build: release

.github/workflows/build-image.yml

@@ -4,7 +4,7 @@ on:
     branches: ['v2-dev']
     paths:
       - "trigger/build.trigger"
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -21,7 +21,7 @@ jobs:
         with:
           fetch-depth: 0
           lfs: true
-
+          ref: 'v2-dev'
       - name: get_certd_version
         id: get_certd_version
         uses: actions/github-script@v6

.github/workflows/deploy-demo.yml

@@ -8,6 +8,8 @@ on:
     workflows: [ "build-image" ]
     types:
       - completed
+  workflow_dispatch:    # 添加手动触发
+
 
 
 #  schedule:
@@ -26,6 +28,7 @@ jobs:
         with:
           fetch-depth: 0
           ref: v2-dev
+          
       - name: get_certd_version
         id: get_certd_version
         uses: actions/github-script@v6

.github/workflows/publish-atom.yaml

@@ -8,7 +8,7 @@ on:
     workflows: [ "build-image-for-release" ]
     types:
       - completed
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -19,13 +19,17 @@ permissions:
 jobs:
   publish-atomgit:
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      (github.event.workflow_run.conclusion == 'success')
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           lfs: true
+          ref: 'v2-dev'
+
       - name: get_certd_version
         id: get_certd_version
         uses: actions/github-script@v6

.github/workflows/publish-gitee.yaml

@@ -8,7 +8,7 @@ on:
     workflows: [ "build-image-for-release" ]
     types:
       - completed
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -19,13 +19,16 @@ permissions:
 jobs:
   publish-gitee:
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      (github.event.workflow_run.conclusion == 'success')
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           lfs: true
+          ref: 'v2-dev'
             
       - name: publish_to_gitee
         id: publish_to_gitee

.github/workflows/publish-github.yaml

@@ -8,7 +8,7 @@ on:
     workflows: [ "build-image-for-release" ]
     types:
       - completed
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -19,13 +19,16 @@ permissions:
 jobs:
   publish-github:
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      (github.event.workflow_run.conclusion == 'success')
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           lfs: true
+          ref: 'v2-dev'
             
       - name: publish_to_github
         id: publish_to_github

.github/workflows/release-image.yml

@@ -4,6 +4,7 @@ on:
     branches: ['v2-dev']
     paths:
       - "trigger/release.trigger"
+  workflow_dispatch:    # 添加手动触发
 #  workflow_run:
 #    workflows: [ "deploy-demo" ]
 #    types:
@@ -25,6 +26,7 @@ jobs:
         with:
           fetch-depth: 0
           lfs: true
+          ref: 'v2-dev'
 
       - name: get_certd_version
         id: get_certd_version

.github/workflows/sync-to-atomgit-dev.yml

@@ -17,6 +17,7 @@ jobs:
         with:
           fetch-depth: 0
           lfs: true
+          ref: v2-dev
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
         run: |
           git config --global user.name "xiaojunnuo"

.github/workflows/sync-to-atomgit.yml

@@ -17,6 +17,7 @@ jobs:
         with:
           fetch-depth: 0
           lfs: true
+          ref: v2
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
         run: |
           git config --global user.name "xiaojunnuo"

.github/workflows/sync-to-cnb-dev.yml

@@ -0,0 +1,35 @@
+name: sync-to-cnb-dev
+on:
+  push:
+    branches: ['v2-dev']
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          lfs: true
+          ref: v2-dev
+      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
+        run: |
+          git config --global user.name "xiaojunnuo"
+          git config --global user.email "xiaojunnuo@qq.com"
+
+      - name: Set git token                 # 3. 给git命令设置token，用于push到目标仓库
+        uses: de-vri-es/setup-git-credentials@v2
+        with:                              # token 格式为： username:password
+          credentials: https://cnb:${{secrets.CNB_TOKEN}}@cnb.cool
+
+      - name: push to cnb               # 4. 执行同步
+        run: |
+          git remote add upstream https://cnb.cool/certd/certd.git
+          git push --set-upstream upstream v2-dev
+

.github/workflows/sync-to-cnb.yml

@@ -0,0 +1,34 @@
+name: sync-to-cnb
+on:
+  push:
+    branches: ['v2']
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          lfs: true
+      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
+        run: |
+          git config --global user.name "xiaojunnuo"
+          git config --global user.email "xiaojunnuo@qq.com"
+
+      - name: Set git token                 # 3. 给git命令设置token，用于push到目标仓库
+        uses: de-vri-es/setup-git-credentials@v2
+        with:                              # token 格式为： username:password
+          credentials: https://cnb:${{secrets.CNB_TOKEN}}@cnb.cool
+
+      - name: push to cnb               # 4. 执行同步
+        run: |
+          git remote add upstream https://cnb.cool/certd/certd.git
+          git push --set-upstream upstream v2
+

.github/workflows/sync-to-gitee-dev.yml

@@ -17,6 +17,7 @@ jobs:
         with:
           fetch-depth: 0
           lfs: true
+          ref: v2-dev
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
         run: |
           git config --global user.name "xiaojunnuo"

CHANGELOG.md

@@ -3,6 +3,46 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* 修复批量执行按钮无效的bug ([49703f0](https://github.com/certd/certd/commit/49703f08e55b303851086d9f36aca562d7999be6))
+* remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100 ([285532d](https://github.com/certd/certd/commit/285532d4318b90d0d7f8154f070274c0a0ec0269))
+
+### Performance Improvements
+
+* 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书 ([ffd2e81](https://github.com/certd/certd/commit/ffd2e8149e3a06bf3eec456ff85dbed793af9e90))
+* 企业模式下面增加个人数据迁移的引导 ([431afd6](https://github.com/certd/certd/commit/431afd618f547cecf9a29433f46d4367619e2ecf))
+* 新增阿里云证书清理插件 ([4b7eeaa](https://github.com/certd/certd/commit/4b7eeaa6e0a14d2e461c7c473a920a0966b1fe8e))
+* 优化远程数据选择框，选择数据时不刷新闪烁 ([7f6a8bc](https://github.com/certd/certd/commit/7f6a8bc87e364685defe7f039264b2de064806c5))
+* 支持复制粘贴任务步骤 ([acc2df2](https://github.com/certd/certd/commit/acc2df29def017fb8165f931b41ef95414966afc))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Bug Fixes
+
+* 修复修改分组报错的bug ([224db7d](https://github.com/certd/certd/commit/224db7da57dbdddf25bcac7faa0a29eb228c5a33))
+
+### Performance Improvements
+
+* 移除passkey的counter递增校验 ([68b669d](https://github.com/certd/certd/commit/68b669d3ff3e13b931939093320ce7237bb02b1b))
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+### Bug Fixes
+
+* 修复阿里云证书订单翻页问题 ([6d43623](https://github.com/certd/certd/commit/6d43623f459a7594599e50a7ed89d67fcc775518))
+* 修复查看证书详情页面错位的bug ([7f37df4](https://github.com/certd/certd/commit/7f37df42274e657892d92e868ceac67e139f3bf2))
+* 修复选择插件页面无法滚动的bug ([d8425bc](https://github.com/certd/certd/commit/d8425bc9c5ee81bb669706c6de6bad69d7c38d8e))
+
+### Performance Improvements
+
+* 优化passkey ([9e12412](https://github.com/certd/certd/commit/9e12412f5fa7800df1d7efaf62cd8fd5d79bb569))
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 ### Bug Fixes

docs/guide/changelogs/CHANGELOG.md

@@ -3,6 +3,53 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* 修复批量执行按钮无效的bug ([49703f0](https://github.com/certd/certd/commit/49703f08e55b303851086d9f36aca562d7999be6))
+* remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100 ([285532d](https://github.com/certd/certd/commit/285532d4318b90d0d7f8154f070274c0a0ec0269))
+
+### Performance Improvements
+
+* 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书 ([ffd2e81](https://github.com/certd/certd/commit/ffd2e8149e3a06bf3eec456ff85dbed793af9e90))
+* 企业模式下面增加个人数据迁移的引导 ([431afd6](https://github.com/certd/certd/commit/431afd618f547cecf9a29433f46d4367619e2ecf))
+* 新增阿里云证书清理插件 ([4b7eeaa](https://github.com/certd/certd/commit/4b7eeaa6e0a14d2e461c7c473a920a0966b1fe8e))
+* 优化远程数据选择框，选择数据时不刷新闪烁 ([7f6a8bc](https://github.com/certd/certd/commit/7f6a8bc87e364685defe7f039264b2de064806c5))
+* 支持复制粘贴任务步骤 ([acc2df2](https://github.com/certd/certd/commit/acc2df29def017fb8165f931b41ef95414966afc))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Bug Fixes
+
+* 修复修改分组报错的bug ([224db7d](https://github.com/certd/certd/commit/224db7da57dbdddf25bcac7faa0a29eb228c5a33))
+
+### Performance Improvements
+
+* 移除passkey的counter递增校验 ([68b669d](https://github.com/certd/certd/commit/68b669d3ff3e13b931939093320ce7237bb02b1b))
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+### Bug Fixes
+
+* 修复阿里云证书订单翻页问题 ([6d43623](https://github.com/certd/certd/commit/6d43623f459a7594599e50a7ed89d67fcc775518))
+* 修复查看证书详情页面错位的bug ([7f37df4](https://github.com/certd/certd/commit/7f37df42274e657892d92e868ceac67e139f3bf2))
+* 修复选择插件页面无法滚动的bug ([d8425bc](https://github.com/certd/certd/commit/d8425bc9c5ee81bb669706c6de6bad69d7c38d8e))
+
+### Performance Improvements
+
+* 优化passkey ([9e12412](https://github.com/certd/certd/commit/9e12412f5fa7800df1d7efaf62cd8fd5d79bb569))
+
+## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
+
+### Bug Fixes
+
+* 修复多选框只能单选的bug ([12700e1](https://github.com/certd/certd/commit/12700e1754319513ac02822ff1588d63420b964e))
+* 修复旧版1panel插件 报sslIds is not iterable的错误 ([50db6f0](https://github.com/certd/certd/commit/50db6f0765e7ec9a5698cd99540d90e188634fb1))
+
 ## [1.39.2](https://github.com/certd/certd/compare/v1.39.1...v1.39.2) (2026-03-16)
 
 ### Bug Fixes

docs/guide/plugins/deploy.md

@@ -1,5 +1,5 @@
 # 任务插件
-共 `125` 款任务插件    
+共 `126` 款任务插件    
 ## 1. 证书申请
 
 | 序号 | 名称 | 说明 |
@@ -81,22 +81,23 @@
 
 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
-| 1.| **阿里云-部署到Ack** | 部署到阿里云Ack集群Ingress等通过Secret管理证书的应用 | 
-| 2.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
-| 3.| **阿里云-部署至任意云资源** | 【不建议使用】需要消耗阿里云自动部署次数，支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品 | 
-| 4.| **阿里云-部署至云原生API网关/AI网关** | 自动部署域名证书至云原生API网关、AI网关 | 
-| 5.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关（APIGateway） | 
-| 6.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
-| 7.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
-| 8.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速)，自动删除过期证书 | 
-| 9.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算（FC3.0） | 
-| 10.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速)，支持更新默认证书和扩展证书 | 
-| 11.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 
-| 12.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
-| 13.| **阿里云-部署至CLB(传统负载均衡)** | 部署证书到阿里云CLB(传统负载均衡) | 
-| 14.| **阿里云-部署至VOD** | 部署证书到阿里云视频点播（vod） | 
-| 15.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
-| 16.| **阿里云-上传证书到CAS** | 上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
+| 1.| **阿里云-删除即将过期证书** | 仅删除未使用的证书 | 
+| 2.| **阿里云-部署到Ack** | 部署到阿里云Ack集群Ingress等通过Secret管理证书的应用 | 
+| 3.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
+| 4.| **阿里云-部署至任意云资源** | 【不建议使用】需要消耗阿里云自动部署次数，支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品 | 
+| 5.| **阿里云-部署至云原生API网关/AI网关** | 自动部署域名证书至云原生API网关、AI网关 | 
+| 6.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关（APIGateway） | 
+| 7.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
+| 8.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
+| 9.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速)，自动删除过期证书 | 
+| 10.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算（FC3.0） | 
+| 11.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速)，支持更新默认证书和扩展证书 | 
+| 12.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 
+| 13.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
+| 14.| **阿里云-部署至CLB(传统负载均衡)** | 部署证书到阿里云CLB(传统负载均衡) | 
+| 15.| **阿里云-部署至VOD** | 部署证书到阿里云视频点播（vod） | 
+| 16.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
+| 17.| **阿里云-上传证书到CAS** | 上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
 ## 6. 华为云
 
 | 序号 | 名称 | 说明 |

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.39.3"
+  "version": "1.39.6"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/publishlab/node-acme-client/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.39.5](https://github.com/publishlab/node-acme-client/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.39.4](https://github.com/publishlab/node-acme-client/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.39.3](https://github.com/publishlab/node-acme-client/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.39.3",
+    "version": "1.39.6",
     "type": "module",
     "module": "scr/index.js",
     "main": "src/index.js",
@@ -18,7 +18,7 @@
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.39.3",
+        "@certd/basic": "^1.39.6",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.9.0",
@@ -70,5 +70,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+    "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/basic

packages/core/basic/build.md

@@ -1 +1 @@
-13:58
+00:03

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -47,5 +47,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,8 +18,8 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/basic": "^1.39.3",
-    "@certd/plus-core": "^1.39.3",
+    "@certd/basic": "^1.39.6",
+    "@certd/plus-core": "^1.39.6",
     "dayjs": "^1.11.7",
     "lodash-es": "^4.17.21",
     "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
     "prettier": "^2.8.8",
     "tslib": "^2.8.1"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -31,5 +31,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/jdcloud",
-  "version": "1.39.3",
+  "version": "1.39.6",
   "description": "jdcloud openApi sdk",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
       "fetch"
     ]
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -17,7 +17,7 @@
     "pub": "npm publish"
   },
   "dependencies": {
-    "@certd/basic": "^1.39.3",
+    "@certd/basic": "^1.39.6",
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
@@ -32,5 +32,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.39.3",
+  "version": "1.39.6",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -28,11 +28,11 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.39.3",
-    "@certd/basic": "^1.39.3",
-    "@certd/pipeline": "^1.39.3",
-    "@certd/plugin-lib": "^1.39.3",
-    "@certd/plus-core": "^1.39.3",
+    "@certd/acme-client": "^1.39.6",
+    "@certd/basic": "^1.39.6",
+    "@certd/pipeline": "^1.39.6",
+    "@certd/plugin-lib": "^1.39.6",
+    "@certd/plus-core": "^1.39.6",
     "@midwayjs/cache": "3.14.0",
     "@midwayjs/core": "3.20.11",
     "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.39.3",
+  "version": "1.39.6",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -46,5 +46,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
     "compile": "tsc --skipLibCheck --watch"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.39.3",
-    "@certd/basic": "^1.39.3",
-    "@certd/pipeline": "^1.39.3",
-    "@certd/plugin-lib": "^1.39.3",
+    "@certd/acme-client": "^1.39.6",
+    "@certd/basic": "^1.39.6",
+    "@certd/pipeline": "^1.39.6",
+    "@certd/plugin-lib": "^1.39.6",
     "psl": "^1.9.0",
     "punycode.js": "^2.3.1"
   },
@@ -38,5 +38,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/plugins/plugin-lib/CHANGELOG.md

@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+### Bug Fixes
+
+* 修复阿里云证书订单翻页问题 ([6d43623](https://github.com/certd/certd/commit/6d43623f459a7594599e50a7ed89d67fcc775518))
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 **Note:** Version bump only for package @certd/plugin-lib

packages/plugins/plugin-lib/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-lib",
   "private": false,
-  "version": "1.39.3",
+  "version": "1.39.6",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
     "@alicloud/pop-core": "^1.7.10",
     "@alicloud/tea-util": "^1.4.11",
     "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.39.3",
-    "@certd/basic": "^1.39.3",
-    "@certd/pipeline": "^1.39.3",
-    "@certd/plus-core": "^1.39.3",
+    "@certd/acme-client": "^1.39.6",
+    "@certd/basic": "^1.39.6",
+    "@certd/pipeline": "^1.39.6",
+    "@certd/plus-core": "^1.39.6",
     "@kubernetes/client-node": "0.21.0",
     "ali-oss": "^6.22.0",
     "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
     "tslib": "^2.8.1",
     "typescript": "^5.4.2"
   },
-  "gitHead": "f47773348312d5480b248c02beed9e162f59e3c7"
+  "gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
 }

packages/plugins/plugin-lib/src/common/util.ts

@@ -43,6 +43,7 @@ export function createRemoteSelectInputDefine(opts?: {
   pager?: boolean;
   component?: any;
   value?: any;
+  pageSize?: number;
 }) {
   const title = opts?.title || "请选择";
   const certDomainsInputKey = opts?.certDomainsInputKey || "certDomains";
@@ -71,6 +72,7 @@ export function createRemoteSelectInputDefine(opts?: {
       search,
       pager,
       multi,
+      pageSize: opts?.pageSize,
       watches: [certDomainsInputKey, accessIdInputKey, ...watches],
       ...opts.component,
     },

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,42 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100 ([285532d](https://github.com/certd/certd/commit/285532d4318b90d0d7f8154f070274c0a0ec0269))
+
+### Performance Improvements
+
+* 企业模式下面增加个人数据迁移的引导 ([431afd6](https://github.com/certd/certd/commit/431afd618f547cecf9a29433f46d4367619e2ecf))
+* 优化远程数据选择框，选择数据时不刷新闪烁 ([7f6a8bc](https://github.com/certd/certd/commit/7f6a8bc87e364685defe7f039264b2de064806c5))
+* 支持复制粘贴任务步骤 ([acc2df2](https://github.com/certd/certd/commit/acc2df29def017fb8165f931b41ef95414966afc))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Bug Fixes
+
+* 修复修改分组报错的bug ([224db7d](https://github.com/certd/certd/commit/224db7da57dbdddf25bcac7faa0a29eb228c5a33))
+
+### Performance Improvements
+
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+### Bug Fixes
+
+* 修复阿里云证书订单翻页问题 ([6d43623](https://github.com/certd/certd/commit/6d43623f459a7594599e50a7ed89d67fcc775518))
+* 修复查看证书详情页面错位的bug ([7f37df4](https://github.com/certd/certd/commit/7f37df42274e657892d92e868ceac67e139f3bf2))
+* 修复选择插件页面无法滚动的bug ([d8425bc](https://github.com/certd/certd/commit/d8425bc9c5ee81bb669706c6de6bad69d7c38d8e))
+
+### Performance Improvements
+
+* 优化passkey ([9e12412](https://github.com/certd/certd/commit/9e12412f5fa7800df1d7efaf62cd8fd5d79bb569))
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 ### Bug Fixes

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.39.3",
+  "version": "1.39.6",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.39.3",
-    "@certd/pipeline": "^1.39.3",
+    "@certd/lib-iframe": "^1.39.6",
+    "@certd/pipeline": "^1.39.6",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/components/plugins/common/remote-select.vue

@@ -64,6 +64,7 @@ const props = defineProps<
     search?: boolean;
     pager?: boolean;
     multi?: boolean;
+    pageSize?: number;
   } & ComponentPropsType
 >();
 
@@ -103,7 +104,7 @@ const loading = ref(false);
 const pagerRef: Ref = ref({
   pageNo: 1,
   total: 0,
-  pageSize: 100,
+  pageSize: props.pageSize || 50,
 });
 const getOptions = async () => {
   if (loading.value) {
@@ -181,7 +182,7 @@ const getOptions = async () => {
         pagerRef.value.pageNo = res.pageNo ?? 1;
       }
       if (res.pageSize != null) {
-        pagerRef.value.pageSize = res.pageSize ?? 100;
+        pagerRef.value.pageSize = res.pageSize ?? pageSize;
       }
       if (res.total != null) {
         pagerRef.value.total = res.total ?? list.length;
@@ -234,9 +235,10 @@ watch(
     const { form } = value;
     const oldForm: any = oldValue?.form;
     let changed = oldForm == null || optionsRef.value.length == 0;
+    debugger;
     if (props.watches && props.watches.length > 0) {
       for (const key of props.watches) {
-        if (oldForm && form[key] != oldForm[key]) {
+        if (oldForm && JSON.stringify(form[key]) != JSON.stringify(oldForm[key])) {
           changed = true;
           break;
         }

packages/ui/certd-client/src/components/project-selector/index.vue

@@ -18,7 +18,8 @@
     </template>
     <div class="rounded pl-3 pr-3 px-2 py-1 flex-center flex pointer items-center bg-accent h-10 button-text" title="当前项目">
       <!-- <fs-icon icon="ion:apps" class="mr-1"></fs-icon> -->
-      当前项目：{{ projectStore.currentProject?.name || "..." }}
+      <span class="hidden md:flex"> 当前项目：</span>
+      <span class="text-ellipsis">{{ projectStore.currentProject?.name || "..." }}</span>
       <fs-icon :icon="currentIcon" class="ml-5"></fs-icon>
     </div>
   </a-dropdown>
@@ -58,7 +59,7 @@ const currentIcon = computed(() => {
 <style lang="less">
 .project-selector {
   &.button-text {
-    min-width: 150px;
+    min-width: 100px;
     max-width: 250px;
     overflow: hidden;
     text-overflow: ellipsis;

packages/ui/certd-client/src/layout/components/user-info/index.vue

@@ -1,6 +1,6 @@
 <template>
   <a-dropdown>
-    <div class="fs-user-info">{{ t("user.greeting") }}，{{ userStore.getUserInfo?.nickName || userStore.getUserInfo?.username }}</div>
+    <div class="fs-user-info" @click="goUserProfile">{{ t("user.greeting") }}，{{ userStore.getUserInfo?.nickName || userStore.getUserInfo?.username }}</div>
     <template #overlay>
       <a-menu>
         <a-menu-item>

packages/ui/certd-client/src/layout/layout-basic.vue

@@ -48,6 +48,9 @@ const avatar = computed(() => {
 async function handleLogout() {
   await userStore.logout(true);
 }
+function goUserProfile() {
+  router.push("/certd/mine/user-profile");
+}
 
 const settingStore = useSettingStore();
 
@@ -90,7 +93,7 @@ const projectStore = useProjectStore();
       </div>
     </template>
     <template #user-dropdown>
-      <UserDropdown :avatar="avatar" :menus="menus" :text="userStore.userInfo?.nickName || userStore.userInfo?.username" description="" tag-text="" @logout="handleLogout" />
+      <UserDropdown :avatar="avatar" :menus="menus" :text="userStore.userInfo?.nickName || userStore.userInfo?.username" description="" tag-text="" @logout="handleLogout" @user-profile="goUserProfile" />
     </template>
     <template #lock-screen>
       <LockScreen :avatar @to-login="handleLogout" />

packages/ui/certd-client/src/locales/langs/en-US/authentication.ts

@@ -103,4 +103,6 @@ export default {
   deviceNameHelper: "Please enter the device name， used to identify the device",
   passkeyRegisterHelper: "Site domain change will invalidate passkey",
   userInfo: "User Info",
+  securitySettingTip: "2FA Setting",
+  securitySetting: "2FA Setting",
 };

packages/ui/certd-client/src/locales/langs/en-US/certd.ts

@@ -795,6 +795,8 @@ export default {
       reverseProxyEmpty: "No reverse proxy list configured",
       environmentVars: "Environment Variables",
       environmentVarsHelper: "configure the runtime environment variables, one per line, format: KEY=VALUE",
+
+      bindUrl: "Bind URL",
     },
   },
   modal: {

packages/ui/certd-client/src/locales/langs/zh-CN/authentication.ts

@@ -105,4 +105,6 @@ export default {
   deviceNameHelper: "请输入当前设备名称，绑定多个时好做区分",
   passkeyRegisterHelper: "1、站点域名变更会导致passkey失效;\n2、同一设备同一个用户绑定多次只有最后一次的有效，之前绑定的会失效，需要手动删除",
   userInfo: "账号信息",
+  securitySettingTip: "2FA设置",
+  securitySetting: "2FA设置",
 };

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -804,6 +804,7 @@ export default {
       reverseProxyEmpty: "未配置反向代理",
       environmentVars: "环境变量",
       environmentVarsHelper: "配置运行时环境变量，每行一个，格式：KEY=VALUE",
+      bindUrl: "绑定URL",
     },
   },
   modal: {

packages/ui/certd-client/src/store/settings/index.tsx

@@ -272,14 +272,27 @@ export const useSettingStore = defineStore({
     },
     async checkUrlBound() {
       const userStore = useUserStore();
-      const settingStore = useSettingStore();
       if (!userStore.isAdmin) {
         return;
       }
+      const bindUrl = this.installInfo.bindUrl;
+      const bindUrl2 = this.installInfo.bindUrl2;
+      if (!bindUrl) {
+        //绑定url
+        await this.doBindUrl("url");
+      } else {
+        //检查当前url 是否与绑定的url一致
+        const url = window.location.href;
+        if (!url.startsWith(bindUrl) && !url.startsWith(bindUrl2)) {
+          this.openBindUrlModal();
+        }
+      }
+    },
+
+    openBindUrlModal() {
       const event: any = { ModalRef: null };
       mitter.emit("getModal", event);
       const Modal = event.ModalRef;
-      let modalRef: any = null;
       const bindUrl = this.installInfo.bindUrl;
       const bindUrl2 = this.installInfo.bindUrl2;
 
@@ -289,57 +302,47 @@ export const useSettingStore = defineStore({
           modalRef.destroy();
         }
       };
-
-      if (!bindUrl) {
-        //绑定url
-        await this.doBindUrl("url");
-      } else {
-        //检查当前url 是否与绑定的url一致
-        const url = window.location.href;
-        if (!url.startsWith(bindUrl) && !url.startsWith(bindUrl2)) {
-          modalRef = Modal.warning({
-            title: "URL地址未绑定，是否绑定此地址？",
-            width: 500,
-            keyboard: false,
-            content: () => {
-              return (
-                <div class="p-4">
-                  <div class="flex items-center justify-between">
-                    <span>
-                      绑定地址1：
-                      <a-tag color="green">{bindUrl || "未占用"}</a-tag>
-                    </span>
-                    <a-button type="primary" onClick={() => doBindRequest("url")}>
-                      绑定到地址1
-                    </a-button>
-                  </div>
-                  <div class="flex items-center justify-between mt-3">
-                    <span>
-                      绑定地址2：
-                      <a-tag color="green">{bindUrl2 || "未占用"}</a-tag>
-                    </span>
-                    <a-button type="primary" onClick={() => doBindRequest("url2")}>
-                      绑定到地址2
-                    </a-button>
-                  </div>
-                </div>
-              );
-            },
-            onOk: async () => {
-              // await this.doBindUrl();
-              window.location.href = bindUrl;
-            },
-            okButtonProps: {
-              danger: true,
-            },
-            okText: "不，回到原来的地址",
-            cancelText: "不，回到原来的地址",
-            onCancel: () => {
-              window.location.href = bindUrl;
-            },
-          });
-        }
-      }
+      const modalRef: any = Modal.warning({
+        title: "URL地址未绑定，是否绑定此地址？",
+        width: 500,
+        keyboard: false,
+        content: () => {
+          return (
+            <div class="p-4">
+              <div class="flex items-center justify-between">
+                <span>
+                  绑定地址1：
+                  <a-tag color="green">{bindUrl || "未占用"}</a-tag>
+                </span>
+                <a-button type="primary" onClick={() => doBindRequest("url")}>
+                  绑定到地址1
+                </a-button>
+              </div>
+              <div class="flex items-center justify-between mt-3">
+                <span>
+                  绑定地址2：
+                  <a-tag color="green">{bindUrl2 || "未占用"}</a-tag>
+                </span>
+                <a-button type="primary" onClick={() => doBindRequest("url2")}>
+                  绑定到地址2
+                </a-button>
+              </div>
+            </div>
+          );
+        },
+        onOk: async () => {
+          // await this.doBindUrl();
+          window.location.href = bindUrl;
+        },
+        okButtonProps: {
+          danger: true,
+        },
+        okText: "不，回到原来的地址",
+        cancelText: "不，回到原来的地址",
+        onCancel: () => {
+          window.location.href = bindUrl;
+        },
+      });
     },
     async loadProductInfo() {
       try {

packages/ui/certd-client/src/style/certd.less

@@ -118,3 +118,16 @@ span.fs-icon-svg {
   }
 }
 
+
+button.ant-btn.ant-btn-default.isPlus{
+  color: #c5913f;
+  border: 1px solid #c5913f;
+
+  &:disabled {
+    cursor: not-allowed;
+    border-color: hsl(240 5.9% 90%);
+    color: rgba(50, 54, 57, 0.25);
+    background-color: rgba(50, 54, 57, 0.04);
+    box-shadow: none;
+  }
+}

packages/ui/certd-client/src/vben/layouts/widgets/user-dropdown/user-dropdown.vue

@@ -67,7 +67,7 @@ const props = withDefaults(defineProps<Props>(), {
   hoverDelay: 500,
 });
 
-const emit = defineEmits<{ logout: [] }>();
+const emit = defineEmits<{ logout: []; userProfile: [] }>();
 
 const { globalLockScreenShortcutKey, globalLogoutShortcutKey } = usePreferences();
 const lockStore = useLockStore();
@@ -132,6 +132,11 @@ function handleSubmitLogout() {
   logoutModalApi.close();
 }
 
+function handleUserProfile() {
+  emit("userProfile");
+  openPopover.value = false;
+}
+
 if (enableShortcutKey.value) {
   const keys = useMagicKeys();
   whenever(keys["Alt+KeyQ"]!, () => {
@@ -173,7 +178,7 @@ if (enableShortcutKey.value) {
     </DropdownMenuTrigger>
     <DropdownMenuContent class="mr-2 min-w-[240px] p-0 pb-1">
       <div ref="refContent">
-        <DropdownMenuLabel class="flex items-center p-3">
+        <DropdownMenuLabel class="flex items-center p-3 pointer" @click="handleUserProfile">
           <VbenAvatar :alt="text" :src="avatar" class="size-12" dot dot-class="bottom-0 right-1 border-2 size-4 bg-green-500" />
           <div class="ml-2 w-full">
             <div v-if="tagText || text || $slots.tagText" class="text-foreground mb-1 flex items-center text-sm font-medium">

packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx

@@ -18,6 +18,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
     const { form, row } = req;
     form.id = row.id;
     form.type = props.type;
+    delete form.access;
+    delete form.keyId;
     const res = await context.api.UpdateObj(form);
     lastResRef.value = res;
     return res;
@@ -30,6 +32,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
   const addRequest = async (req: AddReq) => {
     const { form } = req;
     form.type = props.type;
+    delete form.access;
     const res = await context.api.AddObj(form);
     lastResRef.value = res;
     return res;
@@ -70,6 +73,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
           width: "1050px",
         },
       },
+
       rowHandle: {
         width: 200,
       },
@@ -89,6 +93,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
             }, // 点击行
           };
         },
+        remove: {
+          confirmMessage: "授权如果已经被使用，可能会导致流水线无法正常运行，请谨慎操作",
+        },
       },
       columns: {
         id: {

packages/ui/certd-client/src/views/certd/access/crud.tsx

@@ -15,6 +15,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
   const editRequest = async (req: EditReq) => {
     const { form, row } = req;
     form.id = row.id;
+    delete form.access;
     const res = await api.UpdateObj(form);
     return res;
   };
@@ -25,6 +26,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
 
   const addRequest = async (req: AddReq) => {
     const { form } = req;
+    delete form.access;
     const res = await api.AddObj(form);
     return res;
   };

packages/ui/certd-client/src/views/certd/addon/crud.tsx

@@ -16,6 +16,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
   const editRequest = async (req: EditReq) => {
     const { form, row } = req;
     form.id = row.id;
+    delete form.body;
     const res = await api.UpdateObj(form);
     return res;
   };
@@ -26,6 +27,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
 
   const addRequest = async (req: AddReq) => {
     const { form } = req;
+    delete form.body;
     const res = await api.AddObj(form);
     return res;
   };

packages/ui/certd-client/src/views/certd/mine/user-profile.vue

@@ -35,11 +35,15 @@
                 </a-tag>
               </div>
             </div>
-            <div class="action-buttons">
+            <div class="action-buttons gap-2">
               <a-button type="primary" class="action-btn" @click="doUpdate">
                 {{ t("authentication.updateProfile") }}
               </a-button>
-              <change-password-button class="ml-10" :show-button="true" />
+              <change-password-button :show-button="true" />
+
+              <a-button type="primary" class="action-btn" @click="goSecuritySetting">
+                {{ t("authentication.securitySettingTip") }}
+              </a-button>
             </div>
           </div>
         </div>
@@ -88,7 +92,7 @@
             </div>
             <div class="passkey-list">
               <div v-for="passkey in passkeys" :key="passkey.id" class="passkey-item">
-                <div class="passkey-icon">
+                <div class="passkey-icon hidden md:flex">
                   <fs-icon icon="ion:finger-print" class="icon" />
                 </div>
                 <div class="passkey-info">
@@ -142,6 +146,7 @@ import { useSettingStore } from "/@/store/settings";
 import { isEmpty } from "lodash-es";
 import { dict } from "@fast-crud/fast-crud";
 import dayjs from "dayjs";
+import { useRouter } from "vue-router";
 
 const { t } = useI18n();
 
@@ -175,6 +180,11 @@ function doUpdate() {
   });
 }
 
+const router = useRouter();
+function goSecuritySetting() {
+  router.push("/certd/mine/security");
+}
+
 const oauthBounds = ref([]);
 const oauthProviders = ref([]);
 
@@ -278,20 +288,32 @@ async function doRegisterPasskey(deviceName: string) {
     //   type: "public-key",
     // }));
 
-    const credential = await (navigator.credentials as any).create({
-      publicKey: {
-        challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
-        rp: options.rp,
-        pubKeyCredParams: options.pubKeyCredParams,
-        timeout: options.timeout || 60000,
-        attestation: options.attestation,
-        // excludeCredentials: excludeCredentials,
-        user: {
-          id: new TextEncoder().encode(options.userId + ""),
-          name: userInfo.value.username,
-          displayName: deviceName,
-        },
+    console.log("passkey register options:", options, JSON.stringify(options));
+    const publicKey = {
+      challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
+      rp: options.rp,
+      pubKeyCredParams: options.pubKeyCredParams,
+      timeout: options.timeout || 60000,
+      // attestation: options.attestation,
+      // excludeCredentials: excludeCredentials,
+      // extensions: options.extensions,
+      // authenticatorSelection: options.authenticatorSelection,
+      // hints: options.hints,
+      user: {
+        id: new TextEncoder().encode(options.userId + ""),
+        name: userInfo.value.username + "@" + deviceName,
+        displayName: deviceName,
       },
+      // 关键配置在这里 👇
+      authenticatorSelection: {
+        residentKey: "required", // 或 "preferred"，请求创建可发现凭证
+        requireResidentKey: true, // 为兼容旧浏览器，设置与 residentKey 相同的值
+        userVerification: "preferred", // 用户验证策略
+      },
+    };
+    console.log("passkey register publicKey:", publicKey, JSON.stringify(publicKey));
+    const credential = await (navigator.credentials as any).create({
+      publicKey,
     });
 
     if (!credential) {
@@ -310,6 +332,7 @@ async function doRegisterPasskey(deviceName: string) {
     console.log("credential", credential, response);
 
     const verifyRes: any = await api.verifyPasskeyRegistration(response, options.challenge, deviceName);
+    console.log("verifyRes:", verifyRes, JSON.stringify(verifyRes));
     await loadPasskeys();
   } catch (e: any) {
     console.error("Passkey注册失败:", e);
@@ -721,7 +744,6 @@ onMounted(async () => {
   .passkey-icon {
     width: 48px;
     height: 48px;
-    display: flex;
     align-items: center;
     justify-content: center;
     background: linear-gradient(135deg, #11998e 0%, #38ef7d 100%);
@@ -749,8 +771,8 @@ onMounted(async () => {
   .passkey-meta {
     display: flex;
     flex-wrap: wrap;
-    gap: 12px;
-    font-size: 13px;
+    gap: 4px;
+    font-size: 12px;
   }
 
   .meta-item {

packages/ui/certd-client/src/views/certd/notification/crud.tsx

@@ -11,6 +11,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
   const editRequest = async (req: EditReq) => {
     const { form, row } = req;
     form.id = row.id;
+    delete form.body;
     const res = await api.UpdateObj(form);
     return res;
   };
@@ -21,6 +22,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
 
   const addRequest = async (req: AddReq) => {
     const { form } = req;
+    delete form.body;
     const res = await api.AddObj(form);
     return res;
   };

packages/ui/certd-client/src/views/certd/notification/notification-selector/modal/crud.tsx

@@ -14,6 +14,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
   const editRequest = async (req: EditReq) => {
     const { form, row } = req;
     form.id = row.id;
+    delete form.body;
     const res = await context.api.UpdateObj(form);
     lastResRef.value = res;
     return res;
@@ -25,6 +26,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
 
   const addRequest = async (req: AddReq) => {
     const { form } = req;
+    delete form.body;
     const res = await context.api.AddObj(form);
     lastResRef.value = res;
     return res;

packages/ui/certd-client/src/views/certd/pipeline/cert-view.vue

@@ -100,7 +100,10 @@ function formatDate(dateStr: string): string {
   .cert-detail {
     table {
       width: 100%;
-      table-layout: fixed;
+      table-layout: fixed !important;
+    }
+    .ant-descriptions-item-label {
+      width: 90px;
     }
     .fingerprint {
       .label {

packages/ui/certd-client/src/views/certd/pipeline/detail.vue

@@ -29,15 +29,15 @@ const pipelineOptions: PipelineOptions = {
     onLoaded(detail);
     return {
       pipeline: {
-        id: detail.pipeline.id,
         stages: [],
         triggers: [],
         ...JSON.parse(detail.pipeline.content || "{}"),
-        type: detail.pipeline.type,
-        from: detail.pipeline.from,
+        id: detail.pipeline.id,
         userId: detail.pipeline.userId,
         projectId: detail.pipeline.projectId,
       },
+      type: detail.pipeline.type,
+      from: detail.pipeline.from,
       validTime: detail.pipeline.validTime,
       webhookKey: detail.pipeline.webhookKey,
       id: detail.pipeline.id,

packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/step-form/index.vue

@@ -25,7 +25,7 @@
           </a-row>
         </template>
         <div class="flex-col h-100 overflow-hidden md:ml-5 md:mr-5 step-form-body">
-          <a-tabs v-model:active-key="pluginGroupActive" tab-position="left" class="flex-1 overflow-hidden">
+          <a-tabs v-model:active-key="pluginGroupActive" tab-position="left" class="flex-1 overflow-hidden h-full">
             <template v-for="group of computedPluginGroups" :key="group.key">
               <a-tab-pane v-if="(group.key === 'admin' && userStore.isAdmin) || group.key !== 'admin'" :key="group.key" class="scroll-y">
                 <template #tab>

packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-form/copy.ts

@@ -0,0 +1,39 @@
+import { reactive, ref } from "vue";
+
+export class CopyeStore {
+  type: "step" | "steps" | "task" | "tasks";
+  target: any;
+
+  getCopyedCount() {
+    if (this.type === "step") {
+      return 1;
+    } else if (this.type === "steps") {
+      return this.target.length;
+    } else if (this.type === "task") {
+      return 1;
+    } else if (this.type === "tasks") {
+      return this.target.length;
+    } else {
+      return 0;
+    }
+  }
+
+  setStep(target: any) {
+    this.target = target;
+    this.type = "step";
+  }
+  setSteps(target: any) {
+    this.target = target;
+    this.type = "steps";
+  }
+  setTask(target: any) {
+    this.target = target;
+    this.type = "task";
+  }
+  setTasks(target: any) {
+    this.target = target;
+    this.type = "tasks";
+  }
+}
+
+export const Copyed: any = reactive(new CopyeStore());

packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-form/index.vue

@@ -29,7 +29,17 @@
             <a-form-item :value="currentTask.steps" name="steps" label="" :wrapper-col="{ span: 24 }" :rules="[{ required: true, message: '至少需要一个步骤，或者你可以点击标题右边删除按钮删除此任务' }]">
               <a-descriptions title="任务步骤" size="small">
                 <template #extra>
-                  <a-button type="primary" @click="stepAdd(currentTask)">添加步骤</a-button>
+                  <div class="flex gap-1">
+                    <a-button type="primary" @click="stepAdd(currentTask)">添加步骤</a-button>
+                    <a-tooltip title="复制此任务下的所有步骤">
+                      <a-button type="default" class="isPlus" :disabled="currentTask.steps?.length === 0" @click="stepsCopy(currentTask)">复制</a-button>
+                    </a-tooltip>
+                    <a-tooltip title="可以从其他任务复制后到此处粘贴">
+                      <a-badge :count="Copyed.getCopyedCount()">
+                        <a-button type="default" class="isPlus" :disabled="Copyed.getCopyedCount() === 0" @click="stepPaste(currentTask)">粘贴</a-button>
+                      </a-badge>
+                    </a-tooltip>
+                  </div>
                 </template>
               </a-descriptions>
               <v-draggable v-model="currentTask.steps" class="step-list" handle=".handle" item-key="id" :disabled="!settingStore.isPlus">
@@ -68,14 +78,15 @@
 
 <script lang="ts">
 import { provide, Ref, ref } from "vue";
-import * as _ from "lodash-es";
 import { nanoid } from "nanoid";
 import PiStepForm from "../step-form/index.vue";
-import { Modal } from "ant-design-vue";
+import { message, Modal } from "ant-design-vue";
 import VDraggable from "vuedraggable";
 import { useUserStore } from "/@/store/user";
 import { useSettingStore } from "/@/store/settings";
 import { filter } from "lodash-es";
+import { Copyed } from "./copy";
+import { cloneDeep, merge } from "lodash-es";
 export default {
   name: "PiTaskForm",
   components: { PiStepForm, VDraggable },
@@ -89,6 +100,7 @@ export default {
   setup(props: any, ctx: any) {
     const userStore = useUserStore();
     const settingStore = useSettingStore();
+
     function useStep() {
       const stepFormRef: Ref<any> = ref(null);
       const currentStepIndex = ref(0);
@@ -106,10 +118,42 @@ export default {
       };
 
       const stepCopy = (task: any, step: any, stepIndex: any) => {
-        step = _.cloneDeep(step);
+        settingStore.checkPlus();
+        step = cloneDeep(step);
         step.id = nanoid();
-        step.title = step.title + "_copy";
-        stepAdd(task, step);
+        Copyed.type = "step";
+        Copyed.target = step;
+        message.success("步骤配置复制成功，您可以到其他任务编辑页面进行粘贴");
+      };
+
+      const stepsCopy = (task: any) => {
+        settingStore.checkPlus();
+        const steps = cloneDeep(task.steps);
+        Copyed.type = "steps";
+        Copyed.target = steps;
+        message.success("本任务的所有步骤复制成功，您可以到其他任务编辑页面进行粘贴");
+      };
+
+      const stepPaste = (task: any) => {
+        settingStore.checkPlus();
+        if (!Copyed.target) {
+          message.error("请先复制");
+          return;
+        }
+        if (Copyed.type === "step") {
+          const step = cloneDeep(Copyed.target);
+          step.id = nanoid();
+          step.title = step.title + "_copy";
+          task.steps.push(step);
+        } else if (Copyed.type === "steps") {
+          const steps = cloneDeep(Copyed.target);
+          for (const item of steps) {
+            item.id = nanoid();
+            item.title = item.title + "_copy";
+            task.steps.push(item);
+          }
+        }
+        message.success("粘贴成功");
       };
       const stepEdit = (task: any, step: any, stepIndex: any) => {
         currentStepIndex.value = stepIndex;
@@ -144,7 +188,7 @@ export default {
         step.disabled = !!!step.disabled;
       };
 
-      return { stepAdd, stepEdit, stepCopy, stepDelete, toggleDisabled, stepFormRef };
+      return { stepAdd, stepEdit, stepCopy, stepDelete, toggleDisabled, stepFormRef, stepPaste, stepsCopy };
     }
 
     /**
@@ -181,7 +225,7 @@ export default {
 
       const taskOpen = (task: any, emit: any) => {
         callback.value = emit;
-        currentTask.value = _.merge({ steps: {} }, task);
+        currentTask.value = merge({ steps: {} }, task);
         console.log("currentTaskOpen", currentTask.value);
         taskDrawerShow();
       };
@@ -189,7 +233,7 @@ export default {
       const taskAdd = (emit: any, taskMerge: any) => {
         mode.value = "add";
         const blankTask: any = { id: nanoid(), title: "新任务", steps: [], status: null };
-        const task: any = _.merge(blankTask, taskMerge);
+        const task: any = merge(blankTask, taskMerge);
         taskOpen(task, emit);
       };
 
@@ -262,6 +306,7 @@ export default {
       wrapperCol: { span: 20 },
       ...useTaskForm(),
       ...useStep(),
+      Copyed,
     };
   },
 };

packages/ui/certd-client/src/views/certd/project/detail/index.vue

@@ -49,6 +49,7 @@ defineOptions({
 
 const route = useRoute();
 const projectIdStr = route.query.projectId as string;
+const migrate = route.query.migrate as string;
 let projectId = Number(projectIdStr);
 const projectStore = useProjectStore();
 if (!projectId) {
@@ -116,7 +117,11 @@ onMounted(async () => {
     return;
   }
   await loadProjectDetail();
-  crudExpose.doRefresh();
+  await crudExpose.doRefresh();
+
+  if (migrate === "true") {
+    openTransferDialog();
+  }
 });
 onActivated(async () => {
   await crudExpose.doRefresh();

packages/ui/certd-client/src/views/framework/login/index.vue

@@ -46,21 +46,11 @@
               </a-form-item>
             </template>
           </a-tab-pane>
-          <a-tab-pane v-if="settingStore.sysPublic.passkeyEnabled && settingStore.isPlus" key="passkey" :tab="t('authentication.passkeyTab')">
-            <template v-if="formState.loginType === 'passkey'">
-              <div v-if="!passkeySupported" class="text-red-500 text-sm mt-2 text-center mb-10">
-                {{ t("authentication.passkeyNotSupported") }}
-              </div>
-            </template>
-          </a-tab-pane>
         </a-tabs>
         <a-form-item>
-          <a-button v-if="formState.loginType !== 'passkey'" type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
+          <a-button type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
             {{ queryBindCode ? t("authentication.bindButton") : t("authentication.loginButton") }}
           </a-button>
-          <a-button v-else type="primary" size="large" html-type="button" :loading="loading" class="login-button" :disabled="!passkeySupported" @click="handlePasskeyLogin">
-            {{ t("authentication.passkeyLogin") }}
-          </a-button>
         </a-form-item>
         <a-form-item>
           <div class="mt-2 flex justify-between items-center">
@@ -73,7 +63,6 @@
                 {{ t("authentication.forgotPassword") }}
               </a>
             </div>
-
             <router-link v-if="hasRegisterTypeEnabled() && !queryBindCode" class="register" :to="{ name: 'register' }">
               {{ t("authentication.registerLink") }}
             </router-link>
@@ -81,7 +70,7 @@
         </a-form-item>
       </template>
 
-      <div v-if="!queryBindCode && settingStore.sysPublic.oauthEnabled && settingStore.isPlus" class="w-full">
+      <div v-if="!queryBindCode && (settingStore.sysPublic.oauthEnabled || settingStore.sysPublic.passkeyEnabled) && settingStore.isPlus" class="w-full">
         <oauth-footer :oauth-only="isOauthOnly"></oauth-footer>
       </div>
     </a-form>
@@ -195,57 +184,6 @@ const twoFactor = reactive({
   verifyCode: "",
 });
 
-const passkeySupported = ref(false);
-const passkeyEnabled = ref(false);
-
-const checkPasskeySupport = () => {
-  passkeySupported.value = false;
-  if (typeof window !== "undefined" && "credentials" in navigator && "PublicKeyCredential" in window) {
-    passkeySupported.value = true;
-  }
-};
-
-const handlePasskeyLogin = async () => {
-  if (!passkeySupported.value) {
-    notification.error({ message: t("authentication.passkeyNotSupported") });
-    return;
-  }
-
-  loading.value = true;
-  try {
-    const optionsResponse: any = await request({
-      url: "/passkey/generateAuthentication",
-      method: "post",
-    });
-    const options = optionsResponse;
-
-    const credential = await (navigator.credentials as any).get({
-      publicKey: {
-        challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
-        rpId: options.rpId,
-        allowCredentials: options.allowCredentials || [],
-        timeout: options.timeout || 60000,
-      },
-    });
-
-    if (!credential) {
-      throw new Error("Passkey认证失败");
-    }
-
-    const loginRes: any = await UserApi.loginByPasskey({
-      credential,
-      challenge: options.challenge,
-    });
-
-    await userStore.onLoginSuccess(loginRes);
-  } catch (e: any) {
-    console.error("Passkey登录失败:", e);
-    notification.error({ message: e.message || "Passkey登录失败" });
-  } finally {
-    loading.value = false;
-  }
-};
-
 const handleFinish = async () => {
   loading.value = true;
   try {
@@ -294,9 +232,7 @@ const isOauthOnly = computed(() => {
   return sysPublicSettings.oauthOnly && settingStore.isPlus && sysPublicSettings.oauthEnabled;
 });
 
-onMounted(() => {
-  checkPasskeySupport();
-});
+onMounted(() => {});
 </script>
 
 <style lang="less">

packages/ui/certd-client/src/views/framework/login/passkey-login.vue

@@ -0,0 +1,85 @@
+<template>
+  <div v-if="passkeyEnabled && isPlus" class="oauth-icon-button" :class="{ pointer: passkeySupported }" @click="handlePasskeyLogin">
+    <div><fs-icon icon="ion:finger-print-outline" :class="{ 'text-blue-600': passkeySupported, 'text-gray-400': !passkeySupported }" class="text-40" /></div>
+    <div class="ellipsis title" :title="t('authentication.passkeyLogin')" :class="{ 'text-gray-400': !passkeySupported }">{{ t("authentication.passkeyLogin") }}</div>
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { ref, computed, onMounted } from "vue";
+import { useI18n } from "/@/locales";
+import { useSettingStore } from "/@/store/settings";
+import { notification } from "ant-design-vue";
+import { request } from "/src/api/service";
+import * as UserApi from "/src/store/user/api.user";
+import { useUserStore } from "/src/store/user";
+
+const { t } = useI18n();
+const settingStore = useSettingStore();
+const userStore = useUserStore();
+
+const loading = ref(false);
+const passkeySupported = ref(false);
+
+const passkeyEnabled = computed(() => settingStore.sysPublic.passkeyEnabled);
+const isPlus = computed(() => settingStore.isPlus);
+
+const checkPasskeySupport = () => {
+  passkeySupported.value = false;
+  if (typeof window !== "undefined" && "credentials" in navigator && "PublicKeyCredential" in window) {
+    passkeySupported.value = true;
+  }
+};
+
+const handlePasskeyLogin = async () => {
+  if (!passkeySupported.value) {
+    notification.error({ message: t("authentication.passkeyNotSupported") });
+    return;
+  }
+
+  loading.value = true;
+  try {
+    const optionsResponse: any = await request({
+      url: "/passkey/generateAuthentication",
+      method: "post",
+    });
+    const options = optionsResponse;
+
+    console.log("passkey authentication options:", options, JSON.stringify(options));
+    const credential = await (navigator.credentials as any).get({
+      publicKey: {
+        challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
+        rpId: options.rpId,
+        allowCredentials: options.allowCredentials || [],
+        timeout: options.timeout || 60000,
+        authenticatorSelection: {
+          residentKey: "required",
+          requireResidentKey: true,
+          userVerification: "preferred",
+        },
+      },
+    });
+
+    console.log("passkey authentication credential:", credential, JSON.stringify(credential));
+    if (!credential) {
+      throw new Error("Passkey认证失败");
+    }
+
+    const loginRes: any = await UserApi.loginByPasskey({
+      credential,
+      challenge: options.challenge,
+    });
+
+    await userStore.onLoginSuccess(loginRes);
+  } catch (e: any) {
+    console.error("Passkey登录失败:", e);
+    notification.error({ message: e.message || "Passkey登录失败" });
+  } finally {
+    loading.value = false;
+  }
+};
+
+onMounted(() => {
+  checkPasskeySupport();
+});
+</script>

packages/ui/certd-client/src/views/framework/oauth/oauth-footer.vue

@@ -3,7 +3,8 @@
     <div class="oauth-title">
       <div class="oauth-title-text">{{ computedTitle }}</div>
     </div>
-    <div class="flex justify-center items-center gap-4">
+    <div class="flex justify-center items-center gap-4 flex-wrap md:flex-nowrap">
+      <passkey-login></passkey-login>
       <template v-for="item in oauthProviderList" :key="item.type">
         <div v-if="item.addonId" class="oauth-icon-button pointer" @click="goOauthLogin(item.name)">
           <div><fs-icon :icon="item.icon" class="text-blue-600 text-40" /></div>
@@ -19,6 +20,7 @@ import * as api from "./api";
 import { useI18n } from "vue-i18n";
 import { useSettingStore } from "/@/store/settings";
 import { useRoute } from "vue-router";
+import PasskeyLogin from "../login/passkey-login.vue";
 
 const oauthProviderList = ref([]);
 const props = defineProps<{

packages/ui/certd-client/src/views/sys/settings/tabs/mode.vue

@@ -8,9 +8,10 @@
         </div>
         <div class="helper">SaaS模式：每个用户管理自己的流水线和授权资源，独立使用。</div>
         <div class="helper">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
+        <div class="helper"><a @click="adminModeIntroOpen = true">更多管理模式介绍</a></div>
         <div class="helper text-red-500">建议在开始使用时固定一个合适的模式，之后就不要随意切换了。</div>
+        <div v-if="formState.public.adminMode === 'enterprise'" class="helper">设置为企业模式之后，之前创建的个人数据不会显示，您可以选择<a @click="goCurrentProject"> 将个人数据迁移到项目</a></div>
         <div v-if="settingsStore.isComm" class="helper text-red-500">商业版不建议设置为企业模式，除非你确定要转成企业内部使用</div>
-        <div><a @click="adminModeIntroOpen = true"> 更多管理模式介绍</a></div>
       </a-form-item>
 
       <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
@@ -33,6 +34,7 @@ import { useI18n } from "/src/locales";
 import { dict } from "@fast-crud/fast-crud";
 import { useProjectStore } from "/@/store/project";
 import AdminModeIntro from "/@/views/sys/enterprise/project/intro.vue";
+import { useRouter } from "vue-router";
 const { t } = useI18n();
 
 defineOptions({
@@ -82,5 +84,15 @@ const onFinish = async (form: any) => {
     saveLoading.value = false;
   }
 };
+
+const router = useRouter();
+const goCurrentProject = () => {
+  router.push({
+    path: "/certd/project/detail",
+    query: {
+      migrate: "true",
+    },
+  });
+};
 </script>
 <style lang="less"></style>

packages/ui/certd-client/src/views/sys/settings/tabs/oauth.vue

@@ -8,7 +8,7 @@
         </div>
         <pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
         <div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
-          {{ t("certd.sys.setting.passkeyHostnameNotSame") }}
+          {{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
         </div>
       </a-form-item>
       <a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">

packages/ui/certd-client/vite.config.ts

@@ -88,7 +88,7 @@ export default (req: any) => {
       host: "0.0.0.0",
       port: 3008,
       fs: devServerFs,
-      allowedHosts: ["localhost", "127.0.0.1", "yfy.docmirror.cn", "docmirror.top", "*"],
+      allowedHosts: ["localhost", "127.0.0.1", "yfy.docmirror.cn", "docmirror.top", "*", "local.dev"],
       proxy: {
         // with options
         "/api": {
@@ -100,7 +100,7 @@ export default (req: any) => {
         "/certd/api": {
           //配套后端 https://github.com/fast-crud/fs-server-js
           target: "http://127.0.0.1:7001/api",
-          rewrite: path => path.replace(/^\/certd\/api/, ""),
+          rewrite: (path: any) => path.replace(/^\/certd\/api/, ""),
           //忽略证书
           // agent: new https.Agent({ rejectUnauthorized: false }),
         },

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,36 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* 修复批量执行按钮无效的bug ([49703f0](https://github.com/certd/certd/commit/49703f08e55b303851086d9f36aca562d7999be6))
+
+### Performance Improvements
+
+* 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书 ([ffd2e81](https://github.com/certd/certd/commit/ffd2e8149e3a06bf3eec456ff85dbed793af9e90))
+* 新增阿里云证书清理插件 ([4b7eeaa](https://github.com/certd/certd/commit/4b7eeaa6e0a14d2e461c7c473a920a0966b1fe8e))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Performance Improvements
+
+* 移除passkey的counter递增校验 ([68b669d](https://github.com/certd/certd/commit/68b669d3ff3e13b931939093320ce7237bb02b1b))
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+### Bug Fixes
+
+* 修复阿里云证书订单翻页问题 ([6d43623](https://github.com/certd/certd/commit/6d43623f459a7594599e50a7ed89d67fcc775518))
+
+### Performance Improvements
+
+* 优化passkey ([9e12412](https://github.com/certd/certd/commit/9e12412f5fa7800df1d7efaf62cd8fd5d79bb569))
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)
 
 ### Bug Fixes

packages/ui/certd-server/metadata/deploy_AliyunDeleteExpiringCert.yaml

@@ -0,0 +1,63 @@
+showRunStrategy: false
+default:
+  strategy:
+    runStrategy: 0
+name: AliyunDeleteExpiringCert
+title: 阿里云-删除即将过期证书
+icon: ant-design:aliyun-outlined
+group: aliyun
+desc: 仅删除未使用的证书
+needPlus: true
+input:
+  accessId:
+    title: Access提供者
+    helper: access 授权
+    component:
+      name: access-selector
+      type: aliyun
+    required: true
+    order: 0
+  endpoint:
+    title: 地域
+    helper: 阿里云CAS证书服务地域
+    component:
+      name: a-select
+      options:
+        - value: cas.aliyuncs.com
+          label: 中国大陆
+        - value: cas.ap-southeast-1.aliyuncs.com
+          label: 新加坡
+    required: true
+    value: cas.aliyuncs.com
+    order: 0
+  maxCount:
+    title: 最大删除数量
+    helper: 单次运行最大删除数量
+    value: 100
+    component:
+      name: a-input-number
+      vModel: value
+    required: true
+    order: 0
+  expiringDays:
+    title: 即将过期天数
+    helper: 仅删除有效期小于此天数的证书,0表示完全过期时才删除
+    value: 0
+    component:
+      name: a-input-number
+      vModel: value
+    required: true
+    order: 0
+  checkTimeout:
+    title: 检查超时时间
+    helper: 检查删除任务结果超时时间,单位分钟
+    value: 10
+    component:
+      name: a-input-number
+      vModel: value
+    required: true
+    order: 0
+output: {}
+pluginType: deploy
+type: builtIn
+scriptFilePath: /plugins/plugin-aliyun/plugin/delete-expiring-cert/index.js

packages/ui/certd-server/metadata/deploy_CertApply.yaml

@@ -427,6 +427,7 @@ input:
     helper: 兼容Windows Server各个版本
   renewDays:
     title: 更新天数
+    value: 20
     component:
       name: a-input-number
       vModel: value

packages/ui/certd-server/metadata/deploy_CertApplyGetFormAliyun.yaml

@@ -56,6 +56,18 @@ input:
       type: aliyun
     required: true
     order: 0
+  orderType:
+    title: 订单类型
+    value: CPACK
+    component:
+      name: a-select
+      vModel: value
+      options:
+        - label: 资源虚拟订单（一般选这个）
+          value: CPACK
+        - label: 售卖订单
+          value: BUY
+    order: 0
   orderId:
     title: 证书订单ID
     component:
@@ -68,6 +80,7 @@ input:
       search: false
       pager: true
       multi: true
+      pageSize: 50
       watches:
         - certDomains
         - accessId
@@ -113,6 +126,7 @@ input:
     helper: 兼容Windows Server各个版本
   renewDays:
     title: 更新天数
+    value: 20
     component:
       name: a-input-number
       vModel: value

packages/ui/certd-server/metadata/deploy_CertApplyLego.yaml

@@ -148,6 +148,7 @@ input:
     helper: 兼容Windows Server各个版本
   renewDays:
     title: 更新天数
+    value: 20
     component:
       name: a-input-number
       vModel: value

packages/ui/certd-server/metadata/deploy_VolcengineDeployToALB.yaml

@@ -96,6 +96,19 @@ input:
       选择要部署证书的监听器
       需要在监听器中选择证书中心，进行跨服务访问授权
     order: 0
+  certType:
+    title: 证书部署类型
+    helper: 选择部署默认证书还是扩展证书
+    component:
+      name: a-select
+      options:
+        - label: 默认证书
+          value: default
+        - label: 扩展证书
+          value: extension
+    value: default
+    required: true
+    order: 0
 output: {}
 pluginType: deploy
 type: builtIn

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.39.3",
+  "version": "1.39.6",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -50,20 +50,20 @@
     "@aws-sdk/client-route-53": "^3.964.0",
     "@aws-sdk/client-s3": "^3.964.0",
     "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.39.3",
-    "@certd/basic": "^1.39.3",
-    "@certd/commercial-core": "^1.39.3",
+    "@certd/acme-client": "^1.39.6",
+    "@certd/basic": "^1.39.6",
+    "@certd/commercial-core": "^1.39.6",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.39.3",
-    "@certd/lib-huawei": "^1.39.3",
-    "@certd/lib-k8s": "^1.39.3",
-    "@certd/lib-server": "^1.39.3",
-    "@certd/midway-flyway-js": "^1.39.3",
-    "@certd/pipeline": "^1.39.3",
-    "@certd/plugin-cert": "^1.39.3",
-    "@certd/plugin-lib": "^1.39.3",
-    "@certd/plugin-plus": "^1.39.3",
-    "@certd/plus-core": "^1.39.3",
+    "@certd/jdcloud": "^1.39.6",
+    "@certd/lib-huawei": "^1.39.6",
+    "@certd/lib-k8s": "^1.39.6",
+    "@certd/lib-server": "^1.39.6",
+    "@certd/midway-flyway-js": "^1.39.6",
+    "@certd/pipeline": "^1.39.6",
+    "@certd/plugin-cert": "^1.39.6",
+    "@certd/plugin-lib": "^1.39.6",
+    "@certd/plugin-plus": "^1.39.6",
+    "@certd/plus-core": "^1.39.6",
     "@google-cloud/publicca": "^1.3.0",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",

packages/ui/certd-server/src/controller/basic/login/login-controller.ts

@@ -95,9 +95,7 @@ export class LoginController extends BaseController {
       this.ctx
     );
 
-    return this.ok({
-      ...options,
-    });
+    return this.ok(options);
   }
 
   @Post('/loginByPasskey', { description: Constants.per.guest })

packages/ui/certd-server/src/controller/user/mine/passkey-controller.ts

@@ -37,7 +37,6 @@ export class MinePasskeyController extends BaseController {
 
     return this.ok({
       ...options,
-      userId
     });
   }
 

packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts

@@ -6,6 +6,7 @@ import { SiteInfoService } from '../../../modules/monitor/index.js';
 import { HistoryService } from '../../../modules/pipeline/service/history-service.js';
 import { PipelineService } from '../../../modules/pipeline/service/pipeline-service.js';
 import { AuthService } from '../../../modules/sys/authority/service/auth-service.js';
+import { PipelineEntity } from '../../../modules/pipeline/entity/pipeline.js';
 
 
 const pipelineExample = `
@@ -183,21 +184,17 @@ export class PipelineController extends CrudController<PipelineService> {
   }
 
 
-  // @Post('/add', { description: Constants.per.authOnly })
-  // async add(@Body(ALL) bean: PipelineEntity) {
-  //   const { projectId, userId } = await this.getProjectUserIdWrite()
-  //   bean.userId = userId
-  //   bean.projectId = projectId
-  //   return super.add(bean);
-  // }
+  @Post('/add', { description: Constants.per.authOnly })
+  async add(@Body(ALL) bean: PipelineEntity) {
+    return await this.save(bean as any);
+  }
 
-  // @Post('/update', { description: Constants.per.authOnly })
-  // async update(@Body(ALL) bean) {
-  //   await this.checkOwner(this.getService(), bean.id,"write",true);
-  //   delete bean.userId;
-  //   delete bean.projectId;
-  //   return super.update(bean);
-  // }
+  @Post('/update', { description: Constants.per.authOnly })
+  async update(@Body(ALL) bean:PipelineEntity) {
+     await this.checkOwner(this.getService(), bean.id,"write",true);
+     await this.service.update(bean as any);
+     return this.ok({});
+  }
 
   @Post('/save', { description: Constants.per.authOnly, summary: '新增/更新流水线' })
   async save(@Body() bean: PipelineSaveDTO) {

packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts

@@ -51,8 +51,6 @@ export class AutoAInitSite {
     //加载一次密钥
     await this.sysSettingsService.getSecret();
 
-    //加载设置
-    await this.sysSettingsService.reloadSettings();
 
     // 授权许可
     try {
@@ -60,6 +58,9 @@ export class AutoAInitSite {
     } catch (e) {
       logger.error('授权许可验证失败', e);
     }
+    
+    //加载设置
+    await this.sysSettingsService.reloadSettings();
 
     //加载站点隐藏配置
     await this.safeService.reloadHiddenStatus(true)

packages/ui/certd-server/src/modules/login/service/passkey-service.ts

@@ -1,4 +1,4 @@
-import { cache } from "@certd/basic";
+import { cache, logger } from "@certd/basic";
 import { AuthException, BaseService, SysInstallInfo, SysSettingsService, SysSiteInfo } from "@certd/lib-server";
 import { isComm } from "@certd/plus-core";
 import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
@@ -54,14 +54,21 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
     const options = await generateRegistrationOptions({
       rpName: rpName,
       rpID: rpId,
-      userID: new Uint8Array([userId]),
+      userID: new TextEncoder().encode(userId + ""),
       userName: username,
       userDisplayName: user.nickName || username,
       timeout: 60000,
       attestationType: "none",
       excludeCredentials: [],
+      preferredAuthenticatorType: 'localDevice',
+      authenticatorSelection: {
+        authenticatorAttachment: "cross-platform", 
+        userVerification: "preferred",      
+        residentKey: "preferred",
+        requireResidentKey: false
+      },
     });
-
+    logger.info('[passkey] 注册选项:', JSON.stringify(options));
     cache.set(`passkey:registration:${options.challenge}`, userId, {
       ttl: 5 * 60 * 1000,
     });
@@ -86,16 +93,25 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
 
     const { rpId, origin } = await this.getRpInfo();
 
-    const verification = await verifyRegistrationResponse({
+    let verification: any = null;
+    const verifyReq = {
       response,
       expectedChallenge: challenge,
       expectedOrigin: origin,
       expectedRPID: rpId,
-    });
-
+      requireUserVerification: false,
+    };
+    try {
+      verification = await verifyRegistrationResponse(verifyReq);
+    } catch (error) {
+      // 后端验证时
+      logger.error('[passkey] 注册验证失败:', JSON.stringify(verifyReq));
+      throw new AuthException(`注册验证失败:${error.message || error}`);
+    }
     if (!verification.verified) {
       throw new AuthException("注册验证失败");
     }
+    
 
     cache.delete(`passkey:registration:${challenge}`);
 
@@ -113,6 +129,7 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
       rpID: rpId,
       timeout: 60000,
       allowCredentials: [],
+      userVerification: 'preferred' //'required' | 'preferred' | 'discouraged';
     });
 
     // cache.set(`passkey:authentication:${options.challenge}`, userId, {
@@ -148,6 +165,7 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
       expectedChallenge: challenge,
       expectedOrigin: origin,
       expectedRPID: rpId,
+      requireUserVerification: false,
       credential: {
         id: passkey.passkeyId,
         publicKey: new Uint8Array(Buffer.from(passkey.publicKey, 'base64')),
@@ -212,9 +230,10 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
       throw new AuthException("Passkey不存在");
     }
 
-    if (verification.counter <= passkey.counter) {
-      throw new AuthException("认证失败:计数器异常");
-    }
+    // 可同步密钥 各个客户端的计数器不是单调递增的，此规范基本上都不遵守了
+    // if (verification.counter <= passkey.counter && passkey.counter > 0) {
+    //   throw new AuthException("认证失败:计数器异常");
+    // }
 
     passkey.counter = verification.counter;
     passkey.updateTime = new Date();

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -259,6 +259,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
       bean.order = old.order;
       bean.userId = old.userId;
       bean.projectId = old.projectId;
+      if (bean.content == null) {
+        bean.content = old.content;
+      }
     }
     if (!old || !old.webhookKey) {
       bean.webhookKey = await this.genWebhookKey();
@@ -271,6 +274,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
     RunnableCollection.initPipelineRunnableType(pipeline);
     pipeline.userId = bean.userId;
     pipeline.projectId = bean.projectId;
+    if (bean.id) {
+      pipeline.id = bean.id;
+    }
     let domains = [];
     if (pipeline.stages) {
       RunnableCollection.each(pipeline.stages, (runnable: any) => {
@@ -1071,6 +1077,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
     if (!isPlus()) {
       throw new NeedVIPException("此功能需要升级专业版");
     }
+    //允许管理员修改，userId=null
     const query: any = {}
     if (userId && userId > 0) {
       query.userId = userId;
@@ -1123,6 +1130,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
     if (!isPlus()) {
       throw new NeedVIPException("此功能需要升级专业版");
     }
+    //允许管理员修改，userId=null
     const query: any = {}
     if (userId && userId > 0) {
       query.userId = userId;
@@ -1161,9 +1169,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
     if (!isPlus()) {
       throw new NeedVIPException("此功能需要升级专业版");
     }
-
-    if (userId == null || ids.length === 0) {
-      return;
+    //允许userId为空，为空则为管理员触发
+    if (ids.length === 0) {
+      throw new Error("参数错误 ids 不能为空");
     }
     const where: any = {
       id: In(ids),

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/delete-expiring-cert/index.ts

@@ -0,0 +1,159 @@
+import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
+import dayjs from 'dayjs';
+import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
+import { AliyunSslClient } from '../../../plugin-lib/aliyun/lib/index.js';
+
+@IsTaskPlugin({
+  name: 'AliyunDeleteExpiringCert',
+  title: '阿里云-删除即将过期证书',
+  icon: 'ant-design:aliyun-outlined',
+  group: pluginGroups.aliyun.key,
+  desc: '仅删除未使用的证书',
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.AlwaysRun,
+    },
+  },
+  needPlus: true,
+})
+export class AliyunDeleteExpiringCert extends AbstractPlusTaskPlugin {
+  @TaskInput({
+    title: 'Access提供者',
+    helper: 'access 授权',
+    component: {
+      name: 'access-selector',
+      type: 'aliyun',
+    },
+    required: true,
+  })
+  accessId!: string;
+
+  @TaskInput({
+    title: '地域',
+    helper: '阿里云CAS证书服务地域',
+    component: {
+      name: 'a-select',
+      options: [
+        { value: 'cas.aliyuncs.com', label: '中国大陆' },
+        { value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
+      ],
+    },
+    required: true,
+    value: 'cas.aliyuncs.com',
+  })
+  endpoint!: string;
+
+  // @TaskInput({
+  //   title: '关键字筛选',
+  //   helper: '仅匹配证书名称、域名包含关键字的证书，可以不填',
+  //   required: false,
+  //   component: {
+  //     name: 'a-input',
+  //   },
+  // })
+  // searchKey!: string;
+
+  @TaskInput({
+    title: '最大删除数量',
+    helper: '单次运行最大删除数量',
+    value: 100,
+    component: {
+      name: 'a-input-number',
+      vModel: 'value',
+    },
+    required: true,
+  })
+  maxCount!: number;
+
+  @TaskInput({
+    title: '即将过期天数',
+    helper: '仅删除有效期小于此天数的证书,0表示完全过期时才删除',
+    value: 0,
+    component: {
+      name: 'a-input-number',
+      vModel: 'value',
+    },
+    required: true,
+  })
+  expiringDays!: number;
+
+  @TaskInput({
+    title: '检查超时时间',
+    helper: '检查删除任务结果超时时间,单位分钟',
+    value: 10,
+    component: {
+      name: 'a-input-number',
+      vModel: 'value',
+    },
+    required: true,
+  })
+  checkTimeout!: number;
+
+  async onInstance() {}
+
+  async execute(): Promise<void> {
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+    const sslClient = new AliyunSslClient({
+      access,
+      logger: this.logger,
+      endpoint: this.endpoint,
+    });
+
+    const params = {
+      ShowSize: 100,
+      CurrentPage: 1,
+      // Keyword: this.searchKey,
+    };
+    const certificates: any[] = [];
+    while(true){
+      const res = await sslClient.doRequest('ListCertificates', params, {
+          method: 'POST',
+        });
+      let list = res?.CertificateList;
+      if (!list || list.length === 0) {
+        break;
+      }
+      this.logger.info(`查询第${params.CurrentPage}页，每页${params.ShowSize}个证书，当前页共${list.length}个证书`);
+
+      const lastDay = dayjs().add(this.expiringDays, 'day');
+      list = list.filter((item: any) => {
+        const notAfter = item.NotAfter;
+        const usingProducts = item.UsingProductList;
+        return dayjs(notAfter).isBefore(lastDay) && (!usingProducts || usingProducts.length === 0);
+      });
+      for (const item of list) {
+        this.logger.info(`证书ID:${item.CertificateId}, 过期时间:${item.NotAfter}，名称:${item.CertificateName}，证书域名:${item.Domain}`);
+        certificates.push(item);
+      }
+      params.CurrentPage++;
+    }
+
+    this.logger.info(`即将过期的证书数量:${certificates.length}`);
+    if (certificates.length === 0) {
+      this.logger.info('没有即将过期的证书, 无需删除');
+      return;
+    }
+    this.logger.info(`开始删除证书，共${certificates.length}个证书`);
+    let successCount = 0;
+    let failedCount = 0;
+
+    for (const certificate of certificates) {
+      try {
+        const deleteRes = await sslClient.doRequest('DeleteUserCertificate', {
+          CertId: certificate.CertificateId,
+        }, { method: 'POST' });
+        this.logger.info(`删除证书成功，证书ID:${certificate.CertificateId}, 名称:${certificate.CertificateName}, requestId:${deleteRes?.RequestId}`);
+        successCount++;
+
+      } catch (error: any) {
+        this.logger.error(`删除证书失败，证书ID:${certificate.CertificateId}, 名称:${certificate.CertificateName}, 错误:${error.message}`);
+        failedCount++;
+      }
+    }
+
+    this.logger.info(`证书删除完成，成功:${successCount}, 失败:${failedCount}`);
+  }
+}
+
+new AliyunDeleteExpiringCert();

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/index.ts

@@ -13,4 +13,5 @@ export * from './deploy-to-vod/index.js';
 export * from './deploy-to-apigateway/index.js';
 export * from './deploy-to-apig/index.js';
 export * from './deploy-to-ack/index.js';
-export * from './deploy-to-all/index.js';
+export * from './deploy-to-all/index.js';
+export * from './delete-expiring-cert/index.js';

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/base.ts

@@ -20,6 +20,7 @@ export abstract class CertApplyBasePlugin extends CertApplyBaseConvertPlugin {
 
   @TaskInput({
     title: "更新天数",
+    value:20,
     component: {
       name: "a-input-number",
       vModel: "value",

packages/ui/certd-server/src/plugins/plugin-cert/plugin/cert-plugin/getter/aliyun.ts

@@ -28,11 +28,36 @@ export class CertApplyGetFormAliyunPlugin extends CertApplyBasePlugin {
   })
   accessId!: string;
 
+
+   @TaskInput(
+    {
+      title:"订单类型",
+      value:"CPACK",
+      component:{
+        name:"a-select",
+        vModel:"value",
+        options:[
+          {
+            label:"资源虚拟订单（一般选这个）",
+            value:"CPACK",
+          },
+          {
+            label:"售卖订单",
+            value:"BUY",
+          }
+        ]
+      }
+    }
+  )
+  orderType!: string;
+
+
   @TaskInput(
     createRemoteSelectInputDefine({
       title: "证书订单ID",
       helper: "订阅模式的证书订单Id",
       typeName: "CertApplyGetFormAliyun",
+      pageSize: 50,
       component: {
         name: "RemoteSelect",
         vModel: "value",
@@ -140,6 +165,7 @@ export class CertApplyGetFormAliyunPlugin extends CertApplyBasePlugin {
       pathname: `/`,
       data: {
         query: {
+          OrderType: this.orderType,
           Status: "ISSUED",
           CurrentPage: pager.pageNo,
           ShowSize : pager.pageSize,
@@ -151,14 +177,27 @@ export class CertApplyGetFormAliyunPlugin extends CertApplyBasePlugin {
       return []
     }
 
-    return list.map((item: any) => {
-      const label = `${item.Domain}<${item.OrderId}>`;
+    const total = res.TotalCount || 0;
+
+    const records = list.map((item: any) => {
+      let value = item.OrderId;
+      let domain = item.Domain;
+      let label = `${item.Domain}<${item.OrderId}>`;
+      if (!item.OrderId) {
+        label = `${item.CommonName}<${item.Name}>`;
+        value = item.Name;
+        domain = item.CommonName;
+      }
       return {
         label: label,
-        value: item.OrderId,
-        Domain: item.Domain,
+        value: value,
+        Domain: domain,
       };
     });
+    return {
+      list:records,
+      total,
+    }
   }
 }
 

packages/ui/certd-server/src/plugins/plugin-volcengine/plugins/plugin-deploy-to-alb.ts

@@ -3,6 +3,7 @@ import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from
 import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
 import { VolcengineAccess } from "../access.js";
 import { VolcengineClient } from "../ve-client.js";
+import dayjs from "dayjs";
 
 @IsTaskPlugin({
   name: "VolcengineDeployToALB",
@@ -32,6 +33,7 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
   certDomains!: string[];
 
 
+
   @TaskInput({
     title: "Access授权",
     helper: "火山引擎AccessKeyId、AccessKeySecret",
@@ -126,6 +128,22 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
   listenerList!: string | string[];
 
 
+  @TaskInput({
+    title: "证书部署类型",
+    helper: "选择部署默认证书还是扩展证书",
+    component: {
+      name: "a-select",
+      options: [
+        { label: "默认证书", value: "default" },
+        { label: "扩展证书", value: "extension" }
+      ]
+    },
+    value: "default",
+    required: true
+  })
+  certType!: string;
+
+
   async onInstance() {
   }
 
@@ -149,20 +167,101 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
     const service = await this.getAlbService();
     for (const listener of this.listenerList) {
       this.logger.info(`开始部署监听器${listener}证书`);
-      await service.request({
-        action: "ModifyListenerAttributes",
-        query: {
-          ListenerId: listener,
-          CertificateSource: "cert_center",
-          CertCenterCertificateId: certId
-        }
-      });
-      this.logger.info(`部署监听器${listener}证书成功`);
+      if (this.certType === "default") {
+        // 部署默认证书
+        const res = await service.request({
+          action: "ModifyListenerAttributes",
+          query: {
+            ListenerId: listener,
+            CertificateSource: "cert_center",
+            CertCenterCertificateId: certId
+          }
+        });
+        this.logger.info(`部署监听器${listener}默认证书成功，res:${JSON.stringify(res)}`);
+      } else {
+        // 部署扩展证书
+        await this.deployExtensionCertificate(service, listener, certId as string);
+      }
+      await this.ctx.utils.sleep(5000);
     }
 
     this.logger.info("部署完成");
   }
 
+  private async deployExtensionCertificate(service: any, listenerId: string, certId: string) {
+    // 获取监听器当前的扩展证书列表
+    const domainExtensions = await this.getListenerDomainExtensions(service, listenerId);
+    
+    // 删除过期的扩展证书
+    try {
+      await this.deleteExpiredExtensions(service, listenerId, domainExtensions);
+    } catch (error) {
+      this.logger.error(`删除过期扩展证书失败:${error.message ||error}`);
+    }
+
+    // 新增扩展证书
+    const query: any = {
+      ListenerId: listenerId,
+      "DomainExtensions.1.Action": "create",
+      "DomainExtensions.1.CertificateSource": "cert_center",
+      "DomainExtensions.1.CertCenterCertificateId": certId
+    };
+
+    // 如果有证书域名信息，添加到扩展证书中
+    if (this.certDomains && this.certDomains.length > 0) {
+      query["DomainExtensions.1.Domain"] = this.certDomains[0];
+    }
+
+    await service.request({
+      action: "ModifyListenerAttributes",
+      query: query
+    });
+    this.logger.info(`部署监听器${listenerId}扩展证书成功`);
+  }
+
+  private async getListenerDomainExtensions(service: any, listenerId: string): Promise<any[]> {
+    const res = await service.request({
+      action: "DescribeListenerAttributes",
+      method: "GET",
+      query: {
+        ListenerId: listenerId
+      }
+    });
+    
+    return res.Result.DomainExtensions || [];
+  }
+
+  private async deleteExpiredExtensions(service: any, listenerId: string, domainExtensions: any[]) {
+    const expiredExtensions = [];
+    for (const ext of domainExtensions) {
+      if (!await this.isCertificateExpired(ext)) {
+        expiredExtensions.push(ext);
+      }
+    }
+    if (expiredExtensions.length === 0) {
+      this.logger.info(`没有过期的扩展证书，跳过删除`);
+      return;
+    }
+
+    const query: any = {
+      ListenerId: listenerId
+    };
+    expiredExtensions.forEach((ext, index) => {
+      const idx = index + 1;
+      query[`DomainExtensions.${idx}.Action`] = "delete";
+      query[`DomainExtensions.${idx}.DomainExtensionId`] = ext.DomainExtensionId;
+    });
+    
+    this.logger.info(`准备删除过期扩展证书，数量：${expiredExtensions.length}个，query:${JSON.stringify(query)}`);
+
+    await service.request({
+      action: "ModifyListenerAttributes",
+      query: query
+    });
+    this.logger.info(`删除${expiredExtensions.length}个过期扩展证书成功`);
+     await this.ctx.utils.sleep(5000);
+  }
+
 
   private async getCertService(access: VolcengineAccess) {
     const client = new VolcengineClient({
@@ -189,6 +288,54 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
     return service;
   }
 
+  private async isCertificateExpired(extension: any): Promise<boolean> {
+    try {
+      let certificateId: string;
+      
+      // 根据证书来源获取证书ID
+      if (extension.CertificateSource === "cert_center") {
+        certificateId = extension.CertCenterCertificateId;
+      } else if (extension.CertificateSource === "alb") {
+        this.logger.warn(`ALB证书不支持过期检查，跳过`);
+        return false;
+      } else if (extension.CertificateSource === "pca_leaf") {
+        this.logger.warn(`PCA Leaf证书不支持过期检查，跳过`);
+        return false;
+      } else {
+        this.logger.warn(`未知的证书来源: ${extension.CertificateSource}，跳过`);
+        return false;
+      }
+      
+      if (!certificateId) {
+        this.logger.warn(`证书ID为空，跳过`);
+        return false;
+      }
+      
+      // 获取证书服务
+      const access = await this.getAccess<VolcengineAccess>(this.accessId);
+      const certService = await this.getCertService(access);
+      
+      // 获取证书详情
+      const certDetail = await certService.GetCertificateDetail(certificateId);
+      
+      // 判断证书是否过期
+      if (certDetail.NotAfter) {
+        const expireTime = dayjs(certDetail.NotAfter);
+        const now = dayjs();
+        const isExpired = expireTime.isBefore(now);
+        if (isExpired) {
+          this.logger.info(`证书 ${certificateId} 已过期，过期时间: ${expireTime.toISOString()}`);
+        }
+        return isExpired;
+      }
+      
+      return false;
+    } catch (error) {
+      this.logger.error(`检查证书是否过期失败: ${error.message || error}`);
+      return false;
+    }
+  }
+
   async onGetListenerList(data: any) {
     if (!this.accessId) {
       throw new Error("请选择Access授权");

packages/ui/certd-server/src/plugins/plugin-volcengine/ve-client.ts

@@ -42,6 +42,17 @@ export class VolcengineClient {
       });
       return res.Result.InstanceId || res.Result.RepeatId;
     };
+
+    service.GetCertificateDetail = async (certificateId: string) => {
+      const res = await service.request({
+        action: "CertificateGetInstance",
+        method: "POST",
+        body: {
+          InstanceId: certificateId
+        }
+      });
+      return res.Result;
+    };
     return service;
   }
 

trigger/build.trigger

@@ -1 +1 @@
-00:57
+00:07

trigger/release.trigger

@@ -1 +1 @@
-01:15
+00:23