v1.39.9

- 新增监控任务执行记录页面及相关API
- 添加数据库表结构及多数据库支持
- 完善国际化翻译
- 实现批量删除功能
- 优化站点监控服务逻辑

.agents/skills/using-superpowers/SKILL.md

@@ -1,115 +0,0 @@
----
-name: using-superpowers
-description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
----
-
-<SUBAGENT-STOP>
-If you were dispatched as a subagent to execute a specific task, skip this skill.
-</SUBAGENT-STOP>
-
-<EXTREMELY-IMPORTANT>
-If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
-
-IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
-
-This is not negotiable. This is not optional. You cannot rationalize your way out of this.
-</EXTREMELY-IMPORTANT>
-
-## Instruction Priority
-
-Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
-
-1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
-2. **Superpowers skills** — override default system behavior where they conflict
-3. **Default system prompt** — lowest priority
-
-If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
-
-## How to Access Skills
-
-**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
-
-**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
-
-**In other environments:** Check your platform's documentation for how skills are loaded.
-
-## Platform Adaptation
-
-Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
-
-# Using Skills
-
-## The Rule
-
-**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
-
-```dot
-digraph skill_flow {
-    "User message received" [shape=doublecircle];
-    "About to EnterPlanMode?" [shape=doublecircle];
-    "Already brainstormed?" [shape=diamond];
-    "Invoke brainstorming skill" [shape=box];
-    "Might any skill apply?" [shape=diamond];
-    "Invoke Skill tool" [shape=box];
-    "Announce: 'Using [skill] to [purpose]'" [shape=box];
-    "Has checklist?" [shape=diamond];
-    "Create TodoWrite todo per item" [shape=box];
-    "Follow skill exactly" [shape=box];
-    "Respond (including clarifications)" [shape=doublecircle];
-
-    "About to EnterPlanMode?" -> "Already brainstormed?";
-    "Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
-    "Already brainstormed?" -> "Might any skill apply?" [label="yes"];
-    "Invoke brainstorming skill" -> "Might any skill apply?";
-
-    "User message received" -> "Might any skill apply?";
-    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
-    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
-    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
-    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
-    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
-    "Has checklist?" -> "Follow skill exactly" [label="no"];
-    "Create TodoWrite todo per item" -> "Follow skill exactly";
-}
-```
-
-## Red Flags
-
-These thoughts mean STOP—you're rationalizing:
-
-| Thought | Reality |
-|---------|---------|
-| "This is just a simple question" | Questions are tasks. Check for skills. |
-| "I need more context first" | Skill check comes BEFORE clarifying questions. |
-| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
-| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
-| "Let me gather information first" | Skills tell you HOW to gather information. |
-| "This doesn't need a formal skill" | If a skill exists, use it. |
-| "I remember this skill" | Skills evolve. Read current version. |
-| "This doesn't count as a task" | Action = task. Check for skills. |
-| "The skill is overkill" | Simple things become complex. Use it. |
-| "I'll just do this one thing first" | Check BEFORE doing anything. |
-| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
-| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
-
-## Skill Priority
-
-When multiple skills could apply, use this order:
-
-1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
-2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
-
-"Let's build X" → brainstorming first, then implementation skills.
-"Fix this bug" → debugging first, then domain-specific skills.
-
-## Skill Types
-
-**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
-
-**Flexible** (patterns): Adapt principles to context.
-
-The skill itself tells you which.
-
-## User Instructions
-
-Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.

.agents/skills/using-superpowers/references/codex-tools.md

@@ -1,100 +0,0 @@
-# Codex Tool Mapping
-
-Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
-
-| Skill references | Codex equivalent |
-|-----------------|------------------|
-| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
-| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
-| Task returns result | `wait` |
-| Task completes automatically | `close_agent` to free slot |
-| `TodoWrite` (task tracking) | `update_plan` |
-| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
-| `Read`, `Write`, `Edit` (files) | Use your native file tools |
-| `Bash` (run commands) | Use your native shell tools |
-
-## Subagent dispatch requires multi-agent support
-
-Add to your Codex config (`~/.codex/config.toml`):
-
-```toml
-[features]
-multi_agent = true
-```
-
-This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
-
-## Named agent dispatch
-
-Claude Code skills reference named agent types like `superpowers:code-reviewer`.
-Codex does not have a named agent registry — `spawn_agent` creates generic agents
-from built-in roles (`default`, `explorer`, `worker`).
-
-When a skill says to dispatch a named agent type:
-
-1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
-   local prompt template like `code-quality-reviewer-prompt.md`)
-2. Read the prompt content
-3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
-4. Spawn a `worker` agent with the filled content as the `message`
-
-| Skill instruction | Codex equivalent |
-|-------------------|------------------|
-| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
-| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
-
-### Message framing
-
-The `message` parameter is user-level input, not a system prompt. Structure it
-for maximum instruction adherence:
-
-```
-Your task is to perform the following. Follow the instructions below exactly.
-
-<agent-instructions>
-[filled prompt content from the agent's .md file]
-</agent-instructions>
-
-Execute this now. Output ONLY the structured response following the format
-specified in the instructions above.
-```
-
-- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
-- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
-- End with an explicit execution directive to prevent summarization of the instructions
-
-### When this workaround can be removed
-
-This approach compensates for Codex's plugin system not yet supporting an `agents`
-field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
-plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
-skills can dispatch named agent types directly.
-
-## Environment Detection
-
-Skills that create worktrees or finish branches should detect their
-environment with read-only git commands before proceeding:
-
-```bash
-GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
-GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
-BRANCH=$(git branch --show-current)
-```
-
-- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
-- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
-
-See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
-Step 1 for how each skill uses these signals.
-
-## Codex App Finishing
-
-When the sandbox blocks branch/push operations (detached HEAD in an
-externally managed worktree), the agent commits all work and informs
-the user to use the App's native controls:
-
-- **"Create branch"** — names the branch, then commit/push/PR via App UI
-- **"Hand off to local"** — transfers work to the user's local checkout
-
-The agent can still run tests, stage files, and output suggested branch
-names, commit messages, and PR descriptions for the user to copy.

.agents/skills/using-superpowers/references/gemini-tools.md

@@ -1,33 +0,0 @@
-# Gemini CLI Tool Mapping
-
-Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
-
-| Skill references | Gemini CLI equivalent |
-|-----------------|----------------------|
-| `Read` (file reading) | `read_file` |
-| `Write` (file creation) | `write_file` |
-| `Edit` (file editing) | `replace` |
-| `Bash` (run commands) | `run_shell_command` |
-| `Grep` (search file content) | `grep_search` |
-| `Glob` (search files by name) | `glob` |
-| `TodoWrite` (task tracking) | `write_todos` |
-| `Skill` tool (invoke a skill) | `activate_skill` |
-| `WebSearch` | `google_web_search` |
-| `WebFetch` | `web_fetch` |
-| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
-
-## No subagent support
-
-Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
-
-## Additional Gemini CLI tools
-
-These tools are available in Gemini CLI but have no Claude Code equivalent:
-
-| Tool | Purpose |
-|------|---------|
-| `list_directory` | List files and subdirectories |
-| `save_memory` | Persist facts to GEMINI.md across sessions |
-| `ask_user` | Request structured input from the user |
-| `tracker_create_task` | Rich task management (create, update, list, visualize) |
-| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |

.cursor/skills/using-superpowers/SKILL.md

@@ -1,115 +0,0 @@
----
-name: using-superpowers
-description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
----
-
-<SUBAGENT-STOP>
-If you were dispatched as a subagent to execute a specific task, skip this skill.
-</SUBAGENT-STOP>
-
-<EXTREMELY-IMPORTANT>
-If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
-
-IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
-
-This is not negotiable. This is not optional. You cannot rationalize your way out of this.
-</EXTREMELY-IMPORTANT>
-
-## Instruction Priority
-
-Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
-
-1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
-2. **Superpowers skills** — override default system behavior where they conflict
-3. **Default system prompt** — lowest priority
-
-If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
-
-## How to Access Skills
-
-**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
-
-**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
-
-**In other environments:** Check your platform's documentation for how skills are loaded.
-
-## Platform Adaptation
-
-Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
-
-# Using Skills
-
-## The Rule
-
-**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
-
-```dot
-digraph skill_flow {
-    "User message received" [shape=doublecircle];
-    "About to EnterPlanMode?" [shape=doublecircle];
-    "Already brainstormed?" [shape=diamond];
-    "Invoke brainstorming skill" [shape=box];
-    "Might any skill apply?" [shape=diamond];
-    "Invoke Skill tool" [shape=box];
-    "Announce: 'Using [skill] to [purpose]'" [shape=box];
-    "Has checklist?" [shape=diamond];
-    "Create TodoWrite todo per item" [shape=box];
-    "Follow skill exactly" [shape=box];
-    "Respond (including clarifications)" [shape=doublecircle];
-
-    "About to EnterPlanMode?" -> "Already brainstormed?";
-    "Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
-    "Already brainstormed?" -> "Might any skill apply?" [label="yes"];
-    "Invoke brainstorming skill" -> "Might any skill apply?";
-
-    "User message received" -> "Might any skill apply?";
-    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
-    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
-    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
-    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
-    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
-    "Has checklist?" -> "Follow skill exactly" [label="no"];
-    "Create TodoWrite todo per item" -> "Follow skill exactly";
-}
-```
-
-## Red Flags
-
-These thoughts mean STOP—you're rationalizing:
-
-| Thought | Reality |
-|---------|---------|
-| "This is just a simple question" | Questions are tasks. Check for skills. |
-| "I need more context first" | Skill check comes BEFORE clarifying questions. |
-| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
-| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
-| "Let me gather information first" | Skills tell you HOW to gather information. |
-| "This doesn't need a formal skill" | If a skill exists, use it. |
-| "I remember this skill" | Skills evolve. Read current version. |
-| "This doesn't count as a task" | Action = task. Check for skills. |
-| "The skill is overkill" | Simple things become complex. Use it. |
-| "I'll just do this one thing first" | Check BEFORE doing anything. |
-| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
-| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
-
-## Skill Priority
-
-When multiple skills could apply, use this order:
-
-1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
-2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
-
-"Let's build X" → brainstorming first, then implementation skills.
-"Fix this bug" → debugging first, then domain-specific skills.
-
-## Skill Types
-
-**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
-
-**Flexible** (patterns): Adapt principles to context.
-
-The skill itself tells you which.
-
-## User Instructions
-
-Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.

.cursor/skills/using-superpowers/references/codex-tools.md

@@ -1,100 +0,0 @@
-# Codex Tool Mapping
-
-Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
-
-| Skill references | Codex equivalent |
-|-----------------|------------------|
-| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
-| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
-| Task returns result | `wait` |
-| Task completes automatically | `close_agent` to free slot |
-| `TodoWrite` (task tracking) | `update_plan` |
-| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
-| `Read`, `Write`, `Edit` (files) | Use your native file tools |
-| `Bash` (run commands) | Use your native shell tools |
-
-## Subagent dispatch requires multi-agent support
-
-Add to your Codex config (`~/.codex/config.toml`):
-
-```toml
-[features]
-multi_agent = true
-```
-
-This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
-
-## Named agent dispatch
-
-Claude Code skills reference named agent types like `superpowers:code-reviewer`.
-Codex does not have a named agent registry — `spawn_agent` creates generic agents
-from built-in roles (`default`, `explorer`, `worker`).
-
-When a skill says to dispatch a named agent type:
-
-1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
-   local prompt template like `code-quality-reviewer-prompt.md`)
-2. Read the prompt content
-3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
-4. Spawn a `worker` agent with the filled content as the `message`
-
-| Skill instruction | Codex equivalent |
-|-------------------|------------------|
-| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
-| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
-
-### Message framing
-
-The `message` parameter is user-level input, not a system prompt. Structure it
-for maximum instruction adherence:
-
-```
-Your task is to perform the following. Follow the instructions below exactly.
-
-<agent-instructions>
-[filled prompt content from the agent's .md file]
-</agent-instructions>
-
-Execute this now. Output ONLY the structured response following the format
-specified in the instructions above.
-```
-
-- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
-- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
-- End with an explicit execution directive to prevent summarization of the instructions
-
-### When this workaround can be removed
-
-This approach compensates for Codex's plugin system not yet supporting an `agents`
-field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
-plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
-skills can dispatch named agent types directly.
-
-## Environment Detection
-
-Skills that create worktrees or finish branches should detect their
-environment with read-only git commands before proceeding:
-
-```bash
-GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
-GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
-BRANCH=$(git branch --show-current)
-```
-
-- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
-- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
-
-See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
-Step 1 for how each skill uses these signals.
-
-## Codex App Finishing
-
-When the sandbox blocks branch/push operations (detached HEAD in an
-externally managed worktree), the agent commits all work and informs
-the user to use the App's native controls:
-
-- **"Create branch"** — names the branch, then commit/push/PR via App UI
-- **"Hand off to local"** — transfers work to the user's local checkout
-
-The agent can still run tests, stage files, and output suggested branch
-names, commit messages, and PR descriptions for the user to copy.

.cursor/skills/using-superpowers/references/gemini-tools.md

@@ -1,33 +0,0 @@
-# Gemini CLI Tool Mapping
-
-Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
-
-| Skill references | Gemini CLI equivalent |
-|-----------------|----------------------|
-| `Read` (file reading) | `read_file` |
-| `Write` (file creation) | `write_file` |
-| `Edit` (file editing) | `replace` |
-| `Bash` (run commands) | `run_shell_command` |
-| `Grep` (search file content) | `grep_search` |
-| `Glob` (search files by name) | `glob` |
-| `TodoWrite` (task tracking) | `write_todos` |
-| `Skill` tool (invoke a skill) | `activate_skill` |
-| `WebSearch` | `google_web_search` |
-| `WebFetch` | `web_fetch` |
-| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
-
-## No subagent support
-
-Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
-
-## Additional Gemini CLI tools
-
-These tools are available in Gemini CLI but have no Claude Code equivalent:
-
-| Tool | Purpose |
-|------|---------|
-| `list_directory` | List files and subdirectories |
-| `save_memory` | Persist facts to GEMINI.md across sessions |
-| `ask_user` | Request structured input from the user |
-| `tracker_create_task` | Rich task management (create, update, list, visualize) |
-| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |

.trae/skills/access-plugin-dev/SKILL.md

@@ -163,6 +163,16 @@ async doRequest(req: { action: string, data?: any }) {
 }
 ```
 
+--- 开发技巧：实现统一的 API 请求封装
+
+**好处：**
+- **代码复用**：避免在每个 API 方法中重复编写相同的 header 设置和错误处理逻辑
+- **错误处理一致**：统一捕获和处理各种错误情况，确保错误信息格式统一
+- **日志记录完善**：集中记录详细的错误信息，便于调试和问题排查
+- **接口调用简化**：调用方只需关注业务逻辑，无需关心底层请求细节
+- **易于维护**：统一修改 API 调用方式时，只需修改一处代码
+
+
 ## 注意事项
 
 1. **插件命名**：插件名称应简洁明了，反映其功能。
@@ -170,9 +180,12 @@ async doRequest(req: { action: string, data?: any }) {
 3. **日志输出**：必须使用 `this.ctx.logger` 输出日志，而不是 `console`。
 4. **错误处理**：API 调用失败时应抛出明确的错误信息。
 5. **测试方法**：实现 `onTestRequest` 方法，以便用户可以测试授权是否正常。
+6. **统一接口调用方法**：封装统一的 API 请求方法，避免在每个 API 方法调用中重复编写错误处理逻辑。
 
 ## 完整示例
 
+### 示例 1: 通用授权插件
+
 ```typescript
 import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
 import { DomainRecord } from '@certd/plugin-lib';

.trae/skills/agent.md

@@ -6,9 +6,8 @@ Access：存储用户的第三放应用的授权数据，比如用户名密码
 Task： 部署任务插件，它继承AbstractTaskPlugin类，被流水线调用execute方法，将证书部署到对应的应用上
 DnsProvider: DNS提供商插件，它用于在ACME申请证书时给域名添加txt解析记录。
 
-在开始工作前，请阅读并加载.trae/skills下面的技能，根据skills进行相应的插件开发
-当开发过程中遇到问题，需要参考plugins目录下的其他插件，或者用户提醒你更好的做法时，你需要总结经验，更新相应的skills，让skills越来越完善，能够在以后得新插件开发中具备指导意义。
-
-一般调用的api接口文档会比较复杂，你不知道接口是什么时，请务必询问用户，让用户提供API接口文档
-
-完成开发后无需测试，通知用户自己去测试
+注意事项：
+1、使用技能：在开始工作前，请阅读并加载.trae/skills下面的技能，根据skills进行相应的插件开发
+2、迭代技能：当开发过程用户提醒你更好的做法时，你需要总结经验，更新相应的skills，让skills越来越完善，能够在以后得新插件开发中具备指导意义。
+3、一般调用的api接口文档会比较复杂，你不知道接口是什么时，请务必询问用户，让用户提供API接口文档
+4、完成开发后无需测试，通知用户自己去测试

.trae/skills/dns-provider-dev/SKILL.md

@@ -126,6 +126,8 @@ if (isDev()) {
 
 ## 完整示例
 
+### 示例：通用 DNS Provider
+
 ```typescript
 import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
 import { DemoAccess } from './access.js';

.trae/skills/using-superpowers/SKILL.md

@@ -1,115 +0,0 @@
----
-name: using-superpowers
-description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
----
-
-<SUBAGENT-STOP>
-If you were dispatched as a subagent to execute a specific task, skip this skill.
-</SUBAGENT-STOP>
-
-<EXTREMELY-IMPORTANT>
-If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
-
-IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
-
-This is not negotiable. This is not optional. You cannot rationalize your way out of this.
-</EXTREMELY-IMPORTANT>
-
-## Instruction Priority
-
-Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
-
-1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
-2. **Superpowers skills** — override default system behavior where they conflict
-3. **Default system prompt** — lowest priority
-
-If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
-
-## How to Access Skills
-
-**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
-
-**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
-
-**In other environments:** Check your platform's documentation for how skills are loaded.
-
-## Platform Adaptation
-
-Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
-
-# Using Skills
-
-## The Rule
-
-**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
-
-```dot
-digraph skill_flow {
-    "User message received" [shape=doublecircle];
-    "About to EnterPlanMode?" [shape=doublecircle];
-    "Already brainstormed?" [shape=diamond];
-    "Invoke brainstorming skill" [shape=box];
-    "Might any skill apply?" [shape=diamond];
-    "Invoke Skill tool" [shape=box];
-    "Announce: 'Using [skill] to [purpose]'" [shape=box];
-    "Has checklist?" [shape=diamond];
-    "Create TodoWrite todo per item" [shape=box];
-    "Follow skill exactly" [shape=box];
-    "Respond (including clarifications)" [shape=doublecircle];
-
-    "About to EnterPlanMode?" -> "Already brainstormed?";
-    "Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
-    "Already brainstormed?" -> "Might any skill apply?" [label="yes"];
-    "Invoke brainstorming skill" -> "Might any skill apply?";
-
-    "User message received" -> "Might any skill apply?";
-    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
-    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
-    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
-    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
-    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
-    "Has checklist?" -> "Follow skill exactly" [label="no"];
-    "Create TodoWrite todo per item" -> "Follow skill exactly";
-}
-```
-
-## Red Flags
-
-These thoughts mean STOP—you're rationalizing:
-
-| Thought | Reality |
-|---------|---------|
-| "This is just a simple question" | Questions are tasks. Check for skills. |
-| "I need more context first" | Skill check comes BEFORE clarifying questions. |
-| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
-| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
-| "Let me gather information first" | Skills tell you HOW to gather information. |
-| "This doesn't need a formal skill" | If a skill exists, use it. |
-| "I remember this skill" | Skills evolve. Read current version. |
-| "This doesn't count as a task" | Action = task. Check for skills. |
-| "The skill is overkill" | Simple things become complex. Use it. |
-| "I'll just do this one thing first" | Check BEFORE doing anything. |
-| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
-| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
-
-## Skill Priority
-
-When multiple skills could apply, use this order:
-
-1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
-2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
-
-"Let's build X" → brainstorming first, then implementation skills.
-"Fix this bug" → debugging first, then domain-specific skills.
-
-## Skill Types
-
-**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
-
-**Flexible** (patterns): Adapt principles to context.
-
-The skill itself tells you which.
-
-## User Instructions
-
-Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.

.trae/skills/using-superpowers/references/codex-tools.md

@@ -1,100 +0,0 @@
-# Codex Tool Mapping
-
-Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
-
-| Skill references | Codex equivalent |
-|-----------------|------------------|
-| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
-| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
-| Task returns result | `wait` |
-| Task completes automatically | `close_agent` to free slot |
-| `TodoWrite` (task tracking) | `update_plan` |
-| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
-| `Read`, `Write`, `Edit` (files) | Use your native file tools |
-| `Bash` (run commands) | Use your native shell tools |
-
-## Subagent dispatch requires multi-agent support
-
-Add to your Codex config (`~/.codex/config.toml`):
-
-```toml
-[features]
-multi_agent = true
-```
-
-This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
-
-## Named agent dispatch
-
-Claude Code skills reference named agent types like `superpowers:code-reviewer`.
-Codex does not have a named agent registry — `spawn_agent` creates generic agents
-from built-in roles (`default`, `explorer`, `worker`).
-
-When a skill says to dispatch a named agent type:
-
-1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
-   local prompt template like `code-quality-reviewer-prompt.md`)
-2. Read the prompt content
-3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
-4. Spawn a `worker` agent with the filled content as the `message`
-
-| Skill instruction | Codex equivalent |
-|-------------------|------------------|
-| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
-| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
-
-### Message framing
-
-The `message` parameter is user-level input, not a system prompt. Structure it
-for maximum instruction adherence:
-
-```
-Your task is to perform the following. Follow the instructions below exactly.
-
-<agent-instructions>
-[filled prompt content from the agent's .md file]
-</agent-instructions>
-
-Execute this now. Output ONLY the structured response following the format
-specified in the instructions above.
-```
-
-- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
-- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
-- End with an explicit execution directive to prevent summarization of the instructions
-
-### When this workaround can be removed
-
-This approach compensates for Codex's plugin system not yet supporting an `agents`
-field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
-plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
-skills can dispatch named agent types directly.
-
-## Environment Detection
-
-Skills that create worktrees or finish branches should detect their
-environment with read-only git commands before proceeding:
-
-```bash
-GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
-GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
-BRANCH=$(git branch --show-current)
-```
-
-- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
-- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
-
-See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
-Step 1 for how each skill uses these signals.
-
-## Codex App Finishing
-
-When the sandbox blocks branch/push operations (detached HEAD in an
-externally managed worktree), the agent commits all work and informs
-the user to use the App's native controls:
-
-- **"Create branch"** — names the branch, then commit/push/PR via App UI
-- **"Hand off to local"** — transfers work to the user's local checkout
-
-The agent can still run tests, stage files, and output suggested branch
-names, commit messages, and PR descriptions for the user to copy.

.trae/skills/using-superpowers/references/gemini-tools.md

@@ -1,33 +0,0 @@
-# Gemini CLI Tool Mapping
-
-Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
-
-| Skill references | Gemini CLI equivalent |
-|-----------------|----------------------|
-| `Read` (file reading) | `read_file` |
-| `Write` (file creation) | `write_file` |
-| `Edit` (file editing) | `replace` |
-| `Bash` (run commands) | `run_shell_command` |
-| `Grep` (search file content) | `grep_search` |
-| `Glob` (search files by name) | `glob` |
-| `TodoWrite` (task tracking) | `write_todos` |
-| `Skill` tool (invoke a skill) | `activate_skill` |
-| `WebSearch` | `google_web_search` |
-| `WebFetch` | `web_fetch` |
-| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
-
-## No subagent support
-
-Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
-
-## Additional Gemini CLI tools
-
-These tools are available in Gemini CLI but have no Claude Code equivalent:
-
-| Tool | Purpose |
-|------|---------|
-| `list_directory` | List files and subdirectories |
-| `save_memory` | Persist facts to GEMINI.md across sessions |
-| `ask_user` | Request structured input from the user |
-| `tracker_create_task` | Rich task management (create, update, list, visualize) |
-| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |

CHANGELOG.md

@@ -3,6 +3,36 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+### Bug Fixes
+
+*  修复cn域名获取不到到期时间的问题 ([73b8e85](https://github.com/certd/certd/commit/73b8e859766097b5251fc4e5051593d686669eb2))
+* 修复某些情况下报无法修改通知的问题 ([d1a6592](https://github.com/certd/certd/commit/d1a65922d7e152d6edcf6c53b70079f16b54a0d3))
+
+### Performance Improvements
+
+* 腾讯云CLB大区增加台北 ([6b109d1](https://github.com/certd/certd/commit/6b109d172f0c7b6ce6ec164dc196d646a65f529f))
+* 优化腾讯云CLB插件支持选择证书id ([c875971](https://github.com/certd/certd/commit/c875971b71dc6d392e56f0a7605281c40d9bb405))
+* 支持域名到期时间监控通知 ([c6628e7](https://github.com/certd/certd/commit/c6628e7311d6c43c2a784581fb25ec37b29c168d))
+* **monitor:** 支持查看监控执行记录 ([b5cc794](https://github.com/certd/certd/commit/b5cc794061c11b7200b669473c25c4bbfc944b61))
+* **plugin-dnsmgr:** 添加彩虹DNS插件支持 ([af50344](https://github.com/certd/certd/commit/af503442b8298c5b89d11cf2ea351d62e66a609e))
+* **spaceship:** 新增Spaceship DNS插件和授权模块 ([21aec77](https://github.com/certd/certd/commit/21aec77e5c3307b5973d4185baba33edcb28926f))
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Bug Fixes
+
+* 修复某些情况下报没有匹配到任何校验方式的bug ([fe02ce7](https://github.com/certd/certd/commit/fe02ce7b64cf23c4dc4c30daccd5330059a35e9a))
+* 修复上传头像退出登录的bug ([6eb20a1](https://github.com/certd/certd/commit/6eb20a1f2e31d984d9135edbf39c97cdd15621f9))
+
+### Performance Improvements
+
+* 阿里云CDN部署支持根据证书域名自动匹配部署 ([a68301e](https://github.com/certd/certd/commit/a68301e4dcea8b7391ad751aa57555d566297ad9))
+* 阿里云dcdn支持根据证书域名匹配模式 ([df012de](https://github.com/certd/certd/commit/df012dec90590ecba85a69ed6355cfa8382c1da3))
+* 支持部署证书到百度CCE ([a19ea74](https://github.com/certd/certd/commit/a19ea7489c01cdbf795fb51f804bd6d00389f604))
+* dcdn自动匹配部署，支持新增域名感知 ([c6a988b](https://github.com/certd/certd/commit/c6a988bc925886bd7163c1270f2b7a10a57b1c5b))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 ### Bug Fixes

README.md

@@ -211,3 +211,4 @@ https://certd.handfree.work/
 | --------- |--------- |----------- |
 | [fast-crud](https://gitee.com/fast-crud/fast-crud/)     | <img alt="GitHub stars" src="https://img.shields.io/github/stars/fast-crud/fast-crud?logo=github"/>   | 基于vue3的crud快速开发框架                 |  
 | [dev-sidecar](https://github.com/docmirror/dev-sidecar/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/docmirror/dev-sidecar?logo=github"/> | 直连访问github工具，无需FQ，解决github无法访问的问题 |
+| [winsvc-manager](https://github.com/greper/winsvc-manager/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/greper/winsvc-manager?logo=github"/> | 可视化包装应用成为一个Windows服务，使其后台运行 |

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Bug Fixes
+
+* 修复某些情况下报没有匹配到任何校验方式的bug ([fe02ce7](https://github.com/certd/certd/commit/fe02ce7b64cf23c4dc4c30daccd5330059a35e9a))
+* 修复上传头像退出登录的bug ([6eb20a1](https://github.com/certd/certd/commit/6eb20a1f2e31d984d9135edbf39c97cdd15621f9))
+
+### Performance Improvements
+
+* 阿里云CDN部署支持根据证书域名自动匹配部署 ([a68301e](https://github.com/certd/certd/commit/a68301e4dcea8b7391ad751aa57555d566297ad9))
+* 阿里云dcdn支持根据证书域名匹配模式 ([df012de](https://github.com/certd/certd/commit/df012dec90590ecba85a69ed6355cfa8382c1da3))
+* 支持部署证书到百度CCE ([a19ea74](https://github.com/certd/certd/commit/a19ea7489c01cdbf795fb51f804bd6d00389f604))
+* dcdn自动匹配部署，支持新增域名感知 ([c6a988b](https://github.com/certd/certd/commit/c6a988bc925886bd7163c1270f2b7a10a57b1c5b))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 ### Bug Fixes

docs/guide/plugins/access.md

@@ -28,51 +28,53 @@
 | 24.| **中国移动CND授权** |  | 
 | 25.| **授权插件示例** | 这是一个示例授权插件，用于演示如何实现一个授权插件 | 
 | 26.| **dns.la授权** |  | 
-| 27.| **多吉云** |  | 
-| 28.| **Dokploy授权** |  | 
-| 29.| **farcdn授权** |  | 
-| 30.| **FlexCDN授权** |  | 
-| 31.| **Gcore** | Gcore | 
-| 32.| **Github授权** |  | 
-| 33.| **godaddy授权** |  | 
-| 34.| **金山云授权** |  | 
-| 35.| **FTP授权** |  | 
-| 36.| **七牛OSS授权** |  | 
-| 37.| **腾讯云COS授权** | 腾讯云对象存储授权，包含地域和存储桶 | 
-| 38.| **s3/minio授权** | S3/minio oss授权 | 
-| 39.| **namesilo授权** |  | 
-| 40.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 | 
-| 41.| **1panel授权** | 账号和密码 | 
-| 42.| **支付宝** |  | 
-| 43.| **白山云授权** |  | 
-| 44.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 | 
-| 45.| **cdnfly授权** |  | 
-| 46.| **k8s授权** |  | 
-| 47.| **括彩云cdn授权** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
-| 48.| **LeCDN授权** |  | 
-| 49.| **lucky** |  | 
-| 50.| **猫云授权** |  | 
-| 51.| **plesk授权** |  | 
-| 52.| **长亭雷池授权** |  | 
-| 53.| **群晖登录授权** |  | 
-| 54.| **uniCloud** | unicloud授权 | 
-| 55.| **微信支付** |  | 
-| 56.| **易盾rcdn授权** | 易盾CDN，每月免费30G，[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | 
-| 57.| **易发云短信** | sms.yfyidc.cn/ | 
-| 58.| **易盾DCDN授权** | https://user.yiduncdn.com | 
-| 59.| **易支付** |  | 
-| 60.| **proxmox** |  | 
-| 61.| **UCloud授权** | 优刻得授权 | 
-| 62.| **又拍云** |  | 
-| 63.| **网宿授权** |  | 
-| 64.| **西部数码授权** |  | 
-| 65.| **我爱云授权** | 我爱云CDN | 
-| 66.| **新网授权（代理方式）** |  | 
-| 67.| **新网授权** |  | 
-| 68.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
-| 69.| **Zenlayer授权** | Zenlayer授权 | 
-| 70.| **GoEdge授权** |  | 
-| 71.| **雨云授权** | https://app.rainyun.com/ | 
+| 27.| **彩虹DNS** | 彩虹DNS管理系统授权 | 
+| 28.| **多吉云** |  | 
+| 29.| **Dokploy授权** |  | 
+| 30.| **farcdn授权** |  | 
+| 31.| **FlexCDN授权** |  | 
+| 32.| **Gcore** | Gcore | 
+| 33.| **Github授权** |  | 
+| 34.| **godaddy授权** |  | 
+| 35.| **金山云授权** |  | 
+| 36.| **FTP授权** |  | 
+| 37.| **七牛OSS授权** |  | 
+| 38.| **腾讯云COS授权** | 腾讯云对象存储授权，包含地域和存储桶 | 
+| 39.| **s3/minio授权** | S3/minio oss授权 | 
+| 40.| **namesilo授权** |  | 
+| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 | 
+| 42.| **1panel授权** | 账号和密码 | 
+| 43.| **支付宝** |  | 
+| 44.| **白山云授权** |  | 
+| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 | 
+| 46.| **cdnfly授权** |  | 
+| 47.| **k8s授权** |  | 
+| 48.| **括彩云cdn授权** | 括彩云CDN，每月免费30G，[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) | 
+| 49.| **LeCDN授权** |  | 
+| 50.| **lucky** |  | 
+| 51.| **猫云授权** |  | 
+| 52.| **plesk授权** |  | 
+| 53.| **长亭雷池授权** |  | 
+| 54.| **群晖登录授权** |  | 
+| 55.| **uniCloud** | unicloud授权 | 
+| 56.| **微信支付** |  | 
+| 57.| **易盾rcdn授权** | 易盾CDN，每月免费30G，[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) | 
+| 58.| **易发云短信** | sms.yfyidc.cn/ | 
+| 59.| **易盾DCDN授权** | https://user.yiduncdn.com | 
+| 60.| **易支付** |  | 
+| 61.| **proxmox** |  | 
+| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 | 
+| 63.| **UCloud授权** | 优刻得授权 | 
+| 64.| **又拍云** |  | 
+| 65.| **网宿授权** |  | 
+| 66.| **西部数码授权** |  | 
+| 67.| **我爱云授权** | 我爱云CDN | 
+| 68.| **新网授权（代理方式）** |  | 
+| 69.| **新网授权** |  | 
+| 70.| **新网互联授权** | 仅支持代理账号，ip需要加入白名单 | 
+| 71.| **Zenlayer授权** | Zenlayer授权 | 
+| 72.| **GoEdge授权** |  | 
+| 73.| **雨云授权** | https://app.rainyun.com/ | 
 
 <style module>
 table th:first-of-type {

docs/guide/plugins/deploy.md

@@ -1,5 +1,5 @@
 # 任务插件
-共 `128` 款任务插件    
+共 `129` 款任务插件    
 ## 1. 证书申请
 
 | 序号 | 名称 | 说明 |
@@ -155,8 +155,9 @@
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
 | 1.| **百度云-部署证书到负载均衡** | 部署到百度云负载均衡，包括BLB、APPBLB | 
-| 2.| **百度云-部署证书到CDN** | 部署到百度云CDN | 
-| 3.| **百度云-上传到证书托管** | 上传证书到百度云证书托管中心 | 
+| 2.| **百度云-部署到CCE** | 部署到百度云CCE集群Ingress等通过Secret管理证书的应用 | 
+| 3.| **百度云-部署证书到CDN** | 部署到百度云CDN | 
+| 4.| **百度云-上传到证书托管** | 上传证书到百度云证书托管中心 | 
 ## 12. 七牛云
 
 | 序号 | 名称 | 说明 |

docs/guide/plugins/dns-provider.md

@@ -20,8 +20,10 @@
 | 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 | 
 | 17.| **西部数码** | west dns provider | 
 | 18.| **Dns提供商Demo** | dns provider示例 | 
-| 19.| **51dns** | 51DNS | 
-| 20.| **新网互联** | 新网互联 | 
+| 19.| **彩虹DNS** | 彩虹DNS管理系统 | 
+| 20.| **Spaceship** | Spaceship 域名解析 | 
+| 21.| **51dns** | 51DNS | 
+| 22.| **新网互联** | 新网互联 | 
 
 <style module>
 table th:first-of-type {

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.39.7"
+  "version": "1.39.9"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/publishlab/node-acme-client/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.39.8](https://github.com/publishlab/node-acme-client/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.39.7](https://github.com/publishlab/node-acme-client/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.39.7",
+    "version": "1.39.9",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.39.7",
+        "@certd/basic": "^1.39.9",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.9.0",
@@ -70,5 +70,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+    "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+### Performance Improvements
+
+* **spaceship:** 新增Spaceship DNS插件和授权模块 ([21aec77](https://github.com/certd/certd/commit/21aec77e5c3307b5973d4185baba33edcb28926f))
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-01:02
+01:21

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -47,5 +47,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/core/basic/src/utils/util.request.ts

@@ -271,7 +271,7 @@ export function createAxiosService({ logger }: { logger: ILogger }) {
       }
 
       const originalRequest = error.config || {};
-      logger.info(`config`, originalRequest);
+      // logger.info(`config`, originalRequest);
       const retry = originalRequest.retry || {};
       if (retry.status && retry.status.includes(status)) {
         if (retry.max > 0 && retry.count < retry.max) {

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+### Performance Improvements
+
+* 支持域名到期时间监控通知 ([c6628e7](https://github.com/certd/certd/commit/c6628e7311d6c43c2a784581fb25ec37b29c168d))
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Performance Improvements
+
+* 阿里云CDN部署支持根据证书域名自动匹配部署 ([a68301e](https://github.com/certd/certd/commit/a68301e4dcea8b7391ad751aa57555d566297ad9))
+* 阿里云dcdn支持根据证书域名匹配模式 ([df012de](https://github.com/certd/certd/commit/df012dec90590ecba85a69ed6355cfa8382c1da3))
+* dcdn自动匹配部署，支持新增域名感知 ([c6a988b](https://github.com/certd/certd/commit/c6a988bc925886bd7163c1270f2b7a10a57b1c5b))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,8 +18,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.39.7",
-    "@certd/plus-core": "^1.39.7",
+    "@certd/basic": "^1.39.9",
+    "@certd/plus-core": "^1.39.9",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/core/pipeline/src/notification/api.ts

@@ -7,6 +7,7 @@ import { IEmailService } from "../service/index.js";
 
 export type NotificationBody = {
   userId?: number;
+  projectId?: number;
   title: string;
   content: string;
   pipeline?: Pipeline;
@@ -20,6 +21,7 @@ export type NotificationBody = {
   pipelineResult?: string;
   pipelineTitle?: string;
   errors?: string;
+  [key: string]: any; // 其他templateData
 };
 
 export type NotificationRequestHandleReqInput<T = any> = {

packages/core/pipeline/src/plugin/api.ts

@@ -1,17 +1,16 @@
-import { Registrable } from "../registry/index.js";
-import { FileItem, FormItemProps, Pipeline, Runnable, Step } from "../dt/index.js";
-import { FileStore } from "../core/file-store.js";
-import { accessRegistry, IAccessService } from "../access/index.js";
-import { ICnameProxyService, IEmailService, IServiceGetter, IUrlService } from "../service/index.js";
-import { CancelError, IContext, RunHistory, RunnableCollection } from "../core/index.js";
-import { domainUtils, HttpRequestConfig, ILogger, logger, optionsUtils, utils } from "@certd/basic";
-import { HttpClient } from "@certd/basic";
+import { domainUtils, HttpClient, HttpRequestConfig, ILogger, logger, utils } from "@certd/basic";
 import dayjs from "dayjs";
-import { IPluginConfigService } from "../service/config.js";
 import { cloneDeep, upperFirst } from "lodash-es";
-import { INotificationService } from "../notification/index.js";
-import { TaskEmitter } from "../service/emit.js";
+import { accessRegistry, IAccessService } from "../access/index.js";
 import { PageSearch } from "../context/index.js";
+import { FileStore } from "../core/file-store.js";
+import { CancelError, IContext, RunHistory, RunnableCollection } from "../core/index.js";
+import { FileItem, FormItemProps, Pipeline, Runnable, Step } from "../dt/index.js";
+import { INotificationService } from "../notification/index.js";
+import { Registrable } from "../registry/index.js";
+import { IPluginConfigService } from "../service/config.js";
+import { TaskEmitter } from "../service/emit.js";
+import { ICnameProxyService, IEmailService, IServiceGetter, IUrlService } from "../service/index.js";
 
 export type PluginRequestHandleReq<T = any> = {
   typeName: string;

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.39.7",
+  "version": "1.39.9",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
       "fetch"
     ]
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Performance Improvements
+
+* 支持部署证书到百度CCE ([a19ea74](https://github.com/certd/certd/commit/a19ea7489c01cdbf795fb51f804bd6d00389f604))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -14,10 +14,11 @@
     "build3": "rollup -c",
     "build2": "vue-tsc --noEmit && vite build",
     "preview": "vite preview",
-    "pub": "npm publish"
+    "pub": "npm publish",
+    "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.39.7",
+    "@certd/basic": "^1.39.9",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -32,5 +33,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/libs/lib-k8s/src/lib/k8s.client.ts

@@ -59,9 +59,9 @@ export class K8sClient {
     const yml = loadYaml<KubernetesObject>(manifest);
     const client = this.getKubeClient();
     try {
+      this.logger.info("apply yaml:", yml);
       await client.create(yml);
     } catch (e) {
-      this.logger.error("apply error", e.response?.body);
       if (e.response?.body?.reason === "AlreadyExists") {
         //patch
         this.logger.info("patch existing resource: ", yml.metadata?.name);
@@ -70,13 +70,26 @@ export class K8sClient {
           yml.metadata = {};
         }
         yml.metadata.resourceVersion = existing.body.metadata.resourceVersion;
-        await client.patch(yml);
-        return;
+        const res = await client.patch(yml);
+        return res?.body;
       }
       throw e;
     }
   }
 
+  async applyPatch(manifest: string) {
+    const yml = loadYaml<KubernetesObject>(manifest);
+    const client = this.getKubeClient();
+    this.logger.info("patch yaml:", yml);
+    const existing = await client.read(yml as any);
+    if (!yml.metadata) {
+      yml.metadata = {};
+    }
+    yml.metadata.resourceVersion = existing.body.metadata.resourceVersion;
+    const res = await client.patch(yml);
+    return res?.body;
+  }
+
   /**
    *
    * @param localRecords {  [domain]:{ip:'xxx.xx.xxx'} }
@@ -112,6 +125,7 @@ export class K8sClient {
    */
   async createSecret(opts: { namespace: string; body: V1Secret }) {
     const namespace = opts.namespace || "default";
+    this.logger.info("create secret:", opts.body.metadata);
     const created = await this.client.createNamespacedSecret(namespace, opts.body);
     this.logger.info("new secrets:", opts.body.metadata);
     return created.body;
@@ -152,6 +166,8 @@ export class K8sClient {
           this.logger.info(`secret ${secretName} 已创建`);
           return res;
         }
+
+        throw new Error(`secret ${secretName} 不存在`);
       }
       throw e;
     }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 ### Bug Fixes

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.39.7",
+  "version": "1.39.9",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -28,11 +28,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.39.7",
-    "@certd/basic": "^1.39.7",
-    "@certd/pipeline": "^1.39.7",
-    "@certd/plugin-lib": "^1.39.7",
-    "@certd/plus-core": "^1.39.7",
+    "@certd/acme-client": "^1.39.9",
+    "@certd/basic": "^1.39.9",
+    "@certd/pipeline": "^1.39.9",
+    "@certd/plugin-lib": "^1.39.9",
+    "@certd/plus-core": "^1.39.9",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.39.7",
+  "version": "1.39.9",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.39.7",
-    "@certd/basic": "^1.39.7",
-    "@certd/pipeline": "^1.39.7",
-    "@certd/plugin-lib": "^1.39.7",
+    "@certd/acme-client": "^1.39.9",
+    "@certd/basic": "^1.39.9",
+    "@certd/pipeline": "^1.39.9",
+    "@certd/plugin-lib": "^1.39.9",
     "psl": "^1.9.0",
     "punycode.js": "^2.3.1"
   },
@@ -38,5 +38,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Performance Improvements
+
+* dcdn自动匹配部署，支持新增域名感知 ([c6a988b](https://github.com/certd/certd/commit/c6a988bc925886bd7163c1270f2b7a10a57b1c5b))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.39.7",
+  "version": "1.39.9",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.11",
     "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.39.7",
-    "@certd/basic": "^1.39.7",
-    "@certd/pipeline": "^1.39.7",
-    "@certd/plus-core": "^1.39.7",
+    "@certd/acme-client": "^1.39.9",
+    "@certd/basic": "^1.39.9",
+    "@certd/pipeline": "^1.39.9",
+    "@certd/plus-core": "^1.39.9",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
+  "gitHead": "de0ae14544f1c3da4923dddc6a1a3bea4db295e7"
 }

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+### Bug Fixes
+
+* 修复某些情况下报无法修改通知的问题 ([d1a6592](https://github.com/certd/certd/commit/d1a65922d7e152d6edcf6c53b70079f16b54a0d3))
+
+### Performance Improvements
+
+* 支持域名到期时间监控通知 ([c6628e7](https://github.com/certd/certd/commit/c6628e7311d6c43c2a784581fb25ec37b29c168d))
+* **monitor:** 支持查看监控执行记录 ([b5cc794](https://github.com/certd/certd/commit/b5cc794061c11b7200b669473c25c4bbfc944b61))
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Bug Fixes
+
+* 修复上传头像退出登录的bug ([6eb20a1](https://github.com/certd/certd/commit/6eb20a1f2e31d984d9135edbf39c97cdd15621f9))
+
+### Performance Improvements
+
+* 阿里云dcdn支持根据证书域名匹配模式 ([df012de](https://github.com/certd/certd/commit/df012dec90590ecba85a69ed6355cfa8382c1da3))
+* dcdn自动匹配部署，支持新增域名感知 ([c6a988b](https://github.com/certd/certd/commit/c6a988bc925886bd7163c1270f2b7a10a57b1c5b))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 **Note:** Version bump only for package @certd/ui-client

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.39.7",
+  "version": "1.39.9",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.39.7",
-    "@certd/pipeline": "^1.39.7",
+    "@certd/lib-iframe": "^1.39.9",
+    "@certd/pipeline": "^1.39.9",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -221,6 +221,7 @@ export default {
     projectJoin: "Join Project",
     currentProject: "Current Project",
     projectMemberManager: "Project Member",
+    domainMonitorSetting: "Domain Monitor Settings",
   },
   certificateRepo: {
     title: "Certificate Repository",

packages/ui/certd-client/src/locales/langs/en-US/monitor.ts

@@ -64,10 +64,41 @@ export default {
     dnsServerHelper: "Use a custom domain name resolution server, such as: 1.1.1.1 , support multiple",
     certValidDays: "Certificate Valid Days",
     certValidDaysHelper: "Number of days before expiration to send a notification",
+
+    domain: {
+      monitorSettings: "Domain Monitor Settings",
+      enabled: "Enable Domain Monitor",
+      enabledHelper: "Enable to monitor all domain registration expiration time",
+      notificationChannel: "Notification Channel",
+      setNotificationChannel: "Set the notification channel",
+      willExpireDays: "Will Expire Days",
+      willExpireDaysHelper: "Number of days before expiration to send a notification",
+      monitorCronSetting: "Monitoring Schedule",
+      cronTrigger: "Scheduled trigger for monitoring",
+    },
   },
   cert: {
     expired: "Expired",
     expiring: "Expiring",
     noExpired: "Not Expired",
   },
+  history: {
+    title: "Monitoring Execution Records",
+    description: "Monitoring execution records",
+    resultTitle: "Status",
+    contentTitle: "Content",
+    titleTitle: "Title",
+    jobTypeTitle: "Job Type",
+    startAtTitle: "Start Time",
+    endAtTitle: "End Time",
+    jobResultTitle: "Result",
+    jobResult: {
+      done: "Done",
+      start: "Start",
+    },
+    jobType: {
+      domainExpirationCheck: "Domain Expiration Check",
+      siteCertMonitor: "Site Certificate Monitor",
+    },
+  },
 };

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -226,6 +226,8 @@ export default {
     projectJoin: "加入项目",
     currentProject: "当前项目",
     projectMemberManager: "项目成员管理",
+    domainMonitorSetting: "域名监控设置",
+    jobHistory: "监控执行记录",
   },
   certificateRepo: {
     title: "证书仓库",

packages/ui/certd-client/src/locales/langs/zh-CN/monitor.ts

@@ -68,10 +68,40 @@ export default {
     dnsServerHelper: "使用自定义的域名解析服务器，如：1.1.1.1 , 支持多个",
     certValidDays: "证书到期前天数",
     certValidDaysHelper: "证书到期前多少天发送通知",
+    domain: {
+      monitorSettings: "域名监控设置",
+      enabled: "启用域名监控",
+      enabledHelper: "启用后，监控“域名管理”中域名的过期时间，到期前通知提醒",
+      notificationChannel: "通知渠道",
+      setNotificationChannel: "设置通知渠道",
+      willExpireDays: "到期前天数",
+      willExpireDaysHelper: "域名有效期到期前多少天发送通知",
+      monitorCronSetting: "监控定时设置",
+      cronTrigger: "定时触发监控",
+    },
   },
   cert: {
     expired: "已过期",
     expiring: "即将过期",
     noExpired: "未过期",
   },
+  history: {
+    title: "监控执行记录",
+    description: "站点证书、域名等监控任务的执行记录",
+    resultTitle: "状态",
+    contentTitle: "内容",
+    titleTitle: "标题",
+    jobTypeTitle: "任务类型",
+    startAtTitle: "开始时间",
+    endAtTitle: "结束时间",
+    jobResultTitle: "任务结果",
+    jobResult: {
+      done: "完成",
+      start: "开始",
+    },
+    jobType: {
+      domainExpirationCheck: "域名到期检查",
+      siteCertMonitor: "站点证书监控",
+    },
+  },
 };

packages/ui/certd-client/src/router/source/modules/certd.ts

@@ -241,6 +241,28 @@ export const certdResources = [
               isMenu: true,
             },
           },
+          {
+            title: "certd.sysResources.domainMonitorSetting",
+            name: "DomainMonitorSetting",
+            path: "/certd/cert/domain/setting",
+            component: "/certd/cert/domain/setting/index.vue",
+            meta: {
+              icon: "ion:stopwatch-outline",
+              auth: true,
+              isMenu: true,
+            },
+          },
+          {
+            title: "certd.sysResources.jobHistory",
+            name: "JobHistory",
+            path: "/certd/monitor/history",
+            component: "/certd/monitor/history/index.vue",
+            meta: {
+              icon: "ion:barcode-outline",
+              auth: true,
+              isMenu: true,
+            },
+          },
           {
             title: "certd.userSecurity",
             name: "UserSecurity",

packages/ui/certd-client/src/views/certd/access/access-selector/index.vue

@@ -21,7 +21,8 @@ import { defineComponent, reactive, ref, watch, inject } from "vue";
 import CertAccessModal from "./access/index.vue";
 import { createAccessApi } from "../api";
 import { message } from "ant-design-vue";
-
+import { useUserStore } from "/@/store/user";
+import { useProjectStore } from "/@/store/project";
 export default defineComponent({
   name: "AccessSelector",
   components: { CertAccessModal },
@@ -71,11 +72,27 @@ export default defineComponent({
       emitValue(null);
     }
 
+    const userStore = useUserStore();
+    const projectStore = useProjectStore();
+
     async function emitValue(value) {
-      if (pipeline && pipeline?.value && target?.value && pipeline.value.userId !== target.value.userId) {
-        message.error("对不起，您不能修改他人流水线的授权");
-        return;
+      const userId = userStore.userInfo.id;
+      const isEnterprice = projectStore.isEnterprise;
+      if (pipeline?.value) {
+        if (isEnterprice) {
+          const projectId = projectStore.currentProjectId;
+          if (pipeline?.value?.projectId !== projectId) {
+            message.error(`对不起，您不能修改其他项目流水线的授权`);
+            return;
+          }
+        } else {
+          if (pipeline?.value && pipeline.value.userId !== userId) {
+            message.error(`对不起，您不能修改他人流水线的授权`);
+            return;
+          }
+        }
       }
+
       if (value == null) {
         selectedId.value = "";
         target.value = null;

packages/ui/certd-client/src/views/certd/addon/addon-selector/index.vue

@@ -48,6 +48,7 @@ import createCrudOptions from "../crud";
 import { addonProvide } from "../common";
 import { useUserStore } from "/@/store/user";
 import { useI18n } from "/src/locales";
+import { useProjectStore } from "/@/store/project";
 
 const { t } = useI18n();
 
@@ -127,13 +128,24 @@ function clear() {
 }
 
 const userStore = useUserStore();
-
+const projectStore = useProjectStore();
 async function emitValue(value: any) {
   // target.value = optionsDictRef.dataMap[value];
-  const userId = userStore.userInfo.id;
-  if (pipeline?.value && pipeline.value.userId !== userId) {
-    message.error(`对不起，您不能修改他人流水线的${props.addonType}设置`);
-    return;
+  if (pipeline.value) {
+    const userId = userStore.userInfo.id;
+    const isEnterprice = projectStore.isEnterprise;
+    if (isEnterprice) {
+      const projectId = projectStore.currentProjectId;
+      if (pipeline?.value?.projectId !== projectId) {
+        message.error(`对不起，您不能修改其他项目流水线的${props.addonType}设置`);
+        return;
+      }
+    } else {
+      if (pipeline?.value && pipeline.value.userId !== userId) {
+        message.error(`对不起，您不能修改他人流水线的${props.addonType}设置`);
+        return;
+      }
+    }
   }
   emit("change", value);
   emit("update:modelValue", value);

packages/ui/certd-client/src/views/certd/cert/domain/crud.tsx

@@ -128,6 +128,18 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
               }, 2000);
             },
           },
+          monitorSettingSave: {
+            show: hasActionPermission("write"),
+            title: "域名过期监控设置",
+            type: "primary",
+            icon: "ion:save-outline",
+            text: "域名过期监控设置",
+            click: async () => {
+              router.push({
+                path: "/certd/cert/domain/setting",
+              });
+            },
+          },
         },
       },
       columns: {

packages/ui/certd-client/src/views/certd/cert/domain/setting/api.ts

@@ -0,0 +1,27 @@
+// @ts-ignore
+import { request } from "/src/api/service";
+const apiPrefix = "/cert/domain/setting";
+export type UserDomainMonitorSetting = {
+  enabled?: boolean;
+  notificationId?: number;
+  cron?: string;
+  willExpireDays?: number;
+};
+
+export async function DomainMonitorSettingsGet() {
+  const res = await request({
+    url: apiPrefix + "/get",
+    method: "post",
+  });
+  if (!res) {
+    return {};
+  }
+  return res as UserDomainMonitorSetting;
+}
+export async function DomainMonitorSettingsSave(data: UserDomainMonitorSetting) {
+  await request({
+    url: apiPrefix + "/save",
+    method: "post",
+    data: data,
+  });
+}

packages/ui/certd-client/src/views/certd/cert/domain/setting/index.vue

@@ -0,0 +1,100 @@
+<template>
+  <fs-page class="page-user-settings page-domain-monitor-setting">
+    <template #header>
+      <div class="title">{{ t("monitor.setting.domain.monitorSettings") }}</div>
+    </template>
+    <div class="user-settings-form settings-form">
+      <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off">
+        <a-form-item :label="t('monitor.setting.domain.enabled')" :name="['enabled']">
+          <div class="flex flex-baseline">
+            <a-switch v-model:checked="formState.enabled" :disabled="!settingsStore.isPlus" />
+            <vip-button class="ml-5" mode="button"></vip-button>
+          </div>
+          <div class="helper">{{ t("monitor.setting.domain.enabledHelper") }}</div>
+        </a-form-item>
+        <a-form-item v-if="formState.enabled" :label="t('monitor.setting.domain.notificationChannel')" :name="['notificationId']">
+          <div class="flex">
+            <NotificationSelector v-model="formState.notificationId" />
+          </div>
+          <div class="helper">{{ t("monitor.setting.domain.setNotificationChannel") }}</div>
+        </a-form-item>
+        <a-form-item v-if="formState.enabled" :label="t('monitor.setting.domain.willExpireDays')" :name="['willExpireDays']">
+          <div class="flex">
+            <a-input-number v-model:value="formState.willExpireDays" />
+          </div>
+          <div class="helper">{{ t("monitor.setting.domain.willExpireDaysHelper") }}</div>
+        </a-form-item>
+        <a-form-item v-if="formState.enabled" :label="t('monitor.setting.domain.monitorCronSetting')" :name="['cron']">
+          <div class="flex flex-baseline">
+            <cron-editor v-model="formState.cron" :disabled="!settingsStore.isPlus" :allow-every-min="userStore.isAdmin" />
+            <vip-button class="ml-5" mode="button"></vip-button>
+          </div>
+          <div class="helper">{{ t("monitor.setting.domain.cronTrigger") }}</div>
+        </a-form-item>
+        <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
+          <loading-button type="primary" html-type="button" :click="doSave" :disabled="!hasActionPermission('write')">{{ t("certd.save") }}</loading-button>
+        </a-form-item>
+      </a-form>
+    </div>
+  </fs-page>
+</template>
+
+<script setup lang="tsx">
+import { notification } from "ant-design-vue";
+import { merge } from "lodash-es";
+import { reactive } from "vue";
+import * as api from "./api";
+import { UserDomainMonitorSetting } from "./api";
+import { useUserStore } from "/@/store/user";
+import { utils } from "/@/utils";
+import NotificationSelector from "/@/views/certd/notification/notification-selector/index.vue";
+import { useI18n } from "/src/locales";
+import { useSettingStore } from "/src/store/settings";
+import { useCrudPermission } from "/@/plugin/permission";
+
+const { t } = useI18n();
+
+const settingsStore = useSettingStore();
+const userStore = useUserStore();
+defineOptions({
+  name: "DomainMonitorSetting",
+});
+
+const randomHour = Math.floor(Math.random() * 9);
+const randomMin = Math.floor(Math.random() * 59);
+const randomCron = `0 ${randomMin} ${randomHour} * * *`;
+
+const formState = reactive<Partial<UserDomainMonitorSetting>>({
+  enabled: false,
+  notificationId: 0,
+  cron: randomCron,
+  willExpireDays: 30,
+});
+
+async function loadUserSettings() {
+  const data: any = await api.DomainMonitorSettingsGet();
+  merge(formState, data);
+}
+
+const { hasActionPermission } = useCrudPermission({ permission: { isProjectPermission: true } });
+
+loadUserSettings();
+const doSave = async (form: any) => {
+  await utils.sleep(300);
+  await api.DomainMonitorSettingsSave({
+    ...formState,
+  });
+  notification.success({
+    message: t("certd.saveSuccess"),
+  });
+};
+</script>
+
+<style lang="less">
+.page-domain-monitor-setting {
+  .settings-form {
+    width: 700px;
+    margin: 20px;
+  }
+}
+</style>

packages/ui/certd-client/src/views/certd/mine/use.tsx

@@ -66,7 +66,7 @@ export function useUserProfile() {
                 width: "auto",
               },
               buildUrl(key: string) {
-                return `api/basic/file/download?&key=` + key;
+                return `api/basic/file/download?token=${userStore.getToken}&key=` + key;
               },
             },
           },
@@ -82,7 +82,7 @@ export function useUserProfile() {
               onReady: null,
               uploader: {
                 type: "form",
-                action: "/basic/file/upload",
+                action: "/basic/file/upload?token=" + userStore.getToken,
                 name: "file",
                 headers: {
                   Authorization: "Bearer " + userStore.getToken,
@@ -92,7 +92,7 @@ export function useUserProfile() {
                 },
               },
               buildUrl(key: string) {
-                return `api/basic/file/download?&key=` + key;
+                return `api/basic/file/download?token=${userStore.getToken}&key=` + key;
               },
             },
           },

packages/ui/certd-client/src/views/certd/mine/user-profile.vue

@@ -147,6 +147,7 @@ import { isEmpty } from "lodash-es";
 import { dict } from "@fast-crud/fast-crud";
 import dayjs from "dayjs";
 import { useRouter } from "vue-router";
+import { useUserStore } from "/@/store/user";
 
 const { t } = useI18n();
 
@@ -351,7 +352,7 @@ const checkPasskeySupport = () => {
     passkeySupported.value = true;
   }
 };
-
+const userStore = useUserStore();
 const userAvatar = computed(() => {
   if (isEmpty(userInfo.value.avatar)) {
     return "";
@@ -360,7 +361,7 @@ const userAvatar = computed(() => {
     return userInfo.value.avatar;
   }
 
-  return "api/basic/file/download?&key=" + userInfo.value.avatar;
+  return `api/basic/file/download?token=${userStore.getToken}&key=${userInfo.value.avatar}`;
 });
 
 onMounted(async () => {

packages/ui/certd-client/src/views/certd/monitor/history/api.ts

@@ -0,0 +1,37 @@
+import { request } from "/src/api/service";
+
+const apiPrefix = "/monitor/job-history";
+
+export const jobHistoryApi = {
+  async GetList(query: any) {
+    return await request({
+      url: apiPrefix + "/page",
+      method: "post",
+      data: query,
+    });
+  },
+
+  async DelObj(id: number) {
+    return await request({
+      url: apiPrefix + "/delete",
+      method: "post",
+      params: { id },
+    });
+  },
+
+  async BatchDelObj(ids: number[]) {
+    return await request({
+      url: apiPrefix + "/batchDelete",
+      method: "post",
+      data: { ids },
+    });
+  },
+
+  async GetObj(id: number) {
+    return await request({
+      url: apiPrefix + "/info",
+      method: "post",
+      params: { id },
+    });
+  },
+};

packages/ui/certd-client/src/views/certd/monitor/history/crud.tsx

@@ -0,0 +1,257 @@
+// @ts-ignore
+import { AddReq, CreateCrudOptionsProps, CreateCrudOptionsRet, DelReq, dict, EditReq, UserPageQuery, UserPageRes } from "@fast-crud/fast-crud";
+import { message, Modal } from "ant-design-vue";
+import { ref } from "vue";
+import { createGroupDictRef } from "../../basic/group/api";
+import { useDicts } from "../../dicts";
+import { jobHistoryApi } from "./api";
+import { useCrudPermission } from "/@/plugin/permission";
+import { useProjectStore } from "/@/store/project";
+import { useI18n } from "/src/locales";
+export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+  const { t } = useI18n();
+  const api = jobHistoryApi;
+  const { crudBinding } = crudExpose;
+  const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
+    return await api.GetList(query);
+  };
+  const editRequest = async (req: EditReq) => {};
+  const delRequest = async (req: DelReq) => {
+    const { row } = req;
+    return await api.DelObj(row.id);
+  };
+
+  const addRequest = async (req: AddReq) => {};
+  const { myProjectDict } = useDicts();
+
+  const historyResultDict = dict({
+    data: [
+      { label: t("monitor.history.jobResult.done"), value: "done", color: "green" },
+      { label: t("monitor.history.jobResult.start"), value: "start", color: "blue" },
+    ],
+  });
+
+  const jobTypeDict = dict({
+    data: [
+      { label: t("monitor.history.jobType.domainExpirationCheck"), value: "domainExpirationCheck", color: "green" },
+      { label: t("monitor.history.jobType.siteCertMonitor"), value: "siteCertMonitor", color: "blue" },
+    ],
+  });
+
+  const selectedRowKeys = ref([]);
+
+  const handleBatchDelete = () => {
+    if (selectedRowKeys.value?.length > 0) {
+      Modal.confirm({
+        title: "确认",
+        content: `确定要批量删除这${selectedRowKeys.value.length}条记录吗`,
+        async onOk() {
+          await api.BatchDelObj(selectedRowKeys.value);
+          message.info("删除成功");
+          crudExpose.doRefresh();
+          selectedRowKeys.value = [];
+        },
+      });
+    } else {
+      message.error("请先勾选记录");
+    }
+  };
+
+  context.handleBatchDelete = handleBatchDelete;
+
+  const GroupTypeSite = "site";
+  const groupDictRef = createGroupDictRef(GroupTypeSite);
+
+  function getDefaultGroupId() {
+    const searchFrom = crudExpose.getSearchValidatedFormData();
+    if (searchFrom.groupId) {
+      return searchFrom.groupId;
+    }
+  }
+
+  const projectStore = useProjectStore();
+  const { hasActionPermission } = useCrudPermission({ permission: context.permission });
+  return {
+    id: "jobHistoryCrud",
+    crudOptions: {
+      request: {
+        pageRequest,
+        addRequest,
+        editRequest,
+        delRequest,
+      },
+      // tabs: {
+      //   name: "groupId",
+      //   show: true,
+      // },
+      toolbar: {
+        buttons: {
+          export: {
+            show: true,
+          },
+        },
+      },
+      pagination: {
+        pageSizeOptions: ["10", "20", "50", "100", "200"],
+      },
+      settings: {
+        plugins: {
+          //这里使用行选择插件，生成行选择crudOptions配置，最终会与crudOptions合并
+          rowSelection: {
+            enabled: true,
+            props: {
+              multiple: true,
+              crossPage: false,
+              selectedRowKeys: () => {
+                return selectedRowKeys;
+              },
+            },
+          },
+        },
+      },
+      form: {
+        labelCol: {
+          //固定label宽度
+          span: null,
+          style: {
+            width: "100px",
+          },
+        },
+        col: {
+          span: 22,
+        },
+        wrapper: {
+          width: 600,
+        },
+      },
+      actionbar: {
+        buttons: {
+          add: {
+            show: false,
+          },
+        },
+      },
+      rowHandle: {
+        fixed: "right",
+        width: 280,
+        buttons: {
+          edit: {
+            show: false,
+          },
+        },
+      },
+      // tabs: {
+      //   name: "disabled",
+      //   show: true,
+      // },
+      search: {
+        initialForm: {
+          ...projectStore.getSearchForm(),
+        },
+      },
+      columns: {
+        id: {
+          title: "ID",
+          key: "id",
+          type: "number",
+          search: {
+            show: false,
+          },
+          column: {
+            width: 80,
+            align: "center",
+          },
+          form: {
+            show: false,
+          },
+        },
+        type: {
+          title: t("monitor.history.jobTypeTitle"),
+          search: {
+            show: true,
+          },
+          type: "dict-select",
+          dict: jobTypeDict,
+          form: {
+            show: false,
+          },
+          column: {
+            width: 120,
+          },
+        },
+        title: {
+          title: t("monitor.history.titleTitle"),
+          search: {
+            show: true,
+          },
+          type: "text",
+          column: {
+            width: 200,
+          },
+        },
+        content: {
+          title: t("monitor.history.contentTitle"),
+          search: {
+            show: true,
+          },
+          type: "text",
+          column: {
+            width: 460,
+            ellipsis: true,
+          },
+        },
+        result: {
+          title: t("monitor.history.resultTitle"),
+          search: {
+            show: false,
+          },
+          type: "dict-select",
+          dict: historyResultDict,
+          form: {
+            show: false,
+          },
+          column: {
+            width: 100,
+            align: "center",
+            sorter: true,
+            cellRender({ value, row }) {
+              return (
+                <a-tooltip title={row.error}>
+                  <fs-values-format v-model={value} dict={historyResultDict}></fs-values-format>
+                </a-tooltip>
+              );
+            },
+          },
+        },
+        startAt: {
+          title: t("monitor.history.startAtTitle"),
+          search: {
+            show: true,
+          },
+          type: "datetime",
+          column: {
+            width: 160,
+          },
+        },
+        endAt: {
+          title: t("monitor.history.endAtTitle"),
+          search: {
+            show: true,
+          },
+          type: "datetime",
+          column: {
+            width: 160,
+          },
+        },
+        projectId: {
+          title: t("certd.fields.projectName"),
+          type: "dict-select",
+          dict: myProjectDict,
+          form: {
+            show: false,
+          },
+        },
+      },
+    },
+  };
+}

packages/ui/certd-client/src/views/certd/monitor/history/index.vue

@@ -0,0 +1,48 @@
+<template>
+  <fs-page>
+    <template #header>
+      <div class="title flex items-center">
+        {{ t("monitor.history.title") }}
+        <div class="sub flex-1">
+          <div>
+            {{ t("monitor.history.description") }}
+          </div>
+        </div>
+      </div>
+    </template>
+    <fs-crud ref="crudRef" v-bind="crudBinding">
+      <template #pagination-left>
+        <a-tooltip title="批量删除">
+          <fs-button icon="DeleteOutlined" @click="handleBatchDelete"></fs-button>
+        </a-tooltip>
+      </template>
+    </fs-crud>
+  </fs-page>
+</template>
+
+<script lang="ts" setup>
+import { useFs } from "@fast-crud/fast-crud";
+import { onActivated, onMounted } from "vue";
+import createCrudOptions from "./crud";
+import { useI18n } from "/src/locales";
+const { t } = useI18n();
+defineOptions({
+  name: "JobHistory",
+});
+const context: any = {
+  permission: {
+    isProjectPermission: true,
+  },
+};
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });
+
+const handleBatchDelete = context.handleBatchDelete;
+
+// 页面打开后获取列表数据
+onMounted(() => {
+  crudExpose.doRefresh();
+});
+onActivated(() => {
+  crudExpose.doRefresh();
+});
+</script>

packages/ui/certd-client/src/views/certd/notification/notification-selector/index.vue

@@ -42,6 +42,7 @@ import createCrudOptions from "../crud";
 import { notificationProvide } from "/@/views/certd/notification/common";
 import { useUserStore } from "/@/store/user";
 import { useI18n } from "/src/locales";
+import { useProjectStore } from "/@/store/project";
 
 const { t } = useI18n();
 
@@ -127,13 +128,23 @@ function clear() {
 }
 
 const userStore = useUserStore();
-
+const projectStore = useProjectStore();
 async function emitValue(value: any) {
   // target.value = optionsDictRef.dataMap[value];
   const userId = userStore.userInfo.id;
-  if (pipeline?.value && pipeline.value.userId !== userId) {
-    message.error("对不起，您不能修改他人流水线的通知");
-    return;
+  const isEnterprice = projectStore.isEnterprise;
+
+  if (isEnterprice) {
+    const projectId = projectStore.currentProjectId;
+    if (pipeline?.value?.projectId !== projectId) {
+      message.error("对不起，您不能修改其他项目流水线的通知");
+      return;
+    }
+  } else {
+    if (pipeline?.value?.userId !== userId) {
+      message.error("对不起，您不能修改他人流水线的通知");
+      return;
+    }
   }
   emit("change", value);
   emit("update:modelValue", value);

packages/ui/certd-client/src/views/framework/home/dashboard/index.vue

@@ -3,7 +3,7 @@
     <div class="header-profile flex-wrap bg-white dark:bg-black">
       <div class="flex flex-1">
         <div class="avatar">
-          <a-avatar v-if="userInfo.avatar" size="large" :src="'api/basic/file/download?&key=' + userInfo.avatar" style="background-color: #eee"> </a-avatar>
+          <a-avatar v-if="userInfo.avatar" size="large" :src="avatar" style="background-color: #eee"> </a-avatar>
           <a-avatar v-else size="large" style="background-color: #00b4f5">
             {{ userInfo.username }}
           </a-avatar>
@@ -228,6 +228,16 @@ const userStore = useUserStore();
 const userInfo: ComputedRef<UserInfoRes> = computed(() => {
   return userStore.getUserInfo;
 });
+const avatar = computed(() => {
+  const avt = userStore.getUserInfo?.avatar;
+  if (!avt) {
+    return "";
+  }
+  if (avt.startsWith("http")) {
+    return avt;
+  }
+  return `/api/basic/file/download?key=${avt}`;
+});
 const now = computed(() => {
   const serverTime = Date.now() - settingStore.app.deltaTime;
   return dayjs(serverTime).format("YYYY-MM-DD HH:mm:ss");

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
+
+### Bug Fixes
+
+*  修复cn域名获取不到到期时间的问题 ([73b8e85](https://github.com/certd/certd/commit/73b8e859766097b5251fc4e5051593d686669eb2))
+
+### Performance Improvements
+
+* 腾讯云CLB大区增加台北 ([6b109d1](https://github.com/certd/certd/commit/6b109d172f0c7b6ce6ec164dc196d646a65f529f))
+* 优化腾讯云CLB插件支持选择证书id ([c875971](https://github.com/certd/certd/commit/c875971b71dc6d392e56f0a7605281c40d9bb405))
+* 支持域名到期时间监控通知 ([c6628e7](https://github.com/certd/certd/commit/c6628e7311d6c43c2a784581fb25ec37b29c168d))
+* **monitor:** 支持查看监控执行记录 ([b5cc794](https://github.com/certd/certd/commit/b5cc794061c11b7200b669473c25c4bbfc944b61))
+* **plugin-dnsmgr:** 添加彩虹DNS插件支持 ([af50344](https://github.com/certd/certd/commit/af503442b8298c5b89d11cf2ea351d62e66a609e))
+* **spaceship:** 新增Spaceship DNS插件和授权模块 ([21aec77](https://github.com/certd/certd/commit/21aec77e5c3307b5973d4185baba33edcb28926f))
+
+## [1.39.8](https://github.com/certd/certd/compare/v1.39.7...v1.39.8) (2026-03-31)
+
+### Bug Fixes
+
+* 修复某些情况下报没有匹配到任何校验方式的bug ([fe02ce7](https://github.com/certd/certd/commit/fe02ce7b64cf23c4dc4c30daccd5330059a35e9a))
+
+### Performance Improvements
+
+* 阿里云CDN部署支持根据证书域名自动匹配部署 ([a68301e](https://github.com/certd/certd/commit/a68301e4dcea8b7391ad751aa57555d566297ad9))
+* 阿里云dcdn支持根据证书域名匹配模式 ([df012de](https://github.com/certd/certd/commit/df012dec90590ecba85a69ed6355cfa8382c1da3))
+* 支持部署证书到百度CCE ([a19ea74](https://github.com/certd/certd/commit/a19ea7489c01cdbf795fb51f804bd6d00389f604))
+* dcdn自动匹配部署，支持新增域名感知 ([c6a988b](https://github.com/certd/certd/commit/c6a988bc925886bd7163c1270f2b7a10a57b1c5b))
+
 ## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
 
 ### Bug Fixes

packages/ui/certd-server/db/migration-mysql/v10042__job_history.sql

@@ -0,0 +1,24 @@
+
+CREATE TABLE `cd_job_history`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `project_id`  bigint      ,
+  `type`        varchar(100) NOT NULL,
+  `title`       varchar(512) NOT NULL,
+  `related_id`  varchar(100),
+  `result`      varchar(100) NOT NULL,
+  `content`     longtext         ,
+  `start_at`    bigint      NOT NULL,
+  `end_at`      bigint      ,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+
+CREATE INDEX `index_job_history_user_id` ON `cd_job_history` (`user_id`);
+CREATE INDEX `index_job_history_project_id` ON `cd_job_history` (`project_id`);
+CREATE INDEX `index_job_history_type` ON `cd_job_history` (`type`);
+
+ALTER TABLE `cd_job_history` ENGINE = InnoDB;

packages/ui/certd-server/db/migration-pg/v10042__job_history.sql

@@ -0,0 +1,22 @@
+
+CREATE TABLE "cd_job_history"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "project_id"  bigint      ,
+  "type"        varchar(100) NOT NULL,
+  "title"       varchar(512) NOT NULL,
+  "related_id"  varchar(100),
+  "result"      varchar(100) NOT NULL,
+  "content"     text         ,
+  "start_at"    bigint      NOT NULL,
+  "end_at"      bigint      ,
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+
+CREATE INDEX "index_job_history_user_id" ON "cd_job_history" ("user_id");
+CREATE INDEX "index_job_history_project_id" ON "cd_job_history" ("project_id");
+CREATE INDEX "index_job_history_type" ON "cd_job_history" ("type");

packages/ui/certd-server/db/migration/v10042__job_history.sql

@@ -0,0 +1,22 @@
+
+CREATE TABLE "cd_job_history"
+(
+  "id"          integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+  "user_id"     integer      NOT NULL,
+  "project_id"  integer      ,
+  "type"        varchar(100) NOT NULL,
+  "title"       varchar(512) NOT NULL,
+  "related_id"  varchar(100),
+  "result"      varchar(100) NOT NULL,
+  "content"     text         ,
+  "start_at"    integer      NOT NULL,
+  "end_at"      integer      ,
+  "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+
+CREATE INDEX "index_job_history_user_id" ON "cd_job_history" ("user_id");
+CREATE INDEX "index_job_history_project_id" ON "cd_job_history" ("project_id");
+CREATE INDEX "index_job_history_type" ON "cd_job_history" ("type");

packages/ui/certd-server/metadata/access_dnsmgr.yaml

@@ -0,0 +1,32 @@
+name: dnsmgr
+title: 彩虹DNS
+icon: clarity:plugin-line
+desc: 彩虹DNS管理系统授权
+input:
+  endpoint:
+    title: 系统地址
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: https://dnsmgr.example.com
+    required: true
+  uid:
+    title: 用户ID
+    component:
+      name: a-input
+      allowClear: true
+      placeholder: '123456'
+    required: true
+  key:
+    title: API密钥
+    required: true
+    encrypt: true
+  testRequest:
+    title: 测试
+    component:
+      name: api-test
+      action: TestRequest
+    helper: 点击测试接口是否正常
+pluginType: access
+type: builtIn
+scriptFilePath: /plugins/plugin-dnsmgr/access.js

packages/ui/certd-server/metadata/access_spaceship.yaml

@@ -0,0 +1,29 @@
+name: spaceship
+title: Spaceship.com 授权
+icon: clarity:plugin-line
+desc: Spaceship.com API 授权插件
+input:
+  apiKey:
+    title: API Key
+    component:
+      placeholder: 请输入 API Key
+    required: true
+    encrypt: true
+    helper: 前往 [获取 API Key](https://www.spaceship.com/application/api-manager/)
+  apiSecret:
+    title: API Secret
+    component:
+      name: a-input-password
+      vModel: value
+      placeholder: 请输入 API Secret
+    required: true
+    encrypt: true
+  testRequest:
+    title: 测试
+    component:
+      name: api-test
+      action: TestRequest
+    helper: 测试 API 连接是否正常
+pluginType: access
+type: builtIn
+scriptFilePath: /plugins/plugin-spaceship/access.js

packages/ui/certd-server/metadata/deploy_DeployCertToAliyunCDN.yaml

@@ -7,6 +7,7 @@ title: 阿里云-部署证书至CDN
 icon: svg:icon-aliyun
 group: aliyun
 desc: 自动部署域名证书至阿里云CDN
+runStrategy: 0
 input:
   endpoint:
     title: 证书服务接入点
@@ -59,36 +60,6 @@ input:
       type: aliyun
     required: true
     order: 0
-  domainName:
-    title: CDN加速域名
-    component:
-      name: remote-select
-      vModel: value
-      mode: tags
-      type: plugin
-      typeName: DeployCertToAliyunCDN
-      action: onGetDomainList
-      search: false
-      pager: false
-      multi: true
-      watches:
-        - certDomains
-        - accessId
-        - certDomains
-        - accessId
-    required: true
-    mergeScript: |2-
-
-                return {
-                  component:{
-                    form: ctx.compute(({form})=>{
-                      return form
-                    })
-                  },
-               }
-              
-    helper: 你在阿里云上配置的CDN加速域名，比如:certd.docmirror.cn
-    order: 0
   certRegion:
     title: 证书所在地域
     helper: cn-hangzhou和ap-southeast-1，默认cn-hangzhou。国际站用户建议使用ap-southeast-1。
@@ -106,7 +77,49 @@ input:
     title: 证书名称
     helper: 上传后将以此名称作为前缀备注
     order: 0
-output: {}
+  domainMatchMode:
+    title: 域名匹配模式
+    helper: 根据证书匹配：根据证书域名自动匹配DCDN加速域名自动部署，新增加速域名自动感知，自动新增部署
+    component:
+      name: a-select
+      options:
+        - label: 手动选择
+          value: manual
+        - label: 根据证书匹配
+          value: auto
+    value: manual
+    order: 0
+  domainName:
+    title: CDN加速域名
+    component:
+      name: remote-select
+      vModel: value
+      mode: tags
+      type: plugin
+      typeName: DeployCertToAliyunCDN
+      action: onGetDomainList
+      search: false
+      pager: true
+      multi: true
+      watches:
+        - certDomains
+        - accessId
+        - certDomains
+        - accessId
+    required: true
+    mergeScript: |2-
+
+              return {
+                show: ctx.compute(({form})=>{
+                  return form.domainMatchMode === "manual"
+                })
+              }
+            
+    helper: 你在阿里云上配置的CDN加速域名，比如:certd.docmirror.cn
+    order: 0
+output:
+  deployedList:
+    title: 已部署过的DCDN加速域名
 pluginType: deploy
 type: builtIn
 scriptFilePath: /plugins/plugin-aliyun/plugin/deploy-to-cdn/index.js

packages/ui/certd-server/metadata/deploy_DeployCertToAliyunDCDN.yaml

@@ -7,6 +7,7 @@ title: 阿里云-部署证书至DCDN
 icon: svg:icon-aliyun
 group: aliyun
 desc: 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN
+runStrategy: 0
 input:
   cert:
     title: 域名证书
@@ -47,6 +48,18 @@ input:
     title: 证书名称
     helper: 上传后将以此名称作为前缀备注
     order: 0
+  domainMatchMode:
+    title: 域名匹配模式
+    helper: 根据证书匹配：根据证书域名自动匹配DCDN加速域名自动部署，新增加速域名自动感知，自动新增部署
+    component:
+      name: a-select
+      options:
+        - label: 手动选择
+          value: manual
+        - label: 根据证书匹配
+          value: auto
+    value: manual
+    order: 0
   domainName:
     title: DCDN加速域名
     component:
@@ -56,7 +69,7 @@ input:
       type: plugin
       action: onGetDomainList
       search: false
-      pager: false
+      pager: true
       multi: true
       watches:
         - certDomains
@@ -66,17 +79,17 @@ input:
     required: true
     mergeScript: |2-
 
-                return {
-                  component:{
-                    form: ctx.compute(({form})=>{
-                      return form
-                    })
-                  },
-               }
-              
+              return {
+                show: ctx.compute(({form})=>{
+                  return form.domainMatchMode === "manual"
+                })
+              }
+            
     helper: 你在阿里云上配置的DCDN加速域名，比如:certd.docmirror.cn
     order: 0
-output: {}
+output:
+  deployedList:
+    title: 已部署过的DCDN加速域名
 pluginType: deploy
 type: builtIn
 scriptFilePath: /plugins/plugin-aliyun/plugin/deploy-to-dcdn/index.js

packages/ui/certd-server/metadata/deploy_DeployCertToBaiduCce.yaml

@@ -0,0 +1,110 @@
+showRunStrategy: false
+default:
+  strategy:
+    runStrategy: 1
+name: DeployCertToBaiduCce
+title: 百度云-部署到CCE
+icon: ant-design:cloud-outlined
+desc: 部署到百度云CCE集群Ingress等通过Secret管理证书的应用
+group: baidu
+needPlus: true
+input:
+  cert:
+    title: 域名证书
+    helper: 请选择前置任务输出的域名证书
+    component:
+      name: output-selector
+      from:
+        - ':cert:'
+    required: true
+    order: 0
+  accessId:
+    title: Access授权
+    helper: 百度云授权AccessKey、SecretKey
+    component:
+      name: access-selector
+      type: baidu
+    required: true
+    order: 0
+  regionId:
+    title: 大区
+    component:
+      name: a-auto-complete
+      vModel: value
+      options:
+        - value: bj
+          label: 北京
+        - value: gz
+          label: 广州
+        - value: su
+          label: 苏州
+        - value: bd
+          label: 保定
+        - value: fwh
+          label: 武汉
+        - value: hkg
+          label: 香港
+        - value: yq
+          label: 阳泉
+        - value: cd
+          label: 成都
+        - value: nj
+          label: 南京
+      placeholder: 集群所属大区
+    required: true
+    order: 0
+  clusterId:
+    title: 集群id
+    component:
+      placeholder: 集群id
+    required: true
+    order: 0
+  secretName:
+    title: 保密字典Id
+    component:
+      placeholder: 保密字典Id
+    helper: 原本存储证书的secret的name
+    required: true
+    order: 0
+  namespace:
+    title: 命名空间
+    value: default
+    component:
+      placeholder: 命名空间
+    required: true
+    order: 0
+  kubeconfigType:
+    title: Kubeconfig类型
+    value: public
+    component:
+      name: a-auto-complete
+      vModel: value
+      options:
+        - value: vpc
+          label: VPC私网IP (BLB VPCIP)
+        - value: public
+          label: 公网IP (BLB EIP)
+      placeholder: 选择集群连接端点类型
+    helper: VPC类型使用私网IP连接，需要certd运行在同一网络环境；public类型使用公网IP连接
+    required: true
+    order: 0
+  skipTLSVerify:
+    title: 忽略证书校验
+    required: false
+    helper: 是否忽略证书校验
+    component:
+      name: a-switch
+      vModel: checked
+    order: 0
+  createOnNotFound:
+    title: Secret自动创建
+    helper: 如果Secret不存在，则创建，百度云的自动创建secret有问题
+    value: false
+    component:
+      name: a-switch
+      vModel: checked
+    order: 0
+output: {}
+pluginType: deploy
+type: builtIn
+scriptFilePath: /plugins/plugin-plus/baidu/plugins/plugin-deploy-to-cce.js

packages/ui/certd-server/metadata/deploy_DeployCertToTencentCLB.yaml

@@ -8,6 +8,24 @@ icon: svg:icon-tencentcloud
 group: tencent
 desc: 暂时只支持单向认证证书，暂时只支持通用负载均衡
 input:
+  cert:
+    title: 域名证书
+    helper: 请选择前置任务输出的域名证书
+    component:
+      name: output-selector
+      from:
+        - ':cert:'
+        - UploadCertToTencent
+    required: true
+    order: 0
+  accessId:
+    title: Access提供者
+    helper: access授权
+    component:
+      name: access-selector
+      type: tencent
+    required: true
+    order: 0
   region:
     title: 大区
     component:
@@ -33,14 +51,12 @@ input:
         - value: na-siliconvalley
         - value: na-toronto
         - value: sa-saopaulo
+        - value: ap-taipei
+      helper: 如果列表中没有，您可以手动输入
     required: true
     order: 0
-  certName:
-    title: 证书名称前缀
-    order: 0
   loadBalancerId:
     title: 负载均衡ID
-    helper: 如果没有配置，则根据域名匹配负载均衡下的监听器（根据域名匹配时暂时只支持前100个）
     required: true
     order: 0
   listenerId:
@@ -57,22 +73,8 @@ input:
       mode: tags
     helper: 如果开启了sni，则此项必须填写，未开启，则不要填写
     order: 0
-  cert:
-    title: 域名证书
-    helper: 请选择前置任务输出的域名证书
-    component:
-      name: output-selector
-      from:
-        - ':cert:'
-    required: true
-    order: 0
-  accessId:
-    title: Access提供者
-    helper: access授权
-    component:
-      name: access-selector
-      type: tencent
-    required: true
+  certName:
+    title: 证书名称前缀
     order: 0
 output: {}
 pluginType: deploy

packages/ui/certd-server/metadata/deploy_K8sApply.yaml

@@ -35,6 +35,19 @@ input:
       type: k8s
     required: true
     order: 0
+  strategy:
+    title: 应用策略
+    helper: 选择使用apply（创建或更新）还是patch（补丁更新）
+    component:
+      name: a-select
+      options:
+        - label: apply(创建)
+          value: apply
+        - label: patch(更新)
+          value: patch
+    value: apply
+    required: true
+    order: 0
   yamlContent:
     title: yaml
     required: true

packages/ui/certd-server/metadata/dnsProvider_dnsmgr.yaml

@@ -0,0 +1,9 @@
+name: dnsmgr
+title: 彩虹DNS
+desc: 彩虹DNS管理系统
+icon: clarity:plugin-line
+accessType: dnsmgr
+order: 99
+pluginType: dnsProvider
+type: builtIn
+scriptFilePath: /plugins/plugin-dnsmgr/dns-provider.js

packages/ui/certd-server/metadata/dnsProvider_spaceship.yaml

@@ -0,0 +1,9 @@
+name: spaceship
+title: Spaceship
+desc: Spaceship 域名解析
+icon: clarity:plugin-line
+accessType: spaceship
+order: 99
+pluginType: dnsProvider
+type: builtIn
+scriptFilePath: /plugins/plugin-spaceship/dns-provider.js

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.39.7",
+  "version": "1.39.9",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -50,20 +50,20 @@
     "@aws-sdk/client-route-53": "^3.964.0",
     "@aws-sdk/client-s3": "^3.964.0",
     "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.39.7",
-    "@certd/basic": "^1.39.7",
-    "@certd/commercial-core": "^1.39.7",
+    "@certd/acme-client": "^1.39.9",
+    "@certd/basic": "^1.39.9",
+    "@certd/commercial-core": "^1.39.9",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.39.7",
-    "@certd/lib-huawei": "^1.39.7",
-    "@certd/lib-k8s": "^1.39.7",
-    "@certd/lib-server": "^1.39.7",
-    "@certd/midway-flyway-js": "^1.39.7",
-    "@certd/pipeline": "^1.39.7",
-    "@certd/plugin-cert": "^1.39.7",
-    "@certd/plugin-lib": "^1.39.7",
-    "@certd/plugin-plus": "^1.39.7",
-    "@certd/plus-core": "^1.39.7",
+    "@certd/jdcloud": "^1.39.9",
+    "@certd/lib-huawei": "^1.39.9",
+    "@certd/lib-k8s": "^1.39.9",
+    "@certd/lib-server": "^1.39.9",
+    "@certd/midway-flyway-js": "^1.39.9",
+    "@certd/pipeline": "^1.39.9",
+    "@certd/plugin-cert": "^1.39.9",
+    "@certd/plugin-lib": "^1.39.9",
+    "@certd/plugin-plus": "^1.39.9",
+    "@certd/plus-core": "^1.39.9",
     "@google-cloud/publicca": "^1.3.0",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -141,6 +141,7 @@
     "typeorm": "^0.3.20",
     "uuid": "^10.0.0",
     "wechatpay-node-v3": "^2.2.1",
+    "whoiser": "2.0.0-beta.10",
     "xml2js": "^0.6.2"
   },
   "devDependencies": {

packages/ui/certd-server/src/controller/user/cert/domain-controller.ts

@@ -20,7 +20,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/page', { description: Constants.per.authOnly, summary: "查询域名分页列表" })
   async page(@Body(ALL) body: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     body.query = body.query ?? {};
     body.query.projectId = projectId;
     body.query.userId = userId;
@@ -44,7 +44,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/list', { description: Constants.per.authOnly, summary: "查询域名列表" })
   async list(@Body(ALL) body: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     body.query = body.query ?? {};
     body.query.projectId = projectId;
     body.query.userId = userId;
@@ -54,7 +54,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/add', { description: Constants.per.authOnly, summary: "添加域名" })
   async add(@Body(ALL) bean: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     bean.projectId = projectId;
     bean.userId = userId;
     return super.add(bean);
@@ -82,7 +82,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/deleteByIds', { description: Constants.per.authOnly, summary: "批量删除域名" })
   async deleteByIds(@Body(ALL) body: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     await this.service.delete(body.ids, {
       userId: userId,
       projectId: projectId,
@@ -94,10 +94,10 @@ export class DomainController extends CrudController<DomainService> {
   @Post('/import/start', { description: Constants.per.authOnly, summary: "开始域名导入任务" })
   async importStart(@Body(ALL) body: any) {
     checkPlus();
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     const { key } = body;
     const req = {
-      key, 
+      key,
       userId: userId,
       projectId: projectId,
     }
@@ -107,7 +107,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/import/status', { description: Constants.per.authOnly, summary: "查询域名导入任务状态" })
   async importStatus() {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     const req = {
       userId: userId,
       projectId: projectId,
@@ -119,7 +119,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/import/delete', { description: Constants.per.authOnly, summary: "删除域名导入任务" })
   async importDelete(@Body(ALL) body: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     const { key } = body;
     const req = {
       userId: userId,
@@ -133,12 +133,12 @@ export class DomainController extends CrudController<DomainService> {
   @Post('/import/save', { description: Constants.per.authOnly, summary: "保存域名导入任务" })
   async importSave(@Body(ALL) body: any) {
     checkPlus();
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     const { dnsProviderType, dnsProviderAccessId, key } = body;
     const req = {
       userId: userId,
       projectId: projectId,
-      dnsProviderType, dnsProviderAccessId,  key
+      dnsProviderType, dnsProviderAccessId, key
     }
     const item = await this.service.saveDomainImportTask(req);
     return this.ok(item);
@@ -147,7 +147,7 @@ export class DomainController extends CrudController<DomainService> {
 
   @Post('/sync/expiration/start', { description: Constants.per.authOnly, summary: "开始同步域名过期时间任务" })
   async syncExpirationStart(@Body(ALL) body: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     await this.service.startSyncExpirationTask({
       userId: userId,
       projectId: projectId,
@@ -156,7 +156,7 @@ export class DomainController extends CrudController<DomainService> {
   }
   @Post('/sync/expiration/status', { description: Constants.per.authOnly, summary: "查询同步域名过期时间任务状态" })
   async syncExpirationStatus(@Body(ALL) body: any) {
-    const {projectId,userId} = await this.getProjectUserIdRead();
+    const { projectId, userId } = await this.getProjectUserIdRead();
     const status = await this.service.getSyncExpirationTaskStatus({
       userId: userId,
       projectId: projectId,
@@ -165,4 +165,26 @@ export class DomainController extends CrudController<DomainService> {
   }
 
 
+
+  @Post('/setting/save', { description: Constants.per.authOnly, summary: "保存域名监控设置" })
+  async settingSave(@Body(ALL) body: any) {
+    const { projectId, userId } = await this.getProjectUserIdWrite();
+    await this.service.monitorSettingSave({
+      userId: userId,
+      projectId: projectId,
+      setting: {...body},
+    })
+    return this.ok();
+  }
+
+  @Post('/setting/get', { description: Constants.per.authOnly, summary: "查询域名监控设置" })
+  async settingGet() {
+    const { projectId, userId } = await this.getProjectUserIdRead();
+    const setting = await this.service.monitorSettingGet({
+      userId: userId,
+      projectId: projectId,
+    })
+    return this.ok(setting);
+  }
+
 }

packages/ui/certd-server/src/controller/user/monitor/job-history-controller.ts

@@ -0,0 +1,65 @@
+import { Constants, CrudController } from "@certd/lib-server";
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
+import { ApiTags } from "@midwayjs/swagger";
+import { SiteInfoService } from "../../../modules/monitor/index.js";
+import { JobHistoryService } from "../../../modules/monitor/service/job-history-service.js";
+import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
+
+/**
+ */
+@Provide()
+@Controller('/api/monitor/job-history')
+@ApiTags(['monitor'])
+export class JobHistoryController extends CrudController<JobHistoryService> {
+  @Inject()
+  service: JobHistoryService;
+  @Inject()
+  authService: AuthService;
+  @Inject()
+  siteInfoService: SiteInfoService;
+
+  getService(): JobHistoryService {
+    return this.service;
+  }
+
+  @Post('/page', { description: Constants.per.authOnly, summary: "查询监控运行历史分页列表" })
+  async page(@Body(ALL) body: any) {
+    const { projectId, userId } = await this.getProjectUserIdRead()
+    body.query = body.query ?? {};
+    body.query.userId = userId;
+    body.query.projectId = projectId
+    const res = await this.service.page({
+      query: body.query,
+      page: body.page,
+      sort: body.sort,
+    });
+    return this.ok(res);
+  }
+
+  @Post('/list', { description: Constants.per.authOnly, summary: "查询监控运行历史列表" })
+  async list(@Body(ALL) body: any) {
+    body.query = body.query ?? {};
+    const { projectId, userId } = await this.getProjectUserIdRead()
+    body.query.userId = userId;
+    body.query.projectId = projectId
+    return await super.list(body);
+  }
+
+  @Post('/info', { description: Constants.per.authOnly, summary: "查询监控运行历史详情" })
+  async info(@Query('id') id: number) {
+    await this.checkOwner(this.service,id,"read");
+    return await super.info(id);
+  }
+
+  @Post('/delete', { description: Constants.per.authOnly, summary: "删除监控运行历史" })
+  async delete(@Query('id') id: number) {
+    await this.checkOwner(this.service,id,"write");
+    return await super.delete(id);
+  }
+    @Post('/batchDelete', { description: Constants.per.authOnly, summary: "批量删除监控运行历史" })
+  async batchDelete(@Body('ids') ids: number[]) {
+    const { projectId, userId } = await this.getProjectUserIdWrite()
+    await this.service.batchDelete(ids,userId,projectId);
+    return this.ok();
+  }
+}

packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts

@@ -67,6 +67,7 @@ export class AutoCRegisterCron {
     await this.registerUserExpireCheckCron();
 
     await this.registerDomainExpireCheckCron();
+
   }
 
   async registerSiteMonitorCron() {
@@ -211,11 +212,11 @@ export class AutoCRegisterCron {
     if (!isPlus()){
       return
     }
-    // 添加域名即将到期检查任务
+    // 添加域名即将到期同步任务
     const randomWeek = Math.floor(Math.random() * 7) + 1
     const randomHour = Math.floor(Math.random() * 24)
     const randomMinute = Math.floor(Math.random() * 60)
-    logger.info(`注册域名注册过期时间检查任务，每周${randomWeek} ${randomHour}:${randomMinute}检查一次`)
+    logger.info(`注册域名注册过期时间同步任务，每周${randomWeek} ${randomHour}:${randomMinute}检查一次`)
     this.cron.register({
       name: 'domain-expire-check',
       cron: `0 ${randomMinute} ${randomHour} ? * ${randomWeek}`, // 每周随机一天检查一次

packages/ui/certd-server/src/modules/cert/service/domain-service.ts

@@ -1,20 +1,24 @@
 import { http, logger, utils } from '@certd/basic';
-import { AccessService, BaseService } from '@certd/lib-server';
+import { AccessService, BaseService, isEnterprise } from '@certd/lib-server';
 import { doPageTurn, Pager, PageRes } from '@certd/pipeline';
 import { DomainVerifiers } from "@certd/plugin-cert";
-import { createDnsProvider, dnsProviderRegistry, DomainParser, parseDomainByPsl } from "@certd/plugin-lib";
+import { createDnsProvider, dnsProviderRegistry, DomainParser } from "@certd/plugin-lib";
 import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import dayjs from 'dayjs';
-import { In, Not, Repository } from 'typeorm';
+import { merge } from 'lodash-es';
+import { In, LessThan, Not, Repository } from 'typeorm';
 import { BackTask, taskExecutor } from '../../basic/service/task-executor.js';
 import { CnameRecordEntity } from "../../cname/entity/cname-record.js";
 import { CnameRecordService } from '../../cname/service/cname-record-service.js';
-import { UserDomainImportSetting } from '../../mine/service/models.js';
+import { Cron } from '../../cron/cron.js';
+import { UserDomainImportSetting, UserDomainMonitorSetting } from '../../mine/service/models.js';
 import { UserSettingsService } from '../../mine/service/user-settings-service.js';
+import { JobHistoryService } from '../../monitor/service/job-history-service.js';
 import { TaskServiceBuilder } from '../../pipeline/service/getter/task-service-getter.js';
 import { SubDomainService } from "../../pipeline/service/sub-domain-service.js";
 import { DomainEntity } from '../entity/domain.js';
+import { TldClient } from './tld-client.js';
 
 export interface SyncFromProviderReq {
   userId: number;
@@ -27,6 +31,8 @@ export interface SyncFromProviderReq {
 const DOMAIN_IMPORT_TASK_TYPE = 'domainImportTask'
 const DOMAIN_EXPIRE_TASK_TYPE = 'domainExpirationSyncTask'
 
+const DOMAIN_EXPIRE_CHECK_TYPE = 'domainExpirationCheck'
+
 
 /**
  *
@@ -51,6 +57,14 @@ export class DomainService extends BaseService<DomainEntity> {
   @Inject()
   userSettingService: UserSettingsService;
 
+  @Inject()
+  jobHistoryService: JobHistoryService;
+
+  @Inject()
+  cron: Cron;
+
+
+
   //@ts-ignore
   getRepository() {
     return this.repository;
@@ -320,9 +334,9 @@ export class DomainService extends BaseService<DomainEntity> {
     logger.info(`从域名提供商${dnsProviderType}导入域名完成(${key})，共导入${task.total}个域名，跳过${task.getSkipCount()}个域名，成功${task.getSuccessCount()}个域名，失败${task.getErrorCount()}个域名`)
   }
 
-  async getDomainImportTaskStatus(req: { userId?: number ,projectId?: number}) {
+  async getDomainImportTaskStatus(req: { userId?: number, projectId?: number }) {
     const userId = req.userId || 0
-    const projectId = req.projectId 
+    const projectId = req.projectId
 
     const setting = await this.userSettingService.getSetting<UserDomainImportSetting>(userId, projectId, UserDomainImportSetting)
     const list = setting?.domainImportList || []
@@ -429,8 +443,6 @@ export class DomainService extends BaseService<DomainEntity> {
       await this.deleteDomainImportTask({ userId, projectId, key })
     }
 
-
-
     return await this.addDomainImportTask({ userId, projectId, dnsProviderType, dnsProviderAccessId, index })
   }
 
@@ -441,7 +453,7 @@ export class DomainService extends BaseService<DomainEntity> {
     const userId = req.userId ?? 'all'
     const projectId = req.projectId
     let key = `user_${userId}`
-    if (projectId!=null) {
+    if (projectId != null) {
       key += `_${projectId}`
     }
     const task = taskExecutor.get(DOMAIN_EXPIRE_TASK_TYPE, key)
@@ -452,7 +464,7 @@ export class DomainService extends BaseService<DomainEntity> {
     const userId = req.userId
     const projectId = req.projectId
     let key = `user_${userId ?? 'all'}`
-    if (projectId!=null) {
+    if (projectId != null) {
       key += `_${projectId}`
     }
     taskExecutor.start(new BackTask({
@@ -461,61 +473,22 @@ export class DomainService extends BaseService<DomainEntity> {
       title: `同步注册域名过期时间(${key}))`,
       run: async (task: BackTask) => {
         await this._syncDomainsExpirationDate({ userId, projectId, task })
+        if (userId != null) {
+          await this.startCheckDomainExpiration({ userId, projectId })
+        }
       }
     }))
   }
 
   private async _syncDomainsExpirationDate(req: { userId?: number, projectId?: number, task: BackTask }) {
+
     //同步所有域名的过期时间
     const pager = new Pager({
       pageNo: 1,
       pageSize: 100,
     })
 
-    const dnsJson = await http.request({
-      url: "https://data.iana.org/rdap/dns.json",
-      method: "GET",
-    })
-    const rdapMap: Record<string, string> = {}
-    for (const item of dnsJson.services) {
-      //  [["store","work"], ["https://rdap.centralnic.com/store/"]],
-      const suffixes = item[0]
-      const urls = item[1]
-      for (const suffix of suffixes) {
-        rdapMap[suffix] = urls[0]
-      }
-    }
-
-    const getDomainExpirationDate = async (domain: string) => {
-      const parsed = parseDomainByPsl(domain)
-      const mainDomain = parsed.domain || ''
-      if (mainDomain !== domain) {
-        req.task.addError(`【${domain}】为子域名，跳过同步`)
-        return
-      }
-      const suffix = parsed.tld || ''
-      const rdapUrl = rdapMap[suffix]
-      if (!rdapUrl) {
-        req.task.addError(`【${domain}】未找到${suffix}的rdap地址`)
-        return
-      }
-      // https://rdap.nic.work/domain/handsfree.work
-      const rdap = await http.request({
-        url: `${rdapUrl}domain/${domain}`,
-        method: "GET",
-      })
-
-      let res: any = {}
-      const events = rdap.events || []
-      for (const item of events) {
-        if (item.eventAction === 'expiration') {
-          res.expirationDate = dayjs(item.eventDate).valueOf()
-        } else if (item.eventAction === 'registration') {
-          res.registrationDate = dayjs(item.eventDate).valueOf()
-        }
-      }
-      return res
-    }
+    const tldClient = new TldClient();
     const query: any = {
       challengeType: "dns",
     }
@@ -546,10 +519,7 @@ export class DomainService extends BaseService<DomainEntity> {
     const itemHandle = async (item: any) => {
       req.task.incrementCurrent()
       try {
-        const res = await getDomainExpirationDate(item.domain)
-        if (!res) {
-          return
-        }
+        const res = await tldClient.getDomainExpirationDate(item.domain)
         const { expirationDate, registrationDate } = res
         if (!expirationDate) {
           req.task.addError(`【${item.domain}】获取域名${item.domain}过期时间失败`)
@@ -566,6 +536,7 @@ export class DomainService extends BaseService<DomainEntity> {
       } catch (error) {
         const errorMsg = `【${item.domain}】${error.message ?? error}`
         req.task.addError(errorMsg)
+        logger.error(errorMsg)
       } finally {
         await utils.sleep(1000)
       }
@@ -573,7 +544,151 @@ export class DomainService extends BaseService<DomainEntity> {
 
     await doPageTurn({ pager, getPage: getDomainPage, itemHandle: itemHandle })
     const key = `user_${req.userId || 'all'}`
-    logger.info(`同步用户(${key})注册域名过期时间完成(${req.task.getSuccessCount()}个成功，${req.task.getErrorCount()}个失败)`)
+    const log = `同步用户(${key})注册域名过期时间完成(${req.task.getSuccessCount()}个成功，${req.task.getErrorCount()}个失败)`
+    logger.info(log)
   }
 
+
+  public async startCheckDomainExpiration(req: { userId?: number, projectId?: number }) {
+    const { userId, projectId } = req
+    if (userId == null) {
+      throw new Error('userId is required');
+    }
+
+    if (projectId && !isEnterprise()) {
+      logger.warn(`当前未开启企业模式，跳过检查项目(${projectId})的域名过期时间`)
+      return
+    }
+
+    const setting = await this.monitorSettingGet({ userId, projectId })
+    if (!setting || !setting.enabled) {
+      return
+    }
+
+    const jobHistory: any = {
+      userId,
+      projectId,
+      type: DOMAIN_EXPIRE_CHECK_TYPE,
+      title: `检查注册域名过期时间`,
+      startAt: dayjs().valueOf(),
+      result: "start",
+    }
+    await this.jobHistoryService.add(jobHistory)
+
+    const expireDays = setting.willExpireDays || 30
+    const ltTime = dayjs().add(expireDays, 'day').valueOf()
+
+    const total = await this.repository.count({
+      where:{
+        userId,
+        projectId,
+        disabled: false,
+      }
+    })
+    //开始检查域名过期时间
+    const list = await this.repository.find({
+      where: {
+        userId,
+        projectId,
+        disabled: false,
+        expirationDate: LessThan(ltTime)
+      }
+    })
+
+    const now = dayjs().valueOf()
+    let willExpireDomains = []
+    let hasExpireDomains = []
+
+    for (const item of list) {
+      const { expirationDate } = item
+      const leftDays = dayjs(expirationDate).diff(dayjs(), 'day')
+      //@ts-ignore
+      item.leftDays = leftDays
+      if (expirationDate < now) {
+        hasExpireDomains.push(item)
+      } else {
+        willExpireDomains.push(item)
+      }
+    }
+
+    const title = `域名过期检查：即将过期 ${willExpireDomains.length} 个域名，已过期 ${hasExpireDomains.length} 个域名，共 ${total} 个域名`
+
+    try {
+      await this.jobHistoryService.update({
+        id: jobHistory.id,
+        content: title,
+        result: "done",
+        endAt: dayjs().valueOf(),
+      })
+
+    } catch (error) {
+      logger.error(`更新域名过期检查任务状态失败:${error.message ?? error}`)
+    }
+
+    if (list.length == 0) {
+      //没有过期域名  不发通知
+      return
+    }
+
+    //发送通知
+    const willExpireDomainsStr = willExpireDomains.map(item => `${item.domain} (剩余${item.leftDays}天)`).join('\n  ')
+    const hasExpireDomainsStr = hasExpireDomains.map(item => `${item.domain} (已过期${item.leftDays}天)`).join('\n  ')
+    const content = `您有域名即将过期，请尽快续费
+
+即将过期域名: ${willExpireDomains.length} 个 (有效期<${expireDays}天)
+  ${willExpireDomainsStr}
+
+已过期域名: ${hasExpireDomains.length} 个
+  ${hasExpireDomainsStr}`
+    const taskService = this.taskServiceBuilder.create({ userId: userId, projectId: projectId });
+
+    const notificationService = await taskService.getNotificationService()
+    const url = await notificationService.getBindUrl("#/certd/cert/domain");
+    await notificationService.send({
+      id: setting.notificationId,
+      useDefault: true,
+      logger: logger,
+      body: {
+        title: title,
+        content: content,
+        url: url,
+        errorMessage: title,
+        notificationType: DOMAIN_EXPIRE_CHECK_TYPE,
+        willExpireDomains,
+        hasExpireDomains,
+      }
+    })
+
+  }
+
+
+  public async monitorSettingGet(req: { userId?: number, projectId?: number }) {
+    const { userId, projectId } = req
+    const setting = await this.userSettingService.getSetting<UserDomainMonitorSetting>(userId, projectId, UserDomainMonitorSetting)
+    return setting || {}
+  }
+
+  public async monitorSettingSave(req: { userId?: number, projectId?: number, setting?: any }) {
+    const { userId, projectId, setting } = req
+    const bean: UserDomainMonitorSetting = new UserDomainMonitorSetting()
+    merge(bean, setting)
+    await this.userSettingService.saveSetting<UserDomainMonitorSetting>(userId, projectId, bean)
+    await this.registerMonitorCron({ userId, projectId })
+  }
+
+  public async registerMonitorCron(req: { userId?: number, projectId?: number }) {
+    const { userId, projectId } = req
+    const setting = await this.monitorSettingGet(req)
+    const key = `${DOMAIN_EXPIRE_CHECK_TYPE}:${userId}_${projectId || ''}`
+    this.cron.remove(key)
+    if (setting.enabled) {
+      this.cron.register({
+        cron: setting.cron,
+        name: key,
+        job: async () => {
+          await this.startCheckDomainExpiration({ userId, projectId })
+        },
+      })
+    }
+  }
 }

packages/ui/certd-server/src/modules/cert/service/tld-client.ts

@@ -0,0 +1,128 @@
+
+import { http, logger } from '@certd/basic';
+import { parseDomainByPsl } from "@certd/plugin-lib";
+import dayjs from 'dayjs';
+
+export interface DomainInfo {
+  expirationDate?: number;
+  registrationDate?: number;
+}
+
+export class TldClient {
+  private rdapMap: Record<string, string> = {}
+  private isInitialized = false;
+
+  constructor() {
+  }
+
+  async init() {
+    if (this.isInitialized) {
+      return;
+    }
+    const dnsJson = await http.request({
+      url: "https://data.iana.org/rdap/dns.json",
+      method: "GET",
+    })
+    for (const item of dnsJson.services) {
+      const suffixes = item[0]
+      const urls = item[1]
+      for (const suffix of suffixes) {
+        this.rdapMap[suffix] = urls[0]
+      }
+    }
+    this.isInitialized = true;
+  }
+
+  async getDomainExpirationDate(domain: string): Promise<DomainInfo> {
+    await this.init();
+    
+    const parsed = parseDomainByPsl(domain)
+    const mainDomain = parsed.domain || ''
+    if (mainDomain !== domain) {
+      const message= `【${domain}】为子域名，无法获取过期时间`
+      logger.warn(message)
+      throw new Error(message)
+    }
+    
+    try {
+      return await this.getDomainExpirationByRdap(domain, parsed.tld || '')
+    } catch (error) {
+      logger.error(error.message)
+      return await this.getDomainExpirationByWhoiser(domain)
+    }
+  }
+
+  private async getDomainExpirationByRdap(domain: string, suffix: string): Promise<DomainInfo> {
+    const rdapUrl = this.rdapMap[suffix]
+    if (!rdapUrl) {
+      throw new Error(`【${domain}】未找到${suffix}的rdap地址`)
+    }
+    
+    const rdap = await http.request({
+      url: `${rdapUrl}domain/${domain}`,
+      method: "GET",
+    })
+
+    let res: DomainInfo = {}
+    const events = rdap.events || []
+    for (const item of events) {
+      if (item.eventAction === 'expiration') {
+        res.expirationDate = dayjs(item.eventDate).valueOf()
+      } else if (item.eventAction === 'registration') {
+        res.registrationDate = dayjs(item.eventDate).valueOf()
+      }
+    }
+    return res
+  }
+
+  private async getDomainExpirationByWhoiser(domain: string): Promise<DomainInfo> {
+    const whoiser = await import("whoiser")
+    const result = await whoiser.whoisDomain(domain, {
+      follow: 2,
+      timeout: 5000
+    })
+    
+    let res: DomainInfo = {}
+    /**
+     * {
+  "Domain Status": [
+    "ok",
+  ],
+  "Name Server": [
+    "dns21.hichina.com",
+    "dns22.hichina.com",
+  ],
+  text: [
+    "",
+  ],
+  "Domain Name": "docmirror.cn",
+  ROID: "20200907s10001s31265717-cn",
+  "Registrant Name": "肖君诺",
+  "Registrant Email": "252959493@qq.com",
+  Registrar: "阿里巴巴云计算（北京）有限公司",
+  "Created Date": "2020-09-07 09:22:54",
+  "Expiry Date": "2026-09-07 09:22:54",
+  DNSSEC: "unsigned",
+}
+     */
+    
+    for (const server in result) {
+      const data = result[server] as any
+      if (data['Expiry Date']) {
+        res.expirationDate = dayjs(data['Expiry Date']).valueOf()
+      }
+      if (data['Created Date']) {
+        res.registrationDate = dayjs(data['Created Date']).valueOf()
+      }
+      if (res.expirationDate && res.registrationDate) {
+        break
+      }
+    }
+    
+    if (!res.expirationDate) {
+      throw new Error(`【${domain}】whois查询未找到过期时间`)
+    }
+    
+    return res
+  }
+}

packages/ui/certd-server/src/modules/cron/configuration.ts

@@ -1,6 +1,5 @@
-import { Config, Configuration, Logger } from '@midwayjs/core';
-import { ILogger } from '@midwayjs/logger';
-import { IMidwayContainer } from '@midwayjs/core';
+import { logger } from '@certd/basic';
+import { Config, Configuration, IMidwayContainer } from '@midwayjs/core';
 import { Cron } from './cron.js';
 
 // ... (see below) ...
@@ -11,18 +10,15 @@ import { Cron } from './cron.js';
 export class CronConfiguration {
   @Config()
   config;
-  @Logger()
-  logger: ILogger;
-
   cron: Cron;
   async onReady(container: IMidwayContainer) {
-    this.logger.info('cron start');
+    logger.info('cron start');
     this.cron = new Cron({
-      logger: this.logger,
+      logger: logger,
       ...this.config,
     });
     container.registerObject('cron', this.cron);
     this.cron.start();
-    this.logger.info('cron started');
+    logger.info('cron started');
   }
 }

packages/ui/certd-server/src/modules/mine/service/models.ts

@@ -31,6 +31,18 @@ export class UserSiteMonitorSetting extends BaseSettings {
   certValidDays?:number = 14;
 }
 
+
+export class UserDomainMonitorSetting extends BaseSettings {
+  static __title__ = "域名到期监控设置";
+  static __key__ = "user.domain.monitor";
+
+  enabled?:boolean = false;
+  notificationId?:number= 0;
+  cron?:string = undefined;
+  willExpireDays?:number = 30;
+}
+
+
 export class UserEmailSetting extends BaseSettings {
   static __title__ = "用户邮箱设置";
   static __key__ = "user.email";

packages/ui/certd-server/src/modules/monitor/entity/job-history.ts

@@ -0,0 +1,52 @@
+import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
+import { PipelineEntity } from '../../pipeline/entity/pipeline.js';
+
+@Entity('cd_job_history')
+export class JobHistoryEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @Column({ name: 'user_id', comment: '用户id' })
+  userId: number;
+
+  @Column({ name: 'project_id', comment: '项目id' })
+  projectId: number;
+
+  
+  @Column({ name: 'type', comment: '类型' })
+  type: string;
+
+  @Column({ name: 'title', comment: '标题' })
+  title: string;
+
+  @Column({ name: 'content', comment: '内容' })
+  content: string;
+
+  @Column({ name: 'related_id', comment: '关联id' })
+  relatedId: string;
+
+  @Column({ name: 'result', comment: '结果' })
+  result: string;
+
+  @Column({ name: 'start_at', comment: '开始时间' })
+  startAt: number;
+
+  @Column({ name: 'end_at', comment: '结束时间' })
+  endAt: number;
+
+  @Column({
+    name: 'create_time',
+    comment: '创建时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  createTime: Date;
+
+  @Column({
+    name: 'update_time',
+    comment: '修改时间',
+    default: () => 'CURRENT_TIMESTAMP',
+  })
+  updateTime: Date;
+
+  pipeline?: PipelineEntity;
+}

packages/ui/certd-server/src/modules/monitor/service/job-history-service.ts

@@ -0,0 +1,23 @@
+import { BaseService } from "@certd/lib-server";
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { InjectEntityModel } from "@midwayjs/typeorm";
+import { Repository } from "typeorm";
+import { UserSettingsService } from "../../mine/service/user-settings-service.js";
+import { JobHistoryEntity } from "../entity/job-history.js";
+
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class JobHistoryService extends BaseService<JobHistoryEntity> {
+  @InjectEntityModel(JobHistoryEntity)
+  repository: Repository<JobHistoryEntity>;
+
+
+  @Inject()
+  userSettingsService: UserSettingsService;
+
+  //@ts-ignore
+  getRepository() {
+    return this.repository;
+  }
+}

packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts

@@ -17,6 +17,8 @@ import {SiteIpEntity} from "../entity/site-ip.js";
 import {Cron} from "../../cron/cron.js";
 import { dnsContainer } from "./dns-custom.js";
 import { merge } from "lodash-es";
+import { JobHistoryService } from "./job-history-service.js";
+import { JobHistoryEntity } from "../entity/job-history.js";
 
 @Provide()
 @Scope(ScopeEnum.Request, {allowDowngrade: true})
@@ -39,6 +41,9 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
   @Inject()
   siteIpService: SiteIpService;
 
+  @Inject()
+  jobHistoryService: JobHistoryService;
+
 
   @Inject()
   cron: Cron;
@@ -352,10 +357,11 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
     if (userId==null) {
       throw new Error("userId is required");
     }
-    const sites = await this.repository.find({
-      where: {userId,projectId}
-    });
-    this.checkList(sites,false);
+    // const sites = await this.repository.find({
+    //   where: {userId,projectId}
+    // });
+    // this.checkList(sites,false);
+    await this.triggerJobOnce(userId,projectId);
   }
 
   async checkList(sites: SiteInfoEntity[],isCommon: boolean) {
@@ -516,6 +522,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
   async triggerJobOnce(userId?:number,projectId?:number) {
     logger.info(`站点证书检查开始执行[${userId??'所有用户'}_${projectId??'所有项目'}]`);
     const query:any = { disabled: false };
+    let jobEntity :Partial<JobHistoryEntity> = null;
     if(userId!=null){
       query.userId = userId;
       if(projectId){
@@ -523,12 +530,22 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
       }
       //判断是否已关闭
       const setting = await this.userSettingsService.getSetting<UserSiteMonitorSetting>(userId,projectId, UserSiteMonitorSetting);
-      if (!setting.cron) {
+      if (setting && !setting.cron) {
         return;
       }
+      jobEntity  =  {
+        userId,
+        projectId,
+        type:"siteCertMonitor",
+        title: '站点证书检查',
+        result:"start",
+        startAt:new Date().getTime(),
+      }
+      await this.jobHistoryService.add(jobEntity);
     }
     let offset = 0;
     const limit = 50;
+    let count = 0;
     while (true) {
       const res = await this.page({
         query: query,
@@ -541,10 +558,20 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
       }
       offset += records.length;
       const isCommon = !userId;
+      count += records.length;
       await this.checkList(records,isCommon);
     }
 
     logger.info(`站点证书检查完成[${userId??'所有用户'}_${projectId??'所有项目'}]`);
+    if(jobEntity){
+      await this.jobHistoryService.update({
+        id: jobEntity.id,
+        result: "done",
+        content:`共检查${count}个站点`,
+        endAt:new Date().getTime(),
+        updateTime:new Date(),
+      });
+    }
   }
 
   async batchDelete(ids: number[], userId: number,projectId?:number): Promise<void> {

packages/ui/certd-server/src/modules/pipeline/service/getter/notification-getter.ts

@@ -23,4 +23,8 @@ export class NotificationGetter implements INotificationService {
   async send(req: NotificationSendReq): Promise<void> {
     return await this.notificationService.send(req, this.userId, this.projectId);
   }
+
+  async getBindUrl(url: string) {
+    return await this.notificationService.getBindUrl(url);
+  }
 }

packages/ui/certd-server/src/plugins/index.ts

@@ -44,4 +44,5 @@
 // export * from './plugin-lib/index.js'
 // export * from './plugin-plus/index.js'
 // export * from './plugin-cert/index.js'
-// export * from './plugin-zenlayer/index.js'
+// export * from './plugin-zenlayer/index.js'
+export * from './plugin-dnsmgr/index.js'

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/base.ts

@@ -156,7 +156,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
       if(maxDays < 2){
         maxDays = 2;
       }
-      this.logger.warn(`为避免每次运行都更新证书，更新天数自动减半，调整为${maxDays}`);
+      this.logger.warn(`为避免每次运行都更新证书，更新天数自动减半（即证书最大时长${totalDays}天减半），调整为${maxDays}`);
     }
    
     return {

packages/ui/certd-server/src/plugins/plugin-dnsmgr/access.ts

@@ -0,0 +1,144 @@
+import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
+import { DomainRecord } from '@certd/plugin-lib';
+
+@IsAccess({
+  name: 'dnsmgr',
+  title: '彩虹DNS',
+  icon: 'clarity:plugin-line',
+  desc: '彩虹DNS管理系统授权',
+})
+export class DnsmgrAccess extends BaseAccess {
+  @AccessInput({
+    title: '系统地址',
+    component: {
+      name: "a-input",
+      allowClear: true,
+      placeholder: 'https://dnsmgr.example.com',
+    },
+    required: true,
+  })
+  endpoint = '';
+
+  @AccessInput({
+    title: '用户ID',
+    component: {
+      name: "a-input",
+      allowClear: true,
+      placeholder: '123456',
+    },
+    required: true,
+  })
+  uid = '';
+
+  @AccessInput({
+    title: 'API密钥',
+    required: true,
+    encrypt: true,
+  })
+  key = '';
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常"
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    await this.GetDomainList({});
+    return "ok";
+  }
+
+  async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
+    this.ctx.logger.info(`获取域名列表，req:${JSON.stringify(req)}`);
+    const pager = new Pager(req);
+    const resp = await this.doRequest({
+      url: '/api/domain',
+      data: {
+        offset: pager.getOffset(),
+        limit: pager.pageSize,
+        kw: req.searchKey,
+      },
+    });
+    const total = resp?.total || 0;
+    let list = resp?.rows?.map((item: any) => {
+      return {
+        domain: item.name,
+        ...item,
+      };
+    });
+    return {
+      total,
+      list,
+    };
+  }
+
+
+
+  async createDnsRecord(domainId: string, record: string, value: string, type: string, domain: string) {
+    this.ctx.logger.info(`创建DNS记录：${record} ${type} ${value}`);
+    const resp = await this.doRequest({
+      url: `/api/record/add/${domainId}`,
+      data: {
+        name: record.replace(`.${domain}`, ''),
+        type,
+        value,
+        line: 'default',
+        ttl: 600,
+      },
+    });
+    return resp;
+  }
+
+  async getDnsRecords(domainId: string, type?: string, name?: string, value?: string) {
+    this.ctx.logger.info(`获取DNS记录列表：domainId=${domainId}, type=${type}, name=${name}`);
+    const resp = await this.doRequest({
+      url: `/api/record/data/${domainId}`,
+      data: {
+        type,
+        subdomain: name,
+        value,
+      },
+    });
+    return resp;
+  }
+
+  async deleteDnsRecord(domainId: string, recordId: string) {
+    this.ctx.logger.info(`删除DNS记录：domainId=${domainId}, recordId=${recordId}`);
+    const resp = await this.doRequest({
+      url: `/api/record/delete/${domainId}`,
+      data: {
+        recordid: recordId,
+      },
+    });
+    return resp;
+  }
+
+  async doRequest(req: { url: string; data?: any }) {
+    const timestamp = Math.floor(Date.now() / 1000);
+    const sign = this.ctx.utils.hash.md5(`${this.uid}${timestamp}${this.key}`);
+    const url = `${this.endpoint}${req.url}`;
+    
+    const res = await this.ctx.http.request({
+      url,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      data: {
+        uid: this.uid,
+        timestamp,
+        sign,
+        ...req.data,
+      },
+    });
+
+    if (res.code !== undefined && res.code !== 0) {
+      throw new Error(res.msg || '请求失败');
+    }
+    return res;
+  }
+}

packages/ui/certd-server/src/plugins/plugin-dnsmgr/dns-provider.ts

@@ -0,0 +1,71 @@
+import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
+import { DnsmgrAccess } from './access.js';
+import { PageRes, PageSearch } from '@certd/pipeline';
+
+type DnsmgrRecord = {
+  domainId: string;
+  name: string;
+  value: string;
+};
+
+@IsDnsProvider({
+  name: 'dnsmgr',
+  title: '彩虹DNS',
+  desc: '彩虹DNS管理系统',
+  icon: 'clarity:plugin-line',
+  accessType: 'dnsmgr',
+  order: 99,
+})
+export class DnsmgrDnsProvider extends AbstractDnsProvider<DnsmgrRecord> {
+  access!: DnsmgrAccess;
+
+  async onInstance() {
+    this.access = this.ctx.access as DnsmgrAccess;
+    this.logger.debug('access', this.access);
+  }
+
+  async createRecord(options: CreateRecordOptions): Promise<any> {
+    const { fullRecord, value, type, domain } = options;
+    this.logger.info('添加域名解析：', fullRecord, value, type, domain);
+
+    const domainList = await this.access.GetDomainList({ searchKey: domain });
+    const domainInfo = domainList.list?.find((item: any) => item.name === domain);
+    
+    if (!domainInfo) {
+      throw new Error(`未找到域名：${domain}`);
+    }
+
+    const name = fullRecord.replace(`.${domain}`, '');
+    const res = await this.access.createDnsRecord(domainInfo.id, fullRecord, value, type, domain);
+    return { domainId: domainInfo.id, name, value,res };
+  }
+
+  async removeRecord(options: RemoveRecordOptions<DnsmgrRecord>): Promise<void> {
+    const { fullRecord, value } = options.recordReq;
+    const record = options.recordRes;
+    this.logger.info('删除域名解析：', fullRecord, value, record);
+
+    if (record && record.domainId) {
+      const records = await this.access.getDnsRecords(record.domainId, 'TXT', record.name, record.value);
+      if (records && records.rows && records.rows.length > 0) {
+        const recordToDelete = records.rows[0];
+        await this.access.deleteDnsRecord(record.domainId, recordToDelete.RecordId);
+      }
+    }
+
+    this.logger.info('删除域名解析成功:', fullRecord, value);
+  }
+
+  async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
+    const res = await this.access.GetDomainList(req);
+    res.list = res.list?.map((item: any) => {
+      return {
+        id: item.id,
+        domain: item.name,
+      };
+    });
+    return res;
+  }
+}
+
+new DnsmgrDnsProvider();

packages/ui/certd-server/src/plugins/plugin-dnsmgr/index.ts

@@ -0,0 +1,2 @@
+export * from './access.js';
+export * from './dns-provider.js';

packages/ui/certd-server/src/plugins/plugin-plus/baidu/plugins/index.ts

@@ -1,3 +1,4 @@
 export * from "./plugin-deploy-to-cdn.js";
 export * from "./plugin-deploy-to-blb.js";
 export * from "./plugin-upload-to-baidu.js";
+export * from "./plugin-deploy-to-cce.js";

packages/ui/certd-server/src/plugins/plugin-plus/baidu/plugins/plugin-deploy-to-cce.ts

@@ -0,0 +1,245 @@
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { utils } from "@certd/basic";
+
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { BaiduAccess } from "../access.js";
+import { BaiduYunClient } from "../client.js";
+
+@IsTaskPlugin({
+  name: "DeployCertToBaiduCce",
+  title: "百度云-部署到CCE",
+  icon: "ant-design:cloud-outlined",
+  desc: "部署到百度云CCE集群Ingress等通过Secret管理证书的应用",
+  group: pluginGroups.baidu.key,
+  needPlus: true,
+  input: {},
+  output: {},
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed,
+    },
+  },
+})
+export class DeployCertToBaiduCcePlugin extends AbstractTaskPlugin {
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames],
+    },
+    required: true,
+  })
+  cert!: CertInfo;
+  @TaskInput({
+    title: "Access授权",
+    helper: "百度云授权AccessKey、SecretKey",
+    component: {
+      name: "access-selector",
+      type: "baidu",
+    },
+    required: true,
+  })
+  accessId!: string;
+
+  @TaskInput({
+    title: "大区",
+    component: {
+      name: "a-auto-complete",
+      vModel: "value",
+      options: [
+        { value: "bj", label: "北京" },
+        { value: "gz", label: "广州" },
+        { value: "su", label: "苏州" },
+        { value: "bd", label: "保定" },
+        { value: "fwh", label: "武汉" },
+        { value: "hkg", label: "香港" },
+        { value: "yq", label: "阳泉" },
+        { value: "cd", label: "成都" },
+        { value: "nj", label: "南京" },
+      ],
+      placeholder: "集群所属大区",
+    },
+    required: true,
+  })
+  regionId!: string;
+
+  @TaskInput({
+    title: "集群id",
+    component: {
+      placeholder: "集群id",
+    },
+    required: true,
+  })
+  clusterId!: string;
+
+  @TaskInput({
+    title: "保密字典Id",
+    component: {
+      placeholder: "保密字典Id",
+    },
+    helper: "原本存储证书的secret的name",
+    required: true,
+  })
+  secretName!: string | string[];
+
+  @TaskInput({
+    title: "命名空间",
+    value: "default",
+    component: {
+      placeholder: "命名空间",
+    },
+    required: true,
+  })
+  namespace = "default";
+
+  @TaskInput({
+    title: "Kubeconfig类型",
+    value: "public",
+    component: {
+      name: "a-auto-complete",
+      vModel: "value",
+      options: [
+        { value: "vpc", label: "VPC私网IP (BLB VPCIP)" },
+        { value: "public", label: "公网IP (BLB EIP)" },
+      ],
+      placeholder: "选择集群连接端点类型",
+    },
+    helper: "VPC类型使用私网IP连接，需要certd运行在同一网络环境；public类型使用公网IP连接",
+    required: true,
+  })
+  kubeconfigType!: string;
+
+  @TaskInput({
+    title: "忽略证书校验",
+    required: false,
+    helper: "是否忽略证书校验",
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+  })
+  skipTLSVerify!: boolean;
+
+  @TaskInput({
+    title: "Secret自动创建",
+    helper: "如果Secret不存在，则创建，百度云的自动创建secret有问题",
+    value: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+  })
+  createOnNotFound: boolean;
+
+  K8sClient: any;
+  async onInstance() {
+    const sdk = await import("@certd/lib-k8s");
+    this.K8sClient = sdk.K8sClient;
+  }
+  async execute(): Promise<void> {
+    this.logger.info("开始部署证书到百度云CCE");
+    const { regionId, clusterId, kubeconfigType, cert } = this;
+    const access = (await this.getAccess(this.accessId)) as BaiduAccess;
+    const client = new BaiduYunClient({
+      access,
+      logger: this.logger,
+      http: this.ctx.http,
+    });
+    const kubeConfigStr = await this.getKubeConfig(client, clusterId, regionId, kubeconfigType);
+
+    this.logger.info("kubeconfig已成功获取");
+    const k8sClient = new this.K8sClient({
+      kubeConfigStr,
+      logger: this.logger,
+      skipTLSVerify: this.skipTLSVerify,
+    });
+    await this.patchCertSecret({ cert, k8sClient });
+
+    await utils.sleep(5000);
+
+    try {
+      await this.restartIngress({ k8sClient });
+    } catch (e) {
+      this.logger.warn(`重启ingress失败:${e.message}`);
+    }
+  }
+
+  async restartIngress(options: { k8sClient: any }) {
+    const { k8sClient } = options;
+    const { namespace } = this;
+
+    const body = {
+      metadata: {
+        labels: {
+          certd: this.appendTimeSuffix("certd"),
+        },
+      },
+    };
+    const ingressList = await k8sClient.getIngressList({ namespace });
+    this.logger.info("ingressList:", JSON.stringify(ingressList));
+    if (!ingressList || !ingressList.items) {
+      return;
+    }
+    const ingressNames = ingressList.items
+      .filter((item: any) => {
+        if (!item.spec.tls) {
+          return false;
+        }
+        for (const tls of item.spec.tls) {
+          if (tls.secretName === this.secretName) {
+            return true;
+          }
+        }
+        return false;
+      })
+      .map((item: any) => {
+        return item.metadata.name;
+      });
+    for (const ingress of ingressNames) {
+      await k8sClient.patchIngress({ namespace, ingressName: ingress, body, createOnNotFound: this.createOnNotFound });
+      this.logger.info(`ingress已重启:${ingress}`);
+    }
+  }
+
+  async patchCertSecret(options: { cert: CertInfo; k8sClient: any }) {
+    const { cert, k8sClient } = options;
+    const crt = cert.crt;
+    const key = cert.key;
+    const crtBase64 = Buffer.from(crt).toString("base64");
+    const keyBase64 = Buffer.from(key).toString("base64");
+
+    const { namespace, secretName } = this;
+
+    const body = {
+      data: {
+        "tls.crt": crtBase64,
+        "tls.key": keyBase64,
+      },
+      metadata: {
+        labels: {
+          certd: this.appendTimeSuffix("certd"),
+        },
+      },
+    };
+    let secretNames: any = secretName;
+    if (typeof secretName === "string") {
+      secretNames = [secretName];
+    }
+    for (const secret of secretNames) {
+      await k8sClient.patchSecret({ namespace, secretName: secret, body ,createOnNotFound: this.createOnNotFound});
+      this.logger.info(`cert secret已更新: ${secret}`);
+    }
+  }
+
+  async getKubeConfig(client: BaiduYunClient, clusterId: string, regionId: string, kubeconfigType: string) {
+    const res = await client.doRequest({
+      host: `cce.${regionId}.baidubce.com`,
+      uri: `/v2/kubeconfig/${clusterId}/${kubeconfigType}`,
+      method: "get",
+    });
+    return res.kubeConfig;
+  }
+}
+
+new DeployCertToBaiduCcePlugin();

packages/ui/certd-server/src/plugins/plugin-plus/k8s/plugins/plugin-apply.ts

@@ -62,6 +62,21 @@ export class K8sApplyPlugin extends AbstractPlusTaskPlugin {
   // })
   // namespace!: string;
 
+  @TaskInput({
+    title: "应用策略",
+    helper: "选择使用apply（创建或更新）还是patch（补丁更新）",
+    component: {
+      name: "a-select",
+      options: [
+        { label: "apply(创建)", value: "apply" },
+        { label: "patch(更新)", value: "patch" },
+      ],
+    },
+    value: "apply",
+    required: true,
+  })
+  strategy!: string;
+
   @TaskInput({
     title: "yaml",
     required: true,
@@ -112,8 +127,13 @@ export class K8sApplyPlugin extends AbstractPlusTaskPlugin {
     try {
       // this.logger.info("apply yaml:", compiledYaml);
       // this.logger.info("apply yamlDoc:", JSON.stringify(doc));
-      const res = await client.apply(compiledYaml);
-      this.logger.info("apply result:", res);
+      if (this.strategy === "apply") {
+        await client.apply(compiledYaml);
+        this.logger.info("apply success");
+      } else {
+        await client.applyPatch(compiledYaml);
+        this.logger.info("patch success");
+      }
     } catch (e) {
       if (e.response?.body) {
         throw new Error(JSON.stringify(e.response.body));

packages/ui/certd-server/src/plugins/plugin-spaceship/access.ts

@@ -0,0 +1,148 @@
+import { IsAccess, AccessInput, BaseAccess, PageSearch } from "@certd/pipeline";
+
+@IsAccess({
+  name: "spaceship",
+  title: "Spaceship.com 授权",
+  icon: "clarity:plugin-line",
+  desc: "Spaceship.com API 授权插件"
+})
+export class SpaceshipAccess extends BaseAccess {
+
+  @AccessInput({
+    title: "API Key",
+    component: {
+      placeholder: "请输入 API Key"
+    },
+    required: true,
+    encrypt: true,
+    helper: "前往 [获取 API Key](https://www.spaceship.com/application/api-manager/)"
+  })
+  apiKey = "";
+
+  @AccessInput({
+    title: "API Secret",
+    component: {
+      name: "a-input-password",
+      vModel: "value",
+      placeholder: "请输入 API Secret"
+    },
+    required: true,
+    encrypt: true
+  })
+  apiSecret = "";
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "测试 API 连接是否正常"
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    await this.GetDomainList({});
+    return "ok";
+  }
+
+  async doRequest(options: {
+    url: string;
+    method: 'GET' | 'POST' | 'DELETE';
+    params?: any;
+    data?: any;
+  }) {
+    const headers = {
+      "X-Api-Key": this.apiKey,
+      "X-Api-Secret": this.apiSecret
+    };
+    
+    try {
+      const res = await this.ctx.http.request({
+        url: options.url,
+        method: options.method,
+        headers,
+        params: options.params,
+        data: options.data
+      });
+      return res;
+    } catch (error: any) {
+      const errorMsg = [];
+      const status = error.status || error.response?.status;
+      if (error.response) {
+        const headers = error.response.headers;
+        const data = error.response.data;
+        
+        errorMsg.push(`API 请求失败: ${status}`);
+        
+        if (headers['spaceship-error-code']) {
+          errorMsg.push(`错误代码: ${headers['spaceship-error-code']}`);
+        }
+        
+        if (headers['spaceship-operation-id']) {
+          errorMsg.push(`操作ID: ${headers['spaceship-operation-id']}`);
+        }
+        
+        if (data && data.detail) {
+          errorMsg.push(`错误详情: ${data.detail}`);
+        }
+        
+        this.ctx.logger.error(`Spaceship API 错误: ${errorMsg.join(' | ')}`);
+      } else if (error.request) {
+        errorMsg.push(`请求发送失败: ${error.message}`);
+        this.ctx.logger.error(`Spaceship API 请求发送失败: ${error.message}`);
+      } else {
+        errorMsg.push(`请求配置错误: ${error.message}`);
+        this.ctx.logger.error(`Spaceship API 请求配置错误: ${error.message}`);
+      }
+      
+      const error2 = new Error(errorMsg.join(' | '));
+      //@ts-ignore
+      error2.status = status;
+      throw error2;
+    }
+  }
+
+  async GetDomainList(req: PageSearch) {
+    const take = req.pageSize || 100;
+    const skip = ((req.pageNo || 1) - 1) * take;
+    
+    const res = await this.doRequest({
+      url: "https://spaceship.dev/api/v1/domains",
+      method: "GET",
+      params: {
+        take,
+        skip
+      }
+    });
+    
+    return {
+      total: res.total || 0,
+      list: res.items || []
+    };
+  }
+
+  async getDomainInfo(domain: string) {
+    try {
+      const res = await this.doRequest({
+        url: `https://spaceship.dev/api/v1/domains/${domain}`,
+        method: "GET"
+      });
+      return res;
+    } catch (error: any) {
+      if (error.status === 404) {
+        throw new Error(`域名 ${domain} 不存在于当前账号中`);
+      }
+      throw error;
+    }
+  }
+
+  getCacheKey() {
+    const hashStr = this.apiKey + this.apiSecret;
+    const hashCode = this.ctx.utils.hash.sha256(hashStr);
+    return `spaceship-${hashCode}`;
+  }
+
+}
+
+new SpaceshipAccess();

packages/ui/certd-server/src/plugins/plugin-spaceship/dns-provider.ts

@@ -0,0 +1,95 @@
+import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
+import { SpaceshipAccess } from "./access.js";
+import { PageRes, PageSearch } from "@certd/pipeline";
+
+export type SpaceshipRecord = {
+  id: string;
+  name: string;
+  type: string;
+  content: string;
+  domainId: string;
+};
+
+@IsDnsProvider({
+  name: "spaceship",
+  title: "Spaceship",
+  desc: "Spaceship 域名解析",
+  icon: "clarity:plugin-line",
+  accessType: "spaceship",
+  order: 99
+})
+export class SpaceshipProvider extends AbstractDnsProvider<SpaceshipRecord> {
+  access!: SpaceshipAccess;
+
+  async onInstance() {
+    this.access = this.ctx.access as SpaceshipAccess;
+  }
+
+  async createRecord(options: CreateRecordOptions): Promise<SpaceshipRecord> {
+    const { fullRecord, hostRecord, value, type, domain } = options;
+    this.logger.info("添加域名解析：", fullRecord, value, type, domain);
+
+    await this.access.getDomainInfo(domain);
+
+    const recordRes = await this.access.doRequest({
+      url: `https://spaceship.dev/api/v1/domains/${domain}/records`,
+      method: "POST",
+      data: {
+        force: false,
+        items: [
+          {
+            type: type,
+            value: value,
+            name: hostRecord,
+            ttl: 300
+          }
+        ]
+      }
+    });
+
+    return {
+      id: recordRes.items[0].id,
+      name: hostRecord,
+      type: type,
+      content: value,
+      domainId: domain
+    };
+  }
+
+  async removeRecord(options: RemoveRecordOptions<SpaceshipRecord>): Promise<void> {
+    const recordRes = options.recordRes;
+    this.logger.info("删除域名解析：", recordRes);
+
+    await this.access.doRequest({
+      url: `https://spaceship.dev/api/v1/domains/${recordRes.domainId}/records`,
+      method: "DELETE",
+      data: {
+        Records: [
+          {
+            type: recordRes.type,
+            value: recordRes.content,
+            name: recordRes.name
+          }
+        ]
+      }
+    });
+
+    this.logger.info("删除域名解析成功:", recordRes.name);
+  }
+
+  async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
+    const res = await this.access.GetDomainList(req);
+    
+    const list = res.list.map((item: any) => ({
+      domain: item.name,
+      id: item.name
+    }));
+    
+    return {
+      total: res.total || 0,
+      list: list || []
+    };
+  }
+}
+
+new SpaceshipProvider();