perf: 阿里云dcdn支持根据证书域名匹配模式

docs: 1
build: release
2026-04-14 04:20:52 +08:00 · 2026-03-28 11:17:50 +08:00 · 2026-03-26 22:30:37 +08:00 · 2026-03-26 01:28:56 +08:00 · 2026-03-26 01:08:03 +08:00 · 2026-03-26 01:07:51 +08:00
107 changed files with 2793 additions and 430 deletions
--- a/.agents/skills/using-superpowers/SKILL.md
+++ b/.agents/skills/using-superpowers/SKILL.md
@@ -0,0 +1,115 @@
+---
+name: using-superpowers
+description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
+---
+
+<SUBAGENT-STOP>
+If you were dispatched as a subagent to execute a specific task, skip this skill.
+</SUBAGENT-STOP>
+
+<EXTREMELY-IMPORTANT>
+If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
+
+IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
+
+This is not negotiable. This is not optional. You cannot rationalize your way out of this.
+</EXTREMELY-IMPORTANT>
+
+## Instruction Priority
+
+Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
+
+1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
+2. **Superpowers skills** — override default system behavior where they conflict
+3. **Default system prompt** — lowest priority
+
+If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
+
+## How to Access Skills
+
+**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
+
+**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
+
+**In other environments:** Check your platform's documentation for how skills are loaded.
+
+## Platform Adaptation
+
+Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
+
+# Using Skills
+
+## The Rule
+
+**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
+
+```dot
+digraph skill_flow {
+    "User message received" [shape=doublecircle];
+    "About to EnterPlanMode?" [shape=doublecircle];
+    "Already brainstormed?" [shape=diamond];
+    "Invoke brainstorming skill" [shape=box];
+    "Might any skill apply?" [shape=diamond];
+    "Invoke Skill tool" [shape=box];
+    "Announce: 'Using [skill] to [purpose]'" [shape=box];
+    "Has checklist?" [shape=diamond];
+    "Create TodoWrite todo per item" [shape=box];
+    "Follow skill exactly" [shape=box];
+    "Respond (including clarifications)" [shape=doublecircle];
+
+    "About to EnterPlanMode?" -> "Already brainstormed?";
+    "Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
+    "Already brainstormed?" -> "Might any skill apply?" [label="yes"];
+    "Invoke brainstorming skill" -> "Might any skill apply?";
+
+    "User message received" -> "Might any skill apply?";
+    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
+    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
+    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
+    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
+    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
+    "Has checklist?" -> "Follow skill exactly" [label="no"];
+    "Create TodoWrite todo per item" -> "Follow skill exactly";
+}
+```
+
+## Red Flags
+
+These thoughts mean STOP—you're rationalizing:
+
+| Thought | Reality |
+|---------|---------|
+| "This is just a simple question" | Questions are tasks. Check for skills. |
+| "I need more context first" | Skill check comes BEFORE clarifying questions. |
+| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
+| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
+| "Let me gather information first" | Skills tell you HOW to gather information. |
+| "This doesn't need a formal skill" | If a skill exists, use it. |
+| "I remember this skill" | Skills evolve. Read current version. |
+| "This doesn't count as a task" | Action = task. Check for skills. |
+| "The skill is overkill" | Simple things become complex. Use it. |
+| "I'll just do this one thing first" | Check BEFORE doing anything. |
+| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
+| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
+
+## Skill Priority
+
+When multiple skills could apply, use this order:
+
+1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
+2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
+
+"Let's build X" → brainstorming first, then implementation skills.
+"Fix this bug" → debugging first, then domain-specific skills.
+
+## Skill Types
+
+**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
+
+**Flexible** (patterns): Adapt principles to context.
+
+The skill itself tells you which.
+
+## User Instructions
+
+Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.
--- a/.agents/skills/using-superpowers/references/codex-tools.md
+++ b/.agents/skills/using-superpowers/references/codex-tools.md
@@ -0,0 +1,100 @@
+# Codex Tool Mapping
+
+Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
+
+| Skill references | Codex equivalent |
+|-----------------|------------------|
+| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
+| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
+| Task returns result | `wait` |
+| Task completes automatically | `close_agent` to free slot |
+| `TodoWrite` (task tracking) | `update_plan` |
+| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
+| `Read`, `Write`, `Edit` (files) | Use your native file tools |
+| `Bash` (run commands) | Use your native shell tools |
+
+## Subagent dispatch requires multi-agent support
+
+Add to your Codex config (`~/.codex/config.toml`):
+
+```toml
+[features]
+multi_agent = true
+```
+
+This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
+
+## Named agent dispatch
+
+Claude Code skills reference named agent types like `superpowers:code-reviewer`.
+Codex does not have a named agent registry — `spawn_agent` creates generic agents
+from built-in roles (`default`, `explorer`, `worker`).
+
+When a skill says to dispatch a named agent type:
+
+1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
+   local prompt template like `code-quality-reviewer-prompt.md`)
+2. Read the prompt content
+3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
+4. Spawn a `worker` agent with the filled content as the `message`
+
+| Skill instruction | Codex equivalent |
+|-------------------|------------------|
+| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
+| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
+
+### Message framing
+
+The `message` parameter is user-level input, not a system prompt. Structure it
+for maximum instruction adherence:
+
+```
+Your task is to perform the following. Follow the instructions below exactly.
+
+<agent-instructions>
+[filled prompt content from the agent's .md file]
+</agent-instructions>
+
+Execute this now. Output ONLY the structured response following the format
+specified in the instructions above.
+```
+
+- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
+- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
+- End with an explicit execution directive to prevent summarization of the instructions
+
+### When this workaround can be removed
+
+This approach compensates for Codex's plugin system not yet supporting an `agents`
+field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
+plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
+skills can dispatch named agent types directly.
+
+## Environment Detection
+
+Skills that create worktrees or finish branches should detect their
+environment with read-only git commands before proceeding:
+
+```bash
+GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
+GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
+BRANCH=$(git branch --show-current)
+```
+
+- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
+- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
+
+See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
+Step 1 for how each skill uses these signals.
+
+## Codex App Finishing
+
+When the sandbox blocks branch/push operations (detached HEAD in an
+externally managed worktree), the agent commits all work and informs
+the user to use the App's native controls:
+
+- **"Create branch"** — names the branch, then commit/push/PR via App UI
+- **"Hand off to local"** — transfers work to the user's local checkout
+
+The agent can still run tests, stage files, and output suggested branch
+names, commit messages, and PR descriptions for the user to copy.
--- a/.agents/skills/using-superpowers/references/gemini-tools.md
+++ b/.agents/skills/using-superpowers/references/gemini-tools.md
@@ -0,0 +1,33 @@
+# Gemini CLI Tool Mapping
+
+Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
+
+| Skill references | Gemini CLI equivalent |
+|-----------------|----------------------|
+| `Read` (file reading) | `read_file` |
+| `Write` (file creation) | `write_file` |
+| `Edit` (file editing) | `replace` |
+| `Bash` (run commands) | `run_shell_command` |
+| `Grep` (search file content) | `grep_search` |
+| `Glob` (search files by name) | `glob` |
+| `TodoWrite` (task tracking) | `write_todos` |
+| `Skill` tool (invoke a skill) | `activate_skill` |
+| `WebSearch` | `google_web_search` |
+| `WebFetch` | `web_fetch` |
+| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
+
+## No subagent support
+
+Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
+
+## Additional Gemini CLI tools
+
+These tools are available in Gemini CLI but have no Claude Code equivalent:
+
+| Tool | Purpose |
+|------|---------|
+| `list_directory` | List files and subdirectories |
+| `save_memory` | Persist facts to GEMINI.md across sessions |
+| `ask_user` | Request structured input from the user |
+| `tracker_create_task` | Rich task management (create, update, list, visualize) |
+| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |
--- a/.cursor/skills/using-superpowers/SKILL.md
+++ b/.cursor/skills/using-superpowers/SKILL.md
@@ -0,0 +1,115 @@
+---
+name: using-superpowers
+description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
+---
+
+<SUBAGENT-STOP>
+If you were dispatched as a subagent to execute a specific task, skip this skill.
+</SUBAGENT-STOP>
+
+<EXTREMELY-IMPORTANT>
+If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
+
+IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
+
+This is not negotiable. This is not optional. You cannot rationalize your way out of this.
+</EXTREMELY-IMPORTANT>
+
+## Instruction Priority
+
+Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
+
+1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
+2. **Superpowers skills** — override default system behavior where they conflict
+3. **Default system prompt** — lowest priority
+
+If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
+
+## How to Access Skills
+
+**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
+
+**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
+
+**In other environments:** Check your platform's documentation for how skills are loaded.
+
+## Platform Adaptation
+
+Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
+
+# Using Skills
+
+## The Rule
+
+**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
+
+```dot
+digraph skill_flow {
+    "User message received" [shape=doublecircle];
+    "About to EnterPlanMode?" [shape=doublecircle];
+    "Already brainstormed?" [shape=diamond];
+    "Invoke brainstorming skill" [shape=box];
+    "Might any skill apply?" [shape=diamond];
+    "Invoke Skill tool" [shape=box];
+    "Announce: 'Using [skill] to [purpose]'" [shape=box];
+    "Has checklist?" [shape=diamond];
+    "Create TodoWrite todo per item" [shape=box];
+    "Follow skill exactly" [shape=box];
+    "Respond (including clarifications)" [shape=doublecircle];
+
+    "About to EnterPlanMode?" -> "Already brainstormed?";
+    "Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
+    "Already brainstormed?" -> "Might any skill apply?" [label="yes"];
+    "Invoke brainstorming skill" -> "Might any skill apply?";
+
+    "User message received" -> "Might any skill apply?";
+    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
+    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
+    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
+    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
+    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
+    "Has checklist?" -> "Follow skill exactly" [label="no"];
+    "Create TodoWrite todo per item" -> "Follow skill exactly";
+}
+```
+
+## Red Flags
+
+These thoughts mean STOP—you're rationalizing:
+
+| Thought | Reality |
+|---------|---------|
+| "This is just a simple question" | Questions are tasks. Check for skills. |
+| "I need more context first" | Skill check comes BEFORE clarifying questions. |
+| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
+| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
+| "Let me gather information first" | Skills tell you HOW to gather information. |
+| "This doesn't need a formal skill" | If a skill exists, use it. |
+| "I remember this skill" | Skills evolve. Read current version. |
+| "This doesn't count as a task" | Action = task. Check for skills. |
+| "The skill is overkill" | Simple things become complex. Use it. |
+| "I'll just do this one thing first" | Check BEFORE doing anything. |
+| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
+| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
+
+## Skill Priority
+
+When multiple skills could apply, use this order:
+
+1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
+2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
+
+"Let's build X" → brainstorming first, then implementation skills.
+"Fix this bug" → debugging first, then domain-specific skills.
+
+## Skill Types
+
+**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
+
+**Flexible** (patterns): Adapt principles to context.
+
+The skill itself tells you which.
+
+## User Instructions
+
+Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.
--- a/.cursor/skills/using-superpowers/references/codex-tools.md
+++ b/.cursor/skills/using-superpowers/references/codex-tools.md
@@ -0,0 +1,100 @@
+# Codex Tool Mapping
+
+Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
+
+| Skill references | Codex equivalent |
+|-----------------|------------------|
+| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
+| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
+| Task returns result | `wait` |
+| Task completes automatically | `close_agent` to free slot |
+| `TodoWrite` (task tracking) | `update_plan` |
+| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
+| `Read`, `Write`, `Edit` (files) | Use your native file tools |
+| `Bash` (run commands) | Use your native shell tools |
+
+## Subagent dispatch requires multi-agent support
+
+Add to your Codex config (`~/.codex/config.toml`):
+
+```toml
+[features]
+multi_agent = true
+```
+
+This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
+
+## Named agent dispatch
+
+Claude Code skills reference named agent types like `superpowers:code-reviewer`.
+Codex does not have a named agent registry — `spawn_agent` creates generic agents
+from built-in roles (`default`, `explorer`, `worker`).
+
+When a skill says to dispatch a named agent type:
+
+1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
+   local prompt template like `code-quality-reviewer-prompt.md`)
+2. Read the prompt content
+3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
+4. Spawn a `worker` agent with the filled content as the `message`
+
+| Skill instruction | Codex equivalent |
+|-------------------|------------------|
+| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
+| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
+
+### Message framing
+
+The `message` parameter is user-level input, not a system prompt. Structure it
+for maximum instruction adherence:
+
+```
+Your task is to perform the following. Follow the instructions below exactly.
+
+<agent-instructions>
+[filled prompt content from the agent's .md file]
+</agent-instructions>
+
+Execute this now. Output ONLY the structured response following the format
+specified in the instructions above.
+```
+
+- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
+- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
+- End with an explicit execution directive to prevent summarization of the instructions
+
+### When this workaround can be removed
+
+This approach compensates for Codex's plugin system not yet supporting an `agents`
+field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
+plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
+skills can dispatch named agent types directly.
+
+## Environment Detection
+
+Skills that create worktrees or finish branches should detect their
+environment with read-only git commands before proceeding:
+
+```bash
+GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
+GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
+BRANCH=$(git branch --show-current)
+```
+
+- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
+- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
+
+See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
+Step 1 for how each skill uses these signals.
+
+## Codex App Finishing
+
+When the sandbox blocks branch/push operations (detached HEAD in an
+externally managed worktree), the agent commits all work and informs
+the user to use the App's native controls:
+
+- **"Create branch"** — names the branch, then commit/push/PR via App UI
+- **"Hand off to local"** — transfers work to the user's local checkout
+
+The agent can still run tests, stage files, and output suggested branch
+names, commit messages, and PR descriptions for the user to copy.
--- a/.cursor/skills/using-superpowers/references/gemini-tools.md
+++ b/.cursor/skills/using-superpowers/references/gemini-tools.md
@@ -0,0 +1,33 @@
+# Gemini CLI Tool Mapping
+
+Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
+
+| Skill references | Gemini CLI equivalent |
+|-----------------|----------------------|
+| `Read` (file reading) | `read_file` |
+| `Write` (file creation) | `write_file` |
+| `Edit` (file editing) | `replace` |
+| `Bash` (run commands) | `run_shell_command` |
+| `Grep` (search file content) | `grep_search` |
+| `Glob` (search files by name) | `glob` |
+| `TodoWrite` (task tracking) | `write_todos` |
+| `Skill` tool (invoke a skill) | `activate_skill` |
+| `WebSearch` | `google_web_search` |
+| `WebFetch` | `web_fetch` |
+| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
+
+## No subagent support
+
+Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
+
+## Additional Gemini CLI tools
+
+These tools are available in Gemini CLI but have no Claude Code equivalent:
+
+| Tool | Purpose |
+|------|---------|
+| `list_directory` | List files and subdirectories |
+| `save_memory` | Persist facts to GEMINI.md across sessions |
+| `ask_user` | Request structured input from the user |
+| `tracker_create_task` | Rich task management (create, update, list, visualize) |
+| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -4,7 +4,7 @@ on:
    branches: ['v2-dev']
    paths:
      - "trigger/build.trigger"
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -21,7 +21,7 @@ jobs:
        with:
          fetch-depth: 0
          lfs: true
-
+          ref: 'v2-dev'
      - name: get_certd_version
        id: get_certd_version
        uses: actions/github-script@v6
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -8,6 +8,8 @@ on:
    workflows: [ "build-image" ]
    types:
      - completed
+  workflow_dispatch:    # 添加手动触发
+


 #  schedule:
@@ -26,6 +28,7 @@ jobs:
        with:
          fetch-depth: 0
          ref: v2-dev
+          
      - name: get_certd_version
        id: get_certd_version
        uses: actions/github-script@v6
--- a/.github/workflows/publish-atom.yaml
+++ b/.github/workflows/publish-atom.yaml
@@ -8,7 +8,7 @@ on:
    workflows: [ "build-image-for-release" ]
    types:
      - completed
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -19,13 +19,17 @@ permissions:
 jobs:
  publish-atomgit:
    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      (github.event.workflow_run.conclusion == 'success')
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true
+          ref: 'v2-dev'
+
      - name: get_certd_version
        id: get_certd_version
        uses: actions/github-script@v6
--- a/.github/workflows/publish-gitee.yaml
+++ b/.github/workflows/publish-gitee.yaml
@@ -8,7 +8,7 @@ on:
    workflows: [ "build-image-for-release" ]
    types:
      - completed
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -19,13 +19,16 @@ permissions:
 jobs:
  publish-gitee:
    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      (github.event.workflow_run.conclusion == 'success')
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true
+          ref: 'v2-dev'
            
      - name: publish_to_gitee
        id: publish_to_gitee
--- a/.github/workflows/publish-github.yaml
+++ b/.github/workflows/publish-github.yaml
@@ -8,7 +8,7 @@ on:
    workflows: [ "build-image-for-release" ]
    types:
      - completed
-
+  workflow_dispatch:    # 添加手动触发
 #  schedule:
 #    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
 #    - cron: '17 19 * * *'
@@ -19,13 +19,16 @@ permissions:
 jobs:
  publish-github:
    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      (github.event.workflow_run.conclusion == 'success')
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true
+          ref: 'v2-dev'
            
      - name: publish_to_github
        id: publish_to_github
--- a/.github/workflows/release-image.yml
+++ b/.github/workflows/release-image.yml
@@ -4,6 +4,7 @@ on:
    branches: ['v2-dev']
    paths:
      - "trigger/release.trigger"
+  workflow_dispatch:    # 添加手动触发
 #  workflow_run:
 #    workflows: [ "deploy-demo" ]
 #    types:
@@ -25,6 +26,7 @@ jobs:
        with:
          fetch-depth: 0
          lfs: true
+          ref: 'v2-dev'

      - name: get_certd_version
        id: get_certd_version
--- a/.github/workflows/sync-to-atomgit-dev.yml
+++ b/.github/workflows/sync-to-atomgit-dev.yml
@@ -17,6 +17,7 @@ jobs:
        with:
          fetch-depth: 0
          lfs: true
+          ref: v2-dev
      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
        run: |
          git config --global user.name "xiaojunnuo"
--- a/.github/workflows/sync-to-atomgit.yml
+++ b/.github/workflows/sync-to-atomgit.yml
@@ -17,6 +17,7 @@ jobs:
        with:
          fetch-depth: 0
          lfs: true
+          ref: v2
      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
        run: |
          git config --global user.name "xiaojunnuo"
--- a/.github/workflows/sync-to-cnb-dev.yml
+++ b/.github/workflows/sync-to-cnb-dev.yml
@@ -0,0 +1,35 @@
+name: sync-to-cnb-dev
+on:
+  push:
+    branches: ['v2-dev']
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          lfs: true
+          ref: v2-dev
+      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
+        run: |
+          git config --global user.name "xiaojunnuo"
+          git config --global user.email "xiaojunnuo@qq.com"
+
+      - name: Set git token                 # 3. 给git命令设置token，用于push到目标仓库
+        uses: de-vri-es/setup-git-credentials@v2
+        with:                              # token 格式为： username:password
+          credentials: https://cnb:${{secrets.CNB_TOKEN}}@cnb.cool
+
+      - name: push to cnb               # 4. 执行同步
+        run: |
+          git remote add upstream https://cnb.cool/certd/certd.git
+          git push --set-upstream upstream v2-dev
+
--- a/.github/workflows/sync-to-cnb.yml
+++ b/.github/workflows/sync-to-cnb.yml
@@ -0,0 +1,34 @@
+name: sync-to-cnb
+on:
+  push:
+    branches: ['v2']
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          lfs: true
+      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
+        run: |
+          git config --global user.name "xiaojunnuo"
+          git config --global user.email "xiaojunnuo@qq.com"
+
+      - name: Set git token                 # 3. 给git命令设置token，用于push到目标仓库
+        uses: de-vri-es/setup-git-credentials@v2
+        with:                              # token 格式为： username:password
+          credentials: https://cnb:${{secrets.CNB_TOKEN}}@cnb.cool
+
+      - name: push to cnb               # 4. 执行同步
+        run: |
+          git remote add upstream https://cnb.cool/certd/certd.git
+          git push --set-upstream upstream v2
+
--- a/.github/workflows/sync-to-gitee-dev.yml
+++ b/.github/workflows/sync-to-gitee-dev.yml
@@ -17,6 +17,7 @@ jobs:
        with:
          fetch-depth: 0
          lfs: true
+          ref: v2-dev
      - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email
        run: |
          git config --global user.name "xiaojunnuo"
--- a/.trae/skills/agent.md
+++ b/.trae/skills/agent.md
@@ -0,0 +1,14 @@
+你是一名资深nodejs工程师，擅长开发Certd开源系统的任务插件。
+certd是一款全自动证书申请部署管理工具，基于流水线的方式，通过里面申请证书插件申请证书，然后将证书传递给下一个部署任务插件，不同的部署任务插件将证书部署到用户的各个应用系统当中。
+
+certd插件分成以下几种类型：
+Access：存储用户的第三放应用的授权数据，比如用户名密码，accessSecret 或 accessToken等。同时它里面的方法还负责对接第三方的api接口
+Task： 部署任务插件，它继承AbstractTaskPlugin类，被流水线调用execute方法，将证书部署到对应的应用上
+DnsProvider: DNS提供商插件，它用于在ACME申请证书时给域名添加txt解析记录。
+
+在开始工作前，请阅读并加载.trae/skills下面的技能，根据skills进行相应的插件开发
+当开发过程中遇到问题，需要参考plugins目录下的其他插件，或者用户提醒你更好的做法时，你需要总结经验，更新相应的skills，让skills越来越完善，能够在以后得新插件开发中具备指导意义。
+
+一般调用的api接口文档会比较复杂，你不知道接口是什么时，请务必询问用户，让用户提供API接口文档
+
+完成开发后无需测试，通知用户自己去测试
--- a/.trae/skills/task-plugin-dev/SKILL.md
+++ b/.trae/skills/task-plugin-dev/SKILL.md
@@ -89,16 +89,55 @@ certDomains!: string[];
 accessId!: string;
 ```

-### 4. 实现插件方法
+### 4. 动态显隐配置（mergeScript）

-#### 4.1 插件实例化时执行的方法
+使用 `mergeScript` 可以实现根据其他输入值动态控制当前输入项的显隐状态。
+
+```typescript
+@TaskInput({
+  title: '匹配模式',
+  component: {
+    name: 'select',
+    options: [
+      { label: '手动选择', value: 'manual' },
+      { label: '根据证书匹配', value: 'auto' },
+    ],
+  },
+  default: 'manual',
+})
+domainMatchMode!: 'manual' | 'auto';
+
+@TaskInput(
+  createRemoteSelectInputDefine({
+    title: 'DCDN加速域名',
+    helper: '你在阿里云上配置的DCDN加速域名',
+    action: DeployCertToAliyunDCDN.prototype.onGetDomainList.name,
+    watches: ['certDomains', 'accessId'],
+    required: true,
+    mergeScript: `
+      return {
+        show: ctx.compute(({form})=>{
+          return domainMatchMode === "manual"
+        })
+      }
+    `,
+  })
+)
+domainName!: string | string[];
+```
+
+`mergeScript` 中的 `ctx.compute` 函数接收一个回调函数，通过 `form` 参数可以访问表单中的其他字段值。
+
+### 5. 实现插件方法
+
+#### 5.1 插件实例化时执行的方法

 ```typescript
 // 插件实例化时执行的方法
 async onInstance() {}
 ```

-#### 4.2 插件执行方法
+#### 5.2 插件执行方法

 ```typescript
 // 插件执行方法
@@ -130,7 +169,9 @@ async execute(): Promise<void> {
 }
 ```

-#### 4.3 后端获取选项方法
+#### 5.3 后端获取选项方法
+
+使用 `createRemoteSelectInputDefine` 创建远程选择输入项，`action` 指向的方法接收 `PageSearch` 参数并返回 `{ list, total }` 格式。

 ```typescript
@TaskInput(
@@ -145,8 +186,8 @@ async execute(): Promise<void> {
 )
 siteName!: string | string[];

-// 从后端获取选项的方法
-async onGetSiteList(req: PageSearch) {
+// 从后端获取选项的方法，接收PageSearch参数
+async onGetSiteList(data: PageSearch) {
  if (!this.accessId) {
    throw new Error('请选择Access授权');
  }
@@ -154,7 +195,7 @@ async onGetSiteList(req: PageSearch) {
  // @ts-ignore
  const access = await this.getAccess(this.accessId);

-  // const siteRes = await access.GetDomainList(req);
+  // const siteRes = await access.GetDomainList(data);
  // 以下是模拟数据
  const siteRes = [
    { id: 1, siteName: 'site1.com' },
@@ -169,8 +210,12 @@ async onGetSiteList(req: PageSearch) {
      domain: item.siteName,
    };
  });
-  // 将站点域名名称根据证书域名进行匹配分组，分成匹配的和不匹配的两组选项，返回给前端，供用户选择
-  return optionsUtils.buildGroupOptions(options, this.certDomains);
+  
+  // 返回{list, total}格式
+  return {
+    list: optionsUtils.buildGroupOptions(options, this.certDomains),
+    total: siteRes.length,
+  };
 }
 ```

@@ -383,7 +428,10 @@ export class DemoTest extends AbstractTaskPlugin {
      };
    });
    //将站点域名名称根据证书域名进行匹配分组，分成匹配的和不匹配的两组选项，返回给前端，供用户选择
-    return optionsUtils.buildGroupOptions(options, this.certDomains);
+    return {
+      list: optionsUtils.buildGroupOptions(options, this.certDomains),
+      total: siteRes.length,
+    };
  }
 }
 ```
--- a/.trae/skills/using-superpowers/SKILL.md
+++ b/.trae/skills/using-superpowers/SKILL.md
@@ -0,0 +1,115 @@
+---
+name: using-superpowers
+description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
+---
+
+<SUBAGENT-STOP>
+If you were dispatched as a subagent to execute a specific task, skip this skill.
+</SUBAGENT-STOP>
+
+<EXTREMELY-IMPORTANT>
+If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
+
+IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
+
+This is not negotiable. This is not optional. You cannot rationalize your way out of this.
+</EXTREMELY-IMPORTANT>
+
+## Instruction Priority
+
+Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
+
+1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
+2. **Superpowers skills** — override default system behavior where they conflict
+3. **Default system prompt** — lowest priority
+
+If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
+
+## How to Access Skills
+
+**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
+
+**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
+
+**In other environments:** Check your platform's documentation for how skills are loaded.
+
+## Platform Adaptation
+
+Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
+
+# Using Skills
+
+## The Rule
+
+**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
+
+```dot
+digraph skill_flow {
+    "User message received" [shape=doublecircle];
+    "About to EnterPlanMode?" [shape=doublecircle];
+    "Already brainstormed?" [shape=diamond];
+    "Invoke brainstorming skill" [shape=box];
+    "Might any skill apply?" [shape=diamond];
+    "Invoke Skill tool" [shape=box];
+    "Announce: 'Using [skill] to [purpose]'" [shape=box];
+    "Has checklist?" [shape=diamond];
+    "Create TodoWrite todo per item" [shape=box];
+    "Follow skill exactly" [shape=box];
+    "Respond (including clarifications)" [shape=doublecircle];
+
+    "About to EnterPlanMode?" -> "Already brainstormed?";
+    "Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
+    "Already brainstormed?" -> "Might any skill apply?" [label="yes"];
+    "Invoke brainstorming skill" -> "Might any skill apply?";
+
+    "User message received" -> "Might any skill apply?";
+    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
+    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
+    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
+    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
+    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
+    "Has checklist?" -> "Follow skill exactly" [label="no"];
+    "Create TodoWrite todo per item" -> "Follow skill exactly";
+}
+```
+
+## Red Flags
+
+These thoughts mean STOP—you're rationalizing:
+
+| Thought | Reality |
+|---------|---------|
+| "This is just a simple question" | Questions are tasks. Check for skills. |
+| "I need more context first" | Skill check comes BEFORE clarifying questions. |
+| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
+| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
+| "Let me gather information first" | Skills tell you HOW to gather information. |
+| "This doesn't need a formal skill" | If a skill exists, use it. |
+| "I remember this skill" | Skills evolve. Read current version. |
+| "This doesn't count as a task" | Action = task. Check for skills. |
+| "The skill is overkill" | Simple things become complex. Use it. |
+| "I'll just do this one thing first" | Check BEFORE doing anything. |
+| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
+| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
+
+## Skill Priority
+
+When multiple skills could apply, use this order:
+
+1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
+2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
+
+"Let's build X" → brainstorming first, then implementation skills.
+"Fix this bug" → debugging first, then domain-specific skills.
+
+## Skill Types
+
+**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
+
+**Flexible** (patterns): Adapt principles to context.
+
+The skill itself tells you which.
+
+## User Instructions
+
+Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.
--- a/.trae/skills/using-superpowers/references/codex-tools.md
+++ b/.trae/skills/using-superpowers/references/codex-tools.md
@@ -0,0 +1,100 @@
+# Codex Tool Mapping
+
+Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
+
+| Skill references | Codex equivalent |
+|-----------------|------------------|
+| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
+| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
+| Task returns result | `wait` |
+| Task completes automatically | `close_agent` to free slot |
+| `TodoWrite` (task tracking) | `update_plan` |
+| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
+| `Read`, `Write`, `Edit` (files) | Use your native file tools |
+| `Bash` (run commands) | Use your native shell tools |
+
+## Subagent dispatch requires multi-agent support
+
+Add to your Codex config (`~/.codex/config.toml`):
+
+```toml
+[features]
+multi_agent = true
+```
+
+This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
+
+## Named agent dispatch
+
+Claude Code skills reference named agent types like `superpowers:code-reviewer`.
+Codex does not have a named agent registry — `spawn_agent` creates generic agents
+from built-in roles (`default`, `explorer`, `worker`).
+
+When a skill says to dispatch a named agent type:
+
+1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
+   local prompt template like `code-quality-reviewer-prompt.md`)
+2. Read the prompt content
+3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
+4. Spawn a `worker` agent with the filled content as the `message`
+
+| Skill instruction | Codex equivalent |
+|-------------------|------------------|
+| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
+| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
+
+### Message framing
+
+The `message` parameter is user-level input, not a system prompt. Structure it
+for maximum instruction adherence:
+
+```
+Your task is to perform the following. Follow the instructions below exactly.
+
+<agent-instructions>
+[filled prompt content from the agent's .md file]
+</agent-instructions>
+
+Execute this now. Output ONLY the structured response following the format
+specified in the instructions above.
+```
+
+- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
+- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
+- End with an explicit execution directive to prevent summarization of the instructions
+
+### When this workaround can be removed
+
+This approach compensates for Codex's plugin system not yet supporting an `agents`
+field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
+plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
+skills can dispatch named agent types directly.
+
+## Environment Detection
+
+Skills that create worktrees or finish branches should detect their
+environment with read-only git commands before proceeding:
+
+```bash
+GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
+GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
+BRANCH=$(git branch --show-current)
+```
+
+- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
+- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
+
+See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
+Step 1 for how each skill uses these signals.
+
+## Codex App Finishing
+
+When the sandbox blocks branch/push operations (detached HEAD in an
+externally managed worktree), the agent commits all work and informs
+the user to use the App's native controls:
+
+- **"Create branch"** — names the branch, then commit/push/PR via App UI
+- **"Hand off to local"** — transfers work to the user's local checkout
+
+The agent can still run tests, stage files, and output suggested branch
+names, commit messages, and PR descriptions for the user to copy.
--- a/.trae/skills/using-superpowers/references/gemini-tools.md
+++ b/.trae/skills/using-superpowers/references/gemini-tools.md
@@ -0,0 +1,33 @@
+# Gemini CLI Tool Mapping
+
+Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
+
+| Skill references | Gemini CLI equivalent |
+|-----------------|----------------------|
+| `Read` (file reading) | `read_file` |
+| `Write` (file creation) | `write_file` |
+| `Edit` (file editing) | `replace` |
+| `Bash` (run commands) | `run_shell_command` |
+| `Grep` (search file content) | `grep_search` |
+| `Glob` (search files by name) | `glob` |
+| `TodoWrite` (task tracking) | `write_todos` |
+| `Skill` tool (invoke a skill) | `activate_skill` |
+| `WebSearch` | `google_web_search` |
+| `WebFetch` | `web_fetch` |
+| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
+
+## No subagent support
+
+Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
+
+## Additional Gemini CLI tools
+
+These tools are available in Gemini CLI but have no Claude Code equivalent:
+
+| Tool | Purpose |
+|------|---------|
+| `list_directory` | List files and subdirectories |
+| `save_memory` | Persist facts to GEMINI.md across sessions |
+| `ask_user` | Request structured input from the user |
+| `tracker_create_task` | Rich task management (create, update, list, visualize) |
+| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,45 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+### Bug Fixes
+
+* 修复cname校验报该授权无权限的bug ([b1eb706](https://github.com/certd/certd/commit/b1eb7069258d6ff2b128091911fa448eaffc5f33))
+
+### Performance Improvements
+
+* 支持部署到火山云tos自定义域名证书 ([af6deb9](https://github.com/certd/certd/commit/af6deb99cd24a69a189b1fdd1df51c8f7816dcda))
+* 支持部署证书到火山引擎vod ([f91d591](https://github.com/certd/certd/commit/f91d591b03c50166d9fa352ba11c62d963869aa5))
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* 修复批量执行按钮无效的bug ([49703f0](https://github.com/certd/certd/commit/49703f08e55b303851086d9f36aca562d7999be6))
+* remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100 ([285532d](https://github.com/certd/certd/commit/285532d4318b90d0d7f8154f070274c0a0ec0269))
+
+### Performance Improvements
+
+* 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书 ([ffd2e81](https://github.com/certd/certd/commit/ffd2e8149e3a06bf3eec456ff85dbed793af9e90))
+* 企业模式下面增加个人数据迁移的引导 ([431afd6](https://github.com/certd/certd/commit/431afd618f547cecf9a29433f46d4367619e2ecf))
+* 新增阿里云证书清理插件 ([4b7eeaa](https://github.com/certd/certd/commit/4b7eeaa6e0a14d2e461c7c473a920a0966b1fe8e))
+* 优化远程数据选择框，选择数据时不刷新闪烁 ([7f6a8bc](https://github.com/certd/certd/commit/7f6a8bc87e364685defe7f039264b2de064806c5))
+* 支持复制粘贴任务步骤 ([acc2df2](https://github.com/certd/certd/commit/acc2df29def017fb8165f931b41ef95414966afc))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Bug Fixes
+
+* 修复修改分组报错的bug ([224db7d](https://github.com/certd/certd/commit/224db7da57dbdddf25bcac7faa0a29eb228c5a33))
+
+### Performance Improvements
+
+* 移除passkey的counter递增校验 ([68b669d](https://github.com/certd/certd/commit/68b669d3ff3e13b931939093320ce7237bb02b1b))
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 ### Bug Fixes
--- a/docs/guide/changelogs/CHANGELOG.md
+++ b/docs/guide/changelogs/CHANGELOG.md
@@ -3,6 +3,57 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+### Bug Fixes
+
+* 修复cname校验报该授权无权限的bug ([b1eb706](https://github.com/certd/certd/commit/b1eb7069258d6ff2b128091911fa448eaffc5f33))
+
+### Performance Improvements
+
+* 支持部署到火山云tos自定义域名证书 ([af6deb9](https://github.com/certd/certd/commit/af6deb99cd24a69a189b1fdd1df51c8f7816dcda))
+* 支持部署证书到火山引擎vod ([f91d591](https://github.com/certd/certd/commit/f91d591b03c50166d9fa352ba11c62d963869aa5))
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* 修复批量执行按钮无效的bug ([49703f0](https://github.com/certd/certd/commit/49703f08e55b303851086d9f36aca562d7999be6))
+* remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100 ([285532d](https://github.com/certd/certd/commit/285532d4318b90d0d7f8154f070274c0a0ec0269))
+
+### Performance Improvements
+
+* 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书 ([ffd2e81](https://github.com/certd/certd/commit/ffd2e8149e3a06bf3eec456ff85dbed793af9e90))
+* 企业模式下面增加个人数据迁移的引导 ([431afd6](https://github.com/certd/certd/commit/431afd618f547cecf9a29433f46d4367619e2ecf))
+* 新增阿里云证书清理插件 ([4b7eeaa](https://github.com/certd/certd/commit/4b7eeaa6e0a14d2e461c7c473a920a0966b1fe8e))
+* 优化远程数据选择框，选择数据时不刷新闪烁 ([7f6a8bc](https://github.com/certd/certd/commit/7f6a8bc87e364685defe7f039264b2de064806c5))
+* 支持复制粘贴任务步骤 ([acc2df2](https://github.com/certd/certd/commit/acc2df29def017fb8165f931b41ef95414966afc))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Bug Fixes
+
+* 修复修改分组报错的bug ([224db7d](https://github.com/certd/certd/commit/224db7da57dbdddf25bcac7faa0a29eb228c5a33))
+
+### Performance Improvements
+
+* 移除passkey的counter递增校验 ([68b669d](https://github.com/certd/certd/commit/68b669d3ff3e13b931939093320ce7237bb02b1b))
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
+## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)
+
+### Bug Fixes
+
+* 修复阿里云证书订单翻页问题 ([6d43623](https://github.com/certd/certd/commit/6d43623f459a7594599e50a7ed89d67fcc775518))
+* 修复查看证书详情页面错位的bug ([7f37df4](https://github.com/certd/certd/commit/7f37df42274e657892d92e868ceac67e139f3bf2))
+* 修复选择插件页面无法滚动的bug ([d8425bc](https://github.com/certd/certd/commit/d8425bc9c5ee81bb669706c6de6bad69d7c38d8e))
+
+### Performance Improvements
+
+* 优化passkey ([9e12412](https://github.com/certd/certd/commit/9e12412f5fa7800df1d7efaf62cd8fd5d79bb569))
+
 ## [1.39.3](https://github.com/certd/certd/compare/v1.39.2...v1.39.3) (2026-03-17)

 ### Bug Fixes
--- a/docs/guide/plugins/deploy.md
+++ b/docs/guide/plugins/deploy.md
@@ -1,5 +1,5 @@
 # 任务插件
-共 `125` 款任务插件    
+共 `128` 款任务插件    
 ## 1. 证书申请

 | 序号 | 名称 | 说明 |
@@ -81,22 +81,23 @@

 | 序号 | 名称 | 说明 |
 |-----|-----|-----|
-| 1.| **阿里云-部署到Ack** | 部署到阿里云Ack集群Ingress等通过Secret管理证书的应用 | 
-| 2.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
-| 3.| **阿里云-部署至任意云资源** | 【不建议使用】需要消耗阿里云自动部署次数，支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品 | 
-| 4.| **阿里云-部署至云原生API网关/AI网关** | 自动部署域名证书至云原生API网关、AI网关 | 
-| 5.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关（APIGateway） | 
-| 6.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
-| 7.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
-| 8.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速)，自动删除过期证书 | 
-| 9.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算（FC3.0） | 
-| 10.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速)，支持更新默认证书和扩展证书 | 
-| 11.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 
-| 12.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
-| 13.| **阿里云-部署至CLB(传统负载均衡)** | 部署证书到阿里云CLB(传统负载均衡) | 
-| 14.| **阿里云-部署至VOD** | 部署证书到阿里云视频点播（vod） | 
-| 15.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
-| 16.| **阿里云-上传证书到CAS** | 上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
+| 1.| **阿里云-删除即将过期证书** | 仅删除未使用的证书 | 
+| 2.| **阿里云-部署到Ack** | 部署到阿里云Ack集群Ingress等通过Secret管理证书的应用 | 
+| 3.| **阿里云-部署至ALB（应用负载均衡）** | ALB,更新监听器的默认证书 | 
+| 4.| **阿里云-部署至任意云资源** | 【不建议使用】需要消耗阿里云自动部署次数，支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品 | 
+| 5.| **阿里云-部署至云原生API网关/AI网关** | 自动部署域名证书至云原生API网关、AI网关 | 
+| 6.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关（APIGateway） | 
+| 7.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN | 
+| 8.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务，自动部署域名证书至阿里云DCDN | 
+| 9.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速)，自动删除过期证书 | 
+| 10.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算（FC3.0） | 
+| 11.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速)，支持更新默认证书和扩展证书 | 
+| 12.| **阿里云-部署至NLB（网络负载均衡）** | NLB,网络负载均衡,更新监听器的默认证书 | 
+| 13.| **阿里云-部署证书至OSS** | 部署域名证书至阿里云OSS自定义域名，不是上传到阿里云oss | 
+| 14.| **阿里云-部署至CLB(传统负载均衡)** | 部署证书到阿里云CLB(传统负载均衡) | 
+| 15.| **阿里云-部署至VOD** | 部署证书到阿里云视频点播（vod） | 
+| 16.| **阿里云-部署至阿里云WAF** | 部署证书到阿里云WAF | 
+| 17.| **阿里云-上传证书到CAS** | 上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出 | 
 ## 6. 华为云

 | 序号 | 名称 | 说明 |
@@ -130,8 +131,9 @@
 | 3.| **火山引擎-部署证书至CLB** | 部署至火山引擎负载均衡 | 
 | 4.| **火山引擎-部署证书至DCDN** | 部署至火山引擎全站加速 | 
 | 5.| **火山引擎-部署证书至Live** | 部署至火山引擎视频直播 | 
-| 6.| **火山引擎-部署证书至VOD** | 部署至火山引擎视频点播(暂不可用) | 
-| 7.| **火山引擎-上传证书至证书中心** | 上传证书至火山引擎证书中心 | 
+| 6.| **火山引擎-部署证书至TOS自定义域名** | 仅限TOS自定义域名，加速域名请选择火山引擎的CDN插件 | 
+| 7.| **火山引擎-部署证书至VOD** | 部署至火山引擎视频点播 | 
+| 8.| **火山引擎-上传证书至证书中心** | 上传证书至火山引擎证书中心 | 
 ## 9. 京东云

 | 序号 | 名称 | 说明 |
--- a/lerna.json
+++ b/lerna.json
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.39.4"
+  "version": "1.39.7"
 }
--- a/packages/core/acme-client/CHANGELOG.md
+++ b/packages/core/acme-client/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/publishlab/node-acme-client/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.39.6](https://github.com/publishlab/node-acme-client/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.39.5](https://github.com/publishlab/node-acme-client/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.39.4](https://github.com/publishlab/node-acme-client/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/acme-client
--- a/packages/core/acme-client/package.json
+++ b/packages/core/acme-client/package.json
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.39.4",
+    "version": "1.39.7",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.39.4",
+        "@certd/basic": "^1.39.7",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -70,5 +70,5 @@
    "bugs": {
        "url": "https://github.com/publishlab/node-acme-client/issues"
    },
-    "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+    "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/core/basic/CHANGELOG.md
+++ b/packages/core/basic/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/basic
--- a/packages/core/basic/build.md
+++ b/packages/core/basic/build.md
@@ -1 +1 @@
-01:09
+01:02
--- a/packages/core/basic/package.json
+++ b/packages/core/basic/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -47,5 +47,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/core/pipeline/CHANGELOG.md
+++ b/packages/core/pipeline/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/pipeline
--- a/packages/core/pipeline/package.json
+++ b/packages/core/pipeline/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.39.4",
-    "@certd/plus-core": "^1.39.4",
+    "@certd/basic": "^1.39.7",
+    "@certd/plus-core": "^1.39.7",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -45,5 +45,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/core/pipeline/src/plugin/api.ts
+++ b/packages/core/pipeline/src/plugin/api.ts
@@ -4,7 +4,7 @@ import { FileStore } from "../core/file-store.js";
 import { accessRegistry, IAccessService } from "../access/index.js";
 import { ICnameProxyService, IEmailService, IServiceGetter, IUrlService } from "../service/index.js";
 import { CancelError, IContext, RunHistory, RunnableCollection } from "../core/index.js";
-import { HttpRequestConfig, ILogger, logger, utils } from "@certd/basic";
+import { HttpRequestConfig, ILogger, logger, optionsUtils, utils } from "@certd/basic";
 import { HttpClient } from "@certd/basic";
 import dayjs from "dayjs";
 import { IPluginConfigService } from "../service/config.js";
@@ -315,6 +315,11 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
  getLastOutput(key: string) {
    return this.getLastStatus().status?.output?.[key];
  }
+
+  getMatchedDomains(domainList: string[], certDomains: string[]): string[] {
+    const { matched } = optionsUtils.groupByDomain(domainList, certDomains);
+    return matched;
+  }
 }

 export type OutputVO = {
--- a/packages/libs/lib-huawei/CHANGELOG.md
+++ b/packages/libs/lib-huawei/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/lib-huawei
--- a/packages/libs/lib-huawei/package.json
+++ b/packages/libs/lib-huawei/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -24,5 +24,5 @@
    "prettier": "^2.8.8",
    "tslib": "^2.8.1"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/libs/lib-iframe/CHANGELOG.md
+++ b/packages/libs/lib-iframe/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/lib-iframe
--- a/packages/libs/lib-iframe/package.json
+++ b/packages/libs/lib-iframe/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -31,5 +31,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/libs/lib-jdcloud/CHANGELOG.md
+++ b/packages/libs/lib-jdcloud/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/jdcloud
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/jdcloud
--- a/packages/libs/lib-jdcloud/package.json
+++ b/packages/libs/lib-jdcloud/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.39.4",
+  "version": "1.39.7",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -56,5 +56,5 @@
      "fetch"
    ]
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/libs/lib-k8s/CHANGELOG.md
+++ b/packages/libs/lib-k8s/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/lib-k8s
--- a/packages/libs/lib-k8s/package.json
+++ b/packages/libs/lib-k8s/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.39.4",
+    "@certd/basic": "^1.39.7",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -32,5 +32,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/libs/lib-server/CHANGELOG.md
+++ b/packages/libs/lib-server/CHANGELOG.md
@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+### Bug Fixes
+
+* 修复cname校验报该授权无权限的bug ([b1eb706](https://github.com/certd/certd/commit/b1eb7069258d6ff2b128091911fa448eaffc5f33))
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/lib-server
--- a/packages/libs/lib-server/package.json
+++ b/packages/libs/lib-server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.39.4",
+  "version": "1.39.7",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.39.4",
-    "@certd/basic": "^1.39.4",
-    "@certd/pipeline": "^1.39.4",
-    "@certd/plugin-lib": "^1.39.4",
-    "@certd/plus-core": "^1.39.4",
+    "@certd/acme-client": "^1.39.7",
+    "@certd/basic": "^1.39.7",
+    "@certd/pipeline": "^1.39.7",
+    "@certd/plugin-lib": "^1.39.7",
+    "@certd/plus-core": "^1.39.7",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -64,5 +64,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/libs/lib-server/src/user/access/service/access-getter.ts
+++ b/packages/libs/lib-server/src/user/access/service/access-getter.ts
@@ -3,8 +3,8 @@ import { IAccessService } from '@certd/pipeline';
 export class AccessGetter implements IAccessService {
  userId: number;
  projectId?: number;
-  getter: <T>(id: any, userId?: number, projectId?: number) => Promise<T>;
-  constructor(userId: number, projectId: number, getter: (id: any, userId: number, projectId?: number) => Promise<any>) {
+  getter: <T>(id: any, userId?: number, projectId?: number, ignorePermission?: boolean) => Promise<T>;
+  constructor(userId: number, projectId: number, getter: (id: any, userId: number, projectId?: number, ignorePermission?: boolean) => Promise<any>) {
    this.userId = userId;
    this.projectId = projectId;
    this.getter = getter;
--- a/packages/libs/midway-flyway-js/CHANGELOG.md
+++ b/packages/libs/midway-flyway-js/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/midway-flyway-js
--- a/packages/libs/midway-flyway-js/package.json
+++ b/packages/libs/midway-flyway-js/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.39.4",
+  "version": "1.39.7",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -46,5 +46,5 @@
    "typeorm": "^0.3.11",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/plugins/plugin-cert/CHANGELOG.md
+++ b/packages/plugins/plugin-cert/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 **Note:** Version bump only for package @certd/plugin-cert
--- a/packages/plugins/plugin-cert/package.json
+++ b/packages/plugins/plugin-cert/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.39.4",
-    "@certd/basic": "^1.39.4",
-    "@certd/pipeline": "^1.39.4",
-    "@certd/plugin-lib": "^1.39.4",
+    "@certd/acme-client": "^1.39.7",
+    "@certd/basic": "^1.39.7",
+    "@certd/pipeline": "^1.39.7",
+    "@certd/plugin-lib": "^1.39.7",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -38,5 +38,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/plugins/plugin-lib/CHANGELOG.md
+++ b/packages/plugins/plugin-lib/CHANGELOG.md
@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 ### Bug Fixes
--- a/packages/plugins/plugin-lib/package.json
+++ b/packages/plugins/plugin-lib/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.39.4",
+  "version": "1.39.7",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.39.4",
-    "@certd/basic": "^1.39.4",
-    "@certd/pipeline": "^1.39.4",
-    "@certd/plus-core": "^1.39.4",
+    "@certd/acme-client": "^1.39.7",
+    "@certd/basic": "^1.39.7",
+    "@certd/pipeline": "^1.39.7",
+    "@certd/plus-core": "^1.39.7",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -57,5 +57,5 @@
    "tslib": "^2.8.1",
    "typescript": "^5.4.2"
  },
-  "gitHead": "6cb51bc55d8a649797b0b3bdbc6982451b5bfd5e"
+  "gitHead": "adc3e6118b941818926705c3536babfca117c247"
 }
--- a/packages/ui/certd-client/CHANGELOG.md
+++ b/packages/ui/certd-client/CHANGELOG.md
@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+**Note:** Version bump only for package @certd/ui-client
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100 ([285532d](https://github.com/certd/certd/commit/285532d4318b90d0d7f8154f070274c0a0ec0269))
+
+### Performance Improvements
+
+* 企业模式下面增加个人数据迁移的引导 ([431afd6](https://github.com/certd/certd/commit/431afd618f547cecf9a29433f46d4367619e2ecf))
+* 优化远程数据选择框，选择数据时不刷新闪烁 ([7f6a8bc](https://github.com/certd/certd/commit/7f6a8bc87e364685defe7f039264b2de064806c5))
+* 支持复制粘贴任务步骤 ([acc2df2](https://github.com/certd/certd/commit/acc2df29def017fb8165f931b41ef95414966afc))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Bug Fixes
+
+* 修复修改分组报错的bug ([224db7d](https://github.com/certd/certd/commit/224db7da57dbdddf25bcac7faa0a29eb228c5a33))
+
+### Performance Improvements
+
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 ### Bug Fixes
--- a/packages/ui/certd-client/package.json
+++ b/packages/ui/certd-client/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.39.4",
+  "version": "1.39.7",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.39.4",
-    "@certd/pipeline": "^1.39.4",
+    "@certd/lib-iframe": "^1.39.7",
+    "@certd/pipeline": "^1.39.7",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
--- a/packages/ui/certd-client/src/components/plugins/common/remote-select.vue
+++ b/packages/ui/certd-client/src/components/plugins/common/remote-select.vue
@@ -104,7 +104,7 @@ const loading = ref(false);
 const pagerRef: Ref = ref({
  pageNo: 1,
  total: 0,
-  pageSize: props.pageSize || 100,
+  pageSize: props.pageSize || 50,
 });
 const getOptions = async () => {
  if (loading.value) {
@@ -182,7 +182,7 @@ const getOptions = async () => {
        pagerRef.value.pageNo = res.pageNo ?? 1;
      }
      if (res.pageSize != null) {
-        pagerRef.value.pageSize = res.pageSize ?? 100;
+        pagerRef.value.pageSize = res.pageSize ?? pageSize;
      }
      if (res.total != null) {
        pagerRef.value.total = res.total ?? list.length;
@@ -235,9 +235,10 @@ watch(
    const { form } = value;
    const oldForm: any = oldValue?.form;
    let changed = oldForm == null || optionsRef.value.length == 0;
+    debugger;
    if (props.watches && props.watches.length > 0) {
      for (const key of props.watches) {
-        if (oldForm && form[key] != oldForm[key]) {
+        if (oldForm && JSON.stringify(form[key]) != JSON.stringify(oldForm[key])) {
          changed = true;
          break;
        }
--- a/packages/ui/certd-client/src/layout/components/user-info/index.vue
+++ b/packages/ui/certd-client/src/layout/components/user-info/index.vue
@@ -1,6 +1,6 @@
 <template>
  <a-dropdown>
-    <div class="fs-user-info">{{ t("user.greeting") }}，{{ userStore.getUserInfo?.nickName || userStore.getUserInfo?.username }}</div>
+    <div class="fs-user-info" @click="goUserProfile">{{ t("user.greeting") }}，{{ userStore.getUserInfo?.nickName || userStore.getUserInfo?.username }}</div>
    <template #overlay>
      <a-menu>
        <a-menu-item>
--- a/packages/ui/certd-client/src/layout/layout-basic.vue
+++ b/packages/ui/certd-client/src/layout/layout-basic.vue
@@ -48,6 +48,9 @@ const avatar = computed(() => {
 async function handleLogout() {
  await userStore.logout(true);
 }
+function goUserProfile() {
+  router.push("/certd/mine/user-profile");
+}

 const settingStore = useSettingStore();

@@ -90,7 +93,7 @@ const projectStore = useProjectStore();
      </div>
    </template>
    <template #user-dropdown>
-      <UserDropdown :avatar="avatar" :menus="menus" :text="userStore.userInfo?.nickName || userStore.userInfo?.username" description="" tag-text="" @logout="handleLogout" />
+      <UserDropdown :avatar="avatar" :menus="menus" :text="userStore.userInfo?.nickName || userStore.userInfo?.username" description="" tag-text="" @logout="handleLogout" @user-profile="goUserProfile" />
    </template>
    <template #lock-screen>
      <LockScreen :avatar @to-login="handleLogout" />
--- a/packages/ui/certd-client/src/locales/langs/en-US/authentication.ts
+++ b/packages/ui/certd-client/src/locales/langs/en-US/authentication.ts
@@ -103,4 +103,6 @@ export default {
  deviceNameHelper: "Please enter the device name， used to identify the device",
  passkeyRegisterHelper: "Site domain change will invalidate passkey",
  userInfo: "User Info",
+  securitySettingTip: "2FA Setting",
+  securitySetting: "2FA Setting",
 };
--- a/packages/ui/certd-client/src/locales/langs/en-US/certd.ts
+++ b/packages/ui/certd-client/src/locales/langs/en-US/certd.ts
@@ -795,6 +795,8 @@ export default {
      reverseProxyEmpty: "No reverse proxy list configured",
      environmentVars: "Environment Variables",
      environmentVarsHelper: "configure the runtime environment variables, one per line, format: KEY=VALUE",
+
+      bindUrl: "Bind URL",
    },
  },
  modal: {
--- a/packages/ui/certd-client/src/locales/langs/zh-CN/authentication.ts
+++ b/packages/ui/certd-client/src/locales/langs/zh-CN/authentication.ts
@@ -105,4 +105,6 @@ export default {
  deviceNameHelper: "请输入当前设备名称，绑定多个时好做区分",
  passkeyRegisterHelper: "1、站点域名变更会导致passkey失效;\n2、同一设备同一个用户绑定多次只有最后一次的有效，之前绑定的会失效，需要手动删除",
  userInfo: "账号信息",
+  securitySettingTip: "2FA设置",
+  securitySetting: "2FA设置",
 };
--- a/packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts
+++ b/packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts
@@ -589,11 +589,11 @@ export default {
  userValidityPeriodHelper: "有效期内用户可正常使用，失效后用户的流水线将被停用",
  enableUsernameRegistration: "开启用户名注册",
  enableEmailRegistration: "开启邮箱注册",
-  proFeature: "专业版功能",
+  proFeature: "Certd专业版功能",
  emailServerSetup: "设置邮箱服务器",
  enableSmsLoginRegister: "开启手机号登录、注册",
  defaultLoginType: "默认登录方式",
-  commFeature: "商业版功能",
+  commFeature: "Certd商业版功能",
  smsProvider: "短信提供商",
  aliyunSms: "阿里云短信",
  tencentSms: "腾讯云短信",
@@ -804,6 +804,7 @@ export default {
      reverseProxyEmpty: "未配置反向代理",
      environmentVars: "环境变量",
      environmentVarsHelper: "配置运行时环境变量，每行一个，格式：KEY=VALUE",
+      bindUrl: "绑定URL",
    },
  },
  modal: {
@@ -812,7 +813,7 @@ export default {
  },
  domain: {
    domainManager: "域名管理",
-    domainDescription: "管理域名的校验方式，用于申请证书时自动选择验证方式",
+    domainDescription: "流水线校验方式选择“自动选择”时此处配置才有用，支持自动导入；注意：这里只需要管理主域名即可，子域名不要填写（子域名托管和免费二级子域名除外）",
    domain: "域名",
    challengeType: "校验类型",
    dnsProviderType: "DNS提供商类型",
--- a/packages/ui/certd-client/src/locales/langs/zh-CN/vip.ts
+++ b/packages/ui/certd-client/src/locales/langs/zh-CN/vip.ts
@@ -88,13 +88,13 @@ export default {
  activation_code_one_use: "激活码使用过一次之后，不可再次使用，如果要更换站点，请",
  bind_account: "绑定账号",
  transfer_vip: '然后"转移VIP"即可',
-  needVipTip: "此为专业版功能，请先开通专业版",
+  needVipTip: "此为Certd专业版功能，请先开通Certd专业版",
  manual_activation: "激活码手动激活",
  close: "关闭",
  have_activation_code: "已经有激活码了？",
  buy: "立即购买",
-  already_plus: "已经是专业版了，是否升级为商业版？注意：专业版时长将被覆盖",
-  already_comm: "已经是商业版了，不能降级为专业版",
+  already_plus: "已经是Certd专业版了，是否升级为商业版？注意：Certd专业版时长将被覆盖",
+  already_comm: "已经是Certd商业版了，不能降级为专业版",
  already_perpetual_plus: "您已经是永久专业版了，无法继续升级",
  confirm: "确认",
  not_effective: "VIP没有生效/时长未同步?",
--- a/packages/ui/certd-client/src/store/settings/index.tsx
+++ b/packages/ui/certd-client/src/store/settings/index.tsx
@@ -272,14 +272,27 @@ export const useSettingStore = defineStore({
    },
    async checkUrlBound() {
      const userStore = useUserStore();
-      const settingStore = useSettingStore();
      if (!userStore.isAdmin) {
        return;
      }
+      const bindUrl = this.installInfo.bindUrl;
+      const bindUrl2 = this.installInfo.bindUrl2;
+      if (!bindUrl) {
+        //绑定url
+        await this.doBindUrl("url");
+      } else {
+        //检查当前url 是否与绑定的url一致
+        const url = window.location.href;
+        if (!url.startsWith(bindUrl) && !url.startsWith(bindUrl2)) {
+          this.openBindUrlModal();
+        }
+      }
+    },
+
+    openBindUrlModal() {
      const event: any = { ModalRef: null };
      mitter.emit("getModal", event);
      const Modal = event.ModalRef;
-      let modalRef: any = null;
      const bindUrl = this.installInfo.bindUrl;
      const bindUrl2 = this.installInfo.bindUrl2;

@@ -289,57 +302,47 @@ export const useSettingStore = defineStore({
          modalRef.destroy();
        }
      };
-
-      if (!bindUrl) {
-        //绑定url
-        await this.doBindUrl("url");
-      } else {
-        //检查当前url 是否与绑定的url一致
-        const url = window.location.href;
-        if (!url.startsWith(bindUrl) && !url.startsWith(bindUrl2)) {
-          modalRef = Modal.warning({
-            title: "URL地址未绑定，是否绑定此地址？",
-            width: 500,
-            keyboard: false,
-            content: () => {
-              return (
-                <div class="p-4">
-                  <div class="flex items-center justify-between">
-                    <span>
-                      绑定地址1：
-                      <a-tag color="green">{bindUrl || "未占用"}</a-tag>
-                    </span>
-                    <a-button type="primary" onClick={() => doBindRequest("url")}>
-                      绑定到地址1
-                    </a-button>
-                  </div>
-                  <div class="flex items-center justify-between mt-3">
-                    <span>
-                      绑定地址2：
-                      <a-tag color="green">{bindUrl2 || "未占用"}</a-tag>
-                    </span>
-                    <a-button type="primary" onClick={() => doBindRequest("url2")}>
-                      绑定到地址2
-                    </a-button>
-                  </div>
-                </div>
-              );
-            },
-            onOk: async () => {
-              // await this.doBindUrl();
-              window.location.href = bindUrl;
-            },
-            okButtonProps: {
-              danger: true,
-            },
-            okText: "不，回到原来的地址",
-            cancelText: "不，回到原来的地址",
-            onCancel: () => {
-              window.location.href = bindUrl;
-            },
-          });
-        }
-      }
+      const modalRef: any = Modal.warning({
+        title: "URL地址未绑定，是否绑定此地址？",
+        width: 500,
+        keyboard: false,
+        content: () => {
+          return (
+            <div class="p-4">
+              <div class="flex items-center justify-between">
+                <span>
+                  绑定地址1：
+                  <a-tag color="green">{bindUrl || "未占用"}</a-tag>
+                </span>
+                <a-button type="primary" onClick={() => doBindRequest("url")}>
+                  绑定到地址1
+                </a-button>
+              </div>
+              <div class="flex items-center justify-between mt-3">
+                <span>
+                  绑定地址2：
+                  <a-tag color="green">{bindUrl2 || "未占用"}</a-tag>
+                </span>
+                <a-button type="primary" onClick={() => doBindRequest("url2")}>
+                  绑定到地址2
+                </a-button>
+              </div>
+            </div>
+          );
+        },
+        onOk: async () => {
+          // await this.doBindUrl();
+          window.location.href = bindUrl;
+        },
+        okButtonProps: {
+          danger: true,
+        },
+        okText: "不，回到原来的地址",
+        cancelText: "不，回到原来的地址",
+        onCancel: () => {
+          window.location.href = bindUrl;
+        },
+      });
    },
    async loadProductInfo() {
      try {
--- a/packages/ui/certd-client/src/style/certd.less
+++ b/packages/ui/certd-client/src/style/certd.less
@@ -118,3 +118,16 @@ span.fs-icon-svg {
  }
 }

+
+button.ant-btn.ant-btn-default.isPlus{
+  color: #c5913f;
+  border: 1px solid #c5913f;
+
+  &:disabled {
+    cursor: not-allowed;
+    border-color: hsl(240 5.9% 90%);
+    color: rgba(50, 54, 57, 0.25);
+    background-color: rgba(50, 54, 57, 0.04);
+    box-shadow: none;
+  }
+}
--- a/packages/ui/certd-client/src/vben/layouts/widgets/user-dropdown/user-dropdown.vue
+++ b/packages/ui/certd-client/src/vben/layouts/widgets/user-dropdown/user-dropdown.vue
@@ -67,7 +67,7 @@ const props = withDefaults(defineProps<Props>(), {
  hoverDelay: 500,
 });

-const emit = defineEmits<{ logout: [] }>();
+const emit = defineEmits<{ logout: []; userProfile: [] }>();

 const { globalLockScreenShortcutKey, globalLogoutShortcutKey } = usePreferences();
 const lockStore = useLockStore();
@@ -132,6 +132,11 @@ function handleSubmitLogout() {
  logoutModalApi.close();
 }

+function handleUserProfile() {
+  emit("userProfile");
+  openPopover.value = false;
+}
+
 if (enableShortcutKey.value) {
  const keys = useMagicKeys();
  whenever(keys["Alt+KeyQ"]!, () => {
@@ -173,7 +178,7 @@ if (enableShortcutKey.value) {
    </DropdownMenuTrigger>
    <DropdownMenuContent class="mr-2 min-w-[240px] p-0 pb-1">
      <div ref="refContent">
-        <DropdownMenuLabel class="flex items-center p-3">
+        <DropdownMenuLabel class="flex items-center p-3 pointer" @click="handleUserProfile">
          <VbenAvatar :alt="text" :src="avatar" class="size-12" dot dot-class="bottom-0 right-1 border-2 size-4 bg-green-500" />
          <div class="ml-2 w-full">
            <div v-if="tagText || text || $slots.tagText" class="text-foreground mb-1 flex items-center text-sm font-medium">
--- a/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/access/access-selector/access/crud.tsx
@@ -18,6 +18,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
    const { form, row } = req;
    form.id = row.id;
    form.type = props.type;
+    delete form.access;
+    delete form.keyId;
    const res = await context.api.UpdateObj(form);
    lastResRef.value = res;
    return res;
@@ -30,6 +32,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const addRequest = async (req: AddReq) => {
    const { form } = req;
    form.type = props.type;
+    delete form.access;
    const res = await context.api.AddObj(form);
    lastResRef.value = res;
    return res;
@@ -70,6 +73,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          width: "1050px",
        },
      },
+
      rowHandle: {
        width: 200,
      },
@@ -89,6 +93,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            }, // 点击行
          };
        },
+        remove: {
+          confirmMessage: "授权如果已经被使用，可能会导致流水线无法正常运行，请谨慎操作",
+        },
      },
      columns: {
        id: {
--- a/packages/ui/certd-client/src/views/certd/access/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/access/crud.tsx
@@ -15,6 +15,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const editRequest = async (req: EditReq) => {
    const { form, row } = req;
    form.id = row.id;
+    delete form.access;
    const res = await api.UpdateObj(form);
    return res;
  };
@@ -25,6 +26,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat

  const addRequest = async (req: AddReq) => {
    const { form } = req;
+    delete form.access;
    const res = await api.AddObj(form);
    return res;
  };
--- a/packages/ui/certd-client/src/views/certd/addon/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/addon/crud.tsx
@@ -16,6 +16,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const editRequest = async (req: EditReq) => {
    const { form, row } = req;
    form.id = row.id;
+    delete form.body;
    const res = await api.UpdateObj(form);
    return res;
  };
@@ -26,6 +27,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat

  const addRequest = async (req: AddReq) => {
    const { form } = req;
+    delete form.body;
    const res = await api.AddObj(form);
    return res;
  };
--- a/packages/ui/certd-client/src/views/certd/mine/user-profile.vue
+++ b/packages/ui/certd-client/src/views/certd/mine/user-profile.vue
@@ -35,11 +35,15 @@
                </a-tag>
              </div>
            </div>
-            <div class="action-buttons">
+            <div class="action-buttons gap-2">
              <a-button type="primary" class="action-btn" @click="doUpdate">
                {{ t("authentication.updateProfile") }}
              </a-button>
-              <change-password-button class="ml-10" :show-button="true" />
+              <change-password-button :show-button="true" />
+
+              <a-button type="primary" class="action-btn" @click="goSecuritySetting">
+                {{ t("authentication.securitySettingTip") }}
+              </a-button>
            </div>
          </div>
        </div>
@@ -142,6 +146,7 @@ import { useSettingStore } from "/@/store/settings";
 import { isEmpty } from "lodash-es";
 import { dict } from "@fast-crud/fast-crud";
 import dayjs from "dayjs";
+import { useRouter } from "vue-router";

 const { t } = useI18n();

@@ -175,6 +180,11 @@ function doUpdate() {
  });
 }

+const router = useRouter();
+function goSecuritySetting() {
+  router.push("/certd/mine/security");
+}
+
 const oauthBounds = ref([]);
 const oauthProviders = ref([]);

@@ -294,6 +304,12 @@ async function doRegisterPasskey(deviceName: string) {
        name: userInfo.value.username + "@" + deviceName,
        displayName: deviceName,
      },
+      // 关键配置在这里 👇
+      authenticatorSelection: {
+        residentKey: "required", // 或 "preferred"，请求创建可发现凭证
+        requireResidentKey: true, // 为兼容旧浏览器，设置与 residentKey 相同的值
+        userVerification: "preferred", // 用户验证策略
+      },
    };
    console.log("passkey register publicKey:", publicKey, JSON.stringify(publicKey));
    const credential = await (navigator.credentials as any).create({
--- a/packages/ui/certd-client/src/views/certd/notification/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/notification/crud.tsx
@@ -11,6 +11,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const editRequest = async (req: EditReq) => {
    const { form, row } = req;
    form.id = row.id;
+    delete form.body;
    const res = await api.UpdateObj(form);
    return res;
  };
@@ -21,6 +22,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat

  const addRequest = async (req: AddReq) => {
    const { form } = req;
+    delete form.body;
    const res = await api.AddObj(form);
    return res;
  };
--- a/packages/ui/certd-client/src/views/certd/notification/notification-selector/modal/crud.tsx
+++ b/packages/ui/certd-client/src/views/certd/notification/notification-selector/modal/crud.tsx
@@ -14,6 +14,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const editRequest = async (req: EditReq) => {
    const { form, row } = req;
    form.id = row.id;
+    delete form.body;
    const res = await context.api.UpdateObj(form);
    lastResRef.value = res;
    return res;
@@ -25,6 +26,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat

  const addRequest = async (req: AddReq) => {
    const { form } = req;
+    delete form.body;
    const res = await context.api.AddObj(form);
    lastResRef.value = res;
    return res;
--- a/packages/ui/certd-client/src/views/certd/pipeline/detail.vue
+++ b/packages/ui/certd-client/src/views/certd/pipeline/detail.vue
@@ -29,15 +29,15 @@ const pipelineOptions: PipelineOptions = {
    onLoaded(detail);
    return {
      pipeline: {
-        id: detail.pipeline.id,
        stages: [],
        triggers: [],
        ...JSON.parse(detail.pipeline.content || "{}"),
-        type: detail.pipeline.type,
-        from: detail.pipeline.from,
+        id: detail.pipeline.id,
        userId: detail.pipeline.userId,
        projectId: detail.pipeline.projectId,
      },
+      type: detail.pipeline.type,
+      from: detail.pipeline.from,
      validTime: detail.pipeline.validTime,
      webhookKey: detail.pipeline.webhookKey,
      id: detail.pipeline.id,
--- a/packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-form/copy.ts
+++ b/packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-form/copy.ts
@@ -0,0 +1,39 @@
+import { reactive, ref } from "vue";
+
+export class CopyeStore {
+  type: "step" | "steps" | "task" | "tasks";
+  target: any;
+
+  getCopyedCount() {
+    if (this.type === "step") {
+      return 1;
+    } else if (this.type === "steps") {
+      return this.target.length;
+    } else if (this.type === "task") {
+      return 1;
+    } else if (this.type === "tasks") {
+      return this.target.length;
+    } else {
+      return 0;
+    }
+  }
+
+  setStep(target: any) {
+    this.target = target;
+    this.type = "step";
+  }
+  setSteps(target: any) {
+    this.target = target;
+    this.type = "steps";
+  }
+  setTask(target: any) {
+    this.target = target;
+    this.type = "task";
+  }
+  setTasks(target: any) {
+    this.target = target;
+    this.type = "tasks";
+  }
+}
+
+export const Copyed: any = reactive(new CopyeStore());
--- a/packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-form/index.vue
+++ b/packages/ui/certd-client/src/views/certd/pipeline/pipeline/component/task-form/index.vue
@@ -29,7 +29,17 @@
            <a-form-item :value="currentTask.steps" name="steps" label="" :wrapper-col="{ span: 24 }" :rules="[{ required: true, message: '至少需要一个步骤，或者你可以点击标题右边删除按钮删除此任务' }]">
              <a-descriptions title="任务步骤" size="small">
                <template #extra>
-                  <a-button type="primary" @click="stepAdd(currentTask)">添加步骤</a-button>
+                  <div class="flex gap-1">
+                    <a-button type="primary" @click="stepAdd(currentTask)">添加步骤</a-button>
+                    <a-tooltip title="复制此任务下的所有步骤">
+                      <a-button type="default" class="isPlus" :disabled="currentTask.steps?.length === 0" @click="stepsCopy(currentTask)">复制</a-button>
+                    </a-tooltip>
+                    <a-tooltip title="可以从其他任务复制后到此处粘贴">
+                      <a-badge :count="Copyed.getCopyedCount()">
+                        <a-button type="default" class="isPlus" :disabled="Copyed.getCopyedCount() === 0" @click="stepPaste(currentTask)">粘贴</a-button>
+                      </a-badge>
+                    </a-tooltip>
+                  </div>
                </template>
              </a-descriptions>
              <v-draggable v-model="currentTask.steps" class="step-list" handle=".handle" item-key="id" :disabled="!settingStore.isPlus">
@@ -68,14 +78,15 @@

 <script lang="ts">
 import { provide, Ref, ref } from "vue";
-import * as _ from "lodash-es";
 import { nanoid } from "nanoid";
 import PiStepForm from "../step-form/index.vue";
-import { Modal } from "ant-design-vue";
+import { message, Modal } from "ant-design-vue";
 import VDraggable from "vuedraggable";
 import { useUserStore } from "/@/store/user";
 import { useSettingStore } from "/@/store/settings";
 import { filter } from "lodash-es";
+import { Copyed } from "./copy";
+import { cloneDeep, merge } from "lodash-es";
 export default {
  name: "PiTaskForm",
  components: { PiStepForm, VDraggable },
@@ -89,6 +100,7 @@ export default {
  setup(props: any, ctx: any) {
    const userStore = useUserStore();
    const settingStore = useSettingStore();
+
    function useStep() {
      const stepFormRef: Ref<any> = ref(null);
      const currentStepIndex = ref(0);
@@ -106,10 +118,42 @@ export default {
      };

      const stepCopy = (task: any, step: any, stepIndex: any) => {
-        step = _.cloneDeep(step);
+        settingStore.checkPlus();
+        step = cloneDeep(step);
        step.id = nanoid();
-        step.title = step.title + "_copy";
-        stepAdd(task, step);
+        Copyed.type = "step";
+        Copyed.target = step;
+        message.success("步骤配置复制成功，您可以到其他任务编辑页面进行粘贴");
+      };
+
+      const stepsCopy = (task: any) => {
+        settingStore.checkPlus();
+        const steps = cloneDeep(task.steps);
+        Copyed.type = "steps";
+        Copyed.target = steps;
+        message.success("本任务的所有步骤复制成功，您可以到其他任务编辑页面进行粘贴");
+      };
+
+      const stepPaste = (task: any) => {
+        settingStore.checkPlus();
+        if (!Copyed.target) {
+          message.error("请先复制");
+          return;
+        }
+        if (Copyed.type === "step") {
+          const step = cloneDeep(Copyed.target);
+          step.id = nanoid();
+          step.title = step.title + "_copy";
+          task.steps.push(step);
+        } else if (Copyed.type === "steps") {
+          const steps = cloneDeep(Copyed.target);
+          for (const item of steps) {
+            item.id = nanoid();
+            item.title = item.title + "_copy";
+            task.steps.push(item);
+          }
+        }
+        message.success("粘贴成功");
      };
      const stepEdit = (task: any, step: any, stepIndex: any) => {
        currentStepIndex.value = stepIndex;
@@ -144,7 +188,7 @@ export default {
        step.disabled = !!!step.disabled;
      };

-      return { stepAdd, stepEdit, stepCopy, stepDelete, toggleDisabled, stepFormRef };
+      return { stepAdd, stepEdit, stepCopy, stepDelete, toggleDisabled, stepFormRef, stepPaste, stepsCopy };
    }

    /**
@@ -181,7 +225,7 @@ export default {

      const taskOpen = (task: any, emit: any) => {
        callback.value = emit;
-        currentTask.value = _.merge({ steps: {} }, task);
+        currentTask.value = merge({ steps: {} }, task);
        console.log("currentTaskOpen", currentTask.value);
        taskDrawerShow();
      };
@@ -189,7 +233,7 @@ export default {
      const taskAdd = (emit: any, taskMerge: any) => {
        mode.value = "add";
        const blankTask: any = { id: nanoid(), title: "新任务", steps: [], status: null };
-        const task: any = _.merge(blankTask, taskMerge);
+        const task: any = merge(blankTask, taskMerge);
        taskOpen(task, emit);
      };

@@ -262,6 +306,7 @@ export default {
      wrapperCol: { span: 20 },
      ...useTaskForm(),
      ...useStep(),
+      Copyed,
    };
  },
 };
--- a/packages/ui/certd-client/src/views/certd/project/detail/index.vue
+++ b/packages/ui/certd-client/src/views/certd/project/detail/index.vue
@@ -49,6 +49,7 @@ defineOptions({

 const route = useRoute();
 const projectIdStr = route.query.projectId as string;
+const migrate = route.query.migrate as string;
 let projectId = Number(projectIdStr);
 const projectStore = useProjectStore();
 if (!projectId) {
@@ -116,7 +117,11 @@ onMounted(async () => {
    return;
  }
  await loadProjectDetail();
-  crudExpose.doRefresh();
+  await crudExpose.doRefresh();
+
+  if (migrate === "true") {
+    openTransferDialog();
+  }
 });
 onActivated(async () => {
  await crudExpose.doRefresh();
--- a/packages/ui/certd-client/src/views/framework/login/index.vue
+++ b/packages/ui/certd-client/src/views/framework/login/index.vue
@@ -46,21 +46,11 @@
              </a-form-item>
            </template>
          </a-tab-pane>
-          <a-tab-pane v-if="settingStore.sysPublic.passkeyEnabled && settingStore.isPlus" key="passkey" :tab="t('authentication.passkeyTab')">
-            <template v-if="formState.loginType === 'passkey'">
-              <div v-if="!passkeySupported" class="text-red-500 text-sm mt-2 text-center mb-10">
-                {{ t("authentication.passkeyNotSupported") }}
-              </div>
-            </template>
-          </a-tab-pane>
        </a-tabs>
        <a-form-item>
-          <a-button v-if="formState.loginType !== 'passkey'" type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
+          <a-button type="primary" size="large" html-type="button" :loading="loading" class="login-button" @click="handleFinish">
            {{ queryBindCode ? t("authentication.bindButton") : t("authentication.loginButton") }}
          </a-button>
-          <a-button v-else type="primary" size="large" html-type="button" :loading="loading" class="login-button" :disabled="!passkeySupported" @click="handlePasskeyLogin">
-            {{ t("authentication.passkeyLogin") }}
-          </a-button>
        </a-form-item>
        <a-form-item>
          <div class="mt-2 flex justify-between items-center">
@@ -73,7 +63,6 @@
                {{ t("authentication.forgotPassword") }}
              </a>
            </div>
-
            <router-link v-if="hasRegisterTypeEnabled() && !queryBindCode" class="register" :to="{ name: 'register' }">
              {{ t("authentication.registerLink") }}
            </router-link>
@@ -81,7 +70,7 @@
        </a-form-item>
      </template>

-      <div v-if="!queryBindCode && settingStore.sysPublic.oauthEnabled && settingStore.isPlus" class="w-full">
+      <div v-if="!queryBindCode && (settingStore.sysPublic.oauthEnabled || settingStore.sysPublic.passkeyEnabled) && settingStore.isPlus" class="w-full">
        <oauth-footer :oauth-only="isOauthOnly"></oauth-footer>
      </div>
    </a-form>
@@ -195,64 +184,6 @@ const twoFactor = reactive({
  verifyCode: "",
 });

-const passkeySupported = ref(false);
-const passkeyEnabled = ref(false);
-
-const checkPasskeySupport = () => {
-  passkeySupported.value = false;
-  if (typeof window !== "undefined" && "credentials" in navigator && "PublicKeyCredential" in window) {
-    passkeySupported.value = true;
-  }
-};
-
-const handlePasskeyLogin = async () => {
-  if (!passkeySupported.value) {
-    notification.error({ message: t("authentication.passkeyNotSupported") });
-    return;
-  }
-
-  loading.value = true;
-  try {
-    const optionsResponse: any = await request({
-      url: "/passkey/generateAuthentication",
-      method: "post",
-    });
-    const options = optionsResponse;
-
-    console.log("passkey authentication options:", options, JSON.stringify(options));
-    const credential = await (navigator.credentials as any).get({
-      publicKey: {
-        challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
-        rpId: options.rpId,
-        allowCredentials: options.allowCredentials || [],
-        timeout: options.timeout || 60000,
-        // attestation: options.attestation,
-        // excludeCredentials: excludeCredentials,
-        // extensions: options.extensions,
-        // authenticatorSelection: options.authenticatorSelection,
-        // hints: options.hints,
-      },
-    });
-
-    console.log("passkey authentication credential:", credential, JSON.stringify(credential));
-    if (!credential) {
-      throw new Error("Passkey认证失败");
-    }
-
-    const loginRes: any = await UserApi.loginByPasskey({
-      credential,
-      challenge: options.challenge,
-    });
-
-    await userStore.onLoginSuccess(loginRes);
-  } catch (e: any) {
-    console.error("Passkey登录失败:", e);
-    notification.error({ message: e.message || "Passkey登录失败" });
-  } finally {
-    loading.value = false;
-  }
-};
-
 const handleFinish = async () => {
  loading.value = true;
  try {
@@ -301,9 +232,7 @@ const isOauthOnly = computed(() => {
  return sysPublicSettings.oauthOnly && settingStore.isPlus && sysPublicSettings.oauthEnabled;
 });

-onMounted(() => {
-  checkPasskeySupport();
-});
+onMounted(() => {});
 </script>

 <style lang="less">
--- a/packages/ui/certd-client/src/views/framework/login/passkey-login.vue
+++ b/packages/ui/certd-client/src/views/framework/login/passkey-login.vue
@@ -0,0 +1,85 @@
+<template>
+  <div v-if="passkeyEnabled && isPlus" class="oauth-icon-button" :class="{ pointer: passkeySupported }" @click="handlePasskeyLogin">
+    <div><fs-icon icon="ion:finger-print-outline" :class="{ 'text-blue-600': passkeySupported, 'text-gray-400': !passkeySupported }" class="text-40" /></div>
+    <div class="ellipsis title" :title="t('authentication.passkeyLogin')" :class="{ 'text-gray-400': !passkeySupported }">{{ t("authentication.passkeyLogin") }}</div>
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { ref, computed, onMounted } from "vue";
+import { useI18n } from "/@/locales";
+import { useSettingStore } from "/@/store/settings";
+import { notification } from "ant-design-vue";
+import { request } from "/src/api/service";
+import * as UserApi from "/src/store/user/api.user";
+import { useUserStore } from "/src/store/user";
+
+const { t } = useI18n();
+const settingStore = useSettingStore();
+const userStore = useUserStore();
+
+const loading = ref(false);
+const passkeySupported = ref(false);
+
+const passkeyEnabled = computed(() => settingStore.sysPublic.passkeyEnabled);
+const isPlus = computed(() => settingStore.isPlus);
+
+const checkPasskeySupport = () => {
+  passkeySupported.value = false;
+  if (typeof window !== "undefined" && "credentials" in navigator && "PublicKeyCredential" in window) {
+    passkeySupported.value = true;
+  }
+};
+
+const handlePasskeyLogin = async () => {
+  if (!passkeySupported.value) {
+    notification.error({ message: t("authentication.passkeyNotSupported") });
+    return;
+  }
+
+  loading.value = true;
+  try {
+    const optionsResponse: any = await request({
+      url: "/passkey/generateAuthentication",
+      method: "post",
+    });
+    const options = optionsResponse;
+
+    console.log("passkey authentication options:", options, JSON.stringify(options));
+    const credential = await (navigator.credentials as any).get({
+      publicKey: {
+        challenge: Uint8Array.from(atob(options.challenge.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0)),
+        rpId: options.rpId,
+        allowCredentials: options.allowCredentials || [],
+        timeout: options.timeout || 60000,
+        authenticatorSelection: {
+          residentKey: "required",
+          requireResidentKey: true,
+          userVerification: "preferred",
+        },
+      },
+    });
+
+    console.log("passkey authentication credential:", credential, JSON.stringify(credential));
+    if (!credential) {
+      throw new Error("Passkey认证失败");
+    }
+
+    const loginRes: any = await UserApi.loginByPasskey({
+      credential,
+      challenge: options.challenge,
+    });
+
+    await userStore.onLoginSuccess(loginRes);
+  } catch (e: any) {
+    console.error("Passkey登录失败:", e);
+    notification.error({ message: e.message || "Passkey登录失败" });
+  } finally {
+    loading.value = false;
+  }
+};
+
+onMounted(() => {
+  checkPasskeySupport();
+});
+</script>
--- a/packages/ui/certd-client/src/views/framework/oauth/oauth-footer.vue
+++ b/packages/ui/certd-client/src/views/framework/oauth/oauth-footer.vue
@@ -4,6 +4,7 @@
      <div class="oauth-title-text">{{ computedTitle }}</div>
    </div>
    <div class="flex justify-center items-center gap-4 flex-wrap md:flex-nowrap">
+      <passkey-login></passkey-login>
      <template v-for="item in oauthProviderList" :key="item.type">
        <div v-if="item.addonId" class="oauth-icon-button pointer" @click="goOauthLogin(item.name)">
          <div><fs-icon :icon="item.icon" class="text-blue-600 text-40" /></div>
@@ -19,6 +20,7 @@ import * as api from "./api";
 import { useI18n } from "vue-i18n";
 import { useSettingStore } from "/@/store/settings";
 import { useRoute } from "vue-router";
+import PasskeyLogin from "../login/passkey-login.vue";

 const oauthProviderList = ref([]);
 const props = defineProps<{
--- a/packages/ui/certd-client/src/views/sys/account/index.vue
+++ b/packages/ui/certd-client/src/views/sys/account/index.vue
@@ -80,7 +80,7 @@ onMounted(() => {
    await settingStore.doBindUrl();
    notification.success({
      message: "更新成功",
-      description: "专业版/商业版已激活",
+      description: "Certd专业版/商业版已激活",
    });
  });
 });
--- a/packages/ui/certd-client/src/views/sys/settings/tabs/mode.vue
+++ b/packages/ui/certd-client/src/views/sys/settings/tabs/mode.vue
@@ -8,9 +8,10 @@
        </div>
        <div class="helper">SaaS模式：每个用户管理自己的流水线和授权资源，独立使用。</div>
        <div class="helper">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
+        <div class="helper"><a @click="adminModeIntroOpen = true">更多管理模式介绍</a></div>
        <div class="helper text-red-500">建议在开始使用时固定一个合适的模式，之后就不要随意切换了。</div>
+        <div v-if="formState.public.adminMode === 'enterprise'" class="helper">设置为企业模式之后，之前创建的个人数据不会显示，您可以选择<a @click="goCurrentProject"> 将个人数据迁移到项目</a></div>
        <div v-if="settingsStore.isComm" class="helper text-red-500">商业版不建议设置为企业模式，除非你确定要转成企业内部使用</div>
-        <div><a @click="adminModeIntroOpen = true"> 更多管理模式介绍</a></div>
      </a-form-item>

      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
@@ -33,6 +34,7 @@ import { useI18n } from "/src/locales";
 import { dict } from "@fast-crud/fast-crud";
 import { useProjectStore } from "/@/store/project";
 import AdminModeIntro from "/@/views/sys/enterprise/project/intro.vue";
+import { useRouter } from "vue-router";
 const { t } = useI18n();

 defineOptions({
@@ -82,5 +84,15 @@ const onFinish = async (form: any) => {
    saveLoading.value = false;
  }
 };
+
+const router = useRouter();
+const goCurrentProject = () => {
+  router.push({
+    path: "/certd/project/detail",
+    query: {
+      migrate: "true",
+    },
+  });
+};
 </script>
 <style lang="less"></style>
--- a/packages/ui/certd-client/src/views/sys/settings/tabs/oauth.vue
+++ b/packages/ui/certd-client/src/views/sys/settings/tabs/oauth.vue
@@ -8,7 +8,7 @@
        </div>
        <pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
        <div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
-          {{ t("certd.sys.setting.passkeyHostnameNotSame") }}
+          {{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
        </div>
      </a-form-item>
      <a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
--- a/packages/ui/certd-server/CHANGELOG.md
+++ b/packages/ui/certd-server/CHANGELOG.md
@@ -3,6 +3,37 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
+
+### Bug Fixes
+
+* 修复cname校验报该授权无权限的bug ([b1eb706](https://github.com/certd/certd/commit/b1eb7069258d6ff2b128091911fa448eaffc5f33))
+
+### Performance Improvements
+
+* 支持部署到火山云tos自定义域名证书 ([af6deb9](https://github.com/certd/certd/commit/af6deb99cd24a69a189b1fdd1df51c8f7816dcda))
+* 支持部署证书到火山引擎vod ([f91d591](https://github.com/certd/certd/commit/f91d591b03c50166d9fa352ba11c62d963869aa5))
+
+## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
+
+### Bug Fixes
+
+* 修复模版id不正确导致修改到错误的模版流水线bug ([b1ff163](https://github.com/certd/certd/commit/b1ff163a2828b205297408d5aed21cf1eff335e8))
+* 修复批量执行按钮无效的bug ([49703f0](https://github.com/certd/certd/commit/49703f08e55b303851086d9f36aca562d7999be6))
+
+### Performance Improvements
+
+* 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书 ([ffd2e81](https://github.com/certd/certd/commit/ffd2e8149e3a06bf3eec456ff85dbed793af9e90))
+* 新增阿里云证书清理插件 ([4b7eeaa](https://github.com/certd/certd/commit/4b7eeaa6e0a14d2e461c7c473a920a0966b1fe8e))
+
+## [1.39.5](https://github.com/certd/certd/compare/v1.39.4...v1.39.5) (2026-03-18)
+
+### Performance Improvements
+
+* 移除passkey的counter递增校验 ([68b669d](https://github.com/certd/certd/commit/68b669d3ff3e13b931939093320ce7237bb02b1b))
+* passkey 支持Bitwarden ([29f44c6](https://github.com/certd/certd/commit/29f44c67c808bed9ff1c9d4884d39a1a62d043a7))
+* passkey登录放到下方其他登录位置 ([1413e1a](https://github.com/certd/certd/commit/1413e1aff4aabcfd471716338c210fbcfd76c8f9))
+
 ## [1.39.4](https://github.com/certd/certd/compare/v1.39.3...v1.39.4) (2026-03-17)

 ### Bug Fixes
--- a/packages/ui/certd-server/metadata/deploy_AliyunDeleteExpiringCert.yaml
+++ b/packages/ui/certd-server/metadata/deploy_AliyunDeleteExpiringCert.yaml
@@ -0,0 +1,63 @@
+showRunStrategy: false
+default:
+  strategy:
+    runStrategy: 0
+name: AliyunDeleteExpiringCert
+title: 阿里云-删除即将过期证书
+icon: ant-design:aliyun-outlined
+group: aliyun
+desc: 仅删除未使用的证书
+needPlus: true
+input:
+  accessId:
+    title: Access提供者
+    helper: access 授权
+    component:
+      name: access-selector
+      type: aliyun
+    required: true
+    order: 0
+  endpoint:
+    title: 地域
+    helper: 阿里云CAS证书服务地域
+    component:
+      name: a-select
+      options:
+        - value: cas.aliyuncs.com
+          label: 中国大陆
+        - value: cas.ap-southeast-1.aliyuncs.com
+          label: 新加坡
+    required: true
+    value: cas.aliyuncs.com
+    order: 0
+  maxCount:
+    title: 最大删除数量
+    helper: 单次运行最大删除数量
+    value: 100
+    component:
+      name: a-input-number
+      vModel: value
+    required: true
+    order: 0
+  expiringDays:
+    title: 即将过期天数
+    helper: 仅删除有效期小于此天数的证书,0表示完全过期时才删除
+    value: 0
+    component:
+      name: a-input-number
+      vModel: value
+    required: true
+    order: 0
+  checkTimeout:
+    title: 检查超时时间
+    helper: 检查删除任务结果超时时间,单位分钟
+    value: 10
+    component:
+      name: a-input-number
+      vModel: value
+    required: true
+    order: 0
+output: {}
+pluginType: deploy
+type: builtIn
+scriptFilePath: /plugins/plugin-aliyun/plugin/delete-expiring-cert/index.js
--- a/packages/ui/certd-server/metadata/deploy_VolcengineDeployToALB.yaml
+++ b/packages/ui/certd-server/metadata/deploy_VolcengineDeployToALB.yaml
@@ -96,6 +96,19 @@ input:
      选择要部署证书的监听器
      需要在监听器中选择证书中心，进行跨服务访问授权
    order: 0
+  certType:
+    title: 证书部署类型
+    helper: 选择部署默认证书还是扩展证书
+    component:
+      name: a-select
+      options:
+        - label: 默认证书
+          value: default
+        - label: 扩展证书
+          value: extension
+    value: default
+    required: true
+    order: 0
 output: {}
 pluginType: deploy
 type: builtIn
--- a/packages/ui/certd-server/metadata/deploy_VolcengineDeployToTOS.yaml
+++ b/packages/ui/certd-server/metadata/deploy_VolcengineDeployToTOS.yaml
@@ -0,0 +1,116 @@
+showRunStrategy: false
+default:
+  strategy:
+    runStrategy: 1
+name: VolcengineDeployToTOS
+title: 火山引擎-部署证书至TOS自定义域名
+icon: svg:icon-volcengine
+group: volcengine
+desc: 仅限TOS自定义域名，加速域名请选择火山引擎的CDN插件
+input:
+  cert:
+    title: 域名证书
+    helper: 请选择前置任务输出的域名证书
+    component:
+      name: output-selector
+      from:
+        - ':cert:'
+        - VolcengineUploadToCertCenter
+    required: true
+    order: 0
+  certDomains:
+    title: 当前证书域名
+    component:
+      name: cert-domains-getter
+    mergeScript: |2-
+
+              return {
+                component:{
+                    inputKey: ctx.compute(({form})=>{
+                      return form.cert
+                    }),
+                }
+              }
+              
+    template: false
+    required: false
+    order: 0
+  accessId:
+    title: Access授权
+    helper: 火山引擎AccessKeyId、AccessKeySecret
+    component:
+      name: access-selector
+      type: volcengine
+    required: true
+    order: 0
+  region:
+    title: 地域
+    helper: TOS服务所在地域
+    component:
+      name: a-select
+      options:
+        - label: 华北2（北京）
+          value: cn-beijing
+        - label: 华东2（上海）
+          value: cn-shanghai
+        - label: 华南1（广州）
+          value: cn-guangzhou
+        - label: 中国香港
+          value: cn-hongkong
+        - label: 亚太东南（柔佛）
+          value: ap-southeast-1
+        - label: 亚太东南（雅加达）
+          value: ap-southeast-3
+    value: cn-beijing
+    required: true
+    order: 0
+  bucket:
+    title: Bucket
+    helper: 存储桶名称
+    component:
+      name: remote-auto-complete
+      vModel: value
+      type: plugin
+      action: onGetBucketList
+      search: false
+      pager: false
+      watches:
+        - accessId
+        - region
+    required: true
+    order: 0
+  domainName:
+    title: TOS自定义域名
+    component:
+      name: remote-select
+      vModel: value
+      mode: tags
+      type: plugin
+      action: onGetDomainList
+      search: false
+      pager: false
+      multi: true
+      watches:
+        - certDomains
+        - accessId
+        - certDomains
+        - accessId
+        - region
+        - bucket
+    required: true
+    mergeScript: |2-
+
+                return {
+                  component:{
+                    form: ctx.compute(({form})=>{
+                      return form
+                    })
+                  },
+               }
+              
+    helper: 你在火山引擎上配置的TOS自定义域名，比如:example.com
+    order: 0
+output: {}
+pluginType: deploy
+type: builtIn
+scriptFilePath: /plugins/plugin-volcengine/plugins/plugin-deploy-to-tos.js
--- a/packages/ui/certd-server/metadata/deploy_VolcengineDeployToVOD.yaml
+++ b/packages/ui/certd-server/metadata/deploy_VolcengineDeployToVOD.yaml
@@ -6,8 +6,7 @@ name: VolcengineDeployToVOD
 title: 火山引擎-部署证书至VOD
 icon: svg:icon-volcengine
 group: volcengine
-desc: 部署至火山引擎视频点播(暂不可用)
-deprecated: 暂时缺少部署ssl接口
+desc: 部署至火山引擎视频点播
 input:
  cert:
    title: 域名证书
@@ -44,12 +43,64 @@ input:
      type: volcengine
    required: true
    order: 0
+  regionId:
+    title: 区域
+    helper: 选择火山引擎区域
+    component:
+      name: select
+      options:
+        - value: cn-north-1
+          label: 华北1（北京）
+        - value: ap-southeast-1
+          label: 东南亚1（新加坡）
+    default: cn-north-1
+    required: true
+    order: 0
  spaceName:
    title: 空间名称
+    component:
+      name: remote-select
+      vModel: value
+      mode: default
+      type: plugin
+      action: onGetSpaceList
+      search: false
+      pager: false
+      multi: false
+      watches:
+        - certDomains
+        - accessId
+        - accessId
+        - regionId
+    required: true
+    mergeScript: |2-
+
+                return {
+                  component:{
+                    form: ctx.compute(({form})=>{
+                      return form
+                    })
+                  },
+               }
+              
+    helper: 选择要部署证书的点播空间
+    order: 0
+  domainType:
+    title: 域名类型
+    helper: 选择域名类型
+    component:
+      name: a-select
+      vModel: value
+      options:
+        - value: play
+          label: 点播加速域名
+        - value: image
+          label: 封面加速域名
+    value: play
    required: true
    order: 0
  domainList:
-    title: 点播域名
+    title: 域名
    component:
      name: remote-select
      vModel: value
@@ -65,6 +116,7 @@ input:
        - certDomains
        - accessId
        - spaceName
+        - domainType
    required: true
    mergeScript: |2-

@@ -77,7 +129,7 @@ input:
               }
              
    helper: |-
-      选择要部署证书的点播域名
+      选择要部署证书的域名
      需要先在域名管理页面进行证书中心访问授权（即点击去配置SSL证书）
    order: 0
 output: {}
--- a/packages/ui/certd-server/package.json
+++ b/packages/ui/certd-server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.39.4",
+  "version": "1.39.7",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -50,20 +50,20 @@
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
    "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.39.4",
-    "@certd/basic": "^1.39.4",
-    "@certd/commercial-core": "^1.39.4",
+    "@certd/acme-client": "^1.39.7",
+    "@certd/basic": "^1.39.7",
+    "@certd/commercial-core": "^1.39.7",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.39.4",
-    "@certd/lib-huawei": "^1.39.4",
-    "@certd/lib-k8s": "^1.39.4",
-    "@certd/lib-server": "^1.39.4",
-    "@certd/midway-flyway-js": "^1.39.4",
-    "@certd/pipeline": "^1.39.4",
-    "@certd/plugin-cert": "^1.39.4",
-    "@certd/plugin-lib": "^1.39.4",
-    "@certd/plugin-plus": "^1.39.4",
-    "@certd/plus-core": "^1.39.4",
+    "@certd/jdcloud": "^1.39.7",
+    "@certd/lib-huawei": "^1.39.7",
+    "@certd/lib-k8s": "^1.39.7",
+    "@certd/lib-server": "^1.39.7",
+    "@certd/midway-flyway-js": "^1.39.7",
+    "@certd/pipeline": "^1.39.7",
+    "@certd/plugin-cert": "^1.39.7",
+    "@certd/plugin-lib": "^1.39.7",
+    "@certd/plugin-plus": "^1.39.7",
+    "@certd/plus-core": "^1.39.7",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -87,6 +87,7 @@
    "@simplewebauthn/server": "^13.2.3",
    "@ucloud-sdks/ucloud-sdk-js": "^0.2.4",
    "@volcengine/openapi": "^1.28.1",
+    "@volcengine/tos-sdk": "^2.9.1",
    "ali-oss": "^6.21.0",
    "alipay-sdk": "^4.13.0",
    "axios": "^1.9.0",
--- a/packages/ui/certd-server/src/configuration.ts
+++ b/packages/ui/certd-server/src/configuration.ts
@@ -20,7 +20,7 @@ import * as commercial from '@certd/commercial-core';
 import * as upload from '@midwayjs/upload';
 import { setLogger } from '@certd/acme-client';
 import {HiddenMiddleware} from "./middleware/hidden.js";
-import * as swagger from '@midwayjs/swagger';
+// import * as swagger from '@midwayjs/swagger';
 //@ts-ignore
 // process.env.UV_THREADPOOL_SIZE = 2
 process.on('uncaughtException', error => {
@@ -62,10 +62,10 @@ process.on('uncaughtException', error => {
    upload,
    libServer,
    commercial,
-    {
-      component: swagger,
-      enabledEnvironment: ['local']
-    },
+    // {
+    //   component: swagger,
+    //   enabledEnvironment: ['local']
+    // },
    {
      component: info,
      enabledEnvironment: ['local'],
--- a/packages/ui/certd-server/src/controller/user/mine/setting-two-factor-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/mine/setting-two-factor-controller.ts
@@ -31,7 +31,7 @@ export class UserTwoFactorSettingController extends BaseController {
  @Post("/save", { description: Constants.per.authOnly, summary: "保存双因子认证设置" })
  async save(@Body(ALL) bean: any) {
    if (!isPlus()) {
-      throw new Error('本功能需要开通专业版')
+      throw new Error('本功能需要开通Certd专业版')
    }
    const userId = this.getUserId();
    const setting = new UserTwoFactorSetting();
@@ -57,7 +57,7 @@ export class UserTwoFactorSettingController extends BaseController {
  @Post("/authenticator/save", { description: Constants.per.authOnly, summary: "保存验证器设置" })
  async authenticatorSave(@Body(ALL) bean: any) {
    if (!isPlus()) {
-      throw new Error('本功能需要开通专业版')
+      throw new Error('本功能需要开通Certd专业版')
    }
    const userId = this.getUserId();
    await this.twoFactorService.saveAuthenticator({
--- a/packages/ui/certd-server/src/controller/user/mine/user-settings-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/mine/user-settings-controller.ts
@@ -81,7 +81,7 @@ export class UserSettingsController extends CrudController<UserSettingsService>
  @Post("/grant/save", { description: Constants.per.authOnly, summary: "保存授权设置" })
  async grantSettingsSave(@Body(ALL) bean: UserGrantSetting) {
    if (!isPlus()) {
-      throw new Error('本功能需要开通专业版')
+      throw new Error('本功能需要开通Certd专业版')
    }
    const userId = this.getUserId();
    const setting = new UserGrantSetting();
--- a/packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts
+++ b/packages/ui/certd-server/src/controller/user/pipeline/pipeline-controller.ts
@@ -190,8 +190,10 @@ export class PipelineController extends CrudController<PipelineService> {
  }

  @Post('/update', { description: Constants.per.authOnly })
-  async update(@Body(ALL) bean) {
-    return await this.save(bean);
+  async update(@Body(ALL) bean:PipelineEntity) {
+     await this.checkOwner(this.getService(), bean.id,"write",true);
+     await this.service.update(bean as any);
+     return this.ok({});
  }

  @Post('/save', { description: Constants.per.authOnly, summary: '新增/更新流水线' })
--- a/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts
+++ b/packages/ui/certd-server/src/modules/cname/service/cname-record-service.ts
@@ -8,7 +8,7 @@ import {
  SysSettingsService,
  ValidateException
 } from "@certd/lib-server";
-import { CnameProvider, CnameRecord, IAccessService } from "@certd/pipeline";
+import { CnameProvider, CnameRecord } from "@certd/pipeline";
 import { createDnsProvider, DomainParser, IDnsProvider } from "@certd/plugin-cert";
 import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
 import { InjectEntityModel } from "@midwayjs/typeorm";
@@ -252,7 +252,6 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
    }

    await this.getByDomain(bean.domain, bean.userId,bean.projectId);
-
    const taskService = this.taskServiceBuilder.create({ userId: bean.userId, projectId: bean.projectId });
    const subDomainGetter = await taskService.getSubDomainsGetter();
    const domainParser = new DomainParser(subDomainGetter);
@@ -290,10 +289,10 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
        });
      }

-      const serviceGetter = this.taskServiceBuilder.create({ userId: bean.userId, projectId: bean.projectId });
-      const accessGetter:IAccessService = await serviceGetter.get("accessService");
-      const access = await accessGetter.getById(cnameProvider.accessId);
-      const context = { access, logger, http, utils, domainParser, serviceGetter };
+      const record = await this.getWithAccessByDomain(bean.domain, bean.userId,bean.projectId);
+
+      const access = record.cnameProvider.access
+      const context = { access, logger, http, utils, domainParser, serviceGetter:taskService };
      const dnsProvider: IDnsProvider = await createDnsProvider({
        dnsProviderType: cnameProvider.dnsProviderType,
        context
--- a/packages/ui/certd-server/src/modules/login/service/login-service.ts
+++ b/packages/ui/certd-server/src/modules/login/service/login-service.ts
@@ -180,7 +180,7 @@ export class LoginService {
  async loginByTwoFactor(req: { loginId: string; verifyCode: string }) {
    //检查是否开启多重认证
    if (!isPlus()) {
-      throw new Error('本功能需要开通专业版')
+      throw new Error('本功能需要开通Certd专业版')
    }
    const userId = cache.get(`login_2fa_code:${req.loginId}`)
    if (!userId) {
--- a/packages/ui/certd-server/src/modules/login/service/passkey-service.ts
+++ b/packages/ui/certd-server/src/modules/login/service/passkey-service.ts
@@ -230,9 +230,10 @@ export class PasskeyService extends BaseService<PasskeyEntity> {
      throw new AuthException("Passkey不存在");
    }

-    if (verification.counter <= passkey.counter) {
-      throw new AuthException("认证失败:计数器异常");
-    }
+    // 可同步密钥 各个客户端的计数器不是单调递增的，此规范基本上都不遵守了
+    // if (verification.counter <= passkey.counter && passkey.counter > 0) {
+    //   throw new AuthException("认证失败:计数器异常");
+    // }

    passkey.counter = verification.counter;
    passkey.updateTime = new Date();
--- a/packages/ui/certd-server/src/modules/pipeline/service/notification-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/notification-service.ts
@@ -83,7 +83,7 @@ export class NotificationService extends BaseService<NotificationEntity> {
    const define = this.getDefineByType(type)
     //@ts-ignore
    if (define.needPlus && !isPlus()) {
-      throw new NeedVIPException("此通知类型为专业版功能，请升级到专业版或以上级别");
+      throw new NeedVIPException("此通知类型为Certd专业版功能，请升级到专业版或以上级别");
    }
  }

--- a/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
+++ b/packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts
@@ -259,6 +259,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
      bean.order = old.order;
      bean.userId = old.userId;
      bean.projectId = old.projectId;
+      if (bean.content == null) {
+        bean.content = old.content;
+      }
    }
    if (!old || !old.webhookKey) {
      bean.webhookKey = await this.genWebhookKey();
@@ -271,6 +274,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
    RunnableCollection.initPipelineRunnableType(pipeline);
    pipeline.userId = bean.userId;
    pipeline.projectId = bean.projectId;
+    if (bean.id) {
+      pipeline.id = bean.id;
+    }
    let domains = [];
    if (pipeline.stages) {
      RunnableCollection.each(pipeline.stages, (runnable: any) => {
@@ -935,7 +941,7 @@ export class PipelineService extends BaseService<PipelineEntity> {

  async batchDelete(ids: number[], userId?: number, projectId?: number) {
    if (!isPlus()) {
-      throw new NeedVIPException("此功能需要升级专业版");
+      throw new NeedVIPException("此功能需要升级Certd专业版");
    }
    for (const id of ids) {
      if (userId && userId > 0) {
@@ -950,7 +956,7 @@ export class PipelineService extends BaseService<PipelineEntity> {

  async batchUpdateGroup(ids: number[], groupId: number, userId: any, projectId?: number) {
    if (!isPlus()) {
-      throw new NeedVIPException("此功能需要升级专业版");
+      throw new NeedVIPException("此功能需要升级Certd专业版");
    }
    const query: any = {}
    if (userId && userId > 0) {
@@ -976,7 +982,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
   */
  async batchTransfer(ids: number[], projectId: number) {
    if (!isPlus()) {
-      throw new NeedVIPException("此功能需要升级专业版");
+      throw new NeedVIPException("此功能需要升级Certd专业版");
    }
    if (!isEnterprise()) {
      throw new Error("当前为非企业模式，不允许转移到其他项目");
@@ -1069,8 +1075,9 @@ export class PipelineService extends BaseService<PipelineEntity> {

  async batchUpdateTrigger(ids: number[], trigger: any, userId: any, projectId?: number) {
    if (!isPlus()) {
-      throw new NeedVIPException("此功能需要升级专业版");
+      throw new NeedVIPException("此功能需要升级Certd专业版");
    }
+    //允许管理员修改，userId=null
    const query: any = {}
    if (userId && userId > 0) {
      query.userId = userId;
@@ -1121,8 +1128,9 @@ export class PipelineService extends BaseService<PipelineEntity> {

  async batchUpdateNotifications(ids: number[], notification: Notification, userId: any, projectId?: number) {
    if (!isPlus()) {
-      throw new NeedVIPException("此功能需要升级专业版");
+      throw new NeedVIPException("此功能需要升级Certd专业版");
    }
+    //允许管理员修改，userId=null
    const query: any = {}
    if (userId && userId > 0) {
      query.userId = userId;
@@ -1159,11 +1167,11 @@ export class PipelineService extends BaseService<PipelineEntity> {

  async batchRerun(ids: number[], force: boolean, userId: any, projectId?: number) {
    if (!isPlus()) {
-      throw new NeedVIPException("此功能需要升级专业版");
+      throw new NeedVIPException("此功能需要升级Certd专业版");
    }
-
-    if (userId == null || ids.length === 0) {
-      return;
+    //允许userId为空，为空则为管理员触发
+    if (ids.length === 0) {
+      throw new Error("参数错误 ids 不能为空");
    }
    const where: any = {
      id: In(ids),
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/delete-expiring-cert/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/delete-expiring-cert/index.ts
@@ -0,0 +1,159 @@
+import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
+import dayjs from 'dayjs';
+import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
+import { AliyunSslClient } from '../../../plugin-lib/aliyun/lib/index.js';
+
+@IsTaskPlugin({
+  name: 'AliyunDeleteExpiringCert',
+  title: '阿里云-删除即将过期证书',
+  icon: 'ant-design:aliyun-outlined',
+  group: pluginGroups.aliyun.key,
+  desc: '仅删除未使用的证书',
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.AlwaysRun,
+    },
+  },
+  needPlus: true,
+})
+export class AliyunDeleteExpiringCert extends AbstractPlusTaskPlugin {
+  @TaskInput({
+    title: 'Access提供者',
+    helper: 'access 授权',
+    component: {
+      name: 'access-selector',
+      type: 'aliyun',
+    },
+    required: true,
+  })
+  accessId!: string;
+
+  @TaskInput({
+    title: '地域',
+    helper: '阿里云CAS证书服务地域',
+    component: {
+      name: 'a-select',
+      options: [
+        { value: 'cas.aliyuncs.com', label: '中国大陆' },
+        { value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
+      ],
+    },
+    required: true,
+    value: 'cas.aliyuncs.com',
+  })
+  endpoint!: string;
+
+  // @TaskInput({
+  //   title: '关键字筛选',
+  //   helper: '仅匹配证书名称、域名包含关键字的证书，可以不填',
+  //   required: false,
+  //   component: {
+  //     name: 'a-input',
+  //   },
+  // })
+  // searchKey!: string;
+
+  @TaskInput({
+    title: '最大删除数量',
+    helper: '单次运行最大删除数量',
+    value: 100,
+    component: {
+      name: 'a-input-number',
+      vModel: 'value',
+    },
+    required: true,
+  })
+  maxCount!: number;
+
+  @TaskInput({
+    title: '即将过期天数',
+    helper: '仅删除有效期小于此天数的证书,0表示完全过期时才删除',
+    value: 0,
+    component: {
+      name: 'a-input-number',
+      vModel: 'value',
+    },
+    required: true,
+  })
+  expiringDays!: number;
+
+  @TaskInput({
+    title: '检查超时时间',
+    helper: '检查删除任务结果超时时间,单位分钟',
+    value: 10,
+    component: {
+      name: 'a-input-number',
+      vModel: 'value',
+    },
+    required: true,
+  })
+  checkTimeout!: number;
+
+  async onInstance() {}
+
+  async execute(): Promise<void> {
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+    const sslClient = new AliyunSslClient({
+      access,
+      logger: this.logger,
+      endpoint: this.endpoint,
+    });
+
+    const params = {
+      ShowSize: 100,
+      CurrentPage: 1,
+      // Keyword: this.searchKey,
+    };
+    const certificates: any[] = [];
+    while(true){
+      const res = await sslClient.doRequest('ListCertificates', params, {
+          method: 'POST',
+        });
+      let list = res?.CertificateList;
+      if (!list || list.length === 0) {
+        break;
+      }
+      this.logger.info(`查询第${params.CurrentPage}页，每页${params.ShowSize}个证书，当前页共${list.length}个证书`);
+
+      const lastDay = dayjs().add(this.expiringDays, 'day');
+      list = list.filter((item: any) => {
+        const notAfter = item.NotAfter;
+        const usingProducts = item.UsingProductList;
+        return dayjs(notAfter).isBefore(lastDay) && (!usingProducts || usingProducts.length === 0);
+      });
+      for (const item of list) {
+        this.logger.info(`证书ID:${item.CertificateId}, 过期时间:${item.NotAfter}，名称:${item.CertificateName}，证书域名:${item.Domain}`);
+        certificates.push(item);
+      }
+      params.CurrentPage++;
+    }
+
+    this.logger.info(`即将过期的证书数量:${certificates.length}`);
+    if (certificates.length === 0) {
+      this.logger.info('没有即将过期的证书, 无需删除');
+      return;
+    }
+    this.logger.info(`开始删除证书，共${certificates.length}个证书`);
+    let successCount = 0;
+    let failedCount = 0;
+
+    for (const certificate of certificates) {
+      try {
+        const deleteRes = await sslClient.doRequest('DeleteUserCertificate', {
+          CertId: certificate.CertificateId,
+        }, { method: 'POST' });
+        this.logger.info(`删除证书成功，证书ID:${certificate.CertificateId}, 名称:${certificate.CertificateName}, requestId:${deleteRes?.RequestId}`);
+        successCount++;
+
+      } catch (error: any) {
+        this.logger.error(`删除证书失败，证书ID:${certificate.CertificateId}, 名称:${certificate.CertificateName}, 错误:${error.message}`);
+        failedCount++;
+      }
+    }
+
+    this.logger.info(`证书删除完成，成功:${successCount}, 失败:${failedCount}`);
+  }
+}
+
+new AliyunDeleteExpiringCert();
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-dcdn/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-dcdn/index.ts
@@ -1,4 +1,4 @@
-import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
 import dayjs from 'dayjs';
 import {
  createCertDomainGetterInputDefine,
@@ -55,6 +55,19 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
  })
  certName!: string;

+  @TaskInput({
+    title: '域名匹配模式',
+    helper: '选择域名匹配方式',
+    component: {
+      name: 'select',
+      options: [
+        { label: '手动选择', value: 'manual' },
+        { label: '根据证书匹配', value: 'auto' },
+      ],
+    },
+    default: 'manual',
+  })
+  domainMatchMode!: 'manual' | 'auto';

  @TaskInput(
    createRemoteSelectInputDefine({
@@ -63,6 +76,13 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
      action: DeployCertToAliyunDCDN.prototype.onGetDomainList.name,
      watches: ['certDomains', 'accessId'],
      required: true,
+      mergeScript: `
+        return {
+          show: ctx.compute(({form})=>{
+            return domainMatchMode === "manual"
+          })
+        }
+      `,
    })
  )
  domainName!: string | string[];
@@ -71,15 +91,30 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
  async onInstance() { }
  async execute(): Promise<void> {
    this.logger.info('开始部署证书到阿里云DCDN');
-    if (!this.domainName) {
-      throw new Error('您还未选择DCDN域名');
-    }
    const access = (await this.getAccess(this.accessId)) as AliyunAccess;
    const client = await this.getClient(access);
-    if (typeof this.domainName === 'string') {
-      this.domainName = [this.domainName];
+    
+    let domains: string[] = [];
+    
+    if (this.domainMatchMode === 'auto') {
+      this.logger.info('使用根据证书匹配模式');
+      if (!this.certDomains || this.certDomains.length === 0) {
+        throw new Error('未获取到证书域名信息');
+      }
+      domains = await this.getAutoMatchedDomains(this.certDomains);
+      if (domains.length === 0) {
+        this.logger.warn('未找到匹配的DCDN域名');
+        return;
+      }
+      this.logger.info(`找到 ${domains.length} 个匹配的DCDN域名`);
+    } else {
+      if (!this.domainName) {
+        throw new Error('您还未选择DCDN域名');
+      }
+      domains = typeof this.domainName === 'string' ? [this.domainName] : this.domainName;
    }
-    for (const domainName of this.domainName) {
+    
+    for (const domainName of domains) {
      this.logger.info(`[${domainName}]开始部署`)
      const params = await this.buildParams(domainName);
      await this.doRequest(client, params);
@@ -152,7 +187,36 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
  }


-  async onGetDomainList(data: any) {
+  async getAutoMatchedDomains(certDomains: string[]): Promise<string[]> {
+    const matchedDomains: string[] = [];
+    let pageNumber = 1;
+    
+    while (true) {
+      const result = await this.onGetDomainList({ pageNo: pageNumber });
+      const pageData = result.list;
+      this.logger.info(`获取到 ${pageData.length} 个DCDN域名`);
+      
+      if (!pageData || pageData.length === 0) {
+        break;
+      }
+      
+      const matched = this.getMatchedDomains(pageData, certDomains);
+      matchedDomains.push(...matched);
+      
+      const totalCount = result.total || 0;
+      if (pageNumber * 500 >= totalCount) {
+        break;
+      }
+      
+      pageNumber++;
+    }
+    
+    return matchedDomains;
+  }
+
+
+
+  async onGetDomainList(data: PageSearch) {
    if (!this.accessId) {
      throw new Error('请选择Access授权');
    }
@@ -161,7 +225,7 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
    const client = await this.getClient(access);

    const params = {
-      // 'DomainName': 'aaa',
+      PageNumber: data.pageNo || 1,
      PageSize: 500,
    };

@@ -172,10 +236,9 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {

    const res = await client.request('DescribeDcdnUserDomains', params, requestOption);
    this.checkRet(res);
-    const pageData = res?.Domains?.PageData;
-    if (!pageData || pageData.length === 0) {
-      throw new Error('找不到CDN域名，您可以手动输入');
-    }
+    const pageData = res?.Domains?.PageData || [];
+    const total = res?.Domains?.TotalCount || 0;
+    
    const options = pageData.map((item: any) => {
      return {
        value: item.DomainName,
@@ -183,7 +246,11 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
        domain: item.DomainName,
      };
    });
-    return optionsUtils.buildGroupOptions(options, this.certDomains);
+    
+    return {
+      list: optionsUtils.buildGroupOptions(options, this.certDomains),
+      total: total,
+    };
  }
 }
 new DeployCertToAliyunDCDN();
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/index.ts
@@ -13,4 +13,5 @@ export * from './deploy-to-vod/index.js';
 export * from './deploy-to-apigateway/index.js';
 export * from './deploy-to-apig/index.js';
 export * from './deploy-to-ack/index.js';
-export * from './deploy-to-all/index.js';
+export * from './deploy-to-all/index.js';
+export * from './delete-expiring-cert/index.js';
--- a/packages/ui/certd-server/src/plugins/plugin-volcengine/plugins/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-volcengine/plugins/index.ts
@@ -5,3 +5,4 @@ export * from './plugin-deploy-to-alb.js'
 export * from './plugin-deploy-to-live.js'
 export * from './plugin-deploy-to-dcdn.js'
 export * from './plugin-deploy-to-vod.js'
+export * from './plugin-deploy-to-tos.js'
--- a/packages/ui/certd-server/src/plugins/plugin-volcengine/plugins/plugin-deploy-to-alb.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-volcengine/plugins/plugin-deploy-to-alb.ts
@@ -3,6 +3,7 @@ import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from
 import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
 import { VolcengineAccess } from "../access.js";
 import { VolcengineClient } from "../ve-client.js";
+import dayjs from "dayjs";

@IsTaskPlugin({
  name: "VolcengineDeployToALB",
@@ -32,6 +33,7 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
  certDomains!: string[];


+
  @TaskInput({
    title: "Access授权",
    helper: "火山引擎AccessKeyId、AccessKeySecret",
@@ -126,6 +128,22 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
  listenerList!: string | string[];


+  @TaskInput({
+    title: "证书部署类型",
+    helper: "选择部署默认证书还是扩展证书",
+    component: {
+      name: "a-select",
+      options: [
+        { label: "默认证书", value: "default" },
+        { label: "扩展证书", value: "extension" }
+      ]
+    },
+    value: "default",
+    required: true
+  })
+  certType!: string;
+
+
  async onInstance() {
  }

@@ -149,20 +167,101 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
    const service = await this.getAlbService();
    for (const listener of this.listenerList) {
      this.logger.info(`开始部署监听器${listener}证书`);
-      await service.request({
-        action: "ModifyListenerAttributes",
-        query: {
-          ListenerId: listener,
-          CertificateSource: "cert_center",
-          CertCenterCertificateId: certId
-        }
-      });
-      this.logger.info(`部署监听器${listener}证书成功`);
+      if (this.certType === "default") {
+        // 部署默认证书
+        const res = await service.request({
+          action: "ModifyListenerAttributes",
+          query: {
+            ListenerId: listener,
+            CertificateSource: "cert_center",
+            CertCenterCertificateId: certId
+          }
+        });
+        this.logger.info(`部署监听器${listener}默认证书成功，res:${JSON.stringify(res)}`);
+      } else {
+        // 部署扩展证书
+        await this.deployExtensionCertificate(service, listener, certId as string);
+      }
+      await this.ctx.utils.sleep(5000);
    }

    this.logger.info("部署完成");
  }

+  private async deployExtensionCertificate(service: any, listenerId: string, certId: string) {
+    // 获取监听器当前的扩展证书列表
+    const domainExtensions = await this.getListenerDomainExtensions(service, listenerId);
+    
+    // 删除过期的扩展证书
+    try {
+      await this.deleteExpiredExtensions(service, listenerId, domainExtensions);
+    } catch (error) {
+      this.logger.error(`删除过期扩展证书失败:${error.message ||error}`);
+    }
+
+    // 新增扩展证书
+    const query: any = {
+      ListenerId: listenerId,
+      "DomainExtensions.1.Action": "create",
+      "DomainExtensions.1.CertificateSource": "cert_center",
+      "DomainExtensions.1.CertCenterCertificateId": certId
+    };
+
+    // 如果有证书域名信息，添加到扩展证书中
+    if (this.certDomains && this.certDomains.length > 0) {
+      query["DomainExtensions.1.Domain"] = this.certDomains[0];
+    }
+
+    await service.request({
+      action: "ModifyListenerAttributes",
+      query: query
+    });
+    this.logger.info(`部署监听器${listenerId}扩展证书成功`);
+  }
+
+  private async getListenerDomainExtensions(service: any, listenerId: string): Promise<any[]> {
+    const res = await service.request({
+      action: "DescribeListenerAttributes",
+      method: "GET",
+      query: {
+        ListenerId: listenerId
+      }
+    });
+    
+    return res.Result.DomainExtensions || [];
+  }
+
+  private async deleteExpiredExtensions(service: any, listenerId: string, domainExtensions: any[]) {
+    const expiredExtensions = [];
+    for (const ext of domainExtensions) {
+      if (!await this.isCertificateExpired(ext)) {
+        expiredExtensions.push(ext);
+      }
+    }
+    if (expiredExtensions.length === 0) {
+      this.logger.info(`没有过期的扩展证书，跳过删除`);
+      return;
+    }
+
+    const query: any = {
+      ListenerId: listenerId
+    };
+    expiredExtensions.forEach((ext, index) => {
+      const idx = index + 1;
+      query[`DomainExtensions.${idx}.Action`] = "delete";
+      query[`DomainExtensions.${idx}.DomainExtensionId`] = ext.DomainExtensionId;
+    });
+    
+    this.logger.info(`准备删除过期扩展证书，数量：${expiredExtensions.length}个，query:${JSON.stringify(query)}`);
+
+    await service.request({
+      action: "ModifyListenerAttributes",
+      query: query
+    });
+    this.logger.info(`删除${expiredExtensions.length}个过期扩展证书成功`);
+     await this.ctx.utils.sleep(5000);
+  }
+

  private async getCertService(access: VolcengineAccess) {
    const client = new VolcengineClient({
@@ -189,6 +288,54 @@ export class VolcengineDeployToALB extends AbstractTaskPlugin {
    return service;
  }

+  private async isCertificateExpired(extension: any): Promise<boolean> {
+    try {
+      let certificateId: string;
+      
+      // 根据证书来源获取证书ID
+      if (extension.CertificateSource === "cert_center") {
+        certificateId = extension.CertCenterCertificateId;
+      } else if (extension.CertificateSource === "alb") {
+        this.logger.warn(`ALB证书不支持过期检查，跳过`);
+        return false;
+      } else if (extension.CertificateSource === "pca_leaf") {
+        this.logger.warn(`PCA Leaf证书不支持过期检查，跳过`);
+        return false;
+      } else {
+        this.logger.warn(`未知的证书来源: ${extension.CertificateSource}，跳过`);
+        return false;
+      }
+      
+      if (!certificateId) {
+        this.logger.warn(`证书ID为空，跳过`);
+        return false;
+      }
+      
+      // 获取证书服务
+      const access = await this.getAccess<VolcengineAccess>(this.accessId);
+      const certService = await this.getCertService(access);
+      
+      // 获取证书详情
+      const certDetail = await certService.GetCertificateDetail(certificateId);
+      
+      // 判断证书是否过期
+      if (certDetail.NotAfter) {
+        const expireTime = dayjs(certDetail.NotAfter);
+        const now = dayjs();
+        const isExpired = expireTime.isBefore(now);
+        if (isExpired) {
+          this.logger.info(`证书 ${certificateId} 已过期，过期时间: ${expireTime.toISOString()}`);
+        }
+        return isExpired;
+      }
+      
+      return false;
+    } catch (error) {
+      this.logger.error(`检查证书是否过期失败: ${error.message || error}`);
+      return false;
+    }
+  }
+
  async onGetListenerList(data: any) {
    if (!this.accessId) {
      throw new Error("请选择Access授权");
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
xiaojunnuo	df012dec90	perf: 阿里云dcdn支持根据证书域名匹配模式	2026-03-28 11:17:50 +08:00
xiaojunnuo	5969425a6f	docs: 1	2026-03-26 22:30:37 +08:00
xiaojunnuo	b17b1e6463	build: release	2026-03-26 01:28:56 +08:00
xiaojunnuo	c99e61c402	build: publish	2026-03-26 01:08:03 +08:00
xiaojunnuo	f4aaec8b3c	build: trigger build image	2026-03-26 01:07:51 +08:00
xiaojunnuo	adc3e6118b	v1.39.7	2026-03-26 01:06:27 +08:00
xiaojunnuo	d933493c31	build: prepare to build	2026-03-26 01:02:42 +08:00
xiaojunnuo	f91d591b03	perf: 支持部署证书到火山引擎vod	2026-03-26 01:01:52 +08:00
xiaojunnuo	af6deb99cd	perf: 支持部署到火山云tos自定义域名证书 https://github.com/certd/certd/issues/693	2026-03-26 00:05:30 +08:00
xiaojunnuo	c5d285f755	Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev	2026-03-25 12:48:56 +08:00
xiaojunnuo	b1eb706925	fix: 修复cname校验报该授权无权限的bug	2026-03-25 12:48:47 +08:00
xiaojunnuo	5a01634ca3	build: release	2026-03-23 00:23:32 +08:00
xiaojunnuo	487676ce13	build: publish	2026-03-23 00:07:52 +08:00
xiaojunnuo	0280ca7b1a	build: trigger build image	2026-03-23 00:07:40 +08:00
xiaojunnuo	b0ccab41e1	v1.39.6	2026-03-23 00:06:18 +08:00
xiaojunnuo	ccda3a3325	build: prepare to build	2026-03-23 00:03:15 +08:00
xiaojunnuo	4b7eeaa6e0	perf: 新增阿里云证书清理插件	2026-03-23 00:02:46 +08:00
xiaojunnuo	2951f0030d	build: prepare to build	2026-03-22 23:33:45 +08:00
xiaojunnuo	acc2df29de	perf: 支持复制粘贴任务步骤	2026-03-22 23:31:24 +08:00
xiaojunnuo	431afd618f	perf: 企业模式下面增加个人数据迁移的引导	2026-03-22 00:49:54 +08:00
xiaojunnuo	6d5e5bd692	chore: 优化access edit 请求参数，删除多余的参数	2026-03-21 23:59:11 +08:00
xiaojunnuo	ffd2e8149e	perf: 火山引擎部署alb证书插件支持部署扩展证书以及删除已过期扩展证书	2026-03-21 23:51:30 +08:00
xiaojunnuo	2ab92dc13e	chore: cnb_sync	2026-03-20 18:14:31 +08:00
xiaojunnuo	7f6a8bc87e	perf: 优化远程数据选择框，选择数据时不刷新闪烁	2026-03-20 18:04:13 +08:00
xiaojunnuo	b1ff163a28	fix: 修复模版id不正确导致修改到错误的模版流水线bug	2026-03-20 17:48:47 +08:00
xiaojunnuo	440d55ccb8	chore: sync push	2026-03-20 13:53:12 +08:00
xiaojunnuo	285532d431	fix: remote-select默认pageSize设置为50，阿里云WAF不支持pageSize100	2026-03-20 13:44:49 +08:00
xiaojunnuo	f2c47459f8	Merge branch 'v2' of https://github.com/certd/certd into v2	2026-03-20 12:09:01 +08:00
xiaojunnuo	49703f08e5	fix: 修复批量执行按钮无效的bug	2026-03-20 12:08:55 +08:00
xiaojunnuo	1d0aa9573b	Merge branch 'v2' of https://github.com/certd/certd into v2	2026-03-19 01:12:34 +08:00
xiaojunnuo	b2014cf88b	build: release	2026-03-19 01:11:46 +08:00
xiaojunnuo	a0e0078bad	build: prepare to build	2026-03-19 01:09:00 +08:00
xiaojunnuo	5ebca21c32	build: publish	2026-03-19 00:52:27 +08:00
xiaojunnuo	970aea90c9	build: trigger build image	2026-03-19 00:52:15 +08:00
xiaojunnuo	5f9341ad8e	v1.39.5	2026-03-19 00:50:53 +08:00
xiaojunnuo	574c0983f5	build: prepare to build	2026-03-19 00:48:08 +08:00
xiaojunnuo	be6c7c7ac8	build: prepare to build	2026-03-19 00:41:29 +08:00
xiaojunnuo	4fd31f276b	build: prepare to build	2026-03-19 00:20:00 +08:00
xiaojunnuo	224db7da57	fix: 修复修改分组报错的bug	2026-03-19 00:15:15 +08:00
xiaojunnuo	1413e1aff4	perf: passkey登录放到下方其他登录位置	2026-03-19 00:14:05 +08:00
xiaojunnuo	68b669d3ff	perf: 移除passkey的counter递增校验	2026-03-18 23:56:50 +08:00
xiaojunnuo	29f44c67c8	perf: passkey 支持Bitwarden	2026-03-18 23:13:37 +08:00
xiaojunnuo	3332d2288f	chore: 支持推送到cnb	2026-03-18 16:16:22 +08:00
xiaojunnuo	34702196e1	chore: 优化workflow	2026-03-18 09:22:09 +08:00
xiaojunnuo	d45c8d1e9b	build: release	2026-03-18 01:30:28 +08:00
xiaojunnuo	bc19825ada	build: publish	2026-03-18 01:14:10 +08:00
xiaojunnuo	72bb640239	build: trigger build image	2026-03-18 01:13:58 +08:00
@@ -1 +1 @@
 :09
 :02