Roles/components/CreateRoleForm/Footer.tsx
@@ -6,10 +6,15 @@ import useSWR from 'swr';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
-import { hasReachedQuotaLimit, hasSurpassedQuotaLimit } from '@/utils/quota';
+import {
+  hasReachedQuotaLimit,
+  hasReachedSubscriptionQuotaLimit,
+  hasSurpassedQuotaLimit,
+  hasSurpassedSubscriptionQuotaLimit,
+} from '@/utils/quota';
 import { buildUrl } from '@/utils/url';
 
 type Props = {
@@ -21,7 +26,8 @@ type Props = {
 
 function Footer({ roleType, selectedScopesCount, isCreating, onClickCreate }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku, currentSubscriptionQuota, currentSubscriptionUsage } =
+    useContext(SubscriptionDataContext);
 
   const { data: [, roleCount] = [] } = useSWR<[RoleResponse[], number]>(
     isCloud &&
@@ -32,17 +38,32 @@ function Footer({ roleType, selectedScopesCount, isCreating, onClickCreate }: Pr
       })
   );
 
-  const hasRoleReachedLimit = hasReachedQuotaLimit({
-    quotaKey: roleType === RoleType.User ? 'rolesLimit' : 'machineToMachineRolesLimit',
-    plan: currentPlan,
-    usage: roleCount ?? 0,
-  });
+  const hasRoleReachedLimit = isDevFeaturesEnabled
+    ? hasReachedSubscriptionQuotaLimit({
+        quotaKey: roleType === RoleType.User ? 'userRolesLimit' : 'machineToMachineRolesLimit',
+        usage:
+          roleType === RoleType.User
+            ? currentSubscriptionUsage.userRolesLimit
+            : currentSubscriptionUsage.machineToMachineRolesLimit,
+        quota: currentSubscriptionQuota,
+      })
+    : hasReachedQuotaLimit({
+        quotaKey: roleType === RoleType.User ? 'rolesLimit' : 'machineToMachineRolesLimit',
+        plan: currentPlan,
+        usage: roleCount ?? 0,
+      });
 
-  const hasScopesPerRoleSurpassedLimit = hasSurpassedQuotaLimit({
-    quotaKey: 'scopesPerRoleLimit',
-    plan: currentPlan,
-    usage: selectedScopesCount,
-  });
+  const hasScopesPerRoleSurpassedLimit = isDevFeaturesEnabled
+    ? hasSurpassedSubscriptionQuotaLimit({
+        quotaKey: 'scopesPerRoleLimit',
+        usage: currentSubscriptionUsage.scopesPerRoleLimit,
+        quota: currentSubscriptionQuota,
+      })
+    : hasSurpassedQuotaLimit({
+        quotaKey: 'scopesPerRoleLimit',
+        plan: currentPlan,
+        usage: selectedScopesCount,
+      });
 
   if (hasRoleReachedLimit || hasScopesPerRoleSurpassedLimit) {
     return (
@@ -50,7 +71,7 @@ function Footer({ roleType, selectedScopesCount, isCreating, onClickCreate }: Pr
         <Trans
           components={{
             a: <ContactUsPhraseLink />,
-            planName: <PlanName name={currentPlan.name} />,
+            planName: <PlanName skuId={currentSku.id} name={currentPlan.name} />,
           }}
         >
           {/* User roles limit paywall */}
diff --git a/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/MauLimitExceededNotification/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/MauLimitExceededNotification/index.tsx
index 9211ae1d9a84..722b2584467b 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/MauLimitExceededNotification/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/MauLimitExceededNotification/index.tsx
@@ -2,6 +2,7 @@ import { ReservedPlanId } from '@logto/schemas';
 import { useContext, useMemo, useState } from 'react';
 
 import { toastResponseError } from '@/cloud/hooks/use-cloud-api';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { subscriptionPage } from '@/consts/pages';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
@@ -9,12 +10,19 @@ import DynamicT from '@/ds-components/DynamicT';
 import InlineNotification from '@/ds-components/InlineNotification';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 import useSubscribe from '@/hooks/use-subscribe';
-import NotEligibleSwitchPlanModalContent from '@/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent';
+import NotEligibleSwitchPlanModalContent, {
+  NotEligibleSwitchSkuModalContent,
+} from '@/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent';
 import { type SubscriptionPlan } from '@/types/subscriptions';
-import { parseExceededQuotaLimitError } from '@/utils/subscription';
+import {
+  parseExceededQuotaLimitError,
+  parseExceededSkuQuotaLimitError,
+} from '@/utils/subscription';
 
 type Props = {
+  /** @deprecated No need to pass in this argument in new pricing model */
   readonly activeUsers: number;
+  /** @deprecated No need to pass in this argument in new pricing model */
   readonly currentPlan: SubscriptionPlan;
   readonly className?: string;
 };
@@ -23,22 +31,30 @@ function MauLimitExceededNotification({ activeUsers, currentPlan, className }: P
   const { currentTenantId } = useContext(TenantsContext);
   const { subscribe } = useSubscribe();
   const { show } = useConfirmModal();
-  const { subscriptionPlans } = useContext(SubscriptionDataContext);
+  const { subscriptionPlans, logtoSkus, currentSubscriptionQuota, currentSubscriptionUsage } =
+    useContext(SubscriptionDataContext);
 
   const [isLoading, setIsLoading] = useState(false);
   const proPlan = useMemo(
     () => subscriptionPlans.find(({ id }) => id === ReservedPlanId.Pro),
     [subscriptionPlans]
   );
+  const proSku = useMemo(() => logtoSkus.find(({ id }) => id === ReservedPlanId.Pro), [logtoSkus]);
 
   const {
-    quota: { mauLimit },
+    quota: { mauLimit: oldPricingModelMauLimit },
   } = currentPlan;
 
+  // Should be safe to access `mauLimit` here since we have excluded the case where `isDevFeaturesEnabled` is `true` but `currentSubscriptionQuota` is `null` in the above condition.
+  const mauLimit = isDevFeaturesEnabled
+    ? currentSubscriptionQuota.mauLimit
+    : oldPricingModelMauLimit;
+
   if (
     mauLimit === null || // Unlimited
-    activeUsers < mauLimit ||
-    !proPlan
+    (isDevFeaturesEnabled ? currentSubscriptionUsage.mauLimit : activeUsers) < mauLimit ||
+    !proPlan ||
+    !proSku
   ) {
     return null;
   }
@@ -53,6 +69,7 @@ function MauLimitExceededNotification({ activeUsers, currentPlan, className }: P
         try {
           setIsLoading(true);
           await subscribe({
+            skuId: proSku.id,
             planId: proPlan.id,
             tenantId: currentTenantId,
             callbackPage: subscriptionPage,
@@ -60,6 +77,27 @@ function MauLimitExceededNotification({ activeUsers, currentPlan, className }: P
           setIsLoading(false);
         } catch (error: unknown) {
           setIsLoading(false);
+
+          if (isDevFeaturesEnabled) {
+            const [result, exceededSkuQuotaKeys] = await parseExceededSkuQuotaLimitError(error);
+
+            if (result) {
+              await show({
+                ModalContent: () => (
+                  <NotEligibleSwitchSkuModalContent
+                    targetSku={proSku}
+                    exceededSkuQuotaKeys={exceededSkuQuotaKeys}
+                  />
+                ),
+                title: 'subscription.not_eligible_modal.upgrade_title',
+                confirmButtonText: 'general.got_it',
+                confirmButtonType: 'primary',
+                isCancelButtonVisible: false,
+              });
+              return;
+            }
+          }
+
           const [result, exceededQuotaKeys] = await parseExceededQuotaLimitError(error);
 
           if (result) {
diff --git a/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx
index cda09e151e64..d24dc0bbc5c9 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/CurrentPlan/index.tsx
@@ -1,4 +1,5 @@
 import { cond } from '@silverhand/essentials';
+import { useContext } from 'react';
 
 import { type SubscriptionUsage, type Subscription } from '@/cloud/types/router';
 import BillInfo from '@/components/BillInfo';
@@ -7,41 +8,54 @@ import FormCard from '@/components/FormCard';
 import PlanDescription from '@/components/PlanDescription';
 import PlanName from '@/components/PlanName';
 import PlanUsage from '@/components/PlanUsage';
+import { isDevFeaturesEnabled } from '@/consts/env';
+import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import FormField from '@/ds-components/FormField';
 import { type SubscriptionPlan } from '@/types/subscriptions';
-import { hasSurpassedQuotaLimit } from '@/utils/quota';
+import { hasSurpassedQuotaLimit, hasSurpassedSubscriptionQuotaLimit } from '@/utils/quota';
 
 import MauLimitExceedNotification from './MauLimitExceededNotification';
 import PaymentOverdueNotification from './PaymentOverdueNotification';
 import styles from './index.module.scss';
 
 type Props = {
+  /** @deprecated */
   readonly subscription: Subscription;
+  /** @deprecated */
   readonly subscriptionPlan: SubscriptionPlan;
+  /** @deprecated */
   readonly subscriptionUsage: SubscriptionUsage;
 };
 
 function CurrentPlan({ subscription, subscriptionPlan, subscriptionUsage }: Props) {
+  const { currentSku, currentSubscriptionUsage, currentSubscriptionQuota } =
+    useContext(SubscriptionDataContext);
   const {
     id,
     name,
     quota: { tokenLimit },
   } = subscriptionPlan;
 
-  const hasTokenSurpassedLimit = hasSurpassedQuotaLimit({
-    quotaKey: 'tokenLimit',
-    usage: subscriptionUsage.tokenUsage,
-    plan: subscriptionPlan,
-  });
+  const hasTokenSurpassedLimit = isDevFeaturesEnabled
+    ? hasSurpassedSubscriptionQuotaLimit({
+        quotaKey: 'tokenLimit',
+        usage: currentSubscriptionUsage.tokenLimit,
+        quota: currentSubscriptionQuota,
+      })
+    : hasSurpassedQuotaLimit({
+        quotaKey: 'tokenLimit',
+        usage: subscriptionUsage.tokenUsage,
+        plan: subscriptionPlan,
+      });
 
   return (
     <FormCard title="subscription.current_plan" description="subscription.current_plan_description">
       <div className={styles.planInfo}>
         <div className={styles.name}>
-          <PlanName name={name} />
+          <PlanName skuId={currentSku.id} name={name} />
         </div>
         <div className={styles.description}>
-          <PlanDescription planId={id} />
+          <PlanDescription skuId={currentSku.id} planId={id} />
         </div>
       </div>
       <FormField title="subscription.plan_usage">
@@ -52,6 +66,7 @@ function CurrentPlan({ subscription, subscriptionPlan, subscriptionUsage }: Prop
         />
       </FormField>
       <FormField title="subscription.next_bill">
+        {/* TODO: update the value once https://github.com/logto-io/cloud/pull/830 is merged. */}
         <BillInfo
           cost={subscriptionUsage.cost}
           isManagePaymentVisible={Boolean(subscriptionUsage.cost)}
@@ -67,7 +82,13 @@ function CurrentPlan({ subscription, subscriptionPlan, subscriptionUsage }: Prop
         quotaItemPhraseKey="tokens"
         checkedFlagKey="token"
         className={styles.notification}
-        quotaLimit={cond(typeof tokenLimit === 'number' && tokenLimit)}
+        quotaLimit={
+          cond(
+            isDevFeaturesEnabled &&
+              typeof currentSubscriptionQuota.tokenLimit === 'number' &&
+              currentSubscriptionQuota.tokenLimit
+          ) ?? cond(typeof tokenLimit === 'number' && tokenLimit)
+        }
       />
       <PaymentOverdueNotification className={styles.notification} />
     </FormCard>
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/SkuQuotaItemPhrase.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/SkuQuotaItemPhrase.tsx
new file mode 100644
index 000000000000..b25f075ed667
--- /dev/null
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/SkuQuotaItemPhrase.tsx
@@ -0,0 +1,43 @@
+import { cond } from '@silverhand/essentials';
+
+import {
+  skuQuotaItemUnlimitedPhrasesMap,
+  skuQuotaItemPhrasesMap,
+  skuQuotaItemLimitedPhrasesMap,
+} from '@/consts/quota-item-phrases';
+import DynamicT from '@/ds-components/DynamicT';
+import { type LogtoSkuQuota } from '@/types/skus';
+
+const quotaItemPhraseKeyPrefix = 'subscription.quota_item';
+
+type Props = {
+  readonly skuQuotaKey: keyof LogtoSkuQuota;
+  readonly skuQuotaValue: LogtoSkuQuota[keyof LogtoSkuQuota];
+};
+
+function SkuQuotaItemPhrase({ skuQuotaKey, skuQuotaValue }: Props) {
+  const isUnlimited = skuQuotaValue === null;
+  const isNotCapable = skuQuotaValue === 0 || skuQuotaValue === false;
+  const isLimited = Boolean(skuQuotaValue);
+
+  const phraseKey =
+    cond(isUnlimited && skuQuotaItemUnlimitedPhrasesMap[skuQuotaKey]) ??
+    cond(isNotCapable && skuQuotaItemPhrasesMap[skuQuotaKey]) ??
+    cond(isLimited && skuQuotaItemLimitedPhrasesMap[skuQuotaKey]);
+
+  if (!phraseKey) {
+    // Should not happen
+    return null;
+  }
+
+  return (
+    <DynamicT
+      forKey={`${quotaItemPhraseKeyPrefix}.${phraseKey}`}
+      interpolation={cond(
+        isLimited && typeof skuQuotaValue === 'number' && { count: skuQuotaValue }
+      )}
+    />
+  );
+}
+
+export default SkuQuotaItemPhrase;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx
index a499d70158d5..6fe89a0d9268 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/DiffQuotaItem/index.tsx
@@ -3,9 +3,11 @@ import classNames from 'classnames';
 
 import DescendArrow from '@/assets/icons/descend-arrow.svg?react';
 import Failed from '@/assets/icons/failed.svg?react';
+import { type LogtoSkuQuota } from '@/types/skus';
 import { type SubscriptionPlanQuota } from '@/types/subscriptions';
 
 import QuotaItemPhrase from './QuotaItemPhrase';
+import SkuQuotaItemPhrase from './SkuQuotaItemPhrase';
 import styles from './index.module.scss';
 
 type Props = {
@@ -14,6 +16,7 @@ type Props = {
   readonly hasStatusIcon?: boolean;
 };
 
+/** @deprecated */
 function DiffQuotaItem({ quotaKey, quotaValue, hasStatusIcon }: Props) {
   const isNotCapable = quotaValue === 0 || quotaValue === false;
   const DowngradeStatusIcon = isNotCapable ? Failed : DescendArrow;
@@ -40,4 +43,40 @@ function DiffQuotaItem({ quotaKey, quotaValue, hasStatusIcon }: Props) {
   );
 }
 
+type DiffSkuQuotaItemProps = {
+  readonly quotaKey: keyof LogtoSkuQuota;
+  readonly quotaValue: LogtoSkuQuota[keyof LogtoSkuQuota];
+  readonly hasStatusIcon?: boolean;
+};
+
+/**
+ * Almost copy/paste from the implementation above, but with different types and constants to fit the use cases of new pricing model.
+ * Old one will be deprecated soon.
+ */
+export function DiffSkuQuotaItem({ quotaKey, quotaValue, hasStatusIcon }: DiffSkuQuotaItemProps) {
+  const isNotCapable = quotaValue === 0 || quotaValue === false;
+  const DowngradeStatusIcon = isNotCapable ? Failed : DescendArrow;
+
+  return (
+    <li className={classNames(styles.quotaListItem, hasStatusIcon && styles.withIcon)}>
+      {/**
+       * Add a `span` as a wrapper to apply the flex layout to the content.
+       * If we apply the flex layout to the `li` directly, the `li` circle bullet will disappear.
+       */}
+      <span className={styles.content}>
+        {cond(
+          hasStatusIcon && (
+            <DowngradeStatusIcon
+              className={classNames(styles.icon, isNotCapable && styles.notCapable)}
+            />
+          )
+        )}
+        <span className={cond(isNotCapable && styles.lineThrough)}>
+          <SkuQuotaItemPhrase skuQuotaKey={quotaKey} skuQuotaValue={quotaValue} />
+        </span>
+      </span>
+    </li>
+  );
+}
+
 export default DiffQuotaItem;
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx
index 2112587c642e..86b5809b86fe 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/PlanQuotaList/index.tsx
@@ -1,27 +1,39 @@
 import classNames from 'classnames';
 
+import { isDevFeaturesEnabled } from '@/consts/env';
+import { type LogtoSkuQuotaEntries } from '@/types/skus';
 import { type SubscriptionPlanQuotaEntries } from '@/types/subscriptions';
 
-import DiffQuotaItem from './DiffQuotaItem';
+import DiffQuotaItem, { DiffSkuQuotaItem } from './DiffQuotaItem';
 import styles from './index.module.scss';
 
 type Props = {
   readonly entries: SubscriptionPlanQuotaEntries;
+  readonly skuQuotaEntries: LogtoSkuQuotaEntries;
   readonly isDowngradeTargetPlan: boolean;
   readonly className?: string;
 };
 
-function PlanQuotaList({ entries, isDowngradeTargetPlan, className }: Props) {
+function PlanQuotaList({ entries, skuQuotaEntries, isDowngradeTargetPlan, className }: Props) {
   return (
     <ul className={classNames(styles.planQuotaList, className)}>
-      {entries.map(([quotaKey, quotaValue]) => (
-        <DiffQuotaItem
-          key={quotaKey}
-          quotaKey={quotaKey}
-          quotaValue={quotaValue}
-          hasStatusIcon={isDowngradeTargetPlan}
-        />
-      ))}
+      {isDevFeaturesEnabled
+        ? skuQuotaEntries.map(([quotaKey, quotaValue]) => (
+            <DiffSkuQuotaItem
+              key={quotaKey}
+              quotaKey={quotaKey}
+              quotaValue={quotaValue}
+              hasStatusIcon={isDowngradeTargetPlan}
+            />
+          ))
+        : entries.map(([quotaKey, quotaValue]) => (
+            <DiffQuotaItem
+              key={quotaKey}
+              quotaKey={quotaKey}
+              quotaValue={quotaValue}
+              hasStatusIcon={isDowngradeTargetPlan}
+            />
+          ))}
     </ul>
   );
 }
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx
index 9cac99cede15..663c306c06d9 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/PlanQuotaDiffCard/index.tsx
@@ -2,8 +2,9 @@ import { useMemo } from 'react';
 import { Trans } from 'react-i18next';
 
 import PlanName from '@/components/PlanName';
-import { planQuotaItemOrder } from '@/consts/plan-quotas';
+import { planQuotaItemOrder, skuQuotaItemOrder } from '@/consts/plan-quotas';
 import DynamicT from '@/ds-components/DynamicT';
+import { type LogtoSkuQuota, type LogtoSkuQuotaEntries } from '@/types/skus';
 import {
   type SubscriptionPlanQuotaEntries,
   type SubscriptionPlanQuota,
@@ -16,10 +17,16 @@ import styles from './index.module.scss';
 type Props = {
   readonly planName: string;
   readonly quotaDiff: Partial<SubscriptionPlanQuota>;
+  readonly skuQuotaDiff: Partial<LogtoSkuQuota>;
   readonly isDowngradeTargetPlan?: boolean;
 };
 
-function PlanQuotaDiffCard({ planName, quotaDiff, isDowngradeTargetPlan = false }: Props) {
+function PlanQuotaDiffCard({
+  planName,
+  quotaDiff,
+  skuQuotaDiff,
+  isDowngradeTargetPlan = false,
+}: Props) {
   // eslint-disable-next-line no-restricted-syntax
   const sortedEntries = useMemo(
     () =>
@@ -30,6 +37,16 @@ function PlanQuotaDiffCard({ planName, quotaDiff, isDowngradeTargetPlan = false
         ),
     [quotaDiff]
   ) as SubscriptionPlanQuotaEntries;
+  // eslint-disable-next-line no-restricted-syntax
+  const sortedSkuQuotaEntries = useMemo(
+    () =>
+      Object.entries(skuQuotaDiff)
+        .slice()
+        .sort(([preQuotaKey], [nextQuotaKey]) =>
+          sortBy(skuQuotaItemOrder)(preQuotaKey, nextQuotaKey)
+        ),
+    [skuQuotaDiff]
+  ) as LogtoSkuQuotaEntries;
 
   return (
     <div className={styles.container}>
@@ -44,7 +61,11 @@ function PlanQuotaDiffCard({ planName, quotaDiff, isDowngradeTargetPlan = false
           />
         </Trans>
       </div>
-      <PlanQuotaList entries={sortedEntries} isDowngradeTargetPlan={isDowngradeTargetPlan} />
+      <PlanQuotaList
+        entries={sortedEntries}
+        skuQuotaEntries={sortedSkuQuotaEntries}
+        isDowngradeTargetPlan={isDowngradeTargetPlan}
+      />
     </div>
   );
 }
diff --git a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx
index 4c374ef76d54..352c13799a4c 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/DowngradeConfirmModalContent/index.tsx
@@ -2,8 +2,10 @@ import { diff } from 'deep-object-diff';
 import { useMemo } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
+import { type LogtoSkuResponse } from '@/cloud/types/router';
 import PlanName from '@/components/PlanName';
-import { comingSoonQuotaKeys } from '@/consts/plan-quotas';
+import { comingSoonQuotaKeys, comingSoonSkuQuotaKeys } from '@/consts/plan-quotas';
+import { type LogtoSkuQuota, type LogtoSkuQuotaEntries } from '@/types/skus';
 import {
   type SubscriptionPlanQuota,
   type SubscriptionPlan,
@@ -16,6 +18,8 @@ import styles from './index.module.scss';
 type Props = {
   readonly currentPlan: SubscriptionPlan;
   readonly targetPlan: SubscriptionPlan;
+  readonly currentSku: LogtoSkuResponse;
+  readonly targetSku: LogtoSkuResponse;
 };
 
 const excludeComingSoonFeatures = (
@@ -26,7 +30,15 @@ const excludeComingSoonFeatures = (
   return Object.fromEntries(entries.filter(([key]) => !comingSoonQuotaKeys.includes(key)));
 };
 
-function DowngradeConfirmModalContent({ currentPlan, targetPlan }: Props) {
+const excludeSkuComingSoonFeatures = (
+  quotaDiff: Partial<LogtoSkuQuota>
+): Partial<LogtoSkuQuota> => {
+  // eslint-disable-next-line no-restricted-syntax
+  const entries = Object.entries(quotaDiff) as LogtoSkuQuotaEntries;
+  return Object.fromEntries(entries.filter(([key]) => !comingSoonSkuQuotaKeys.includes(key)));
+};
+
+function DowngradeConfirmModalContent({ currentPlan, targetPlan, currentSku, targetSku }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
   const { quota: currentQuota, name: currentPlanName } = currentPlan;
@@ -38,29 +50,44 @@ function DowngradeConfirmModalContent({ currentPlan, targetPlan }: Props) {
     [currentQuota, targetQuota]
   );
 
+  const currentSkuQuotaDiff = useMemo(
+    () => excludeSkuComingSoonFeatures(diff(targetSku.quota, currentSku.quota)),
+    [targetSku.quota, currentSku.quota]
+  );
+
   const targetQuotaDiff = useMemo(
     () => excludeComingSoonFeatures(diff(currentQuota, targetQuota)),
     [currentQuota, targetQuota]
   );
 
+  const targetSkuQuotaDiff = useMemo(
+    () => excludeSkuComingSoonFeatures(diff(currentSku.quota, targetSku.quota)),
+    [targetSku.quota, currentSku.quota]
+  );
+
   return (
     <div className={styles.container}>
       <div className={styles.description}>
         <Trans
           components={{
-            targetName: <PlanName name={targetPlanName} />,
-            currentName: <PlanName name={currentPlanName} />,
+            targetName: <PlanName skuId={targetSku.id} name={targetPlanName} />,
+            currentName: <PlanName skuId={currentSku.id} name={currentPlanName} />,
           }}
         >
           {t('subscription.downgrade_modal.description')}
         </Trans>
       </div>
       <div className={styles.content}>
-        <PlanQuotaDiffCard planName={currentPlanName} quotaDiff={currentQuotaDiff} />
+        <PlanQuotaDiffCard
+          planName={currentPlanName}
+          quotaDiff={currentQuotaDiff}
+          skuQuotaDiff={currentSkuQuotaDiff}
+        />
         <PlanQuotaDiffCard
           isDowngradeTargetPlan
           planName={targetPlanName}
           quotaDiff={targetQuotaDiff}
+          skuQuotaDiff={targetSkuQuotaDiff}
         />
       </div>
     </div>
diff --git a/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx
index 6a2f5c52085d..c49f47d07f25 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/SwitchPlanActionBar/index.tsx
@@ -4,17 +4,25 @@ import { toast } from 'react-hot-toast';
 import { Trans, useTranslation } from 'react-i18next';
 
 import { toastResponseError } from '@/cloud/hooks/use-cloud-api';
+import { type LogtoSkuResponse } from '@/cloud/types/router';
 import PlanName from '@/components/PlanName';
 import { contactEmailLink } from '@/consts';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { subscriptionPage } from '@/consts/pages';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
 import Spacer from '@/ds-components/Spacer';
 import { useConfirmModal } from '@/hooks/use-confirm-modal';
 import useSubscribe from '@/hooks/use-subscribe';
-import NotEligibleSwitchPlanModalContent from '@/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent';
+import NotEligibleSwitchPlanModalContent, {
+  NotEligibleSwitchSkuModalContent,
+} from '@/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent';
 import { type SubscriptionPlan } from '@/types/subscriptions';
-import { isDowngradePlan, parseExceededQuotaLimitError } from '@/utils/subscription';
+import {
+  isDowngradePlan,
+  parseExceededQuotaLimitError,
+  parseExceededSkuQuotaLimitError,
+} from '@/utils/subscription';
 
 import DowngradeConfirmModalContent from '../DowngradeConfirmModalContent';
 
@@ -23,6 +31,8 @@ import styles from './index.module.scss';
 type Props = {
   readonly currentSubscriptionPlanId: string;
   readonly subscriptionPlans: SubscriptionPlan[];
+  readonly currentSkuId: string;
+  readonly logtoSkus: LogtoSkuResponse[];
   readonly onSubscriptionUpdated: () => Promise<void>;
 };
 
@@ -30,6 +40,8 @@ function SwitchPlanActionBar({
   currentSubscriptionPlanId,
   subscriptionPlans,
   onSubscriptionUpdated,
+  currentSkuId,
+  logtoSkus,
 }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.subscription' });
   const { currentTenantId } = useContext(TenantsContext);
@@ -37,6 +49,7 @@ function SwitchPlanActionBar({
   const { show } = useConfirmModal();
   const [currentLoadingPlanId, setCurrentLoadingPlanId] = useState<string>();
 
+  // TODO: rename `targetPlanId` to be `targetSkuId`
   const handleSubscribe = async (targetPlanId: string, isDowngrade: boolean) => {
     if (currentLoadingPlanId) {
       return;
@@ -44,14 +57,23 @@ function SwitchPlanActionBar({
 
     const currentPlan = subscriptionPlans.find(({ id }) => id === currentSubscriptionPlanId);
     const targetPlan = subscriptionPlans.find(({ id }) => id === targetPlanId);
-    if (!currentPlan || !targetPlan) {
+
+    const currentSku = logtoSkus.find(({ id }) => id === currentSkuId);
+    const targetSku = logtoSkus.find(({ id }) => id === targetPlanId);
+
+    if (!currentPlan || !targetPlan || !currentSku || !targetSku) {
       return;
     }
 
     if (isDowngrade) {
       const [result] = await show({
         ModalContent: () => (
-          <DowngradeConfirmModalContent currentPlan={currentPlan} targetPlan={targetPlan} />
+          <DowngradeConfirmModalContent
+            currentPlan={currentPlan}
+            targetPlan={targetPlan}
+            currentSku={currentSku}
+            targetSku={targetSku}
+          />
         ),
         title: 'subscription.downgrade_modal.title',
         confirmButtonText: 'subscription.downgrade_modal.downgrade',
@@ -69,7 +91,7 @@ function SwitchPlanActionBar({
         await cancelSubscription(currentTenantId);
         await onSubscriptionUpdated();
         toast.success(
-          <Trans components={{ name: <PlanName name={targetPlan.name} /> }}>
+          <Trans components={{ name: <PlanName skuId={targetSku.id} name={targetPlan.name} /> }}>
             {t('downgrade_success')}
           </Trans>
         );
@@ -79,12 +101,37 @@ function SwitchPlanActionBar({
 
       await subscribe({
         tenantId: currentTenantId,
+        skuId: targetSku.id,
         planId: targetPlanId,
         isDowngrade,
         callbackPage: subscriptionPage,
       });
     } catch (error: unknown) {
       setCurrentLoadingPlanId(undefined);
+
+      if (isDevFeaturesEnabled) {
+        const [result, exceededSkuQuotaKeys] = await parseExceededSkuQuotaLimitError(error);
+
+        if (result) {
+          await show({
+            ModalContent: () => (
+              <NotEligibleSwitchSkuModalContent
+                targetSku={targetSku}
+                isDowngrade={isDowngrade}
+                exceededSkuQuotaKeys={exceededSkuQuotaKeys}
+              />
+            ),
+            title: isDowngrade
+              ? 'subscription.not_eligible_modal.downgrade_title'
+              : 'subscription.not_eligible_modal.upgrade_title',
+            confirmButtonText: 'general.got_it',
+            confirmButtonType: 'primary',
+            isCancelButtonVisible: false,
+          });
+          return;
+        }
+      }
+
       const [result, exceededQuotaKeys] = await parseExceededQuotaLimitError(error);
 
       if (result) {
@@ -115,30 +162,56 @@ function SwitchPlanActionBar({
   return (
     <div className={styles.container}>
       <Spacer />
-      {subscriptionPlans.map(({ id: planId }) => {
-        const isCurrentPlan = currentSubscriptionPlanId === planId;
-        const isDowngrade = isDowngradePlan(currentSubscriptionPlanId, planId);
-
-        return (
-          <div key={planId}>
-            <Button
-              title={
-                isCurrentPlan
-                  ? 'subscription.current'
-                  : isDowngrade
-                  ? 'subscription.downgrade'
-                  : 'subscription.upgrade'
-              }
-              type={isDowngrade ? 'default' : 'primary'}
-              disabled={isCurrentPlan}
-              isLoading={!isCurrentPlan && currentLoadingPlanId === planId}
-              onClick={() => {
-                void handleSubscribe(planId, isDowngrade);
-              }}
-            />
-          </div>
-        );
-      })}
+      {isDevFeaturesEnabled
+        ? logtoSkus.map(({ id: skuId }) => {
+            const isCurrentSku = currentSkuId === skuId;
+            const isDowngrade = isDowngradePlan(currentSkuId, skuId);
+
+            return (
+              <div key={skuId}>
+                <Button
+                  title={
+                    isCurrentSku
+                      ? 'subscription.current'
+                      : isDowngrade
+                      ? 'subscription.downgrade'
+                      : 'subscription.upgrade'
+                  }
+                  type={isDowngrade ? 'default' : 'primary'}
+                  disabled={isCurrentSku}
+                  isLoading={!isCurrentSku && currentLoadingPlanId === skuId}
+                  onClick={() => {
+                    void handleSubscribe(skuId, isDowngrade);
+                  }}
+                />
+              </div>
+            );
+          })
+        : // TODO remove this branch once new pricing model is ready.
+          subscriptionPlans.map(({ id: planId }) => {
+            const isCurrentPlan = currentSubscriptionPlanId === planId;
+            const isDowngrade = isDowngradePlan(currentSubscriptionPlanId, planId);
+
+            return (
+              <div key={planId}>
+                <Button
+                  title={
+                    isCurrentPlan
+                      ? 'subscription.current'
+                      : isDowngrade
+                      ? 'subscription.downgrade'
+                      : 'subscription.upgrade'
+                  }
+                  type={isDowngrade ? 'default' : 'primary'}
+                  disabled={isCurrentPlan}
+                  isLoading={!isCurrentPlan && currentLoadingPlanId === planId}
+                  onClick={() => {
+                    void handleSubscribe(planId, isDowngrade);
+                  }}
+                />
+              </div>
+            );
+          })}
       <div>
         <a href={contactEmailLink} className={styles.buttonLink} rel="noopener">
           <Button title="general.contact_us_action" type="primary" />
diff --git a/packages/console/src/pages/TenantSettings/Subscription/index.tsx b/packages/console/src/pages/TenantSettings/Subscription/index.tsx
index 2a9e07cf8971..c1983ec9c938 100644
--- a/packages/console/src/pages/TenantSettings/Subscription/index.tsx
+++ b/packages/console/src/pages/TenantSettings/Subscription/index.tsx
@@ -4,7 +4,7 @@ import PageMeta from '@/components/PageMeta';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import useSubscriptionUsage from '@/hooks/use-subscription-usage';
-import { pickupFeaturedPlans } from '@/utils/subscription';
+import { pickupFeaturedLogtoSkus, pickupFeaturedPlans } from '@/utils/subscription';
 
 import Skeleton from '../components/Skeleton';
 
@@ -15,8 +15,14 @@ import styles from './index.module.scss';
 
 function Subscription() {
   const { currentTenantId } = useContext(TenantsContext);
-  const { subscriptionPlans, currentPlan, currentSubscription, onCurrentSubscriptionUpdated } =
-    useContext(SubscriptionDataContext);
+  const {
+    subscriptionPlans,
+    currentPlan,
+    logtoSkus,
+    currentSku,
+    currentSubscription,
+    onCurrentSubscriptionUpdated,
+  } = useContext(SubscriptionDataContext);
 
   const {
     data: subscriptionUsage,
@@ -25,6 +31,7 @@ function Subscription() {
   } = useSubscriptionUsage(currentTenantId);
 
   const reservedPlans = pickupFeaturedPlans(subscriptionPlans);
+  const reservedSkus = pickupFeaturedLogtoSkus(logtoSkus);
 
   if (isLoading) {
     return <Skeleton />;
@@ -46,6 +53,8 @@ function Subscription() {
       <SwitchPlanActionBar
         currentSubscriptionPlanId={currentSubscription.planId}
         subscriptionPlans={reservedPlans}
+        currentSkuId={currentSku.id}
+        logtoSkus={reservedSkus}
         onSubscriptionUpdated={async () => {
           /**
            * The upcoming billing info is calculated based on the current subscription usage,
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx b/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx
index 35c1988f539d..cfb809f1932c 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/InviteMemberModal/Footer/index.tsx
@@ -5,6 +5,7 @@ import { Trans, useTranslation } from 'react-i18next';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
 import { contactEmailLink } from '@/consts';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button, { LinkButton } from '@/ds-components/Button';
 
@@ -21,12 +22,15 @@ type Props = {
 function Footer({ newInvitationCount = 0, isLoading, onSubmit }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.upsell.paywall' });
 
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku } = useContext(SubscriptionDataContext);
   const { id: planId, quota } = currentPlan;
 
   const { hasTenantMembersReachedLimit, limit, usage } = useTenantMembersUsage();
 
-  if (planId === ReservedPlanId.Free && hasTenantMembersReachedLimit) {
+  if (
+    (isDevFeaturesEnabled ? currentSku.id : planId) === ReservedPlanId.Free &&
+    hasTenantMembersReachedLimit
+  ) {
     return (
       <QuotaGuardFooter>
         <Trans
@@ -41,7 +45,7 @@ function Footer({ newInvitationCount = 0, isLoading, onSubmit }: Props) {
   }
 
   if (
-    planId === ReservedPlanId.Development &&
+    (isDevFeaturesEnabled ? currentSku.id : planId) === ReservedPlanId.Development &&
     (hasTenantMembersReachedLimit || usage + newInvitationCount > limit)
   ) {
     // Display a custom "Contact us" footer instead of asking for upgrade
diff --git a/packages/console/src/pages/TenantSettings/TenantMembers/hooks.ts b/packages/console/src/pages/TenantSettings/TenantMembers/hooks.ts
index a4c3975ff925..c91cdad9712a 100644
--- a/packages/console/src/pages/TenantSettings/TenantMembers/hooks.ts
+++ b/packages/console/src/pages/TenantSettings/TenantMembers/hooks.ts
@@ -4,14 +4,21 @@ import useSWR from 'swr';
 
 import { useAuthedCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type TenantInvitationResponse, type TenantMemberResponse } from '@/cloud/types/router';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import { type RequestError } from '@/hooks/use-api';
 import useCurrentTenantScopes from '@/hooks/use-current-tenant-scopes';
-import { hasReachedQuotaLimit, hasSurpassedQuotaLimit } from '@/utils/quota';
+import {
+  hasReachedQuotaLimit,
+  hasReachedSubscriptionQuotaLimit,
+  hasSurpassedQuotaLimit,
+  hasSurpassedSubscriptionQuotaLimit,
+} from '@/utils/quota';
 
 const useTenantMembersUsage = () => {
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSubscriptionUsage, currentSubscriptionQuota } =
+    useContext(SubscriptionDataContext);
   const { currentTenantId } = useContext(TenantsContext);
   const {
     access: { canInviteMember },
@@ -36,34 +43,52 @@ const useTenantMembersUsage = () => {
   );
 
   const usage = useMemo(() => {
+    if (isDevFeaturesEnabled) {
+      return currentSubscriptionUsage.tenantMembersLimit;
+    }
     return (members?.length ?? 0) + (pendingInvitations?.length ?? 0);
-  }, [members?.length, pendingInvitations?.length]);
+  }, [members?.length, pendingInvitations?.length, currentSubscriptionUsage.tenantMembersLimit]);
 
   const hasTenantMembersReachedLimit = useMemo(
     () =>
-      hasReachedQuotaLimit({
-        quotaKey: 'tenantMembersLimit',
-        plan: currentPlan,
-        usage,
-      }),
-    [currentPlan, usage]
+      isDevFeaturesEnabled
+        ? hasReachedSubscriptionQuotaLimit({
+            quotaKey: 'tenantMembersLimit',
+            quota: currentSubscriptionQuota,
+            usage: currentSubscriptionUsage.tenantMembersLimit,
+          })
+        : hasReachedQuotaLimit({
+            quotaKey: 'tenantMembersLimit',
+            plan: currentPlan,
+            usage,
+          }),
+    [currentPlan, usage, currentSubscriptionQuota, currentSubscriptionUsage.tenantMembersLimit]
   );
 
   const hasTenantMembersSurpassedLimit = useMemo(
     () =>
-      hasSurpassedQuotaLimit({
-        quotaKey: 'tenantMembersLimit',
-        plan: currentPlan,
-        usage,
-      }),
-    [currentPlan, usage]
+      isDevFeaturesEnabled
+        ? hasSurpassedSubscriptionQuotaLimit({
+            quotaKey: 'tenantMembersLimit',
+            quota: currentSubscriptionQuota,
+            usage: currentSubscriptionUsage.tenantMembersLimit,
+          })
+        : hasSurpassedQuotaLimit({
+            quotaKey: 'tenantMembersLimit',
+            plan: currentPlan,
+            usage,
+          }),
+    [currentPlan, usage, currentSubscriptionQuota, currentSubscriptionUsage.tenantMembersLimit]
   );
 
   return {
     hasTenantMembersReachedLimit,
     hasTenantMembersSurpassedLimit,
     usage,
-    limit: currentPlan.quota.tenantMembersLimit ?? Number.POSITIVE_INFINITY,
+    limit:
+      (isDevFeaturesEnabled
+        ? currentSubscriptionQuota.tenantMembersLimit
+        : currentPlan.quota.tenantMembersLimit) ?? Number.POSITIVE_INFINITY,
   };
 };
 
diff --git a/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx b/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx
index 89ef0b0e4df4..22ce62172f15 100644
--- a/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx
+++ b/packages/console/src/pages/TenantSettings/components/NotEligibleSwitchPlanModalContent/index.tsx
@@ -3,14 +3,18 @@ import { conditional } from '@silverhand/essentials';
 import { useMemo } from 'react';
 import { Trans, useTranslation } from 'react-i18next';
 
+import { type LogtoSkuResponse } from '@/cloud/types/router';
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
-import { planQuotaItemOrder } from '@/consts/plan-quotas';
+import { planQuotaItemOrder, skuQuotaItemOrder } from '@/consts/plan-quotas';
 import {
   quotaItemLimitedPhrasesMap,
   quotaItemNotEligiblePhrasesMap,
+  skuQuotaItemLimitedPhrasesMap,
+  skuQuotaItemNotEligiblePhrasesMap,
 } from '@/consts/quota-item-phrases';
 import DynamicT from '@/ds-components/DynamicT';
+import { type LogtoSkuQuota, type LogtoSkuQuotaEntries } from '@/types/skus';
 import {
   type SubscriptionPlanQuotaEntries,
   type SubscriptionPlan,
@@ -25,12 +29,18 @@ const excludedQuotaKeys = new Set<keyof SubscriptionPlanQuota>([
   'ticketSupportResponseTime',
 ]);
 
+const excludedSkuQuotaKeys = new Set<keyof LogtoSkuQuota>([
+  'auditLogsRetentionDays',
+  'ticketSupportResponseTime',
+]);
+
 type Props = {
   readonly targetPlan: SubscriptionPlan;
   readonly exceededQuotaKeys: Array<keyof SubscriptionPlanQuota>;
   readonly isDowngrade?: boolean;
 };
 
+/** @deprecated */
 function NotEligibleSwitchPlanModalContent({
   targetPlan,
   exceededQuotaKeys,
@@ -112,4 +122,95 @@ function NotEligibleSwitchPlanModalContent({
   );
 }
 
+type SkuProps = {
+  readonly targetSku: LogtoSkuResponse;
+  readonly exceededSkuQuotaKeys: Array<keyof LogtoSkuQuota>;
+  readonly isDowngrade?: boolean;
+};
+
+/**
+ * Almost copy/paste from the implementation above, but with different types and constants to fit the use cases of new pricing model.
+ * Old one will be deprecated soon.
+ */
+export function NotEligibleSwitchSkuModalContent({
+  targetSku,
+  exceededSkuQuotaKeys,
+  isDowngrade = false,
+}: SkuProps) {
+  const { t } = useTranslation(undefined, {
+    keyPrefix: 'admin_console.subscription.not_eligible_modal',
+  });
+
+  const { id, name, quota } = targetSku;
+
+  const orderedEntries = useMemo(() => {
+    // eslint-disable-next-line no-restricted-syntax
+    const entries = Object.entries(quota) as LogtoSkuQuotaEntries;
+    return entries
+      .filter(([quotaKey]) => exceededSkuQuotaKeys.includes(quotaKey))
+      .slice()
+      .sort(([preQuotaKey], [nextQuotaKey]) =>
+        sortBy(skuQuotaItemOrder)(preQuotaKey, nextQuotaKey)
+      );
+  }, [quota, exceededSkuQuotaKeys]);
+
+  return (
+    <div className={styles.container}>
+      <div className={styles.description}>
+        <Trans
+          components={{
+            name: <PlanName skuId={id} name={name ?? id} />,
+          }}
+        >
+          {t(isDowngrade ? 'downgrade_description' : 'upgrade_description')}
+        </Trans>
+        {!isDowngrade && id === ReservedPlanId.Pro && t('upgrade_pro_tip')}
+      </div>
+      <ul className={styles.list}>
+        {orderedEntries.map(([quotaKey, quotaValue]) => {
+          if (
+            excludedSkuQuotaKeys.has(quotaKey) ||
+            quotaValue === null || // Unlimited items
+            quotaValue === true // Eligible items
+          ) {
+            return null;
+          }
+
+          return (
+            <li key={quotaKey}>
+              {quotaValue ? (
+                <Trans
+                  components={{
+                    item: (
+                      <DynamicT
+                        forKey={`subscription.quota_item.${skuQuotaItemLimitedPhrasesMap[quotaKey]}`}
+                        interpolation={conditional(
+                          typeof quotaValue === 'number' && { count: quotaValue }
+                        )}
+                      />
+                    ),
+                  }}
+                >
+                  {t('a_maximum_of')}
+                </Trans>
+              ) : (
+                <DynamicT
+                  forKey={`subscription.quota_item.${skuQuotaItemNotEligiblePhrasesMap[quotaKey]}`}
+                />
+              )}
+            </li>
+          );
+        })}
+      </ul>
+      <Trans
+        components={{
+          a: <ContactUsPhraseLink />,
+        }}
+      >
+        {t(isDowngrade ? 'downgrade_help_tip' : 'upgrade_help_tip')}
+      </Trans>
+    </div>
+  );
+}
+
 export default NotEligibleSwitchPlanModalContent;
diff --git a/packages/console/src/pages/Webhooks/CreateFormModal/CreateForm.tsx b/packages/console/src/pages/Webhooks/CreateFormModal/CreateForm.tsx
index 44d1f42fa7dd..3e9cfb689f12 100644
--- a/packages/console/src/pages/Webhooks/CreateFormModal/CreateForm.tsx
+++ b/packages/console/src/pages/Webhooks/CreateFormModal/CreateForm.tsx
@@ -7,12 +7,13 @@ import BasicWebhookForm, { type BasicWebhookFormType } from '@/components/BasicW
 import ContactUsPhraseLink from '@/components/ContactUsPhraseLink';
 import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
+import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
 import Button from '@/ds-components/Button';
 import ModalLayout from '@/ds-components/ModalLayout';
 import useApi from '@/hooks/use-api';
 import { trySubmitSafe } from '@/utils/form';
-import { hasReachedQuotaLimit } from '@/utils/quota';
+import { hasReachedQuotaLimit, hasReachedSubscriptionQuotaLimit } from '@/utils/quota';
 
 type Props = {
   readonly totalWebhookCount: number;
@@ -27,14 +28,21 @@ type CreateHookPayload = Pick<CreateHook, 'name'> & {
 };
 
 function CreateForm({ totalWebhookCount, onClose }: Props) {
-  const { currentPlan } = useContext(SubscriptionDataContext);
+  const { currentPlan, currentSku, currentSubscriptionQuota, currentSubscriptionUsage } =
+    useContext(SubscriptionDataContext);
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
-  const shouldBlockCreation = hasReachedQuotaLimit({
-    quotaKey: 'hooksLimit',
-    usage: totalWebhookCount,
-    plan: currentPlan,
-  });
+  const shouldBlockCreation = isDevFeaturesEnabled
+    ? hasReachedSubscriptionQuotaLimit({
+        quotaKey: 'hooksLimit',
+        usage: currentSubscriptionUsage.hooksLimit,
+        quota: currentSubscriptionQuota,
+      })
+    : hasReachedQuotaLimit({
+        quotaKey: 'hooksLimit',
+        usage: totalWebhookCount,
+        plan: currentPlan,
+      });
 
   const formMethods = useForm<BasicWebhookFormType>();
   const {
@@ -70,10 +78,15 @@ function CreateForm({ totalWebhookCount, onClose }: Props) {
             <Trans
               components={{
                 a: <ContactUsPhraseLink />,
-                planName: <PlanName name={currentPlan.name} />,
+                planName: <PlanName skuId={currentSku.id} name={currentPlan.name} />,
               }}
             >
-              {t('upsell.paywall.hooks', { count: currentPlan.quota.hooksLimit ?? 0 })}
+              {t('upsell.paywall.hooks', {
+                count:
+                  (isDevFeaturesEnabled
+                    ? currentSubscriptionUsage.hooksLimit
+                    : currentPlan.quota.hooksLimit) ?? 0,
+              })}
             </Trans>
           </QuotaGuardFooter>
         ) : (
diff --git a/packages/console/src/types/skus.ts b/packages/console/src/types/skus.ts
new file mode 100644
index 000000000000..673cc07cc999
--- /dev/null
+++ b/packages/console/src/types/skus.ts
@@ -0,0 +1,14 @@
+import { type NewSubscriptionQuota } from '@/cloud/types/router';
+
+// TODO: This is a copy from `@logto/cloud-models`, make a SSoT for this later
+export enum LogtoSkuType {
+  Basic = 'Basic',
+  AddOn = 'AddOn',
+}
+
+export type LogtoSkuQuota = NewSubscriptionQuota & {
+  // Add ticket support quota item to the plan since it will be compared in the downgrade plan notification modal.
+  ticketSupportResponseTime: number;
+};
+
+export type LogtoSkuQuotaEntries = Array<[keyof LogtoSkuQuota, LogtoSkuQuota[keyof LogtoSkuQuota]]>;
diff --git a/packages/console/src/types/subscriptions.ts b/packages/console/src/types/subscriptions.ts
index daf3db0c894f..11f832a57351 100644
--- a/packages/console/src/types/subscriptions.ts
+++ b/packages/console/src/types/subscriptions.ts
@@ -4,6 +4,7 @@ import { type InvoicesResponse, type SubscriptionPlanResponse } from '@/cloud/ty
 
 export enum ReservedPlanName {
   Free = 'Free',
+  /** @deprecated */
   Hobby = 'Hobby',
   Pro = 'Pro',
   Enterprise = 'Enterprise',
diff --git a/packages/console/src/utils/quota.ts b/packages/console/src/utils/quota.ts
index 1c10b5b140d6..a69dc5b2c74a 100644
--- a/packages/console/src/utils/quota.ts
+++ b/packages/console/src/utils/quota.ts
@@ -1,12 +1,15 @@
+import { type NewSubscriptionQuota } from '@/cloud/types/router';
 import { isCloud } from '@/consts/env';
 import { type SubscriptionPlan, type SubscriptionPlanQuota } from '@/types/subscriptions';
 
+/** @deprecated */
 type UsageOptions = {
   quotaKey: keyof SubscriptionPlanQuota;
   usage: number;
   plan: SubscriptionPlan;
 };
 
+/** @deprecated */
 const isUsageWithInLimit = ({ quotaKey, usage, plan }: UsageOptions, inclusive = true) => {
   // No limitations for OSS version
   if (!isCloud) {
@@ -27,6 +30,45 @@ const isUsageWithInLimit = ({ quotaKey, usage, plan }: UsageOptions, inclusive =
   return inclusive ? usage <= quotaValue : usage < quotaValue;
 };
 
+/** @deprecated */
 export const hasSurpassedQuotaLimit = (options: UsageOptions) => !isUsageWithInLimit(options);
 
+/** @deprecated */
 export const hasReachedQuotaLimit = (options: UsageOptions) => !isUsageWithInLimit(options, false);
+
+/* === For new pricing model === */
+type SubscriptionUsageOptions = {
+  quotaKey: keyof NewSubscriptionQuota;
+  usage: number;
+  quota: NewSubscriptionQuota;
+};
+
+const isSubscriptionUsageWithInLimit = (
+  { quotaKey, usage, quota }: SubscriptionUsageOptions,
+  inclusive = true
+) => {
+  // No limitations for OSS version
+  if (!isCloud) {
+    return true;
+  }
+
+  const quotaValue = quota[quotaKey];
+
+  // Unlimited
+  if (quotaValue === null) {
+    return true;
+  }
+
+  if (typeof quotaValue === 'boolean') {
+    return quotaValue;
+  }
+
+  return inclusive ? usage <= quotaValue : usage < quotaValue;
+};
+
+export const hasSurpassedSubscriptionQuotaLimit = (options: SubscriptionUsageOptions) =>
+  !isSubscriptionUsageWithInLimit(options);
+
+export const hasReachedSubscriptionQuotaLimit = (options: SubscriptionUsageOptions) =>
+  !isSubscriptionUsageWithInLimit(options, false);
+/* === For new pricing model === */
diff --git a/packages/console/src/utils/subscription.ts b/packages/console/src/utils/subscription.ts
index 8213a6821afd..fcb47e3b9019 100644
--- a/packages/console/src/utils/subscription.ts
+++ b/packages/console/src/utils/subscription.ts
@@ -3,9 +3,10 @@ import { ResponseError } from '@withtyped/client';
 import dayjs from 'dayjs';
 
 import { tryReadResponseErrorBody } from '@/cloud/hooks/use-cloud-api';
-import { type SubscriptionPlanResponse } from '@/cloud/types/router';
+import { type LogtoSkuResponse, type SubscriptionPlanResponse } from '@/cloud/types/router';
 import { ticketSupportResponseTimeMap } from '@/consts/plan-quotas';
 import { featuredPlanIdOrder, featuredPlanIds } from '@/consts/subscriptions';
+import { type LogtoSkuQuota } from '@/types/skus';
 import { type SubscriptionPlanQuota, type SubscriptionPlan } from '@/types/subscriptions';
 
 export const addSupportQuotaToPlan = (subscriptionPlanResponse: SubscriptionPlanResponse) => {
@@ -23,6 +24,21 @@ export const addSupportQuotaToPlan = (subscriptionPlanResponse: SubscriptionPlan
   };
 };
 
+export const addSupportQuota = (logtoSkuResponse: LogtoSkuResponse) => {
+  const { id, quota } = logtoSkuResponse;
+
+  return {
+    ...logtoSkuResponse,
+    quota: {
+      ...quota,
+      /**
+       * Manually add this support quota item to the plan since it will be compared in the downgrade plan notification modal.
+       */
+      ticketSupportResponseTime: ticketSupportResponseTimeMap[id] ?? 0, // Fallback to not supported
+    },
+  };
+};
+
 const getSubscriptionPlanOrderById = (id: string) => {
   const index = featuredPlanIdOrder.indexOf(id);
 
@@ -47,6 +63,8 @@ export const formatPeriod = ({ periodStart, periodEnd, displayYear }: FormatPeri
 };
 
 /**
+ * @deprecated Use `parseExceededSkuQuotaLimitError` instead in the future.
+ *
  * Parse the error data from the server if the error is caused by exceeding the quota limit.
  * This is used to handle cases where users attempt to switch subscription plans, but the quota limit is exceeded.
  *
@@ -89,5 +107,39 @@ export const parseExceededQuotaLimitError = async (
   return [true, Object.keys(exceededQuota) as Array<keyof SubscriptionPlanQuota>];
 };
 
+// Duplication of `parseExceededQuotaLimitError` with different keys.
+// `parseExceededQuotaLimitError` will be removed soon.
+export const parseExceededSkuQuotaLimitError = async (
+  error: unknown
+): Promise<[false] | [true, Array<keyof LogtoSkuQuota>]> => {
+  if (!(error instanceof ResponseError)) {
+    return [false];
+  }
+
+  const { message } = (await tryReadResponseErrorBody(error)) ?? {};
+
+  const match = message?.match(/Status exception: Exceeded quota limit\. (.+)$/);
+
+  if (!match) {
+    return [false];
+  }
+
+  const data = match[1];
+  const exceededQuota = conditional(
+    // eslint-disable-next-line no-restricted-syntax -- trust the type from the server if error message matches
+    data && trySafe(() => JSON.parse(data) as Partial<LogtoSkuQuota>)
+  );
+
+  if (!exceededQuota) {
+    return [false];
+  }
+
+  // eslint-disable-next-line no-restricted-syntax
+  return [true, Object.keys(exceededQuota) as Array<keyof LogtoSkuQuota>];
+};
+
 export const pickupFeaturedPlans = (plans: SubscriptionPlan[]): SubscriptionPlan[] =>
   plans.filter(({ id }) => featuredPlanIds.includes(id));
+
+export const pickupFeaturedLogtoSkus = (logtoSkus: LogtoSkuResponse[]): LogtoSkuResponse[] =>
+  logtoSkus.filter(({ id }) => featuredPlanIds.includes(id));

From c45a1a5ad4047389bc9c757148659ee888d6e599 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 26 Jul 2024 12:42:47 +0800
Subject: [PATCH 109/135] refactor(console): safely lazy load pages (#6332)

* refactor(console): safely lazy load pages

* chore(console): use react-safe-lazy
---
 packages/console/.eslintrc.cjs                |  9 +--
 packages/console/package.json                 |  1 +
 .../src/containers/ConsoleContent/index.tsx   |  5 +-
 .../src/containers/ConsoleRoutes/index.tsx    | 65 +++++++++++--------
 .../src/containers/ConsoleRoutes/internal.ts  | 14 ++++
 .../src/hooks/use-console-routes/index.tsx    |  9 +--
 .../routes/api-resources.tsx                  | 10 +--
 .../routes/applications.tsx                   |  8 +--
 .../use-console-routes/routes/audit-logs.tsx  |  6 +-
 .../use-console-routes/routes/connectors.tsx  |  6 +-
 .../routes/customize-jwt.tsx                  |  6 +-
 .../routes/enterprise-sso.tsx                 |  6 +-
 .../hooks/use-console-routes/routes/mfa.tsx   |  4 +-
 .../routes/organization-template.tsx          | 14 ++--
 .../routes/organizations.tsx                  | 14 ++--
 .../use-console-routes/routes/profile.tsx     | 10 +--
 .../hooks/use-console-routes/routes/roles.tsx | 14 ++--
 .../routes/sign-in-experience.tsx             |  4 +-
 .../routes/tenant-settings.tsx                | 23 ++++---
 .../hooks/use-console-routes/routes/users.tsx | 16 ++---
 .../use-console-routes/routes/webhooks.tsx    | 12 ++--
 .../src/tests/console/error-handling.test.ts  | 46 +++++++++++++
 .../experience/server-side-rendering.test.ts  | 53 +--------------
 .../integration-tests/src/ui-helpers/trace.ts | 54 +++++++++++++++
 pnpm-lock.yaml                                | 12 ++++
 25 files changed, 257 insertions(+), 164 deletions(-)
 create mode 100644 packages/console/src/containers/ConsoleRoutes/internal.ts
 create mode 100644 packages/integration-tests/src/tests/console/error-handling.test.ts
 create mode 100644 packages/integration-tests/src/ui-helpers/trace.ts

diff --git a/packages/console/.eslintrc.cjs b/packages/console/.eslintrc.cjs
index a350201e77d3..0997dc7409c0 100644
--- a/packages/console/.eslintrc.cjs
+++ b/packages/console/.eslintrc.cjs
@@ -15,6 +15,7 @@ module.exports = {
         unnamedComponents: 'arrow-function',
       },
     ],
+    'react/jsx-pascal-case': ['error', { ignore: ['__Internal__*'] }],
     'import/no-unused-modules': [
       'error',
       {
@@ -30,6 +31,8 @@ module.exports = {
         '**/assets/docs/guides/*/index.ts',
         '**/assets/docs/guides/*/components/**/*.tsx',
         '**/mdx-components*/*/index.tsx',
+        '*.config.js',
+        '*.config.ts',
       ],
       rules: {
         'import/no-unused-modules': 'off',
@@ -49,12 +52,6 @@ module.exports = {
         ],
       },
     },
-    {
-      files: ['*.config.js', '*.config.ts', '*.d.ts'],
-      rules: {
-        'import/no-unused-modules': 'off',
-      },
-    },
     {
       files: ['*.d.ts'],
       rules: {
diff --git a/packages/console/package.json b/packages/console/package.json
index aee57fe6cc09..4e24b8687ba4 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -107,6 +107,7 @@
     "react-modal": "^3.15.1",
     "react-paginate": "^8.1.3",
     "react-router-dom": "^6.25.1",
+    "react-safe-lazy": "^0.1.0",
     "react-syntax-highlighter": "^15.5.0",
     "react-timer-hook": "^3.0.5",
     "recharts": "^2.1.13",
diff --git a/packages/console/src/containers/ConsoleContent/index.tsx b/packages/console/src/containers/ConsoleContent/index.tsx
index 49ff99674704..d063da006ec7 100644
--- a/packages/console/src/containers/ConsoleContent/index.tsx
+++ b/packages/console/src/containers/ConsoleContent/index.tsx
@@ -1,5 +1,6 @@
-import { lazy, Suspense } from 'react';
+import { Suspense } from 'react';
 import { useOutletContext, useRoutes } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { isDevFeaturesEnabled } from '@/consts/env';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
@@ -14,7 +15,7 @@ import { Skeleton } from './Sidebar';
 import useTenantScopeListener from './hooks';
 import styles from './index.module.scss';
 
-const Sidebar = lazy(async () => import('./Sidebar'));
+const Sidebar = safeLazy(async () => import('./Sidebar'));
 
 function ConsoleContent() {
   const { scrollableContent } = useOutletContext<AppContentOutletContext>();
diff --git a/packages/console/src/containers/ConsoleRoutes/index.tsx b/packages/console/src/containers/ConsoleRoutes/index.tsx
index 4e4e2369f203..f3834d514d31 100644
--- a/packages/console/src/containers/ConsoleRoutes/index.tsx
+++ b/packages/console/src/containers/ConsoleRoutes/index.tsx
@@ -1,8 +1,11 @@
 import { ossConsolePath } from '@logto/schemas';
+import { Suspense } from 'react';
 import { Navigate, Outlet, Route, Routes } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 import { SWRConfig } from 'swr';
 
-import { isCloud } from '@/consts/env';
+import AppLoading from '@/components/AppLoading';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 import AppBoundary from '@/containers/AppBoundary';
 import AppContent, { RedirectToFirstItem } from '@/containers/AppContent';
 import ConsoleContent from '@/containers/ConsoleContent';
@@ -12,10 +15,13 @@ import { GlobalRoute } from '@/contexts/TenantsProvider';
 import useSwrOptions from '@/hooks/use-swr-options';
 import Callback from '@/pages/Callback';
 import CheckoutSuccessCallback from '@/pages/CheckoutSuccessCallback';
-import Profile from '@/pages/Profile';
-import Welcome from '@/pages/Welcome';
 import { dropLeadingSlash } from '@/utils/url';
 
+import { __Internal__ImportError } from './internal';
+
+const Welcome = safeLazy(async () => import('@/pages/Welcome'));
+const Profile = safeLazy(async () => import('@/pages/Profile'));
+
 function Layout() {
   const swrOptions = useSwrOptions();
 
@@ -30,32 +36,37 @@ function Layout() {
 
 export function ConsoleRoutes() {
   return (
-    <Routes>
-      {/**
-       * OSS doesn't have a tenant concept nor root path handling component, but it may
-       * navigate to the root path in frontend. In this case, we redirect it to the OSS
-       * console path to trigger the console routes.
-       */}
-      {!isCloud && <Route path="/" element={<Navigate to={ossConsolePath} />} />}
-      <Route path="/:tenantId" element={<Layout />}>
-        <Route path="callback" element={<Callback />} />
-        <Route path="welcome" element={<Welcome />} />
-        <Route element={<ProtectedRoutes />}>
-          <Route path={dropLeadingSlash(GlobalRoute.Profile) + '/*'} element={<Profile />} />
-          <Route element={<TenantAccess />}>
-            {isCloud && (
-              <Route
-                path={dropLeadingSlash(GlobalRoute.CheckoutSuccessCallback)}
-                element={<CheckoutSuccessCallback />}
-              />
-            )}
-            <Route element={<AppContent />}>
-              <Route index element={<RedirectToFirstItem />} />
-              <Route path="*" element={<ConsoleContent />} />
+    <Suspense fallback={<AppLoading />}>
+      <Routes>
+        {/**
+         * OSS doesn't have a tenant concept nor root path handling component, but it may
+         * navigate to the root path in frontend. In this case, we redirect it to the OSS
+         * console path to trigger the console routes.
+         */}
+        {!isCloud && <Route path="/" element={<Navigate to={ossConsolePath} />} />}
+        <Route path="/:tenantId" element={<Layout />}>
+          <Route path="callback" element={<Callback />} />
+          <Route path="welcome" element={<Welcome />} />
+          {isDevFeaturesEnabled && (
+            <Route path="__internal__/import-error" element={<__Internal__ImportError />} />
+          )}
+          <Route element={<ProtectedRoutes />}>
+            <Route path={dropLeadingSlash(GlobalRoute.Profile) + '/*'} element={<Profile />} />
+            <Route element={<TenantAccess />}>
+              {isCloud && (
+                <Route
+                  path={dropLeadingSlash(GlobalRoute.CheckoutSuccessCallback)}
+                  element={<CheckoutSuccessCallback />}
+                />
+              )}
+              <Route element={<AppContent />}>
+                <Route index element={<RedirectToFirstItem />} />
+                <Route path="*" element={<ConsoleContent />} />
+              </Route>
             </Route>
           </Route>
         </Route>
-      </Route>
-    </Routes>
+      </Routes>
+    </Suspense>
   );
 }
diff --git a/packages/console/src/containers/ConsoleRoutes/internal.ts b/packages/console/src/containers/ConsoleRoutes/internal.ts
new file mode 100644
index 000000000000..efa055872e44
--- /dev/null
+++ b/packages/console/src/containers/ConsoleRoutes/internal.ts
@@ -0,0 +1,14 @@
+import { safeLazy } from 'react-safe-lazy';
+
+/**
+ * An internal module that is used to test the lazy loading failure in the console. Normally, this
+ * module should not involve any production code.
+ */
+export const __Internal__ImportError = safeLazy(async () => {
+  // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+  const module = await import(
+    /* @vite-ignore */ `${window.location.origin}/some-non-existing-path`
+  );
+  // eslint-disable-next-line @typescript-eslint/no-unsafe-return
+  return module;
+});
diff --git a/packages/console/src/hooks/use-console-routes/index.tsx b/packages/console/src/hooks/use-console-routes/index.tsx
index 4b78bbc2de9c..85e8b4d190a1 100644
--- a/packages/console/src/hooks/use-console-routes/index.tsx
+++ b/packages/console/src/hooks/use-console-routes/index.tsx
@@ -1,6 +1,7 @@
 import { condArray } from '@silverhand/essentials';
-import { lazy, useMemo } from 'react';
+import { useMemo } from 'react';
 import { type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { isCloud } from '@/consts/env';
 import NotFound from '@/pages/NotFound';
@@ -20,9 +21,9 @@ import { useTenantSettings } from './routes/tenant-settings';
 import { users } from './routes/users';
 import { webhooks } from './routes/webhooks';
 
-const Dashboard = lazy(async () => import('@/pages/Dashboard'));
-const GetStarted = lazy(async () => import('@/pages/GetStarted'));
-const SigningKeys = lazy(async () => import('@/pages/SigningKeys'));
+const Dashboard = safeLazy(async () => import('@/pages/Dashboard'));
+const GetStarted = safeLazy(async () => import('@/pages/GetStarted'));
+const SigningKeys = safeLazy(async () => import('@/pages/SigningKeys'));
 
 export const useConsoleRoutes = () => {
   const tenantSettings = useTenantSettings();
diff --git a/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx b/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx
index 3bdd236135dd..8944f309cc2a 100644
--- a/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/api-resources.tsx
@@ -1,14 +1,14 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { ApiResourceDetailsTabs } from '@/consts';
 
-const ApiResources = lazy(async () => import('@/pages/ApiResources'));
-const ApiResourceDetails = lazy(async () => import('@/pages/ApiResourceDetails'));
-const ApiResourcePermissions = lazy(
+const ApiResources = safeLazy(async () => import('@/pages/ApiResources'));
+const ApiResourceDetails = safeLazy(async () => import('@/pages/ApiResourceDetails'));
+const ApiResourcePermissions = safeLazy(
   async () => import('@/pages/ApiResourceDetails/ApiResourcePermissions')
 );
-const ApiResourceSettings = lazy(
+const ApiResourceSettings = safeLazy(
   async () => import('@/pages/ApiResourceDetails/ApiResourceSettings')
 );
 
diff --git a/packages/console/src/hooks/use-console-routes/routes/applications.tsx b/packages/console/src/hooks/use-console-routes/routes/applications.tsx
index e4c178db1750..bdb27c803d74 100644
--- a/packages/console/src/hooks/use-console-routes/routes/applications.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/applications.tsx
@@ -1,11 +1,11 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { ApplicationDetailsTabs } from '@/consts';
 
-const Applications = lazy(async () => import('@/pages/Applications'));
-const ApplicationDetails = lazy(async () => import('@/pages/ApplicationDetails'));
-const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
+const Applications = safeLazy(async () => import('@/pages/Applications'));
+const ApplicationDetails = safeLazy(async () => import('@/pages/ApplicationDetails'));
+const AuditLogDetails = safeLazy(async () => import('@/pages/AuditLogDetails'));
 
 export const applications: RouteObject = {
   path: 'applications',
diff --git a/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx b/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx
index e529342119ca..626c91527e6d 100644
--- a/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/audit-logs.tsx
@@ -1,8 +1,8 @@
-import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
-const AuditLogs = lazy(async () => import('@/pages/AuditLogs'));
-const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
+const AuditLogs = safeLazy(async () => import('@/pages/AuditLogs'));
+const AuditLogDetails = safeLazy(async () => import('@/pages/AuditLogDetails'));
 
 export const auditLogs: RouteObject = {
   path: 'audit-logs',
diff --git a/packages/console/src/hooks/use-console-routes/routes/connectors.tsx b/packages/console/src/hooks/use-console-routes/routes/connectors.tsx
index dbe359ba2d7c..f79079393c54 100644
--- a/packages/console/src/hooks/use-console-routes/routes/connectors.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/connectors.tsx
@@ -1,10 +1,10 @@
-import { lazy } from 'react';
 import { Navigate } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { ConnectorsTabs } from '@/consts';
 
-const Connectors = lazy(async () => import('@/pages/Connectors'));
-const ConnectorDetails = lazy(async () => import('@/pages/ConnectorDetails'));
+const Connectors = safeLazy(async () => import('@/pages/Connectors'));
+const ConnectorDetails = safeLazy(async () => import('@/pages/ConnectorDetails'));
 
 export const connectors = {
   path: 'connectors',
diff --git a/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx b/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx
index b5d8ec0379fb..24b3fe44cc2b 100644
--- a/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/customize-jwt.tsx
@@ -1,8 +1,8 @@
-import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
-const CustomizeJwt = lazy(async () => import('@/pages/CustomizeJwt'));
-const CustomizeJwtDetails = lazy(async () => import('@/pages/CustomizeJwtDetails'));
+const CustomizeJwt = safeLazy(async () => import('@/pages/CustomizeJwt'));
+const CustomizeJwtDetails = safeLazy(async () => import('@/pages/CustomizeJwtDetails'));
 
 export const customizeJwt: RouteObject = {
   path: 'customize-jwt',
diff --git a/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx b/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx
index caa7c1743982..a70e61975a9f 100644
--- a/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/enterprise-sso.tsx
@@ -1,10 +1,10 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { EnterpriseSsoDetailsTabs } from '@/consts/page-tabs';
 
-const EnterpriseSso = lazy(async () => import('@/pages/EnterpriseSso'));
-const EnterpriseSsoDetails = lazy(async () => import('@/pages/EnterpriseSsoDetails'));
+const EnterpriseSso = safeLazy(async () => import('@/pages/EnterpriseSso'));
+const EnterpriseSsoDetails = safeLazy(async () => import('@/pages/EnterpriseSsoDetails'));
 
 export const enterpriseSso: RouteObject = {
   path: 'enterprise-sso',
diff --git a/packages/console/src/hooks/use-console-routes/routes/mfa.tsx b/packages/console/src/hooks/use-console-routes/routes/mfa.tsx
index 0ef3fde5acfc..b35ccdb7fe42 100644
--- a/packages/console/src/hooks/use-console-routes/routes/mfa.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/mfa.tsx
@@ -1,6 +1,6 @@
-import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
-const Mfa = lazy(async () => import('@/pages/Mfa'));
+const Mfa = safeLazy(async () => import('@/pages/Mfa'));
 
 export const mfa: RouteObject = { path: 'mfa', element: <Mfa /> };
diff --git a/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx b/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx
index aa69cf6e3876..6242c363c688 100644
--- a/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/organization-template.tsx
@@ -1,18 +1,18 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { OrganizationRoleDetailsTabs, OrganizationTemplateTabs } from '@/consts';
 
-const OrganizationTemplate = lazy(async () => import('@/pages/OrganizationTemplate'));
-const OrganizationRoles = lazy(
+const OrganizationTemplate = safeLazy(async () => import('@/pages/OrganizationTemplate'));
+const OrganizationRoles = safeLazy(
   async () => import('@/pages/OrganizationTemplate/OrganizationRoles')
 );
-const OrganizationPermissions = lazy(
+const OrganizationPermissions = safeLazy(
   async () => import('@/pages/OrganizationTemplate/OrganizationPermissions')
 );
-const OrganizationRoleDetails = lazy(async () => import('@/pages/OrganizationRoleDetails'));
-const Permissions = lazy(async () => import('@/pages/OrganizationRoleDetails/Permissions'));
-const Settings = lazy(async () => import('@/pages/OrganizationRoleDetails/Settings'));
+const OrganizationRoleDetails = safeLazy(async () => import('@/pages/OrganizationRoleDetails'));
+const Permissions = safeLazy(async () => import('@/pages/OrganizationRoleDetails/Permissions'));
+const Settings = safeLazy(async () => import('@/pages/OrganizationRoleDetails/Settings'));
 
 export const organizationTemplate: RouteObject[] = [
   {
diff --git a/packages/console/src/hooks/use-console-routes/routes/organizations.tsx b/packages/console/src/hooks/use-console-routes/routes/organizations.tsx
index c8c95668aa32..20f73d6c90b5 100644
--- a/packages/console/src/hooks/use-console-routes/routes/organizations.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/organizations.tsx
@@ -1,14 +1,16 @@
 import { condArray } from '@silverhand/essentials';
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { OrganizationDetailsTabs } from '@/pages/OrganizationDetails/types';
 
-const Organizations = lazy(async () => import('@/pages/Organizations'));
-const OrganizationDetails = lazy(async () => import('@/pages/OrganizationDetails'));
-const MachineToMachine = lazy(async () => import('@/pages/OrganizationDetails/MachineToMachine'));
-const Members = lazy(async () => import('@/pages/OrganizationDetails/Members'));
-const Settings = lazy(async () => import('@/pages/OrganizationDetails/Settings'));
+const Organizations = safeLazy(async () => import('@/pages/Organizations'));
+const OrganizationDetails = safeLazy(async () => import('@/pages/OrganizationDetails'));
+const MachineToMachine = safeLazy(
+  async () => import('@/pages/OrganizationDetails/MachineToMachine')
+);
+const Members = safeLazy(async () => import('@/pages/OrganizationDetails/Members'));
+const Settings = safeLazy(async () => import('@/pages/OrganizationDetails/Settings'));
 
 export const organizations: RouteObject = {
   path: 'organizations',
diff --git a/packages/console/src/hooks/use-console-routes/routes/profile.tsx b/packages/console/src/hooks/use-console-routes/routes/profile.tsx
index 423030de425c..17cdb1776496 100644
--- a/packages/console/src/hooks/use-console-routes/routes/profile.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/profile.tsx
@@ -1,14 +1,14 @@
-import { lazy } from 'react';
 import { type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
-const ChangePasswordModal = lazy(
+const ChangePasswordModal = safeLazy(
   async () => import('@/pages/Profile/containers/ChangePasswordModal')
 );
-const LinkEmailModal = lazy(async () => import('@/pages/Profile/containers/LinkEmailModal'));
-const VerificationCodeModal = lazy(
+const LinkEmailModal = safeLazy(async () => import('@/pages/Profile/containers/LinkEmailModal'));
+const VerificationCodeModal = safeLazy(
   async () => import('@/pages/Profile/containers/VerificationCodeModal')
 );
-const VerifyPasswordModal = lazy(
+const VerifyPasswordModal = safeLazy(
   async () => import('@/pages/Profile/containers/VerifyPasswordModal')
 );
 
diff --git a/packages/console/src/hooks/use-console-routes/routes/roles.tsx b/packages/console/src/hooks/use-console-routes/routes/roles.tsx
index 51e38899e7a4..73a1269eb88d 100644
--- a/packages/console/src/hooks/use-console-routes/routes/roles.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/roles.tsx
@@ -1,14 +1,14 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { RoleDetailsTabs } from '@/consts/page-tabs';
 
-const Roles = lazy(async () => import('@/pages/Roles'));
-const RoleDetails = lazy(async () => import('@/pages/RoleDetails'));
-const RolePermissions = lazy(async () => import('@/pages/RoleDetails/RolePermissions'));
-const RoleSettings = lazy(async () => import('@/pages/RoleDetails/RoleSettings'));
-const RoleUsers = lazy(async () => import('@/pages/RoleDetails/RoleUsers'));
-const RoleApplications = lazy(async () => import('@/pages/RoleDetails/RoleApplications'));
+const Roles = safeLazy(async () => import('@/pages/Roles'));
+const RoleDetails = safeLazy(async () => import('@/pages/RoleDetails'));
+const RolePermissions = safeLazy(async () => import('@/pages/RoleDetails/RolePermissions'));
+const RoleSettings = safeLazy(async () => import('@/pages/RoleDetails/RoleSettings'));
+const RoleUsers = safeLazy(async () => import('@/pages/RoleDetails/RoleUsers'));
+const RoleApplications = safeLazy(async () => import('@/pages/RoleDetails/RoleApplications'));
 
 export const roles: RouteObject = {
   path: 'roles',
diff --git a/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx b/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx
index 63b4a2e8e1d0..f0c705ff9a20 100644
--- a/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/sign-in-experience.tsx
@@ -1,9 +1,9 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { SignInExperienceTab } from '@/pages/SignInExperience/types';
 
-const SignInExperience = lazy(async () => import('@/pages/SignInExperience'));
+const SignInExperience = safeLazy(async () => import('@/pages/SignInExperience'));
 
 export const signInExperience: RouteObject = {
   path: 'sign-in-experience',
diff --git a/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx b/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx
index 5c025626e820..767d9c33595d 100644
--- a/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/tenant-settings.tsx
@@ -1,22 +1,27 @@
 import { condArray } from '@silverhand/essentials';
-import { lazy, useContext, useMemo } from 'react';
+import { useContext, useMemo } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { TenantSettingsTabs } from '@/consts';
 import { TenantsContext } from '@/contexts/TenantsProvider';
 import useCurrentTenantScopes from '@/hooks/use-current-tenant-scopes';
 import NotFound from '@/pages/NotFound';
 
-const TenantSettings = lazy(async () => import('@/pages/TenantSettings'));
-const TenantBasicSettings = lazy(async () => import('@/pages/TenantSettings/TenantBasicSettings'));
-const TenantDomainSettings = lazy(
+const TenantSettings = safeLazy(async () => import('@/pages/TenantSettings'));
+const TenantBasicSettings = safeLazy(
+  async () => import('@/pages/TenantSettings/TenantBasicSettings')
+);
+const TenantDomainSettings = safeLazy(
   async () => import('@/pages/TenantSettings/TenantDomainSettings')
 );
-const TenantMembers = lazy(async () => import('@/pages/TenantSettings/TenantMembers'));
-const Invitations = lazy(async () => import('@/pages/TenantSettings/TenantMembers/Invitations'));
-const Members = lazy(async () => import('@/pages/TenantSettings/TenantMembers/Members'));
-const BillingHistory = lazy(async () => import('@/pages/TenantSettings/BillingHistory'));
-const Subscription = lazy(async () => import('@/pages/TenantSettings/Subscription'));
+const TenantMembers = safeLazy(async () => import('@/pages/TenantSettings/TenantMembers'));
+const Invitations = safeLazy(
+  async () => import('@/pages/TenantSettings/TenantMembers/Invitations')
+);
+const Members = safeLazy(async () => import('@/pages/TenantSettings/TenantMembers/Members'));
+const BillingHistory = safeLazy(async () => import('@/pages/TenantSettings/BillingHistory'));
+const Subscription = safeLazy(async () => import('@/pages/TenantSettings/Subscription'));
 
 export const useTenantSettings = () => {
   const { isDevTenant } = useContext(TenantsContext);
diff --git a/packages/console/src/hooks/use-console-routes/routes/users.tsx b/packages/console/src/hooks/use-console-routes/routes/users.tsx
index 2a4d30f99c1b..0bad4fc52372 100644
--- a/packages/console/src/hooks/use-console-routes/routes/users.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/users.tsx
@@ -1,15 +1,15 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { UserDetailsTabs } from '@/consts/page-tabs';
 
-const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
-const UserDetails = lazy(async () => import('@/pages/UserDetails'));
-const UserLogs = lazy(async () => import('@/pages/UserDetails/UserLogs'));
-const UserOrganizations = lazy(async () => import('@/pages/UserDetails/UserOrganizations'));
-const UserRoles = lazy(async () => import('@/pages/UserDetails/UserRoles'));
-const UserSettings = lazy(async () => import('@/pages/UserDetails/UserSettings'));
-const Users = lazy(async () => import('@/pages/Users'));
+const AuditLogDetails = safeLazy(async () => import('@/pages/AuditLogDetails'));
+const UserDetails = safeLazy(async () => import('@/pages/UserDetails'));
+const UserLogs = safeLazy(async () => import('@/pages/UserDetails/UserLogs'));
+const UserOrganizations = safeLazy(async () => import('@/pages/UserDetails/UserOrganizations'));
+const UserRoles = safeLazy(async () => import('@/pages/UserDetails/UserRoles'));
+const UserSettings = safeLazy(async () => import('@/pages/UserDetails/UserSettings'));
+const Users = safeLazy(async () => import('@/pages/Users'));
 
 export const users: RouteObject = {
   path: 'users',
diff --git a/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx b/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx
index e98231879112..2cc47ee4687a 100644
--- a/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx
+++ b/packages/console/src/hooks/use-console-routes/routes/webhooks.tsx
@@ -1,13 +1,13 @@
-import { lazy } from 'react';
 import { Navigate, type RouteObject } from 'react-router-dom';
+import { safeLazy } from 'react-safe-lazy';
 
 import { WebhookDetailsTabs } from '@/consts';
 
-const WebhookDetails = lazy(async () => import('@/pages/WebhookDetails'));
-const AuditLogDetails = lazy(async () => import('@/pages/AuditLogDetails'));
-const WebhookSettings = lazy(async () => import('@/pages/WebhookDetails/WebhookSettings'));
-const WebhookLogs = lazy(async () => import('@/pages/WebhookDetails/WebhookLogs'));
-const Webhooks = lazy(async () => import('@/pages/Webhooks'));
+const WebhookDetails = safeLazy(async () => import('@/pages/WebhookDetails'));
+const AuditLogDetails = safeLazy(async () => import('@/pages/AuditLogDetails'));
+const WebhookSettings = safeLazy(async () => import('@/pages/WebhookDetails/WebhookSettings'));
+const WebhookLogs = safeLazy(async () => import('@/pages/WebhookDetails/WebhookLogs'));
+const Webhooks = safeLazy(async () => import('@/pages/Webhooks'));
 
 export const webhooks: RouteObject = {
   path: 'webhooks',
diff --git a/packages/integration-tests/src/tests/console/error-handling.test.ts b/packages/integration-tests/src/tests/console/error-handling.test.ts
new file mode 100644
index 000000000000..a8614686ce42
--- /dev/null
+++ b/packages/integration-tests/src/tests/console/error-handling.test.ts
@@ -0,0 +1,46 @@
+import { appendPath } from '@silverhand/essentials';
+
+import ExpectConsole from '#src/ui-helpers/expect-console.js';
+import { Trace } from '#src/ui-helpers/trace.js';
+import { devFeatureTest } from '#src/utils.js';
+
+describe('error handling', () => {
+  const trace = new Trace();
+
+  devFeatureTest.it('should handle dynamic import errors', async () => {
+    const expectConsole = new ExpectConsole(await browser.newPage());
+    const path = appendPath(expectConsole.options.endpoint, 'console/__internal__/import-error');
+
+    trace.reset(expectConsole.page);
+    await trace.start();
+    await expectConsole.navigateTo(path);
+    await trace.stop();
+
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-explicit-any
+    const traceData: { traceEvents: any[] } = await trace.read();
+
+    const documentLoads = traceData.traceEvents.filter((item) => {
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+      const data = item?.args?.data ?? {};
+      return (
+        data.resourceType === 'Document' && data.requestMethod === 'GET' && data.url === path.href
+      );
+    });
+
+    // Reloaded once
+    expect(documentLoads).toHaveLength(2);
+
+    // Show the error message
+    await Promise.all([
+      expectConsole.toMatchElement('label', {
+        text: 'Oops! Something went wrong.',
+      }),
+      expectConsole.toMatchElement('span', {
+        text: 'Failed to fetch dynamically imported module',
+      }),
+      expectConsole.toMatchElement('button', {
+        text: 'Try again',
+      }),
+    ]);
+  });
+});
diff --git a/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts b/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts
index 265c76713ebc..e41ef12b3550 100644
--- a/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts
+++ b/packages/integration-tests/src/tests/experience/server-side-rendering.test.ts
@@ -1,14 +1,10 @@
-import fs from 'node:fs/promises';
-import os from 'node:os';
-import path from 'node:path';
-
 import { demoAppApplicationId, fullSignInExperienceGuard } from '@logto/schemas';
-import { type Page } from 'puppeteer';
 import { z } from 'zod';
 
 import { demoAppUrl } from '#src/constants.js';
 import { OrganizationApiTest } from '#src/helpers/organization.js';
 import ExpectExperience from '#src/ui-helpers/expect-experience.js';
+import { Trace } from '#src/ui-helpers/trace.js';
 
 const ssrDataGuard = z.object({
   signInExperience: z.object({
@@ -22,53 +18,6 @@ const ssrDataGuard = z.object({
   }),
 });
 
-class Trace {
-  protected tracePath?: string;
-
-  constructor(protected page?: Page) {}
-
-  async start() {
-    if (this.tracePath) {
-      throw new Error('Trace already started');
-    }
-
-    if (!this.page) {
-      throw new Error('Page not set');
-    }
-
-    const traceDirectory = await fs.mkdtemp(path.join(os.tmpdir(), 'trace-'));
-    this.tracePath = path.join(traceDirectory, 'trace.json');
-    await this.page.tracing.start({ path: this.tracePath, categories: ['devtools.timeline'] });
-  }
-
-  async stop() {
-    if (!this.page) {
-      throw new Error('Page not set');
-    }
-
-    return this.page.tracing.stop();
-  }
-
-  async read() {
-    if (!this.tracePath) {
-      throw new Error('Trace not started');
-    }
-
-    return JSON.parse(await fs.readFile(this.tracePath, 'utf8'));
-  }
-
-  reset(page: Page) {
-    this.page = page;
-    this.tracePath = undefined;
-  }
-
-  async cleanup() {
-    if (this.tracePath) {
-      await fs.unlink(this.tracePath);
-    }
-  }
-}
-
 describe('server-side rendering', () => {
   const trace = new Trace();
   const expectTraceNotToHaveWellKnownEndpoints = async () => {
diff --git a/packages/integration-tests/src/ui-helpers/trace.ts b/packages/integration-tests/src/ui-helpers/trace.ts
new file mode 100644
index 000000000000..fc37aeda5edf
--- /dev/null
+++ b/packages/integration-tests/src/ui-helpers/trace.ts
@@ -0,0 +1,54 @@
+import fs from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+
+import { type Page } from 'puppeteer';
+
+export class Trace {
+  protected tracePath?: string;
+
+  constructor(protected page?: Page) {}
+
+  async start() {
+    if (this.tracePath) {
+      throw new Error('Trace already started');
+    }
+
+    if (!this.page) {
+      throw new Error('Page not set');
+    }
+
+    const traceDirectory = await fs.mkdtemp(path.join(os.tmpdir(), 'trace-'));
+    this.tracePath = path.join(traceDirectory, 'trace.json');
+    await this.page.tracing.start({ path: this.tracePath, categories: ['devtools.timeline'] });
+  }
+
+  async stop() {
+    if (!this.page) {
+      throw new Error('Page not set');
+    }
+
+    console.log('Trace captured at', this.tracePath);
+    return this.page.tracing.stop();
+  }
+
+  async read() {
+    if (!this.tracePath) {
+      throw new Error('Trace not started');
+    }
+
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-return
+    return JSON.parse(await fs.readFile(this.tracePath, 'utf8'));
+  }
+
+  reset(page: Page) {
+    this.page = page;
+    this.tracePath = undefined;
+  }
+
+  async cleanup() {
+    if (this.tracePath) {
+      await fs.unlink(this.tracePath);
+    }
+  }
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 86b76b1e100e..d46ec30669db 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3100,6 +3100,9 @@ importers:
       react-router-dom:
         specifier: ^6.25.1
         version: 6.25.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      react-safe-lazy:
+        specifier: ^0.1.0
+        version: 0.1.0(react@18.3.1)
       react-syntax-highlighter:
         specifier: ^15.5.0
         version: 15.5.0(react@18.3.1)
@@ -11700,6 +11703,11 @@ packages:
     peerDependencies:
       react: '>=16.8'
 
+  react-safe-lazy@0.1.0:
+    resolution: {integrity: sha512-CZSaQHlNVG8OuSRaLkBGe5cP+qjZtW+fJA/PRNTyCIVkH3F7GQO0aBu+jIrm2PFrTVs4xjSvuDFVyzlX6OL0oQ==}
+    peerDependencies:
+      react: ^18.0.0
+
   react-side-effect@2.1.2:
     resolution: {integrity: sha512-PVjOcvVOyIILrYoyGEpDN3vmYNLdy1CajSFNt4TDsVQC5KpTijDvWVoR+/7Rz2xT978D8/ZtFceXxzsPwZEDvw==}
     peerDependencies:
@@ -23042,6 +23050,10 @@ snapshots:
       '@remix-run/router': 1.18.0
       react: 18.3.1
 
+  react-safe-lazy@0.1.0(react@18.3.1):
+    dependencies:
+      react: 18.3.1
+
   react-side-effect@2.1.2(react@18.3.1):
     dependencies:
       react: 18.3.1

From 58a5004aa2efcfbc32d239b4ebdcc61c6fc39aea Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 26 Jul 2024 14:52:26 +0800
Subject: [PATCH 110/135] feat(core): implement the missing mfa bind and guard
 flow (#6320)

* feat(core): implement the mfa binding flow

implment the mfa binding flow

* fix(test): fix integration tests

fix integration tests

* fix(core): fix the wrong status code

fix the wrong status code

* refactor(core): refactor bind backup codes

refactor bind backup codes
---
 .../classes/experience-interaction.ts         |  50 ++-
 .../src/routes/experience/classes/helpers.ts  |  19 +-
 .../classes/libraries/mfa-validator.ts        |  71 ++--
 .../core/src/routes/experience/classes/mfa.ts | 352 ++++++++++++++++++
 .../experience/classes/verifications/index.ts |   2 +-
 .../verifications/totp-verification.ts        |  31 +-
 ...web-authn.ts => web-authn-verification.ts} |  20 +-
 packages/core/src/routes/experience/const.ts  |   1 +
 .../src/routes/experience/profile-routes.ts   | 139 ++++++-
 .../web-authn-verification.ts                 |   2 +-
 .../mfa-verification.test.ts                  |   2 +
 .../phrases/src/locales/en/errors/session.ts  |   1 +
 12 files changed, 651 insertions(+), 39 deletions(-)
 create mode 100644 packages/core/src/routes/experience/classes/mfa.ts
 rename packages/core/src/routes/experience/classes/verifications/{web-authn.ts => web-authn-verification.ts} (94%)

diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
index ed48b7755c14..56d0c584017f 100644
--- a/packages/core/src/routes/experience/classes/experience-interaction.ts
+++ b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -1,3 +1,4 @@
+/* eslint-disable max-lines */
 import { type ToZodObject } from '@logto/connector-kit';
 import { InteractionEvent, type User } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
@@ -18,10 +19,12 @@ import {
 import {
   getNewUserProfileFromVerificationRecord,
   identifyUserByVerificationRecord,
+  mergeUserMfaVerifications,
 } from './helpers.js';
 import { MfaValidator } from './libraries/mfa-validator.js';
 import { ProvisionLibrary } from './libraries/provision-library.js';
 import { SignInExperienceValidator } from './libraries/sign-in-experience-validator.js';
+import { Mfa, mfaDataGuard, userMfaDataKey, type MfaData } from './mfa.js';
 import { Profile } from './profile.js';
 import { toUserSocialIdentityData } from './utils.js';
 import {
@@ -37,6 +40,7 @@ type InteractionStorage = {
   interactionEvent?: InteractionEvent;
   userId?: string;
   profile?: InteractionProfile;
+  mfa?: MfaData;
   verificationRecords?: VerificationRecordData[];
 };
 
@@ -44,6 +48,7 @@ const interactionStorageGuard = z.object({
   interactionEvent: z.nativeEnum(InteractionEvent).optional(),
   userId: z.string().optional(),
   profile: interactionProfileGuard.optional(),
+  mfa: mfaDataGuard.optional(),
   verificationRecords: verificationRecordDataGuard.array().optional(),
 }) satisfies ToZodObject<InteractionStorage>;
 
@@ -56,14 +61,16 @@ const interactionStorageGuard = z.object({
 export default class ExperienceInteraction {
   public readonly signInExperienceValidator: SignInExperienceValidator;
   public readonly provisionLibrary: ProvisionLibrary;
+  /** The user provided profile data in the current interaction that needs to be stored to database. */
   readonly profile: Profile;
+  /** The user linked MFA data in the current interaction that needs to be stored to database. */
+  readonly mfa: Mfa;
 
   /** The user verification record list for the current interaction. */
   private readonly verificationRecords = new VerificationRecordsMap();
   /** The userId of the user for the current interaction. Only available once the user is identified. */
   private userId?: string;
   private userCache?: User;
-  /** The user provided profile data in the current interaction that needs to be stored to database. */
   /** The interaction event for the current interaction. */
   #interactionEvent?: InteractionEvent;
 
@@ -91,6 +98,7 @@ export default class ExperienceInteraction {
 
     if (!interactionDetails) {
       this.profile = new Profile(libraries, queries, {}, interactionContext);
+      this.mfa = new Mfa(libraries, queries, {}, interactionContext);
       return;
     }
 
@@ -102,11 +110,18 @@ export default class ExperienceInteraction {
       new RequestError({ code: 'session.interaction_not_found', status: 404 })
     );
 
-    const { verificationRecords = [], profile = {}, userId, interactionEvent } = result.data;
+    const {
+      verificationRecords = [],
+      profile = {},
+      mfa = {},
+      userId,
+      interactionEvent,
+    } = result.data;
 
     this.#interactionEvent = interactionEvent;
     this.userId = userId;
     this.profile = new Profile(libraries, queries, profile, interactionContext);
+    this.mfa = new Mfa(libraries, queries, mfa, interactionContext);
 
     for (const record of verificationRecords) {
       const instance = buildVerificationRecord(libraries, queries, record);
@@ -194,6 +209,9 @@ export default class ExperienceInteraction {
     this.verificationRecords.setValue(record);
   }
 
+  /**
+   * @throws {RequestError} with 404 if the verification record is not found
+   */
   public getVerificationRecordByTypeAndId<K extends keyof VerificationRecordMap>(
     type: K,
     verificationId: string
@@ -225,7 +243,7 @@ export default class ExperienceInteraction {
       isVerified,
       new RequestError(
         { code: 'session.mfa.require_mfa_verification', status: 403 },
-        { availableFactors: mfaValidator.availableMfaVerificationTypes }
+        { availableFactors: mfaValidator.availableUserMfaVerificationTypes }
       )
     );
   }
@@ -262,7 +280,7 @@ export default class ExperienceInteraction {
    **/
   public async submit() {
     const {
-      queries: { users: userQueries, userSsoIdentities: userSsoIdentitiesQueries },
+      queries: { users: userQueries },
     } = this.tenant;
 
     // Initiated
@@ -304,7 +322,14 @@ export default class ExperienceInteraction {
     // Profile fulfilled
     await this.profile.assertUserMandatoryProfileFulfilled();
 
+    // Revalidate the new MFA data if any
+    await this.mfa.checkAvailability();
+
+    // MFA fulfilled
+    await this.mfa.assertUserMandatoryMfaFulfilled();
+
     const { socialIdentity, enterpriseSsoIdentity, ...rest } = this.profile.data;
+    const { mfaSkipped, mfaVerifications } = this.mfa.toUserMfaVerifications();
 
     // Update user profile
     await userQueries.updateUserById(user.id, {
@@ -317,6 +342,21 @@ export default class ExperienceInteraction {
           },
         }
       ),
+      ...conditional(
+        mfaVerifications.length > 0 && {
+          mfaVerifications: mergeUserMfaVerifications(user.mfaVerifications, mfaVerifications),
+        }
+      ),
+      ...conditional(
+        mfaSkipped && {
+          logtoConfig: {
+            ...user.logtoConfig,
+            [userMfaDataKey]: {
+              skipped: true,
+            },
+          },
+        }
+      ),
       lastSignInAt: Date.now(),
     });
 
@@ -343,6 +383,7 @@ export default class ExperienceInteraction {
       interactionEvent,
       userId,
       profile: this.profile.data,
+      mfa: this.mfa.data,
       verificationRecords: this.verificationRecordsArray.map((record) => record.toJson()),
     };
   }
@@ -450,3 +491,4 @@ export default class ExperienceInteraction {
     await provider.interactionResult(this.ctx.req, this.ctx.res, {});
   }
 }
+/* eslint-enable max-lines */
diff --git a/packages/core/src/routes/experience/classes/helpers.ts b/packages/core/src/routes/experience/classes/helpers.ts
index 29fa65ad0aa4..b08d8ff6f63d 100644
--- a/packages/core/src/routes/experience/classes/helpers.ts
+++ b/packages/core/src/routes/experience/classes/helpers.ts
@@ -5,7 +5,7 @@
  * we have moved some of the standalone functions into this file.
  */
 
-import { VerificationType, type User } from '@logto/schemas';
+import { MfaFactor, VerificationType, type User } from '@logto/schemas';
 import { conditional } from '@silverhand/essentials';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -112,3 +112,20 @@ export const identifyUserByVerificationRecord = async (
     }
   }
 };
+
+/**
+ * Should remove the old backup codes verification if the user is binding a new one
+ */
+export const mergeUserMfaVerifications = (
+  userMfaVerifications: User['mfaVerifications'],
+  newMfaVerifications: User['mfaVerifications']
+): User['mfaVerifications'] => {
+  if (newMfaVerifications.some((verification) => verification.type === MfaFactor.BackupCode)) {
+    const filteredMfaVerifications = userMfaVerifications.filter(({ type }) => {
+      return type !== MfaFactor.BackupCode;
+    });
+    return [...filteredMfaVerifications, ...newMfaVerifications];
+  }
+
+  return [...userMfaVerifications, ...newMfaVerifications];
+};
diff --git a/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
index 9f31ff3f0fba..1bab279786db 100644
--- a/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
+++ b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
@@ -6,7 +6,10 @@ import {
   type User,
 } from '@logto/schemas';
 
+import { type BackupCodeVerification } from '../verifications/backup-code-verification.js';
 import { type VerificationRecord } from '../verifications/index.js';
+import { type TotpVerification } from '../verifications/totp-verification.js';
+import { type WebAuthnVerification } from '../verifications/web-authn-verification.js';
 
 const mfaVerificationTypes = Object.freeze([
   VerificationType.TOTP,
@@ -25,8 +28,30 @@ const mfaVerificationTypeToMfaFactorMap = Object.freeze({
   [VerificationType.WebAuthn]: MfaFactor.WebAuthn,
 }) satisfies Record<MfaVerificationType, MfaFactor>;
 
-const isMfaVerificationRecordType = (type: VerificationType): type is MfaVerificationType => {
-  return mfaVerificationTypes.includes(type);
+type MfaVerificationRecord = TotpVerification | WebAuthnVerification | BackupCodeVerification;
+
+const isMfaVerificationRecord = (
+  verification: VerificationRecord
+): verification is MfaVerificationRecord => {
+  return mfaVerificationTypes.includes(verification.type);
+};
+
+/**
+ * Check if the MFA verification record is a new bind MFA verification.
+ * New bind MFA verification can only be used for binding new MFA factors.
+ */
+const isNewBindMfaVerification = (verification: MfaVerificationRecord) => {
+  switch (verification.type) {
+    case VerificationType.TOTP: {
+      return Boolean(verification.secret);
+    }
+    case VerificationType.WebAuthn: {
+      return Boolean(verification.registrationInfo);
+    }
+    case VerificationType.BackupCode: {
+      return false;
+    }
+  }
 };
 
 export class MfaValidator {
@@ -37,6 +62,7 @@ export class MfaValidator {
 
   /**
    * Get the enabled MFA factors for the user
+   *
    * - Filter out MFA factors that are not configured in the sign-in experience
    */
   get userEnabledMfaVerifications() {
@@ -48,10 +74,14 @@ export class MfaValidator {
   }
 
   /**
-   * For front-end display usage only
-   * Return the available MFA verifications for the user.
+   * For front-end display usage only.
+   * Returns all the available MFA verifications for the user that can be used for verification.
+   *
+   * - Filter out backup codes if all the codes are used
+   * - Filter out duplicated verifications with the same type
+   * - Sort by last used time, the latest used factor is the first one, backup code is always the last one
    */
-  get availableMfaVerificationTypes() {
+  get availableUserMfaVerificationTypes() {
     return (
       this.userEnabledMfaVerifications
         // Filter out backup codes if all the codes are used
@@ -89,6 +119,9 @@ export class MfaValidator {
     );
   }
 
+  /**
+   * Check if the user has enabled MFA verifications, if true, MFA verification records are required.
+   */
   get isMfaEnabled() {
     return this.userEnabledMfaVerifications.length > 0;
   }
@@ -99,24 +132,18 @@ export class MfaValidator {
       return true;
     }
 
-    const mfaVerificationRecords = this.filterVerifiedMfaVerificationRecords(verificationRecords);
-
-    return mfaVerificationRecords.length > 0;
-  }
-
-  filterVerifiedMfaVerificationRecords(verificationRecords: VerificationRecord[]) {
-    const enabledMfaFactors = this.userEnabledMfaVerifications;
-
-    // Filter out the verified MFA verification records
-    const mfaVerificationRecords = verificationRecords.filter(({ type, isVerified }) => {
-      return (
-        isMfaVerificationRecordType(type) &&
-        isVerified &&
+    const verifiedMfaVerificationRecords = verificationRecords.filter(
+      (verification) =>
+        isMfaVerificationRecord(verification) &&
+        verification.isVerified &&
+        // New bind MFA verification can not be used for verification
+        !isNewBindMfaVerification(verification) &&
         // Check if the verification type is enabled in the user's MFA settings
-        enabledMfaFactors.some((factor) => factor.type === mfaVerificationTypeToMfaFactorMap[type])
-      );
-    });
+        this.userEnabledMfaVerifications.some(
+          (factor) => factor.type === mfaVerificationTypeToMfaFactorMap[verification.type]
+        )
+    );
 
-    return mfaVerificationRecords;
+    return verifiedMfaVerificationRecords.length > 0;
   }
 }
diff --git a/packages/core/src/routes/experience/classes/mfa.ts b/packages/core/src/routes/experience/classes/mfa.ts
new file mode 100644
index 000000000000..15565bb18215
--- /dev/null
+++ b/packages/core/src/routes/experience/classes/mfa.ts
@@ -0,0 +1,352 @@
+import { type ToZodObject } from '@logto/connector-kit';
+import {
+  type BindBackupCode,
+  bindBackupCodeGuard,
+  type BindMfa,
+  type BindTotp,
+  bindTotpGuard,
+  type BindWebAuthn,
+  bindWebAuthnGuard,
+  type JsonObject,
+  MfaFactor,
+  MfaPolicy,
+  type User,
+  VerificationType,
+} from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { deduplicate } from '@silverhand/essentials';
+import { z } from 'zod';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import { generateBackupCodes } from '#src/routes/interaction/utils/backup-code-validation.js';
+import type Libraries from '#src/tenants/Libraries.js';
+import type Queries from '#src/tenants/Queries.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import { type InteractionContext } from '../types.js';
+
+import { SignInExperienceValidator } from './libraries/sign-in-experience-validator.js';
+
+export type MfaData = {
+  mfaSkipped?: boolean;
+  totp?: BindTotp;
+  webAuthn?: BindWebAuthn[];
+  backupCode?: BindBackupCode;
+  /** The backup codes that have been generated but not yet added to the bindMfa queue */
+  pendingBackupCodes?: string[];
+};
+
+export const mfaDataGuard = z.object({
+  mfaSkipped: z.boolean().optional(),
+  totp: bindTotpGuard.optional(),
+  webAuthn: z.array(bindWebAuthnGuard).optional(),
+  backupCode: bindBackupCodeGuard.optional(),
+  pendingBackupCodes: z.array(z.string()).optional(),
+}) satisfies ToZodObject<MfaData>;
+
+export const userMfaDataKey = 'mfa';
+
+/**
+ * Check if the user has skipped MFA binding
+ */
+const isMfaSkipped = (logtoConfig: JsonObject): boolean => {
+  const userMfaDataGuard = z.object({
+    skipped: z.boolean().optional(),
+  });
+
+  const parsed = z.object({ [userMfaDataKey]: userMfaDataGuard }).safeParse(logtoConfig);
+
+  return parsed.success ? parsed.data[userMfaDataKey].skipped === true : false;
+};
+
+/**
+ * Filter out backup codes mfa verifications that have been used
+ */
+const filterOutEmptyBackupCodes = (
+  mfaVerifications: User['mfaVerifications']
+): User['mfaVerifications'] =>
+  mfaVerifications.filter((mfa) => {
+    if (mfa.type === MfaFactor.BackupCode) {
+      return mfa.codes.some((code) => !code.usedAt);
+    }
+    return true;
+  });
+
+/**
+ * This class stores all the pending new MFA settings for a user.
+ */
+export class Mfa {
+  private readonly signInExperienceValidator: SignInExperienceValidator;
+  #mfaSkipped?: boolean;
+  #totp?: BindTotp;
+  #webAuthn?: BindWebAuthn[];
+  #backupCode?: BindBackupCode;
+  /**
+   * We split the backup codes binding flow into two steps:
+   * 1. Generate backup codes
+   * 2. Add backup codes
+   *
+   * This is to prevent the user may not receive the backup codes after generating them.
+   * User need to explicitly send the binding request to add the backup codes.
+   */
+  #pendingBackupCodes?: string[];
+
+  constructor(
+    private readonly libraries: Libraries,
+    private readonly queries: Queries,
+    data: MfaData,
+    private readonly interactionContext: InteractionContext
+  ) {
+    this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
+    const { mfaSkipped, totp, webAuthn, backupCode, pendingBackupCodes } = data;
+
+    this.#mfaSkipped = mfaSkipped;
+    this.#totp = totp;
+    this.#webAuthn = webAuthn;
+    this.#backupCode = backupCode;
+    this.#pendingBackupCodes = pendingBackupCodes;
+  }
+
+  get mfaSkipped() {
+    return this.#mfaSkipped;
+  }
+
+  get bindMfaFactorsArray(): BindMfa[] {
+    return [this.#totp, ...(this.#webAuthn ?? []), this.#backupCode].filter(Boolean);
+  }
+
+  /**
+   * Format the MFA verifications data to be updated in the user account
+   */
+  toUserMfaVerifications(): {
+    mfaSkipped?: boolean;
+    mfaVerifications: User['mfaVerifications'];
+  } {
+    const verificationSet = new Set<User['mfaVerifications'][number]>();
+
+    if (this.#totp) {
+      verificationSet.add({
+        type: MfaFactor.TOTP,
+        key: this.#totp.secret,
+        id: generateStandardId(),
+        createdAt: new Date().toISOString(),
+      });
+    }
+
+    if (this.#webAuthn) {
+      for (const webAuthn of this.#webAuthn) {
+        verificationSet.add({
+          ...webAuthn,
+          id: generateStandardId(),
+          createdAt: new Date().toISOString(),
+        });
+      }
+    }
+
+    if (this.#backupCode) {
+      verificationSet.add({
+        id: generateStandardId(),
+        createdAt: new Date().toISOString(),
+        type: MfaFactor.BackupCode,
+        codes: this.#backupCode.codes.map((code) => ({ code })),
+      });
+    }
+
+    return {
+      mfaSkipped: this.mfaSkipped,
+      mfaVerifications: [...verificationSet],
+    };
+  }
+
+  /**
+   * @throws {RequestError} with status 422 if the MFA policy is not user controlled
+   */
+  async skip() {
+    const { policy } = await this.signInExperienceValidator.getMfaSettings();
+
+    assertThat(
+      policy === MfaPolicy.UserControlled,
+      new RequestError({
+        code: 'session.mfa.mfa_policy_not_user_controlled',
+        status: 422,
+      })
+    );
+
+    this.#mfaSkipped = true;
+  }
+
+  /**
+   * @throws {RequestError} with status 400 if the verification record is not verified
+   * @throws {RequestError} with status 400 if the verification record has no secret
+   * @throws {RequestError} with status 404 if the verification record is not found
+   * @throws {RequestError} with status 422 if TOTP is not enabled in the sign-in experience
+   * @throws {RequestError} with status 422 if the user already has a TOTP factor
+   *
+   * - Any existing TOTP factor will be replaced with the new one.
+   */
+  async addTotpByVerificationId(verificationId: string) {
+    const verificationRecord = this.interactionContext.getVerificationRecordByTypeAndId(
+      VerificationType.TOTP,
+      verificationId
+    );
+    const bindTotp = verificationRecord.toBindMfa();
+
+    await this.checkMfaFactorsEnabledInSignInExperience([MfaFactor.TOTP]);
+    const { mfaVerifications } = await this.interactionContext.getIdentifierUser();
+
+    // A user can only bind one TOTP factor
+    assertThat(
+      mfaVerifications.every(({ type }) => type !== MfaFactor.TOTP),
+      new RequestError({
+        code: 'user.totp_already_in_use',
+        status: 422,
+      })
+    );
+
+    this.#totp = bindTotp;
+  }
+
+  /**
+   * @throws {RequestError} with status 400 if the verification record is not verified
+   * @throws {RequestError} with status 400 if the verification record has no registration data
+   * @throws {RequestError} with status 404 if the verification record is not found
+   * @throws {RequestError} with status 422 if WebAuthn is not enabled in the sign-in experience
+   */
+  async addWebAuthnByVerificationId(verificationId: string) {
+    const verificationRecord = this.interactionContext.getVerificationRecordByTypeAndId(
+      VerificationType.WebAuthn,
+      verificationId
+    );
+    const bindWebAuthn = verificationRecord.toBindMfa();
+
+    await this.checkMfaFactorsEnabledInSignInExperience([MfaFactor.WebAuthn]);
+    this.#webAuthn = [...(this.#webAuthn ?? []), bindWebAuthn];
+  }
+
+  /**
+   * Generates new backup codes for the user.
+   *
+   * @throws {RequestError} with status 422 if Backup Code is not enabled in the sign-in experience
+   * @throws {RequestError} with status 422 if the backup code is the only MFA factor
+   **/
+  async generateBackupCodes() {
+    await this.checkMfaFactorsEnabledInSignInExperience([MfaFactor.BackupCode]);
+
+    const { mfaVerifications } = await this.interactionContext.getIdentifierUser();
+
+    const userHasOtherMfa = mfaVerifications.some((mfa) => mfa.type !== MfaFactor.BackupCode);
+    const hasOtherNewMfa = Boolean(this.#totp ?? this.#webAuthn?.length);
+
+    assertThat(
+      userHasOtherMfa || hasOtherNewMfa,
+      new RequestError({
+        code: 'session.mfa.backup_code_can_not_be_alone',
+        status: 422,
+      })
+    );
+
+    const codes = generateBackupCodes();
+    this.#pendingBackupCodes = codes;
+
+    return this.#pendingBackupCodes;
+  }
+
+  /**
+   * Add backup codes to the user account.
+   *
+   * - This is to ensure the user has received the backup codes before adding them to the account.
+   * - Any existing backup code factor will be replaced with the new one.
+   *
+   * @throws {RequestError} with status 404 if no pending backup codes are found
+   */
+  async addBackupCodes() {
+    assertThat(
+      this.#pendingBackupCodes?.length,
+      new RequestError({
+        code: 'session.mfa.pending_info_not_found',
+        status: 404,
+      })
+    );
+
+    this.#backupCode = {
+      type: MfaFactor.BackupCode,
+      codes: this.#pendingBackupCodes,
+    };
+
+    this.#pendingBackupCodes = undefined;
+  }
+
+  /**
+   * @throws {RequestError} with status 422 if the mfa factors are not enabled in the sign-in experience
+   */
+  async checkAvailability() {
+    const newBindMfaFactors = deduplicate(this.bindMfaFactorsArray.map(({ type }) => type));
+    await this.checkMfaFactorsEnabledInSignInExperience(newBindMfaFactors);
+  }
+
+  /**
+   * @throws {RequestError} with status 422 if the user has not bound the required MFA factors
+   * @throws {RequestError} with status 422 if the user has not bound the backup code but enabled in the sign-in experience
+   * @throws {RequestError} with status 422 if the user existing backup codes is empty, new backup codes is required
+   */
+  async assertUserMandatoryMfaFulfilled() {
+    const { factors, policy } = await this.signInExperienceValidator.getMfaSettings();
+
+    // If there are no factors, then there is nothing to check
+    if (factors.length === 0) {
+      return;
+    }
+
+    const { mfaVerifications, logtoConfig } = await this.interactionContext.getIdentifierUser();
+
+    // If the policy is user controlled and the user has skipped MFA, then there is nothing to check
+    // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+    if ((policy === MfaPolicy.UserControlled && this.#mfaSkipped) || isMfaSkipped(logtoConfig)) {
+      return;
+    }
+
+    const requiredFactors = factors.filter((factor) => factor !== MfaFactor.BackupCode);
+
+    const factorsInUser = filterOutEmptyBackupCodes(mfaVerifications).map(({ type }) => type);
+    const factorsInBind = this.bindMfaFactorsArray.map(({ type }) => type);
+    const availableFactors = deduplicate([...factorsInUser, ...factorsInBind]);
+
+    // Assert that the user has at least one of the required factors bound
+    assertThat(
+      requiredFactors.some((factor) => availableFactors.includes(factor)),
+      new RequestError(
+        { code: 'user.missing_mfa', status: 422 },
+        policy === MfaPolicy.Mandatory
+          ? { availableFactors }
+          : { availableFactors, skippable: true }
+      )
+    );
+
+    // Assert backup code
+    assertThat(
+      !factors.includes(MfaFactor.BackupCode) || availableFactors.includes(MfaFactor.BackupCode),
+      new RequestError({
+        code: 'session.mfa.backup_code_required',
+        status: 422,
+      })
+    );
+  }
+
+  get data(): MfaData {
+    return {
+      mfaSkipped: this.mfaSkipped,
+      totp: this.#totp,
+      webAuthn: this.#webAuthn,
+      backupCode: this.#backupCode,
+      pendingBackupCodes: this.#pendingBackupCodes,
+    };
+  }
+
+  private async checkMfaFactorsEnabledInSignInExperience(factors: MfaFactor[]) {
+    const { factors: enabledFactors } = await this.signInExperienceValidator.getMfaSettings();
+
+    const isFactorsEnabled = factors.every((factor) => enabledFactors.includes(factor));
+
+    assertThat(isFactorsEnabled, new RequestError({ code: 'session.mfa.mfa_factor_not_enabled' }));
+  }
+}
diff --git a/packages/core/src/routes/experience/classes/verifications/index.ts b/packages/core/src/routes/experience/classes/verifications/index.ts
index 6175bc8d0e19..126b618f3136 100644
--- a/packages/core/src/routes/experience/classes/verifications/index.ts
+++ b/packages/core/src/routes/experience/classes/verifications/index.ts
@@ -46,7 +46,7 @@ import {
   WebAuthnVerification,
   webAuthnVerificationRecordDataGuard,
   type WebAuthnVerificationRecordData,
-} from './web-authn.js';
+} from './web-authn-verification.js';
 
 export type VerificationRecordData =
   | PasswordVerificationRecordData
diff --git a/packages/core/src/routes/experience/classes/verifications/totp-verification.ts b/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
index d2a2134aff0d..bc52feb780ab 100644
--- a/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
@@ -1,5 +1,11 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import { MfaFactor, VerificationType, type MfaVerificationTotp, type User } from '@logto/schemas';
+import {
+  MfaFactor,
+  VerificationType,
+  type BindTotp,
+  type MfaVerificationTotp,
+  type User,
+} from '@logto/schemas';
 import { generateStandardId, getUserDisplayName } from '@logto/shared';
 import { authenticator } from 'otplib';
 import qrcode from 'qrcode';
@@ -60,8 +66,8 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
   public readonly id: string;
   public readonly type = VerificationType.TOTP;
   public readonly userId: string;
-  private secret?: string;
   private verified: boolean;
+  #secret?: string;
 
   constructor(
     private readonly libraries: Libraries,
@@ -72,7 +78,7 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
 
     this.id = id;
     this.userId = userId;
-    this.secret = secret;
+    this.#secret = secret;
     this.verified = verified;
   }
 
@@ -80,6 +86,10 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
     return this.verified;
   }
 
+  get secret() {
+    return this.#secret;
+  }
+
   /**
    * Create a new TOTP secret and QR code for the user.
    * The secret will be stored in the instance and can be used for verifying the TOTP.
@@ -87,13 +97,13 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
    * @returns The TOTP secret and QR code as a base64 encoded image.
    */
   async generateNewSecret(ctx: WithLogContext): Promise<{ secret: string; secretQrCode: string }> {
-    this.secret = generateTotpSecret();
+    this.#secret = generateTotpSecret();
 
     const { hostname } = ctx.URL;
     const secretQrCode = await this.generateSecretQrCode(hostname);
 
     return {
-      secret: this.secret,
+      secret: this.#secret,
       secretQrCode,
     };
   }
@@ -105,7 +115,7 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
    */
   verifyNewTotpSecret(code: string) {
     assertThat(
-      this.secret && validateTotpToken(this.secret, code),
+      this.#secret && validateTotpToken(this.#secret, code),
       'session.mfa.invalid_totp_code'
     );
 
@@ -149,6 +159,15 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
     });
   }
 
+  toBindMfa(): BindTotp {
+    assertThat(this.isVerified, 'session.verification_failed');
+    assertThat(this.secret, 'session.mfa.pending_info_not_found');
+    return {
+      type: MfaFactor.TOTP,
+      secret: this.secret,
+    };
+  }
+
   toJson(): TotpVerificationRecordData {
     const { id, type, secret, verified, userId } = this;
 
diff --git a/packages/core/src/routes/experience/classes/verifications/web-authn.ts b/packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts
similarity index 94%
rename from packages/core/src/routes/experience/classes/verifications/web-authn.ts
rename to packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts
index d3d2d2bccdbb..61fdd0101426 100644
--- a/packages/core/src/routes/experience/classes/verifications/web-authn.ts
+++ b/packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts
@@ -72,7 +72,7 @@ export class WebAuthnVerification implements VerificationRecord<VerificationType
   private verified;
   private registrationChallenge?: string;
   private readonly authenticationChallenge?: string;
-  private registrationInfo?: BindWebAuthn;
+  #registrationInfo?: BindWebAuthn;
 
   constructor(
     private readonly libraries: Libraries,
@@ -93,13 +93,17 @@ export class WebAuthnVerification implements VerificationRecord<VerificationType
     this.verified = verified;
     this.registrationChallenge = registrationChallenge;
     this.authenticationChallenge = authenticationChallenge;
-    this.registrationInfo = registrationInfo;
+    this.#registrationInfo = registrationInfo;
   }
 
   get isVerified() {
     return this.verified;
   }
 
+  get registrationInfo() {
+    return this.#registrationInfo;
+  }
+
   /**
    * @remarks
    * This method is used to generate the WebAuthn registration options for the user.
@@ -161,7 +165,7 @@ export class WebAuthnVerification implements VerificationRecord<VerificationType
 
     this.verified = true;
 
-    this.registrationInfo = {
+    this.#registrationInfo = {
       type: MfaFactor.WebAuthn,
       credentialId: credentialID,
       publicKey: isoBase64URL.fromBuffer(credentialPublicKey),
@@ -242,6 +246,16 @@ export class WebAuthnVerification implements VerificationRecord<VerificationType
     });
   }
 
+  /**
+   *
+   * @throws {RequestError} with status 400, if the WebAuthn registration information is not found or not verified.
+   */
+  toBindMfa(): BindWebAuthn {
+    assertThat(this.isVerified, 'session.verification_failed');
+    assertThat(this.#registrationInfo, 'session.mfa.pending_info_not_found');
+    return this.#registrationInfo;
+  }
+
   toJson(): WebAuthnVerificationRecordData {
     const {
       id,
diff --git a/packages/core/src/routes/experience/const.ts b/packages/core/src/routes/experience/const.ts
index ee67580eceb2..d019dfff301a 100644
--- a/packages/core/src/routes/experience/const.ts
+++ b/packages/core/src/routes/experience/const.ts
@@ -5,4 +5,5 @@ export const experienceRoutes = Object.freeze({
   identification: `${prefix}/identification`,
   verification: `${prefix}/verification`,
   profile: `${prefix}/profile`,
+  mfa: `${prefix}/profile/mfa`,
 });
diff --git a/packages/core/src/routes/experience/profile-routes.ts b/packages/core/src/routes/experience/profile-routes.ts
index be731f12cd4e..1358208fd052 100644
--- a/packages/core/src/routes/experience/profile-routes.ts
+++ b/packages/core/src/routes/experience/profile-routes.ts
@@ -1,4 +1,9 @@
-import { InteractionEvent, SignInIdentifier, updateProfileApiPayloadGuard } from '@logto/schemas';
+import {
+  InteractionEvent,
+  MfaFactor,
+  SignInIdentifier,
+  updateProfileApiPayloadGuard,
+} from '@logto/schemas';
 import type Router from 'koa-router';
 import { z } from 'zod';
 
@@ -105,4 +110,136 @@ export default function interactionProfileRoutes<T extends WithLogContext>(
       return next();
     }
   );
+
+  router.post(
+    `${experienceRoutes.mfa}/mfa-skipped`,
+    koaGuard({ status: [204, 400, 403, 404, 422] }),
+    async (ctx, next) => {
+      const { experienceInteraction, guard } = ctx;
+
+      // Guard current interaction event is not ForgotPassword
+      assertThat(
+        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
+        new RequestError({
+          code: 'session.not_supported_for_forgot_password',
+          statue: 400,
+        })
+      );
+
+      // Guard current interaction event is identified and MFA verified
+      await experienceInteraction.guardMfaVerificationStatus();
+
+      await experienceInteraction.mfa.skip();
+      await experienceInteraction.save();
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+
+  router.post(
+    `${experienceRoutes.mfa}`,
+    koaGuard({
+      body: z.object({
+        type: z.literal(MfaFactor.TOTP).or(z.literal(MfaFactor.WebAuthn)),
+        verificationId: z.string(),
+      }),
+      status: [204, 400, 403, 404, 422],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction, guard } = ctx;
+      const { type, verificationId } = guard.body;
+
+      // Guard current interaction event is not ForgotPassword
+      assertThat(
+        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
+        new RequestError({
+          code: 'session.not_supported_for_forgot_password',
+          statue: 400,
+        })
+      );
+
+      // Guard current interaction event is identified and MFA verified
+      await experienceInteraction.guardMfaVerificationStatus();
+
+      switch (type) {
+        case MfaFactor.TOTP: {
+          await experienceInteraction.mfa.addTotpByVerificationId(verificationId);
+          break;
+        }
+        case MfaFactor.WebAuthn: {
+          await experienceInteraction.mfa.addWebAuthnByVerificationId(verificationId);
+          break;
+        }
+      }
+
+      await experienceInteraction.save();
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
+
+  router.post(
+    `${experienceRoutes.mfa}/backup-codes/generate`,
+    koaGuard({
+      status: [200, 400, 403, 404, 422],
+      response: z.object({
+        codes: z.array(z.string()),
+      }),
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+
+      // Guard current interaction event is not ForgotPassword
+      assertThat(
+        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
+        new RequestError({
+          code: 'session.not_supported_for_forgot_password',
+          statue: 400,
+        })
+      );
+
+      // Guard current interaction event is identified and MFA verified
+      await experienceInteraction.guardMfaVerificationStatus();
+
+      const backupCodes = await experienceInteraction.mfa.generateBackupCodes();
+
+      await experienceInteraction.save();
+
+      ctx.body = { codes: backupCodes };
+
+      return next();
+    }
+  );
+
+  router.post(
+    `${experienceRoutes.mfa}/backup-codes`,
+    koaGuard({
+      status: [204, 400, 403, 404, 422],
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+
+      // Guard current interaction event is not ForgotPassword
+      assertThat(
+        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
+        new RequestError({
+          code: 'session.not_supported_for_forgot_password',
+          statue: 400,
+        })
+      );
+
+      // Guard current interaction event is identified and MFA verified
+      await experienceInteraction.guardMfaVerificationStatus();
+      await experienceInteraction.mfa.addBackupCodes();
+      await experienceInteraction.save();
+
+      ctx.status = 204;
+
+      return next();
+    }
+  );
 }
diff --git a/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts b/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts
index 313663329f8e..4c8cdcf3eece 100644
--- a/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/web-authn-verification.ts
@@ -13,7 +13,7 @@ import koaGuard from '#src/middleware/koa-guard.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { WebAuthnVerification } from '../classes/verifications/web-authn.js';
+import { WebAuthnVerification } from '../classes/verifications/web-authn-verification.js';
 import { experienceRoutes } from '../const.js';
 import { type WithExperienceInteractionContext } from '../middleware/koa-experience-interaction.js';
 
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts
index 3de9e1e6be17..cefe3122da7b 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/mfa-verification.test.ts
@@ -50,6 +50,8 @@ devFeatureTest.describe('mfa sign-in verification', () => {
       const user = await userApi.create({ username, password });
 
       const response = await createUserMfaVerification(user.id, MfaFactor.TOTP);
+      // Fulfill the backup code requirement
+      await createUserMfaVerification(user.id, MfaFactor.BackupCode);
 
       if (response.type !== MfaFactor.TOTP) {
         throw new Error('unexpected mfa type');
diff --git a/packages/phrases/src/locales/en/errors/session.ts b/packages/phrases/src/locales/en/errors/session.ts
index 1be79523d350..f4c8943cc172 100644
--- a/packages/phrases/src/locales/en/errors/session.ts
+++ b/packages/phrases/src/locales/en/errors/session.ts
@@ -39,6 +39,7 @@ const session = {
     backup_code_required: 'Backup code is required.',
     invalid_backup_code: 'Invalid backup code.',
     mfa_policy_not_user_controlled: 'MFA policy is not user controlled.',
+    mfa_factor_not_enabled: 'MFA factor is not enabled.',
   },
   sso_enabled: 'Single sign on is enabled for this given email. Please sign in with SSO.',
 };

From 34c8bedef6e33b6e5343d225b814591f97275472 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 26 Jul 2024 15:08:03 +0800
Subject: [PATCH 111/135] refactor(core): extract isNewMfaVerification property
 (#6338)

extract isNewMfaVerifrication property
---
 .../classes/libraries/mfa-validator.ts        | 20 +------------------
 .../verifications/backup-code-verification.ts |  8 ++++++--
 .../verifications/totp-verification.ts        |  8 ++++++--
 .../verifications/verification-record.ts      | 16 +++++++++++++++
 .../verifications/web-authn-verification.ts   |  8 ++++++--
 5 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
index 1bab279786db..4b963e8603cd 100644
--- a/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
+++ b/packages/core/src/routes/experience/classes/libraries/mfa-validator.ts
@@ -36,24 +36,6 @@ const isMfaVerificationRecord = (
   return mfaVerificationTypes.includes(verification.type);
 };
 
-/**
- * Check if the MFA verification record is a new bind MFA verification.
- * New bind MFA verification can only be used for binding new MFA factors.
- */
-const isNewBindMfaVerification = (verification: MfaVerificationRecord) => {
-  switch (verification.type) {
-    case VerificationType.TOTP: {
-      return Boolean(verification.secret);
-    }
-    case VerificationType.WebAuthn: {
-      return Boolean(verification.registrationInfo);
-    }
-    case VerificationType.BackupCode: {
-      return false;
-    }
-  }
-};
-
 export class MfaValidator {
   constructor(
     private readonly mfaSettings: Mfa,
@@ -137,7 +119,7 @@ export class MfaValidator {
         isMfaVerificationRecord(verification) &&
         verification.isVerified &&
         // New bind MFA verification can not be used for verification
-        !isNewBindMfaVerification(verification) &&
+        !verification.isNewBindMfaVerification &&
         // Check if the verification type is enabled in the user's MFA settings
         this.userEnabledMfaVerifications.some(
           (factor) => factor.type === mfaVerificationTypeToMfaFactorMap[verification.type]
diff --git a/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts b/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts
index 6c28a27f39f1..6afdafb7d711 100644
--- a/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts
@@ -7,7 +7,7 @@ import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import { type MfaVerificationRecord } from './verification-record.js';
 
 export type BackupCodeVerificationRecordData = {
   id: string;
@@ -24,7 +24,7 @@ export const backupCodeVerificationRecordDataGuard = z.object({
   code: z.string().optional(),
 }) satisfies ToZodObject<BackupCodeVerificationRecordData>;
 
-export class BackupCodeVerification implements VerificationRecord<VerificationType.BackupCode> {
+export class BackupCodeVerification implements MfaVerificationRecord<VerificationType.BackupCode> {
   /**
    * Factory method to create a new BackupCodeVerification instance
    *
@@ -60,6 +60,10 @@ export class BackupCodeVerification implements VerificationRecord<VerificationTy
     return Boolean(this.code);
   }
 
+  get isNewBindMfaVerification() {
+    return false;
+  }
+
   async verify(code: string) {
     const {
       users: { findUserById, updateUserById },
diff --git a/packages/core/src/routes/experience/classes/verifications/totp-verification.ts b/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
index bc52feb780ab..b76f5a84cf46 100644
--- a/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/totp-verification.ts
@@ -20,7 +20,7 @@ import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import { type MfaVerificationRecord } from './verification-record.js';
 
 const defaultDisplayName = 'Unnamed User';
 
@@ -47,7 +47,7 @@ export const totpVerificationRecordDataGuard = z.object({
   verified: z.boolean(),
 }) satisfies ToZodObject<TotpVerificationRecordData>;
 
-export class TotpVerification implements VerificationRecord<VerificationType.TOTP> {
+export class TotpVerification implements MfaVerificationRecord<VerificationType.TOTP> {
   /**
    * Factory method to create a new TotpVerification instance
    *
@@ -90,6 +90,10 @@ export class TotpVerification implements VerificationRecord<VerificationType.TOT
     return this.#secret;
   }
 
+  get isNewBindMfaVerification() {
+    return Boolean(this.#secret);
+  }
+
   /**
    * Create a new TOTP secret and QR code for the user.
    * The secret will be stored in the instance and can be used for verifying the TOTP.
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-record.ts b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
index a9ff16fb8541..d38c40d08ef7 100644
--- a/packages/core/src/routes/experience/classes/verifications/verification-record.ts
+++ b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
@@ -37,3 +37,19 @@ export abstract class IdentifierVerificationRecord<
   /** Identify the user associated with the verification record. */
   abstract identifyUser(): Promise<User>;
 }
+
+type MfaVerificationType =
+  | VerificationType.TOTP
+  | VerificationType.BackupCode
+  | VerificationType.WebAuthn;
+
+export abstract class MfaVerificationRecord<
+  T extends MfaVerificationType = MfaVerificationType,
+  Json extends Data<T> = Data<T>,
+> extends VerificationRecord<T, Json> {
+  /**
+   * Indicates if the verification record is for a new bind MFA verification.
+   * A new bind MFA verification record can not be used for existing user's interaction verification.
+   **/
+  abstract get isNewBindMfaVerification(): boolean;
+}
diff --git a/packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts b/packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts
index 61fdd0101426..5eb442b811db 100644
--- a/packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/web-authn-verification.ts
@@ -25,7 +25,7 @@ import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { type VerificationRecord } from './verification-record.js';
+import { type MfaVerificationRecord } from './verification-record.js';
 
 export type WebAuthnVerificationRecordData = {
   id: string;
@@ -50,7 +50,7 @@ export const webAuthnVerificationRecordDataGuard = z.object({
   registrationInfo: bindWebAuthnGuard.optional(),
 }) satisfies ToZodObject<WebAuthnVerificationRecordData>;
 
-export class WebAuthnVerification implements VerificationRecord<VerificationType.WebAuthn> {
+export class WebAuthnVerification implements MfaVerificationRecord<VerificationType.WebAuthn> {
   /**
    * Factory method to create a new WebAuthnVerification instance
    *
@@ -104,6 +104,10 @@ export class WebAuthnVerification implements VerificationRecord<VerificationType
     return this.#registrationInfo;
   }
 
+  get isNewBindMfaVerification() {
+    return Boolean(this.#registrationInfo ?? this.registrationChallenge);
+  }
+
   /**
    * @remarks
    * This method is used to generate the WebAuthn registration options for the user.

From 05082b56a7999b991053e48e96f20b5d6aefc18d Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 26 Jul 2024 15:33:40 +0800
Subject: [PATCH 112/135] refactor(core): refactor backup code generates flow
 (#6339)

refactor(core): refactor backup code generate flow

refactor backup code generate flow
---
 .../core/src/routes/experience/classes/mfa.ts | 63 ++++-------------
 .../verifications/backup-code-verification.ts | 32 ++++++++-
 .../verifications/verification-record.ts      |  6 +-
 .../src/routes/experience/profile-routes.ts   | 67 ++-----------------
 .../backup-code-verification.ts               | 35 ++++++++++
 5 files changed, 87 insertions(+), 116 deletions(-)

diff --git a/packages/core/src/routes/experience/classes/mfa.ts b/packages/core/src/routes/experience/classes/mfa.ts
index 15565bb18215..0924590c48aa 100644
--- a/packages/core/src/routes/experience/classes/mfa.ts
+++ b/packages/core/src/routes/experience/classes/mfa.ts
@@ -18,7 +18,6 @@ import { deduplicate } from '@silverhand/essentials';
 import { z } from 'zod';
 
 import RequestError from '#src/errors/RequestError/index.js';
-import { generateBackupCodes } from '#src/routes/interaction/utils/backup-code-validation.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
@@ -32,8 +31,6 @@ export type MfaData = {
   totp?: BindTotp;
   webAuthn?: BindWebAuthn[];
   backupCode?: BindBackupCode;
-  /** The backup codes that have been generated but not yet added to the bindMfa queue */
-  pendingBackupCodes?: string[];
 };
 
 export const mfaDataGuard = z.object({
@@ -41,7 +38,6 @@ export const mfaDataGuard = z.object({
   totp: bindTotpGuard.optional(),
   webAuthn: z.array(bindWebAuthnGuard).optional(),
   backupCode: bindBackupCodeGuard.optional(),
-  pendingBackupCodes: z.array(z.string()).optional(),
 }) satisfies ToZodObject<MfaData>;
 
 export const userMfaDataKey = 'mfa';
@@ -81,15 +77,6 @@ export class Mfa {
   #totp?: BindTotp;
   #webAuthn?: BindWebAuthn[];
   #backupCode?: BindBackupCode;
-  /**
-   * We split the backup codes binding flow into two steps:
-   * 1. Generate backup codes
-   * 2. Add backup codes
-   *
-   * This is to prevent the user may not receive the backup codes after generating them.
-   * User need to explicitly send the binding request to add the backup codes.
-   */
-  #pendingBackupCodes?: string[];
 
   constructor(
     private readonly libraries: Libraries,
@@ -98,13 +85,12 @@ export class Mfa {
     private readonly interactionContext: InteractionContext
   ) {
     this.signInExperienceValidator = new SignInExperienceValidator(libraries, queries);
-    const { mfaSkipped, totp, webAuthn, backupCode, pendingBackupCodes } = data;
+    const { mfaSkipped, totp, webAuthn, backupCode } = data;
 
     this.#mfaSkipped = mfaSkipped;
     this.#totp = totp;
     this.#webAuthn = webAuthn;
     this.#backupCode = backupCode;
-    this.#pendingBackupCodes = pendingBackupCodes;
   }
 
   get mfaSkipped() {
@@ -224,19 +210,25 @@ export class Mfa {
   }
 
   /**
-   * Generates new backup codes for the user.
+   * Add new backup codes to the user account.
+   *
+   * - Any existing backup code factor will be replaced with the new one.
    *
+   * @throws {RequestError} with status 404 if no pending backup codes are found
    * @throws {RequestError} with status 422 if Backup Code is not enabled in the sign-in experience
    * @throws {RequestError} with status 422 if the backup code is the only MFA factor
-   **/
-  async generateBackupCodes() {
+   */
+  async addBackupCodeByVerificationId(verificationId: string) {
+    const verificationRecord = this.interactionContext.getVerificationRecordByTypeAndId(
+      VerificationType.BackupCode,
+      verificationId
+    );
+
     await this.checkMfaFactorsEnabledInSignInExperience([MfaFactor.BackupCode]);
 
     const { mfaVerifications } = await this.interactionContext.getIdentifierUser();
-
     const userHasOtherMfa = mfaVerifications.some((mfa) => mfa.type !== MfaFactor.BackupCode);
     const hasOtherNewMfa = Boolean(this.#totp ?? this.#webAuthn?.length);
-
     assertThat(
       userHasOtherMfa || hasOtherNewMfa,
       new RequestError({
@@ -245,35 +237,7 @@ export class Mfa {
       })
     );
 
-    const codes = generateBackupCodes();
-    this.#pendingBackupCodes = codes;
-
-    return this.#pendingBackupCodes;
-  }
-
-  /**
-   * Add backup codes to the user account.
-   *
-   * - This is to ensure the user has received the backup codes before adding them to the account.
-   * - Any existing backup code factor will be replaced with the new one.
-   *
-   * @throws {RequestError} with status 404 if no pending backup codes are found
-   */
-  async addBackupCodes() {
-    assertThat(
-      this.#pendingBackupCodes?.length,
-      new RequestError({
-        code: 'session.mfa.pending_info_not_found',
-        status: 404,
-      })
-    );
-
-    this.#backupCode = {
-      type: MfaFactor.BackupCode,
-      codes: this.#pendingBackupCodes,
-    };
-
-    this.#pendingBackupCodes = undefined;
+    this.#backupCode = verificationRecord.toBindMfa();
   }
 
   /**
@@ -338,7 +302,6 @@ export class Mfa {
       totp: this.#totp,
       webAuthn: this.#webAuthn,
       backupCode: this.#backupCode,
-      pendingBackupCodes: this.#pendingBackupCodes,
     };
   }
 
diff --git a/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts b/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts
index 6afdafb7d711..a717094d88a8 100644
--- a/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/backup-code-verification.ts
@@ -1,8 +1,14 @@
 import { type ToZodObject } from '@logto/connector-kit';
-import { MfaFactor, VerificationType, type MfaVerificationBackupCode } from '@logto/schemas';
+import {
+  MfaFactor,
+  VerificationType,
+  type BindBackupCode,
+  type MfaVerificationBackupCode,
+} from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { z } from 'zod';
 
+import { generateBackupCodes } from '#src/routes/interaction/utils/backup-code-validation.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
@@ -15,6 +21,7 @@ export type BackupCodeVerificationRecordData = {
   /** UserId is required for backup code verification */
   userId: string;
   code?: string;
+  backupCodes?: string[];
 };
 
 export const backupCodeVerificationRecordDataGuard = z.object({
@@ -22,6 +29,7 @@ export const backupCodeVerificationRecordDataGuard = z.object({
   type: z.literal(VerificationType.BackupCode),
   userId: z.string(),
   code: z.string().optional(),
+  backupCodes: z.string().array().optional(),
 }) satisfies ToZodObject<BackupCodeVerificationRecordData>;
 
 export class BackupCodeVerification implements MfaVerificationRecord<VerificationType.BackupCode> {
@@ -43,17 +51,19 @@ export class BackupCodeVerification implements MfaVerificationRecord<Verificatio
   public readonly type = VerificationType.BackupCode;
   public readonly userId: string;
   private code?: string;
+  private backupCodes?: string[];
 
   constructor(
     private readonly libraries: Libraries,
     private readonly queries: Queries,
     data: BackupCodeVerificationRecordData
   ) {
-    const { id, userId, code } = data;
+    const { id, userId, code, backupCodes } = data;
 
     this.id = id;
     this.userId = userId;
     this.code = code;
+    this.backupCodes = backupCodes;
   }
 
   get isVerified() {
@@ -64,6 +74,12 @@ export class BackupCodeVerification implements MfaVerificationRecord<Verificatio
     return false;
   }
 
+  generate() {
+    const codes = generateBackupCodes();
+    this.backupCodes = codes;
+    return codes;
+  }
+
   async verify(code: string) {
     const {
       users: { findUserById, updateUserById },
@@ -113,14 +129,24 @@ export class BackupCodeVerification implements MfaVerificationRecord<Verificatio
     this.code = code;
   }
 
+  toBindMfa(): BindBackupCode {
+    assertThat(this.backupCodes, 'session.mfa.pending_info_not_found');
+
+    return {
+      type: MfaFactor.BackupCode,
+      codes: this.backupCodes,
+    };
+  }
+
   toJson(): BackupCodeVerificationRecordData {
-    const { id, type, userId, code } = this;
+    const { id, type, userId, code, backupCodes } = this;
 
     return {
       id,
       type,
       userId,
       code,
+      backupCodes,
     };
   }
 }
diff --git a/packages/core/src/routes/experience/classes/verifications/verification-record.ts b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
index d38c40d08ef7..6606c3a12568 100644
--- a/packages/core/src/routes/experience/classes/verifications/verification-record.ts
+++ b/packages/core/src/routes/experience/classes/verifications/verification-record.ts
@@ -1,4 +1,4 @@
-import { type User, type VerificationType } from '@logto/schemas';
+import { type BindMfa, type User, type VerificationType } from '@logto/schemas';
 
 type Data<T> = {
   id: string;
@@ -52,4 +52,8 @@ export abstract class MfaVerificationRecord<
    * A new bind MFA verification record can not be used for existing user's interaction verification.
    **/
   abstract get isNewBindMfaVerification(): boolean;
+  /**
+   * Convert the verification record to a BindMfa data type.
+   */
+  abstract toBindMfa(): BindMfa;
 }
diff --git a/packages/core/src/routes/experience/profile-routes.ts b/packages/core/src/routes/experience/profile-routes.ts
index 1358208fd052..e417438897ad 100644
--- a/packages/core/src/routes/experience/profile-routes.ts
+++ b/packages/core/src/routes/experience/profile-routes.ts
@@ -142,7 +142,7 @@ export default function interactionProfileRoutes<T extends WithLogContext>(
     `${experienceRoutes.mfa}`,
     koaGuard({
       body: z.object({
-        type: z.literal(MfaFactor.TOTP).or(z.literal(MfaFactor.WebAuthn)),
+        type: z.nativeEnum(MfaFactor),
         verificationId: z.string(),
       }),
       status: [204, 400, 403, 404, 422],
@@ -172,6 +172,10 @@ export default function interactionProfileRoutes<T extends WithLogContext>(
           await experienceInteraction.mfa.addWebAuthnByVerificationId(verificationId);
           break;
         }
+        case MfaFactor.BackupCode: {
+          await experienceInteraction.mfa.addBackupCodeByVerificationId(verificationId);
+          break;
+        }
       }
 
       await experienceInteraction.save();
@@ -181,65 +185,4 @@ export default function interactionProfileRoutes<T extends WithLogContext>(
       return next();
     }
   );
-
-  router.post(
-    `${experienceRoutes.mfa}/backup-codes/generate`,
-    koaGuard({
-      status: [200, 400, 403, 404, 422],
-      response: z.object({
-        codes: z.array(z.string()),
-      }),
-    }),
-    async (ctx, next) => {
-      const { experienceInteraction } = ctx;
-
-      // Guard current interaction event is not ForgotPassword
-      assertThat(
-        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
-        new RequestError({
-          code: 'session.not_supported_for_forgot_password',
-          statue: 400,
-        })
-      );
-
-      // Guard current interaction event is identified and MFA verified
-      await experienceInteraction.guardMfaVerificationStatus();
-
-      const backupCodes = await experienceInteraction.mfa.generateBackupCodes();
-
-      await experienceInteraction.save();
-
-      ctx.body = { codes: backupCodes };
-
-      return next();
-    }
-  );
-
-  router.post(
-    `${experienceRoutes.mfa}/backup-codes`,
-    koaGuard({
-      status: [204, 400, 403, 404, 422],
-    }),
-    async (ctx, next) => {
-      const { experienceInteraction } = ctx;
-
-      // Guard current interaction event is not ForgotPassword
-      assertThat(
-        experienceInteraction.interactionEvent !== InteractionEvent.ForgotPassword,
-        new RequestError({
-          code: 'session.not_supported_for_forgot_password',
-          statue: 400,
-        })
-      );
-
-      // Guard current interaction event is identified and MFA verified
-      await experienceInteraction.guardMfaVerificationStatus();
-      await experienceInteraction.mfa.addBackupCodes();
-      await experienceInteraction.save();
-
-      ctx.status = 204;
-
-      return next();
-    }
-  );
 }
diff --git a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
index 413681e2dced..496995d08452 100644
--- a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
@@ -17,6 +17,41 @@ export default function backupCodeVerificationRoutes<T extends WithLogContext>(
 ) {
   const { libraries, queries } = tenantContext;
 
+  router.post(
+    `${experienceRoutes.verification}/backup-code/generate`,
+    koaGuard({
+      status: [200, 400],
+      response: z.object({
+        verificationId: z.string(),
+        codes: z.array(z.string()),
+      }),
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
+
+      const backupCodeVerificationRecord = BackupCodeVerification.create(
+        libraries,
+        queries,
+        experienceInteraction.identifiedUserId
+      );
+
+      const codes = backupCodeVerificationRecord.generate();
+
+      ctx.experienceInteraction.setVerificationRecord(backupCodeVerificationRecord);
+
+      await ctx.experienceInteraction.save();
+
+      ctx.body = {
+        verificationId: backupCodeVerificationRecord.id,
+        codes,
+      };
+
+      return next();
+    }
+  );
+
   router.post(
     `${experienceRoutes.verification}/backup-code/verify`,
     koaGuard({

From 556f7e43a71ddb95ad76ebadd0d7ca91308ae017 Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 26 Jul 2024 15:54:58 +0800
Subject: [PATCH 113/135] fix(console): dragging anchor in the color picker on
 application branding page (#6340)

---
 packages/console/package.json                 |  2 +-
 packages/console/src/App.tsx                  |  2 +
 .../ColorPicker/index.module.scss             |  4 +
 .../src/ds-components/ColorPicker/index.tsx   | 17 ++--
 .../Branding/NonThirdPartyBrandingForm.tsx    | 94 +++++++++++++++++++
 .../Branding/index.tsx                        | 87 +----------------
 .../Branding/BrandingForm/index.tsx           |  6 +-
 .../console/sign-in-experience/helpers.ts     |  2 +-
 pnpm-lock.yaml                                | 63 ++++---------
 9 files changed, 135 insertions(+), 142 deletions(-)
 create mode 100644 packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/NonThirdPartyBrandingForm.tsx

diff --git a/packages/console/package.json b/packages/console/package.json
index 4e24b8687ba4..55a82dd6f8d4 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -93,7 +93,7 @@
     "property-information": "^6.2.0",
     "react": "^18.3.1",
     "react-animate-height": "^3.0.4",
-    "react-color": "^2.19.3",
+    "react-color-palette": "^7.2.1",
     "react-confetti": "^6.1.0",
     "react-dnd": "^16.0.0",
     "react-dnd-html5-backend": "^16.0.0",
diff --git a/packages/console/src/App.tsx b/packages/console/src/App.tsx
index 96ff5ed713fa..30830308c530 100644
--- a/packages/console/src/App.tsx
+++ b/packages/console/src/App.tsx
@@ -16,6 +16,8 @@ import './scss/normalized.scss';
 import './scss/overlayscrollbars.scss';
 // eslint-disable-next-line import/no-unassigned-import
 import '@fontsource/roboto-mono';
+// eslint-disable-next-line import/no-unassigned-import
+import 'react-color-palette/css';
 
 import CloudAppRoutes from '@/cloud/AppRoutes';
 import AppLoading from '@/components/AppLoading';
diff --git a/packages/console/src/ds-components/ColorPicker/index.module.scss b/packages/console/src/ds-components/ColorPicker/index.module.scss
index bca61d8f79d9..1cd1d6a04488 100644
--- a/packages/console/src/ds-components/ColorPicker/index.module.scss
+++ b/packages/console/src/ds-components/ColorPicker/index.module.scss
@@ -28,3 +28,7 @@
     margin-right: _.unit(2);
   }
 }
+
+.palette {
+  width: 400px;
+}
diff --git a/packages/console/src/ds-components/ColorPicker/index.tsx b/packages/console/src/ds-components/ColorPicker/index.tsx
index d3c6a19c7185..1ece096c5134 100644
--- a/packages/console/src/ds-components/ColorPicker/index.tsx
+++ b/packages/console/src/ds-components/ColorPicker/index.tsx
@@ -1,6 +1,6 @@
 import classNames from 'classnames';
 import { useRef, useState } from 'react';
-import { ChromePicker } from 'react-color';
+import { ColorPicker as ColorPalette, useColor } from 'react-color-palette';
 
 import { onKeyDownHandler } from '@/utils/a11y';
 
@@ -17,6 +17,7 @@ type Props = {
 function ColorPicker({ name, onChange, value = '#000000' }: Props) {
   const anchorRef = useRef<HTMLSpanElement>(null);
   const [isOpen, setIsOpen] = useState(false);
+  const [color] = useColor(value);
 
   return (
     <div
@@ -41,12 +42,14 @@ function ColorPicker({ name, onChange, value = '#000000' }: Props) {
           setIsOpen(false);
         }}
       >
-        <ChromePicker
-          color={value}
-          onChange={({ hex }) => {
-            onChange(hex);
-          }}
-        />
+        <div className={styles.palette}>
+          <ColorPalette
+            color={color}
+            onChange={({ hex }) => {
+              onChange(hex);
+            }}
+          />
+        </div>
       </Dropdown>
     </div>
   );
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/NonThirdPartyBrandingForm.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/NonThirdPartyBrandingForm.tsx
new file mode 100644
index 000000000000..788d145a48b8
--- /dev/null
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/NonThirdPartyBrandingForm.tsx
@@ -0,0 +1,94 @@
+import { generateDarkColor } from '@logto/core-kit';
+import { Theme } from '@logto/schemas';
+import { useMemo, useCallback } from 'react';
+import { Controller, useFormContext } from 'react-hook-form';
+import { useTranslation } from 'react-i18next';
+
+import LogoAndFavicon from '@/components/ImageInputs/LogoAndFavicon';
+import Button from '@/ds-components/Button';
+import ColorPicker from '@/ds-components/ColorPicker';
+import FormField from '@/ds-components/FormField';
+
+import styles from './index.module.scss';
+import { type ApplicationSignInExperienceForm } from './utils';
+
+function NonThirdPartyBrandingForm() {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+  const {
+    control,
+    register,
+    formState: { errors },
+    watch,
+    setValue,
+  } = useFormContext<ApplicationSignInExperienceForm>();
+
+  const [primaryColor, darkPrimaryColor] = watch(['color.primaryColor', 'color.darkPrimaryColor']);
+
+  const calculatedDarkPrimaryColor = useMemo(() => {
+    return primaryColor && generateDarkColor(primaryColor);
+  }, [primaryColor]);
+
+  const handleResetColor = useCallback(() => {
+    setValue('color.darkPrimaryColor', calculatedDarkPrimaryColor, { shouldDirty: true });
+  }, [calculatedDarkPrimaryColor, setValue]);
+
+  return (
+    <>
+      <LogoAndFavicon
+        control={control}
+        register={register}
+        theme={Theme.Light}
+        type="app_logo"
+        logo={{ name: 'branding.logoUrl', error: errors.branding?.logoUrl }}
+        favicon={{
+          name: 'branding.favicon',
+          error: errors.branding?.favicon,
+        }}
+      />
+      <LogoAndFavicon
+        control={control}
+        register={register}
+        theme={Theme.Dark}
+        type="app_logo"
+        logo={{ name: 'branding.darkLogoUrl', error: errors.branding?.darkLogoUrl }}
+        favicon={{
+          name: 'branding.darkFavicon',
+          error: errors.branding?.darkFavicon,
+        }}
+      />
+      <div className={styles.colors}>
+        <Controller
+          control={control}
+          name="color.primaryColor"
+          render={({ field: { name, value, onChange } }) => (
+            <FormField title="application_details.branding.brand_color">
+              <ColorPicker name={name} value={value} onChange={onChange} />
+            </FormField>
+          )}
+        />
+        <Controller
+          control={control}
+          name="color.darkPrimaryColor"
+          render={({ field: { name, value, onChange } }) => (
+            <FormField title="application_details.branding.brand_color_dark">
+              <ColorPicker name={name} value={value} onChange={onChange} />
+            </FormField>
+          )}
+        />
+        {calculatedDarkPrimaryColor !== darkPrimaryColor && (
+          <div className={styles.darkModeTip}>
+            {t('sign_in_exp.color.dark_mode_reset_tip')}
+            <Button
+              type="text"
+              size="small"
+              title="sign_in_exp.color.reset"
+              onClick={handleResetColor}
+            />
+          </div>
+        )}
+      </div>
+    </>
+  );
+}
+
+export default NonThirdPartyBrandingForm;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
index 910bf0bb6eca..b50ab4971cd4 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/Branding/index.tsx
@@ -5,20 +5,17 @@ import {
   type Application,
   type ApplicationSignInExperience,
 } from '@logto/schemas';
-import { useCallback, useEffect, useMemo } from 'react';
-import { useForm, FormProvider, Controller } from 'react-hook-form';
+import { useCallback, useEffect } from 'react';
+import { useForm, FormProvider } from 'react-hook-form';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
 
 import DetailsForm from '@/components/DetailsForm';
 import FormCard, { FormCardSkeleton } from '@/components/FormCard';
 import ImageInputs, { themeToLogoName } from '@/components/ImageInputs';
-import LogoAndFavicon from '@/components/ImageInputs/LogoAndFavicon';
 import RequestDataError from '@/components/RequestDataError';
 import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
 import { appSpecificBrandingLink, logtoThirdPartyAppBrandingLink } from '@/consts';
-import Button from '@/ds-components/Button';
-import ColorPicker from '@/ds-components/ColorPicker';
 import FormField from '@/ds-components/FormField';
 import Switch from '@/ds-components/Switch';
 import TextInput from '@/ds-components/TextInput';
@@ -28,7 +25,7 @@ import { emptyBranding } from '@/types/sign-in-experience';
 import { trySubmitSafe } from '@/utils/form';
 import { uriValidator } from '@/utils/validator';
 
-import styles from './index.module.scss';
+import NonThirdPartyBrandingForm from './NonThirdPartyBrandingForm';
 import useApplicationSignInExperienceSWR from './use-application-sign-in-experience-swr';
 import useSignInExperienceSWR from './use-sign-in-experience-swr';
 import { type ApplicationSignInExperienceForm, formatFormToSubmitData } from './utils';
@@ -119,84 +116,6 @@ function Branding({ application, isActive }: Props) {
     }
   }, [color, isBrandingEnabled, setValue]);
 
-  const [primaryColor, darkPrimaryColor] = watch(['color.primaryColor', 'color.darkPrimaryColor']);
-  const calculatedDarkPrimaryColor = useMemo(() => {
-    return primaryColor && generateDarkColor(primaryColor);
-  }, [primaryColor]);
-
-  const handleResetColor = useCallback(() => {
-    setValue('color.darkPrimaryColor', calculatedDarkPrimaryColor);
-  }, [calculatedDarkPrimaryColor, setValue]);
-
-  const NonThirdPartyBrandingForm = useCallback(
-    () => (
-      <>
-        <LogoAndFavicon
-          control={control}
-          register={register}
-          theme={Theme.Light}
-          type="app_logo"
-          logo={{ name: 'branding.logoUrl', error: errors.branding?.logoUrl }}
-          favicon={{
-            name: 'branding.favicon',
-            error: errors.branding?.favicon,
-          }}
-        />
-        <LogoAndFavicon
-          control={control}
-          register={register}
-          theme={Theme.Dark}
-          type="app_logo"
-          logo={{ name: 'branding.darkLogoUrl', error: errors.branding?.darkLogoUrl }}
-          favicon={{
-            name: 'branding.darkFavicon',
-            error: errors.branding?.darkFavicon,
-          }}
-        />
-        <div className={styles.colors}>
-          <Controller
-            control={control}
-            name="color.primaryColor"
-            render={({ field: { name, value, onChange } }) => (
-              <FormField title="application_details.branding.brand_color">
-                <ColorPicker name={name} value={value} onChange={onChange} />
-              </FormField>
-            )}
-          />
-          <Controller
-            control={control}
-            name="color.darkPrimaryColor"
-            render={({ field: { name, value, onChange } }) => (
-              <FormField title="application_details.branding.brand_color_dark">
-                <ColorPicker name={name} value={value} onChange={onChange} />
-              </FormField>
-            )}
-          />
-          {calculatedDarkPrimaryColor !== darkPrimaryColor && (
-            <div className={styles.darkModeTip}>
-              {t('sign_in_exp.color.dark_mode_reset_tip')}
-              <Button
-                type="text"
-                size="small"
-                title="sign_in_exp.color.reset"
-                onClick={handleResetColor}
-              />
-            </div>
-          )}
-        </div>
-      </>
-    ),
-    [
-      control,
-      errors.branding,
-      register,
-      calculatedDarkPrimaryColor,
-      darkPrimaryColor,
-      handleResetColor,
-      t,
-    ]
-  );
-
   if (isLoading) {
     return <FormCardSkeleton />;
   }
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx
index 2859092b2717..df7d72b87b8b 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/BrandingForm/index.tsx
@@ -35,7 +35,7 @@ function BrandingForm() {
   }, [primaryColor]);
 
   const handleResetColor = useCallback(() => {
-    setValue('color.darkPrimaryColor', calculatedDarkPrimaryColor);
+    setValue('color.darkPrimaryColor', calculatedDarkPrimaryColor, { shouldDirty: true });
   }, [calculatedDarkPrimaryColor, setValue]);
 
   useEffect(() => {
@@ -56,8 +56,8 @@ function BrandingForm() {
         <Controller
           name="color.primaryColor"
           control={control}
-          render={({ field: { onChange, value } }) => (
-            <ColorPicker value={value} onChange={onChange} />
+          render={({ field: { name, onChange, value } }) => (
+            <ColorPicker name={name} value={value} onChange={onChange} />
           )}
         />
       </FormField>
diff --git a/packages/integration-tests/src/tests/console/sign-in-experience/helpers.ts b/packages/integration-tests/src/tests/console/sign-in-experience/helpers.ts
index 84bd900458f3..6f6e839001be 100644
--- a/packages/integration-tests/src/tests/console/sign-in-experience/helpers.ts
+++ b/packages/integration-tests/src/tests/console/sign-in-experience/helpers.ts
@@ -31,7 +31,7 @@ export const expectToSelectColor = async (
 
   await expect(colorField).toClick('div[role=button]');
 
-  await expect(page).toFill('input[id^=rc-editable-input]', color);
+  await expect(page).toFill('input[id=hex][class=rcp-field-input]', color);
 
   // Close the color input
   await page.keyboard.press('Escape');
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index d46ec30669db..7ec723e6dca2 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3058,9 +3058,9 @@ importers:
       react-animate-height:
         specifier: ^3.0.4
         version: 3.0.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
-      react-color:
-        specifier: ^2.19.3
-        version: 2.19.3(react@18.3.1)
+      react-color-palette:
+        specifier: ^7.2.1
+        version: 7.2.1(react@18.3.1)
       react-confetti:
         specifier: ^6.1.0
         version: 6.1.0(react@18.3.1)
@@ -4453,6 +4453,7 @@ packages:
   '@azure/core-http@3.0.4':
     resolution: {integrity: sha512-Fok9VVhMdxAFOtqiiAtg74fL0UJkt0z3D+ouUUxcRLzZNBioPRAMJFVxiWoJljYpXsRi4GDQHzQHDc9AiYaIUQ==}
     engines: {node: '>=14.0.0'}
+    deprecated: deprecating as we migrated to core v2
 
   '@azure/core-lro@2.5.1':
     resolution: {integrity: sha512-JHQy/bA3NOz2WuzOi5zEk6n/TJdAropupxUT521JIJvW7EXV2YN2SFYZrf/2RHeD28QAClGdynYadZsbmP+nyQ==}
@@ -5282,11 +5283,6 @@ packages:
     resolution: {integrity: sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==}
     deprecated: Use @eslint/object-schema instead
 
-  '@icons/material@0.2.4':
-    resolution: {integrity: sha512-QPcGmICAPbGLGb6F/yNf/KzKqvFx8z5qx3D1yFqVAjoFmXK35EgyW+cJ57Te3CNsmzblwtzakLGFqHPqrfb4Tw==}
-    peerDependencies:
-      react: '*'
-
   '@isaacs/cliui@8.0.2':
     resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
     engines: {node: '>=12'}
@@ -10319,9 +10315,6 @@ packages:
   markdown-table@3.0.2:
     resolution: {integrity: sha512-y8j3a5/DkJCmS5x4dMCQL+OR0+2EAq3DOtio1COSHsmW2BGXnNCK3v12hJt1LrUz5iZH5g0LmuYOjDdI+czghA==}
 
-  material-colors@1.2.6:
-    resolution: {integrity: sha512-6qE4B9deFBIa9YSpOc9O0Sgc43zTeVYbgDT5veRKSlB2+ZuHNoVVxA1L/ckMUayV9Ay9y7Z/SZCLcGteW9i7bg==}
-
   mathml-tag-names@2.1.3:
     resolution: {integrity: sha512-APMBEanjybaPzUrfqU0IMU5I0AswKMH7k8OTLs0vvV4KZpExkTkY87nR/zpbuTPj+gARop7aGUbl11pnDfW6xg==}
 
@@ -11480,6 +11473,7 @@ packages:
   puppeteer@22.6.5:
     resolution: {integrity: sha512-YuoRKGj3MxHhUwrey7vmNvU4odGdUdNsj1ee8pfcqQlLWIXfMOXZCAXh8xdzpZESHH3tCGWp2xmPZE8E6iUEWg==}
     engines: {node: '>=18'}
+    deprecated: < 22.8.2 is no longer supported
     hasBin: true
 
   pure-rand@6.0.0:
@@ -11545,10 +11539,11 @@ packages:
       react: '>=16.8.0'
       react-dom: '>=16.8.0'
 
-  react-color@2.19.3:
-    resolution: {integrity: sha512-LEeGE/ZzNLIsFWa1TMe8y5VYqr7bibneWmvJwm1pCn/eNmrabWDh659JSPn9BuaMpEfU83WTOJfnCcjDZwNQTA==}
+  react-color-palette@7.2.1:
+    resolution: {integrity: sha512-wulPqPc6qblr/bsjbW50t/je9keTRrouzPhimktCzBleNUxVJNN84cOZX5XzuS8ubQPg3h57gUT6vAKlBUDhUQ==}
+    engines: {node: '>=10'}
     peerDependencies:
-      react: '*'
+      react: '>=16.8'
 
   react-confetti@6.1.0:
     resolution: {integrity: sha512-7Ypx4vz0+g8ECVxr88W9zhcQpbeujJAVqL14ZnXJ3I23mOI9/oBVTQ3dkJhUmB0D6XOtCZEM6N0Gm9PMngkORw==}
@@ -11751,11 +11746,6 @@ packages:
     resolution: {integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==}
     engines: {node: '>=0.10.0'}
 
-  reactcss@1.2.3:
-    resolution: {integrity: sha512-KiwVUcFu1RErkI97ywr8nvx8dNOpT03rbnma0SSalTYjkrPYaEajR4a/MRt6DZ46K6arDRbWMNHF+xH7G7n/8A==}
-    peerDependencies:
-      react: '*'
-
   read-pkg-up@7.0.1:
     resolution: {integrity: sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==}
     engines: {node: '>=8'}
@@ -12555,9 +12545,6 @@ packages:
   tinybench@2.8.0:
     resolution: {integrity: sha512-1/eK7zUnIklz4JUUlL+658n58XO2hHLQfSk1Zf2LKieUjxidN16eKFEoDEfjHc3ohofSSqK3X5yO6VGb6iW8Lw==}
 
-  tinycolor2@1.6.0:
-    resolution: {integrity: sha512-XPaBkWQJdsf3pLKJV9p4qN/S+fm2Oj8AIPo1BTUhg5oxkvm9+SVEGFdhyOz7tTdUTfvxMiAs4sp6/eZO2Ew+pw==}
-
   tinypool@1.0.0:
     resolution: {integrity: sha512-KIKExllK7jp3uvrNtvRBYBWBOAXSX8ZvoaD8T+7KB/QHIuoJW3Pmr60zucywjAlMb5TeXUkcs/MWeWLu0qvuAQ==}
     engines: {node: ^18.0.0 || >=20.0.0}
@@ -14833,10 +14820,6 @@ snapshots:
 
   '@humanwhocodes/object-schema@2.0.3': {}
 
-  '@icons/material@0.2.4(react@18.3.1)':
-    dependencies:
-      react: 18.3.1
-
   '@isaacs/cliui@8.0.2':
     dependencies:
       string-width: 5.1.2
@@ -18197,6 +18180,10 @@ snapshots:
 
   debounce@1.2.1: {}
 
+  debug@3.2.7:
+    dependencies:
+      ms: 2.1.3
+
   debug@3.2.7(supports-color@5.5.0):
     dependencies:
       ms: 2.1.3
@@ -18672,7 +18659,7 @@ snapshots:
 
   eslint-import-resolver-node@0.3.9:
     dependencies:
-      debug: 3.2.7(supports-color@5.5.0)
+      debug: 3.2.7
       is-core-module: 2.13.1
       resolve: 1.22.8
     transitivePeerDependencies:
@@ -18697,7 +18684,7 @@ snapshots:
 
   eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
-      debug: 3.2.7(supports-color@5.5.0)
+      debug: 3.2.7
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
@@ -18730,7 +18717,7 @@ snapshots:
       array.prototype.findlastindex: 1.2.5
       array.prototype.flat: 1.3.2
       array.prototype.flatmap: 1.3.2
-      debug: 3.2.7(supports-color@5.5.0)
+      debug: 3.2.7
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
@@ -21264,8 +21251,6 @@ snapshots:
 
   markdown-table@3.0.2: {}
 
-  material-colors@1.2.6: {}
-
   mathml-tag-names@2.1.3: {}
 
   mdast-util-find-and-replace@3.0.1:
@@ -22887,16 +22872,9 @@ snapshots:
       react: 18.3.1
       react-dom: 18.3.1(react@18.3.1)
 
-  react-color@2.19.3(react@18.3.1):
+  react-color-palette@7.2.1(react@18.3.1):
     dependencies:
-      '@icons/material': 0.2.4(react@18.3.1)
-      lodash: 4.17.21
-      lodash-es: 4.17.21
-      material-colors: 1.2.6
-      prop-types: 15.8.1
       react: 18.3.1
-      reactcss: 1.2.3(react@18.3.1)
-      tinycolor2: 1.6.0
 
   react-confetti@6.1.0(react@18.3.1):
     dependencies:
@@ -23099,11 +23077,6 @@ snapshots:
     dependencies:
       loose-envify: 1.4.0
 
-  reactcss@1.2.3(react@18.3.1):
-    dependencies:
-      lodash: 4.17.21
-      react: 18.3.1
-
   read-pkg-up@7.0.1:
     dependencies:
       find-up: 4.1.0
@@ -24135,8 +24108,6 @@ snapshots:
 
   tinybench@2.8.0: {}
 
-  tinycolor2@1.6.0: {}
-
   tinypool@1.0.0: {}
 
   tinyspy@3.0.0: {}

From 669279aece6912ded684af028aeb976f5f7b97bb Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 26 Jul 2024 15:56:22 +0800
Subject: [PATCH 114/135] test(core): add the mfa binding integration tests
 (#6330)

* refactor(core): refactor backup code generate flow

refactor backup code generate flow

* fix(core): fix api payload

fix api payload

* test(core): implement the mfa binding integration tests

implement the mfa binding integration tests

* test(core): rebase backup code refactor

rebase backup code refactor
---
 .../core/src/routes/experience/classes/mfa.ts |   8 +-
 .../backup-code-verification.ts               |  35 +++
 .../src/client/experience/const.ts            |   1 +
 .../src/client/experience/index.ts            |  22 ++
 .../helpers/experience/totp-verification.ts   |  14 +
 .../bind-mfa/happpy-path.test.ts              | 275 ++++++++++++++++++
 .../experience-api/bind-mfa/sad-path.test.ts  | 181 ++++++++++++
 7 files changed, 532 insertions(+), 4 deletions(-)
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/bind-mfa/happpy-path.test.ts
 create mode 100644 packages/integration-tests/src/tests/api/experience-api/bind-mfa/sad-path.test.ts

diff --git a/packages/core/src/routes/experience/classes/mfa.ts b/packages/core/src/routes/experience/classes/mfa.ts
index 0924590c48aa..fb023b7db816 100644
--- a/packages/core/src/routes/experience/classes/mfa.ts
+++ b/packages/core/src/routes/experience/classes/mfa.ts
@@ -165,7 +165,7 @@ export class Mfa {
    * @throws {RequestError} with status 400 if the verification record is not verified
    * @throws {RequestError} with status 400 if the verification record has no secret
    * @throws {RequestError} with status 404 if the verification record is not found
-   * @throws {RequestError} with status 422 if TOTP is not enabled in the sign-in experience
+   * @throws {RequestError} with status 400 if TOTP is not enabled in the sign-in experience
    * @throws {RequestError} with status 422 if the user already has a TOTP factor
    *
    * - Any existing TOTP factor will be replaced with the new one.
@@ -196,7 +196,7 @@ export class Mfa {
    * @throws {RequestError} with status 400 if the verification record is not verified
    * @throws {RequestError} with status 400 if the verification record has no registration data
    * @throws {RequestError} with status 404 if the verification record is not found
-   * @throws {RequestError} with status 422 if WebAuthn is not enabled in the sign-in experience
+   * @throws {RequestError} with status 400 if WebAuthn is not enabled in the sign-in experience
    */
   async addWebAuthnByVerificationId(verificationId: string) {
     const verificationRecord = this.interactionContext.getVerificationRecordByTypeAndId(
@@ -215,7 +215,7 @@ export class Mfa {
    * - Any existing backup code factor will be replaced with the new one.
    *
    * @throws {RequestError} with status 404 if no pending backup codes are found
-   * @throws {RequestError} with status 422 if Backup Code is not enabled in the sign-in experience
+   * @throws {RequestError} with status 400 if Backup Code is not enabled in the sign-in experience
    * @throws {RequestError} with status 422 if the backup code is the only MFA factor
    */
   async addBackupCodeByVerificationId(verificationId: string) {
@@ -241,7 +241,7 @@ export class Mfa {
   }
 
   /**
-   * @throws {RequestError} with status 422 if the mfa factors are not enabled in the sign-in experience
+   * @throws {RequestError} with status 400 if the mfa factors are not enabled in the sign-in experience
    */
   async checkAvailability() {
     const newBindMfaFactors = deduplicate(this.bindMfaFactorsArray.map(({ type }) => type));
diff --git a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
index 496995d08452..2e3d9ce1341b 100644
--- a/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
+++ b/packages/core/src/routes/experience/verification-routes/backup-code-verification.ts
@@ -52,6 +52,41 @@ export default function backupCodeVerificationRoutes<T extends WithLogContext>(
     }
   );
 
+  router.post(
+    `${experienceRoutes.verification}/backup-code/generate`,
+    koaGuard({
+      status: [200, 400],
+      response: z.object({
+        verificationId: z.string(),
+        codes: z.array(z.string()),
+      }),
+    }),
+    async (ctx, next) => {
+      const { experienceInteraction } = ctx;
+
+      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
+
+      const backupCodeVerificationRecord = BackupCodeVerification.create(
+        libraries,
+        queries,
+        experienceInteraction.identifiedUserId
+      );
+
+      const codes = backupCodeVerificationRecord.generate();
+
+      ctx.experienceInteraction.setVerificationRecord(backupCodeVerificationRecord);
+
+      await ctx.experienceInteraction.save();
+
+      ctx.body = {
+        verificationId: backupCodeVerificationRecord.id,
+        codes,
+      };
+
+      return next();
+    }
+  );
+
   router.post(
     `${experienceRoutes.verification}/backup-code/verify`,
     koaGuard({
diff --git a/packages/integration-tests/src/client/experience/const.ts b/packages/integration-tests/src/client/experience/const.ts
index dfd3d22a7a21..f7dec1da6881 100644
--- a/packages/integration-tests/src/client/experience/const.ts
+++ b/packages/integration-tests/src/client/experience/const.ts
@@ -4,5 +4,6 @@ export const experienceRoutes = {
   verification: `${prefix}/verification`,
   identification: `${prefix}/identification`,
   profile: `${prefix}/profile`,
+  mfa: `${prefix}/profile/mfa`,
   prefix,
 };
diff --git a/packages/integration-tests/src/client/experience/index.ts b/packages/integration-tests/src/client/experience/index.ts
index c58cba5c0a13..426e1b5aae37 100644
--- a/packages/integration-tests/src/client/experience/index.ts
+++ b/packages/integration-tests/src/client/experience/index.ts
@@ -2,6 +2,7 @@ import {
   type CreateExperienceApiPayload,
   type IdentificationApiPayload,
   type InteractionEvent,
+  type MfaFactor,
   type NewPasswordIdentityVerificationPayload,
   type PasswordVerificationPayload,
   type UpdateProfileApiPayload,
@@ -178,6 +179,14 @@ export class ExperienceClient extends MockClient {
       .json<{ verificationId: string }>();
   }
 
+  public async generateMfaBackupCodes() {
+    return api
+      .post(`${experienceRoutes.verification}/backup-code/generate`, {
+        headers: { cookie: this.interactionCookie },
+      })
+      .json<{ verificationId: string; codes: string[] }>();
+  }
+
   public async verifyBackupCode(payload: { code: string }) {
     return api
       .post(`${experienceRoutes.verification}/backup-code/verify`, {
@@ -211,4 +220,17 @@ export class ExperienceClient extends MockClient {
       json: payload,
     });
   }
+
+  public async skipMfaBinding() {
+    return api.post(`${experienceRoutes.mfa}/mfa-skipped`, {
+      headers: { cookie: this.interactionCookie },
+    });
+  }
+
+  public async bindMfa(type: MfaFactor, verificationId: string) {
+    return api.post(`${experienceRoutes.mfa}`, {
+      headers: { cookie: this.interactionCookie },
+      json: { type, verificationId },
+    });
+  }
 }
diff --git a/packages/integration-tests/src/helpers/experience/totp-verification.ts b/packages/integration-tests/src/helpers/experience/totp-verification.ts
index ced40ce9aabd..c7fe2fea9b6b 100644
--- a/packages/integration-tests/src/helpers/experience/totp-verification.ts
+++ b/packages/integration-tests/src/helpers/experience/totp-verification.ts
@@ -1,3 +1,5 @@
+import { authenticator } from 'otplib';
+
 import { type ExperienceClient } from '#src/client/experience/index.js';
 
 export const successFullyCreateNewTotpSecret = async (client: ExperienceClient) => {
@@ -23,3 +25,15 @@ export const successfullyVerifyTotp = async (
 
   return verificationId;
 };
+
+export const successfullyCreateAndVerifyTotp = async (client: ExperienceClient) => {
+  const { secret, verificationId } = await successFullyCreateNewTotpSecret(client);
+  const code = authenticator.generate(secret);
+
+  await successfullyVerifyTotp(client, {
+    code,
+    verificationId,
+  });
+
+  return verificationId;
+};
diff --git a/packages/integration-tests/src/tests/api/experience-api/bind-mfa/happpy-path.test.ts b/packages/integration-tests/src/tests/api/experience-api/bind-mfa/happpy-path.test.ts
new file mode 100644
index 000000000000..09b27d1e395d
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/bind-mfa/happpy-path.test.ts
@@ -0,0 +1,275 @@
+import { InteractionEvent, MfaFactor, SignInIdentifier } from '@logto/schemas';
+import { authenticator } from 'otplib';
+
+import { createUserMfaVerification, deleteUser } from '#src/api/admin-user.js';
+import { initExperienceClient, logoutClient, processSession } from '#src/helpers/client.js';
+import {
+  identifyUserWithUsernamePassword,
+  signInWithPassword,
+} from '#src/helpers/experience/index.js';
+import {
+  successfullyCreateAndVerifyTotp,
+  successfullyVerifyTotp,
+} from '#src/helpers/experience/totp-verification.js';
+import { expectRejects } from '#src/helpers/index.js';
+import {
+  enableAllPasswordSignInMethods,
+  enableMandatoryMfaWithTotp,
+  enableMandatoryMfaWithTotpAndBackupCode,
+  enableUserControlledMfaWithTotp,
+} from '#src/helpers/sign-in-experience.js';
+import { generateNewUserProfile, UserApiTest } from '#src/helpers/user.js';
+import { devFeatureTest } from '#src/utils.js';
+
+devFeatureTest.describe('Bind MFA APIs happy path', () => {
+  const userApi = new UserApiTest();
+
+  beforeAll(async () => {
+    await enableAllPasswordSignInMethods({
+      identifiers: [SignInIdentifier.Username],
+      password: true,
+      verify: false,
+    });
+  });
+
+  afterEach(async () => {
+    await userApi.cleanUp();
+  });
+
+  describe('mandatory TOTP', () => {
+    beforeAll(async () => {
+      await enableMandatoryMfaWithTotp();
+    });
+
+    it('should bind TOTP on register', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.Register });
+
+      const { verificationId } = await client.createNewPasswordIdentityVerification({
+        identifier: {
+          type: SignInIdentifier.Username,
+          value: username,
+        },
+        password,
+      });
+
+      await client.identifyUser({ verificationId });
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'user.missing_mfa',
+        status: 422,
+      });
+
+      const totpVerificationId = await successfullyCreateAndVerifyTotp(client);
+
+      await client.bindMfa(MfaFactor.TOTP, totpVerificationId);
+
+      const { redirectTo } = await client.submitInteraction();
+      const userId = await processSession(client, redirectTo);
+      await logoutClient(client);
+
+      const signInClient = await initExperienceClient();
+      await identifyUserWithUsernamePassword(signInClient, username, password);
+
+      await expectRejects(signInClient.submitInteraction(), {
+        code: 'session.mfa.require_mfa_verification',
+        status: 403,
+      });
+
+      await deleteUser(userId);
+    });
+
+    it('should bind TOTP on sign-in', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'user.missing_mfa',
+        status: 422,
+      });
+
+      const totpVerificationId = await successfullyCreateAndVerifyTotp(client);
+
+      await client.bindMfa(MfaFactor.TOTP, totpVerificationId);
+
+      const { redirectTo } = await client.submitInteraction();
+      await processSession(client, redirectTo);
+      await logoutClient(client);
+    });
+
+    it('should not throw if user already has TOTP', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+      const response = await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      if (response.type !== MfaFactor.TOTP) {
+        throw new Error('unexpected mfa type');
+      }
+
+      const { secret } = response;
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+      const code = authenticator.generate(secret);
+
+      await successfullyVerifyTotp(client, { code });
+
+      const { redirectTo } = await client.submitInteraction();
+      await processSession(client, redirectTo);
+      await logoutClient(client);
+    });
+  });
+
+  describe('user controlled TOTP', () => {
+    beforeAll(async () => {
+      await enableUserControlledMfaWithTotp();
+    });
+
+    it('should able to skip MFA binding on register', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.Register });
+
+      const { verificationId } = await client.createNewPasswordIdentityVerification({
+        identifier: {
+          type: SignInIdentifier.Username,
+          value: username,
+        },
+        password,
+      });
+
+      await client.identifyUser({ verificationId });
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'user.missing_mfa',
+        status: 422,
+      });
+
+      await client.skipMfaBinding();
+
+      const { redirectTo } = await client.submitInteraction();
+      const userId = await processSession(client, redirectTo);
+      await logoutClient(client);
+
+      await signInWithPassword({
+        identifier: {
+          type: SignInIdentifier.Username,
+          value: username,
+        },
+        password,
+      });
+
+      await deleteUser(userId);
+    });
+
+    it('should able to skip MFA binding on sign-in', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'user.missing_mfa',
+        status: 422,
+      });
+
+      await client.skipMfaBinding();
+
+      const { redirectTo } = await client.submitInteraction();
+      await processSession(client, redirectTo);
+      await logoutClient(client);
+    });
+  });
+
+  describe('mandatory TOTP with backup codes', () => {
+    beforeAll(async () => {
+      await enableMandatoryMfaWithTotpAndBackupCode();
+    });
+
+    it('should bind TOTP and backup codes on register', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.Register });
+
+      const { verificationId } = await client.createNewPasswordIdentityVerification({
+        identifier: {
+          type: SignInIdentifier.Username,
+          value: username,
+        },
+        password,
+      });
+
+      await client.identifyUser({ verificationId });
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'user.missing_mfa',
+        status: 422,
+      });
+
+      const totpVerificationId = await successfullyCreateAndVerifyTotp(client);
+
+      await client.bindMfa(MfaFactor.TOTP, totpVerificationId);
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'session.mfa.backup_code_required',
+        status: 422,
+      });
+
+      const { codes, verificationId: backupCodeVerificationId } =
+        await client.generateMfaBackupCodes();
+
+      expect(codes.length).toBeGreaterThan(0);
+
+      await client.bindMfa(MfaFactor.BackupCode, backupCodeVerificationId);
+
+      const { redirectTo } = await client.submitInteraction();
+      const userId = await processSession(client, redirectTo);
+      await logoutClient(client);
+
+      await deleteUser(userId);
+    });
+
+    it('should bind backup codes on sign-in', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+
+      const result = await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      if (result.type !== MfaFactor.TOTP) {
+        throw new Error('unexpected mfa type');
+      }
+
+      const { secret } = result;
+      const code = authenticator.generate(secret);
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'session.mfa.require_mfa_verification',
+        status: 403,
+      });
+
+      await successfullyVerifyTotp(client, { code });
+
+      await expectRejects(client.submitInteraction(), {
+        code: 'session.mfa.backup_code_required',
+        status: 422,
+      });
+
+      const { codes, verificationId } = await client.generateMfaBackupCodes();
+      expect(codes.length).toBeGreaterThan(0);
+
+      await client.bindMfa(MfaFactor.BackupCode, verificationId);
+
+      const { redirectTo } = await client.submitInteraction();
+      await processSession(client, redirectTo);
+      await logoutClient(client);
+    });
+  });
+});
diff --git a/packages/integration-tests/src/tests/api/experience-api/bind-mfa/sad-path.test.ts b/packages/integration-tests/src/tests/api/experience-api/bind-mfa/sad-path.test.ts
new file mode 100644
index 000000000000..8484caf1eb8d
--- /dev/null
+++ b/packages/integration-tests/src/tests/api/experience-api/bind-mfa/sad-path.test.ts
@@ -0,0 +1,181 @@
+import { InteractionEvent, MfaFactor, SignInIdentifier } from '@logto/schemas';
+
+import { createUserMfaVerification } from '#src/api/admin-user.js';
+import { initExperienceClient } from '#src/helpers/client.js';
+import { identifyUserWithUsernamePassword } from '#src/helpers/experience/index.js';
+import { successfullyCreateAndVerifyTotp } from '#src/helpers/experience/totp-verification.js';
+import { expectRejects } from '#src/helpers/index.js';
+import {
+  enableAllPasswordSignInMethods,
+  enableMandatoryMfaWithTotp,
+  enableMandatoryMfaWithTotpAndBackupCode,
+} from '#src/helpers/sign-in-experience.js';
+import { generateNewUserProfile, UserApiTest } from '#src/helpers/user.js';
+import { devFeatureTest } from '#src/utils.js';
+
+devFeatureTest.describe('Bind MFA APIs sad path', () => {
+  const userApi = new UserApiTest();
+
+  beforeAll(async () => {
+    await enableAllPasswordSignInMethods({
+      identifiers: [SignInIdentifier.Username],
+      password: true,
+      verify: false,
+    });
+  });
+
+  afterEach(async () => {
+    await userApi.cleanUp();
+  });
+
+  describe('No MFA is enabled', () => {
+    it('should throw mfa_factor_not_enabled error when binding TOTP', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+      const client = await initExperienceClient();
+
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      const totpVerificationId = await successfullyCreateAndVerifyTotp(client);
+
+      await expectRejects(client.bindMfa(MfaFactor.TOTP, totpVerificationId), {
+        code: 'session.mfa.mfa_factor_not_enabled',
+        status: 400,
+      });
+    });
+  });
+
+  describe('Mandatory TOTP', () => {
+    beforeAll(async () => {
+      await enableMandatoryMfaWithTotp();
+    });
+
+    it('should throw not supported error when binding TOTP on ForgotPassword interaction', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.ForgotPassword });
+
+      await expectRejects(client.skipMfaBinding(), {
+        code: 'session.not_supported_for_forgot_password',
+        status: 400,
+      });
+
+      await expectRejects(client.bindMfa(MfaFactor.TOTP, 'dummy_verification_id'), {
+        code: 'session.not_supported_for_forgot_password',
+        status: 400,
+      });
+    });
+
+    it('should throw identifier_not_found error, if user has not been identified', async () => {
+      const client = await initExperienceClient();
+      await client.initInteraction({ interactionEvent: InteractionEvent.SignIn });
+      await expectRejects(client.bindMfa(MfaFactor.TOTP, 'dummy_verification_id'), {
+        code: 'session.identifier_not_found',
+        status: 404,
+      });
+    });
+
+    it('should throw mfa_factor_not_enabled error when trying to bind backup code', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      const { verificationId } = await client.generateMfaBackupCodes();
+
+      await expectRejects(client.bindMfa(MfaFactor.BackupCode, verificationId), {
+        code: 'session.mfa.mfa_factor_not_enabled',
+        status: 400,
+      });
+    });
+
+    it('should throw mfa_policy_not_user_controlled error when trying to skip MFA binding', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      await expectRejects(client.skipMfaBinding(), {
+        code: 'session.mfa.mfa_policy_not_user_controlled',
+        status: 422,
+      });
+    });
+  });
+
+  describe('Mandatory TOTP and Backup Code', () => {
+    beforeAll(async () => {
+      await enableMandatoryMfaWithTotpAndBackupCode();
+    });
+
+    it('should throw if user has a TOTP in record', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+
+      await createUserMfaVerification(user.id, MfaFactor.TOTP);
+      const response = await createUserMfaVerification(user.id, MfaFactor.BackupCode);
+
+      if (response.type !== MfaFactor.BackupCode) {
+        throw new Error('unexpected mfa type');
+      }
+
+      const code = response.codes[0]!;
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+      await client.verifyBackupCode({ code });
+
+      const totpVerificationId = await successfullyCreateAndVerifyTotp(client);
+
+      await expectRejects(client.bindMfa(MfaFactor.TOTP, totpVerificationId), {
+        code: 'user.totp_already_in_use',
+        status: 422,
+      });
+    });
+
+    it('should throw if the interaction is not verified, when add new backup codes', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      const user = await userApi.create({ username, password });
+      await createUserMfaVerification(user.id, MfaFactor.TOTP);
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+      const { verificationId } = await client.generateMfaBackupCodes();
+
+      await expectRejects(client.bindMfa(MfaFactor.BackupCode, verificationId), {
+        code: 'session.mfa.require_mfa_verification',
+        status: 403,
+      });
+    });
+
+    it('should throw if the backup codes is the only MFA factor', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+
+      const { verificationId } = await client.generateMfaBackupCodes();
+
+      await expectRejects(client.bindMfa(MfaFactor.BackupCode, verificationId), {
+        code: 'session.mfa.backup_code_can_not_be_alone',
+        status: 422,
+      });
+    });
+
+    it('should throw if no pending backup codes is found', async () => {
+      const { username, password } = generateNewUserProfile({ username: true, password: true });
+      await userApi.create({ username, password });
+
+      const client = await initExperienceClient();
+      await identifyUserWithUsernamePassword(client, username, password);
+      const totpVerificationId = await successfullyCreateAndVerifyTotp(client);
+      await client.bindMfa(MfaFactor.TOTP, totpVerificationId);
+
+      await expectRejects(client.bindMfa(MfaFactor.BackupCode, 'invalid_verification'), {
+        code: 'session.verification_session_not_found',
+        status: 404,
+      });
+    });
+  });
+});

From fb5b02bec9e018286901ff78dfeba15be51acf4c Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 26 Jul 2024 16:41:17 +0800
Subject: [PATCH 115/135] style(console): fix custom jwt guide card style
 (#6343)

---
 .../SettingsSection/InstructionTab/GuideCard/index.module.scss  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.module.scss b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.module.scss
index 0f35d1b7ff2c..2fbba30f0e1d 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.module.scss
+++ b/packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/GuideCard/index.module.scss
@@ -53,7 +53,7 @@
     }
 
     .cardContent {
-      max-height: 1000;
+      max-height: 1000px;
       overflow: visible;
     }
   }

From 33a1ac1ca4bbf6c4831c52d43e4af4ae003ca3a6 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Fri, 26 Jul 2024 17:58:09 +0800
Subject: [PATCH 116/135] refactor(console): block page navigation when
 uploading custom ui assets (#6342)

---
 .../src/components/ImageInputs/index.tsx      |  2 +-
 .../SubmitFormChangesActionBar/index.tsx      |  3 ++
 .../Uploader/FileUploader/index.tsx           | 16 +++++--
 .../Uploader/ImageUploaderField/index.tsx     |  2 +-
 packages/console/src/hooks/use-api.ts         |  4 ++
 .../Experience/LogosUploader/index.tsx        |  4 +-
 .../Branding/CustomUiForm/index.tsx           |  2 +-
 .../SignInExperience/PageContent/index.tsx    | 19 ++++++--
 .../CustomUiAssetsUploader/index.module.scss  |  0
 .../CustomUiAssetsUploader/index.tsx          | 26 ++++++++--
 .../SignInExperienceContextProvider/index.tsx | 48 +++++++++++++++++++
 .../src/pages/SignInExperience/index.tsx      | 19 ++++----
 12 files changed, 119 insertions(+), 26 deletions(-)
 rename packages/console/src/{ => pages/SignInExperience}/components/CustomUiAssetsUploader/index.module.scss (100%)
 rename packages/console/src/{ => pages/SignInExperience}/components/CustomUiAssetsUploader/index.tsx (75%)
 create mode 100644 packages/console/src/pages/SignInExperience/contexts/SignInExperienceContextProvider/index.tsx

diff --git a/packages/console/src/components/ImageInputs/index.tsx b/packages/console/src/components/ImageInputs/index.tsx
index 29a028199650..6dea4890cbae 100644
--- a/packages/console/src/components/ImageInputs/index.tsx
+++ b/packages/console/src/components/ImageInputs/index.tsx
@@ -137,7 +137,7 @@ function ImageInputs<FormContext extends FieldValues>({
                 actionDescription={t(`sign_in_exp.branding.with_${field.theme}`, {
                   value: t(`sign_in_exp.branding_uploads.${field.type}.title`),
                 })}
-                onCompleted={({ url }) => {
+                onUploadComplete={({ url }) => {
                   onChange(url);
                 }}
                 // Noop fallback should not be necessary, but for TypeScript to be happy
diff --git a/packages/console/src/components/SubmitFormChangesActionBar/index.tsx b/packages/console/src/components/SubmitFormChangesActionBar/index.tsx
index e1eeed147b12..fa0755ea6794 100644
--- a/packages/console/src/components/SubmitFormChangesActionBar/index.tsx
+++ b/packages/console/src/components/SubmitFormChangesActionBar/index.tsx
@@ -8,6 +8,7 @@ import styles from './index.module.scss';
 type Props = {
   readonly isOpen: boolean;
   readonly isSubmitting: boolean;
+  readonly isSubmitDisabled?: boolean;
   readonly onSubmit: () => Promise<void>;
   readonly onDiscard: () => void;
   readonly confirmText?: AdminConsoleKey;
@@ -17,6 +18,7 @@ type Props = {
 function SubmitFormChangesActionBar({
   isOpen,
   isSubmitting,
+  isSubmitDisabled = false,
   confirmText = 'general.save_changes',
   onSubmit,
   onDiscard,
@@ -34,6 +36,7 @@ function SubmitFormChangesActionBar({
           }}
         />
         <Button
+          disabled={isSubmitDisabled}
           isLoading={isSubmitting}
           type="primary"
           size="medium"
diff --git a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
index 7183266a6aeb..5ed0fd78e32c 100644
--- a/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
+++ b/packages/console/src/ds-components/Uploader/FileUploader/index.tsx
@@ -25,7 +25,8 @@ export type Props<T extends Record<string, unknown> = UserAssets> = {
   readonly defaultApiInstanceTimeout?: number;
   readonly allowedMimeTypes: AllowedUploadMimeType[];
   readonly actionDescription?: string;
-  readonly onCompleted: (response: T) => void;
+  readonly onUploadStart?: (file: File) => void;
+  readonly onUploadComplete?: (response: T) => void;
   readonly onUploadErrorChange: (errorMessage?: string, files?: File[]) => void;
   readonly className?: string;
   /**
@@ -46,7 +47,8 @@ function FileUploader<T extends Record<string, unknown> = UserAssets>({
   defaultApiInstanceTimeout,
   allowedMimeTypes,
   actionDescription,
-  onCompleted,
+  onUploadStart,
+  onUploadComplete,
   onUploadErrorChange,
   className,
   apiInstance,
@@ -116,17 +118,21 @@ function FileUploader<T extends Record<string, unknown> = UserAssets>({
 
       try {
         setIsUploading(true);
+        onUploadStart?.(acceptedFile);
         const uploadApi = apiInstance ?? api;
         const response = await uploadApi.post(uploadUrl, { body: formData }).json<T>();
 
-        onCompleted(response);
-      } catch {
+        onUploadComplete?.(response);
+      } catch (error: unknown) {
+        if (error instanceof Error && error.name === 'AbortError') {
+          return;
+        }
         setUploadError(t('components.uploader.error_upload'));
       } finally {
         setIsUploading(false);
       }
     },
-    [api, apiInstance, allowedMimeTypes, maxSize, onCompleted, t, uploadUrl]
+    [api, apiInstance, allowedMimeTypes, maxSize, onUploadComplete, onUploadStart, t, uploadUrl]
   );
 
   const { getRootProps, getInputProps, isDragActive } = useDropzone({
diff --git a/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx b/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
index ff8c6a08589a..dd414259c475 100644
--- a/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
+++ b/packages/console/src/ds-components/Uploader/ImageUploaderField/index.tsx
@@ -23,7 +23,7 @@ function ImageUploaderField({ onChange, allowedMimeTypes: mimeTypes, ...rest }:
     <div>
       <ImageUploader
         allowedMimeTypes={allowedMimeTypes}
-        onCompleted={({ url }) => {
+        onUploadComplete={({ url }) => {
           onChange(url);
         }}
         onUploadErrorChange={setUploadError}
diff --git a/packages/console/src/hooks/use-api.ts b/packages/console/src/hooks/use-api.ts
index 747fab8ff14c..e89d9387fb6d 100644
--- a/packages/console/src/hooks/use-api.ts
+++ b/packages/console/src/hooks/use-api.ts
@@ -41,6 +41,7 @@ export type StaticApiProps = {
   hideErrorToast?: boolean | LogtoErrorCode[];
   resourceIndicator: string;
   timeout?: number;
+  signal?: AbortSignal;
 };
 
 const useGlobalRequestErrorHandler = (toastDisabledErrorCodes?: LogtoErrorCode[]) => {
@@ -112,6 +113,7 @@ export const useStaticApi = ({
   hideErrorToast,
   resourceIndicator,
   timeout = requestTimeout,
+  signal,
 }: StaticApiProps): KyInstance => {
   const { isAuthenticated, getAccessToken, getOrganizationToken } = useLogto();
   const { i18n } = useTranslation(undefined, { keyPrefix: 'admin_console' });
@@ -128,6 +130,7 @@ export const useStaticApi = ({
       ky.create({
         prefixUrl,
         timeout,
+        signal,
         hooks: {
           beforeError: conditionalArray(
             !disableGlobalErrorHandling &&
@@ -159,6 +162,7 @@ export const useStaticApi = ({
       getAccessToken,
       i18n.language,
       timeout,
+      signal,
     ]
   );
 
diff --git a/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx b/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
index e355f8ab05d2..3cd9c34b6068 100644
--- a/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
+++ b/packages/console/src/pages/EnterpriseSsoDetails/Experience/LogosUploader/index.tsx
@@ -44,7 +44,7 @@ function LogosUploader({ isDarkModeEnabled }: Props) {
                     : 'enterprise_sso_details.branding_logo_context'
                 )}
                 allowedMimeTypes={allowedMimeTypes}
-                onCompleted={({ url }) => {
+                onUploadComplete={({ url }) => {
                   onChange(url);
                 }}
                 onUploadErrorChange={setUploadLogoError}
@@ -67,7 +67,7 @@ function LogosUploader({ isDarkModeEnabled }: Props) {
                   value={value ?? ''}
                   actionDescription={t('enterprise_sso_details.branding_dark_logo_context')}
                   allowedMimeTypes={allowedMimeTypes}
-                  onCompleted={({ url }) => {
+                  onUploadComplete={({ url }) => {
                     onChange(url);
                   }}
                   onUploadErrorChange={setUploadDarkLogoError}
diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
index 87fc79db8c1d..c77233849d89 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
@@ -3,7 +3,6 @@ import { useContext } from 'react';
 import { Controller, useFormContext } from 'react-hook-form';
 import { Trans, useTranslation } from 'react-i18next';
 
-import CustomUiAssetsUploader from '@/components/CustomUiAssetsUploader';
 import InlineUpsell from '@/components/InlineUpsell';
 import { isDevFeaturesEnabled, isCloud } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
@@ -12,6 +11,7 @@ import CodeEditor from '@/ds-components/CodeEditor';
 import FormField from '@/ds-components/FormField';
 import TextLink from '@/ds-components/TextLink';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
+import CustomUiAssetsUploader from '@/pages/SignInExperience/components/CustomUiAssetsUploader';
 
 import type { SignInExperienceForm } from '../../../types';
 import FormSectionTitle from '../../components/FormSectionTitle';
diff --git a/packages/console/src/pages/SignInExperience/PageContent/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/index.tsx
index 9185f048895e..f437aa240744 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/index.tsx
@@ -1,6 +1,6 @@
 import { type SignInExperience } from '@logto/schemas';
 import classNames from 'classnames';
-import { useState } from 'react';
+import { useCallback, useContext, useState } from 'react';
 import { FormProvider, useForm } from 'react-hook-form';
 import { toast } from 'react-hot-toast';
 import { useTranslation } from 'react-i18next';
@@ -16,6 +16,7 @@ import useTenantPathname from '@/hooks/use-tenant-pathname';
 import { trySubmitSafe } from '@/utils/form';
 
 import Preview from '../components/Preview';
+import { SignInExperienceContext } from '../contexts/SignInExperienceContextProvider';
 import usePreviewConfigs from '../hooks/use-preview-configs';
 import { SignInExperienceTab } from '../types';
 import { type SignInExperienceForm } from '../types';
@@ -48,6 +49,7 @@ function PageContent({ data, onSignInExperienceUpdated }: Props) {
 
   const { updateConfigs } = useConfigs();
   const { getPathname } = useTenantPathname();
+  const { isUploading, cancelUpload } = useContext(SignInExperienceContext);
 
   const [dataToCompare, setDataToCompare] = useState<SignInExperience>();
 
@@ -106,6 +108,13 @@ function PageContent({ data, onSignInExperienceUpdated }: Props) {
     })
   );
 
+  const onDiscard = useCallback(() => {
+    reset();
+    if (isUploading && cancelUpload) {
+      cancelUpload();
+    }
+  }, [isUploading, cancelUpload, reset]);
+
   return (
     <>
       <TabNav className={styles.tabs}>
@@ -143,9 +152,10 @@ function PageContent({ data, onSignInExperienceUpdated }: Props) {
           )}
         </div>
         <SubmitFormChangesActionBar
-          isOpen={isDirty}
+          isOpen={isDirty || isUploading}
+          isSubmitDisabled={isUploading}
           isSubmitting={isSaving}
-          onDiscard={reset}
+          onDiscard={onDiscard}
           onSubmit={onSubmit}
         />
       </div>
@@ -162,8 +172,9 @@ function PageContent({ data, onSignInExperienceUpdated }: Props) {
         {dataToCompare && <SignUpAndSignInChangePreview before={data} after={dataToCompare} />}
       </ConfirmModal>
       <UnsavedChangesAlertModal
-        hasUnsavedChanges={isDirty}
+        hasUnsavedChanges={isDirty || isUploading}
         parentPath={getPathname('/sign-in-experience')}
+        onConfirm={onDiscard}
       />
     </>
   );
diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.module.scss b/packages/console/src/pages/SignInExperience/components/CustomUiAssetsUploader/index.module.scss
similarity index 100%
rename from packages/console/src/components/CustomUiAssetsUploader/index.module.scss
rename to packages/console/src/pages/SignInExperience/components/CustomUiAssetsUploader/index.module.scss
diff --git a/packages/console/src/components/CustomUiAssetsUploader/index.tsx b/packages/console/src/pages/SignInExperience/components/CustomUiAssetsUploader/index.tsx
similarity index 75%
rename from packages/console/src/components/CustomUiAssetsUploader/index.tsx
rename to packages/console/src/pages/SignInExperience/components/CustomUiAssetsUploader/index.tsx
index 498721dd2b7b..57014d355f4f 100644
--- a/packages/console/src/components/CustomUiAssetsUploader/index.tsx
+++ b/packages/console/src/pages/SignInExperience/components/CustomUiAssetsUploader/index.tsx
@@ -1,15 +1,17 @@
 import { type CustomUiAssets, maxUploadFileSize, type AllowedUploadMimeType } from '@logto/schemas';
 import { type Nullable } from '@silverhand/essentials';
 import { format } from 'date-fns/fp';
-import { useCallback, useState } from 'react';
+import { useCallback, useContext, useEffect, useState } from 'react';
 import { useTranslation } from 'react-i18next';
 
 import DeleteIcon from '@/assets/icons/delete.svg?react';
+import FileIcon from '@/components/FileIcon';
 import IconButton from '@/ds-components/IconButton';
 import FileUploader from '@/ds-components/Uploader/FileUploader';
+import useApi from '@/hooks/use-api';
 import { formatBytes } from '@/utils/uploader';
 
-import FileIcon from '../FileIcon';
+import { SignInExperienceContext } from '../../contexts/SignInExperienceContextProvider';
 
 import styles from './index.module.scss';
 
@@ -28,7 +30,19 @@ function CustomUiAssetsUploader({ disabled, value, onChange }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const [file, setFile] = useState<File>();
   const [error, setError] = useState<string>();
+  const [abortController, setAbortController] = useState(new AbortController());
   const showUploader = !value?.id && !file && !error;
+  const { setIsUploading, setCancelUpload } = useContext(SignInExperienceContext);
+
+  const api = useApi({ timeout: requestTimeout, signal: abortController.signal });
+
+  useEffect(() => {
+    setCancelUpload(() => {
+      abortController.abort();
+      setIsUploading(false);
+      setAbortController(new AbortController());
+    });
+  }, [abortController, setCancelUpload, setIsUploading]);
 
   const onComplete = useCallback(
     (id: string) => {
@@ -53,13 +67,17 @@ function CustomUiAssetsUploader({ disabled, value, onChange }: Props) {
   if (showUploader) {
     return (
       <FileUploader<{ customUiAssetId: string }>
-        defaultApiInstanceTimeout={requestTimeout}
+        apiInstance={api}
         disabled={disabled}
         allowedMimeTypes={allowedMimeTypes}
         maxSize={maxUploadFileSize}
         uploadUrl="api/sign-in-exp/default/custom-ui-assets"
-        onCompleted={({ customUiAssetId }) => {
+        onUploadStart={() => {
+          setIsUploading(true);
+        }}
+        onUploadComplete={({ customUiAssetId }) => {
           onComplete(customUiAssetId);
+          setIsUploading(false);
         }}
         onUploadErrorChange={onErrorChange}
       />
diff --git a/packages/console/src/pages/SignInExperience/contexts/SignInExperienceContextProvider/index.tsx b/packages/console/src/pages/SignInExperience/contexts/SignInExperienceContextProvider/index.tsx
new file mode 100644
index 000000000000..5e5499266745
--- /dev/null
+++ b/packages/console/src/pages/SignInExperience/contexts/SignInExperienceContextProvider/index.tsx
@@ -0,0 +1,48 @@
+import { noop } from '@silverhand/essentials';
+import { createContext, useMemo, useRef, useState } from 'react';
+
+type SignInExperienceContextType = {
+  isUploading: boolean;
+  cancelUpload?: () => void;
+  setIsUploading: (value: boolean) => void;
+  setCancelUpload: (cancelFunction?: () => void) => void;
+};
+
+type Props = {
+  readonly children?: React.ReactNode;
+};
+
+export const SignInExperienceContext = createContext<SignInExperienceContextType>({
+  isUploading: false,
+  cancelUpload: noop,
+  setIsUploading: noop,
+  setCancelUpload: noop,
+});
+
+function SignInExperienceContextProvider({ children }: Props) {
+  const [isUploading, setIsUploading] = useState(false);
+  const cancelUploadRef = useRef<() => void>();
+
+  const handleSetCancelUpload = (cancelFunction?: () => void) => {
+    // eslint-disable-next-line @silverhand/fp/no-mutation
+    cancelUploadRef.current = cancelFunction;
+  };
+
+  const contextValue = useMemo(
+    () => ({
+      isUploading,
+      cancelUpload: cancelUploadRef.current,
+      setIsUploading,
+      setCancelUpload: handleSetCancelUpload,
+    }),
+    [isUploading]
+  );
+
+  return (
+    <SignInExperienceContext.Provider value={contextValue}>
+      {children}
+    </SignInExperienceContext.Provider>
+  );
+}
+
+export default SignInExperienceContextProvider;
diff --git a/packages/console/src/pages/SignInExperience/index.tsx b/packages/console/src/pages/SignInExperience/index.tsx
index c0d6e99f05aa..b76dd086bf11 100644
--- a/packages/console/src/pages/SignInExperience/index.tsx
+++ b/packages/console/src/pages/SignInExperience/index.tsx
@@ -13,6 +13,7 @@ import useUserAssetsService from '@/hooks/use-user-assets-service';
 import PageContent from './PageContent';
 import Skeleton from './Skeleton';
 import Welcome from './Welcome';
+import SignInExperienceContextProvider from './contexts/SignInExperienceContextProvider';
 import styles from './index.module.scss';
 
 type PageWrapperProps = {
@@ -21,14 +22,16 @@ type PageWrapperProps = {
 
 function PageWrapper({ children }: PageWrapperProps) {
   return (
-    <div className={styles.container}>
-      <CardTitle
-        title="sign_in_exp.title"
-        subtitle="sign_in_exp.description"
-        className={styles.cardTitle}
-      />
-      {children}
-    </div>
+    <SignInExperienceContextProvider>
+      <div className={styles.container}>
+        <CardTitle
+          title="sign_in_exp.title"
+          subtitle="sign_in_exp.description"
+          className={styles.cardTitle}
+        />
+        {children}
+      </div>
+    </SignInExperienceContextProvider>
   );
 }
 

From a276f92183c0721741fb2f84404d7d29ef5dc1e0 Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Fri, 26 Jul 2024 18:59:05 +0800
Subject: [PATCH 117/135] chore(console): update bring your ui documentation
 link (#6317)

chore(console): add bring your ui documentation link
---
 .../PageContent/Branding/CustomUiForm/index.tsx                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
index c77233849d89..4526a9424123 100644
--- a/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
+++ b/packages/console/src/pages/SignInExperience/PageContent/Branding/CustomUiForm/index.tsx
@@ -76,7 +76,7 @@ function CustomUiForm() {
                 a: (
                   <TextLink
                     targetBlank="noopener"
-                    href={getDocumentationUrl('/docs/recipes/customize-sie/custom-css')}
+                    href={getDocumentationUrl('/docs/recipes/customize-sie/bring-your-ui')}
                   />
                 ),
               }}

From 5e7145b20cddd9a60af6e1f088aca4c2badc696e Mon Sep 17 00:00:00 2001
From: Xiao Yijun <xiaoyijun@silverhand.io>
Date: Fri, 26 Jul 2024 19:48:09 +0800
Subject: [PATCH 118/135] fix(elements): fix user context tag name (#6346)

---
 packages/elements/src/providers/logto-user-provider.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/elements/src/providers/logto-user-provider.ts b/packages/elements/src/providers/logto-user-provider.ts
index 50b193dab922..8580157174bc 100644
--- a/packages/elements/src/providers/logto-user-provider.ts
+++ b/packages/elements/src/providers/logto-user-provider.ts
@@ -15,7 +15,7 @@ export type UserContextType = Readonly<{
 /**
  * Context for the current user. It's a fundamental context for the account-related elements.
  */
-export const UserContext = createContext<UserContextType>('modal-context');
+export const UserContext = createContext<UserContextType>('user-context');
 
 /** The default value for the user context. */
 export const userContext: UserContextType = Object.freeze({

From b188bb1619bcb32fcfeca635c9d7cf2ec8248a9b Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 08:40:01 +0800
Subject: [PATCH 119/135] chore: launch multiple app secrets

---
 .changeset/stale-planets-sneeze.md            | 18 ++++++
 .../EndpointsAndCredentials.tsx               | 13 +---
 packages/core/src/oidc/init.ts                |  7 +-
 .../application-secret.openapi.json           |  5 --
 .../applications/application.openapi.json     | 64 +++++++++++++++++--
 .../src/routes/applications/application.ts    |  6 +-
 packages/core/src/routes/init.ts              |  4 +-
 .../application/index.openapi.json            | 16 ++++-
 packages/core/src/routes/swagger/index.ts     |  3 +
 .../core/src/routes/swagger/utils/general.ts  | 31 ++++++++-
 .../application/application.secrets.test.ts   |  4 +-
 packages/schemas/tables/applications.sql      |  1 +
 12 files changed, 135 insertions(+), 37 deletions(-)
 create mode 100644 .changeset/stale-planets-sneeze.md

diff --git a/.changeset/stale-planets-sneeze.md b/.changeset/stale-planets-sneeze.md
new file mode 100644
index 000000000000..ce4b627fa835
--- /dev/null
+++ b/.changeset/stale-planets-sneeze.md
@@ -0,0 +1,18 @@
+---
+"@logto/console": minor
+"@logto/schemas": minor
+"@logto/core": minor
+"@logto/integration-tests": patch
+"@logto/phrases": patch
+---
+
+support multiple app secrets with expiration
+
+Now secure apps (machine-to-machine, traditional web, Protected) can have multiple app secrets with expiration. This allows for secret rotation and provides an even safer experience.
+
+To manage your application secrets, go to Logto Console -> Applications -> Application Details -> Endpoints & Credentials.
+
+We've also added a set of Management APIs (`/api/applications/{id}/secrets`) for this purpose.
+
+> [!Important]
+> You can still use existing app secrets for client authentication, but it is recommended to delete the old ones and create new secrets with expiration for enhanced security.
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
index 512131c31d2a..942145a91023 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
@@ -17,7 +17,6 @@ import CirclePlus from '@/assets/icons/circle-plus.svg?react';
 import Plus from '@/assets/icons/plus.svg?react';
 import ActionsButton from '@/components/ActionsButton';
 import FormCard from '@/components/FormCard';
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { openIdProviderConfigPath, openIdProviderPath } from '@/consts/oidc';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import Button from '@/ds-components/Button';
@@ -239,17 +238,7 @@ function EndpointsAndCredentials({
       <FormField title="application_details.application_id">
         <CopyToClipboard displayType="block" value={id} variant="border" />
       </FormField>
-      {!isDevFeaturesEnabled && shouldShowAppSecrets && (
-        <FormField title="application_details.application_secret">
-          <CopyToClipboard
-            hasVisibilityToggle
-            displayType="block"
-            value={secret}
-            variant="border"
-          />
-        </FormField>
-      )}
-      {isDevFeaturesEnabled && shouldShowAppSecrets && (
+      {shouldShowAppSecrets && (
         <FormField title="application_details.application_secret_other">
           {secretsData.length === 0 && !secrets.error ? (
             <>
diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts
index d17bc4fc9736..b4a7b94a3d7b 100644
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@@ -22,7 +22,7 @@ import Provider, { errors } from 'oidc-provider';
 import getRawBody from 'raw-body';
 import snakecaseKeys from 'snakecase-keys';
 
-import { EnvSet } from '#src/env-set/index.js';
+import { type EnvSet } from '#src/env-set/index.js';
 import { addOidcEventListeners } from '#src/event-listeners/index.js';
 import { type CloudConnectionLibrary } from '#src/libraries/cloud-connection.js';
 import { type LogtoConfigLibrary } from '#src/libraries/logto-config.js';
@@ -410,10 +410,7 @@ export default function initOidc(
     return next();
   });
 
-  if (EnvSet.values.isDevFeaturesEnabled) {
-    oidc.use(koaAppSecretTranspilation(queries));
-  }
-
+  oidc.use(koaAppSecretTranspilation(queries));
   oidc.use(koaBodyEtag());
 
   return oidc;
diff --git a/packages/core/src/routes/applications/application-secret.openapi.json b/packages/core/src/routes/applications/application-secret.openapi.json
index 7b57dd71e7e3..ea8be00c0164 100644
--- a/packages/core/src/routes/applications/application-secret.openapi.json
+++ b/packages/core/src/routes/applications/application-secret.openapi.json
@@ -1,9 +1,4 @@
 {
-  "tags": [
-    {
-      "name": "Dev feature"
-    }
-  ],
   "paths": {
     "/api/applications/{id}/legacy-secret": {
       "delete": {
diff --git a/packages/core/src/routes/applications/application.openapi.json b/packages/core/src/routes/applications/application.openapi.json
index 62d2503c9dcc..95fbee1e3df6 100644
--- a/packages/core/src/routes/applications/application.openapi.json
+++ b/packages/core/src/routes/applications/application.openapi.json
@@ -5,6 +5,15 @@
       "description": "Application represents your registered software program or service that has been authorized to access user information and perform actions on behalf of users within the system. Currently, Logto supports four types of applications:\n\n- Traditional web\n\n- Single-page app\n- Native app\n- Machine-to-machine app.\n\nDepending on the application type, it may have different authentication flows and access to the system. See [🔗 Integrate Logto in your application](https://docs.logto.io/docs/recipes/integrate-logto/) to learn more about how to integrate Logto into your application.\n\nRole-based access control (RBAC) is supported for machine-to-machine applications. See [🔐 Role-based access control (RBAC)](https://docs.logto.io/docs/recipes/rbac/) to get started with role-based access control."
     }
   ],
+  "components": {
+    "schemas": {
+      "ApplicationLegacySecret": {
+        "type": "string",
+        "deprecated": true,
+        "description": "The internal client secret. Note it is only used for internal validation, and the actual secrets should be retrieved from `/api/applications/{id}/secrets` endpoints."
+      }
+    }
+  },
   "paths": {
     "/api/applications": {
       "get": {
@@ -19,7 +28,21 @@
         ],
         "responses": {
           "200": {
-            "description": "A list of applications."
+            "description": "A list of applications.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "array",
+                  "items": {
+                    "properties": {
+                      "secret": {
+                        "$ref": "#/components/schemas/ApplicationLegacySecret"
+                      }
+                    }
+                  }
+                }
+              }
+            }
           }
         }
       },
@@ -49,7 +72,18 @@
         },
         "responses": {
           "200": {
-            "description": "The application was created successfully."
+            "description": "The application was created successfully.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "properties": {
+                    "secret": {
+                      "$ref": "#/components/schemas/ApplicationLegacySecret"
+                    }
+                  }
+                }
+              }
+            }
           },
           "422": {
             "description": "Validation error. Please check the request body."
@@ -63,7 +97,18 @@
         "description": "Get application details by ID.",
         "responses": {
           "200": {
-            "description": "Details of the application."
+            "description": "Details of the application.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "properties": {
+                    "secret": {
+                      "$ref": "#/components/schemas/ApplicationLegacySecret"
+                    }
+                  }
+                }
+              }
+            }
           },
           "404": {
             "description": "The application with the specified ID was not found."
@@ -88,7 +133,18 @@
         },
         "responses": {
           "200": {
-            "description": "The application was updated successfully."
+            "description": "The application was updated successfully.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "properties": {
+                    "secret": {
+                      "$ref": "#/components/schemas/ApplicationLegacySecret"
+                    }
+                  }
+                }
+              }
+            }
           },
           "404": {
             "description": "The application with the specified ID was not found."
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index a855aca49f11..535fd258374d 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -182,11 +182,9 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         );
       }
 
-      const getSecret = () =>
-        EnvSet.values.isDevFeaturesEnabled ? generateInternalSecret() : generateStandardSecret();
       const application = await queries.applications.insertApplication({
         id: generateStandardId(),
-        secret: getSecret(),
+        secret: generateInternalSecret(),
         oidcClientMetadata: buildOidcClientMetadata(oidcClientMetadata),
         ...conditional(
           rest.type === ApplicationType.Protected &&
@@ -196,7 +194,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         ...rest,
       });
 
-      if (EnvSet.values.isDevFeaturesEnabled && hasSecrets(application.type)) {
+      if (hasSecrets(application.type)) {
         await queries.applicationSecrets.insert({
           name: 'Default secret',
           applicationId: application.id,
diff --git a/packages/core/src/routes/init.ts b/packages/core/src/routes/init.ts
index 868e6b30c6bb..48eb5c32bcc8 100644
--- a/packages/core/src/routes/init.ts
+++ b/packages/core/src/routes/init.ts
@@ -66,9 +66,7 @@ const createRouters = (tenant: TenantContext) => {
   applicationRoleRoutes(managementRouter, tenant);
   applicationProtectedAppMetadataRoutes(managementRouter, tenant);
   applicationOrganizationRoutes(managementRouter, tenant);
-  if (EnvSet.values.isDevFeaturesEnabled) {
-    applicationSecretRoutes(managementRouter, tenant);
-  }
+  applicationSecretRoutes(managementRouter, tenant);
 
   // Third-party application related routes
   applicationUserConsentScopeRoutes(managementRouter, tenant);
diff --git a/packages/core/src/routes/organization/application/index.openapi.json b/packages/core/src/routes/organization/application/index.openapi.json
index ea939063355e..12c181190dc7 100644
--- a/packages/core/src/routes/organization/application/index.openapi.json
+++ b/packages/core/src/routes/organization/application/index.openapi.json
@@ -12,7 +12,21 @@
         "description": "Get applications associated with the organization.",
         "responses": {
           "200": {
-            "description": "A list of applications."
+            "description": "A list of applications.",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "array",
+                  "items": {
+                    "properties": {
+                      "secret": {
+                        "$ref": "#/components/schemas/ApplicationLegacySecret"
+                      }
+                    }
+                  }
+                }
+              }
+            }
           }
         }
       },
diff --git a/packages/core/src/routes/swagger/index.ts b/packages/core/src/routes/swagger/index.ts
index cfaf39a9e58c..0ce1172bbec7 100644
--- a/packages/core/src/routes/swagger/index.ts
+++ b/packages/core/src/routes/swagger/index.ts
@@ -27,6 +27,7 @@ import {
   devFeatureTag,
   findSupplementFiles,
   normalizePath,
+  pruneSwaggerDocument,
   removeUnnecessaryOperations,
   shouldThrow,
   validateSupplement,
@@ -299,6 +300,8 @@ export default function swaggerRoutes<T extends AnonymousRouter, R extends Route
       baseDocument
     );
 
+    pruneSwaggerDocument(data);
+
     if (EnvSet.values.isUnitTest) {
       getConsoleLogFromContext(ctx).warn('Skip validating swagger document in unit test.');
     }
diff --git a/packages/core/src/routes/swagger/utils/general.ts b/packages/core/src/routes/swagger/utils/general.ts
index 08fca2aa07dd..a8d7522c3fbb 100644
--- a/packages/core/src/routes/swagger/utils/general.ts
+++ b/packages/core/src/routes/swagger/utils/general.ts
@@ -2,7 +2,7 @@ import assert from 'node:assert';
 import fs from 'node:fs/promises';
 import path from 'node:path';
 
-import { isKeyInObject, type Optional } from '@silverhand/essentials';
+import { isKeyInObject, isObject, type Optional } from '@silverhand/essentials';
 import { OpenAPIV3 } from 'openapi-types';
 import { z } from 'zod';
 
@@ -264,3 +264,32 @@ export const removeUnnecessaryOperations = (
 };
 
 export const shouldThrow = () => !EnvSet.values.isProduction || EnvSet.values.isIntegrationTest;
+
+/**
+ * Remove all other properties when "$ref" is present in an object. Supplemental documents may
+ * contain "$ref" properties, which all other properties should be removed to prevent conflicts.
+ *
+ * **CAUTION**: This function mutates the input document.
+ */
+export const pruneSwaggerDocument = (document: OpenAPIV3.Document) => {
+  // eslint-disable-next-line @typescript-eslint/ban-types
+  const prune = (object: {}) => {
+    if (isKeyInObject(object, '$ref')) {
+      for (const key of Object.keys(object)) {
+        if (key !== '$ref') {
+          // @ts-expect-error -- intended
+          // eslint-disable-next-line @silverhand/fp/no-delete, @typescript-eslint/no-dynamic-delete
+          delete object[key];
+        }
+      }
+    }
+
+    for (const value of Object.values(object)) {
+      if (isObject(value)) {
+        prune(value);
+      }
+    }
+  };
+
+  prune(document);
+};
diff --git a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
index 3821be234012..40962bccce89 100644
--- a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
+++ b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
@@ -9,11 +9,11 @@ import {
   deleteApplicationSecret,
   getApplicationSecrets,
 } from '#src/api/application.js';
-import { devFeatureTest, randomString } from '#src/utils.js';
+import { randomString } from '#src/utils.js';
 
 const defaultSecretName = 'Default secret';
 
-devFeatureTest.describe('application secrets', () => {
+describe('application secrets', () => {
   const applications: Application[] = [];
   const createApplication = async (...args: Parameters<typeof createApplicationApi>) => {
     const created = await createApplicationApi(...args);
diff --git a/packages/schemas/tables/applications.sql b/packages/schemas/tables/applications.sql
index 3c8cfd313132..6645179f6569 100644
--- a/packages/schemas/tables/applications.sql
+++ b/packages/schemas/tables/applications.sql
@@ -7,6 +7,7 @@ create table applications (
     references tenants (id) on update cascade on delete cascade,
   id varchar(21) not null,
   name varchar(256) not null,
+  /** @deprecated The internal client secret. Note it is only used for internal validation, and the actual secret should be stored in the `application_secrets` table. You should NOT use it unless you are sure what you are doing. */
   secret varchar(64) not null,
   description text,
   type application_type not null,

From dce56eeb3f81266cbe19a55a8e3f222c7b720503 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sat, 27 Jul 2024 23:59:36 +0800
Subject: [PATCH 120/135] chore: launch multiple app secrets

---
 packages/core/src/routes/applications/application.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 535fd258374d..2537c59de53b 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -13,7 +13,6 @@ import { generateStandardId, generateStandardSecret } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
 import { boolean, object, string, z } from 'zod';
 
-import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
@@ -27,6 +26,8 @@ import applicationCustomDataRoutes from './application-custom-data.js';
 import { generateInternalSecret } from './application-secret.js';
 import { applicationCreateGuard, applicationPatchGuard } from './types.js';
 
+import { EnvSet } from '#src/src/env-set/index.js';
+
 const includesInternalAdminRole = (roles: Readonly<Array<{ role: Role }>>) =>
   roles.some(({ role: { name } }) => name === InternalRole.Admin);
 

From b777db5df5083bff4f8c689f19f07c89d39ddf60 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 11:04:36 +0800
Subject: [PATCH 121/135] refactor(core): use tsup for building

---
 package.json                                  |   1 +
 packages/core/nodemon.json                    |  17 --
 packages/core/package.json                    |   5 +-
 packages/core/tsconfig.base.json              |  13 --
 packages/core/tsconfig.build.json             |  10 --
 packages/core/tsconfig.json                   |  22 ++-
 packages/core/tsconfig.test.json              |   5 +-
 packages/core/tsup.config.ts                  |  11 ++
 packages/core/tsup.dev.config.ts              |   9 ++
 .../schemas/tsconfig.build.alterations.json   |   5 +-
 packages/schemas/tsconfig.build.gen.json      |   7 +-
 pnpm-lock.yaml                                | 145 ++++++++++++++----
 tsup.shared.config.ts                         |  10 ++
 13 files changed, 184 insertions(+), 76 deletions(-)
 delete mode 100644 packages/core/nodemon.json
 delete mode 100644 packages/core/tsconfig.base.json
 delete mode 100644 packages/core/tsconfig.build.json
 create mode 100644 packages/core/tsup.config.ts
 create mode 100644 packages/core/tsup.dev.config.ts
 create mode 100644 tsup.shared.config.ts

diff --git a/package.json b/package.json
index db517658c671..254f4b842497 100644
--- a/package.json
+++ b/package.json
@@ -31,6 +31,7 @@
     "@types/pg": "^8.6.6",
     "husky": "^9.0.0",
     "pg": "^8.8.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.0.0",
     "vite": "^5.3.4"
   },
diff --git a/packages/core/nodemon.json b/packages/core/nodemon.json
deleted file mode 100644
index ca594d4cb818..000000000000
--- a/packages/core/nodemon.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "exec": "tsc -p tsconfig.build.json --incremental && pnpm copy:apidocs && node ./build/index.js || exit 1",
-  "ignore": [
-    "node_modules/**/node_modules",
-    "../integration-tests/"
-  ],
-  "watch": [
-    "../*/lib/",
-    "../core/src/",
-    "../core/node_modules/",
-    ".env",
-    "../../.env",
-    "../connectors/*/lib/"
-  ],
-  "ext": "json,js,jsx,ts,tsx",
-  "delay": 500
-}
diff --git a/packages/core/package.json b/packages/core/package.json
index 92b45f9d6df7..e08ab66cc80f 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -13,11 +13,11 @@
   "scripts": {
     "precommit": "lint-staged",
     "copy:apidocs": "rsync -a -m --include '*/' --include '*.openapi.json' --exclude '*' src/routes/ build/routes/",
-    "build": "rm -rf build/ && tsc -p tsconfig.build.json && pnpm run copy:apidocs",
+    "build": "tsup",
     "build:test": "rm -rf build/ && tsc -p tsconfig.test.json --sourcemap && pnpm run copy:apidocs",
     "lint": "eslint --ext .ts --ext .json src",
     "lint:report": "pnpm lint --format json --output-file report.json",
-    "dev": "rm -rf build/ && nodemon",
+    "dev": "tsup --config tsup.dev.config.ts",
     "start": "NODE_ENV=production node .",
     "test:only": "NODE_OPTIONS=\"--experimental-vm-modules --max_old_space_size=4096\" jest --logHeapUsage",
     "test": "pnpm build:test && pnpm test:only",
@@ -127,6 +127,7 @@
     "prettier": "^3.0.0",
     "sinon": "^18.0.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3"
   },
   "engines": {
diff --git a/packages/core/tsconfig.base.json b/packages/core/tsconfig.base.json
deleted file mode 100644
index ff6206ddf1b1..000000000000
--- a/packages/core/tsconfig.base.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "extends": "@silverhand/ts-config/tsconfig.base",
-  "compilerOptions": {
-    "declaration": false,
-    "outDir": "build",
-    "baseUrl": ".",
-    "paths": {
-      "#src/*": [
-        "src/*"
-      ]
-    }
-  }
-}
diff --git a/packages/core/tsconfig.build.json b/packages/core/tsconfig.build.json
deleted file mode 100644
index 988844c2c4d7..000000000000
--- a/packages/core/tsconfig.build.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-  "extends": "./tsconfig.base",
-  "include": [
-    "src"
-  ],
-  "exclude": [
-    "src/**/*.test.ts",
-    "src/**/__mocks__/",
-  ]
-}
diff --git a/packages/core/tsconfig.json b/packages/core/tsconfig.json
index 657642e2fe02..19c4ed1602e1 100644
--- a/packages/core/tsconfig.json
+++ b/packages/core/tsconfig.json
@@ -1,7 +1,23 @@
 {
-  "extends": "./tsconfig.base",
+  "extends": "@silverhand/ts-config/tsconfig.base",
   "compilerOptions": {
-    "types": ["node", "jest", "jest-matcher-specific-error"]
+    "declaration": false,
+    "outDir": "build",
+    "baseUrl": ".",
+    "paths": {
+      "#src/*": [
+        "src/*"
+      ]
+    },
+    "types": [
+      "node",
+      "jest",
+      "jest-matcher-specific-error"
+    ]
   },
-  "include": ["src"]
+  "include": [
+    "src",
+    "*.config.ts",
+    "*.setup.ts"
+  ]
 }
diff --git a/packages/core/tsconfig.test.json b/packages/core/tsconfig.test.json
index 1424a155592b..e5b8400beece 100644
--- a/packages/core/tsconfig.test.json
+++ b/packages/core/tsconfig.test.json
@@ -3,5 +3,8 @@
   "compilerOptions": {
     "isolatedModules": false,
     "allowJs": true,
-  }
+  },
+  "include": [
+    "src/"
+  ]
 }
diff --git a/packages/core/tsup.config.ts b/packages/core/tsup.config.ts
new file mode 100644
index 000000000000..5cf5e1139b2f
--- /dev/null
+++ b/packages/core/tsup.config.ts
@@ -0,0 +1,11 @@
+import { defineConfig, type Options } from 'tsup';
+
+import { defaultConfig } from '../../tsup.shared.config.js';
+
+export const config = Object.freeze({
+  ...defaultConfig,
+  outDir: 'build',
+  onSuccess: 'pnpm run copy:apidocs',
+} satisfies Options);
+
+export default defineConfig(config);
diff --git a/packages/core/tsup.dev.config.ts b/packages/core/tsup.dev.config.ts
new file mode 100644
index 000000000000..b2c6b1aec0a7
--- /dev/null
+++ b/packages/core/tsup.dev.config.ts
@@ -0,0 +1,9 @@
+import { defineConfig } from 'tsup';
+
+import { config as baseConfig } from './tsup.config.js';
+
+export default defineConfig({
+  ...baseConfig,
+  watch: ['src/**/*.ts', '.env', '../../.env', '../connectors/*/lib/'],
+  onSuccess: baseConfig.onSuccess + ' && node ./build/index.js',
+});
diff --git a/packages/schemas/tsconfig.build.alterations.json b/packages/schemas/tsconfig.build.alterations.json
index 96cde8fa1206..5e7569a3454a 100644
--- a/packages/schemas/tsconfig.build.alterations.json
+++ b/packages/schemas/tsconfig.build.alterations.json
@@ -1,8 +1,11 @@
 {
   "extends": "./tsconfig",
   "compilerOptions": {
+    "declaration": false,
     "outDir": "alterations-js",
   },
-  "include": ["alterations"],
+  "include": [
+    "alterations"
+  ],
   "exclude": []
 }
diff --git a/packages/schemas/tsconfig.build.gen.json b/packages/schemas/tsconfig.build.gen.json
index eeed8fa29a52..0ed58c7cf924 100644
--- a/packages/schemas/tsconfig.build.gen.json
+++ b/packages/schemas/tsconfig.build.gen.json
@@ -1,4 +1,9 @@
 {
   "extends": "./tsconfig",
-  "include": ["src/gen"]
+  "compilerOptions": {
+    "declaration": false,
+  },
+  "include": [
+    "src/gen"
+  ]
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 7ec723e6dca2..b7bd1bc79507 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -36,6 +36,9 @@ importers:
       pg:
         specifier: ^8.8.0
         version: 8.8.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2))(typescript@5.0.2)
       typescript:
         specifier: ^5.0.0
         version: 5.0.2
@@ -3421,7 +3424,7 @@ importers:
         version: 8.57.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -3449,6 +3452,9 @@ importers:
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -3855,7 +3861,7 @@ importers:
         version: 10.0.0
       jest:
         specifier: ^29.7.0
-        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+        version: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       jest-matcher-specific-error:
         specifier: ^1.0.0
         version: 1.0.0
@@ -14896,7 +14902,7 @@ snapshots:
       - supports-color
       - ts-node
 
-  '@jest/core@29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))':
+  '@jest/core@29.7.0(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))':
     dependencies:
       '@jest/console': 29.7.0
       '@jest/reporters': 29.7.0
@@ -14910,7 +14916,7 @@ snapshots:
       exit: 0.1.2
       graceful-fs: 4.2.11
       jest-changed-files: 29.7.0
-      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      jest-config: 29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       jest-haste-map: 29.7.0
       jest-message-util: 29.7.0
       jest-regex-util: 29.6.3
@@ -17859,13 +17865,13 @@ snapshots:
     dependencies:
       lodash.get: 4.4.2
 
-  create-jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
+  create-jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
       '@jest/types': 29.6.3
       chalk: 4.1.2
       exit: 0.1.2
       graceful-fs: 4.2.11
-      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       jest-util: 29.7.0
       prompts: 2.4.2
     transitivePeerDependencies:
@@ -18180,10 +18186,6 @@ snapshots:
 
   debounce@1.2.1: {}
 
-  debug@3.2.7:
-    dependencies:
-      ms: 2.1.3
-
   debug@3.2.7(supports-color@5.5.0):
     dependencies:
       ms: 2.1.3
@@ -18659,7 +18661,7 @@ snapshots:
 
   eslint-import-resolver-node@0.3.9:
     dependencies:
-      debug: 3.2.7
+      debug: 3.2.7(supports-color@5.5.0)
       is-core-module: 2.13.1
       resolve: 1.22.8
     transitivePeerDependencies:
@@ -18684,7 +18686,7 @@ snapshots:
 
   eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
-      debug: 3.2.7
+      debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
@@ -18717,7 +18719,7 @@ snapshots:
       array.prototype.findlastindex: 1.2.5
       array.prototype.flat: 1.3.2
       array.prototype.flatmap: 1.3.2
-      debug: 3.2.7
+      debug: 3.2.7(supports-color@5.5.0)
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
@@ -20195,16 +20197,16 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-cli@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
+  jest-cli@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       '@jest/test-result': 29.7.0
       '@jest/types': 29.6.3
       chalk: 4.1.2
-      create-jest: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      create-jest: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       exit: 0.1.2
       import-local: 3.1.0
-      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      jest-config: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       jest-util: 29.7.0
       jest-validate: 29.7.0
       yargs: 17.7.2
@@ -20233,7 +20235,7 @@ snapshots:
       - supports-color
       - ts-node
 
-  jest-config@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
+  jest-config@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20259,7 +20261,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.10.4
-      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.5.3)
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20295,7 +20297,7 @@ snapshots:
       - babel-plugin-macros
       - supports-color
 
-  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
+  jest-config@29.7.0(@types/node@20.12.7)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
       '@babel/core': 7.24.4
       '@jest/test-sequencer': 29.7.0
@@ -20321,7 +20323,7 @@ snapshots:
       strip-json-comments: 3.1.1
     optionalDependencies:
       '@types/node': 20.12.7
-      ts-node: 10.9.2(@types/node@20.10.4)(typescript@5.5.3)
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)
     transitivePeerDependencies:
       - babel-plugin-macros
       - supports-color
@@ -20634,12 +20636,12 @@ snapshots:
       merge-stream: 2.0.0
       supports-color: 8.1.1
 
-  jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3)):
+  jest@29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)):
     dependencies:
-      '@jest/core': 29.7.0(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      '@jest/core': 29.7.0(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
       '@jest/types': 29.6.3
       import-local: 3.1.0
-      jest-cli: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3))
+      jest-cli: 29.7.0(@types/node@20.10.4)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
     transitivePeerDependencies:
       - '@types/node'
       - babel-plugin-macros
@@ -22567,6 +22569,22 @@ snapshots:
 
   possible-typed-array-names@1.0.0: {}
 
+  postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)):
+    dependencies:
+      lilconfig: 3.1.2
+      yaml: 2.4.5
+    optionalDependencies:
+      postcss: 8.4.39
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)
+
+  postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2)):
+    dependencies:
+      lilconfig: 3.1.2
+      yaml: 2.4.5
+    optionalDependencies:
+      postcss: 8.4.39
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2)
+
   postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3)):
     dependencies:
       lilconfig: 3.1.2
@@ -24190,14 +24208,14 @@ snapshots:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
     optional: true
 
-  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3):
+  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
       '@tsconfig/node10': 1.0.9
       '@tsconfig/node12': 1.0.11
       '@tsconfig/node14': 1.0.3
       '@tsconfig/node16': 1.0.4
-      '@types/node': 20.12.7
+      '@types/node': 20.10.4
       acorn: 8.11.3
       acorn-walk: 8.3.2
       arg: 4.1.3
@@ -24211,14 +24229,35 @@ snapshots:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
     optional: true
 
-  ts-node@10.9.2(@types/node@20.10.4)(typescript@5.5.3):
+  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
       '@tsconfig/node10': 1.0.9
       '@tsconfig/node12': 1.0.11
       '@tsconfig/node14': 1.0.3
       '@tsconfig/node16': 1.0.4
-      '@types/node': 20.10.4
+      '@types/node': 20.12.7
+      acorn: 8.11.3
+      acorn-walk: 8.3.2
+      arg: 4.1.3
+      create-require: 1.1.1
+      diff: 4.0.2
+      make-error: 1.3.6
+      typescript: 5.0.2
+      v8-compile-cache-lib: 3.0.1
+      yn: 3.1.1
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+    optional: true
+
+  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3):
+    dependencies:
+      '@cspotcode/source-map-support': 0.8.1
+      '@tsconfig/node10': 1.0.9
+      '@tsconfig/node12': 1.0.11
+      '@tsconfig/node14': 1.0.3
+      '@tsconfig/node16': 1.0.4
+      '@types/node': 20.12.7
       acorn: 8.11.3
       acorn-walk: 8.3.2
       arg: 4.1.3
@@ -24228,6 +24267,8 @@ snapshots:
       typescript: 5.5.3
       v8-compile-cache-lib: 3.0.1
       yn: 3.1.1
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
     optional: true
 
   tsconfig-paths@3.15.0:
@@ -24247,6 +24288,54 @@ snapshots:
 
   tsscmp@1.0.6: {}
 
+  tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))(typescript@5.5.3):
+    dependencies:
+      bundle-require: 4.2.1(esbuild@0.21.5)
+      cac: 6.7.14
+      chokidar: 3.5.3
+      debug: 4.3.4
+      esbuild: 0.21.5
+      execa: 5.1.1
+      globby: 11.1.0
+      joycon: 3.1.1
+      postcss-load-config: 4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))
+      resolve-from: 5.0.0
+      rollup: 4.14.3
+      source-map: 0.8.0-beta.0
+      sucrase: 3.35.0
+      tree-kill: 1.2.2
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+      postcss: 8.4.39
+      typescript: 5.5.3
+    transitivePeerDependencies:
+      - supports-color
+      - ts-node
+
+  tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2))(typescript@5.0.2):
+    dependencies:
+      bundle-require: 4.2.1(esbuild@0.21.5)
+      cac: 6.7.14
+      chokidar: 3.5.3
+      debug: 4.3.4
+      esbuild: 0.21.5
+      execa: 5.1.1
+      globby: 11.1.0
+      joycon: 3.1.1
+      postcss-load-config: 4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2))
+      resolve-from: 5.0.0
+      rollup: 4.14.3
+      source-map: 0.8.0-beta.0
+      sucrase: 3.35.0
+      tree-kill: 1.2.2
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+      postcss: 8.4.39
+      typescript: 5.0.2
+    transitivePeerDependencies:
+      - supports-color
+      - ts-node
+
   tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3))(typescript@5.5.3):
     dependencies:
       bundle-require: 4.2.1(esbuild@0.21.5)
diff --git a/tsup.shared.config.ts b/tsup.shared.config.ts
new file mode 100644
index 000000000000..84962626169d
--- /dev/null
+++ b/tsup.shared.config.ts
@@ -0,0 +1,10 @@
+import { type Options } from 'tsup';
+
+export const defaultConfig = Object.freeze({
+  entry: ['src/index.ts'],
+  outDir: 'lib',
+  format: ['esm'],
+  dts: false,
+  sourcemap: true,
+  clean: true,
+} satisfies Options);

From 85c873b3b15404cfb71c288653816dff7a0f4998 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 11:32:45 +0800
Subject: [PATCH 122/135] refactor: use tsup for building

---
 packages/integration-tests/package.json   |  3 ++-
 packages/integration-tests/tsup.config.ts | 10 ++++++++++
 pnpm-lock.yaml                            | 21 ++++++++++++---------
 3 files changed, 24 insertions(+), 10 deletions(-)
 create mode 100644 packages/integration-tests/tsup.config.ts

diff --git a/packages/integration-tests/package.json b/packages/integration-tests/package.json
index 4436bb969748..00e0fa64df12 100644
--- a/packages/integration-tests/package.json
+++ b/packages/integration-tests/package.json
@@ -10,7 +10,7 @@
     "#src/*": "./lib/*"
   },
   "scripts": {
-    "build": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
+    "build": "tsup",
     "test:only": "NODE_OPTIONS=--experimental-vm-modules jest",
     "test": "pnpm build && pnpm test:api && pnpm test:experience && pnpm test:console",
     "test:api": "pnpm test:only -i ./lib/tests/api/",
@@ -47,6 +47,7 @@
     "openapi-types": "^12.1.3",
     "prettier": "^3.0.0",
     "puppeteer": "^22.6.5",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "zod": "^3.23.8"
   },
diff --git a/packages/integration-tests/tsup.config.ts b/packages/integration-tests/tsup.config.ts
new file mode 100644
index 000000000000..f715b3651a28
--- /dev/null
+++ b/packages/integration-tests/tsup.config.ts
@@ -0,0 +1,10 @@
+import { defineConfig, type Options } from 'tsup';
+
+import { defaultConfig } from '../../tsup.shared.config.js';
+
+export const config = Object.freeze({
+  ...defaultConfig,
+  entry: ['src/**/*.ts'],
+} satisfies Options);
+
+export default defineConfig(config);
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index b7bd1bc79507..bf4e1f97a14f 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3886,6 +3886,9 @@ importers:
       puppeteer:
         specifier: ^22.6.5
         version: 22.6.5(typescript@5.5.3)
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -15734,10 +15737,10 @@ snapshots:
       eslint-config-prettier: 9.1.0(eslint@8.57.0)
       eslint-config-xo: 0.44.0(eslint@8.57.0)
       eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
       eslint-plugin-consistent-default-export-name: 0.0.15
       eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       eslint-plugin-n: 17.2.1(eslint@8.57.0)
       eslint-plugin-no-use-extend-native: 0.5.0
       eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0)
@@ -18667,13 +18670,13 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0):
     dependencies:
       debug: 4.3.4
       enhanced-resolve: 5.16.0
       eslint: 8.57.0
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
-      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0)
       fast-glob: 3.3.2
       get-tsconfig: 4.7.3
       is-core-module: 2.13.1
@@ -18684,14 +18687,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
     dependencies:
       debug: 3.2.7(supports-color@5.5.0)
     optionalDependencies:
       '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3)
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -18713,7 +18716,7 @@ snapshots:
       eslint: 8.57.0
       ignore: 5.3.1
 
-  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0):
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0):
     dependencies:
       array-includes: 3.1.8
       array.prototype.findlastindex: 1.2.5
@@ -18723,7 +18726,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 8.57.0
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0)
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0)
       hasown: 2.0.2
       is-core-module: 2.13.1
       is-glob: 4.0.3

From 01df8f46a2d4ea7938e73acc3135f4e7597aedf8 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 11:47:40 +0800
Subject: [PATCH 123/135] refactor(console): improve ux

---
 .../fragments/_add-authentication.mdx         |   2 +-
 .../assets/docs/guides/web-express/README.mdx |   2 +-
 .../src/assets/docs/guides/web-go/README.mdx  |   2 +-
 .../guides/web-java-spring-boot/README.mdx    |   2 +-
 .../guides/web-next-app-router/README.mdx     |   2 +-
 .../docs/guides/web-next-auth/README.mdx      |   2 +-
 .../assets/docs/guides/web-next/README.mdx    |   2 +-
 .../assets/docs/guides/web-nuxt/README.mdx    |   4 +-
 .../src/assets/docs/guides/web-php/README.mdx |   2 +-
 .../assets/docs/guides/web-python/README.mdx  |   2 +-
 .../assets/docs/guides/web-ruby/README.mdx    |   4 +-
 .../docs/guides/web-sveltekit/README.mdx      |   2 +-
 .../CopyToClipboard/index.module.scss         |  27 +++--
 .../ds-components/CopyToClipboard/index.tsx   |  13 ++-
 .../CreateSecretModal.tsx                     |   2 +-
 .../EndpointsAndCredentials/index.module.scss |  39 +++++++
 .../index.tsx}                                |  80 ++++----------
 .../use-secret-table-columns.tsx              | 100 ++++++++++++++++++
 .../GuideDrawer/index.tsx                     |   5 +-
 .../index.module.scss                         |  29 -----
 .../ApplicationDetailsContent/index.tsx       |   7 +-
 .../ApplicationDetails/GuideModal/index.tsx   |  14 ++-
 .../components/AppGuide/index.tsx             |  31 +++---
 .../src/pages/ApplicationDetails/index.tsx    |  30 ++++--
 .../src/routes/applications/application.ts    |   3 +-
 .../admin-console/application-details.ts      |   4 +-
 26 files changed, 256 insertions(+), 156 deletions(-)
 create mode 100644 packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss
 rename packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/{EndpointsAndCredentials.tsx => EndpointsAndCredentials/index.tsx} (80%)
 create mode 100644 packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx

diff --git a/packages/console/src/assets/docs/guides/web-dotnet-core-mvc/fragments/_add-authentication.mdx b/packages/console/src/assets/docs/guides/web-dotnet-core-mvc/fragments/_add-authentication.mdx
index 34b1fe74690c..62a183eab90a 100644
--- a/packages/console/src/assets/docs/guides/web-dotnet-core-mvc/fragments/_add-authentication.mdx
+++ b/packages/console/src/assets/docs/guides/web-dotnet-core-mvc/fragments/_add-authentication.mdx
@@ -9,7 +9,7 @@ builder.Services.AddLogtoAuthentication(options =>
 {
   options.Endpoint = "${props.endpoint}";
   options.AppId = "${props.app.id}";
-  options.AppSecret = "${props.app.secret}";
+  options.AppSecret = "${props.secrets[0]?.value ?? props.app.secret}";
 });
 
 app.UseAuthentication();`}
diff --git a/packages/console/src/assets/docs/guides/web-express/README.mdx b/packages/console/src/assets/docs/guides/web-express/README.mdx
index 4325a9645898..9fcb5f7a3361 100644
--- a/packages/console/src/assets/docs/guides/web-express/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-express/README.mdx
@@ -31,7 +31,7 @@ Prepare configuration for the Logto client:
 const config: LogtoExpressConfig = {
   endpoint: '${props.endpoint}',
   appId: '${props.app.id}',
-  appSecret: '${props.app.secret}',
+  appSecret: '${props.secrets[0]?.value ?? props.app.secret}',
   baseUrl: 'http://localhost:3000', // Change to your own base URL
 };
 `}
diff --git a/packages/console/src/assets/docs/guides/web-go/README.mdx b/packages/console/src/assets/docs/guides/web-go/README.mdx
index 26e34567b4a1..478f88527a25 100644
--- a/packages/console/src/assets/docs/guides/web-go/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-go/README.mdx
@@ -145,7 +145,7 @@ First, create a Logto config:
     logtoConfig := &client.LogtoConfig{
         Endpoint:           "${props.endpoint}",
         AppId:              "${props.app.id}",
-        AppSecret:          "${props.app.secret}",
+        AppSecret:          "${props.secrets[0]?.value ?? props.app.secret}",
     }
 
     // ...
diff --git a/packages/console/src/assets/docs/guides/web-java-spring-boot/README.mdx b/packages/console/src/assets/docs/guides/web-java-spring-boot/README.mdx
index 92625af90a4a..80f83361dc63 100644
--- a/packages/console/src/assets/docs/guides/web-java-spring-boot/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-java-spring-boot/README.mdx
@@ -63,7 +63,7 @@ Add the following configuration to your `application.properties` file:
 <Code className="language-properties" title="application.properties">
     {`spring.security.oauth2.client.registration.logto.client-name=logto
 spring.security.oauth2.client.registration.logto.client-id=${props.app.id}
-spring.security.oauth2.client.registration.logto.client-secret=${props.app.secret}
+spring.security.oauth2.client.registration.logto.client-secret=${props.secrets[0]?.value ?? props.app.secret}
 spring.security.oauth2.client.registration.logto.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
 spring.security.oauth2.client.registration.logto.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.logto.scope=openid,profile,email,offline_access
diff --git a/packages/console/src/assets/docs/guides/web-next-app-router/README.mdx b/packages/console/src/assets/docs/guides/web-next-app-router/README.mdx
index 5c6196036dfc..1ca7e4091587 100644
--- a/packages/console/src/assets/docs/guides/web-next-app-router/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-next-app-router/README.mdx
@@ -26,7 +26,7 @@ Prepare configuration for the Logto client:
     {`export const logtoConfig = {
   endpoint: '${props.endpoint}',
   appId: '${props.app.id}',
-  appSecret: '${props.app.secret}',
+  appSecret: '${props.secrets[0]?.value ?? props.app.secret}',
   baseUrl: 'http://localhost:3000', // Change to your own base URL
   cookieSecret: '${generateStandardSecret()}', // Auto-generated 32 digit secret
   cookieSecure: process.env.NODE_ENV === 'production',
diff --git a/packages/console/src/assets/docs/guides/web-next-auth/README.mdx b/packages/console/src/assets/docs/guides/web-next-auth/README.mdx
index badcf966507e..f9959c3bc528 100644
--- a/packages/console/src/assets/docs/guides/web-next-auth/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-next-auth/README.mdx
@@ -45,7 +45,7 @@ const handler = NextAuth({
       wellKnown: '${props.endpoint}oidc/.well-known/openid-configuration',
       authorization: { params: { scope: 'openid offline_access profile email' } },
       clientId: '${props.app.id}'',
-      clientSecret: '${props.app.secret}',
+      clientSecret: '${props.secrets[0]?.value ?? props.app.secret}',
       client: {
         id_token_signed_response_alg: 'ES384',
       },
diff --git a/packages/console/src/assets/docs/guides/web-next/README.mdx b/packages/console/src/assets/docs/guides/web-next/README.mdx
index 961465f691ca..6cb14c8c16fa 100644
--- a/packages/console/src/assets/docs/guides/web-next/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-next/README.mdx
@@ -28,7 +28,7 @@ Import and initialize LogtoClient:
 export const logtoClient = new LogtoClient({
   endpoint: '${props.endpoint}',
   appId: '${props.app.id}',
-  appSecret: '${props.app.secret}',
+  appSecret: '${props.secrets[0]?.value ?? props.app.secret}',
   baseUrl: '${defaultBaseUrl}', // Change to your own base URL
   cookieSecret: '${generateStandardSecret()}', // Auto-generated 32 digit secret
   cookieSecure: process.env.NODE_ENV === 'production',
diff --git a/packages/console/src/assets/docs/guides/web-nuxt/README.mdx b/packages/console/src/assets/docs/guides/web-nuxt/README.mdx
index b274d4849e78..29c58fa66638 100644
--- a/packages/console/src/assets/docs/guides/web-nuxt/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-nuxt/README.mdx
@@ -35,7 +35,7 @@ In your Nuxt config file, add the Logto module and configure it:
     logto: {
       endpoint: '${props.endpoint}',
       appId: '${props.app.id}',
-      appSecret: '${props.app.secret}',
+      appSecret: '${props.secrets[0]?.value ?? props.app.secret}',
       cookieEncryptionKey: '${cookieEncryptionKey}', // Random-generated
     },
   },
@@ -48,7 +48,7 @@ Since these information are sensitive, it's recommended to use environment varia
 <Code title=".env" className="language-bash">
     {`NUXT_LOGTO_ENDPOINT=${props.endpoint}
 NUXT_LOGTO_APP_ID=${props.app.id}
-NUXT_LOGTO_APP_SECRET=${props.app.secret}
+NUXT_LOGTO_APP_SECRET=${props.secrets[0]?.value ?? props.app.secret}
 NUXT_LOGTO_COOKIE_ENCRYPTION_KEY=${cookieEncryptionKey} # Random-generated
 `}
 </Code>
diff --git a/packages/console/src/assets/docs/guides/web-php/README.mdx b/packages/console/src/assets/docs/guides/web-php/README.mdx
index 6dfe1d3d7afe..32ea660d4fa5 100644
--- a/packages/console/src/assets/docs/guides/web-php/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-php/README.mdx
@@ -35,7 +35,7 @@ $client = new LogtoClient(
   new LogtoConfig(
     endpoint: "${props.endpoint}",
     appId: "${props.app.id}",
-    appSecret: "${props.app.secret}",
+    appSecret: "${props.secrets[0]?.value ?? props.app.secret}",
   ),
 );`}
 </Code>
diff --git a/packages/console/src/assets/docs/guides/web-python/README.mdx b/packages/console/src/assets/docs/guides/web-python/README.mdx
index 52fd2300a3bf..1616da8d3903 100644
--- a/packages/console/src/assets/docs/guides/web-python/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-python/README.mdx
@@ -32,7 +32,7 @@ client = LogtoClient(
     LogtoConfig(
         endpoint="${props.endpoint}",
         appId="${props.app.id}",
-        appSecret="${props.app.secret}",
+        appSecret="${props.secrets[0]?.value ?? props.app.secret}",
     )
 )`}
 </Code>
diff --git a/packages/console/src/assets/docs/guides/web-ruby/README.mdx b/packages/console/src/assets/docs/guides/web-ruby/README.mdx
index 63d9e9e54709..89f05318152e 100644
--- a/packages/console/src/assets/docs/guides/web-ruby/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-ruby/README.mdx
@@ -41,7 +41,7 @@ In the file where you want to initialize the Logto client (e.g. a base controlle
   config: LogtoClient::Config.new(
     endpoint: "${props.endpoint}",
     app_id: "${props.app.id}",
-    app_secret: "${props.app.secret}"
+    app_secret: "${props.secrets[0]?.value ?? props.app.secret}"
   ),
   navigate: ->(uri) { a_redirect_method(uri) },
   storage: LogtoClient::SessionStorage.new(the_session_object)
@@ -64,7 +64,7 @@ class SampleController < ApplicationController
       config: LogtoClient::Config.new(
         endpoint: "${props.endpoint}",
         app_id: "${props.app.id}",
-        app_secret: "${props.app.secret}"
+        app_secret: "${props.secrets[0]?.value ?? props.app.secret}"
       ),
       # Allow the client to redirect to other hosts (i.e. your Logto tenant)
       navigate: ->(uri) { redirect_to(uri, allow_other_host: true) },
diff --git a/packages/console/src/assets/docs/guides/web-sveltekit/README.mdx b/packages/console/src/assets/docs/guides/web-sveltekit/README.mdx
index bd3614276915..d3b1cbff7b88 100644
--- a/packages/console/src/assets/docs/guides/web-sveltekit/README.mdx
+++ b/packages/console/src/assets/docs/guides/web-sveltekit/README.mdx
@@ -40,7 +40,7 @@ export const handle = handleLogto(
   {
     endpoint: '${props.endpoint}',
     appId: '${props.app.id}',
-    appSecret: '${props.app.secret}',
+    appSecret: '${props.secrets[0]?.value ?? props.app.secret}',
   },
   { encryptionKey: '${cookieEncryptionKey}' } // Random-generated key
 );`}
diff --git a/packages/console/src/ds-components/CopyToClipboard/index.module.scss b/packages/console/src/ds-components/CopyToClipboard/index.module.scss
index 1e5779006780..3989a2726d75 100644
--- a/packages/console/src/ds-components/CopyToClipboard/index.module.scss
+++ b/packages/console/src/ds-components/CopyToClipboard/index.module.scss
@@ -28,36 +28,34 @@
     align-items: center;
     justify-content: space-between;
     cursor: text;
+    gap: _.unit(2);
 
     .content {
       flex: 1;
       overflow: hidden;
       text-overflow: ellipsis;
+      display: inline-flex;
+      align-items: center;
+      gap: _.unit(2);
+      margin-right: _.unit(1);
+      flex-wrap: nowrap;
 
       &.wrapContent {
         text-overflow: unset;
         word-break: break-all;
       }
     }
-
-    .copyToolTipAnchor {
-      margin-left: _.unit(2);
-    }
   }
 
   &.default {
     .row {
-      .copyToolTipAnchor {
-        margin-left: _.unit(3);
-      }
+      gap: _.unit(2);
     }
   }
 
   &.small {
     .row {
-      .copyToolTipAnchor {
-        margin-left: _.unit(1);
-      }
+      gap: _.unit(0.5);
 
       .iconButton {
         height: 20px;
@@ -72,4 +70,13 @@
       }
     }
   }
+
+  .dot {
+    flex-shrink: 0;
+    display: inline-block;
+    width: 6px;
+    height: 6px;
+    border-radius: 50%;
+    background: var(--color-text-secondary);
+  }
 }
diff --git a/packages/console/src/ds-components/CopyToClipboard/index.tsx b/packages/console/src/ds-components/CopyToClipboard/index.tsx
index 962ff8406e90..2fe3e52f2f60 100644
--- a/packages/console/src/ds-components/CopyToClipboard/index.tsx
+++ b/packages/console/src/ds-components/CopyToClipboard/index.tsx
@@ -60,7 +60,10 @@ function CopyToClipboard(
       return value;
     }
 
-    return '•'.repeat(value.length);
+    return Array.from({ length: Math.max(Math.floor((value.length / 5) * 3), 1) }).map(
+      // eslint-disable-next-line react/no-array-index-key -- No need to persist the key
+      (_, index) => <span key={index} className={styles.dot} />
+    );
   }, [hasVisibilityToggle, showHiddenContent, value]);
 
   useEffect(() => {
@@ -107,7 +110,7 @@ function CopyToClipboard(
         {variant !== 'icon' && (
           <div
             className={classNames(styles.content, isWordWrapAllowed && styles.wrapContent)}
-            style={valueStyle}
+            style={{ width: `${value.length}ch`, ...valueStyle }}
           >
             {displayValue}
           </div>
@@ -124,11 +127,7 @@ function CopyToClipboard(
             </IconButton>
           </Tooltip>
         )}
-        <Tooltip
-          isSuccessful={copyState === 'copied'}
-          anchorClassName={styles.copyToolTipAnchor}
-          content={t(copyState)}
-        >
+        <Tooltip isSuccessful={copyState === 'copied'} content={t(copyState)}>
           <IconButton
             ref={copyIconReference}
             className={styles.iconButton}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
index c548dd8fef30..e39e4e45c8ca 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
@@ -36,7 +36,7 @@ function CreateSecretModal({ appId, isOpen, onClose }: Props) {
     formState: { errors, isSubmitting },
     handleSubmit,
     reset,
-  } = useForm<FormData>({ defaultValues: { name: '', expiration: String(days[0]) } });
+  } = useForm<FormData>({ defaultValues: { name: '', expiration: neverExpires } });
   const onCloseHandler = useCallback(
     (created?: ApplicationSecret) => {
       reset();
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss
new file mode 100644
index 000000000000..c017eeb912c6
--- /dev/null
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss
@@ -0,0 +1,39 @@
+@use '@/scss/underscore' as _;
+
+.customEndpointNotes {
+  margin-top: _.unit(6);
+  font: var(--font-body-2);
+  color: var(--color-text-secondary);
+}
+
+.fieldButton {
+  margin-top: _.unit(2);
+}
+
+.trailingIcon {
+  width: 16px;
+  height: 16px;
+}
+
+button.add {
+  margin-top: _.unit(2);
+}
+
+.table {
+  margin-top: _.unit(2);
+  word-break: break-word;
+}
+
+.empty {
+  font: var(--font-body-2);
+  color: var(--color-text-secondary);
+  margin: _.unit(3) 0;
+}
+
+.expired {
+  color: var(--color-text-secondary);
+}
+
+.copyToClipboard {
+  width: fit-content;
+}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx
similarity index 80%
rename from packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
rename to packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx
index 942145a91023..b57b89e3f2fa 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx
@@ -1,5 +1,4 @@
 import {
-  type ApplicationSecret,
   DomainStatus,
   type Application,
   type SnakeCaseOidcConfig,
@@ -15,7 +14,6 @@ import CaretDown from '@/assets/icons/caret-down.svg?react';
 import CaretUp from '@/assets/icons/caret-up.svg?react';
 import CirclePlus from '@/assets/icons/circle-plus.svg?react';
 import Plus from '@/assets/icons/plus.svg?react';
-import ActionsButton from '@/components/ActionsButton';
 import FormCard from '@/components/FormCard';
 import { openIdProviderConfigPath, openIdProviderPath } from '@/consts/oidc';
 import { AppDataContext } from '@/contexts/AppDataProvider';
@@ -24,19 +22,18 @@ import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import DynamicT from '@/ds-components/DynamicT';
 import FormField from '@/ds-components/FormField';
 import Table from '@/ds-components/Table';
-import { type Column } from '@/ds-components/Table/types';
 import TextLink from '@/ds-components/TextLink';
-import useApi, { type RequestError } from '@/hooks/use-api';
+import { type RequestError } from '@/hooks/use-api';
 import useCustomDomain from '@/hooks/use-custom-domain';
 
-import CreateSecretModal from './CreateSecretModal';
+import CreateSecretModal from '../CreateSecretModal';
+
 import styles from './index.module.scss';
+import { type ApplicationSecretRow, useSecretTableColumns } from './use-secret-table-columns';
 
-const isLegacySecret = (secret: string) => !secret.startsWith(internalPrefix);
+export { type ApplicationSecretRow } from './use-secret-table-columns';
 
-type ApplicationSecretRow = Pick<ApplicationSecret, 'name' | 'value' | 'expiresAt'> & {
-  isLegacy?: boolean;
-};
+const isLegacySecret = (secret: string) => !secret.startsWith(internalPrefix);
 
 type Props = {
   readonly app: Application;
@@ -55,7 +52,6 @@ function EndpointsAndCredentials({
   const { data: customDomain, applyDomain: applyCustomDomain } = useCustomDomain();
   const [showCreateSecretModal, setShowCreateSecretModal] = useState(false);
   const secrets = useSWR<ApplicationSecretRow[], RequestError>(`api/applications/${id}/secrets`);
-  const api = useApi();
   const shouldShowAppSecrets = hasSecrets(type);
 
   const toggleShowMoreEndpoints = useCallback(() => {
@@ -80,57 +76,21 @@ function EndpointsAndCredentials({
     ],
     [secret, secrets.data, t]
   );
-  const tableColumns: Array<Column<ApplicationSecretRow>> = useMemo(
-    () => [
-      {
-        title: t('general.name'),
-        dataIndex: 'name',
-        colSpan: 3,
-        render: ({ name }) => <span>{name}</span>,
-      },
-      {
-        title: t('application_details.secrets.value'),
-        dataIndex: 'value',
-        colSpan: 6,
-        render: ({ value }) => (
-          <CopyToClipboard hasVisibilityToggle displayType="block" value={value} variant="text" />
-        ),
-      },
-      {
-        title: t('application_details.secrets.expires_at'),
-        dataIndex: 'expiresAt',
-        colSpan: 3,
-        render: ({ expiresAt }) => (
-          <span>
-            {expiresAt
-              ? new Date(expiresAt).toLocaleString()
-              : t('application_details.secrets.never')}
-          </span>
-        ),
-      },
-      {
-        title: '',
-        dataIndex: 'actions',
-        render: ({ name, isLegacy }) => (
-          <ActionsButton
-            fieldName="application_details.application_secret"
-            deleteConfirmation="application_details.secrets.delete_confirmation"
-            onDelete={async () => {
-              if (isLegacy) {
-                await api.delete(`api/applications/${id}/legacy-secret`);
-                onApplicationUpdated();
-              } else {
-                await api.delete(`api/applications/${id}/secrets/${encodeURIComponent(name)}`);
-                void secrets.mutate();
-              }
-            }}
-          />
-        ),
-      },
-    ],
-    [api, id, onApplicationUpdated, secrets, t]
-  );
 
+  const onUpdated = useCallback(
+    (isLegacy: boolean) => {
+      if (isLegacy) {
+        onApplicationUpdated();
+      } else {
+        void secrets.mutate();
+      }
+    },
+    [onApplicationUpdated, secrets]
+  );
+  const tableColumns = useSecretTableColumns({
+    appId: id,
+    onUpdated,
+  });
   return (
     <FormCard
       title="application_details.endpoints_and_credentials"
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
new file mode 100644
index 000000000000..46db4f69e433
--- /dev/null
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
@@ -0,0 +1,100 @@
+import { type ApplicationSecret } from '@logto/schemas';
+import { compareDesc } from 'date-fns';
+import { useMemo } from 'react';
+import { useTranslation } from 'react-i18next';
+
+import ActionsButton from '@/components/ActionsButton';
+import CopyToClipboard from '@/ds-components/CopyToClipboard';
+import { type Column } from '@/ds-components/Table/types';
+import { Tooltip } from '@/ds-components/Tip';
+import useApi from '@/hooks/use-api';
+
+import styles from './index.module.scss';
+
+export type ApplicationSecretRow = Pick<ApplicationSecret, 'name' | 'value' | 'expiresAt'> & {
+  isLegacy?: boolean;
+};
+
+function Expired({ expiresAt }: { readonly expiresAt: Date }) {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+  return (
+    <Tooltip
+      content={t('application_details.secrets.expired_tooltip', {
+        date: expiresAt.toLocaleString(),
+      })}
+    >
+      <span className={styles.expired}>{t('application_details.secrets.expired')}</span>
+    </Tooltip>
+  );
+}
+
+type UseSecretTableColumns = {
+  appId: string;
+  onUpdated: (isLegacy: boolean) => void;
+};
+
+export const useSecretTableColumns = ({ appId, onUpdated }: UseSecretTableColumns) => {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+  const api = useApi();
+  const tableColumns: Array<Column<ApplicationSecretRow>> = useMemo(
+    () => [
+      {
+        title: t('general.name'),
+        dataIndex: 'name',
+        colSpan: 3,
+        render: ({ name }) => <span>{name}</span>,
+      },
+      {
+        title: t('application_details.secrets.value'),
+        dataIndex: 'value',
+        colSpan: 6,
+        render: ({ value }) => (
+          <CopyToClipboard
+            hasVisibilityToggle
+            displayType="block"
+            value={value}
+            className={styles.copyToClipboard}
+            variant="text"
+          />
+        ),
+      },
+      {
+        title: t('application_details.secrets.expires_at'),
+        dataIndex: 'expiresAt',
+        colSpan: 3,
+        render: ({ expiresAt }) => (
+          <span>
+            {expiresAt ? (
+              compareDesc(expiresAt, new Date()) === 1 ? (
+                <Expired expiresAt={new Date(expiresAt)} />
+              ) : (
+                new Date(expiresAt).toLocaleString()
+              )
+            ) : (
+              t('application_details.secrets.never')
+            )}
+          </span>
+        ),
+      },
+      {
+        title: '',
+        dataIndex: 'actions',
+        render: ({ name, isLegacy }) => (
+          <ActionsButton
+            fieldName="application_details.application_secret"
+            deleteConfirmation="application_details.secrets.delete_confirmation"
+            onDelete={async () => {
+              await (isLegacy
+                ? api.delete(`api/applications/${appId}/legacy-secret`)
+                : api.delete(`api/applications/${appId}/secrets/${encodeURIComponent(name)}`));
+              onUpdated(isLegacy ?? false);
+            }}
+          />
+        ),
+      },
+    ],
+    [api, appId, onUpdated, t]
+  );
+
+  return tableColumns;
+};
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx
index 4c078f476aab..01abe683c2c5 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/GuideDrawer/index.tsx
@@ -11,15 +11,17 @@ import IconButton from '@/ds-components/IconButton';
 import Spacer from '@/ds-components/Spacer';
 
 import AppGuide from '../../components/AppGuide';
+import { type ApplicationSecretRow } from '../EndpointsAndCredentials';
 
 import styles from './index.module.scss';
 
 type Props = {
   readonly app: ApplicationResponse;
+  readonly secrets: ApplicationSecretRow[];
   readonly onClose: () => void;
 };
 
-function GuideDrawer({ app, onClose }: Props) {
+function GuideDrawer({ app, secrets, onClose }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.guide' });
   const { getStructuredAppGuideMetadata } = useAppGuideMetadata();
   const [selectedGuide, setSelectedGuide] = useState<SelectedGuide>();
@@ -89,6 +91,7 @@ function GuideDrawer({ app, onClose }: Props) {
           className={styles.guide}
           guideId={selectedGuide.id}
           app={app}
+          secrets={secrets}
           onClose={() => {
             setSelectedGuide(undefined);
           }}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss
index 8d15c85ceedb..95808358eb94 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.module.scss
@@ -14,21 +14,6 @@
   }
 }
 
-.customEndpointNotes {
-  margin-top: _.unit(6);
-  font: var(--font-body-2);
-  color: var(--color-text-secondary);
-}
-
-.fieldButton {
-  margin-top: _.unit(2);
-}
-
-.trailingIcon {
-  width: 16px;
-  height: 16px;
-}
-
 .tabContainer {
   flex-direction: column;
   flex-grow: 1;
@@ -37,17 +22,3 @@
     display: flex;
   }
 }
-
-button.add {
-  margin-top: _.unit(2);
-}
-
-.table {
-  margin-top: _.unit(2);
-}
-
-.empty {
-  font: var(--font-body-2);
-  color: var(--color-text-secondary);
-  margin: _.unit(3) 0;
-}
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
index 367a4868393a..2a2db9a37ef0 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/index.tsx
@@ -32,7 +32,7 @@ import { trySubmitSafe } from '@/utils/form';
 
 import BackchannelLogout from './BackchannelLogout';
 import Branding from './Branding';
-import EndpointsAndCredentials from './EndpointsAndCredentials';
+import EndpointsAndCredentials, { type ApplicationSecretRow } from './EndpointsAndCredentials';
 import GuideDrawer from './GuideDrawer';
 import MachineLogs from './MachineLogs';
 import MachineToMachineApplicationRoles from './MachineToMachineApplicationRoles';
@@ -44,11 +44,12 @@ import { type ApplicationForm, applicationFormDataParser } from './utils';
 
 type Props = {
   readonly data: ApplicationResponse;
+  readonly secrets: ApplicationSecretRow[];
   readonly oidcConfig: SnakeCaseOidcConfig;
   readonly onApplicationUpdated: () => void;
 };
 
-function ApplicationDetailsContent({ data, oidcConfig, onApplicationUpdated }: Props) {
+function ApplicationDetailsContent({ data, secrets, oidcConfig, onApplicationUpdated }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { tab } = useParams();
   const { navigate } = useTenantPathname();
@@ -154,7 +155,7 @@ function ApplicationDetailsContent({ data, oidcConfig, onApplicationUpdated }: P
         ]}
       />
       <Drawer isOpen={isReadmeOpen} onClose={onCloseDrawer}>
-        <GuideDrawer app={data} onClose={onCloseDrawer} />
+        <GuideDrawer app={data} secrets={secrets} onClose={onCloseDrawer} />
       </Drawer>
       <DeleteConfirmModal
         isOpen={isDeleteFormOpen}
diff --git a/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx b/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx
index 7408ddaae1d0..89bda4252fab 100644
--- a/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/GuideModal/index.tsx
@@ -4,17 +4,19 @@ import Modal from 'react-modal';
 import ModalHeader from '@/components/Guide/ModalHeader';
 import modalStyles from '@/scss/modal.module.scss';
 
+import { type ApplicationSecretRow } from '../ApplicationDetailsContent/EndpointsAndCredentials';
 import AppGuide from '../components/AppGuide';
 
 import styles from './index.module.scss';
 
 type Props = {
   readonly guideId: string;
-  readonly app?: ApplicationResponse;
+  readonly app: ApplicationResponse;
+  readonly secrets: ApplicationSecretRow[];
   readonly onClose: () => void;
 };
 
-function GuideModal({ guideId, app, onClose }: Props) {
+function GuideModal({ guideId, app, secrets, onClose }: Props) {
   return (
     <Modal shouldCloseOnEsc isOpen className={modalStyles.fullScreen} onRequestClose={onClose}>
       <div className={styles.modalContainer}>
@@ -27,7 +29,13 @@ function GuideModal({ guideId, app, onClose }: Props) {
           requestSuccessMessage="guide.request_guide_successfully"
           onClose={onClose}
         />
-        <AppGuide className={styles.guide} guideId={guideId} app={app} onClose={onClose} />
+        <AppGuide
+          className={styles.guide}
+          guideId={guideId}
+          app={app}
+          secrets={secrets}
+          onClose={onClose}
+        />
       </div>
     </Modal>
   );
diff --git a/packages/console/src/pages/ApplicationDetails/components/AppGuide/index.tsx b/packages/console/src/pages/ApplicationDetails/components/AppGuide/index.tsx
index a66017cb53ed..12ac43f7aec2 100644
--- a/packages/console/src/pages/ApplicationDetails/components/AppGuide/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/components/AppGuide/index.tsx
@@ -7,15 +7,18 @@ import Guide, { GuideContext, type GuideContextType } from '@/components/Guide';
 import { AppDataContext } from '@/contexts/AppDataProvider';
 import useCustomDomain from '@/hooks/use-custom-domain';
 
+import { type ApplicationSecretRow } from '../../ApplicationDetailsContent/EndpointsAndCredentials';
+
 type Props = {
   readonly className?: string;
   readonly guideId: string;
-  readonly app?: ApplicationResponse;
+  readonly app: ApplicationResponse;
+  readonly secrets: ApplicationSecretRow[];
   readonly isCompact?: boolean;
   readonly onClose: () => void;
 };
 
-function AppGuide({ className, guideId, app, isCompact, onClose }: Props) {
+function AppGuide({ className, guideId, app, secrets, isCompact, onClose }: Props) {
   const { tenantEndpoint } = useContext(AppDataContext);
   const { applyDomain: applyCustomDomain } = useCustomDomain();
   const guide = guides.find(({ id }) => id === guideId);
@@ -23,18 +26,18 @@ function AppGuide({ className, guideId, app, isCompact, onClose }: Props) {
   const memorizedContext = useMemo(
     () =>
       conditional(
-        !!guide &&
-          !!app && {
-            metadata: guide.metadata,
-            Logo: guide.Logo,
-            app,
-            endpoint: applyCustomDomain(tenantEndpoint?.href ?? ''),
-            redirectUris: app.oidcClientMetadata.redirectUris,
-            postLogoutRedirectUris: app.oidcClientMetadata.postLogoutRedirectUris,
-            isCompact: Boolean(isCompact),
-          }
+        !!guide && {
+          metadata: guide.metadata,
+          Logo: guide.Logo,
+          app,
+          secrets,
+          endpoint: applyCustomDomain(tenantEndpoint?.href ?? ''),
+          redirectUris: app.oidcClientMetadata.redirectUris,
+          postLogoutRedirectUris: app.oidcClientMetadata.postLogoutRedirectUris,
+          isCompact: Boolean(isCompact),
+        }
       ) satisfies GuideContextType | undefined,
-    [guide, app, tenantEndpoint?.href, applyCustomDomain, isCompact]
+    [guide, app, secrets, applyCustomDomain, tenantEndpoint?.href, isCompact]
   );
 
   return memorizedContext ? (
@@ -42,7 +45,7 @@ function AppGuide({ className, guideId, app, isCompact, onClose }: Props) {
       <Guide
         className={className}
         guideId={guideId}
-        isEmpty={!app && !guide}
+        isEmpty={!guide}
         isLoading={!app}
         onClose={onClose}
       />
diff --git a/packages/console/src/pages/ApplicationDetails/index.tsx b/packages/console/src/pages/ApplicationDetails/index.tsx
index 14f6a1e5369c..f0840a1c6882 100644
--- a/packages/console/src/pages/ApplicationDetails/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/index.tsx
@@ -5,10 +5,12 @@ import useSWR from 'swr';
 import DetailsPage from '@/components/DetailsPage';
 import PageMeta from '@/components/PageMeta';
 import { openIdProviderConfigPath } from '@/consts/oidc';
+import { Daisy } from '@/ds-components/Spinner';
 import type { RequestError } from '@/hooks/use-api';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 
 import ApplicationDetailsContent from './ApplicationDetailsContent';
+import { type ApplicationSecretRow } from './ApplicationDetailsContent/EndpointsAndCredentials';
 import GuideModal from './GuideModal';
 
 function ApplicationDetails() {
@@ -19,21 +21,25 @@ function ApplicationDetails() {
   const { data, error, mutate } = useSWR<ApplicationResponse, RequestError>(
     id && `api/applications/${id}`
   );
+  const secrets = useSWR<ApplicationSecretRow[], RequestError>(`api/applications/${id}/secrets`);
+  const oidcConfig = useSWR<SnakeCaseOidcConfig, RequestError>(openIdProviderConfigPath);
 
-  const {
-    data: oidcConfig,
-    error: fetchOidcConfigError,
-    mutate: mutateOidcConfig,
-  } = useSWR<SnakeCaseOidcConfig, RequestError>(openIdProviderConfigPath);
-
-  const isLoading = (!data && !error) || (!oidcConfig && !fetchOidcConfigError);
-  const requestError = error ?? fetchOidcConfigError;
+  const isLoading =
+    (!data && !error) ||
+    (!oidcConfig.data && !oidcConfig.error) ||
+    (!secrets.data && !secrets.error);
+  const requestError = error ?? oidcConfig.error ?? secrets.error;
 
   if (isGuideView) {
+    if (!data || !secrets.data) {
+      return <Daisy />;
+    }
+
     return (
       <GuideModal
         guideId={guideId}
         app={data}
+        secrets={secrets.data}
         onClose={() => {
           navigate(`/applications/${id}`);
         }}
@@ -49,14 +55,16 @@ function ApplicationDetails() {
       error={requestError}
       onRetry={() => {
         void mutate();
-        void mutateOidcConfig();
+        void oidcConfig.mutate();
+        void secrets.mutate();
       }}
     >
       <PageMeta titleKey="application_details.page_title" />
-      {data && oidcConfig && (
+      {data && oidcConfig.data && secrets.data && (
         <ApplicationDetailsContent
           data={data}
-          oidcConfig={oidcConfig}
+          oidcConfig={oidcConfig.data}
+          secrets={secrets.data}
           onApplicationUpdated={mutate}
         />
       )}
diff --git a/packages/core/src/routes/applications/application.ts b/packages/core/src/routes/applications/application.ts
index 2537c59de53b..535fd258374d 100644
--- a/packages/core/src/routes/applications/application.ts
+++ b/packages/core/src/routes/applications/application.ts
@@ -13,6 +13,7 @@ import { generateStandardId, generateStandardSecret } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
 import { boolean, object, string, z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
@@ -26,8 +27,6 @@ import applicationCustomDataRoutes from './application-custom-data.js';
 import { generateInternalSecret } from './application-secret.js';
 import { applicationCreateGuard, applicationPatchGuard } from './types.js';
 
-import { EnvSet } from '#src/src/env-set/index.js';
-
 const includesInternalAdminRole = (roles: Readonly<Array<{ role: Role }>>) =>
   roles.some(({ role: { name } }) => name === InternalRole.Admin);
 
diff --git a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
index f47cd9687e01..879cc78c63f1 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
@@ -172,12 +172,14 @@ const application_details = {
     delete_confirmation:
       'This action cannot be undone. Are you sure you want to delete this secret?',
     legacy_secret: 'Legacy secret',
+    expired: 'Expired',
+    expired_tooltip: 'This secret was expired on {{date}}.',
     create_modal: {
       title: 'Create application secret',
       expiration: 'Expiration',
       expiration_description: 'The secret will expire at {{date}}.',
       expiration_description_never:
-        'The secret will never expire. We strongly recommend setting an expiration date.',
+        'The secret will never expire. We recommend setting an expiration date for better security.',
       days: '{{count}} day',
       days_other: '{{count}} days',
     },

From 8a29943c4dca22c2a905a5c97be65c392f2b7ffc Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 11:59:25 +0800
Subject: [PATCH 124/135] chore: fix failed tests

---
 packages/integration-tests/jest.setup.api.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packages/integration-tests/jest.setup.api.js b/packages/integration-tests/jest.setup.api.js
index d31c2670de61..192d1146e535 100644
--- a/packages/integration-tests/jest.setup.api.js
+++ b/packages/integration-tests/jest.setup.api.js
@@ -1,5 +1,11 @@
+import { createRequire } from 'node:module';
+
 import { authedAdminTenantApi } from './lib/api/api.js';
 
+// A patch for the global require function - see https://github.com/evanw/esbuild/issues/1921
+// eslint-disable-next-line @silverhand/fp/no-mutation
+globalThis.require = createRequire(import.meta.url);
+
 // We need to update this before tests otherwise Logto will update SignInMode for admin tenant
 // The update logic should be
 await authedAdminTenantApi.patch('sign-in-exp', {

From 510f681fa1162695db282627a1e529ee49d0114e Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 13:15:09 +0800
Subject: [PATCH 125/135] refactor(connector): use tsup for building

---
 .changeset/violet-phones-occur.md             |   46 +
 packages/connectors/.gitignore                |    3 +-
 .../connector-alipay-native/package.json      |   12 +-
 .../connector-alipay-web/package.json         |   12 +-
 .../connector-aliyun-dm/package.json          |   12 +-
 .../connector-aliyun-sms/package.json         |   12 +-
 .../connectors/connector-apple/package.json   |   12 +-
 .../connectors/connector-aws-ses/package.json |   12 +-
 .../connectors/connector-azuread/package.json |   12 +-
 .../connector-dingtalk-web/package.json       |   12 +-
 .../connectors/connector-discord/package.json |   12 +-
 .../connector-facebook/package.json           |   12 +-
 .../connector-feishu-web/package.json         |   12 +-
 .../connectors/connector-github/package.json  |   12 +-
 .../connectors/connector-google/package.json  |   12 +-
 .../connector-huggingface/package.json        |   12 +-
 .../connectors/connector-kakao/package.json   |   12 +-
 .../connector-logto-email/package.json        |   12 +-
 .../connector-logto-sms/package.json          |   12 +-
 .../connector-logto-social-demo/package.json  |   12 +-
 .../connectors/connector-mailgun/package.json |   12 +-
 .../package.json                              |   12 +-
 .../connector-mock-email/package.json         |   12 +-
 .../connector-mock-sms/package.json           |   12 +-
 .../connector-mock-social/package.json        |   12 +-
 .../connectors/connector-naver/package.json   |   12 +-
 .../connectors/connector-oauth2/package.json  |   15 +-
 .../connectors/connector-oidc/package.json    |   12 +-
 .../connectors/connector-saml/package.json    |   12 +-
 .../connector-sendgrid-email/package.json     |   12 +-
 .../connectors/connector-smsaero/package.json |   12 +-
 .../connectors/connector-smtp/package.json    |   12 +-
 .../connector-tencent-sms/package.json        |   12 +-
 .../connector-twilio-sms/package.json         |   12 +-
 .../connector-wechat-native/package.json      |   12 +-
 .../connector-wechat-web/package.json         |   12 +-
 .../connectors/connector-wecom/package.json   |   12 +-
 packages/connectors/templates/package.json    |    5 +-
 .../templates/preset/rollup.config.js         |   25 -
 .../templates/preset/tsconfig.base.json       |    9 -
 .../templates/preset/tsconfig.build.json      |    5 -
 .../connectors/templates/preset/tsconfig.json |   15 +-
 .../templates/preset/tsconfig.test.json       |    7 -
 .../templates/preset/tsup.config.ts           |    5 +
 packages/connectors/templates/sync-preset.js  |    2 +-
 pnpm-lock.yaml                                | 1082 +++--------------
 46 files changed, 332 insertions(+), 1295 deletions(-)
 create mode 100644 .changeset/violet-phones-occur.md
 delete mode 100644 packages/connectors/templates/preset/rollup.config.js
 delete mode 100644 packages/connectors/templates/preset/tsconfig.base.json
 delete mode 100644 packages/connectors/templates/preset/tsconfig.build.json
 delete mode 100644 packages/connectors/templates/preset/tsconfig.test.json
 create mode 100644 packages/connectors/templates/preset/tsup.config.ts

diff --git a/.changeset/violet-phones-occur.md b/.changeset/violet-phones-occur.md
new file mode 100644
index 000000000000..00c3f4766fec
--- /dev/null
+++ b/.changeset/violet-phones-occur.md
@@ -0,0 +1,46 @@
+---
+"@logto/connector-mock-standard-email": minor
+"@logto/connector-logto-social-demo": minor
+"@logto/connector-sendgrid-email": minor
+"@logto/connector-alipay-native": minor
+"@logto/connector-wechat-native": minor
+"@logto/connector-dingtalk-web": minor
+"@logto/connector-huggingface": minor
+"@logto/connector-logto-email": minor
+"@logto/connector-mock-social": minor
+"@logto/connector-tencent-sms": minor
+"@logto/connector-alipay-web": minor
+"@logto/connector-aliyun-sms": minor
+"@logto/connector-feishu-web": minor
+"@logto/connector-mock-email": minor
+"@logto/connector-twilio-sms": minor
+"@logto/connector-wechat-web": minor
+"@logto/connector-aliyun-dm": minor
+"@logto/connector-logto-sms": minor
+"@logto/connector-facebook": minor
+"@logto/connector-mock-sms": minor
+"@logto/connector-aws-ses": minor
+"@logto/connector-azuread": minor
+"@logto/connector-discord": minor
+"@logto/connector-mailgun": minor
+"@logto/connector-smsaero": minor
+"@logto/connector-github": minor
+"@logto/connector-google": minor
+"@logto/connector-oauth": minor
+"@logto/connector-apple": minor
+"@logto/connector-kakao": minor
+"@logto/connector-naver": minor
+"@logto/connector-wecom": minor
+"@logto/connector-oidc": minor
+"@logto/connector-saml": minor
+"@logto/connector-smtp": minor
+"@logto/integration-tests": minor
+"@logto/schemas": minor
+"@logto/core": minor
+---
+
+use tsup for building
+
+We've updated some of the packages to use `tsup` for building. This will make the build process faster, and should not affect the functionality of the packages.
+
+Use minor version bump to catch your attention.
diff --git a/packages/connectors/.gitignore b/packages/connectors/.gitignore
index 65245801929e..533db69aa782 100644
--- a/packages/connectors/.gitignore
+++ b/packages/connectors/.gitignore
@@ -1,7 +1,6 @@
 # generated files
 /*/tsconfig.*
-/*/rollup.config.*
-/*/vitest.config.*
+/*/*.config.*
 
 # keep templates
 !/templates/**
diff --git a/packages/connectors/connector-alipay-native/package.json b/packages/connectors/connector-alipay-native/package.json
index f93efb75b17d..8fe8dc04c863 100644
--- a/packages/connectors/connector-alipay-native/package.json
+++ b/packages/connectors/connector-alipay-native/package.json
@@ -13,10 +13,6 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@shopify/jest-koa-mocks": "^5.0.0",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
@@ -27,9 +23,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
@@ -46,9 +41,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
diff --git a/packages/connectors/connector-alipay-web/package.json b/packages/connectors/connector-alipay-web/package.json
index 368fe61c95d9..97d5b24bf10f 100644
--- a/packages/connectors/connector-alipay-web/package.json
+++ b/packages/connectors/connector-alipay-web/package.json
@@ -12,10 +12,6 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@shopify/jest-koa-mocks": "^5.0.0",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
@@ -26,9 +22,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
@@ -45,9 +40,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
diff --git a/packages/connectors/connector-aliyun-dm/package.json b/packages/connectors/connector-aliyun-dm/package.json
index e838c60ed654..dc66d212a8b1 100644
--- a/packages/connectors/connector-aliyun-dm/package.json
+++ b/packages/connectors/connector-aliyun-dm/package.json
@@ -22,9 +22,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -51,10 +50,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -64,9 +59,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-aliyun-sms/package.json b/packages/connectors/connector-aliyun-sms/package.json
index d8b5428f50ac..2642eb7b7541 100644
--- a/packages/connectors/connector-aliyun-sms/package.json
+++ b/packages/connectors/connector-aliyun-sms/package.json
@@ -22,9 +22,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -51,10 +50,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -64,9 +59,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-apple/package.json b/packages/connectors/connector-apple/package.json
index a0bad5486976..3da2456319dc 100644
--- a/packages/connectors/connector-apple/package.json
+++ b/packages/connectors/connector-apple/package.json
@@ -24,9 +24,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -53,10 +52,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -66,9 +61,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-aws-ses/package.json b/packages/connectors/connector-aws-ses/package.json
index d04051f5156c..436e0c66f60a 100644
--- a/packages/connectors/connector-aws-ses/package.json
+++ b/packages/connectors/connector-aws-ses/package.json
@@ -25,9 +25,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -54,10 +53,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -67,9 +62,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-azuread/package.json b/packages/connectors/connector-azuread/package.json
index 0df019229a58..5b5e70bd5525 100644
--- a/packages/connectors/connector-azuread/package.json
+++ b/packages/connectors/connector-azuread/package.json
@@ -24,9 +24,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -53,10 +52,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -66,9 +61,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-dingtalk-web/package.json b/packages/connectors/connector-dingtalk-web/package.json
index 40414cedde4e..236a6a8aaeec 100644
--- a/packages/connectors/connector-dingtalk-web/package.json
+++ b/packages/connectors/connector-dingtalk-web/package.json
@@ -12,10 +12,6 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@shopify/jest-koa-mocks": "^5.0.0",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
@@ -26,9 +22,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
@@ -45,9 +40,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
diff --git a/packages/connectors/connector-discord/package.json b/packages/connectors/connector-discord/package.json
index fec191f425de..3d62613d2bae 100644
--- a/packages/connectors/connector-discord/package.json
+++ b/packages/connectors/connector-discord/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-facebook/package.json b/packages/connectors/connector-facebook/package.json
index ba0e6bdd3ce7..eb40b98c018e 100644
--- a/packages/connectors/connector-facebook/package.json
+++ b/packages/connectors/connector-facebook/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-feishu-web/package.json b/packages/connectors/connector-feishu-web/package.json
index b15d0ec52db2..9205b357dab6 100644
--- a/packages/connectors/connector-feishu-web/package.json
+++ b/packages/connectors/connector-feishu-web/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-github/package.json b/packages/connectors/connector-github/package.json
index 94ab3ac19697..64bd08d10e27 100644
--- a/packages/connectors/connector-github/package.json
+++ b/packages/connectors/connector-github/package.json
@@ -24,9 +24,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -53,10 +52,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -66,9 +61,8 @@
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-google/package.json b/packages/connectors/connector-google/package.json
index d63c36aa97eb..2d13496d3d5b 100644
--- a/packages/connectors/connector-google/package.json
+++ b/packages/connectors/connector-google/package.json
@@ -24,9 +24,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -53,10 +52,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -66,9 +61,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-huggingface/package.json b/packages/connectors/connector-huggingface/package.json
index b70c1c016061..75468cbdb40d 100644
--- a/packages/connectors/connector-huggingface/package.json
+++ b/packages/connectors/connector-huggingface/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-kakao/package.json b/packages/connectors/connector-kakao/package.json
index 7d9c8a861c08..93eec0f5dabe 100644
--- a/packages/connectors/connector-kakao/package.json
+++ b/packages/connectors/connector-kakao/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index 0238bb59ab63..f47baee72ba0 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -53,10 +52,6 @@
   },
   "devDependencies": {
     "@logto/cloud": "0.2.5-3b703da",
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -66,9 +61,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-logto-sms/package.json b/packages/connectors/connector-logto-sms/package.json
index dd737f5e76c2..f8f1e567016a 100644
--- a/packages/connectors/connector-logto-sms/package.json
+++ b/packages/connectors/connector-logto-sms/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-logto-social-demo/package.json b/packages/connectors/connector-logto-social-demo/package.json
index 131f2c4925b9..6fcc4efdd7a6 100644
--- a/packages/connectors/connector-logto-social-demo/package.json
+++ b/packages/connectors/connector-logto-social-demo/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-mailgun/package.json b/packages/connectors/connector-mailgun/package.json
index 4528f9e32fe8..b84927754bc8 100644
--- a/packages/connectors/connector-mailgun/package.json
+++ b/packages/connectors/connector-mailgun/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-mock-email-alternative/package.json b/packages/connectors/connector-mock-email-alternative/package.json
index 26d9d78027b3..d2a3f97eae8c 100644
--- a/packages/connectors/connector-mock-email-alternative/package.json
+++ b/packages/connectors/connector-mock-email-alternative/package.json
@@ -12,9 +12,8 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-mock-email/package.json b/packages/connectors/connector-mock-email/package.json
index ab6abde4d4c2..b06f9e68fbc3 100644
--- a/packages/connectors/connector-mock-email/package.json
+++ b/packages/connectors/connector-mock-email/package.json
@@ -12,9 +12,8 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-mock-sms/package.json b/packages/connectors/connector-mock-sms/package.json
index c92b52fd9b2b..6f1f957de7f5 100644
--- a/packages/connectors/connector-mock-sms/package.json
+++ b/packages/connectors/connector-mock-sms/package.json
@@ -12,9 +12,8 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-mock-social/package.json b/packages/connectors/connector-mock-social/package.json
index 50e50c8c0101..c8c5e9affa22 100644
--- a/packages/connectors/connector-mock-social/package.json
+++ b/packages/connectors/connector-mock-social/package.json
@@ -12,9 +12,8 @@
   },
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-naver/package.json b/packages/connectors/connector-naver/package.json
index 29a9f938c3cb..0750778321ad 100644
--- a/packages/connectors/connector-naver/package.json
+++ b/packages/connectors/connector-naver/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-oauth2/package.json b/packages/connectors/connector-oauth2/package.json
index 09980f248b2d..0033db358ee9 100644
--- a/packages/connectors/connector-oauth2/package.json
+++ b/packages/connectors/connector-oauth2/package.json
@@ -26,15 +26,15 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup && tsc --declaration --emitDeclarationOnly",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
     "test:ci": "pnpm run test --silent --coverage",
     "prepublishOnly": "pnpm build",
-    "prepack": "pnpm build"
+    "prepack": "pnpm build",
+    "build:test": "pnpm build"
   },
   "engines": {
     "node": "^20.9.0"
@@ -56,10 +56,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -69,9 +65,8 @@
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-oidc/package.json b/packages/connectors/connector-oidc/package.json
index 6d0e9a2c7cb0..d82f6250dbd8 100644
--- a/packages/connectors/connector-oidc/package.json
+++ b/packages/connectors/connector-oidc/package.json
@@ -26,9 +26,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -55,10 +54,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -68,9 +63,8 @@
     "lint-staged": "^15.0.2",
     "nock": "14.0.0-beta.7",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-saml/package.json b/packages/connectors/connector-saml/package.json
index d735a6dae904..90fea9a8078f 100644
--- a/packages/connectors/connector-saml/package.json
+++ b/packages/connectors/connector-saml/package.json
@@ -25,9 +25,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -54,10 +53,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -67,9 +62,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-sendgrid-email/package.json b/packages/connectors/connector-sendgrid-email/package.json
index 9d0508f1ba52..31c8125e9965 100644
--- a/packages/connectors/connector-sendgrid-email/package.json
+++ b/packages/connectors/connector-sendgrid-email/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-smsaero/package.json b/packages/connectors/connector-smsaero/package.json
index efebd12fb0c8..d3a39f041040 100644
--- a/packages/connectors/connector-smsaero/package.json
+++ b/packages/connectors/connector-smsaero/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-smtp/package.json b/packages/connectors/connector-smtp/package.json
index daf68ace22b4..39fa829198b8 100644
--- a/packages/connectors/connector-smtp/package.json
+++ b/packages/connectors/connector-smtp/package.json
@@ -12,10 +12,6 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -26,9 +22,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   },
@@ -45,9 +40,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
diff --git a/packages/connectors/connector-tencent-sms/package.json b/packages/connectors/connector-tencent-sms/package.json
index e33707f6d730..89fd1b335851 100644
--- a/packages/connectors/connector-tencent-sms/package.json
+++ b/packages/connectors/connector-tencent-sms/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-twilio-sms/package.json b/packages/connectors/connector-twilio-sms/package.json
index 0f4dd436b650..7c7067e4ea65 100644
--- a/packages/connectors/connector-twilio-sms/package.json
+++ b/packages/connectors/connector-twilio-sms/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-wechat-native/package.json b/packages/connectors/connector-wechat-native/package.json
index 5510f4175ab4..b7e906b91cc7 100644
--- a/packages/connectors/connector-wechat-native/package.json
+++ b/packages/connectors/connector-wechat-native/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-wechat-web/package.json b/packages/connectors/connector-wechat-web/package.json
index 1dd2f3b541db..3ffa9f388d86 100644
--- a/packages/connectors/connector-wechat-web/package.json
+++ b/packages/connectors/connector-wechat-web/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.11.20",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/connector-wecom/package.json b/packages/connectors/connector-wecom/package.json
index ccc8e12b74b8..79e23cae47db 100644
--- a/packages/connectors/connector-wecom/package.json
+++ b/packages/connectors/connector-wecom/package.json
@@ -23,9 +23,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
@@ -52,10 +51,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^26.0.0",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.2.3",
-    "@rollup/plugin-typescript": "^11.1.6",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^20.10.4",
@@ -65,9 +60,8 @@
     "lint-staged": "^15.0.2",
     "nock": "^13.3.1",
     "prettier": "^3.0.0",
-    "rollup": "^4.12.0",
-    "rollup-plugin-output-size": "^1.3.0",
     "supertest": "^7.0.0",
+    "tsup": "^8.1.0",
     "typescript": "^5.5.3",
     "vitest": "^2.0.0"
   }
diff --git a/packages/connectors/templates/package.json b/packages/connectors/templates/package.json
index ede58013e61e..80a6d5b1dd1a 100644
--- a/packages/connectors/templates/package.json
+++ b/packages/connectors/templates/package.json
@@ -12,9 +12,8 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
-    "build:test": "rm -rf lib/ && tsc -p tsconfig.test.json --sourcemap",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput --incremental",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "test": "vitest src",
diff --git a/packages/connectors/templates/preset/rollup.config.js b/packages/connectors/templates/preset/rollup.config.js
deleted file mode 100644
index df98e6a1c1b7..000000000000
--- a/packages/connectors/templates/preset/rollup.config.js
+++ /dev/null
@@ -1,25 +0,0 @@
-import commonjs from '@rollup/plugin-commonjs';
-import json from '@rollup/plugin-json';
-import { nodeResolve } from '@rollup/plugin-node-resolve';
-import typescript from '@rollup/plugin-typescript';
-import outputSize from 'rollup-plugin-output-size';
-
-/**
- * @type {import('rollup').RollupOptions}
- */
-const configs = [
-  {
-    input: ['src/index.ts'],
-    output: [{ dir: 'lib' }],
-    external: ['zod', 'got', '@logto/connector-kit'],
-    plugins: [
-      typescript({ tsconfig: 'tsconfig.build.json' }),
-      nodeResolve({ exportConditions: ['node'], preferBuiltins: true }),
-      commonjs(),
-      json(),
-      outputSize(),
-    ],
-  },
-];
-
-export default configs;
diff --git a/packages/connectors/templates/preset/tsconfig.base.json b/packages/connectors/templates/preset/tsconfig.base.json
deleted file mode 100644
index ebab46568f2f..000000000000
--- a/packages/connectors/templates/preset/tsconfig.base.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "extends": "@silverhand/ts-config/tsconfig.base",
-  "compilerOptions": {
-    "moduleResolution": "nodenext",
-    "module": "nodenext",
-    "outDir": "lib",
-    "baseUrl": "."
-  }
-}
diff --git a/packages/connectors/templates/preset/tsconfig.build.json b/packages/connectors/templates/preset/tsconfig.build.json
deleted file mode 100644
index d42923dd38cd..000000000000
--- a/packages/connectors/templates/preset/tsconfig.build.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "extends": "./tsconfig.base",
-  "include": ["src"],
-  "exclude": ["src/**/*.test.ts"]
-}
diff --git a/packages/connectors/templates/preset/tsconfig.json b/packages/connectors/templates/preset/tsconfig.json
index 4fa2dd684aaa..126a50cb0d90 100644
--- a/packages/connectors/templates/preset/tsconfig.json
+++ b/packages/connectors/templates/preset/tsconfig.json
@@ -1,7 +1,16 @@
 {
-  "extends": "./tsconfig.base",
+  "extends": "@silverhand/ts-config/tsconfig.base",
   "compilerOptions": {
-    "types": ["node", "vitest/globals"]
+    "moduleResolution": "nodenext",
+    "module": "nodenext",
+    "outDir": "lib",
+    "baseUrl": ".",
+    "types": [
+      "node",
+      "vitest/globals"
+    ]
   },
-  "include": ["src", "types"]
+  "include": [
+    "src"
+  ]
 }
diff --git a/packages/connectors/templates/preset/tsconfig.test.json b/packages/connectors/templates/preset/tsconfig.test.json
deleted file mode 100644
index 1424a155592b..000000000000
--- a/packages/connectors/templates/preset/tsconfig.test.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  "extends": "./tsconfig",
-  "compilerOptions": {
-    "isolatedModules": false,
-    "allowJs": true,
-  }
-}
diff --git a/packages/connectors/templates/preset/tsup.config.ts b/packages/connectors/templates/preset/tsup.config.ts
new file mode 100644
index 000000000000..8e6ef8edb83f
--- /dev/null
+++ b/packages/connectors/templates/preset/tsup.config.ts
@@ -0,0 +1,5 @@
+import { defineConfig } from 'tsup';
+
+import { defaultConfig } from '../../../tsup.shared.config.js';
+
+export default defineConfig(defaultConfig);
diff --git a/packages/connectors/templates/sync-preset.js b/packages/connectors/templates/sync-preset.js
index 32460417652f..aa12dafb1186 100644
--- a/packages/connectors/templates/sync-preset.js
+++ b/packages/connectors/templates/sync-preset.js
@@ -20,7 +20,7 @@ const templateKeys = Object.keys(templateJson);
  * Value format: `{ "<connector-name>": ["<script-name>"] }`
  * Example: `{ "connector-oauth2": ["prepack"] }`
  */
-const scriptExceptions = { 'connector-oauth2': ['prepack'] };
+const scriptExceptions = { 'connector-oauth2': ['prepack', 'build', 'build:test'] };
 
 const sync = async () => {
   const packagesDirectory = './';
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index bf4e1f97a14f..9958b0cb023a 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -240,18 +240,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@shopify/jest-koa-mocks':
         specifier: ^5.0.0
         version: 5.0.0
@@ -282,15 +270,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -322,18 +307,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@shopify/jest-koa-mocks':
         specifier: ^5.0.0
         version: 5.0.0
@@ -364,15 +337,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -398,18 +368,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -437,15 +395,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -471,18 +426,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -510,15 +453,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -550,18 +490,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -589,15 +517,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -629,18 +554,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -668,15 +581,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -705,18 +615,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -744,15 +642,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -784,18 +679,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.14.3)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.14.3)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.14.3)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.5.3)
       '@shopify/jest-koa-mocks':
         specifier: ^5.0.0
         version: 5.0.0
@@ -826,15 +709,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.14.3
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.14.3)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -860,18 +740,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -899,15 +767,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -933,18 +798,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -972,15 +825,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1006,18 +856,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1045,15 +883,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1082,18 +917,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1121,15 +944,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1158,18 +978,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1197,15 +1005,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1231,18 +1036,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.14.3)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.14.3)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.14.3)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1270,15 +1063,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.14.3
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.14.3)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1304,18 +1094,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1343,15 +1121,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1380,18 +1155,6 @@ importers:
       '@logto/cloud':
         specifier: 0.2.5-3b703da
         version: 0.2.5-3b703da(zod@3.23.8)
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1419,15 +1182,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1453,18 +1213,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1492,15 +1240,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1526,18 +1271,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1565,15 +1298,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1599,18 +1329,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1638,15 +1356,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1672,18 +1387,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1711,15 +1414,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1745,18 +1445,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1784,15 +1472,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1818,18 +1503,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1857,15 +1530,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1891,18 +1561,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -1930,15 +1588,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -1964,18 +1619,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2003,15 +1646,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2046,18 +1686,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2085,15 +1713,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2131,18 +1756,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2170,15 +1783,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2210,18 +1820,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2249,15 +1847,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2283,18 +1878,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2322,15 +1905,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2356,18 +1936,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2395,15 +1963,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2432,18 +1997,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2474,15 +2027,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2508,18 +2058,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2547,15 +2085,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2581,18 +2116,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2620,15 +2143,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2654,18 +2174,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2693,15 +2201,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2727,18 +2232,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2766,15 +2259,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -2800,18 +2290,6 @@ importers:
         specifier: ^3.23.8
         version: 3.23.8
     devDependencies:
-      '@rollup/plugin-commonjs':
-        specifier: ^26.0.0
-        version: 26.0.1(rollup@4.12.0)
-      '@rollup/plugin-json':
-        specifier: ^6.1.0
-        version: 6.1.0(rollup@4.12.0)
-      '@rollup/plugin-node-resolve':
-        specifier: ^15.2.3
-        version: 15.2.3(rollup@4.12.0)
-      '@rollup/plugin-typescript':
-        specifier: ^11.1.6
-        version: 11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)
       '@silverhand/eslint-config':
         specifier: 6.0.1
         version: 6.0.1(eslint@8.57.0)(prettier@3.0.0)(typescript@5.5.3)
@@ -2839,15 +2317,12 @@ importers:
       prettier:
         specifier: ^3.0.0
         version: 3.0.0
-      rollup:
-        specifier: ^4.12.0
-        version: 4.12.0
-      rollup-plugin-output-size:
-        specifier: ^1.3.0
-        version: 1.3.0(rollup@4.12.0)
       supertest:
         specifier: ^7.0.0
         version: 7.0.0
+      tsup:
+        specifier: ^8.1.0
+        version: 8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3))(typescript@5.5.3)
       typescript:
         specifier: ^5.5.3
         version: 5.5.3
@@ -5692,24 +5167,6 @@ packages:
     resolution: {integrity: sha512-bkUDCp8o1MvFO+qxkODcbhSqRa6P2GXgrGZVpt0dCXNW2HCSCqYI0ZoAqEOSAjRWmmlKcYgFvN4B4S+zo/f8kg==}
     engines: {node: '>=14'}
 
-  '@rollup/plugin-commonjs@26.0.1':
-    resolution: {integrity: sha512-UnsKoZK6/aGIH6AdkptXhNvhaqftcjq3zZdT+LY5Ftms6JR06nADcDsYp5hTU9E2lbJUEOhdlY5J4DNTneM+jQ==}
-    engines: {node: '>=16.0.0 || 14 >= 14.17'}
-    peerDependencies:
-      rollup: ^2.68.0||^3.0.0||^4.0.0
-    peerDependenciesMeta:
-      rollup:
-        optional: true
-
-  '@rollup/plugin-json@6.1.0':
-    resolution: {integrity: sha512-EGI2te5ENk1coGeADSIwZ7G2Q8CJS2sF120T7jLw4xFw9n7wIOXHo+kIYRAoVpJAN+kmqZSoO3Fp4JtoNF4ReA==}
-    engines: {node: '>=14.0.0'}
-    peerDependencies:
-      rollup: ^1.20.0||^2.0.0||^3.0.0||^4.0.0
-    peerDependenciesMeta:
-      rollup:
-        optional: true
-
   '@rollup/plugin-node-resolve@15.2.3':
     resolution: {integrity: sha512-j/lym8nf5E21LwBT4Df1VD6hRO2L2iwUeUmP7litikRsVp1H6NWx20NEp0Y7su+7XGc476GnXXc4kFeZNGmaSQ==}
     engines: {node: '>=14.0.0'}
@@ -5719,19 +5176,6 @@ packages:
       rollup:
         optional: true
 
-  '@rollup/plugin-typescript@11.1.6':
-    resolution: {integrity: sha512-R92yOmIACgYdJ7dJ97p4K69I8gg6IEHt8M7dUBxN3W6nrO8uUxX5ixl0yU/N3aZTi8WhPuICvOHXQvF6FaykAA==}
-    engines: {node: '>=14.0.0'}
-    peerDependencies:
-      rollup: ^2.14.0||^3.0.0||^4.0.0
-      tslib: '*'
-      typescript: '>=3.7.0'
-    peerDependenciesMeta:
-      rollup:
-        optional: true
-      tslib:
-        optional: true
-
   '@rollup/pluginutils@5.1.0':
     resolution: {integrity: sha512-XTIWOPPcpvyKI6L1NHo0lFlCyznUEyPmPY1mc3KpPVDYulHSTvyeLNVW00QTLIAFNhR3kYnJTQHeGqU4M3n09g==}
     engines: {node: '>=14.0.0'}
@@ -5741,51 +5185,26 @@ packages:
       rollup:
         optional: true
 
-  '@rollup/rollup-android-arm-eabi@4.12.0':
-    resolution: {integrity: sha512-+ac02NL/2TCKRrJu2wffk1kZ+RyqxVUlbjSagNgPm94frxtr+XDL12E5Ll1enWskLrtrZ2r8L3wED1orIibV/w==}
-    cpu: [arm]
-    os: [android]
-
   '@rollup/rollup-android-arm-eabi@4.14.3':
     resolution: {integrity: sha512-X9alQ3XM6I9IlSlmC8ddAvMSyG1WuHk5oUnXGw+yUBs3BFoTizmG1La/Gr8fVJvDWAq+zlYTZ9DBgrlKRVY06g==}
     cpu: [arm]
     os: [android]
 
-  '@rollup/rollup-android-arm64@4.12.0':
-    resolution: {integrity: sha512-OBqcX2BMe6nvjQ0Nyp7cC90cnumt8PXmO7Dp3gfAju/6YwG0Tj74z1vKrfRz7qAv23nBcYM8BCbhrsWqO7PzQQ==}
-    cpu: [arm64]
-    os: [android]
-
   '@rollup/rollup-android-arm64@4.14.3':
     resolution: {integrity: sha512-eQK5JIi+POhFpzk+LnjKIy4Ks+pwJ+NXmPxOCSvOKSNRPONzKuUvWE+P9JxGZVxrtzm6BAYMaL50FFuPe0oWMQ==}
     cpu: [arm64]
     os: [android]
 
-  '@rollup/rollup-darwin-arm64@4.12.0':
-    resolution: {integrity: sha512-X64tZd8dRE/QTrBIEs63kaOBG0b5GVEd3ccoLtyf6IdXtHdh8h+I56C2yC3PtC9Ucnv0CpNFJLqKFVgCYe0lOQ==}
-    cpu: [arm64]
-    os: [darwin]
-
   '@rollup/rollup-darwin-arm64@4.14.3':
     resolution: {integrity: sha512-Od4vE6f6CTT53yM1jgcLqNfItTsLt5zE46fdPaEmeFHvPs5SjZYlLpHrSiHEKR1+HdRfxuzXHjDOIxQyC3ptBA==}
     cpu: [arm64]
     os: [darwin]
 
-  '@rollup/rollup-darwin-x64@4.12.0':
-    resolution: {integrity: sha512-cc71KUZoVbUJmGP2cOuiZ9HSOP14AzBAThn3OU+9LcA1+IUqswJyR1cAJj3Mg55HbjZP6OLAIscbQsQLrpgTOg==}
-    cpu: [x64]
-    os: [darwin]
-
   '@rollup/rollup-darwin-x64@4.14.3':
     resolution: {integrity: sha512-0IMAO21axJeNIrvS9lSe/PGthc8ZUS+zC53O0VhF5gMxfmcKAP4ESkKOCwEi6u2asUrt4mQv2rjY8QseIEb1aw==}
     cpu: [x64]
     os: [darwin]
 
-  '@rollup/rollup-linux-arm-gnueabihf@4.12.0':
-    resolution: {integrity: sha512-a6w/Y3hyyO6GlpKL2xJ4IOh/7d+APaqLYdMf86xnczU3nurFTaVN9s9jOXQg97BE4nYm/7Ga51rjec5nfRdrvA==}
-    cpu: [arm]
-    os: [linux]
-
   '@rollup/rollup-linux-arm-gnueabihf@4.14.3':
     resolution: {integrity: sha512-ge2DC7tHRHa3caVEoSbPRJpq7azhG+xYsd6u2MEnJ6XzPSzQsTKyXvh6iWjXRf7Rt9ykIUWHtl0Uz3T6yXPpKw==}
     cpu: [arm]
@@ -5796,21 +5215,11 @@ packages:
     cpu: [arm]
     os: [linux]
 
-  '@rollup/rollup-linux-arm64-gnu@4.12.0':
-    resolution: {integrity: sha512-0fZBq27b+D7Ar5CQMofVN8sggOVhEtzFUwOwPppQt0k+VR+7UHMZZY4y+64WJ06XOhBTKXtQB/Sv0NwQMXyNAA==}
-    cpu: [arm64]
-    os: [linux]
-
   '@rollup/rollup-linux-arm64-gnu@4.14.3':
     resolution: {integrity: sha512-Eci2us9VTHm1eSyn5/eEpaC7eP/mp5n46gTRB3Aar3BgSvDQGJZuicyq6TsH4HngNBgVqC5sDYxOzTExSU+NjA==}
     cpu: [arm64]
     os: [linux]
 
-  '@rollup/rollup-linux-arm64-musl@4.12.0':
-    resolution: {integrity: sha512-eTvzUS3hhhlgeAv6bfigekzWZjaEX9xP9HhxB0Dvrdbkk5w/b+1Sxct2ZuDxNJKzsRStSq1EaEkVSEe7A7ipgQ==}
-    cpu: [arm64]
-    os: [linux]
-
   '@rollup/rollup-linux-arm64-musl@4.14.3':
     resolution: {integrity: sha512-UrBoMLCq4E92/LCqlh+blpqMz5h1tJttPIniwUgOFJyjWI1qrtrDhhpHPuFxULlUmjFHfloWdixtDhSxJt5iKw==}
     cpu: [arm64]
@@ -5821,11 +5230,6 @@ packages:
     cpu: [ppc64]
     os: [linux]
 
-  '@rollup/rollup-linux-riscv64-gnu@4.12.0':
-    resolution: {integrity: sha512-ix+qAB9qmrCRiaO71VFfY8rkiAZJL8zQRXveS27HS+pKdjwUfEhqo2+YF2oI+H/22Xsiski+qqwIBxVewLK7sw==}
-    cpu: [riscv64]
-    os: [linux]
-
   '@rollup/rollup-linux-riscv64-gnu@4.14.3':
     resolution: {integrity: sha512-sk/Qh1j2/RJSX7FhEpJn8n0ndxy/uf0kI/9Zc4b1ELhqULVdTfN6HL31CDaTChiBAOgLcsJ1sgVZjWv8XNEsAQ==}
     cpu: [riscv64]
@@ -5836,51 +5240,26 @@ packages:
     cpu: [s390x]
     os: [linux]
 
-  '@rollup/rollup-linux-x64-gnu@4.12.0':
-    resolution: {integrity: sha512-TenQhZVOtw/3qKOPa7d+QgkeM6xY0LtwzR8OplmyL5LrgTWIXpTQg2Q2ycBf8jm+SFW2Wt/DTn1gf7nFp3ssVA==}
-    cpu: [x64]
-    os: [linux]
-
   '@rollup/rollup-linux-x64-gnu@4.14.3':
     resolution: {integrity: sha512-8ybV4Xjy59xLMyWo3GCfEGqtKV5M5gCSrZlxkPGvEPCGDLNla7v48S662HSGwRd6/2cSneMQWiv+QzcttLrrOA==}
     cpu: [x64]
     os: [linux]
 
-  '@rollup/rollup-linux-x64-musl@4.12.0':
-    resolution: {integrity: sha512-LfFdRhNnW0zdMvdCb5FNuWlls2WbbSridJvxOvYWgSBOYZtgBfW9UGNJG//rwMqTX1xQE9BAodvMH9tAusKDUw==}
-    cpu: [x64]
-    os: [linux]
-
   '@rollup/rollup-linux-x64-musl@4.14.3':
     resolution: {integrity: sha512-s+xf1I46trOY10OqAtZ5Rm6lzHre/UiLA1J2uOhCFXWkbZrJRkYBPO6FhvGfHmdtQ3Bx793MNa7LvoWFAm93bg==}
     cpu: [x64]
     os: [linux]
 
-  '@rollup/rollup-win32-arm64-msvc@4.12.0':
-    resolution: {integrity: sha512-JPDxovheWNp6d7AHCgsUlkuCKvtu3RB55iNEkaQcf0ttsDU/JZF+iQnYcQJSk/7PtT4mjjVG8N1kpwnI9SLYaw==}
-    cpu: [arm64]
-    os: [win32]
-
   '@rollup/rollup-win32-arm64-msvc@4.14.3':
     resolution: {integrity: sha512-+4h2WrGOYsOumDQ5S2sYNyhVfrue+9tc9XcLWLh+Kw3UOxAvrfOrSMFon60KspcDdytkNDh7K2Vs6eMaYImAZg==}
     cpu: [arm64]
     os: [win32]
 
-  '@rollup/rollup-win32-ia32-msvc@4.12.0':
-    resolution: {integrity: sha512-fjtuvMWRGJn1oZacG8IPnzIV6GF2/XG+h71FKn76OYFqySXInJtseAqdprVTDTyqPxQOG9Exak5/E9Z3+EJ8ZA==}
-    cpu: [ia32]
-    os: [win32]
-
   '@rollup/rollup-win32-ia32-msvc@4.14.3':
     resolution: {integrity: sha512-T1l7y/bCeL/kUwh9OD4PQT4aM7Bq43vX05htPJJ46RTI4r5KNt6qJRzAfNfM+OYMNEVBWQzR2Gyk+FXLZfogGw==}
     cpu: [ia32]
     os: [win32]
 
-  '@rollup/rollup-win32-x64-msvc@4.12.0':
-    resolution: {integrity: sha512-ZYmr5mS2wd4Dew/JjT0Fqi2NPB/ZhZ2VvPp7SmvPZb4Y1CG/LRcS6tcRo2cYU7zLK5A7cdbhWnnWmUjoI4qapg==}
-    cpu: [x64]
-    os: [win32]
-
   '@rollup/rollup-win32-x64-msvc@4.14.3':
     resolution: {integrity: sha512-/BypzV0H1y1HzgYpxqRaXGBRqfodgoBBCcsrujT6QRcakDQdfU+Lq9PENPh5jB4I44YWq+0C2eHsHya+nZY1sA==}
     cpu: [x64]
@@ -7529,9 +6908,6 @@ packages:
     resolution: {integrity: sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==}
     engines: {node: '>= 12'}
 
-  commondir@1.0.1:
-    resolution: {integrity: sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==}
-
   compare-func@2.0.0:
     resolution: {integrity: sha512-zHig5N+tPWARooBnb0Zx1MFcdfpyJrfTJ3Y5L+IFvUm8rM74hHz66z0gw0x4tijh5CorKkKUCnW82R2vmpeCRA==}
 
@@ -8132,9 +7508,6 @@ packages:
     resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==}
     engines: {node: '>=12'}
 
-  duplexer@0.1.2:
-    resolution: {integrity: sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==}
-
   duplexify@4.1.3:
     resolution: {integrity: sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==}
 
@@ -8980,10 +8353,6 @@ packages:
     resolution: {integrity: sha512-KcFVtoP1CVFtQu0aSk3AyAt2og66PFhZAlkUOuWKwzMLoulHXG5W5wE5xAnHb+yl3/wEFoqGW7/cDGMU8igDZQ==}
     engines: {node: '>=14.0.0'}
 
-  gzip-size@7.0.0:
-    resolution: {integrity: sha512-O1Ld7Dr+nqPnmGpdhzLmMTQ4vAsD+rHwMm1NLUmoUFFymBOMKxCCrtDxqdBRYXdeEPEi3SyoR4TizJLQrnKBNA==}
-    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
-
   happy-dom@14.12.3:
     resolution: {integrity: sha512-vsYlEs3E9gLwA1Hp+w3qzu+RUDFf4VTT8cyKqVICoZ2k7WM++Qyd2LwzyTi5bqMJFiIC/vNpTDYuxdreENRK/g==}
     engines: {node: '>=16.0.0'}
@@ -9484,9 +8853,6 @@ packages:
   is-proto-prop@2.0.0:
     resolution: {integrity: sha512-jl3NbQ/fGLv5Jhan4uX+Ge9ohnemqyblWVVCpAvtTQzNFvV2xhJq+esnkIbYQ9F1nITXoLfDDQLp7LBw/zzncg==}
 
-  is-reference@1.2.1:
-    resolution: {integrity: sha512-U82MsXXiFIrjCK4otLT+o2NA2Cd2g5MLoOVXUZjIOhLurrRxpEXzI8O0KZHr3IjLvlAH1kTPYSuqer5T9ZVBKQ==}
-
   is-reference@3.0.2:
     resolution: {integrity: sha512-v3rht/LgVcsdZa3O2Nqs+NMowLOxeOm7Ay9+/ARQ2F+qEoANRcqrjAZKGN0v8ymUetZGgkp26LTnGT7H0Qo9Pg==}
 
@@ -10288,10 +9654,6 @@ packages:
   magic-string@0.30.10:
     resolution: {integrity: sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==}
 
-  magic-string@0.30.7:
-    resolution: {integrity: sha512-8vBuFF/I/+OSLRmdf2wwFCJCz+nSn0m6DPvGH1fS/KiQoSaR+sETbov0eIk9KhEKy8CYqIkIAnbohxT/4H0kuA==}
-    engines: {node: '>=12'}
-
   magicast@0.3.4:
     resolution: {integrity: sha512-TyDF/Pn36bBji9rWKHlZe+PZb6Mx5V8IHCSxk7X4aljM4e/vyDvZZYwHewdVaqiA0nb3ghfHU/6AUpDxWoER2Q==}
 
@@ -11403,10 +10765,6 @@ packages:
     engines: {node: '>=14'}
     hasBin: true
 
-  pretty-bytes@6.1.1:
-    resolution: {integrity: sha512-mQUvGU6aUFQ+rNvTIAcZuWGRT9a6f6Yrg9bHs4ImKF+HZCEK+plBvnAZYSIQztknZF2qnzNtr6F8s0+IuptdlQ==}
-    engines: {node: ^14.13.1 || >=16.0.0}
-
   pretty-format@27.5.1:
     resolution: {integrity: sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==}
     engines: {node: ^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0}
@@ -11962,20 +11320,6 @@ packages:
   robust-predicates@3.0.2:
     resolution: {integrity: sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==}
 
-  rollup-plugin-output-size@1.3.0:
-    resolution: {integrity: sha512-OrTfhj8mxFAO4Yp7OEWwI388uhsiBNDCpfD6tOmcqPfNs5+CWZPDtVmTRZrmXMWfv8skWCOm5ToO4UPy7eRqYg==}
-    engines: {node: '>=14.16.0'}
-    peerDependencies:
-      rollup: ^2.0.0 || ^3.0.0 || ^4.0.0
-    peerDependenciesMeta:
-      rollup:
-        optional: true
-
-  rollup@4.12.0:
-    resolution: {integrity: sha512-wz66wn4t1OHIJw3+XU7mJJQV/2NAfw5OAk6G6Hoo3zcvz/XOfQ52Vgi+AN4Uxoxi0KBBwk2g8zPrTDA4btSB/Q==}
-    engines: {node: '>=18.0.0', npm: '>=8.0.0'}
-    hasBin: true
-
   rollup@4.14.3:
     resolution: {integrity: sha512-ag5tTQKYsj1bhrFC9+OEWqb5O6VYgtQDO9hPDBMmIbePwhfSr+ExlcU741t8Dhw5DkPCQf6noz0jb36D6W9/hw==}
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
@@ -15494,51 +14838,6 @@ snapshots:
 
   '@remix-run/router@1.5.0': {}
 
-  '@rollup/plugin-commonjs@26.0.1(rollup@4.12.0)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.12.0)
-      commondir: 1.0.1
-      estree-walker: 2.0.2
-      glob: 10.4.2
-      is-reference: 1.2.1
-      magic-string: 0.30.7
-    optionalDependencies:
-      rollup: 4.12.0
-
-  '@rollup/plugin-commonjs@26.0.1(rollup@4.14.3)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
-      commondir: 1.0.1
-      estree-walker: 2.0.2
-      glob: 10.4.2
-      is-reference: 1.2.1
-      magic-string: 0.30.7
-    optionalDependencies:
-      rollup: 4.14.3
-
-  '@rollup/plugin-json@6.1.0(rollup@4.12.0)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.12.0)
-    optionalDependencies:
-      rollup: 4.12.0
-
-  '@rollup/plugin-json@6.1.0(rollup@4.14.3)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
-    optionalDependencies:
-      rollup: 4.14.3
-
-  '@rollup/plugin-node-resolve@15.2.3(rollup@4.12.0)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.12.0)
-      '@types/resolve': 1.20.2
-      deepmerge: 4.3.1
-      is-builtin-module: 3.2.1
-      is-module: 1.0.0
-      resolve: 1.22.2
-    optionalDependencies:
-      rollup: 4.12.0
-
   '@rollup/plugin-node-resolve@15.2.3(rollup@4.14.3)':
     dependencies:
       '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
@@ -15550,32 +14849,6 @@ snapshots:
     optionalDependencies:
       rollup: 4.14.3
 
-  '@rollup/plugin-typescript@11.1.6(rollup@4.12.0)(tslib@2.6.2)(typescript@5.5.3)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.12.0)
-      resolve: 1.22.8
-      typescript: 5.5.3
-    optionalDependencies:
-      rollup: 4.12.0
-      tslib: 2.6.2
-
-  '@rollup/plugin-typescript@11.1.6(rollup@4.14.3)(tslib@2.6.2)(typescript@5.5.3)':
-    dependencies:
-      '@rollup/pluginutils': 5.1.0(rollup@4.14.3)
-      resolve: 1.22.8
-      typescript: 5.5.3
-    optionalDependencies:
-      rollup: 4.14.3
-      tslib: 2.6.2
-
-  '@rollup/pluginutils@5.1.0(rollup@4.12.0)':
-    dependencies:
-      '@types/estree': 1.0.5
-      estree-walker: 2.0.2
-      picomatch: 2.3.1
-    optionalDependencies:
-      rollup: 4.12.0
-
   '@rollup/pluginutils@5.1.0(rollup@4.14.3)':
     dependencies:
       '@types/estree': 1.0.5
@@ -15584,90 +14857,51 @@ snapshots:
     optionalDependencies:
       rollup: 4.14.3
 
-  '@rollup/rollup-android-arm-eabi@4.12.0':
-    optional: true
-
   '@rollup/rollup-android-arm-eabi@4.14.3':
     optional: true
 
-  '@rollup/rollup-android-arm64@4.12.0':
-    optional: true
-
   '@rollup/rollup-android-arm64@4.14.3':
     optional: true
 
-  '@rollup/rollup-darwin-arm64@4.12.0':
-    optional: true
-
   '@rollup/rollup-darwin-arm64@4.14.3':
     optional: true
 
-  '@rollup/rollup-darwin-x64@4.12.0':
-    optional: true
-
   '@rollup/rollup-darwin-x64@4.14.3':
     optional: true
 
-  '@rollup/rollup-linux-arm-gnueabihf@4.12.0':
-    optional: true
-
   '@rollup/rollup-linux-arm-gnueabihf@4.14.3':
     optional: true
 
   '@rollup/rollup-linux-arm-musleabihf@4.14.3':
     optional: true
 
-  '@rollup/rollup-linux-arm64-gnu@4.12.0':
-    optional: true
-
   '@rollup/rollup-linux-arm64-gnu@4.14.3':
     optional: true
 
-  '@rollup/rollup-linux-arm64-musl@4.12.0':
-    optional: true
-
   '@rollup/rollup-linux-arm64-musl@4.14.3':
     optional: true
 
   '@rollup/rollup-linux-powerpc64le-gnu@4.14.3':
     optional: true
 
-  '@rollup/rollup-linux-riscv64-gnu@4.12.0':
-    optional: true
-
   '@rollup/rollup-linux-riscv64-gnu@4.14.3':
     optional: true
 
   '@rollup/rollup-linux-s390x-gnu@4.14.3':
     optional: true
 
-  '@rollup/rollup-linux-x64-gnu@4.12.0':
-    optional: true
-
   '@rollup/rollup-linux-x64-gnu@4.14.3':
     optional: true
 
-  '@rollup/rollup-linux-x64-musl@4.12.0':
-    optional: true
-
   '@rollup/rollup-linux-x64-musl@4.14.3':
     optional: true
 
-  '@rollup/rollup-win32-arm64-msvc@4.12.0':
-    optional: true
-
   '@rollup/rollup-win32-arm64-msvc@4.14.3':
     optional: true
 
-  '@rollup/rollup-win32-ia32-msvc@4.12.0':
-    optional: true
-
   '@rollup/rollup-win32-ia32-msvc@4.14.3':
     optional: true
 
-  '@rollup/rollup-win32-x64-msvc@4.12.0':
-    optional: true
-
   '@rollup/rollup-win32-x64-msvc@4.14.3':
     optional: true
 
@@ -17761,8 +16995,6 @@ snapshots:
 
   commander@8.3.0: {}
 
-  commondir@1.0.1: {}
-
   compare-func@2.0.0:
     dependencies:
       array-ify: 1.0.0
@@ -18371,8 +17603,6 @@ snapshots:
 
   dotenv@16.4.5: {}
 
-  duplexer@0.1.2: {}
-
   duplexify@4.1.3:
     dependencies:
       end-of-stream: 1.4.4
@@ -19506,10 +18736,6 @@ snapshots:
       - encoding
       - supports-color
 
-  gzip-size@7.0.0:
-    dependencies:
-      duplexer: 0.1.2
-
   happy-dom@14.12.3:
     dependencies:
       entities: 4.5.0
@@ -20025,10 +19251,6 @@ snapshots:
       lowercase-keys: 1.0.1
       proto-props: 2.0.0
 
-  is-reference@1.2.1:
-    dependencies:
-      '@types/estree': 1.0.5
-
   is-reference@3.0.2:
     dependencies:
       '@types/estree': 1.0.5
@@ -21225,10 +20447,6 @@ snapshots:
     dependencies:
       '@jridgewell/sourcemap-codec': 1.4.15
 
-  magic-string@0.30.7:
-    dependencies:
-      '@jridgewell/sourcemap-codec': 1.4.15
-
   magicast@0.3.4:
     dependencies:
       '@babel/parser': 7.24.4
@@ -22580,6 +21798,14 @@ snapshots:
       postcss: 8.4.39
       ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.10.4)(typescript@5.5.3)
 
+  postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3)):
+    dependencies:
+      lilconfig: 3.1.2
+      yaml: 2.4.5
+    optionalDependencies:
+      postcss: 8.4.39
+      ts-node: 10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3)
+
   postcss-load-config@4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2)):
     dependencies:
       lilconfig: 3.1.2
@@ -22744,8 +21970,6 @@ snapshots:
 
   prettier@3.0.0: {}
 
-  pretty-bytes@6.1.1: {}
-
   pretty-format@27.5.1:
     dependencies:
       ansi-regex: 5.0.1
@@ -23389,41 +22613,6 @@ snapshots:
 
   robust-predicates@3.0.2: {}
 
-  rollup-plugin-output-size@1.3.0(rollup@4.12.0):
-    dependencies:
-      colorette: 2.0.20
-      gzip-size: 7.0.0
-      pretty-bytes: 6.1.1
-    optionalDependencies:
-      rollup: 4.12.0
-
-  rollup-plugin-output-size@1.3.0(rollup@4.14.3):
-    dependencies:
-      colorette: 2.0.20
-      gzip-size: 7.0.0
-      pretty-bytes: 6.1.1
-    optionalDependencies:
-      rollup: 4.14.3
-
-  rollup@4.12.0:
-    dependencies:
-      '@types/estree': 1.0.5
-    optionalDependencies:
-      '@rollup/rollup-android-arm-eabi': 4.12.0
-      '@rollup/rollup-android-arm64': 4.12.0
-      '@rollup/rollup-darwin-arm64': 4.12.0
-      '@rollup/rollup-darwin-x64': 4.12.0
-      '@rollup/rollup-linux-arm-gnueabihf': 4.12.0
-      '@rollup/rollup-linux-arm64-gnu': 4.12.0
-      '@rollup/rollup-linux-arm64-musl': 4.12.0
-      '@rollup/rollup-linux-riscv64-gnu': 4.12.0
-      '@rollup/rollup-linux-x64-gnu': 4.12.0
-      '@rollup/rollup-linux-x64-musl': 4.12.0
-      '@rollup/rollup-win32-arm64-msvc': 4.12.0
-      '@rollup/rollup-win32-ia32-msvc': 4.12.0
-      '@rollup/rollup-win32-x64-msvc': 4.12.0
-      fsevents: 2.3.3
-
   rollup@4.14.3:
     dependencies:
       '@types/estree': 1.0.5
@@ -24232,6 +23421,27 @@ snapshots:
       '@swc/core': 1.3.52(@swc/helpers@0.5.1)
     optional: true
 
+  ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3):
+    dependencies:
+      '@cspotcode/source-map-support': 0.8.1
+      '@tsconfig/node10': 1.0.9
+      '@tsconfig/node12': 1.0.11
+      '@tsconfig/node14': 1.0.3
+      '@tsconfig/node16': 1.0.4
+      '@types/node': 20.11.20
+      acorn: 8.11.3
+      acorn-walk: 8.3.2
+      arg: 4.1.3
+      create-require: 1.1.1
+      diff: 4.0.2
+      make-error: 1.3.6
+      typescript: 5.5.3
+      v8-compile-cache-lib: 3.0.1
+      yn: 3.1.1
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+    optional: true
+
   ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2):
     dependencies:
       '@cspotcode/source-map-support': 0.8.1
@@ -24315,6 +23525,30 @@ snapshots:
       - supports-color
       - ts-node
 
+  tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))(typescript@5.5.3):
+    dependencies:
+      bundle-require: 4.2.1(esbuild@0.21.5)
+      cac: 6.7.14
+      chokidar: 3.5.3
+      debug: 4.3.4
+      esbuild: 0.21.5
+      execa: 5.1.1
+      globby: 11.1.0
+      joycon: 3.1.1
+      postcss-load-config: 4.0.2(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.11.20)(typescript@5.5.3))
+      resolve-from: 5.0.0
+      rollup: 4.14.3
+      source-map: 0.8.0-beta.0
+      sucrase: 3.35.0
+      tree-kill: 1.2.2
+    optionalDependencies:
+      '@swc/core': 1.3.52(@swc/helpers@0.5.1)
+      postcss: 8.4.39
+      typescript: 5.5.3
+    transitivePeerDependencies:
+      - supports-color
+      - ts-node
+
   tsup@8.1.0(@swc/core@1.3.52)(postcss@8.4.39)(ts-node@10.9.2(@swc/core@1.3.52)(@types/node@20.12.7)(typescript@5.0.2))(typescript@5.0.2):
     dependencies:
       bundle-require: 4.2.1(esbuild@0.21.5)

From 210fb6ef73e10b258859306ae1d840634304075e Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Sun, 28 Jul 2024 13:55:55 +0800
Subject: [PATCH 126/135] ci: add check job

---
 .github/workflows/main.yml                    | 22 +++++++++++++------
 .../connector-alipay-native/package.json      |  1 +
 .../connector-alipay-web/package.json         |  1 +
 .../connector-aliyun-dm/package.json          |  1 +
 .../connector-aliyun-sms/package.json         |  1 +
 .../connectors/connector-apple/package.json   |  1 +
 .../connectors/connector-aws-ses/package.json |  1 +
 .../connectors/connector-azuread/package.json |  1 +
 .../connector-dingtalk-web/package.json       |  1 +
 .../connectors/connector-discord/package.json |  1 +
 .../connector-facebook/package.json           |  1 +
 .../connector-feishu-web/package.json         |  1 +
 .../connectors/connector-github/package.json  |  1 +
 .../connectors/connector-google/package.json  |  1 +
 .../connector-huggingface/package.json        |  1 +
 .../connectors/connector-kakao/package.json   |  1 +
 .../connector-logto-email/package.json        |  1 +
 .../connector-logto-sms/package.json          |  1 +
 .../connector-logto-social-demo/package.json  |  1 +
 .../connectors/connector-mailgun/package.json |  1 +
 .../package.json                              |  1 +
 .../connector-mock-email/package.json         |  1 +
 .../connector-mock-sms/package.json           |  1 +
 .../connector-mock-social/package.json        |  1 +
 .../connectors/connector-naver/package.json   |  1 +
 .../connectors/connector-oauth2/package.json  |  1 +
 .../connectors/connector-oidc/package.json    |  1 +
 .../connectors/connector-saml/package.json    |  1 +
 .../connector-sendgrid-email/package.json     |  1 +
 .../connectors/connector-smsaero/package.json |  1 +
 .../connectors/connector-smtp/package.json    |  1 +
 .../connector-tencent-sms/package.json        |  1 +
 .../connector-twilio-sms/package.json         |  1 +
 .../connector-wechat-native/package.json      |  1 +
 .../connector-wechat-web/package.json         |  1 +
 .../connectors/connector-wecom/package.json   |  1 +
 packages/connectors/templates/package.json    |  1 +
 packages/console/package.json                 |  2 +-
 packages/core/package.json                    |  1 +
 packages/demo-app/package.json                |  2 +-
 packages/experience/package.json              |  2 +-
 packages/integration-tests/package.json       |  1 +
 42 files changed, 56 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 8e51aadc1d94..1afaf44a0dcc 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -20,12 +20,25 @@ jobs:
 
       - name: Setup Node and pnpm
         uses: silverhand-io/actions-node-pnpm-run-steps@v5
-        with:
-          pnpm-version: 9
 
       - name: Build
         run: pnpm ci:build
 
+  main-check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node and pnpm
+        uses: silverhand-io/actions-node-pnpm-run-steps@v5
+
+      - name: Prepack
+        run: pnpm prepack
+
+      - name: Check
+        run: pnpm -r check
+
   main-lint:
     runs-on: ubuntu-latest
 
@@ -34,8 +47,6 @@ jobs:
 
       - name: Setup Node and pnpm
         uses: silverhand-io/actions-node-pnpm-run-steps@v5
-        with:
-          pnpm-version: 9
 
       - name: Prepack
         run: pnpm prepack
@@ -54,8 +65,6 @@ jobs:
 
       - name: Setup Node and pnpm
         uses: silverhand-io/actions-node-pnpm-run-steps@v5
-        with:
-          pnpm-version: 9
 
       - name: Build for test
         run: pnpm -r build:test
@@ -122,7 +131,6 @@ jobs:
       - name: Setup Node and pnpm
         uses: silverhand-io/actions-node-pnpm-run-steps@v5
         with:
-          pnpm-version: 9
           run-install: false
 
       # ** Prepack packages **
diff --git a/packages/connectors/connector-alipay-native/package.json b/packages/connectors/connector-alipay-native/package.json
index 8fe8dc04c863..13338c76da3d 100644
--- a/packages/connectors/connector-alipay-native/package.json
+++ b/packages/connectors/connector-alipay-native/package.json
@@ -41,6 +41,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-alipay-web/package.json b/packages/connectors/connector-alipay-web/package.json
index 97d5b24bf10f..c74bee8bbd3b 100644
--- a/packages/connectors/connector-alipay-web/package.json
+++ b/packages/connectors/connector-alipay-web/package.json
@@ -40,6 +40,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-aliyun-dm/package.json b/packages/connectors/connector-aliyun-dm/package.json
index dc66d212a8b1..4cc5a34d22a8 100644
--- a/packages/connectors/connector-aliyun-dm/package.json
+++ b/packages/connectors/connector-aliyun-dm/package.json
@@ -22,6 +22,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-aliyun-sms/package.json b/packages/connectors/connector-aliyun-sms/package.json
index 2642eb7b7541..3976ccce41a9 100644
--- a/packages/connectors/connector-aliyun-sms/package.json
+++ b/packages/connectors/connector-aliyun-sms/package.json
@@ -22,6 +22,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-apple/package.json b/packages/connectors/connector-apple/package.json
index 3da2456319dc..2f629e9ab1f0 100644
--- a/packages/connectors/connector-apple/package.json
+++ b/packages/connectors/connector-apple/package.json
@@ -24,6 +24,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-aws-ses/package.json b/packages/connectors/connector-aws-ses/package.json
index 436e0c66f60a..756ca637b012 100644
--- a/packages/connectors/connector-aws-ses/package.json
+++ b/packages/connectors/connector-aws-ses/package.json
@@ -25,6 +25,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-azuread/package.json b/packages/connectors/connector-azuread/package.json
index 5b5e70bd5525..35c8de46bf20 100644
--- a/packages/connectors/connector-azuread/package.json
+++ b/packages/connectors/connector-azuread/package.json
@@ -24,6 +24,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-dingtalk-web/package.json b/packages/connectors/connector-dingtalk-web/package.json
index 236a6a8aaeec..94617924e318 100644
--- a/packages/connectors/connector-dingtalk-web/package.json
+++ b/packages/connectors/connector-dingtalk-web/package.json
@@ -40,6 +40,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-discord/package.json b/packages/connectors/connector-discord/package.json
index 3d62613d2bae..3eab603e36fa 100644
--- a/packages/connectors/connector-discord/package.json
+++ b/packages/connectors/connector-discord/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-facebook/package.json b/packages/connectors/connector-facebook/package.json
index eb40b98c018e..2a530348b1ed 100644
--- a/packages/connectors/connector-facebook/package.json
+++ b/packages/connectors/connector-facebook/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-feishu-web/package.json b/packages/connectors/connector-feishu-web/package.json
index 9205b357dab6..3d2cedd5e7b2 100644
--- a/packages/connectors/connector-feishu-web/package.json
+++ b/packages/connectors/connector-feishu-web/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-github/package.json b/packages/connectors/connector-github/package.json
index 64bd08d10e27..46a8b6e757a0 100644
--- a/packages/connectors/connector-github/package.json
+++ b/packages/connectors/connector-github/package.json
@@ -24,6 +24,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-google/package.json b/packages/connectors/connector-google/package.json
index 2d13496d3d5b..fc5c27687954 100644
--- a/packages/connectors/connector-google/package.json
+++ b/packages/connectors/connector-google/package.json
@@ -24,6 +24,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-huggingface/package.json b/packages/connectors/connector-huggingface/package.json
index 75468cbdb40d..aa35bb3527cf 100644
--- a/packages/connectors/connector-huggingface/package.json
+++ b/packages/connectors/connector-huggingface/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-kakao/package.json b/packages/connectors/connector-kakao/package.json
index 93eec0f5dabe..7b5fbb8338a4 100644
--- a/packages/connectors/connector-kakao/package.json
+++ b/packages/connectors/connector-kakao/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-logto-email/package.json b/packages/connectors/connector-logto-email/package.json
index f47baee72ba0..1f8aca68aef3 100644
--- a/packages/connectors/connector-logto-email/package.json
+++ b/packages/connectors/connector-logto-email/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-logto-sms/package.json b/packages/connectors/connector-logto-sms/package.json
index f8f1e567016a..c74a0446d98d 100644
--- a/packages/connectors/connector-logto-sms/package.json
+++ b/packages/connectors/connector-logto-sms/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-logto-social-demo/package.json b/packages/connectors/connector-logto-social-demo/package.json
index 6fcc4efdd7a6..24b66db779d1 100644
--- a/packages/connectors/connector-logto-social-demo/package.json
+++ b/packages/connectors/connector-logto-social-demo/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-mailgun/package.json b/packages/connectors/connector-mailgun/package.json
index b84927754bc8..e6e6cc85f88a 100644
--- a/packages/connectors/connector-mailgun/package.json
+++ b/packages/connectors/connector-mailgun/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-mock-email-alternative/package.json b/packages/connectors/connector-mock-email-alternative/package.json
index d2a3f97eae8c..ab9cb69d729d 100644
--- a/packages/connectors/connector-mock-email-alternative/package.json
+++ b/packages/connectors/connector-mock-email-alternative/package.json
@@ -12,6 +12,7 @@
   },
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-mock-email/package.json b/packages/connectors/connector-mock-email/package.json
index b06f9e68fbc3..518bce6e7780 100644
--- a/packages/connectors/connector-mock-email/package.json
+++ b/packages/connectors/connector-mock-email/package.json
@@ -12,6 +12,7 @@
   },
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-mock-sms/package.json b/packages/connectors/connector-mock-sms/package.json
index 6f1f957de7f5..faf94c2f923f 100644
--- a/packages/connectors/connector-mock-sms/package.json
+++ b/packages/connectors/connector-mock-sms/package.json
@@ -12,6 +12,7 @@
   },
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-mock-social/package.json b/packages/connectors/connector-mock-social/package.json
index c8c5e9affa22..1f7ec5213b2a 100644
--- a/packages/connectors/connector-mock-social/package.json
+++ b/packages/connectors/connector-mock-social/package.json
@@ -12,6 +12,7 @@
   },
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-naver/package.json b/packages/connectors/connector-naver/package.json
index 0750778321ad..c0efba09895a 100644
--- a/packages/connectors/connector-naver/package.json
+++ b/packages/connectors/connector-naver/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-oauth2/package.json b/packages/connectors/connector-oauth2/package.json
index 0033db358ee9..b8276b1816b4 100644
--- a/packages/connectors/connector-oauth2/package.json
+++ b/packages/connectors/connector-oauth2/package.json
@@ -26,6 +26,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup && tsc --declaration --emitDeclarationOnly",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-oidc/package.json b/packages/connectors/connector-oidc/package.json
index d82f6250dbd8..b3778549fbbe 100644
--- a/packages/connectors/connector-oidc/package.json
+++ b/packages/connectors/connector-oidc/package.json
@@ -26,6 +26,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-saml/package.json b/packages/connectors/connector-saml/package.json
index 90fea9a8078f..f376a8f9853c 100644
--- a/packages/connectors/connector-saml/package.json
+++ b/packages/connectors/connector-saml/package.json
@@ -25,6 +25,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-sendgrid-email/package.json b/packages/connectors/connector-sendgrid-email/package.json
index 31c8125e9965..49eb8deb06ce 100644
--- a/packages/connectors/connector-sendgrid-email/package.json
+++ b/packages/connectors/connector-sendgrid-email/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-smsaero/package.json b/packages/connectors/connector-smsaero/package.json
index d3a39f041040..0fa44101e8ce 100644
--- a/packages/connectors/connector-smsaero/package.json
+++ b/packages/connectors/connector-smsaero/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-smtp/package.json b/packages/connectors/connector-smtp/package.json
index 39fa829198b8..597d3534f119 100644
--- a/packages/connectors/connector-smtp/package.json
+++ b/packages/connectors/connector-smtp/package.json
@@ -40,6 +40,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-tencent-sms/package.json b/packages/connectors/connector-tencent-sms/package.json
index 89fd1b335851..1854daa0962a 100644
--- a/packages/connectors/connector-tencent-sms/package.json
+++ b/packages/connectors/connector-tencent-sms/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-twilio-sms/package.json b/packages/connectors/connector-twilio-sms/package.json
index 7c7067e4ea65..58556321e150 100644
--- a/packages/connectors/connector-twilio-sms/package.json
+++ b/packages/connectors/connector-twilio-sms/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-wechat-native/package.json b/packages/connectors/connector-wechat-native/package.json
index b7e906b91cc7..a546b1556eca 100644
--- a/packages/connectors/connector-wechat-native/package.json
+++ b/packages/connectors/connector-wechat-native/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-wechat-web/package.json b/packages/connectors/connector-wechat-web/package.json
index 3ffa9f388d86..0ec46baeae22 100644
--- a/packages/connectors/connector-wechat-web/package.json
+++ b/packages/connectors/connector-wechat-web/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/connector-wecom/package.json b/packages/connectors/connector-wecom/package.json
index 79e23cae47db..a5b13c695e06 100644
--- a/packages/connectors/connector-wecom/package.json
+++ b/packages/connectors/connector-wecom/package.json
@@ -23,6 +23,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/connectors/templates/package.json b/packages/connectors/templates/package.json
index 80a6d5b1dd1a..44870bc7b36f 100644
--- a/packages/connectors/templates/package.json
+++ b/packages/connectors/templates/package.json
@@ -12,6 +12,7 @@
   ],
   "scripts": {
     "precommit": "lint-staged",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "dev": "tsup --watch",
     "lint": "eslint --ext .ts src",
diff --git a/packages/console/package.json b/packages/console/package.json
index 55a82dd6f8d4..2b67c9528777 100644
--- a/packages/console/package.json
+++ b/packages/console/package.json
@@ -17,7 +17,7 @@
     "start": "vite",
     "dev": "vite",
     "check": "tsc --noEmit",
-    "build": "pnpm generate && pnpm check && vite build",
+    "build": "pnpm generate && vite build",
     "lint": "eslint --ext .ts --ext .tsx src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"src/**/*.scss\"",
diff --git a/packages/core/package.json b/packages/core/package.json
index e08ab66cc80f..a7bc58c4a67c 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -13,6 +13,7 @@
   "scripts": {
     "precommit": "lint-staged",
     "copy:apidocs": "rsync -a -m --include '*/' --include '*.openapi.json' --exclude '*' src/routes/ build/routes/",
+    "check": "tsc --noEmit",
     "build": "tsup",
     "build:test": "rm -rf build/ && tsc -p tsconfig.test.json --sourcemap && pnpm run copy:apidocs",
     "lint": "eslint --ext .ts --ext .json src",
diff --git a/packages/demo-app/package.json b/packages/demo-app/package.json
index 4e27d25b2d09..7128bfb05366 100644
--- a/packages/demo-app/package.json
+++ b/packages/demo-app/package.json
@@ -14,7 +14,7 @@
     "start": "vite",
     "dev": "vite",
     "check": "tsc --noEmit",
-    "build": "pnpm check && vite build",
+    "build": "vite build",
     "lint": "eslint --ext .ts --ext .tsx src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"src/**/*.scss\""
diff --git a/packages/experience/package.json b/packages/experience/package.json
index 3151875bc9ff..bd15a684f949 100644
--- a/packages/experience/package.json
+++ b/packages/experience/package.json
@@ -12,7 +12,7 @@
     "start": "vite",
     "dev": "vite",
     "check": "tsc --noEmit",
-    "build": "pnpm check && vite build",
+    "build": "vite build",
     "lint": "eslint --ext .ts --ext .tsx src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"src/**/*.scss\"",
diff --git a/packages/integration-tests/package.json b/packages/integration-tests/package.json
index 00e0fa64df12..16d929f5b9ae 100644
--- a/packages/integration-tests/package.json
+++ b/packages/integration-tests/package.json
@@ -10,6 +10,7 @@
     "#src/*": "./lib/*"
   },
   "scripts": {
+    "check": "tsc --noEmit",
     "build": "tsup",
     "test:only": "NODE_OPTIONS=--experimental-vm-modules jest",
     "test": "pnpm build && pnpm test:api && pnpm test:experience && pnpm test:console",

From 17e139dff13de516ec7d6371003bc7128bc23d5e Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Mon, 29 Jul 2024 09:17:50 +0800
Subject: [PATCH 127/135] feat(console): remove beta tag for protected app
 (#6341)

---
 .../pages/Applications/components/ProtectedAppCard/index.tsx    | 2 --
 1 file changed, 2 deletions(-)

diff --git a/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx b/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx
index 9ee16e101de9..fe5f05c089cf 100644
--- a/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx
+++ b/packages/console/src/pages/Applications/components/ProtectedAppCard/index.tsx
@@ -5,7 +5,6 @@ import { Trans, useTranslation } from 'react-i18next';
 
 import ProtectedAppDarkIcon from '@/assets/icons/protected-app-dark.svg?react';
 import ProtectedAppIcon from '@/assets/icons/protected-app.svg?react';
-import { BetaTag } from '@/components/FeatureTag';
 import Button from '@/ds-components/Button';
 import TextLink from '@/ds-components/TextLink';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
@@ -48,7 +47,6 @@ function ProtectedAppCard({
               <div className={isInAppCreationPage ? styles.label : styles.title}>
                 {t(isInAppCreationPage ? 'name' : 'title')}
               </div>
-              <BetaTag />
             </div>
             <div className={styles.description}>
               <Trans

From 0a20edc3d8c691647049f9270e4d1f682ffad4f3 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Mon, 29 Jul 2024 09:20:15 +0800
Subject: [PATCH 128/135] feat(console): add passport.js guide (#6344)

---
 .../console/src/assets/docs/guides/index.tsx  |   8 +
 .../docs/guides/web-passport/README.mdx       | 163 ++++++++++++++++++
 .../docs/guides/web-passport/config.json      |   3 +
 .../assets/docs/guides/web-passport/index.ts  |  11 ++
 .../assets/docs/guides/web-passport/logo.svg  |  21 +++
 5 files changed, 206 insertions(+)
 create mode 100644 packages/console/src/assets/docs/guides/web-passport/README.mdx
 create mode 100644 packages/console/src/assets/docs/guides/web-passport/config.json
 create mode 100644 packages/console/src/assets/docs/guides/web-passport/index.ts
 create mode 100644 packages/console/src/assets/docs/guides/web-passport/logo.svg

diff --git a/packages/console/src/assets/docs/guides/index.tsx b/packages/console/src/assets/docs/guides/index.tsx
index 3f93b2c74114..cd27969b0270 100644
--- a/packages/console/src/assets/docs/guides/index.tsx
+++ b/packages/console/src/assets/docs/guides/index.tsx
@@ -32,6 +32,7 @@ import webNextAppRouter from './web-next-app-router/index';
 import webNextAuth from './web-next-auth/index';
 import webNuxt from './web-nuxt/index';
 import webOutline from './web-outline/index';
+import webPassport from './web-passport/index';
 import webPhp from './web-php/index';
 import webPython from './web-python/index';
 import webRuby from './web-ruby/index';
@@ -245,6 +246,13 @@ export const guides: Readonly<Guide[]> = Object.freeze([
     Component: lazy(async () => import('./web-outline/README.mdx')),
     metadata: webOutline,
   },
+  {
+    order: 6.1,
+    id: 'web-passport',
+    Logo: lazy(async () => import('./web-passport/logo.svg?react')),
+    Component: lazy(async () => import('./web-passport/README.mdx')),
+    metadata: webPassport,
+  },
   {
     order: 999,
     id: 'web-gpt-plugin',
diff --git a/packages/console/src/assets/docs/guides/web-passport/README.mdx b/packages/console/src/assets/docs/guides/web-passport/README.mdx
new file mode 100644
index 000000000000..70d294ae5dfe
--- /dev/null
+++ b/packages/console/src/assets/docs/guides/web-passport/README.mdx
@@ -0,0 +1,163 @@
+import InlineNotification from '@/ds-components/InlineNotification';
+import UriInputField from '@/mdx-components/UriInputField';
+import Steps from '@/mdx-components/Steps';
+import Step from '@/mdx-components/Step';
+import NpmLikeInstallation from '@/mdx-components/NpmLikeInstallation';
+
+<Steps>
+
+<Step title="Prerequisites">
+
+In this guide, we assume you have set up Express with session in you project. If you haven't, check out the [Express.js website](https://expressjs.com/) to get started.
+
+</Step>
+
+<Step
+  title="Installation"
+  subtitle="Install Passport.js for your project"
+>
+
+Install `passport` and the OIDC strategy plugin, `passport-openidconnect`:
+
+<NpmLikeInstallation packageName="passport passport-openidconnect" />
+
+</Step>
+
+<Step title="Configure redirect URI">
+
+<InlineNotification>
+  In the following steps, we assume your app is running on <code>http://localhost:3000</code>.
+</InlineNotification>
+
+First, let’s enter your redirect URI.
+
+<UriInputField name="redirectUris" defaultValue="http://localhost:3000/api/auth/callback/logto" />
+
+Don't forget to click the **Save** button.
+
+</Step>
+
+<Step title="Initialize Passport.js with OIDC strategy">
+
+<Code title="src/passport.ts" className="language-ts">
+    {`import passport from 'passport';
+import OpenIDConnectStrategy, { type Profile, type VerifyCallback } from 'passport-openidconnect';
+
+const endpoint = '${props.endpoint}';
+const appId = '${props.app.id}';
+const appSecret = '${props.app.secret}';
+
+export default function initPassport() {
+  passport.use(
+    new OpenIDConnectStrategy(
+      {
+        issuer: \`\${endpoint}/oidc\`,
+        authorizationURL: \`\${endpoint}/oidc/auth\`,
+        tokenURL: \`\${endpoint}/oidc/token\`,
+        userInfoURL: \`\${endpoint}/oidc/me\`,
+        clientID: appId,
+        clientSecret: appSecret,
+        callbackURL: '/callback',
+        scope: ['profile', 'offline_access'],
+      },
+      (issuer: string, profile: Profile, callback: VerifyCallback) => {
+        callback(null, profile);
+      }
+    )
+  );
+
+  passport.serializeUser((user, callback) => {
+    callback(null, user);
+  });
+
+  passport.deserializeUser(function (user, callback) {
+    callback(null, user as Express.User);
+  });
+}`}
+</Code>
+
+This code initializes Passport with the **`OpenIDConnectStrategy`**. The serialize and deserialize methods are set for demonstration purposes.
+
+Ensure to initialize and attach Passport middleware in your application:
+
+```tsx
+import initPassport from 'src/passport';
+
+// ... other code
+initPassport();
+// ... other code
+app.use(passport.authenticate('session'));
+// ... other code
+```
+
+</Step>
+
+<Step title="Implement sign-in and sign-out">
+
+We'll now create specific routes for authentication processes:
+
+### Sign in: `/sign-in`
+
+```tsx
+app.get('/sign-in', passport.authenticate('openidconnect'));
+```
+
+This route builds and redirects to an OIDC auth route.
+
+### Handle sign in callback: `/callback`
+
+```tsx
+app.get(
+  '/callback',
+  passport.authenticate('openidconnect', {
+    successReturnToOrRedirect: '/',
+  })
+);
+```
+
+This handles the OIDC sign-in callback, stores tokens, and redirects to the homepage.
+
+### Sign out: `/sign-out`
+
+```tsx
+app.get('/sign-out', (request, response, next) => {
+  request.logout((error) => {
+    if (error) {
+      next(error);
+      return;
+    }
+    response.redirect(`${endpoint}/oidc/session/end?client_id=${appId}`);
+  });
+});
+```
+
+This redirects to Logto's session end URL, then back to the homepage.
+
+### Add to the homepage
+
+```tsx
+app.get('/', (request: Request, response) => {
+  const { user } = request;
+  response.setHeader('content-type', 'text/html');
+
+  if (user) {
+    response.end(
+      `<h1>Hello Logto</h1><p>Signed in as ${JSON.stringify(
+        user
+      )}, <a href="/sign-out">Sign Out</a></p>`
+    );
+  } else {
+    response.end(`<h1>Hello Logto</h1><p><a href="/sign-in">Sign In</a></p>`);
+  }
+});
+```
+
+</Step>
+
+<Step title="Checkpoint: Test Logto and Passport integration">
+
+Now, you can test your application to see if the authentication works as expected.
+
+</Step>
+
+</Steps>
diff --git a/packages/console/src/assets/docs/guides/web-passport/config.json b/packages/console/src/assets/docs/guides/web-passport/config.json
new file mode 100644
index 000000000000..c81c3a59b30f
--- /dev/null
+++ b/packages/console/src/assets/docs/guides/web-passport/config.json
@@ -0,0 +1,3 @@
+{
+  "order": 6.1
+}
diff --git a/packages/console/src/assets/docs/guides/web-passport/index.ts b/packages/console/src/assets/docs/guides/web-passport/index.ts
new file mode 100644
index 000000000000..bc3dfd037bc9
--- /dev/null
+++ b/packages/console/src/assets/docs/guides/web-passport/index.ts
@@ -0,0 +1,11 @@
+import { ApplicationType } from '@logto/schemas';
+
+import { type GuideMetadata } from '../types';
+
+const metadata: Readonly<GuideMetadata> = Object.freeze({
+  name: 'Passport',
+  description: 'Passport is authentication middleware for Node.js.',
+  target: ApplicationType.Traditional,
+});
+
+export default metadata;
diff --git a/packages/console/src/assets/docs/guides/web-passport/logo.svg b/packages/console/src/assets/docs/guides/web-passport/logo.svg
new file mode 100644
index 000000000000..f967957a2fce
--- /dev/null
+++ b/packages/console/src/assets/docs/guides/web-passport/logo.svg
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg width="400px" height="500px" viewBox="0 0 400 500" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">
+    <!-- Generator: Sketch 3.3.1 (12002) - http://www.bohemiancoding.com/sketch -->
+    <title>Group</title>
+    <desc>Created with Sketch.</desc>
+    <defs></defs>
+    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">
+        <g id="passport_logo_final" sketch:type="MSLayerGroup" transform="translate(-400.000000, -350.000000)">
+            <g id="Group" sketch:type="MSShapeGroup">
+                <g id="Shape">
+                    <g transform="translate(400.000000, 350.000000)">
+                        <path d="M200,0 C89.5,0 0,89.5 0,200 L100,200 C100,144.8 144.8,100 200,100 L200,0 L200,0 Z" fill="#D6FF00"></path>
+                        <path d="M400,200 C400,89.5 310.5,0 200,0 L200,100 C255.2,100 300,144.8 300,200 L400,200 L400,200 Z" fill="#34E27A"></path>
+                        <path d="M200,400 C310.5,400 400,310.5 400,200 L300,200 C300,255.2 255.2,300 200,300 L200,400 L200,400 Z" fill="#00B9F1"></path>
+                        <path d="M100,400 L100,200 L0,200 L0,500 L200,500 L200,400 L100,400 Z" fill="#FFFFFF"></path>
+                    </g>
+                </g>
+            </g>
+        </g>
+    </g>
+</svg>

From ebe24214a7558e0d41aa5aa5e604e7777e573bf6 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 29 Jul 2024 09:21:31 +0800
Subject: [PATCH 129/135] chore: update plausible urls (#6349)

---
 packages/console/src/components/Conversion/index.tsx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/console/src/components/Conversion/index.tsx b/packages/console/src/components/Conversion/index.tsx
index 3414963d028a..19266a1d1f71 100644
--- a/packages/console/src/components/Conversion/index.tsx
+++ b/packages/console/src/components/Conversion/index.tsx
@@ -64,7 +64,8 @@ function PlausibleScripts() {
         async
         defer
         data-domain={plausibleDataDomain}
-        src="https://plausible.io/js/plausible.manual.js"
+        data-api="https://akasha.logto.io/placebo/eagan"
+        src="https://akasha.logto.io/placebo/sabaean.manual.js"
       />
       <script>{`window.plausible = window.plausible || function() { (window.plausible.q = window.plausible.q || []).push(arguments) }`}</script>
     </Helmet>

From 1b67934b1d0eaa11a30fa01d2e51fffd87266a13 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 29 Jul 2024 10:03:50 +0800
Subject: [PATCH 130/135] refactor(console, experience): solve sass
 deprecations (#6356)

---
 .../CreateConnectorForm/Skeleton/index.module.scss        | 6 +++---
 .../src/components/DetailsPage/Skeleton/index.module.scss | 8 ++++----
 .../src/components/FormCard/Skeleton/index.module.scss    | 4 ++--
 .../src/components/Guide/StepsSkeleton/index.module.scss  | 6 +++---
 .../Topbar/UserInfo/UserInfoSkeleton/index.module.scss    | 4 ++--
 .../containers/ConsoleContent/Sidebar/index.module.scss   | 2 +-
 .../src/ds-components/FormField/Skeleton.module.scss      | 2 +-
 .../src/ds-components/Table/Skeleton/index.module.scss    | 8 ++++----
 .../pages/SignInExperience/Skeleton/index.module.scss     | 4 ++--
 .../ProtectedAppSettings/index.module.scss                | 2 +-
 .../PageLoadingSkeleton/index.module.scss                 | 5 ++---
 .../pages/Dashboard/components/Skeleton/index.module.scss | 6 +++---
 .../GetStarted/ProtectedAppCreationForm/index.module.scss | 2 +-
 .../pages/Profile/components/Skeleton/index.module.scss   | 6 +++---
 .../src/pages/SignInExperience/Skeleton/index.module.scss | 4 ++--
 .../SigningKeys/SigningKeyFormCard/index.module.scss      | 2 +-
 .../OrganizationItem/index.module.scss                    | 2 +-
 17 files changed, 36 insertions(+), 37 deletions(-)

diff --git a/packages/console/src/components/CreateConnectorForm/Skeleton/index.module.scss b/packages/console/src/components/CreateConnectorForm/Skeleton/index.module.scss
index dbe6a3872a4d..e53ce9df54d2 100644
--- a/packages/console/src/components/CreateConnectorForm/Skeleton/index.module.scss
+++ b/packages/console/src/components/CreateConnectorForm/Skeleton/index.module.scss
@@ -7,23 +7,23 @@
 }
 
 .logo {
-  @include _.shimmering-animation;
   width: 40px;
   height: 40px;
   border-radius: 8px;
+  @include _.shimmering-animation;
 }
 
 .name {
-  @include _.shimmering-animation;
   width: 50px;
   height: 16px;
   margin-bottom: _.unit(1);
+  @include _.shimmering-animation;
 }
 
 .description {
-  @include _.shimmering-animation;
   height: 14px;
   margin-bottom: _.unit(0.5);
+  @include _.shimmering-animation;
 
   &.shortDescription {
     width: 50%;
diff --git a/packages/console/src/components/DetailsPage/Skeleton/index.module.scss b/packages/console/src/components/DetailsPage/Skeleton/index.module.scss
index f01e5691a712..d7a86f5d7c43 100644
--- a/packages/console/src/components/DetailsPage/Skeleton/index.module.scss
+++ b/packages/console/src/components/DetailsPage/Skeleton/index.module.scss
@@ -18,11 +18,11 @@
     background-color: var(--color-layer-1);
 
     .icon {
-      @include _.shimmering-animation;
       width: 60px;
       height: 60px;
       border-radius: 12px;
       margin-right: _.unit(6);
+      @include _.shimmering-animation;
     }
 
     .wrapper {
@@ -30,23 +30,23 @@
       flex-direction: column;
 
       .title {
-        @include _.shimmering-animation;
         width: 113px;
         height: 28px;
+        @include _.shimmering-animation;
       }
 
       .tags {
-        @include _.shimmering-animation;
         width: 453px;
         height: 20px;
         margin-top: _.unit(3);
+        @include _.shimmering-animation;
       }
     }
 
     .button {
-      @include _.shimmering-animation;
       width: 158px;
       height: 44px;
+      @include _.shimmering-animation;
     }
   }
 
diff --git a/packages/console/src/components/FormCard/Skeleton/index.module.scss b/packages/console/src/components/FormCard/Skeleton/index.module.scss
index d85372508ffa..6a11b36f3c95 100644
--- a/packages/console/src/components/FormCard/Skeleton/index.module.scss
+++ b/packages/console/src/components/FormCard/Skeleton/index.module.scss
@@ -1,15 +1,15 @@
 @use '@/scss/underscore' as _;
 
 .title {
-  @include _.shimmering-animation;
   height: 16px;
   width: 80px;
+  @include _.shimmering-animation;
 }
 
 .text {
-  @include _.shimmering-animation;
   width: 100%;
   height: 10px;
+  @include _.shimmering-animation;
 }
 
 .text + .text {
diff --git a/packages/console/src/components/Guide/StepsSkeleton/index.module.scss b/packages/console/src/components/Guide/StepsSkeleton/index.module.scss
index e221c5164092..e9c657a4ac3e 100644
--- a/packages/console/src/components/Guide/StepsSkeleton/index.module.scss
+++ b/packages/console/src/components/Guide/StepsSkeleton/index.module.scss
@@ -11,11 +11,11 @@
   margin: 0 auto;
 
   .index {
-    @include _.shimmering-animation;
     width: 28px;
     height: 28px;
     border-radius: 50%;
     margin-right: _.unit(4);
+    @include _.shimmering-animation;
   }
 
   .wrapper {
@@ -24,16 +24,16 @@
     flex-direction: column;
 
     .title {
-      @include _.shimmering-animation;
       width: 140px;
       height: 24px;
+      @include _.shimmering-animation;
     }
 
     .subtitle {
-      @include _.shimmering-animation;
       width: 400px;
       height: 20px;
       margin-top: _.unit(1);
+      @include _.shimmering-animation;
     }
   }
 }
diff --git a/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.module.scss b/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.module.scss
index d7a194491a1d..105793633ecc 100644
--- a/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.module.scss
+++ b/packages/console/src/components/Topbar/UserInfo/UserInfoSkeleton/index.module.scss
@@ -8,17 +8,17 @@
   border-radius: 8px;
 
   .image {
-    @include _.shimmering-animation;
     width: 36px;
     height: 36px;
     margin-right: _.unit(2);
     border-radius: 6px;
+    @include _.shimmering-animation;
   }
 
   .name {
-    @include _.shimmering-animation;
     width: 85px;
     height: 20px;
     color: var(--color-text);
+    @include _.shimmering-animation;
   }
 }
diff --git a/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss b/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
index 117802ee4db6..e3d479f248cb 100644
--- a/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
+++ b/packages/console/src/containers/ConsoleContent/Sidebar/index.module.scss
@@ -8,7 +8,7 @@
 }
 
 .skeleton {
-  @include _.shimmering-animation;
   width: 248px;
   height: 100%;
+  @include _.shimmering-animation;
 }
diff --git a/packages/console/src/ds-components/FormField/Skeleton.module.scss b/packages/console/src/ds-components/FormField/Skeleton.module.scss
index a42e51013b3e..0b6050fd442c 100644
--- a/packages/console/src/ds-components/FormField/Skeleton.module.scss
+++ b/packages/console/src/ds-components/FormField/Skeleton.module.scss
@@ -1,9 +1,9 @@
 @use '@/scss/underscore' as _;
 
 .field {
-  @include _.shimmering-animation;
   width: 100%;
   height: 44px;
+  @include _.shimmering-animation;
 }
 
 .field + .field {
diff --git a/packages/console/src/ds-components/Table/Skeleton/index.module.scss b/packages/console/src/ds-components/Table/Skeleton/index.module.scss
index 9ce639640c4e..78d5984aab31 100644
--- a/packages/console/src/ds-components/Table/Skeleton/index.module.scss
+++ b/packages/console/src/ds-components/Table/Skeleton/index.module.scss
@@ -1,9 +1,9 @@
 @use '@/scss/underscore' as _;
 
 .rect {
-  @include _.shimmering-animation;
   height: 26px;
   max-width: 344px;
+  @include _.shimmering-animation;
 }
 
 .row {
@@ -12,26 +12,26 @@
     align-items: center;
 
     .avatar {
-      @include _.shimmering-animation;
       width: 40px;
       height: 40px;
       margin-right: _.unit(4);
       border-radius: 12px;
       flex-shrink: 0;
+      @include _.shimmering-animation;
     }
 
     .content {
       width: 100%;
 
       .title {
-        @include _.shimmering-animation;
         height: 12px;
+        @include _.shimmering-animation;
       }
 
       .subTitle {
-        @include _.shimmering-animation;
         height: 8px;
         margin-top: _.unit(2);
+        @include _.shimmering-animation;
       }
     }
   }
diff --git a/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.module.scss b/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.module.scss
index 46d96fdff6a1..ae2d44bd65bc 100644
--- a/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.module.scss
+++ b/packages/console/src/onboarding/pages/SignInExperience/Skeleton/index.module.scss
@@ -8,15 +8,15 @@
   }
 
   .title {
-    @include _.shimmering-animation;
     width: 80px;
     height: 16px;
+    @include _.shimmering-animation;
   }
 
   .field {
-    @include _.shimmering-animation;
     width: 100%;
     height: 44px;
+    @include _.shimmering-animation;
   }
 
   &:not(:first-child) {
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.module.scss b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.module.scss
index c2e97942842f..935f6ee3b0b1 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.module.scss
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/ProtectedAppSettings/index.module.scss
@@ -115,8 +115,8 @@
   border: 1px solid var(--color-divider);
 
   .bone {
-    @include _.shimmering-animation;
     border-radius: 8px;
+    @include _.shimmering-animation;
   }
 
   .title {
diff --git a/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.module.scss b/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.module.scss
index f9be766866f0..02c74e4281ec 100644
--- a/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.module.scss
+++ b/packages/console/src/pages/CustomizeJwtDetails/PageLoadingSkeleton/index.module.scss
@@ -21,9 +21,9 @@
 }
 
 .blockShimmer {
-  @include _.shimmering-animation;
   border-radius: 8px;
   flex: 1;
+  @include _.shimmering-animation;
 }
 
 .card:not(:last-child) {
@@ -32,10 +32,10 @@
 
 
 .textShimmer {
-  @include _.shimmering-animation;
   width: 100%;
   height: _.unit(6);
   border-radius: 8px;
+  @include _.shimmering-animation;
 
   &:not(:last-child) {
     margin-bottom: _.unit(4);
@@ -49,4 +49,3 @@
     height: _.unit(8);
   }
 }
-
diff --git a/packages/console/src/pages/Dashboard/components/Skeleton/index.module.scss b/packages/console/src/pages/Dashboard/components/Skeleton/index.module.scss
index f60aaa1815e1..1242c7d92514 100644
--- a/packages/console/src/pages/Dashboard/components/Skeleton/index.module.scss
+++ b/packages/console/src/pages/Dashboard/components/Skeleton/index.module.scss
@@ -1,14 +1,14 @@
 @use '@/scss/underscore' as _;
 
 .title {
-  @include _.shimmering-animation;
   height: 24px;
   margin-bottom: _.unit(6);
+  @include _.shimmering-animation;
 }
 
 .number {
-  @include _.shimmering-animation;
   height: 32px;
+  @include _.shimmering-animation;
 }
 
 .blocks {
@@ -30,9 +30,9 @@
 }
 
 .curve {
-  @include _.shimmering-animation;
   margin: _.unit(10) 0 _.unit(6);
   height: 168px;
+  @include _.shimmering-animation;
 }
 
 .activeBlocks {
diff --git a/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.module.scss b/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.module.scss
index ddfdcf20d0dd..d01ec6ee4e9b 100644
--- a/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.module.scss
+++ b/packages/console/src/pages/GetStarted/ProtectedAppCreationForm/index.module.scss
@@ -71,8 +71,8 @@
   border: 1px solid var(--color-divider);
 
   .bone {
-    @include _.shimmering-animation;
     border-radius: 8px;
+    @include _.shimmering-animation;
   }
 
   .columnWrapper {
diff --git a/packages/console/src/pages/Profile/components/Skeleton/index.module.scss b/packages/console/src/pages/Profile/components/Skeleton/index.module.scss
index bb6e4fb581c8..dd02832fe5cc 100644
--- a/packages/console/src/pages/Profile/components/Skeleton/index.module.scss
+++ b/packages/console/src/pages/Profile/components/Skeleton/index.module.scss
@@ -30,25 +30,25 @@
 }
 
 .title {
-  @include _.shimmering-animation;
   width: 200px;
   height: 20px;
+  @include _.shimmering-animation;
 }
 
 .card {
   flex-grow: 1;
 
   .label {
-    @include _.shimmering-animation;
     width: 250px;
     height: 16px;
     margin-bottom: _.unit(2);
+    @include _.shimmering-animation;
   }
 
   .item {
-    @include _.shimmering-animation;
     width: 350px;
     height: 20px;
+    @include _.shimmering-animation;
   }
 
   .table {
diff --git a/packages/console/src/pages/SignInExperience/Skeleton/index.module.scss b/packages/console/src/pages/SignInExperience/Skeleton/index.module.scss
index c6c40319a9bb..0634358e7d58 100644
--- a/packages/console/src/pages/SignInExperience/Skeleton/index.module.scss
+++ b/packages/console/src/pages/SignInExperience/Skeleton/index.module.scss
@@ -18,15 +18,15 @@
       }
 
       .title {
-        @include _.shimmering-animation;
         width: 80px;
         height: 16px;
+        @include _.shimmering-animation;
       }
 
       .field {
-        @include _.shimmering-animation;
         width: 100%;
         height: 44px;
+        @include _.shimmering-animation;
       }
 
       &:not(:first-child) {
diff --git a/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.module.scss b/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.module.scss
index 4cd70f350c41..b897592c6c98 100644
--- a/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.module.scss
+++ b/packages/console/src/pages/SigningKeys/SigningKeyFormCard/index.module.scss
@@ -32,7 +32,7 @@
 }
 
 .bone {
-  @include _.shimmering-animation;
   height: 26px;
   max-width: 344px;
+  @include _.shimmering-animation;
 }
diff --git a/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.module.scss b/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.module.scss
index 99c3b640b4fb..cb102c65739f 100644
--- a/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.module.scss
+++ b/packages/experience/src/pages/Consent/OrganizationSelector/OrganizationItem/index.module.scss
@@ -4,6 +4,7 @@
   border-radius: _.unit(2);
   padding: _.unit(2.5) _.unit(2);
   cursor: pointer;
+  @include _.flex-row;
 
   .icon {
     width: 20px;
@@ -28,5 +29,4 @@
       color: var(--color-brand-default);
     }
   }
-  @include _.flex-row;
 }

From 918b6f2bbbac6c74c5c1f16075bacd784c62eaa3 Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Mon, 29 Jul 2024 10:49:03 +0800
Subject: [PATCH 131/135] fix(console): fix the plan title for subscription
 plan selector (#6348)

---
 packages/console/src/components/PlanName/index.tsx | 14 ++++++++++++--
 .../components/CreatePermissionModal/index.tsx     |  7 +++++++
 .../console/src/pages/ApiResourceDetails/index.tsx |  9 ++++++++-
 packages/console/src/types/subscriptions.ts        |  7 +++++++
 4 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/packages/console/src/components/PlanName/index.tsx b/packages/console/src/components/PlanName/index.tsx
index abd91e3a02d2..45cdc98d5ff5 100644
--- a/packages/console/src/components/PlanName/index.tsx
+++ b/packages/console/src/components/PlanName/index.tsx
@@ -2,7 +2,7 @@ import { conditional } from '@silverhand/essentials';
 import { type TFuncKey } from 'i18next';
 import { useTranslation } from 'react-i18next';
 
-import { ReservedPlanName } from '@/types/subscriptions';
+import { ReservedPlanName, ReservedSkuId } from '@/types/subscriptions';
 
 const registeredPlanNamePhraseMap: Record<
   string,
@@ -15,6 +15,16 @@ const registeredPlanNamePhraseMap: Record<
   [ReservedPlanName.Enterprise]: 'enterprise',
 };
 
+const registeredSkuIdNamePhraseMap: Record<
+  string,
+  TFuncKey<'translation', 'admin_console.subscription'> | undefined
+> = {
+  quotaKey: undefined,
+  [ReservedSkuId.Free]: 'free_plan',
+  [ReservedSkuId.Pro]: 'pro_plan',
+  [ReservedSkuId.Enterprise]: 'enterprise',
+};
+
 type Props = {
   /** Temporarily use optional for backward compatibility. */
   readonly skuId?: string;
@@ -26,7 +36,7 @@ type Props = {
 function PlanName({ skuId, name }: Props) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console.subscription' });
   const planNamePhrase =
-    conditional(skuId && registeredPlanNamePhraseMap[skuId]) ?? registeredPlanNamePhraseMap[name];
+    conditional(skuId && registeredSkuIdNamePhraseMap[skuId]) ?? registeredPlanNamePhraseMap[name];
 
   /**
    * Note: fallback to the plan name if the phrase is not registered.
diff --git a/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx b/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
index ee90978e266d..db712367d893 100644
--- a/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/ApiResourcePermissions/components/CreatePermissionModal/index.tsx
@@ -10,11 +10,13 @@ import PlanName from '@/components/PlanName';
 import QuotaGuardFooter from '@/components/QuotaGuardFooter';
 import { isDevFeaturesEnabled } from '@/consts/env';
 import { SubscriptionDataContext } from '@/contexts/SubscriptionDataProvider';
+import { TenantsContext } from '@/contexts/TenantsProvider';
 import Button from '@/ds-components/Button';
 import FormField from '@/ds-components/FormField';
 import ModalLayout from '@/ds-components/ModalLayout';
 import TextInput from '@/ds-components/TextInput';
 import useApi from '@/hooks/use-api';
+import useNewSubscriptionScopeUsage from '@/hooks/use-new-subscription-scopes-usage';
 import modalStyles from '@/scss/modal.module.scss';
 import { trySubmitSafe } from '@/utils/form';
 import { hasReachedQuotaLimit, hasReachedSubscriptionQuotaLimit } from '@/utils/quota';
@@ -35,6 +37,10 @@ function CreatePermissionModal({ resourceId, totalResourceCount, onClose }: Prop
     currentSubscriptionQuota,
     currentSubscriptionScopeResourceUsage,
   } = useContext(SubscriptionDataContext);
+  const { currentTenantId } = useContext(TenantsContext);
+  const {
+    scopeResourceUsage: { mutate: mutateScopeResourceUsage },
+  } = useNewSubscriptionScopeUsage(currentTenantId);
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
   const {
@@ -55,6 +61,7 @@ function CreatePermissionModal({ resourceId, totalResourceCount, onClose }: Prop
         .post(`api/resources/${resourceId}/scopes`, { json: formData })
         .json<Scope>();
 
+      void mutateScopeResourceUsage();
       onClose(createdScope);
     })
   );
diff --git a/packages/console/src/pages/ApiResourceDetails/index.tsx b/packages/console/src/pages/ApiResourceDetails/index.tsx
index 7dc16dccae5b..08add872da0b 100644
--- a/packages/console/src/pages/ApiResourceDetails/index.tsx
+++ b/packages/console/src/pages/ApiResourceDetails/index.tsx
@@ -2,7 +2,7 @@ import type { Resource } from '@logto/schemas';
 import { isManagementApi, Theme } from '@logto/schemas';
 import { conditionalArray } from '@silverhand/essentials';
 import classNames from 'classnames';
-import { useEffect, useState } from 'react';
+import { useEffect, useState, useContext } from 'react';
 import { toast } from 'react-hot-toast';
 import { Trans, useTranslation } from 'react-i18next';
 import { Outlet, useLocation, useParams } from 'react-router-dom';
@@ -19,11 +19,13 @@ import DetailsPageHeader, { type MenuItem } from '@/components/DetailsPage/Detai
 import Drawer from '@/components/Drawer';
 import PageMeta from '@/components/PageMeta';
 import { ApiResourceDetailsTabs } from '@/consts/page-tabs';
+import { TenantsContext } from '@/contexts/TenantsProvider';
 import DeleteConfirmModal from '@/ds-components/DeleteConfirmModal';
 import TabNav, { TabNavItem } from '@/ds-components/TabNav';
 import type { RequestError } from '@/hooks/use-api';
 import useApi from '@/hooks/use-api';
 import useDocumentationUrl from '@/hooks/use-documentation-url';
+import useNewSubscriptionScopeUsage from '@/hooks/use-new-subscription-scopes-usage';
 import useTenantPathname from '@/hooks/use-tenant-pathname';
 import useTheme from '@/hooks/use-theme';
 
@@ -41,6 +43,10 @@ const icons = {
 function ApiResourceDetails() {
   const { pathname } = useLocation();
   const { id, guideId } = useParams();
+  const { currentTenantId } = useContext(TenantsContext);
+  const {
+    scopeResourceUsage: { mutate: mutateScopeResourceUsage },
+  } = useNewSubscriptionScopeUsage(currentTenantId);
   const { navigate, match } = useTenantPathname();
   const { getDocumentationUrl } = useDocumentationUrl();
   const isGuideView = !!id && !!guideId && match(`/api-resources/${id}/guide/${guideId}`);
@@ -75,6 +81,7 @@ function ApiResourceDetails() {
 
     try {
       await api.delete(`api/resources/${data.id}`);
+      void mutateScopeResourceUsage();
       toast.success(t('api_resource_details.api_resource_deleted', { name: data.name }));
       navigate(`/api-resources`);
     } finally {
diff --git a/packages/console/src/types/subscriptions.ts b/packages/console/src/types/subscriptions.ts
index 11f832a57351..098de9ead643 100644
--- a/packages/console/src/types/subscriptions.ts
+++ b/packages/console/src/types/subscriptions.ts
@@ -10,6 +10,13 @@ export enum ReservedPlanName {
   Enterprise = 'Enterprise',
 }
 
+// TODO: use `ReservedPlanId` in the future.
+export enum ReservedSkuId {
+  Free = 'free',
+  Pro = 'pro',
+  Enterprise = 'enterprise',
+}
+
 export type SubscriptionPlanQuota = Omit<
   SubscriptionPlanResponse['quota'],
   'builtInEmailConnectorEnabled'

From 02a25dfbff30b5e116618c212988911934141e86 Mon Sep 17 00:00:00 2001
From: wangsijie <wangsijie@silverhand.io>
Date: Mon, 29 Jul 2024 12:18:46 +0800
Subject: [PATCH 132/135] refactor(core): refactor openapi docs for protected
 app (#6331)

---
 ...plication-protected-app-metadata.openapi.json | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/packages/core/src/routes/applications/application-protected-app-metadata.openapi.json b/packages/core/src/routes/applications/application-protected-app-metadata.openapi.json
index 90dd1781309f..7b7d7780bbfc 100644
--- a/packages/core/src/routes/applications/application-protected-app-metadata.openapi.json
+++ b/packages/core/src/routes/applications/application-protected-app-metadata.openapi.json
@@ -2,11 +2,11 @@
   "paths": {
     "/api/applications/{id}/protected-app-metadata/custom-domains": {
       "get": {
-        "summary": "Get the list of custom domains of the protected application.",
-        "description": "Get the list of custom domains of the protected application. This feature is not available for open source version.",
+        "summary": "Get application custom domains.",
+        "description": "Get custom domains of the specified application, the application type should be protected app.",
         "responses": {
           "200": {
-            "description": "The domain list of the protected application."
+            "description": "An array of the application custom domains."
           },
           "400": {
             "description": "Faild to sync the domain info from remote provider."
@@ -14,8 +14,8 @@
         }
       },
       "post": {
-        "summary": "Add a custom domain to the protected application.",
-        "description": "Add a custom domain to the protected application. You'll need to setup DNS record later. This feature is not available for open source version.",
+        "summary": "Add a custom domain to the application.",
+        "description": "Add a custom domain to the application. You'll need to setup DNS record later.",
         "requestBody": {
           "content": {
             "application/json": {
@@ -44,11 +44,11 @@
     },
     "/api/applications/{id}/protected-app-metadata/custom-domains/{domain}": {
       "delete": {
-        "summary": "Delete a custom domain.",
-        "description": "Add a custom domain. This feature is not available for open source version.",
+        "summary": "Remove custom domain.",
+        "description": "Remove custom domain from the specified application.",
         "responses": {
           "204": {
-            "description": "The domain has been deleted."
+            "description": "The domain has been removed."
           },
           "404": {
             "description": "Can not find the domain."

From e67187126da79f34bcaf393739284d82a664faae Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 29 Jul 2024 17:47:26 +0800
Subject: [PATCH 133/135] refactor: update per review

---
 .../console/src/components/DateTime/index.tsx | 34 +++++++++++++------
 .../console/src/components/Guide/index.tsx    |  3 ++
 .../CopyToClipboard/index.module.scss         |  7 +---
 .../ds-components/CopyToClipboard/index.tsx   |  5 +--
 .../ApplicationCredentials/index.tsx          |  8 ++---
 .../EndpointsAndCredentials/index.module.scss |  2 +-
 .../use-secret-table-columns.tsx              |  3 +-
 .../OrganizationDetails/Members/index.tsx     |  4 +--
 .../src/pages/RoleDetails/RoleUsers/index.tsx |  4 +--
 packages/console/src/pages/Users/index.tsx    |  4 +--
 .../admin-console/application-details.ts      |  2 +-
 11 files changed, 42 insertions(+), 34 deletions(-)

diff --git a/packages/console/src/components/DateTime/index.tsx b/packages/console/src/components/DateTime/index.tsx
index 766d94d28d7b..c40b39bfd4ab 100644
--- a/packages/console/src/components/DateTime/index.tsx
+++ b/packages/console/src/components/DateTime/index.tsx
@@ -1,18 +1,30 @@
-import type { Nullable } from '@silverhand/essentials';
+import { type Nullable } from '@silverhand/essentials';
 import { isValid } from 'date-fns';
 
-type Props = {
-  readonly children: Nullable<string | number>;
-};
+const parseDate = (date: Nullable<string | number | Date>) => {
+  if (!date) {
+    return;
+  }
 
-function DateTime({ children }: Props) {
-  const date = children && new Date(children);
+  const parsed = new Date(date);
+  return isValid(parsed) ? parsed : undefined;
+};
 
-  if (!date || !isValid(date)) {
-    return <span>-</span>;
-  }
+type Props = {
+  readonly children: Nullable<string | number | Date>;
+};
 
-  return <span>{date.toLocaleDateString()}</span>;
+/**
+ * Safely display a date in the user's locale. If the date is invalid, it will display a dash.
+ */
+export function LocaleDate({ children }: Props) {
+  return <span>{parseDate(children)?.toLocaleDateString() ?? '-'}</span>;
 }
 
-export default DateTime;
+/**
+ * Safely display a date and time in the user's locale. If the date is invalid, it will display a
+ * dash.
+ */
+export function LocaleDateTime({ children }: Props) {
+  return <span>{parseDate(children)?.toLocaleString() ?? '-'}</span>;
+}
diff --git a/packages/console/src/components/Guide/index.tsx b/packages/console/src/components/Guide/index.tsx
index f697cdf70839..d68f7613928c 100644
--- a/packages/console/src/components/Guide/index.tsx
+++ b/packages/console/src/components/Guide/index.tsx
@@ -7,6 +7,7 @@ import { type GuideMetadata } from '@/assets/docs/guides/types';
 import Button from '@/ds-components/Button';
 import OverlayScrollbar from '@/ds-components/OverlayScrollbar';
 import MdxProvider from '@/mdx-components/MdxProvider';
+import { type ApplicationSecretRow } from '@/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials';
 import NotFound from '@/pages/NotFound';
 
 import StepsSkeleton from './StepsSkeleton';
@@ -19,6 +20,7 @@ export type GuideContextType = {
     | ((props: { readonly className?: string }) => JSX.Element);
   isCompact: boolean;
   app?: ApplicationResponse;
+  secrets?: ApplicationSecretRow[];
   endpoint?: string;
   redirectUris?: string[];
   postLogoutRedirectUris?: string[];
@@ -40,6 +42,7 @@ export const GuideContext = createContext<GuideContextType>({
   metadata: {} as GuideMetadata,
   // eslint-disable-next-line @typescript-eslint/consistent-type-assertions, no-restricted-syntax
   app: {} as ApplicationResponse,
+  secrets: [],
   endpoint: '',
   redirectUris: [],
   postLogoutRedirectUris: [],
diff --git a/packages/console/src/ds-components/CopyToClipboard/index.module.scss b/packages/console/src/ds-components/CopyToClipboard/index.module.scss
index 3989a2726d75..a2a60f55e56f 100644
--- a/packages/console/src/ds-components/CopyToClipboard/index.module.scss
+++ b/packages/console/src/ds-components/CopyToClipboard/index.module.scss
@@ -72,11 +72,6 @@
   }
 
   .dot {
-    flex-shrink: 0;
-    display: inline-block;
-    width: 6px;
-    height: 6px;
-    border-radius: 50%;
-    background: var(--color-text-secondary);
+    -webkit-text-stroke: 1px var(--color-text);
   }
 }
diff --git a/packages/console/src/ds-components/CopyToClipboard/index.tsx b/packages/console/src/ds-components/CopyToClipboard/index.tsx
index 2fe3e52f2f60..6b1fbde92faa 100644
--- a/packages/console/src/ds-components/CopyToClipboard/index.tsx
+++ b/packages/console/src/ds-components/CopyToClipboard/index.tsx
@@ -60,10 +60,7 @@ function CopyToClipboard(
       return value;
     }
 
-    return Array.from({ length: Math.max(Math.floor((value.length / 5) * 3), 1) }).map(
-      // eslint-disable-next-line react/no-array-index-key -- No need to persist the key
-      (_, index) => <span key={index} className={styles.dot} />
-    );
+    return <span className={styles.dot}>{'•'.repeat(value.length)}</span>;
   }, [hasVisibilityToggle, showHiddenContent, value]);
 
   useEffect(() => {
diff --git a/packages/console/src/mdx-components/ApplicationCredentials/index.tsx b/packages/console/src/mdx-components/ApplicationCredentials/index.tsx
index 332fc172d6b7..8283c84fe8a8 100644
--- a/packages/console/src/mdx-components/ApplicationCredentials/index.tsx
+++ b/packages/console/src/mdx-components/ApplicationCredentials/index.tsx
@@ -9,8 +9,8 @@ import TextLink from '@/ds-components/TextLink';
 import styles from './index.module.scss';
 
 function ApplicationCredentials() {
-  const { app } = useContext(GuideContext);
-  const { id, secret } = app ?? {};
+  const { app, secrets } = useContext(GuideContext);
+  const { id } = app ?? {};
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
 
   return (
@@ -37,12 +37,12 @@ function ApplicationCredentials() {
           <CopyToClipboard displayType="block" value={id} variant="border" />
         </FormField>
       )}
-      {secret && (
+      {secrets?.[0] && (
         <FormField title="application_details.application_secret">
           <CopyToClipboard
             hasVisibilityToggle
             displayType="block"
-            value={secret}
+            value={secrets[0].value}
             variant="border"
           />
         </FormField>
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss
index c017eeb912c6..3433636aae08 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.module.scss
@@ -31,7 +31,7 @@ button.add {
 }
 
 .expired {
-  color: var(--color-text-secondary);
+  color: var(--color-placeholder);
 }
 
 .copyToClipboard {
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
index 46db4f69e433..72082f38c375 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
@@ -4,6 +4,7 @@ import { useMemo } from 'react';
 import { useTranslation } from 'react-i18next';
 
 import ActionsButton from '@/components/ActionsButton';
+import { LocaleDateTime } from '@/components/DateTime';
 import CopyToClipboard from '@/ds-components/CopyToClipboard';
 import { type Column } from '@/ds-components/Table/types';
 import { Tooltip } from '@/ds-components/Tip';
@@ -68,7 +69,7 @@ export const useSecretTableColumns = ({ appId, onUpdated }: UseSecretTableColumn
               compareDesc(expiresAt, new Date()) === 1 ? (
                 <Expired expiresAt={new Date(expiresAt)} />
               ) : (
-                new Date(expiresAt).toLocaleString()
+                <LocaleDateTime>{expiresAt}</LocaleDateTime>
               )
             ) : (
               t('application_details.secrets.never')
diff --git a/packages/console/src/pages/OrganizationDetails/Members/index.tsx b/packages/console/src/pages/OrganizationDetails/Members/index.tsx
index 36e2fea566bb..53fcf5043d4b 100644
--- a/packages/console/src/pages/OrganizationDetails/Members/index.tsx
+++ b/packages/console/src/pages/OrganizationDetails/Members/index.tsx
@@ -6,7 +6,7 @@ import useSWR from 'swr';
 
 import Plus from '@/assets/icons/plus.svg?react';
 import ActionsButton from '@/components/ActionsButton';
-import DateTime from '@/components/DateTime';
+import { LocaleDate } from '@/components/DateTime';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import UserPreview from '@/components/ItemPreview/UserPreview';
 import { RoleOption } from '@/components/OrganizationRolesSelect';
@@ -96,7 +96,7 @@ function Members() {
             dataIndex: 'lastSignInAt',
             title: t('users.latest_sign_in'),
             colSpan: 5,
-            render: ({ lastSignInAt }) => <DateTime>{lastSignInAt}</DateTime>,
+            render: ({ lastSignInAt }) => <LocaleDate>{lastSignInAt}</LocaleDate>,
           },
           {
             dataIndex: 'actions',
diff --git a/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx b/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx
index 0aa9e4718128..a616e1634e4d 100644
--- a/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx
+++ b/packages/console/src/pages/RoleDetails/RoleUsers/index.tsx
@@ -9,7 +9,7 @@ import useSWR from 'swr';
 import Delete from '@/assets/icons/delete.svg?react';
 import Plus from '@/assets/icons/plus.svg?react';
 import ApplicationName from '@/components/ApplicationName';
-import DateTime from '@/components/DateTime';
+import { LocaleDate } from '@/components/DateTime';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import UserPreview from '@/components/ItemPreview/UserPreview';
 import { defaultPageSize } from '@/consts';
@@ -103,7 +103,7 @@ function RoleUsers() {
             title: t('role_details.users.latest_sign_in_column'),
             dataIndex: 'latestSignIn',
             colSpan: 5,
-            render: ({ lastSignInAt }) => <DateTime>{lastSignInAt}</DateTime>,
+            render: ({ lastSignInAt }) => <LocaleDate>{lastSignInAt}</LocaleDate>,
           },
           {
             title: null,
diff --git a/packages/console/src/pages/Users/index.tsx b/packages/console/src/pages/Users/index.tsx
index f12f12ae2d9c..1dd66e8913d5 100644
--- a/packages/console/src/pages/Users/index.tsx
+++ b/packages/console/src/pages/Users/index.tsx
@@ -8,7 +8,7 @@ import Plus from '@/assets/icons/plus.svg?react';
 import UsersEmptyDark from '@/assets/images/users-empty-dark.svg?react';
 import UsersEmpty from '@/assets/images/users-empty.svg?react';
 import ApplicationName from '@/components/ApplicationName';
-import DateTime from '@/components/DateTime';
+import { LocaleDate } from '@/components/DateTime';
 import EmptyDataPlaceholder from '@/components/EmptyDataPlaceholder';
 import ItemPreview from '@/components/ItemPreview';
 import ListPage from '@/components/ListPage';
@@ -104,7 +104,7 @@ function Users() {
             title: t('users.latest_sign_in'),
             dataIndex: 'lastSignInAt',
             colSpan: 5,
-            render: ({ lastSignInAt }) => <DateTime>{lastSignInAt}</DateTime>,
+            render: ({ lastSignInAt }) => <LocaleDate>{lastSignInAt}</LocaleDate>,
           },
         ],
         filter: (
diff --git a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
index 879cc78c63f1..5508658b9ec3 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
@@ -179,7 +179,7 @@ const application_details = {
       expiration: 'Expiration',
       expiration_description: 'The secret will expire at {{date}}.',
       expiration_description_never:
-        'The secret will never expire. We recommend setting an expiration date for better security.',
+        'The secret will never expire. We recommend setting an expiration date for enhanced security.',
       days: '{{count}} day',
       days_other: '{{count}} days',
     },

From 40a8a9a9bb176ec1917f58a4594d217e1d12d519 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Mon, 29 Jul 2024 18:59:17 +0800
Subject: [PATCH 134/135] feat: allow app secret edit (#6352)

---
 .../CreateSecretModal.tsx                     |  2 +-
 .../EditSecretModal.tsx                       | 86 +++++++++++++++++++
 .../EndpointsAndCredentials/index.tsx         | 25 +++++-
 .../use-secret-table-columns.tsx              | 43 ++++++----
 .../src/middleware/koa-security-headers.ts    |  8 +-
 .../core/src/queries/application-secrets.ts   |  4 +
 .../application-secret.openapi.json           | 29 +++++++
 .../routes/applications/application-secret.ts | 23 +++++
 .../integration-tests/src/api/application.ts  | 11 +++
 .../application/application.secrets.test.ts   | 20 +++++
 .../admin-console/application-details.ts      |  5 ++
 11 files changed, 237 insertions(+), 19 deletions(-)
 create mode 100644 packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EditSecretModal.tsx

diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
index e39e4e45c8ca..b301a40af4c6 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/CreateSecretModal.tsx
@@ -74,7 +74,7 @@ function CreateSecretModal({ appId, isOpen, onClose }: Props) {
         })
         .json<ApplicationSecret>();
       toast.success(
-        t('organization_template.roles.create_modal.created', { name: createdData.name })
+        t('application_details.secrets.create_modal.created', { name: createdData.name })
       );
       onCloseHandler(createdData);
     })
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EditSecretModal.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EditSecretModal.tsx
new file mode 100644
index 000000000000..c851b827676d
--- /dev/null
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EditSecretModal.tsx
@@ -0,0 +1,86 @@
+import { type ApplicationSecret } from '@logto/schemas';
+import { useCallback } from 'react';
+import { useForm } from 'react-hook-form';
+import { toast } from 'react-hot-toast';
+import { useTranslation } from 'react-i18next';
+import ReactModal from 'react-modal';
+
+import Button from '@/ds-components/Button';
+import FormField from '@/ds-components/FormField';
+import ModalLayout from '@/ds-components/ModalLayout';
+import TextInput from '@/ds-components/TextInput';
+import useApi from '@/hooks/use-api';
+import modalStyles from '@/scss/modal.module.scss';
+import { trySubmitSafe } from '@/utils/form';
+
+import { type ApplicationSecretRow } from './EndpointsAndCredentials/use-secret-table-columns';
+
+type FormData = { name: string; expiration: string };
+
+type Props = {
+  readonly appId: string;
+  readonly secret: ApplicationSecretRow;
+  readonly isOpen: boolean;
+  readonly onClose: (updated: boolean) => void;
+};
+
+function EditSecretModal({ appId, secret, isOpen, onClose }: Props) {
+  const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
+  const {
+    register,
+    formState: { errors, isSubmitting },
+    handleSubmit,
+    reset,
+  } = useForm<FormData>({ defaultValues: { name: secret.name } });
+  const onCloseHandler = useCallback(
+    (updated?: boolean) => {
+      reset();
+      onClose(updated ?? false);
+    },
+    [onClose, reset]
+  );
+  const api = useApi();
+
+  const submit = handleSubmit(
+    trySubmitSafe(async (data) => {
+      const createdData = await api
+        .patch(`api/applications/${appId}/secrets/${encodeURIComponent(secret.name)}`, {
+          json: data,
+        })
+        .json<ApplicationSecret>();
+      toast.success(t('application_details.secrets.edit_modal.edited', { name: createdData.name }));
+      onCloseHandler(true);
+    })
+  );
+
+  return (
+    <ReactModal
+      isOpen={isOpen}
+      className={modalStyles.content}
+      overlayClassName={modalStyles.overlay}
+      onRequestClose={() => {
+        onCloseHandler();
+      }}
+    >
+      <ModalLayout
+        title="application_details.secrets.edit_modal.title"
+        footer={
+          <Button type="primary" title="general.save" isLoading={isSubmitting} onClick={submit} />
+        }
+        onClose={onCloseHandler}
+      >
+        <FormField isRequired title="general.name">
+          <TextInput
+            // eslint-disable-next-line jsx-a11y/no-autofocus
+            autoFocus
+            placeholder="My secret"
+            error={Boolean(errors.name)}
+            {...register('name', { required: true })}
+          />
+        </FormField>
+      </ModalLayout>
+    </ReactModal>
+  );
+}
+
+export default EditSecretModal;
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx
index b57b89e3f2fa..09f880b62b58 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/index.tsx
@@ -27,6 +27,7 @@ import { type RequestError } from '@/hooks/use-api';
 import useCustomDomain from '@/hooks/use-custom-domain';
 
 import CreateSecretModal from '../CreateSecretModal';
+import EditSecretModal from '../EditSecretModal';
 
 import styles from './index.module.scss';
 import { type ApplicationSecretRow, useSecretTableColumns } from './use-secret-table-columns';
@@ -51,6 +52,7 @@ function EndpointsAndCredentials({
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const { data: customDomain, applyDomain: applyCustomDomain } = useCustomDomain();
   const [showCreateSecretModal, setShowCreateSecretModal] = useState(false);
+  const [editSecret, setEditSecret] = useState<ApplicationSecretRow>();
   const secrets = useSWR<ApplicationSecretRow[], RequestError>(`api/applications/${id}/secrets`);
   const shouldShowAppSecrets = hasSecrets(type);
 
@@ -87,9 +89,13 @@ function EndpointsAndCredentials({
     },
     [onApplicationUpdated, secrets]
   );
+  const onEditSecret = useCallback((secret: ApplicationSecretRow) => {
+    setEditSecret(secret);
+  }, []);
   const tableColumns = useSecretTableColumns({
     appId: id,
     onUpdated,
+    onEdit: onEditSecret,
   });
   return (
     <FormCard
@@ -242,11 +248,26 @@ function EndpointsAndCredentials({
           <CreateSecretModal
             appId={id}
             isOpen={showCreateSecretModal}
-            onClose={() => {
+            onClose={(created) => {
+              if (created) {
+                void secrets.mutate();
+              }
               setShowCreateSecretModal(false);
-              void secrets.mutate();
             }}
           />
+          {editSecret && (
+            <EditSecretModal
+              isOpen
+              appId={id}
+              secret={editSecret}
+              onClose={(updated) => {
+                if (updated) {
+                  void secrets.mutate();
+                }
+                setEditSecret(undefined);
+              }}
+            />
+          )}
         </FormField>
       )}
     </FormCard>
diff --git a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
index 72082f38c375..d494c0b90e0b 100644
--- a/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
+++ b/packages/console/src/pages/ApplicationDetails/ApplicationDetailsContent/EndpointsAndCredentials/use-secret-table-columns.tsx
@@ -16,6 +16,8 @@ export type ApplicationSecretRow = Pick<ApplicationSecret, 'name' | 'value' | 'e
   isLegacy?: boolean;
 };
 
+const isExpired = (expiresAt: Date | number) => compareDesc(expiresAt, new Date()) === 1;
+
 function Expired({ expiresAt }: { readonly expiresAt: Date }) {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   return (
@@ -31,10 +33,11 @@ function Expired({ expiresAt }: { readonly expiresAt: Date }) {
 
 type UseSecretTableColumns = {
   appId: string;
+  onEdit: (secret: ApplicationSecretRow) => void;
   onUpdated: (isLegacy: boolean) => void;
 };
 
-export const useSecretTableColumns = ({ appId, onUpdated }: UseSecretTableColumns) => {
+export const useSecretTableColumns = ({ appId, onUpdated, onEdit }: UseSecretTableColumns) => {
   const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
   const api = useApi();
   const tableColumns: Array<Column<ApplicationSecretRow>> = useMemo(
@@ -66,7 +69,7 @@ export const useSecretTableColumns = ({ appId, onUpdated }: UseSecretTableColumn
         render: ({ expiresAt }) => (
           <span>
             {expiresAt ? (
-              compareDesc(expiresAt, new Date()) === 1 ? (
+              isExpired(expiresAt) ? (
                 <Expired expiresAt={new Date(expiresAt)} />
               ) : (
                 <LocaleDateTime>{expiresAt}</LocaleDateTime>
@@ -80,21 +83,31 @@ export const useSecretTableColumns = ({ appId, onUpdated }: UseSecretTableColumn
       {
         title: '',
         dataIndex: 'actions',
-        render: ({ name, isLegacy }) => (
-          <ActionsButton
-            fieldName="application_details.application_secret"
-            deleteConfirmation="application_details.secrets.delete_confirmation"
-            onDelete={async () => {
-              await (isLegacy
-                ? api.delete(`api/applications/${appId}/legacy-secret`)
-                : api.delete(`api/applications/${appId}/secrets/${encodeURIComponent(name)}`));
-              onUpdated(isLegacy ?? false);
-            }}
-          />
-        ),
+        render: (secret) => {
+          const { expiresAt, isLegacy, name } = secret;
+          return (
+            <ActionsButton
+              fieldName="application_details.application_secret"
+              deleteConfirmation="application_details.secrets.delete_confirmation"
+              onEdit={
+                (isLegacy ?? false) || (expiresAt && isExpired(expiresAt))
+                  ? undefined
+                  : () => {
+                      onEdit(secret);
+                    }
+              }
+              onDelete={async () => {
+                await (isLegacy
+                  ? api.delete(`api/applications/${appId}/legacy-secret`)
+                  : api.delete(`api/applications/${appId}/secrets/${encodeURIComponent(name)}`));
+                onUpdated(isLegacy ?? false);
+              }}
+            />
+          );
+        },
       },
     ],
-    [api, appId, onUpdated, t]
+    [api, appId, onEdit, onUpdated, t]
   );
 
   return tableColumns;
diff --git a/packages/core/src/middleware/koa-security-headers.ts b/packages/core/src/middleware/koa-security-headers.ts
index 5e320373950c..00cfa54e8163 100644
--- a/packages/core/src/middleware/koa-security-headers.ts
+++ b/packages/core/src/middleware/koa-security-headers.ts
@@ -38,7 +38,13 @@ export default function koaSecurityHeaders<StateT, ContextT, ResponseBodyT>(
   const coreOrigins = urlSet.origins;
   const developmentOrigins = isProduction
     ? []
-    : ['ws:', ...['6001', '6002', '6003'].map((port) => `ws://localhost:${port}`)];
+    : [
+        'ws:',
+        ...['6001', '6002', '6003'].flatMap((port) => [
+          `ws://localhost:${port}`,
+          `http://localhost:${port}`,
+        ]),
+      ];
   const logtoOrigin = 'https://*.logto.io';
   /** Google Sign-In (GSI) origin for Google One Tap. */
   const gsiOrigin = 'https://accounts.google.com/gsi/';
diff --git a/packages/core/src/queries/application-secrets.ts b/packages/core/src/queries/application-secrets.ts
index 8124ee2211f6..80faadbfb122 100644
--- a/packages/core/src/queries/application-secrets.ts
+++ b/packages/core/src/queries/application-secrets.ts
@@ -5,6 +5,8 @@ import { buildInsertIntoWithPool } from '#src/database/insert-into.js';
 import { DeletionError } from '#src/errors/SlonikError/index.js';
 import { convertToIdentifiers } from '#src/utils/sql.js';
 
+import { buildUpdateWhereWithPool } from '../database/update-where.js';
+
 type ApplicationCredentials = ApplicationSecret & {
   /** The original application secret that stored in the `applications` table. */
   originalSecret: string;
@@ -17,6 +19,8 @@ export class ApplicationSecretQueries {
     returning: true,
   });
 
+  public readonly update = buildUpdateWhereWithPool(this.pool)(ApplicationSecrets, true);
+
   constructor(public readonly pool: CommonQueryMethods) {}
 
   async findByCredentials(appId: string, appSecret: string) {
diff --git a/packages/core/src/routes/applications/application-secret.openapi.json b/packages/core/src/routes/applications/application-secret.openapi.json
index ea8be00c0164..43f826d74e7b 100644
--- a/packages/core/src/routes/applications/application-secret.openapi.json
+++ b/packages/core/src/routes/applications/application-secret.openapi.json
@@ -69,6 +69,35 @@
             "description": "The secret was deleted successfully."
           }
         }
+      },
+      "patch": {
+        "summary": "Update application secret",
+        "description": "Update a secret for the application by name.",
+        "parameters": [
+          {
+            "name": "name",
+            "in": "path",
+            "description": "The name of the secret."
+          }
+        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "properties": {
+                  "name": {
+                    "description": "The secret name to update. Must be unique within the application."
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "204": {
+            "description": "The secret was updated successfully."
+          }
+        }
       }
     }
   }
diff --git a/packages/core/src/routes/applications/application-secret.ts b/packages/core/src/routes/applications/application-secret.ts
index 1728e6cbc79b..42a79e859348 100644
--- a/packages/core/src/routes/applications/application-secret.ts
+++ b/packages/core/src/routes/applications/application-secret.ts
@@ -104,4 +104,27 @@ export default function applicationSecretRoutes<T extends ManagementApiRouter>(
       return next();
     }
   );
+
+  router.patch(
+    '/applications/:id/secrets/:name',
+    koaGuard({
+      params: z.object({ id: z.string(), name: z.string() }),
+      body: ApplicationSecrets.updateGuard.pick({ name: true }).required(),
+      response: ApplicationSecrets.guard,
+      status: [200, 400, 404],
+    }),
+    async (ctx, next) => {
+      const {
+        params: { id: appId, name },
+        body,
+      } = ctx.guard;
+
+      ctx.body = await queries.applicationSecrets.update({
+        where: { applicationId: appId, name },
+        set: body,
+        jsonbMode: 'replace',
+      });
+      return next();
+    }
+  );
 }
diff --git a/packages/integration-tests/src/api/application.ts b/packages/integration-tests/src/api/application.ts
index c0f68b989ec7..b33296ec761c 100644
--- a/packages/integration-tests/src/api/application.ts
+++ b/packages/integration-tests/src/api/application.ts
@@ -148,6 +148,17 @@ export const getApplicationSecrets = async (applicationId: string) =>
 export const deleteApplicationSecret = async (applicationId: string, secretName: string) =>
   authedAdminApi.delete(`applications/${applicationId}/secrets/${secretName}`);
 
+export const updateApplicationSecret = async (
+  applicationId: string,
+  secretName: string,
+  body: Record<string, unknown>
+) =>
+  authedAdminApi
+    .patch(`applications/${applicationId}/secrets/${secretName}`, {
+      json: body,
+    })
+    .json<ApplicationSecret>();
+
 export const deleteLegacyApplicationSecret = async (applicationId: string) =>
   authedAdminApi.delete(`applications/${applicationId}/legacy-secret`);
 
diff --git a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
index 40962bccce89..3f4634271e92 100644
--- a/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
+++ b/packages/integration-tests/src/tests/api/application/application.secrets.test.ts
@@ -8,6 +8,7 @@ import {
   deleteApplication,
   deleteApplicationSecret,
   getApplicationSecrets,
+  updateApplicationSecret,
 } from '#src/api/application.js';
 import { randomString } from '#src/utils.js';
 
@@ -157,4 +158,23 @@ describe('application secrets', () => {
     ]);
     expect(await getApplicationSecrets(application.id)).toEqual([]);
   });
+
+  it('should be able to update application secret', async () => {
+    const application = await createApplication('application', ApplicationType.MachineToMachine);
+    const secretName = randomString();
+    await createApplicationSecret({
+      applicationId: application.id,
+      name: secretName,
+    });
+
+    const newSecretName = randomString();
+    const updatedSecret = await updateApplicationSecret(application.id, secretName, {
+      name: newSecretName,
+    });
+    expect(updatedSecret).toEqual(
+      expect.objectContaining({ applicationId: application.id, name: newSecretName })
+    );
+
+    await deleteApplicationSecret(application.id, newSecretName);
+  });
 });
diff --git a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
index 5508658b9ec3..a276f7c0ab18 100644
--- a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
+++ b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts
@@ -182,6 +182,11 @@ const application_details = {
         'The secret will never expire. We recommend setting an expiration date for enhanced security.',
       days: '{{count}} day',
       days_other: '{{count}} days',
+      created: 'The secret {{name}} has been successfully created.',
+    },
+    edit_modal: {
+      title: 'Edit application secret',
+      edited: 'The secret {{name}} has been successfully edited.',
     },
   },
 };

From 4abe2a8473789eccf5d2c6f3ec3a499802e5d3c4 Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Tue, 30 Jul 2024 18:13:14 +0800
Subject: [PATCH 135/135] fix(console): add dev guard on new pricing model
 subscription hooks (#6363)

---
 .../console/src/hooks/use-new-subscription-quota.ts    |  4 ++--
 .../src/hooks/use-new-subscription-scopes-usage.ts     | 10 +++++++---
 .../console/src/hooks/use-new-subscription-usage.ts    |  4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/packages/console/src/hooks/use-new-subscription-quota.ts b/packages/console/src/hooks/use-new-subscription-quota.ts
index 8e679983f39c..4b6f4a8c9f50 100644
--- a/packages/console/src/hooks/use-new-subscription-quota.ts
+++ b/packages/console/src/hooks/use-new-subscription-quota.ts
@@ -2,13 +2,13 @@ import useSWR from 'swr';
 
 import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type NewSubscriptionQuota } from '@/cloud/types/router';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 
 const useNewSubscriptionQuota = (tenantId: string) => {
   const cloudApi = useCloudApi();
 
   return useSWR<NewSubscriptionQuota, Error>(
-    isCloud && `/api/tenants/${tenantId}/subscription/quota`,
+    isCloud && isDevFeaturesEnabled && `/api/tenants/${tenantId}/subscription/quota`,
     async () =>
       cloudApi.get('/api/tenants/:tenantId/subscription/quota', {
         params: { tenantId },
diff --git a/packages/console/src/hooks/use-new-subscription-scopes-usage.ts b/packages/console/src/hooks/use-new-subscription-scopes-usage.ts
index 011f5cbd34be..e085456e9c40 100644
--- a/packages/console/src/hooks/use-new-subscription-scopes-usage.ts
+++ b/packages/console/src/hooks/use-new-subscription-scopes-usage.ts
@@ -2,7 +2,7 @@ import useSWR from 'swr';
 
 import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type NewSubscriptionScopeUsage } from '@/cloud/types/router';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 
 const useNewSubscriptionScopeUsage = (tenantId: string) => {
   const cloudApi = useCloudApi();
@@ -12,7 +12,9 @@ const useNewSubscriptionScopeUsage = (tenantId: string) => {
 
   return {
     scopeResourceUsage: useSWR<NewSubscriptionScopeUsage, Error>(
-      isCloud && `/api/tenants/${tenantId}/subscription/usage/${resourceEntityName}/scopes`,
+      isCloud &&
+        isDevFeaturesEnabled &&
+        `/api/tenants/${tenantId}/subscription/usage/${resourceEntityName}/scopes`,
       async () =>
         cloudApi.get('/api/tenants/:tenantId/subscription/usage/:entityName/scopes', {
           params: { tenantId, entityName: resourceEntityName },
@@ -20,7 +22,9 @@ const useNewSubscriptionScopeUsage = (tenantId: string) => {
         })
     ),
     scopeRoleUsage: useSWR<NewSubscriptionScopeUsage, Error>(
-      isCloud && `/api/tenants/${tenantId}/subscription/usage/${roleEntityName}/scopes`,
+      isCloud &&
+        isDevFeaturesEnabled &&
+        `/api/tenants/${tenantId}/subscription/usage/${roleEntityName}/scopes`,
       async () =>
         cloudApi.get('/api/tenants/:tenantId/subscription/usage/:entityName/scopes', {
           params: { tenantId, entityName: roleEntityName },
diff --git a/packages/console/src/hooks/use-new-subscription-usage.ts b/packages/console/src/hooks/use-new-subscription-usage.ts
index b0af93689011..a878e3f0d3dd 100644
--- a/packages/console/src/hooks/use-new-subscription-usage.ts
+++ b/packages/console/src/hooks/use-new-subscription-usage.ts
@@ -2,13 +2,13 @@ import useSWR from 'swr';
 
 import { useCloudApi } from '@/cloud/hooks/use-cloud-api';
 import { type NewSubscriptionUsage } from '@/cloud/types/router';
-import { isCloud } from '@/consts/env';
+import { isCloud, isDevFeaturesEnabled } from '@/consts/env';
 
 const useNewSubscriptionUsage = (tenantId: string) => {
   const cloudApi = useCloudApi();
 
   return useSWR<NewSubscriptionUsage, Error>(
-    isCloud && `/api/tenants/${tenantId}/subscription/usage`,
+    isCloud && isDevFeaturesEnabled && `/api/tenants/${tenantId}/subscription/usage`,
     async () =>
       cloudApi.get('/api/tenants/:tenantId/subscription/usage', {
         params: { tenantId },