Merge branch 'v2-dev' into codex_i18n

2026-05-03 12:07:25 +08:00 · 2026-05-01 00:07:29 +08:00
parent 028932c04a bb46cb08f7
commit 7ab661ecd7
52 changed files with 795 additions and 84 deletions
@@ -0,0 +1 @@
+../.trae/skills
@@ -0,0 +1,206 @@
+# Certd 开发 Agent 上下文
+
+这个文件是给在本仓库工作的开发 agent 看的常驻项目说明。后续会话进入仓库后，应先读取它，再按任务需要查看具体代码，避免每次都重新全量扫描项目。
+
+## 项目用途
+
+Certd 是一个支持私有化部署的 SSL/TLS 证书自动化管理平台。它提供 Web 管理台和后端服务，用于证书申请、续期、部署、监控、通知和开放 API 集成。
+
+它不只是一个简单的 ACME 客户端。项目的核心产品模型是“证书流水线”：
+
+- 通过 ACME 申请证书
+- 支持 DNS-01、HTTP-01、CNAME 代理以及各类服务商集成来完成域名验证
+- 支持将证书转换或导出为 pem、pfx、der、jks、p7b 等格式
+- 支持把证书部署到主机、Nginx、Kubernetes、CDN、云厂商、面板等目标
+- 支持通知用户，并监控站点证书过期时间
+
+由于系统会保存证书、云厂商凭据、SSH 信息、API Key 等敏感数据，产品定位上强烈建议私有化/本地部署。
+
+## 仓库结构
+
+这是一个 pnpm + lerna 的 monorepo。
+
+- `package.json`：根脚本和 workspace 元信息
+- `pnpm-workspace.yaml`：workspace 包匹配规则
+- `lerna.json`：lerna-lite 配置
+- `docs/`：VitePress 文档站
+- `docker/`：Docker 安装和运行相关文件
+- `packages/core/acme-client/`：ACME 协议客户端，风格接近 node-acme-client
+- `packages/core/basic/`：共享基础工具和基础设施
+- `packages/core/pipeline/`：流水线核心、注册表、装饰器、插件模型、上下文、服务、通知等
+- `packages/libs/`：共享集成与辅助库，例如 server、Huawei、JDCloud、Kubernetes、iframe
+- `packages/plugins/plugin-lib/`：通用插件辅助能力和证书相关共享代码
+- `packages/plugins/plugin-cert/`：证书流水线插件包
+- `packages/pro/`：商业版/专业版相关包
+- `packages/ui/certd-server/`：后端服务
+- `packages/ui/certd-client/`：前端 Web 管理台
+
+## 后端
+
+主要后端包：`packages/ui/certd-server`。
+
+技术栈：
+
+- Node.js、ESM、TypeScript
+- MidwayJS 3
+- Koa
+- TypeORM
+- 默认使用 better-sqlite3，同时支持 PostgreSQL 和 MySQL
+- 通过 `@certd/midway-flyway-js` 使用类似 Flyway 的 SQL 迁移机制
+
+重要位置：
+
+- `packages/ui/certd-server/src/config/config.default.ts`：默认服务、静态文件、数据库、定时任务、认证、上传、Swagger 配置
+- `packages/ui/certd-server/src/config/`：环境与配置加载逻辑
+- `packages/ui/certd-server/src/configuration.ts`：Midway 应用配置、中间件注册、组件导入
+- `packages/ui/certd-server/src/modules/`：业务模块，例如 pipeline、cert、cron、monitor、login、open API、sys、plugin、cname、notification
+- `packages/ui/certd-server/src/controller/`：按 API 领域划分的控制器
+- `packages/ui/certd-server/src/plugins/`：后端内置的具体服务商、部署、通知等插件
+- `packages/ui/certd-server/db/migration/`：数据库迁移 SQL
+- `packages/ui/certd-server/data/`：本地运行数据，例如 SQLite 数据库和生成文件
+- `packages/ui/certd-server/logs/`：运行日志
+
+已观察到的默认开发配置：
+
+- HTTP 端口：`7001`
+- HTTPS 端口：`7002`
+- 默认 SQLite 数据库：`./data/db.sqlite`
+- 默认文件根目录：`./data/files`
+
+常用脚本：
+
+- 根目录 `pnpm run start:server`：以生产模式启动后端包
+- 后端 `pnpm run dev`：启动 Midway watch/dev 服务
+- 后端 `pnpm run test`：运行后端 mocha 测试
+- 后端 `pnpm run build`：构建后端并导出插件元数据
+
+## 前端
+
+主要前端包：`packages/ui/certd-client`。
+
+技术栈：
+
+- Vue 3
+- Vite
+- TypeScript
+- Ant Design Vue
+- Fast Crud
+- Pinia
+- vue-router
+- vue-i18n
+- Tailwind/Windi 相关样式工具
+
+重要位置：
+
+- `packages/ui/certd-client/src/main.ts`：前端启动入口
+- `packages/ui/certd-client/src/App.vue`：根组件
+- `packages/ui/certd-client/src/api/`：API 调用封装
+- `packages/ui/certd-client/src/router/`：路由
+- `packages/ui/certd-client/src/store/`：Pinia store
+- `packages/ui/certd-client/src/views/certd/`：核心产品页面，例如流水线、证书、授权、监控、通知、开放 API、项目、支付、插件
+- `packages/ui/certd-client/src/components/`：共享 UI 组件
+- `packages/ui/certd-client/src/locales/`：国际化
+
+常用脚本：
+
+- 前端 `pnpm dev`：启动 Vite 开发服务
+- 前端 `pnpm build`：生产构建
+- 前端 `pnpm tsc`：类型检查
+- 前端 `pnpm test:unit`：Vitest 单元测试
+
+## 流水线与插件模型
+
+项目最关键的架构概念是证书流水线。
+
+可以从 `packages/core/pipeline/src/index.ts` 入手，它导出：
+
+- `core`
+- `dt`
+- `access`
+- `registry`
+- `plugin`
+- `context`
+- `decorator`
+- `service`
+- `notification`
+
+插件是核心能力，不是边缘功能。新增服务商、DNS 验证、证书部署、通知方式等能力，通常应该放在插件包里，或放在 `packages/ui/certd-server/src/plugins/<plugin-name>/` 下。
+
+后端已看到的插件类型包括：
+
+- DNS 和注册商服务商：Aliyun、Tencent、Cloudflare、Huawei、JDCloud、AWS、Azure、Google、GoDaddy、Namesilo、Xinnet、West、UCloud、Qiniu、Upyun、Volcengine 等
+- 部署目标：host、Kubernetes、Nginx Proxy Manager、APISIX、Proxmox、QNAP、Dokploy、GoEdge、各类 CDN、各类面板
+- 系统/产品插件：notification、captcha、oauth、admin、plus/pro、demo/template
+
+当修改证书申请、验证、部署或通知行为时，先判断改动属于哪里：
+
+- ACME client 代码
+- pipeline 核心抽象
+- 后端 module/service/entity/controller
+- 某个具体插件实现
+- 前端 view/form/schema
+
+如果只是某个服务商或部署目标的问题，不要轻易修改共享 pipeline/core 行为，除非确实是可复用的公共能力。
+
+## 数据与迁移
+
+后端使用 TypeORM 实体加 SQL 迁移。
+
+重点查看：
+
+- `packages/ui/certd-server/src/modules/**/entity/*.ts`
+- `packages/ui/certd-server/db/migration/*.sql`
+
+默认配置中 `synchronize: false`，所以涉及表结构变更时，通常应该添加或更新迁移脚本，而不是依赖 TypeORM 自动同步。
+
+## 开发注意事项
+
+- 中文 README 在部分 PowerShell 环境中可能显示乱码；`README_en.md` 可读性更好，且包含同样的高层项目说明。
+- 初次整理时观察到当前分支为 `v2-dev`。
+- 根包管理器是 pnpm，不要引入 npm/yarn lockfile。
+- 优先沿用现有模块、插件、服务模式，再考虑新增抽象。
+- `packages/ui/certd-server/data/`、`logs/`、生成的 metadata/dist 等通常视为运行时或构建产物，除非任务明确要求处理它们。
+- 注意本地数据和配置里可能包含凭据、证书材料等敏感信息。
+
+## 插件开发技能
+
+仓库内置了 Certd 插件开发技能，供 Trae 和 Codex 共用：
+
+- Trae 入口：`.trae/skills`
+- Codex 入口：`.codex/skills`
+
+其中 `.codex/skills` 是指向 `.trae/skills` 的目录链接，不要复制出第二份技能内容。更新技能时只维护 `.trae/skills` 下的原始文件，Codex 会通过 `.codex/skills` 读取同一份内容。
+
+当前技能包括：
+
+- `access-plugin-dev`：开发 Access 授权插件
+- `dns-provider-dev`：开发 DNS Provider 插件
+- `task-plugin-dev`：开发 Task 部署任务插件
+- `plugin-converter`：将插件转换为 YAML 配置
+
+做插件相关任务时，先读取对应技能目录下的 `SKILL.md`，再进入具体实现。若用户在插件开发中指出更好的做法，应总结并更新对应技能。
+
+## 快速定向命令
+
+进入项目后，优先使用这些有目标的读取命令，而不是立刻全仓库扫描：
+
+```powershell
+Get-Content package.json
+Get-Content pnpm-workspace.yaml
+Get-Content lerna.json
+Get-Content README_en.md -TotalCount 180
+Get-Content packages\ui\certd-server\package.json
+Get-Content packages\ui\certd-client\package.json
+Get-ChildItem packages\ui\certd-server\src\modules
+Get-ChildItem packages\ui\certd-server\src\plugins
+Get-ChildItem packages\ui\certd-client\src\views\certd
+```
+
+## 本仓库 Agent 工作方式
+
+- 先读本文件，再按用户任务查看相关 package/module。
+- 做后端任务时，先定位 `packages/ui/certd-server/src/modules` 下的模块，以及相关 entity/service/controller。
+- 做前端任务时，先定位 `packages/ui/certd-client/src/views/certd` 下的页面，再找对应 `src/api`。
+- 做服务商、DNS、部署、通知相关任务时，先看 `packages/ui/certd-server/src/plugins`，再看 `packages/plugins/plugin-lib` 里的共享辅助能力。
+- 做数据库结构变更时，添加或更新迁移脚本，不要依赖 TypeORM 自动同步。
+- 优先对改动包运行聚焦的测试或类型检查；只有跨包影响明显时再考虑全 monorepo 构建。
@@ -3,6 +3,21 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Bug Fixes
+
+* 调整手机版首页标题被挤开的bug ([eab66e2](https://github.com/certd/certd/commit/eab66e2d1988635985745f2d1b227b958969ee00))
+* 修复腾讯云clb部署报缺少sslmode参数的bug ([2f1ad72](https://github.com/certd/certd/commit/2f1ad7201f5ed9e00368a28b9e40907d4b415852))
+
+### Performance Improvements
+
+* 524错误时重试3次 ([00e6d58](https://github.com/certd/certd/commit/00e6d580c2f54af70fe96a214aff87c4b96426c2))
+* 阿里云证书订单支持获取2.0的订单 ([64b3184](https://github.com/certd/certd/commit/64b3184b286fee996002d857b0de588452abdadd))
+* 优化流水线执行时的状态保存性能 ([e00830b](https://github.com/certd/certd/commit/e00830bebcfe6344499e490bc174de96f9fb22d6))
+* 增加权威NS检查开关，某些用户服务器禁止向黑名单NS服务器发请求 ([1aa50cf](https://github.com/certd/certd/commit/1aa50cf53a0deab752f35ec973912e41ab8161b6))
+* 支持页脚自定义 ([c985a13](https://github.com/certd/certd/commit/c985a13544aa31b0eb0783f9a3193a7e8bdc6ed6))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Bug Fixes
@@ -3,6 +3,21 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Bug Fixes
+
+* 调整手机版首页标题被挤开的bug ([eab66e2](https://github.com/certd/certd/commit/eab66e2d1988635985745f2d1b227b958969ee00))
+* 修复腾讯云clb部署报缺少sslmode参数的bug ([2f1ad72](https://github.com/certd/certd/commit/2f1ad7201f5ed9e00368a28b9e40907d4b415852))
+
+### Performance Improvements
+
+* 524错误时重试3次 ([00e6d58](https://github.com/certd/certd/commit/00e6d580c2f54af70fe96a214aff87c4b96426c2))
+* 阿里云证书订单支持获取2.0的订单 ([64b3184](https://github.com/certd/certd/commit/64b3184b286fee996002d857b0de588452abdadd))
+* 优化流水线执行时的状态保存性能 ([e00830b](https://github.com/certd/certd/commit/e00830bebcfe6344499e490bc174de96f9fb22d6))
+* 增加权威NS检查开关，某些用户服务器禁止向黑名单NS服务器发请求 ([1aa50cf](https://github.com/certd/certd/commit/1aa50cf53a0deab752f35ec973912e41ab8161b6))
+* 支持页脚自定义 ([c985a13](https://github.com/certd/certd/commit/c985a13544aa31b0eb0783f9a3193a7e8bdc6ed6))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Bug Fixes
@@ -6,7 +6,7 @@
 |-----|-----|-----|
 | 1.| **证书申请（JS版）** | 免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
 | 2.| **已有证书托管** | 手动上传自定义证书后，自动部署（每次证书有更新，都需要手动上传一次） | 
-| 3.| **获取阿里云订阅证书** | 从阿里云拉取订阅模式的商用证书 | 
+| 3.| **获取阿里云订阅证书** | 从阿里云拉取订阅模式的商用证书（支持 API 1.0 和 2.0） | 
 | 4.| **证书申请（Lego）** | 支持海量DNS解析提供商，推荐使用，一样的免费通配符域名证书申请，支持多个域名打到同一个证书上 | 
 ## 2. 主机

@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.39.11"
+  "version": "1.39.12"
 }
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/publishlab/node-acme-client/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Performance Improvements
+
+* 增加权威NS检查开关，某些用户服务器禁止向黑名单NS服务器发请求 ([1aa50cf](https://github.com/publishlab/node-acme-client/commit/1aa50cf53a0deab752f35ec973912e41ab8161b6))
+
 ## [1.39.11](https://github.com/publishlab/node-acme-client/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Performance Improvements
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.39.11",
+    "version": "1.39.12",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.39.11",
+        "@certd/basic": "^1.39.12",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -70,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+    "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Performance Improvements
+
+* 524错误时重试3次 ([00e6d58](https://github.com/certd/certd/commit/00e6d580c2f54af70fe96a214aff87c4b96426c2))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-13:28
+23:06
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -47,5 +47,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Performance Improvements
+
+* 524错误时重试3次 ([00e6d58](https://github.com/certd/certd/commit/00e6d580c2f54af70fe96a214aff87c4b96426c2))
+* 优化流水线执行时的状态保存性能 ([e00830b](https://github.com/certd/certd/commit/e00830bebcfe6344499e490bc174de96f9fb22d6))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Performance Improvements
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.39.11",
-    "@certd/plus-core": "^1.39.11",
+    "@certd/basic": "^1.39.12",
+    "@certd/plus-core": "^1.39.12",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
    "prettier": "^2.8.8",
    "tslib": "^2.8.1"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -31,5 +31,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.39.11",
+  "version": "1.39.12",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
      "fetch"
    ]
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,7 +18,7 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.39.11",
+    "@certd/basic": "^1.39.12",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -33,5 +33,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Performance Improvements
+
+* 增加权威NS检查开关，某些用户服务器禁止向黑名单NS服务器发请求 ([1aa50cf](https://github.com/certd/certd/commit/1aa50cf53a0deab752f35ec973912e41ab8161b6))
+* 支持页脚自定义 ([c985a13](https://github.com/certd/certd/commit/c985a13544aa31b0eb0783f9a3193a7e8bdc6ed6))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.39.11",
+  "version": "1.39.12",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.39.11",
-    "@certd/basic": "^1.39.11",
-    "@certd/pipeline": "^1.39.11",
-    "@certd/plugin-lib": "^1.39.11",
-    "@certd/plus-core": "^1.39.11",
+    "@certd/acme-client": "^1.39.12",
+    "@certd/basic": "^1.39.12",
+    "@certd/pipeline": "^1.39.12",
+    "@certd/plugin-lib": "^1.39.12",
+    "@certd/plus-core": "^1.39.12",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -29,6 +29,7 @@ export class SysPublicSettings extends BaseSettings {
  managerOtherUserPipeline = false;
  icpNo?: string;
  mpsNo?: string;
+  customFooter?: string;
  robots?: boolean = true;
  aiChatEnabled = true;

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.39.11",
+  "version": "1.39.12",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -46,5 +46,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 **Note:** Version bump only for package @certd/plugin-cert
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.39.11",
-    "@certd/basic": "^1.39.11",
-    "@certd/pipeline": "^1.39.11",
-    "@certd/plugin-lib": "^1.39.11",
+    "@certd/acme-client": "^1.39.12",
+    "@certd/basic": "^1.39.12",
+    "@certd/pipeline": "^1.39.12",
+    "@certd/plugin-lib": "^1.39.12",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -38,5 +38,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Performance Improvements
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.39.11",
+  "version": "1.39.12",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.39.11",
-    "@certd/basic": "^1.39.11",
-    "@certd/pipeline": "^1.39.11",
-    "@certd/plus-core": "^1.39.11",
+    "@certd/acme-client": "^1.39.12",
+    "@certd/basic": "^1.39.12",
+    "@certd/pipeline": "^1.39.12",
+    "@certd/plus-core": "^1.39.12",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "ec466dc818eace59825d8ae2ebbc9fc75a94a6b0"
+  "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
 }
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Bug Fixes
+
+* 调整手机版首页标题被挤开的bug ([eab66e2](https://github.com/certd/certd/commit/eab66e2d1988635985745f2d1b227b958969ee00))
+
+### Performance Improvements
+
+* 524错误时重试3次 ([00e6d58](https://github.com/certd/certd/commit/00e6d580c2f54af70fe96a214aff87c4b96426c2))
+* 增加权威NS检查开关，某些用户服务器禁止向黑名单NS服务器发请求 ([1aa50cf](https://github.com/certd/certd/commit/1aa50cf53a0deab752f35ec973912e41ab8161b6))
+* 支持页脚自定义 ([c985a13](https://github.com/certd/certd/commit/c985a13544aa31b0eb0783f9a3193a7e8bdc6ed6))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.39.11",
+  "version": "1.39.12",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.39.11",
-    "@certd/pipeline": "^1.39.11",
+    "@certd/lib-iframe": "^1.39.12",
+    "@certd/pipeline": "^1.39.12",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -3,7 +3,7 @@
    <div class="flex items-center">
      <span v-if="!settingStore.isComm">
        <span>Powered by</span>
-        <a> handsfree.work </a>
+        <a href="https://certd.docmirror.cn/" target="_blank"> handfree.work </a>
        <a-divider type="vertical" />
      </span>

@@ -21,7 +21,12 @@

      <span v-if="sysPublic.mpsNo">
        <a href="http://www.beian.gov.cn/portal/registerSystemInfo" target="_blank">{{ sysPublic.mpsNo }}</a>
+        <a-divider type="vertical" />
      </span>
+
+      <template v-if="sysPublic.customFooter && settingStore.isPlus">
+        <div v-html="sysPublic.customFooter"></div>
+      </template>
    </div>
    <div class="ml-5">v{{ version }}</div>
  </div>
@@ -75,7 +75,7 @@
        <div>
          <span v-if="!settingStore.isComm">
            <span>Powered by</span>
-            <a> handfree.work </a>
+            <a href="https://certd.docmirror.cn/" target="_blank"> handfree.work </a>
          </span>

          <template v-if="siteInfo.licenseTo">
@@ -45,6 +45,7 @@ export type SysPublicSetting = {
  managerOtherUserPipeline?: boolean;
  icpNo?: string;
  mpsNo?: string;
+  customFooter?: string;
  robots?: boolean;
  aiChatEnabled?: boolean;

@@ -21,6 +21,7 @@ import { LayoutFooter } from "./footer";
 import { LayoutHeader } from "./header";
 import { LayoutExtraMenu, LayoutMenu, LayoutMixedMenu, useExtraMenu, useMixedMenu } from "./menu";
 import { LayoutTabbar } from "./tabbar";
+import router from "/@/router";

 defineOptions({ name: "BasicLayout" });

@@ -160,7 +161,7 @@ const headerSlots = computed(() => {
  >
    <!-- logo -->
    <template #logo>
-      <VbenLogo v-if="preferences.logo.enable" :class="logoClass" :collapsed="logoCollapsed" :src="preferences.logo.source" :text="preferences.app.name" :theme="showHeaderNav ? headerTheme : theme" />
+      <VbenLogo v-if="preferences.logo.enable" class="pointer" :class="logoClass" :collapsed="logoCollapsed" :src="preferences.logo.source" :text="preferences.app.name" :theme="showHeaderNav ? headerTheme : theme" />
    </template>
    <!-- 头部区域 -->
    <template #header>
@@ -1,6 +1,6 @@
 <script setup lang="ts">
 import { VbenAvatar } from "../avatar";
-
+import { useRouter } from "vue-router";
 interface Props {
  /**
   * @zh_CN 是否收起文本
@@ -39,10 +39,15 @@ withDefaults(defineProps<Props>(), {
  src: "",
  theme: "light",
 });
+
+const router = useRouter();
+function handleLogoClick() {
+  router.push({ path: "/" });
+}
 </script>

 <template>
-  <div :class="theme" class="flex h-full items-center text-lg">
+  <div :class="theme" class="flex h-full items-center text-lg pointer" @click="handleLogoClick">
    <a :class="$attrs.class" :href="href" class="flex h-full items-center gap-2 overflow-hidden px-3 text-lg leading-normal transition-all duration-500">
      <VbenAvatar v-if="src" :alt="text" :src="src" class="relative w-8 rounded-none bg-transparent" />
      <span v-if="!collapsed" class="text-foreground truncate text-nowrap font-semibold">
@@ -935,7 +935,7 @@ export default defineComponent({
      };

      const historyCancel = () => {
-        changeCurrentHistory();
+        // changeCurrentHistory();
        console.log("currentPipeline", pipeline);
      };

@@ -22,7 +22,7 @@
      </div>
    </nav>

-    <section class="hero-section">
+    <section class="hero-section bg-[#f7f7fc] dark:bg-[#000000]">
      <div class="hero-container">
        <div class="hero-content">
          <h1 class="hero-title flex flex-col md:flex-row">
@@ -45,7 +45,6 @@
        </div>
      </div>
    </section>
-
    <section id="features" class="features-section">
      <div class="container">
        <div class="section-header">
@@ -21,10 +21,16 @@
      </a-form-item>

      <a-form-item :label="t('certd.sys.setting.notice')" :name="['public', 'notice']">
-        <a-textarea v-model:value="formState.public.notice" :placeholder="t('certd.sys.setting.noticePlaceholder')" :rows="5" />
+        <a-textarea v-model:value="formState.public.notice" :placeholder="t('certd.sys.setting.noticePlaceholder')" :rows="3" />
        <div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
      </a-form-item>

+      <a-form-item :label="t('certd.sys.setting.customFooter')" :name="['public', 'customFooter']">
+        <a-textarea v-model:value="formState.public.customFooter" :disabled="!settingsStore.isPlus" :placeholder="t('certd.sys.setting.customFooterPlaceholder')" :rows="3" />
+        <div class="helper" v-html="t('certd.sys.setting.customFooterHelper')"></div>
+        <vip-button class="ml-5 justify-start" mode="button"></vip-button>
+      </a-form-item>
+
      <a-form-item :label="t('certd.sys.setting.bindUrl')">
        <a-button class="ml-2" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
        <div class="helper" v-html="t('certd.sys.setting.bindUrlHelper')"></div>
@@ -3,6 +3,19 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.12](https://github.com/certd/certd/compare/v1.39.11...v1.39.12) (2026-04-29)
+
+### Bug Fixes
+
+* 修复腾讯云clb部署报缺少sslmode参数的bug ([2f1ad72](https://github.com/certd/certd/commit/2f1ad7201f5ed9e00368a28b9e40907d4b415852))
+
+### Performance Improvements
+
+* 524错误时重试3次 ([00e6d58](https://github.com/certd/certd/commit/00e6d580c2f54af70fe96a214aff87c4b96426c2))
+* 阿里云证书订单支持获取2.0的订单 ([64b3184](https://github.com/certd/certd/commit/64b3184b286fee996002d857b0de588452abdadd))
+* 优化流水线执行时的状态保存性能 ([e00830b](https://github.com/certd/certd/commit/e00830bebcfe6344499e490bc174de96f9fb22d6))
+* 支持页脚自定义 ([c985a13](https://github.com/certd/certd/commit/c985a13544aa31b0eb0783f9a3193a7e8bdc6ed6))
+
 ## [1.39.11](https://github.com/certd/certd/compare/v1.39.10...v1.39.11) (2026-04-26)

 ### Bug Fixes
@@ -6,7 +6,7 @@ name: CertApplyGetFormAliyun
 icon: ph:certificate
 title: 获取阿里云订阅证书
 group: cert
-desc: 从阿里云拉取订阅模式的商用证书
+desc: 从阿里云拉取订阅模式的商用证书（支持 API 1.0 和 2.0）
 input:
  domains:
    title: 证书域名
@@ -49,27 +49,28 @@ input:
    order: -1
    helper: 请输入邮箱
  accessId:
-    title: Access授权
-    helper: 阿里云授权AccessKeyId、AccessKeySecret
+    title: Access 授权
+    helper: 阿里云授权 AccessKeyId、AccessKeySecret
    component:
      name: access-selector
      type: aliyun
    required: true
    order: 0
-  orderType:
-    title: 订单类型
-    value: CPACK
+  apiVersion:
+    title: 证书API 版本
+    value: v1
    component:
      name: a-select
      vModel: value
      options:
-        - label: 资源虚拟订单（一般选这个）
-          value: CPACK
-        - label: 售卖订单
-          value: BUY
+        - label: API 1.0 (旧版)
+          value: v1
+        - label: API 2.0 (新版)
+          value: v2
+    helper: 选择阿里云证书 API 版本
    order: 0
  orderId:
-    title: 证书订单ID
+    title: 证书订单 ID
    component:
      name: RemoteSelect
      vModel: value
@@ -95,7 +96,7 @@ input:
                  },
               }
              
-    helper: 订阅模式的证书订单Id
+    helper: 订阅模式的证书订单 Id(在新建流水线时暂时无法获取，可以先随便填个数字，先创建，进入流水线编辑页面再获取选择即可)
    order: 0
  pfxPassword:
    title: 证书加密密码
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.39.11",
+  "version": "1.39.12",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -52,20 +52,20 @@
    "@aws-sdk/client-sts": "^3.990.0",
    "@azure/arm-dns": "^5.1.0",
    "@azure/identity": "^4.13.1",
-    "@certd/acme-client": "^1.39.11",
-    "@certd/basic": "^1.39.11",
-    "@certd/commercial-core": "^1.39.11",
+    "@certd/acme-client": "^1.39.12",
+    "@certd/basic": "^1.39.12",
+    "@certd/commercial-core": "^1.39.12",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.39.11",
-    "@certd/lib-huawei": "^1.39.11",
-    "@certd/lib-k8s": "^1.39.11",
-    "@certd/lib-server": "^1.39.11",
-    "@certd/midway-flyway-js": "^1.39.11",
-    "@certd/pipeline": "^1.39.11",
-    "@certd/plugin-cert": "^1.39.11",
-    "@certd/plugin-lib": "^1.39.11",
-    "@certd/plugin-plus": "^1.39.11",
-    "@certd/plus-core": "^1.39.11",
+    "@certd/jdcloud": "^1.39.12",
+    "@certd/lib-huawei": "^1.39.12",
+    "@certd/lib-k8s": "^1.39.12",
+    "@certd/lib-server": "^1.39.12",
+    "@certd/midway-flyway-js": "^1.39.12",
+    "@certd/pipeline": "^1.39.12",
+    "@certd/plugin-cert": "^1.39.12",
+    "@certd/plugin-lib": "^1.39.12",
+    "@certd/plugin-plus": "^1.39.12",
+    "@certd/plus-core": "^1.39.12",
    "@google-cloud/dns": "^5.3.1",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
@@ -702,11 +702,16 @@ export class PipelineService extends BaseService<PipelineEntity> {
        }
        await doSaveHistory(latest);
      }
-
      async start(){
        this.started = true
+        //先存一次，确保有数据
        await this.save();
+        setTimeout(()=>{
+          //2秒后保存一次，尽快显示第一个任务的状态
+           this.save();
+        }, 1000 * 2);
        this.interval = setInterval(()=>{
+          //之后每5秒保存一次
          this.save();
        }, 1000 * 5);
      }
@@ -55,7 +55,7 @@ export class CertApplyGetFormAliyunPlugin extends CertApplyBasePlugin {
  @TaskInput(
    createRemoteSelectInputDefine({
      title: "证书订单 ID",
-      helper: "订阅模式的证书订单 Id",
+      helper: "订阅模式的证书订单 Id(在新建流水线时暂时无法获取，可以先随便填个数字，先创建，进入流水线编辑页面再获取选择即可)",
      typeName: "CertApplyGetFormAliyun",
      pageSize: 50,
      component: {
@@ -6,3 +6,4 @@ export * from './plugin-deploy-to-live.js'
 export * from './plugin-deploy-to-dcdn.js'
 export * from './plugin-deploy-to-vod.js'
 export * from './plugin-deploy-to-tos.js'
+export * from './plugin-deploy-to-vke.js'
@@ -0,0 +1,356 @@
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { VolcengineAccess } from "../access.js";
+import { VolcengineClient } from "../ve-client.js";
+import { utils } from "@certd/basic";
+
+const regionOptions = [
+  { label: "北京", value: "cn-beijing" },
+  { label: "上海", value: "cn-shanghai" },
+  { label: "广州", value: "cn-guangzhou" },
+  { label: "香港", value: "cn-hongkong" },
+  { label: "柔佛", value: "ap-southeast-1" },
+  { label: "雅加达", value: "ap-southeast-3" }
+];
+
+@IsTaskPlugin({
+  name: "VolcengineDeployToVKE",
+  title: "火山引擎-替换VKE证书",
+  icon: "svg:icon-volcengine",
+  group: pluginGroups.volcengine.key,
+  desc: "替换火山引擎VKE集群中的TLS Secret证书",
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+export class VolcengineDeployToVKE extends AbstractTaskPlugin {
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    },
+    required: true
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  @TaskInput({
+    title: "Access授权",
+    helper: "火山引擎AccessKeyId、AccessKeySecret",
+    component: {
+      name: "access-selector",
+      type: "volcengine"
+    },
+    required: true
+  })
+  accessId!: string;
+
+  @TaskInput({
+    title: "Region",
+    helper: "VKE集群所在地域",
+    component: {
+      name: "a-select",
+      options: regionOptions
+    },
+    value: "cn-beijing",
+    required: true
+  })
+  regionId!: string;
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "VKE集群",
+      helper: "选择要替换证书的VKE集群，也可以手动输入集群ID",
+      action: VolcengineDeployToVKE.prototype.onGetClusterList.name,
+      watches: ["accessId", "regionId"],
+      required: true
+    })
+  )
+  clusterId!: string;
+
+  @TaskInput({
+    title: "Kubeconfig类型",
+    helper: "Public需要集群API Server已开启公网访问；Private需要Certd能访问集群私网地址",
+    component: {
+      name: "a-select",
+      options: [
+        { label: "公网", value: "Public" },
+        { label: "私网", value: "Private" },
+        { label: "集群内", value: "TargetCluster" }
+      ]
+    },
+    value: "Public",
+    required: true
+  })
+  kubeconfigType!: "Public" | "Private" | "TargetCluster";
+
+  @TaskInput({
+    title: "命名空间",
+    value: "default",
+    component: {
+      placeholder: "命名空间"
+    },
+    required: true
+  })
+  namespace!: string;
+
+  @TaskInput({
+    title: "替换方式",
+    helper: "按Ingress会自动读取spec.tls[].secretName；按Secret需要手动填写Secret名称",
+    component: {
+      name: "a-select",
+      options: [
+        { label: "按Ingress替换", value: "ingress" },
+        { label: "按Secret替换", value: "secret" }
+      ]
+    },
+    value: "ingress",
+    required: true
+  })
+  targetType!: "ingress" | "secret";
+
+  @TaskInput({
+    title: "IngressName",
+    required: true,
+    helper: "根据Ingress名称查找TLS Secret并替换",
+    mergeScript: `
+      return {
+        show: ctx.compute(({form}) => form.targetType === 'ingress'),
+        required: ctx.compute(({form}) => form.targetType === 'ingress')
+      }
+    `
+  })
+  ingressName!: string;
+
+  @TaskInput({
+    title: "Secret名称",
+    required: true,
+    helper: "存储TLS证书的Secret名称，可填写多个",
+    component: {
+      name: "a-select",
+      vModel: "value",
+      mode: "tags",
+      open: false
+    },
+    mergeScript: `
+      return {
+        show: ctx.compute(({form}) => form.targetType === 'secret'),
+        required: ctx.compute(({form}) => form.targetType === 'secret')
+      }
+    `
+  })
+  secretName!: string | string[];
+
+  @TaskInput({
+    title: "Secret自动创建",
+    helper: "如果Secret不存在，则创建kubernetes.io/tls类型Secret",
+    value: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked"
+    }
+  })
+  createOnNotFound!: boolean;
+
+  @TaskInput({
+    title: "忽略证书校验",
+    helper: "连接Kubernetes API Server时跳过TLS校验",
+    value: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked"
+    }
+  })
+  skipTLSVerify!: boolean;
+
+  K8sClient: any;
+
+  async onInstance() {
+    const sdk = await import("@certd/lib-k8s");
+    this.K8sClient = sdk.K8sClient;
+  }
+
+  async execute(): Promise<void> {
+    this.logger.info("开始替换火山引擎VKE证书");
+    const access = await this.getAccess<VolcengineAccess>(this.accessId);
+    const vkeService = await this.getVkeService(access);
+    const kubeconfigId = await this.createKubeconfig(vkeService);
+
+    try {
+      const kubeconfig = await this.getKubeconfig(vkeService, kubeconfigId);
+      const k8sClient = new this.K8sClient({
+        kubeConfigStr: kubeconfig,
+        logger: this.logger,
+        skipTLSVerify: this.skipTLSVerify
+      });
+      const secretNames = await this.getTargetSecretNames(k8sClient);
+      await this.patchCertSecret({ cert: this.cert, k8sClient, secretNames });
+    } catch (e) {
+      if (e.response?.body) {
+        throw new Error(JSON.stringify(e.response.body));
+      }
+      throw e;
+    } finally {
+      await this.deleteKubeconfig(vkeService, kubeconfigId);
+    }
+
+    await utils.sleep(5000);
+    this.logger.info("VKE证书替换完成");
+  }
+
+  private async getVkeService(access: VolcengineAccess) {
+    const client = new VolcengineClient({
+      logger: this.logger,
+      access,
+      http: this.http
+    });
+    return await client.getVkeService({ region: this.regionId });
+  }
+
+  private async createKubeconfig(vkeService: any) {
+    const res = await vkeService.request({
+      action: "CreateKubeconfig",
+      method: "POST",
+      body: {
+        ClusterId: this.clusterId,
+        Type: this.kubeconfigType,
+        ValidDuration: 3600
+      }
+    });
+    const kubeconfigId = res.Result?.Id || res.Id;
+    if (!kubeconfigId) {
+      throw new Error(`生成VKE Kubeconfig失败：${JSON.stringify(res)}`);
+    }
+    this.logger.info(`已生成临时Kubeconfig:${kubeconfigId}`);
+    return kubeconfigId;
+  }
+
+  private async getKubeconfig(vkeService: any, kubeconfigId: string) {
+    const res = await vkeService.request({
+      action: "ListKubeconfigs",
+      method: "POST",
+      body: {
+        Filter: {
+          ClusterIds: [this.clusterId],
+          Ids: [kubeconfigId],
+          Types: [this.kubeconfigType]
+        },
+        PageNumber: 1,
+        PageSize: 10
+      }
+    });
+    const items = res.Result?.Items || res.Items || [];
+    const item = items.find((it: any) => it.Id === kubeconfigId) || items[0];
+    const kubeconfig = item?.Kubeconfig;
+    if (!kubeconfig) {
+      throw new Error(`获取VKE Kubeconfig失败：${JSON.stringify(res)}`);
+    }
+    return kubeconfig;
+  }
+
+  private async deleteKubeconfig(vkeService: any, kubeconfigId?: string) {
+    if (!kubeconfigId) {
+      return;
+    }
+    try {
+      await vkeService.request({
+        action: "DeleteKubeconfigs",
+        method: "POST",
+        body: {
+          ClusterId: this.clusterId,
+          Ids: [kubeconfigId]
+        }
+      });
+      this.logger.info(`已删除临时Kubeconfig:${kubeconfigId}`);
+    } catch (e) {
+      this.logger.warn(`删除临时Kubeconfig失败:${e.message || e}`);
+    }
+  }
+
+  private async getTargetSecretNames(k8sClient: any) {
+    if (this.targetType === "secret") {
+      if (typeof this.secretName === "string") {
+        return [this.secretName];
+      }
+      return this.secretName || [];
+    }
+
+    const ingressList = await k8sClient.getIngressList({
+      namespace: this.namespace
+    });
+    const ingress = ingressList.items.find((item: any) => item.metadata.name === this.ingressName);
+    if (!ingress) {
+      throw new Error(`Ingress不存在:${this.ingressName}`);
+    }
+    const secretNames = ingress.spec?.tls?.map((tls: any) => tls.secretName).filter(Boolean) || [];
+    if (secretNames.length === 0) {
+      throw new Error(`Ingress:${this.ingressName} 未找到TLS Secret`);
+    }
+    return secretNames;
+  }
+
+  private async patchCertSecret(options: { cert: CertInfo; k8sClient: any; secretNames: string[] }) {
+    const { cert, k8sClient, secretNames } = options;
+    if (!secretNames || secretNames.length === 0) {
+      throw new Error("Secret名称不能为空");
+    }
+
+    const body: any = {
+      data: {
+        "tls.crt": Buffer.from(cert.crt).toString("base64"),
+        "tls.key": Buffer.from(cert.key).toString("base64")
+      },
+      metadata: {
+        labels: {
+          certd: this.appendTimeSuffix("certd")
+        }
+      }
+    };
+
+    for (const secretName of secretNames) {
+      body.metadata.name = secretName;
+      this.logger.info(`开始更新VKE Secret:${secretName}`);
+      await k8sClient.patchSecret({
+        namespace: this.namespace,
+        secretName,
+        body,
+        createOnNotFound: this.createOnNotFound
+      });
+      this.logger.info(`VKE Secret已更新:${secretName}`);
+    }
+
+    if (this.targetType === "ingress" && this.ingressName) {
+      await k8sClient.restartIngress(this.namespace, [this.ingressName], { certd: this.appendTimeSuffix("certd") });
+    }
+  }
+
+  async onGetClusterList() {
+    if (!this.accessId) {
+      throw new Error("请选择Access授权");
+    }
+    const access = await this.getAccess<VolcengineAccess>(this.accessId);
+    const service = await this.getVkeService(access);
+    const res = await service.request({
+      action: "ListClusters",
+      method: "POST",
+      body: {
+        PageNumber: 1,
+        PageSize: 100
+      }
+    });
+    const list = res.Result?.Items || res.Items || [];
+    return list.map((item: any) => ({
+      label: `${item.Name || item.Id}<${item.Id}>`,
+      value: item.Id
+    }));
+  }
+}
+
+new VolcengineDeployToVKE();
@@ -112,6 +112,20 @@ export class VolcengineClient {
    return service;
  }

+  async getVkeService(opts: { region?: string }) {
+    const CommonService = await this.getServiceCls();
+
+    const service = new CommonService({
+      serviceName: "vke",
+      defaultVersion: "2022-05-12"
+    });
+    service.setAccessKeyId(this.opts.access.accessKeyId);
+    service.setSecretKey(this.opts.access.secretAccessKey);
+    service.setRegion(opts.region);
+
+    return service;
+  }
+
  async getDCDNService( opts?: {  }) {
    const CommonService = await this.getServiceCls();

@@ -1 +1 @@
-13:33
+23:11
@@ -1 +1 @@
-14:09
+23:28
@@ -1 +1 @@
 :28
 :06
@@ -1 +1 @@
 :33
 :11
@@ -1 +1 @@
 :09
 :28