feat: 许多变化

1. make apps 逻辑大变更， vendor 成标准传入 args 2. nginx -> app-helper
chore: 8443 proxy v2_2 yosguard
2026-01-12 20:01:45 +08:00 · 2026-01-08 09:55:29 +08:00 · 2026-01-07 18:55:22 +08:00
64 changed files with 1288 additions and 387 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,8 @@ dist
 .trae
 .vscode
 .idea
-forge
+forge
 dev_*.sh
 *.tar
 *.tgz
 *.tar.gz
--- a/README.md
+++ b/README.md
@@ -4,7 +4,8 @@
 ## 环境要求
 - Go `1.25.2`
- Linux 环境，能够访问外部下载源（如 `artifactory.yizhisec.com`、`docker.io` 等）
+- Linux 环境，能够访问外部下载源（如 `artifactory.yizhisec.com`、`docker.io` 等
 - 基础组件: Docker, 7za 等
 ## 快速开始
 ```bash
@@ -23,40 +24,4 @@ go build ./...
 默认构建目录为 `/root/hsv2-installation`，可通过 `--dir` 修改。
-## 常用命令
+## 基础镜像准备
 - `forge`：根命令，支持全局调试开关 `--debug`（参考 `internal/cmd/root.go:12`）。
 - `forge make`：构建依赖与资源（参考 `internal/cmd/make.go:13`）。
  - 全局选项：
    - `--dir`：输出基础目录（默认 `/root/hsv2-installation`，参考 `internal/cmd/make.go:40`）
    - `--disable-dependency-check`：禁用依赖检查（参考 `internal/cmd/make.go:38`）
  - 子命令（节选）：
    - `images`：准备镜像相关资源
    - `binaries`：下载并解压 K8s 相关二进制
    - `debs`：下载并解压 Debian 包（Docker）
    - `flannel`：生成 Flannel YAML（参考 `internal/cmd/make.flannel.go`）
    - `longhorn`：下载 Longhorn chart 并生成 `values.yaml`
    - `mysql`：下载 MySQL operator 并生成 `cluster.yaml`，支持 `--replica-count` 与 `--storage-size`
    - `redis`：下载 Redis chart 并生成 `values.yaml`，支持 `--replica-count` 与 `--password`
    - `emqx`：生成 EMQX 配置
    - `es`：准备 Elasticsearch/Kibana 相关资源
    - `yosguard`：生成 YOSGuard 配置与服务文件
    - `less-dns`：生成 DNS 相关资源
    - `hs-net`：占位命令，当前仅创建目录（参考 `internal/cmd/make.hsnet.go:23`）
 - `forge install`：安装占位命令（参考 `internal/cmd/install.go`）。
 ## 目录结构（简要）
 - `internal/cmd`：命令行入口与各 `make` 子命令实现
 - `internal/controller/maker`：构建流程控制
 - `pkg/resource`：内置 YAML/SQL/bash 等资源模板
 - `pkg/downloader`、`pkg/archiver`：下载与解压工具
 ## 开发与维护
 - 构建：`go build ./...`
 - 测试：`go test ./...`
 - 代码检查：`go vet ./...`
 - 格式化：`go fmt ./...`
 - 依赖清理：`go mod tidy`
 ## 注意事项
 - 部分子命令会从公司内网仓库下载资源，请确保网络可达。
 - 如果仅试运行流程，可使用 `--disable-dependency-check` 快速跳过依赖检查。
--- a/debug/manual.md
+++ b/debug/manual.md
@@ -0,0 +1,7 @@
 # 手动打包
 ## 打包某个(或多个) app 的 pkg
 - 1. `go run . make app xx`
 - 2. `cd /root/hsv2-installation/app`
 - 3. `7z a apps.pkg -pRrPt7Uo9WM1dkXOJmHps56T8BZY2qA4g *`
--- a/debug/mysql.md
+++ b/debug/mysql.md
@@ -0,0 +1,3 @@
 - 1. after reboot, mysql-master can't be ready
  * exec into mysql-master
  * `update sys_operator.status set value = 1 where name="configured";`
--- a/go.mod
+++ b/go.mod
@@ -3,14 +3,13 @@ module yizhisec.com/hsv2/forge
 go 1.25.2
 require (
-	gitea.loveuer.com/yizhisec/pkg3 v0.0.1
+	github.com/fatih/color v1.18.0
 	github.com/google/uuid v1.6.0
 	github.com/samber/lo v1.52.0
 	github.com/spf13/cobra v1.10.1
 )
 require (
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,3 @@
 gitea.loveuer.com/yizhisec/pkg3 v0.0.1 h1:bcT58K6W7TQ5u7Lt7B5JxrVbU/riXwcrshd2lu+Q22c=
 gitea.loveuer.com/yizhisec/pkg3 v0.0.1/go.mod h1:Ws/tNONjDC4BLdOXAe+wPD6xk3H7TIXvh2de8qKqQpc=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
 github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
--- a/internal/cmd/installcmd/check.go
+++ b/internal/cmd/installcmd/check.go
@@ -31,7 +31,7 @@ func Check() *cobra.Command {
 	_cmd.Flags().StringVar(&workdir, "workdir", "/root/hs-installation", "Working directory")
 	_cmd.Flags().StringVar(&target, "target", "self", "Target")
-	_cmd.Flags().BoolVar(&ignoreDisk, "ignore-check-disk", false, "ignore disk requirement check result")
+	_cmd.Flags().BoolVar(&ignoreDisk, "ignore-kheck-disk", false, "ignore disk requirement check result")
 	_cmd.Flags().BoolVar(&ignoreMemory, "ignore-check-memory", false, "ignore memory requirement check result")
 	_cmd.Flags().BoolVar(&ignoreCPU, "ignore-check-cpu", false, "ignore cpu requirement check result")
--- a/internal/cmd/make.go
+++ b/internal/cmd/make.go
@@ -3,11 +3,11 @@ package cmd
 import (
 	"os"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/spf13/cobra"
 	"yizhisec.com/hsv2/forge/internal/cmd/makecmd"
 	"yizhisec.com/hsv2/forge/internal/controller/maker"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 func makeCmd() *cobra.Command {
@@ -68,6 +68,7 @@ func makeCmd() *cobra.Command {
 		makecmd.Proxy(),
 		makecmd.Seafile(),
 		makecmd.App(),
 		makecmd.Apps(),
 		makecmd.Client(),
 	)
--- a/internal/cmd/makecmd/all.go
+++ b/internal/cmd/makecmd/all.go
@@ -1,6 +1,9 @@
 package makecmd
 import (
 	"fmt"
 	"time"
 	"github.com/spf13/cobra"
 	"yizhisec.com/hsv2/forge/internal/controller/maker"
 	"yizhisec.com/hsv2/forge/internal/opt"
@@ -9,6 +12,9 @@ import (
 func ALL() *cobra.Command {
 	var (
 		_workdir string
 		_vendor  string
 		_version string
 		_replica int
 	)
 	_cmd := &cobra.Command{
@@ -20,10 +26,6 @@ func ALL() *cobra.Command {
 				mk  = maker.NewMaker(_workdir)
 			)
 			if err = mk.Images(cmd.Context()); err != nil {
 				return err
 			}
 			if err = mk.K0s(cmd.Context()); err != nil {
 				return err
 			}
@@ -92,31 +94,35 @@ func ALL() *cobra.Command {
 				return err
 			}
-			if err = mk.AppOEM(cmd.Context(), "standard", 2); err != nil {
+			if err = mk.AppOEM(cmd.Context(), _version, _vendor, _replica); err != nil {
 				return err
 			}
-			if err = mk.AppUser(cmd.Context(), 2); err != nil {
+			if err = mk.AppUser(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
-			if err = mk.AppClient(cmd.Context(), 2); err != nil {
+			if err = mk.AppClient(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
-			if err = mk.AppGateway(cmd.Context(), 2); err != nil {
+			if err = mk.AppGateway(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
-			if err = mk.AppFront(cmd.Context(), "standard", 2); err != nil {
+			if err = mk.AppFront(cmd.Context(), _version, _vendor, _replica); err != nil {
 				return err
 			}
-			if err = mk.AppMie(cmd.Context(), 2); err != nil {
+			if err = mk.AppMie(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
-			if err = mk.AppNginx(cmd.Context()); err != nil {
+			if err = mk.AppNginx(cmd.Context(), _version, _vendor, _replica, true); err != nil {
 				return err
 			}
 			if err = mk.AppHelper(cmd.Context(), _version, _vendor, _replica); err != nil {
 				return err
 			}
@@ -124,7 +130,10 @@ func ALL() *cobra.Command {
 		},
 	}
-	_cmd.PersistentFlags().StringVar(&_workdir, "workdir", opt.DefaultWorkdir, "Work directory")
+	_cmd.Flags().StringVar(&_workdir, "workdir", opt.DefaultWorkdir, "Work directory")
 	_cmd.Flags().StringVar(&_vendor, "vendor", "standard", "Vendor name")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "Version, default: v2.2.0-<timestamp>")
 	_cmd.Flags().IntVar(&_replica, "replica", 2, "Replica count")
 	return _cmd
 }
--- a/internal/cmd/makecmd/app.go
+++ b/internal/cmd/makecmd/app.go
@@ -1,9 +1,14 @@
 package makecmd
 import (
 	"fmt"
 	"path/filepath"
 	"time"
 	"github.com/spf13/cobra"
 	"yizhisec.com/hsv2/forge/internal/controller/maker"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
 func App() *cobra.Command {
@@ -20,14 +25,96 @@ func App() *cobra.Command {
 		appOEM(),
 		appFront(),
 		appNginx(),
 		appHelper(),
 	)
 	return _cmd
 }
 func Apps() *cobra.Command {
 	var (
 		_pkg     bool
 		_replica int
 		_vendor  string
 		_version string
 	)
 	_cmd := &cobra.Command{
 		Use:   "apps",
 		Short: "Make Apps(user, client, gateway, mie, nginx, etc...)",
 		PreRunE: func(cmd *cobra.Command, args []string) error {
 			if model.GetVendor(_vendor) == nil {
 				return fmt.Errorf("invalid vendor: %s", _vendor)
 			}
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			var (
 				err error
 				mk  = maker.NewMaker(opt.Cfg.Make.Dir)
 			)
 			if err = mk.AppUser(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
 			if err = mk.AppClient(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
 			if err = mk.AppGateway(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
 			if err = mk.AppMie(cmd.Context(), _version, _replica); err != nil {
 				return err
 			}
 			if err = mk.AppFront(cmd.Context(), _version, _vendor, _replica); err != nil {
 				return err
 			}
 			if err = mk.AppNginx(cmd.Context(), _version, _vendor, _replica, false); err != nil {
 				return err
 			}
 			if err = mk.AppOEM(cmd.Context(), _version, _vendor, _replica); err != nil {
 				return err
 			}
 			if err = mk.AppHelper(cmd.Context(), _version, _vendor, _replica); err != nil {
 				return err
 			}
 			if _pkg {
 				var (
 					dir  = filepath.Join(opt.Cfg.Make.Dir, "app")
 					_cmd = "7za a -pRrPt7Uo9WM1dkXOJmHps56T8BZY2qA4g -mhe=on apps.pkg *"
 				)
 				if err = mk.RunCommand(cmd.Context(), dir, _cmd); err != nil {
 					return err
 				}
 			}
 			return nil
 		},
 	}
 	_cmd.Flags().BoolVar(&_pkg, "pkg", false, "Make upgrade pkg")
 	_cmd.Flags().IntVar(&_replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&_vendor, "vendor", "standard", "Vendor name")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "Apps version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
 func appUser() *cobra.Command {
 	var (
-		replica int
+		replica  int
 		_version string
 	)
 	_cmd := &cobra.Command{
@@ -35,18 +122,20 @@ func appUser() *cobra.Command {
 		Short: "Make User App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppUser(cmd.Context(), replica)
+			return mk.AppUser(cmd.Context(), _version, replica)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App user version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
 func appClient() *cobra.Command {
 	var (
-		replica int
+		replica  int
 		_version string
 	)
 	_cmd := &cobra.Command{
@@ -54,18 +143,20 @@ func appClient() *cobra.Command {
 		Short: "Make Client App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppClient(cmd.Context(), replica)
+			return mk.AppClient(cmd.Context(), _version, replica)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App client version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
 func appGateway() *cobra.Command {
 	var (
-		replica int
+		replica  int
 		_version string
 	)
 	_cmd := &cobra.Command{
@@ -73,18 +164,20 @@ func appGateway() *cobra.Command {
 		Short: "Make Gateway App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppGateway(cmd.Context(), replica)
+			return mk.AppGateway(cmd.Context(), _version, replica)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App gateway version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
 func appMie() *cobra.Command {
 	var (
-		replica int
+		replica  int
 		_version string
 	)
 	_cmd := &cobra.Command{
@@ -92,19 +185,21 @@ func appMie() *cobra.Command {
 		Short: "Make Mie App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppMie(cmd.Context(), replica)
+			return mk.AppMie(cmd.Context(), _version, replica)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App mie version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
 func appOEM() *cobra.Command {
 	var (
-		replica int
+		replica  int
-		vendor  string
+		vendor   string
 		_version string
 	)
 	_cmd := &cobra.Command{
@@ -112,20 +207,22 @@ func appOEM() *cobra.Command {
 		Short: "Make OEM App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppOEM(cmd.Context(), vendor, replica)
+			return mk.AppOEM(cmd.Context(), _version, vendor, replica)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&vendor, "vendor", "standard", "Vendor name")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App oem version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
 func appFront() *cobra.Command {
 	var (
-		replica int
+		replica  int
-		vendor  string
+		vendor   string
 		_version string
 	)
 	_cmd := &cobra.Command{
@@ -133,12 +230,13 @@ func appFront() *cobra.Command {
 		Short: "Make Front App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppFront(cmd.Context(), vendor, replica)
+			return mk.AppFront(cmd.Context(), _version, vendor, replica)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&vendor, "vendor", "standard", "Vendor name")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App front version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
@@ -146,26 +244,47 @@ func appFront() *cobra.Command {
 func appNginx() *cobra.Command {
 	var (
 		replica        int
-		disableSeafile bool
+		vendor         string
 		_version       string
 		_include_image bool
 	)
 	_cmd := &cobra.Command{
 		Use:   "nginx",
 		Short: "Make Nginx App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts := []maker.NginxOpt{
 				maker.WithNginxReplica(replica),
 			}
 			if disableSeafile {
 				opts = append(opts, maker.WithoutNginxSeafile())
 			}
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.AppNginx(cmd.Context(), opts...)
+			return mk.AppNginx(cmd.Context(), _version, vendor, replica, _include_image)
 		},
 	}
 	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
-	_cmd.Flags().BoolVar(&disableSeafile, "disable-seafile", false, "Disable seafile")
+	_cmd.Flags().StringVar(&vendor, "vendor", "standard", "Vendor name")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App nginx version, default: v2.2.0-<timestamp>")
 	_cmd.Flags().BoolVar(&_include_image, "include-image", false, "Include image")
 	return _cmd
 }
 func appHelper() *cobra.Command {
 	var (
 		_replica int
 		_vendor  string
 		_version string
 	)
 	_cmd := &cobra.Command{
 		Use:   "helper",
 		Short: "Make Helper App",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
 			return mk.AppHelper(cmd.Context(), _version, _vendor, _replica)
 		},
 	}
 	_cmd.Flags().IntVar(&_replica, "replica-count", 2, "Replica count")
 	_cmd.Flags().StringVar(&_vendor, "vendor", "standard", "Vendor name")
 	_cmd.Flags().StringVar(&_version, "version", fmt.Sprintf("v2.2.0-%d", time.Now().Unix()), "App helper version, default: v2.2.0-<timestamp>")
 	return _cmd
 }
--- a/internal/cmd/makecmd/client.go
+++ b/internal/cmd/makecmd/client.go
@@ -5,11 +5,14 @@ import (
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/spf13/cobra"
 	"yizhisec.com/hsv2/forge/internal/controller/maker"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	tc "yizhisec.com/hsv2/forge/pkg/tool/client"
 )
@@ -23,21 +26,26 @@ func Client() *cobra.Command {
 		clientMac(),
 		clientWin(),
 		clientLinux(),
 		clientBaseImage(),
 	)
 	return _cmd
 }
-func clientMac() *cobra.Command {
+func clientWin() *cobra.Command {
 	var (
 		_version string
 		_pkg     bool
 	)
 	_cmd := &cobra.Command{
-		Use:     "mac",
+		Use:   "win",
-		Aliases: []string{"macos"},
+		Short: "make client-win pkg",
 		Short:   "make client-mac pkg",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			const (
-				DMG_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient-csgElink/release/2.1.0-std/hybridscope-client-mac.dmg"
+				ZIP_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_client-csgElink/release/2.1.0-std/hs_client_csgElink.zip"
-				PKG_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient-csgElink/release/2.1.0-std/hybridscope-client-mac.pkg"
+				VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_client-csgElink/release/2.1.0-std/windows_version.json"
-				VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient/release/2.1.0-std/mac_version.json"
+				RC_JSON_URL = "https://artifactory.yizhisec.com:443/artifactory/filestore/hsv2/win/win-rc.json"
 			)
 			var (
@@ -49,39 +57,9 @@ func clientMac() *cobra.Command {
 				return err
 			}
-			mk := maker.NewMaker(opt.Cfg.Make.Dir)
+			if _version != "" {
-			return mk.ClientPKG(
+				logger.InfoCtx(cmd.Context(), "clientWin: using manual version: %s => %s", version, _version)
-				cmd.Context(),
+				version = _version
 				"mac",
 				version,
 				"/api/v2_2/_client/mac",
 				maker.WithClientPKGDownload(DMG_URL, "hybridscope-client-mac.dmg"),
 				maker.WithClientPKGDownload(PKG_URL, "hybridscope-client-mac.pkg"),
 				maker.WithClientPKGDownload(VERSION_URL, "version.json"),
 			)
 		},
 	}
 	return _cmd
 }
 func clientWin() *cobra.Command {
 	_cmd := &cobra.Command{
 		Use:   "win",
 		Short: "make client-win pkg",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			const (
 				ZIP_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_client-yizhianquan/release/2.1.0-std/hs_client.zip"
 				VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_client-yizhianquan/release/2.1.0-std/windows_version.json"
 			)
 			var (
 				err     error
 				version string
 			)
 			if version, err = clientVersion(VERSION_URL); err != nil {
 				return err
 			}
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
@@ -90,30 +68,51 @@ func clientWin() *cobra.Command {
 				"win",
 				version,
 				"/api/v2_2/_client/win",
 				maker.WithClientPkgMakePkg(_pkg),
 				maker.WithClientPKGDownload(ZIP_URL, "hs_client.zip"),
-				maker.WithClientPKGDownload(VERSION_URL, "version.json"),
+				maker.WithClientPKGDownload(RC_JSON_URL, "rc.json"),
-				maker.WithClientPKGCMD("unzip /data/hs_client.zip"),
+				maker.WithClientPKGCMDs("unzip /data/hs_client.zip"),
-				maker.WithClientPKGCMD("mv resources/app.7z /data/app.7z"),
+				maker.WithClientPKGCMDs("mv resources/app.7z /data/app.7z"),
-				maker.WithClientPKGCMD("mv resources/hybridscope_offline_installer.exe /data/hybridscope_offline_installer.exe"),
+				maker.WithClientPKGCMDs("7z x /data/app.7z -o/tmp/app"),
-				maker.WithClientPKGCMD("mv resources/hybridscope-client-setup-zh.exe /data/hybridscope-client-setup-zh.exe"),
+				maker.WithClientPKGCMDs("rm -rf /data/app.7z"),
-				maker.WithClientPKGCMD("mv resources/hybridscope-client-setup-en.exe /data/hybridscope-client-setup-en.exe"),
+				maker.WithClientPKGCMDs("cp /data/version.json /tmp/app/x64/config/windows_version.json"),
-				maker.WithClientPKGCMD("rm -rf /data/hs_client.zip"),
+				maker.WithClientPKGCMDs("cp resources/hybridscope-client-setup-zh.exe /tmp/app/x64/hybridscope-client-setup.exe"),
-				maker.WithClientPKGCMD("rm -rf resources"),
+				maker.WithClientPKGCMDs("7z a /data/app.7z /tmp/app/x64"),
 				maker.WithClientPKGCMDs("rm -rf /tmp/app"),
 				maker.WithClientPKGCMDs("md5sum /data/app.7z | awk '{print $1}' > /data/app.7z.md5"),
 				maker.WithClientPKGCMDs(`sh -c 'echo "{\"url\":\"/api/v2_2/_client/win/app.7z\",\"md5\":\"$(cat /data/app.7z.md5)\"}" > /data/check.json'`),
 				maker.WithClientPKGCMDs("mv resources/hybridscope_offline_installer.exe /data/hybridscope_offline_installer.exe"),
 				maker.WithClientPKGCMDs("mv resources/hybridscope-client-setup-zh.exe /data/hybridscope-client-setup-zh.exe"),
 				maker.WithClientPKGCMDs("mv resources/hybridscope-client-setup-en.exe /data/hybridscope-client-setup-en.exe"),
 				maker.WithClientPKGCMDs("rm -rf /data/hs_client.zip"),
 				maker.WithClientPKGCMDs("rm -rf resources"),
 			)
 		},
 	}
 	_cmd.Flags().StringVar(&_version, "version", "", "手动指定版本")
 	_cmd.Flags().BoolVar(&_pkg, "pkg", false, "是否生成升级 pkg")
 	return _cmd
 }
-func clientLinux() *cobra.Command {
+func clientMac() *cobra.Command {
 	var (
 		_version string
 		_pkg     bool
 	)
 	_cmd := &cobra.Command{
-		Use:   "linux",
+		Use:     "mac",
-		Short: "make client-linux pkg",
+		Aliases: []string{"macos"},
 		Short:   "make client-mac pkg",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			const (
-				DEB_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/universal-hsclient-linux/release/2.1.0/hscore-linux-2.1.0-csgElink-amd64.deb"
+				DMG_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient-csgElink/release/2.1.0-std/hybridscope-client-mac.dmg"
-				VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/universal-hsclient-linux/release/2.1.0/hscore-linux-2.1.0-std-amd64.json"
+				PKG_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient-csgElink/release/2.1.0-std/hybridscope-client-mac.pkg"
 				VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient-csgElink/release/2.1.0-std/mac_version.json"
 				// std: VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_appleclient/release/2.1.0-std/mac_version.json"
 			)
 			var (
@@ -125,18 +124,76 @@ func clientLinux() *cobra.Command {
 				return err
 			}
 			if _version != "" {
 				logger.InfoCtx(cmd.Context(), "clientMac: using manual version: %s => %s", version, _version)
 				version = _version
 			}
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
 			return mk.ClientPKG(
 				cmd.Context(),
 				"mac",
 				version,
 				"/api/v2_2/_client/mac",
 				maker.WithClientPkgMakePkg(_pkg),
 				maker.WithClientPKGDownload(DMG_URL, "hybridscope-client-mac.dmg"),
 				maker.WithClientPKGDownload(PKG_URL, "hybridscope-client-mac.pkg"),
 			)
 		},
 	}
 	_cmd.Flags().StringVar(&_version, "version", "", "手动指定版本")
 	_cmd.Flags().BoolVar(&_pkg, "pkg", false, "是否生成升级 pkg")
 	return _cmd
 }
 func clientLinux() *cobra.Command {
 	var (
 		_version string
 		_pkg     bool
 	)
 	_cmd := &cobra.Command{
 		Use:   "linux",
 		Short: "make client-linux pkg",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			const (
 				DEB_URL     = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/universal-hsclient-linux/release/2.1.0/hscore-linux-2.1.0-csgElink-amd64.deb"
 				VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/universal-hsclient-linux/release/2.1.0/hscore-linux-2.1.0-csgElink-amd64.json"
 				// std: VERSION_URL = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/universal-hsclient-linux/release/2.1.0/hscore-linux-2.1.0-std-amd64.json"
 			)
 			var (
 				err     error
 				version string
 			)
 			if version, err = clientVersion(VERSION_URL); err != nil {
 				return err
 			}
 			if _version != "" {
 				logger.InfoCtx(cmd.Context(), "clientLinux: using manual version: %s => %s", version, _version)
 				version = _version
 			}
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
 			return mk.ClientPKG(
 				cmd.Context(),
 				"linux",
 				version,
 				"/api/v2_2/_client/linux",
 				maker.WithClientPkgMakePkg(_pkg),
 				maker.WithClientPKGDownload(DEB_URL, "hybridscope-client-linux.deb"),
 				maker.WithClientPKGDownload(VERSION_URL, "version.json"),
 			)
 		},
 	}
 	_cmd.Flags().StringVar(&_version, "version", "", "手动指定版本")
 	_cmd.Flags().BoolVar(&_pkg, "pkg", false, "是否生成升级 pkg")
 	return _cmd
 }
@@ -174,3 +231,68 @@ func clientVersion(_url string) (string, error) {
 	return res.Version, nil
 }
 func clientBaseImage() *cobra.Command {
 	const (
 		dbs = `
 FROM %s
 RUN sed -i 's#https\?://dl-cdn.alpinelinux.org/alpine#https://mirrors.tuna.tsinghua.edu.cn/alpine#g' /etc/apk/repositories
 RUN apk update && apk add curl wget tzdata unzip p7zip
 ENV TZ=Asia/Shanghai
 `
 		_command = "docker build -f Dockerfile -t hub.yizhisec.com/hsv2/base/nginx:latest ."
 	)
 	var (
 		_push bool
 	)
 	_cmd := &cobra.Command{
 		Use:   "base",
 		Short: "make client base image",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			var (
 				err    error
 				tmpDir = filepath.Join(os.TempDir(), "hsv2-client-base")
 				output []byte
 			)
 			if err = os.MkdirAll(tmpDir, 0755); err != nil {
 				return err
 			}
 			defer os.RemoveAll(tmpDir)
 			dockerfile := filepath.Join(tmpDir, "Dockerfile")
 			if err = os.WriteFile(dockerfile, []byte(fmt.Sprintf(dbs, opt.IMAGE_NGINX)), 0644); err != nil {
 				return err
 			}
 			rc := exec.CommandContext(cmd.Context(), "sh", "-c", _command)
 			rc.Dir = tmpDir
 			if output, err = rc.CombinedOutput(); err != nil {
 				logger.Debug("❌ clientBaseImage: build image failed, output = %s, err = %v", string(output), err)
 				return err
 			}
 			logger.Debug("☑️ clientBaseImage: build image output = %s", string(output))
 			if _push {
 				rc = exec.CommandContext(cmd.Context(), "sh", "-c", "docker push hub.yizhisec.com/hsv2/base/nginx:latest")
 				if output, err = rc.CombinedOutput(); err != nil {
 					logger.Debug("❌ clientBaseImage: push image failed, output = %s, err = %v", string(output), err)
 					return err
 				}
 				logger.Debug("☑️ clientBaseImage: push image output = %s", string(output))
 			}
 			logger.Info("️✅ clientBaseImage: build image success!!!")
 			return nil
 		},
 	}
 	_cmd.Flags().BoolVar(&_push, "push", false, "push image")
 	return _cmd
 }
--- a/internal/cmd/makecmd/minio.go
+++ b/internal/cmd/makecmd/minio.go
@@ -2,6 +2,8 @@ package makecmd
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/spf13/cobra"
 	"yizhisec.com/hsv2/forge/internal/controller/maker"
@@ -24,5 +26,84 @@ func Minio() *cobra.Command {
 	_cmd.Flags().IntVar(&storage, "storage-size", 100, "Storage size(GB)")
 	_cmd.AddCommand(minioBase())
 	return _cmd
 }
 func minioBase() *cobra.Command {
 	var (
 		push bool
 	)
 	_cmd := &cobra.Command{
 		Use:   "base",
 		Short: "Make Minio Image Rely(minio initer)",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			const (
 				DOCKERFILE = `FROM %s
 COPY mc /usr/local/bin/mc
 RUN sed -i 's#https\?://dl-cdn.alpinelinux.org/alpine#https://mirrors.tuna.tsinghua.edu.cn/alpine#g' /etc/apk/repositories && \
  apk update && \
  apk add curl wget tzdata && chmod +x /usr/local/bin/mc && \
  mkdir -p /data && \
  wget https://artifactory.yizhisec.com/artifactory/filestore/hsv2/db/ipv4.ipdb -O /data/ipv4.ipdb
 `
 			)
 			var (
 				err        error
 				mk         = maker.NewMaker(opt.Cfg.Make.Dir)
 				tmpDir     = filepath.Join(os.TempDir(), "minio-base")
 				mcFile     = filepath.Join(tmpDir, "mc")
 				dockerfile = filepath.Join(tmpDir, "Dockerfile")
 			)
 			if err = os.MkdirAll(tmpDir, 0755); err != nil {
 				return err
 			}
 			defer os.RemoveAll(tmpDir)
 			if err = mk.RunCommand(cmd.Context(),
 				tmpDir,
 				fmt.Sprintf("docker run -d --name minio-base %s server /data", opt.IMAGE_MINIO),
 			); err != nil {
 				return err
 			}
 			defer mk.RunCommand(cmd.Context(), tmpDir, "docker rm -f minio-base")
 			if err = mk.RunCommand(cmd.Context(),
 				tmpDir,
 				fmt.Sprintf("docker cp minio-base:/usr/bin/mc %s", mcFile),
 			); err != nil {
 				return err
 			}
 			if err = os.WriteFile(dockerfile, []byte(fmt.Sprintf(DOCKERFILE, opt.IMAGE_ALPINE)), 0644); err != nil {
 				return err
 			}
 			if err = mk.RunCommand(cmd.Context(),
 				tmpDir,
 				fmt.Sprintf("docker build --network host -t %s -f %s %s", opt.IMAGE_MINIO_BASE, dockerfile, tmpDir),
 			); err != nil {
 				return err
 			}
 			if push {
 				if err = mk.RunCommand(cmd.Context(),
 					tmpDir,
 					fmt.Sprintf("docker push %s", opt.IMAGE_MINIO_BASE),
 				); err != nil {
 					return err
 				}
 			}
 			return nil
 		},
 	}
 	_cmd.Flags().BoolVar(&push, "push", false, "Push image to registry")
 	return _cmd
 }
--- a/internal/cmd/makecmd/redis.go
+++ b/internal/cmd/makecmd/redis.go
@@ -25,7 +25,7 @@ func Redis() *cobra.Command {
 				cmd.Context(),
 				maker.WithRedisReplicaCount(replicas),
 				maker.WithRedisPassword(password),
-				maker.WithRedisStorage(fmt.Sprintf("%dGi")),
+				maker.WithRedisStorage(fmt.Sprintf("%dGi", storage)),
 			)
 		},
 	}
--- a/internal/cmd/makecmd/yosguard.go
+++ b/internal/cmd/makecmd/yosguard.go
@@ -7,15 +7,21 @@ import (
 )
 func Yosguard() *cobra.Command {
 	var (
 		_pkg bool // make yosguard upgrade pkg
 	)
 	_cmd := &cobra.Command{
 		Use:     "yosguard",
 		Aliases: []string{"YOS"},
 		Short:   "Make Yosguard",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			mk := maker.NewMaker(opt.Cfg.Make.Dir)
-			return mk.Yosguard(cmd.Context())
+			return mk.Yosguard(cmd.Context(), maker.WithYosguardPkg(_pkg))
 		},
 	}
 	_cmd.Flags().BoolVar(&_pkg, "pkg", false, "make yosguard upgrade pkg")
 	return _cmd
 }
--- a/internal/cmd/root.go
+++ b/internal/cmd/root.go
@@ -3,7 +3,6 @@ package cmd
 import (
 	"context"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/spf13/cobra"
 	"yizhisec.com/hsv2/forge/internal/opt"
 )
@@ -12,14 +11,6 @@ var rootCmd = &cobra.Command{
 	Use:   "forge",
 	Short: "Forge is a tool for building and installing hsv2",
 	Long:  `A tool for managing build and installation workflows for hsv2.`,
 	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
 		if opt.Cfg.Debug {
 			logger.SetLogLevel(logger.LogLevelDebug)
 			logger.Warn("running in debug mode")
 		}
 		return nil
 	},
 }
 func Execute(ctx context.Context) error {
--- a/internal/controller/installer/installer.check.go
+++ b/internal/controller/installer/installer.check.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/syscheck"
 )
--- a/internal/controller/installer/installer.go
+++ b/internal/controller/installer/installer.go
@@ -9,7 +9,7 @@ import (
 	"os/exec"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 type installer struct {
--- a/internal/controller/installer/installer.k0s.go
+++ b/internal/controller/installer/installer.k0s.go
@@ -6,8 +6,8 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/samber/lo"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 type K0sOpt func(*k0sOpt)
--- a/internal/controller/installer/installer.prepare.go
+++ b/internal/controller/installer/installer.prepare.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 func (i *installer) Prepare(ctx context.Context) error {
--- a/internal/controller/maker/app.client.go
+++ b/internal/controller/maker/app.client.go
@@ -6,11 +6,11 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-func (m *maker) AppClient(ctx context.Context, replica int) error {
+func (m *maker) AppClient(ctx context.Context, version string, replica int) error {
 	const (
 		_config = `Version: "3"
 APNs: /yizhisec/hs_nginx/data/443/oem/data.json
@@ -206,7 +206,8 @@ kubectl rollout restart deployment client-deployment -n hsv2`
 		workdir = filepath.Join(m.workdir, "app", "client")
 	)
-	logger.Info("☑️ maker.AppClient: 开始构建 client 应用..., dir = %s", workdir)
+	logger.Info("☑️ maker.AppClient: 开始构建 client 应用..., version = %s, dir = %s", version, workdir)
 	_ = os.RemoveAll(workdir)
 	logger.Debug("☑️ maker.AppClient: 开始创建工作目录 = %s", workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		logger.Debug("❌ maker.AppClient: 创建目录失败: %v", err)
@@ -214,6 +215,17 @@ kubectl rollout restart deployment client-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppClient: 创建工作目录成功 = %s", workdir)
 	imgName := "hub.yizhisec.com/hybridscope/client_server:latest"
 	logger.Debug("☑️ maker.AppClient: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "client.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.AppClient: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppClient: pull image success = %s", imgName)
 	if replica < 1 {
 		replica = 1
 	}
@@ -240,6 +252,11 @@ kubectl rollout restart deployment client-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppClient: 构建 upsert.sh 脚本成功")
-	logger.Info("✅ maker.AppClient: 构建 client 应用成功!!!")
+	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppClient: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppClient: 构建 client 应用成功!!! version = %s", version)
 	return nil
 }
--- a/internal/controller/maker/app.front.go
+++ b/internal/controller/maker/app.front.go
@@ -6,12 +6,12 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-func (m *maker) AppFront(ctx context.Context, vendor string, replica int) error {
+func (m *maker) AppFront(ctx context.Context, version string, vendor string, replica int) error {
 	var (
 		err      error
 		location = filepath.Join(m.workdir, "app", "front")
@@ -19,55 +19,53 @@ func (m *maker) AppFront(ctx context.Context, vendor string, replica int) error
 		_vendor  = model.GetVendor(vendor)
 	)
-	logger.Info("☑️ maker.Front: 开始构建 front app..., workdir = %s", location)
+	logger.Info("☑️ maker.Front: 开始构建 front app[%s]..., version = %s, vendor = %s, workdir = %s", vendor, version, location)
 	if _vendor == nil {
 		logger.Debug("❌ maker.Front: vendor not supported, vendor = %s", vendor)
 		return fmt.Errorf("vendor not supported: %s", vendor)
 	}
 	_ = os.RemoveAll(location)
 	if err = os.MkdirAll(location, 0755); err != nil {
 		logger.Debug("❌ maker.Front: 创建目录失败: path = %s, err = %v", location, err)
 		return err
 	}
-	path := filepath.Join(location, "front.user.yaml")
+	path := filepath.Join(location, "deployment.user.yaml")
-	logger.Debug("☑️ maker.Front: writing front.user.yaml, path = %s", path)
+	logger.Debug("☑️ maker.Front: writing deployment.user.yaml, path = %s", path)
 	bs = []byte(fmt.Sprintf(resource.YAMLAppFrontUser, replica))
 	if err = os.WriteFile(path, bs, 0644); err != nil {
-		logger.Debug("❌ maker.Front: 写入 front.user.yaml 失败: path = %s, err = %v", path, err)
+		logger.Debug("❌ maker.Front: 写入 deployment.user.yaml 失败: path = %s, err = %v", path, err)
 		return err
 	}
-	logger.Debug("✅ maker.Front: write front.user.yaml success, path = %s", path)
+	logger.Debug("✅ maker.Front: write deployment.user.yaml success, path = %s", path)
-	path = filepath.Join(location, "front.admin.yaml")
+	path = filepath.Join(location, "deployment.admin.yaml")
-	logger.Debug("☑️ maker.Front: writing front.admin.yaml, path = %s", path)
+	logger.Debug("☑️ maker.Front: writing deployment.admin.yaml, path = %s", path)
 	bs = []byte(fmt.Sprintf(resource.YAMLAppFrontAdmin, replica))
 	if err = os.WriteFile(path, bs, 0644); err != nil {
-		logger.Debug("❌ maker.Front: 写入 front.admin.yaml 失败: path = %s, err = %v", path, err)
+		logger.Debug("❌ maker.Front: 写入 deployment.admin.yaml 失败: path = %s, err = %v", path, err)
 		return err
 	}
 	logger.Debug("✅ maker.Front: write front.admin.yaml success, path = %s", path)
 	// todo, pull front images
 	// 1. make image dir
 	imgDir := filepath.Join(m.workdir, "dependency", "image")
 	if err = os.MkdirAll(imgDir, 0755); err != nil {
 		logger.Debug("❌ maker.Front: 创建目录失败: path = %s, err = %v", imgDir, err)
 		return err
 	}
 	logger.Debug("✅ maker.Front: write deployment.admin.yaml success, path = %s", path)
 	logger.Debug("☑️ maker.Front: pulling front images, vendor = %s", vendor)
-	if err = m.Image(ctx, _vendor.AppFrontUserImageName, WithImageSave(filepath.Join(imgDir, "app.front.user.tar")), WithImageForcePull(true)); err != nil {
+	if err = m.Image(ctx, _vendor.AppFrontUserImageName, WithImageSave(filepath.Join(location, "front.user.tar")), WithImageForcePull(true)); err != nil {
 		logger.Debug("❌ maker.Front: 拉取 front 用户镜像失败: %s, err = %v", _vendor.AppFrontUserImageName, err)
 		return err
 	}
-	if err = m.Image(ctx, _vendor.AppFrontAdminImageName, WithImageSave(filepath.Join(imgDir, "app.front.admin.tar")), WithImageForcePull(true)); err != nil {
+	if err = m.Image(ctx, _vendor.AppFrontAdminImageName, WithImageSave(filepath.Join(location, "front.admin.tar")), WithImageForcePull(true)); err != nil {
 		logger.Debug("❌ maker.Front: 拉取 front 管理镜像失败: %s, err = %v", _vendor.AppFrontAdminImageName, err)
 		return err
 	}
-	logger.Info("✅ maker.Front: 构建 front app 完成")
+	if err = os.WriteFile(filepath.Join(location, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.Front: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.Front: 构建 front app[%s] 完成, version = %s", vendor, version)
 	return nil
 }
--- a/internal/controller/maker/app.gateway.go
+++ b/internal/controller/maker/app.gateway.go
@@ -6,11 +6,11 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-func (m *maker) AppGateway(ctx context.Context, replica int) error {
+func (m *maker) AppGateway(ctx context.Context, version string, replica int) error {
 	const (
 		_config = `Version: "3"
 Database:
@@ -59,7 +59,8 @@ kubectl rollout restart deployment gateway-deployment -n hsv2`
 		workdir = filepath.Join(m.workdir, "app", "gateway")
 	)
-	logger.Info("☑️ maker.AppGateway: 开始构建 gateway 应用..., dir = %s", workdir)
+	logger.Info("☑️ maker.AppGateway: 开始构建 gateway 应用..., version = %s, dir = %s", version, workdir)
 	_ = os.RemoveAll(workdir)
 	logger.Debug("☑️ maker.AppGateway: 开始创建工作目录 = %s", workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		logger.Debug("❌ maker.AppGateway: 创建目录失败: %v", err)
@@ -67,6 +68,17 @@ kubectl rollout restart deployment gateway-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppGateway: 创建工作目录成功 = %s", workdir)
 	imgName := "hub.yizhisec.com/hybridscope/gateway_controller:latest"
 	logger.Debug("☑️ maker.AppGateway: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "gateway.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.AppGateway: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppGateway: pull image success = %s", imgName)
 	if replica < 1 {
 		replica = 1
 	}
@@ -93,6 +105,16 @@ kubectl rollout restart deployment gateway-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppGateway: 构建 upsert.sh 脚本成功")
-	logger.Info("✅ maker.AppGateway: 构建 gateway 应用成功!!!")
+	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppGateway: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppGateway: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppGateway: 构建 gateway 应用成功!!! version = %s", version)
 	return nil
 }
--- a/internal/controller/maker/app.helper.go
+++ b/internal/controller/maker/app.helper.go
@@ -0,0 +1,73 @@
 package maker
 import (
 	"context"
 	"fmt"
 	"os"
 	"path/filepath"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
 // AppHelper
 func (m *maker) AppHelper(ctx context.Context, version string, vendor string, replica int) error {
 	const (
 		// _config = ``
 		_upsert = `#!/bin/bash
 kubectl apply -f deployment.yaml
 kubectl rollout restart deployment app-helper-deployment -n hsv2`
 	)
 	var (
 		err     error
 		workdir = filepath.Join(m.workdir, "app", "helper")
 	)
 	logger.Info("☑️ maker.AppHelper: 开始构建 helper 应用..., version = %s, vendor = %s, dir = %s", version, vendor, workdir)
 	_ = os.RemoveAll(workdir)
 	logger.Debug("☑️ maker.AppHelper: 开始创建工作目录 = %s", workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		logger.Debug("❌ maker.AppHelper: 创建目录失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppHelper: 创建工作目录成功 = %s", workdir)
 	imgName := "hub.yizhisec.com/hsv2/app/helper:latest"
 	logger.Debug("☑️ maker.AppHelper: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "helper.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.AppHelper: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppHelper: pull image success = %s", imgName)
 	if replica < 1 {
 		replica = 1
 	}
 	logger.Debug("☑️ maker.AppHelper: 开始构建 yaml 资源文件")
 	content := []byte(fmt.Sprintf(resource.YAMLAppHelper, replica, version))
 	if err = os.WriteFile(filepath.Join(workdir, "deployment.yaml"), content, 0644); err != nil {
 		logger.Debug("❌ maker.AppHelper: 写入 deployment.yaml 失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppHelper: 开始 yaml 资源文件成功")
 	logger.Debug("☑️ maker.AppHelper: 开始构建 upsert.sh 脚本")
 	if err = os.WriteFile(filepath.Join(workdir, "upsert.sh"), []byte(_upsert), 0755); err != nil {
 		logger.Debug("❌ maker.AppHelper: 写入 upsert.sh 失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppHelper: 构建 upsert.sh 脚本成功")
 	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppHelper: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppHelper: 构建 helper 应用成功!!! version = %s", version)
 	return nil
 }
--- a/internal/controller/maker/app.mie.go
+++ b/internal/controller/maker/app.mie.go
@@ -6,11 +6,11 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-func (m *maker) AppMie(ctx context.Context, replica int) error {
+func (m *maker) AppMie(ctx context.Context, version string, replica int) error {
 	const (
 		_config = `Version: "3"
 BackupSeafile:
@@ -136,7 +136,8 @@ kubectl rollout restart deployment api-deployment -n hsv2`
 		workdir = filepath.Join(m.workdir, "app", "mie")
 	)
-	logger.Info("☑️ maker.AppMie: 开始构建 mie ... workdir = %s", workdir)
+	logger.Info("☑️ maker.AppMie: 开始构建 mie ... version = %s, workdir = %s", version, workdir)
 	_ = os.RemoveAll(workdir)
 	logger.Debug("☑️ maker.AppMie: 开始创建工作目录 = %s", workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		logger.Debug("❌ maker.AppMie: 创建目录失败: %v", err)
@@ -144,6 +145,17 @@ kubectl rollout restart deployment api-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppMie: 创建工作目录成功 = %s", workdir)
 	imgName := "hub.yizhisec.com/hybridscope/mie-server:latest"
 	logger.Debug("☑️ maker.AppMie: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "mie.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.AppMie: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppMie: pull image success = %s", imgName)
 	if replica < 1 {
 		replica = 1
 	}
@@ -191,6 +203,11 @@ kubectl rollout restart deployment api-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppMie: 写入 upsert.sh 文件成功, dest = %s", filepath.Join(workdir, "upsert.sh"))
-	logger.Info("✅ maker.AppMie: 构建 mie 成功!!!  workdir = %s", workdir)
+	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppMie: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppMie: 构建 mie 成功!!! version = %s, workdir = %s", version, workdir)
 	return nil
 }
--- a/internal/controller/maker/app.nginx.go
+++ b/internal/controller/maker/app.nginx.go
@@ -5,34 +5,14 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/internal/opt"
-	"github.com/samber/lo"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-type NginxOpt func(*nginxOpt)
+func (m *maker) AppNginx(ctx context.Context, version string, vendor string, replica int, inlcudeImage bool) error {
 type nginxOpt struct {
 	WithoutSeafile bool
 	Replica        int
 }
 func WithNginxReplica(replica int) NginxOpt {
 	return func(o *nginxOpt) {
 		if replica >= 0 {
 			o.Replica = replica
 		}
 	}
 }
 func WithoutNginxSeafile() NginxOpt {
 	return func(o *nginxOpt) {
 		o.WithoutSeafile = true
 	}
 }
 func (m *maker) AppNginx(ctx context.Context, opts ...NginxOpt) error {
 	const (
 		_upsert = `#!/bin/bash
@@ -59,31 +39,40 @@ kubectl create configmap ssl-client-server-key --namespace hsv2 --from-file=clie
 kubectl create configmap ssl-web-server-crt --namespace hsv2 --from-file=web.server.crt=./ssl/web.server.crt --dry-run=client -o yaml | kubectl apply -f -
 kubectl create configmap ssl-web-server-key --namespace hsv2 --from-file=web.server.key=./ssl/web.server.key --dry-run=client -o yaml | kubectl apply -f -
-kubectl apply -f nginx.yaml
+kubectl apply -f deployment.yaml
 kubectl rollout restart deployment nginx-deployment -n hsv2`
 	)
 	var (
-		err     error
+		err          error
-		workdir = filepath.Join(m.workdir, "app", "nginx")
+		workdir      = filepath.Join(m.workdir, "app", "nginx")
 		o       = nginxOpt{
 			WithoutSeafile: false,
 			Replica:        2,
 		}
 		applySeafile = "kubectl create configmap nginx-seafile --namespace hsv2 --from-file=seafile.conf=./conf/seafile.conf --dry-run=client -o yaml | kubectl apply -f -"
 	)
-	logger.Info(" ☑️ maker.AppNginx: 开始构建 nginx, workdir = %s", workdir)
+	logger.Info("☑️ maker.AppNginx: 开始构建 nginx, version = %s, vendor = %s, workdir = %s", version, vendor, workdir)
-	for _, fn := range opts {
+	logger.Debug("☑️ maker.AppNginx: 创建工作目录 = %s", workdir)
-		fn(&o)
+	_ = os.RemoveAll(workdir)
 	}
 	logger.Debug(" ☑️ maker.AppNginx: 创建工作目录 = %s", workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		return err
 	}
 	logger.Debug("✅ maker.AppNginx: 创建工作目录成功 = %s", workdir)
 	if inlcudeImage {
 		logger.Debug("☑️ maker.AppNginx: start pull image = %s", opt.IMAGE_NGINX)
 		if err = m.Image(ctx, opt.IMAGE_NGINX, WithImageSave(filepath.Join(workdir, "nginx.tar"))); err != nil {
 			logger.Debug("❌ maker.AppNginx: 拉取镜像失败: %v", err)
 			return err
 		}
 		logger.Debug("✅ maker.AppNginx: pull image success = %s", opt.IMAGE_NGINX)
 		tag := strings.Split(opt.IMAGE_NGINX, ":")[1]
 		logger.Debug("☑️ maker.AppNginx: write tag.txt = %s", tag)
 		if err = os.WriteFile(filepath.Join(workdir, "tag.txt"), []byte(tag), 0644); err != nil {
 			logger.Debug("❌ maker.AppNginx: 写入 tag.txt 失败: %v", err)
 			return err
 		}
 	}
 	// 子目录: conf 与 ssl
 	confDir := filepath.Join(workdir, "conf")
 	sslDir := filepath.Join(workdir, "ssl")
@@ -113,8 +102,8 @@ kubectl rollout restart deployment nginx-deployment -n hsv2`
 		{"common.conf", resource.NGINXCommon},
 	}
-	// 过滤 seafile.conf 文件
+	// vendor != elink, append seafile conf
-	if !o.WithoutSeafile {
+	if vendor != "elink" {
 		confFiles = append(confFiles, struct {
 			name    string
 			content []byte
@@ -157,23 +146,31 @@ kubectl rollout restart deployment nginx-deployment -n hsv2`
 	}
 	// write nginx deployment yaml
-	dest := filepath.Join(workdir, "nginx.yaml")
+	dest := filepath.Join(workdir, "deployment.yaml")
-	content := []byte(fmt.Sprintf(resource.YAMLAppNGINX, o.Replica))
+	content := []byte(fmt.Sprintf(resource.YAMLAppNGINX, replica))
 	if err = os.WriteFile(dest, content, 0644); err != nil {
-		logger.Debug("❌ maker.AppNginx: 写入 nginx.yaml 失败: %v", err)
+		logger.Debug("❌ maker.AppNginx: 写入 deployment.yaml 失败: %v", err)
 		return err
 	}
-	logger.Debug("✅ maker.AppNginx: 写入 nginx.yaml 成功, dest = %s", dest)
+	logger.Debug("✅ maker.AppNginx: 写入 deployment.yaml 成功, dest = %s", dest)
 	// write nginx upsert script
 	dest = filepath.Join(workdir, "upsert.sh")
-	content = []byte(fmt.Sprintf(_upsert, lo.If(o.WithoutSeafile, "").Else(applySeafile)))
+	if vendor == "elink" {
 		applySeafile = ""
 	}
 	content = []byte(fmt.Sprintf(_upsert, applySeafile))
 	if err = os.WriteFile(dest, content, 0755); err != nil {
 		logger.Debug("❌ maker.AppNginx: 写入 upsert.sh 失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppNginx: 写入 upsert.sh 成功, dest = %s", dest)
-	logger.Info("✅ maker.AppNginx: nginx 构建完成")
+	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppNginx: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppNginx: nginx 构建完成, version = %s, vendor = %s", version, vendor)
 	return nil
 }
--- a/internal/controller/maker/app.oem.go
+++ b/internal/controller/maker/app.oem.go
@@ -7,13 +7,13 @@ import (
 	"os/exec"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/pkg/archiver"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-func (m *maker) AppOEM(ctx context.Context, vendor string, replica int) error {
+func (m *maker) AppOEM(ctx context.Context, version string, vendor string, replica int) error {
 	const (
 		_nginx = `user  root;
 worker_processes  auto;
@@ -61,7 +61,7 @@ CMD ["nginx", "-g", "daemon off;"]`
 		output  []byte
 	)
-	logger.Info("☑️ maker.AppOEM: 开始构建 oem[%s], workdir = %s", vendor, workdir)
+	logger.Info("☑️ maker.AppOEM: 开始构建 oem[%s], version = %s, ,workdir = %s", vendor, version, workdir)
 	if _vendor == nil {
 		supported := model.GetVendorNames()
@@ -71,6 +71,7 @@ CMD ["nginx", "-g", "daemon off;"]`
 	// 1. make workdir
 	logger.Debug("☑️ maker.AppOEM: 开始创建 workdir = %s", workdir)
 	_ = os.RemoveAll(workdir)
 	if err = os.MkdirAll(workdir, 0o755); err != nil {
 		return err
 	}
@@ -92,6 +93,7 @@ CMD ["nginx", "-g", "daemon off;"]`
 		}
 	}
 	logger.Debug("✅ maker.AppOEM: oem[%s] tar 下载成功", vendor)
 	defer os.RemoveAll(filepath.Join(workdir, "oem"))
 	// 3. write nginx.conf
 	logger.Debug("☑️ maker.AppOEM: 开始写入 nginx.conf")
@@ -127,14 +129,10 @@ CMD ["nginx", "-g", "daemon off;"]`
 		return err
 	}
 	logger.Debug("✅ maker.AppOEM: docker image 构建成功, image = %s", imageName)
 	defer os.RemoveAll(filepath.Join(workdir, "Dockerfile"))
 	defer os.RemoveAll(filepath.Join(workdir, "nginx.conf"))
-	// 6. save docker image to image dir
+	if err = exec.CommandContext(ctx, "docker", "save", "-o", filepath.Join(workdir, "oem.tar"), imageName).Run(); err != nil {
 	logger.Debug("☑️ maker.AppOEM: 开始保存 docker image = %s 到 %s", imageName, filepath.Join(m.workdir, "image", imageName))
 	if err = os.MkdirAll(filepath.Join(m.workdir, "dependency", "image"), 0o755); err != nil {
 		logger.Debug("❌ maker.AppOEM: image 目录创建失败, err = %v", err)
 		return err
 	}
 	if err = exec.CommandContext(ctx, "docker", "save", "-o", filepath.Join(m.workdir, "dependency", "image", "app.oem.tar"), imageName).Run(); err != nil {
 		logger.Debug("❌ maker.AppOEM: docker image 保存失败, err = %v", err)
 		return err
 	}
@@ -153,7 +151,12 @@ CMD ["nginx", "-g", "daemon off;"]`
 	}
 	logger.Debug("✅ maker.AppOEM: deployment.yaml 写入成功")
-	logger.Info("✅ maker.AppOEM: 开始构建 oem[%s] 成功!!!", vendor)
+	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppOEM: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppOEM: 开始构建 oem[%s] 成功!!! version = %s", vendor, version)
 	return nil
 }
--- a/internal/controller/maker/app.user.go
+++ b/internal/controller/maker/app.user.go
@@ -6,11 +6,11 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
-func (m *maker) AppUser(ctx context.Context, replica int) error {
+func (m *maker) AppUser(ctx context.Context, version string, replica int) error {
 	const (
 		_config = `Version: "3"
 Database:
@@ -87,15 +87,27 @@ kubectl rollout restart deployment user-deployment -n hsv2`
 		workdir = filepath.Join(m.workdir, "app", "user")
 	)
-	logger.Info("☑️ maker.AppUser: 开始构建 user 应用..., dir = %s", workdir)
+	logger.Info("☑️ maker.AppUser: 开始构建 user 应用..., version = %s, dir = %s", version, workdir)
 	logger.Debug("☑️ maker.AppUser: 开始创建工作目录 = %s", workdir)
 	_ = os.RemoveAll(workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		logger.Debug("❌ maker.AppUser: 创建目录失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppUser: 创建工作目录成功 = %s", workdir)
 	imgName := "hub.yizhisec.com/hybridscope/user_management:latest"
 	logger.Debug("☑️ maker.AppUser: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "user.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.AppUser: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.AppUser: pull image success = %s", imgName)
 	if replica < 1 {
 		replica = 1
 	}
@@ -123,6 +135,11 @@ kubectl rollout restart deployment user-deployment -n hsv2`
 	}
 	logger.Debug("✅ maker.AppUser: 构建 upsert.sh 脚本成功")
-	logger.Info("✅ maker.AppUser: 构建 user 应用成功!!!")
+	if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
 		logger.Debug("❌ maker.AppUser: 写入 version.txt 失败: %v", err)
 		return err
 	}
 	logger.Info("✅ maker.AppUser: 构建 user 应用成功!!! version = %s", version)
 	return nil
 }
--- a/internal/controller/maker/binary.go
+++ b/internal/controller/maker/binary.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/pkg/archiver"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
--- a/internal/controller/maker/client.pkg.go
+++ b/internal/controller/maker/client.pkg.go
@@ -2,13 +2,14 @@ package maker
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/samber/lo"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
@@ -21,6 +22,13 @@ type ClientPKGOption func(*clientPKGOption)
 type clientPKGOption struct {
 	Downloads []*clientPKGDownload
 	CMDs      []string
 	MakePkg   bool
 }
 func WithClientPkgMakePkg(pkg bool) ClientPKGOption {
 	return func(o *clientPKGOption) {
 		o.MakePkg = pkg
 	}
 }
 func WithClientPKGDownload(url, location string) ClientPKGOption {
@@ -36,22 +44,21 @@ func WithClientPKGDownload(url, location string) ClientPKGOption {
 	}
 }
-func WithClientPKGCMD(cmd string) ClientPKGOption {
+func WithClientPKGCMDs(cmds ...string) ClientPKGOption {
 	return func(o *clientPKGOption) {
-		if cmd == "" {
+		adds := lo.Filter(cmds, func(cmd string, _ int) bool { return cmd != "" })
-			return
+		o.CMDs = append(o.CMDs, adds...)
 		}
 		o.CMDs = append(o.CMDs, cmd)
 	}
 }
 func (m *maker) ClientPKG(ctx context.Context, _os string, _version string, api string, opts ...ClientPKGOption) error {
 	const (
 		Dockerfile = `
-FROM hub.yizhisec.com/external/nginx:1.29.4-alpine3.23
+FROM hub.yizhisec.com/hsv2/base/nginx:latest
 RUN mkdir -p /data
-%s
+COPY version.json /data/version.json
 %s
 COPY nginx.conf /etc/nginx/nginx.conf
@@ -71,7 +78,6 @@ COPY nginx.conf /etc/nginx/nginx.conf
 		location = filepath.Join(m.workdir, "client", _os)
 		_file    string
 		_content string
 		_cmds    = ""
 	)
 	for _, fn := range opts {
@@ -80,16 +86,31 @@ COPY nginx.conf /etc/nginx/nginx.conf
 	logger.Info("☑️ maker.ClientPKG: start build client pkg, os = %s, version = %s, location = %s", _os, _version, location)
 	if err = os.RemoveAll(location); err != nil {
 		logger.Debug("❌ maker.ClientPKG: remove directory failed, directory = %s, err = %s", location, err.Error())
 		return err
 	}
 	if err = os.MkdirAll(location, 0755); err != nil {
 		logger.Debug("❌ maker.ClientPKG: create directory failed, directory = %s, err = %s", location, err.Error())
 		return err
 	}
 	vd := map[string]string{
 		"version": _version,
 	}
 	vbs, _ := json.Marshal(vd)
 	if err = os.WriteFile(filepath.Join(location, "version.txt"), []byte(_version), 0644); err != nil {
 		logger.Debug("❌ maker.ClientPKG: write file failed, file = %s, err = %s", filepath.Join(location, "version.txt"), err.Error())
 		return err
 	}
 	if err = os.WriteFile(filepath.Join(location, "version.json"), []byte(vbs), 0644); err != nil {
 		logger.Debug("❌ maker.ClientPKG: write file failed, file = %s, err = %s", filepath.Join(location, "version.json"), err.Error())
 		return err
 	}
 	_file = filepath.Join(location, "nginx.conf")
 	_content = fmt.Sprintf(resource.NGINXClientPKG, api)
 	logger.Debug("☑️ maker.ClientPKG: start write file = %s", _file)
@@ -100,15 +121,15 @@ COPY nginx.conf /etc/nginx/nginx.conf
 	logger.Debug("✅ maker.ClientPKG: write file success, file = %s", _file)
 	lines := lo.Map(o.Downloads, func(d *clientPKGDownload, index int) string {
-		return fmt.Sprintf("RUN wget -O /data/%s %s", d.Name, d.URL)
+		return fmt.Sprintf("wget -O /data/%s %s", d.Name, d.URL)
 	})
 	if len(o.CMDs) > 0 {
-		_cmds = fmt.Sprintf("RUN %s", strings.Join(o.CMDs, " && "))
+		lines = append(lines, o.CMDs...)
 	}
 	_file = filepath.Join(location, "Dockerfile")
-	_content = fmt.Sprintf(Dockerfile, strings.Join(lines, "\n"), _cmds)
+	_content = fmt.Sprintf(Dockerfile, "RUN "+strings.Join(lines, " && "))
 	logger.Debug("☑️ maker.ClientPKG: start write file = %s", _file)
 	if os.WriteFile(_file, []byte(_content), 0644); err != nil {
 		logger.Debug("❌ maker.ClientPKG: write file failed, file = %s, err = %s", _file, err.Error())
@@ -148,6 +169,15 @@ COPY nginx.conf /etc/nginx/nginx.conf
 		return err
 	}
 	if o.MakePkg {
 		_cmd := fmt.Sprintf("7za a -pRrPt7Uo9WM1dkXOJmHps56T8BZY2qA4g -mhe=on client.%s.pkg *", _os)
 		logger.Debug("☑️ maker.ClientPKG: start create client.%s.pkg by 7zip(7za), cmd = '%s'", _os, _cmd)
 		if err = m.RunCommand(ctx, location, _cmd); err != nil {
 			logger.Debug("❌ maker.ClientPKG: run command failed, cmd = %s, err = %s", _cmd, err.Error())
 			return err
 		}
 	}
 	logger.Info("️✅ maker.ClientPKG: build client pkg success, os = %s, version = %s, location = %s", _os, _version, location)
 	return nil
--- a/internal/controller/maker/command.go
+++ b/internal/controller/maker/command.go
@@ -1,9 +1,12 @@
 package maker
 import (
 	"bytes"
 	"context"
 	"fmt"
 	"os/exec"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 func (m *maker) RunCommand(ctx context.Context, dir string, _cmds ...string) error {
@@ -11,6 +14,8 @@ func (m *maker) RunCommand(ctx context.Context, dir string, _cmds ...string) err
 		return nil
 	}
 	logger.Debug("maker.RunCommand: dir = %s, cmds = %v", dir, _cmds)
 	for _, cmdStr := range _cmds {
 		cmd := exec.CommandContext(ctx, "sh", "-c", cmdStr)
@@ -18,9 +23,13 @@ func (m *maker) RunCommand(ctx context.Context, dir string, _cmds ...string) err
 			cmd.Dir = dir
 		}
 		var buf bytes.Buffer
 		cmd.Stdout = &buf
 		cmd.Stderr = &buf
 		// Execute the command
 		if err := cmd.Run(); err != nil {
-			return fmt.Errorf("failed to run command '%s' in directory '%s': %w", cmdStr, dir, err)
+			return fmt.Errorf("failed to run command '%s' in directory '%s': %w, output = %s", cmdStr, dir, err, buf.String())
 		}
 	}
--- a/internal/controller/maker/configmap.go
+++ b/internal/controller/maker/configmap.go
@@ -7,10 +7,10 @@ import (
 	"path/filepath"
 	"strings"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/samber/lo"
 	"yizhisec.com/hsv2/forge/pkg/downloader"
 	"yizhisec.com/hsv2/forge/pkg/extractor"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/tool/random"
 )
--- a/internal/controller/maker/elastic.go
+++ b/internal/controller/maker/elastic.go
@@ -7,9 +7,9 @@ import (
 	"os/exec"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/archiver"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
--- a/internal/controller/maker/emqx.go
+++ b/internal/controller/maker/emqx.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
--- a/internal/controller/maker/flannel.go
+++ b/internal/controller/maker/flannel.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
--- a/internal/controller/maker/hsnet.go
+++ b/internal/controller/maker/hsnet.go
@@ -5,8 +5,8 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/pkg/archiver"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
@@ -19,7 +19,7 @@ After=network.target containerd.service
 [Service]
 # 启动前清理旧容器
-# ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net task kill hs-net
+ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net task kill hs-net
 ExecStartPre=-/usr/local/bin/k0s ctr namespace create hs-net
 ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net container rm  hs-net
@@ -59,7 +59,7 @@ StandardError=journal
 SyslogIdentifier=hs-net
 # 清理退出的容器
-# ExecStop=/usr/local/bin/k0s ctr -n hs-net task kill hs-net
+ExecStop=/usr/local/bin/k0s ctr -n hs-net task kill hs-net
 ExecStopPost=/usr/local/bin/k0s ctr -n hs-net container rm hs-net
 [Install]
@@ -166,11 +166,35 @@ tcp_mode_disable: false
 	logger.Info("☑️ MakeHSNet: 开始构建 hs-net, workdir = %s", workdir)
 	_ = os.RemoveAll(workdir)
 	if err = os.MkdirAll(workdir, 0755); err != nil {
 		logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error())
 		return err
 	}
 	// {Name: "", Fallback: "", Save: "app.less_dns.tar", Force: true},
 	imgName := "hub.yizhisec.com/hybridscope/hsnet:release_2.1.0-std"
 	logger.Debug("☑️ maker.HSNet: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "hsnet.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.HSNet: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.HSNet: pull image success = %s", imgName)
 	imgName = "hub.yizhisec.com/hybridscope/less_dns_service:latest"
 	logger.Debug("☑️ maker.HSNet: start pull image = %s", imgName)
 	if err = m.Image(ctx, imgName,
 		WithImageForcePull(true),
 		WithImageSave(filepath.Join(workdir, "less-dns.tar")),
 	); err != nil {
 		logger.Debug("❌ maker.HSNet: 拉取镜像失败: %v", err)
 		return err
 	}
 	logger.Debug("✅ maker.HSNet: pull image success = %s", imgName)
 	if err = archiver.DownloadAndExtract(ctx, _url, workdir); err != nil {
 		logger.Debug("❌ MakeHSNet: 下载和解压失败: %s", err.Error())
 		return err
@@ -225,15 +249,6 @@ tcp_mode_disable: false
 		return err
 	}
 	imgName := "hub.yizhisec.com/hybridscope/hsnet:release_2.1.0-std"
 	imgPath := filepath.Join(workdir, "hs-net.tar")
 	logger.Debug("☑️ MakeHSNet: 构建镜像 %s 到 %s", imgName, imgPath)
 	if err = m.Image(ctx, imgName, WithImageSave(imgPath), WithImageForcePull(true)); err != nil {
 		logger.Debug("❌ MakeHSNet: 构建镜像失败: %s", err.Error())
 		return err
 	}
 	logger.Debug("✅ MakeHSNet: 构建镜像 %s 到 %s 成功", imgName, imgPath)
 	// write hs-net.service
 	if err = os.WriteFile(filepath.Join(workdir, "hs-net.service"), []byte(_service), 0644); err != nil {
 		logger.Debug("❌ MakeHSNet: 写入服务文件失败: %s", err.Error())
--- a/internal/controller/maker/image.go
+++ b/internal/controller/maker/image.go
@@ -6,8 +6,8 @@ import (
 	"os/exec"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"github.com/samber/lo"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
@@ -112,14 +112,6 @@ func (m *maker) Images(ctx context.Context) error {
 	var images = []*model.Image{
 		{Name: "hub.yizhisec.com/external/alpine:3.22.2", Fallback: "", Save: "alpine.tar", Force: true},
 		{Name: "hub.yizhisec.com/external/nginx:1.29.1-alpine3.22", Fallback: "", Save: "nginx.1.29.1-alpine3.22.tar"},
 		{Name: "hub.yizhisec.com/hybridscope/user_management:latest", Fallback: "", Save: "app.user.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/gateway_controller:latest", Fallback: "", Save: "app.gateway.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/client_server:latest", Fallback: "", Save: "app.client.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/mie-server:latest", Fallback: "", Save: "app.mie.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/less_dns_service:latest", Fallback: "", Save: "app.less_dns.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/hsnet:release_2.1.0-std", Fallback: "", Save: "app.hsnet.tar", Force: true},
 	}
 	for _, image := range images {
--- a/internal/controller/maker/image_test.go
+++ b/internal/controller/maker/image_test.go
@@ -3,7 +3,7 @@ package maker
 import (
 	"testing"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 func TestImage(t *testing.T) {
--- a/internal/controller/maker/lessdns.go
+++ b/internal/controller/maker/lessdns.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
--- a/internal/controller/maker/longhorn.go
+++ b/internal/controller/maker/longhorn.go
@@ -6,8 +6,8 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/pkg/downloader"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
--- a/internal/controller/maker/minio.go
+++ b/internal/controller/maker/minio.go
@@ -6,7 +6,8 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
@@ -14,20 +15,20 @@ import (
 // todo, remake minio-init image
 func (m *maker) Minio(ctx context.Context, storage string) error {
 	var (
-		err      error
+		err     error
-		location = filepath.Join(m.workdir, "dependency", "minio")
+		workdir = filepath.Join(m.workdir, "dependency", "minio")
 	)
-	logger.Info("☑️ maker.Minio: 开始构建 minio 依赖, workdir = %s", location)
+	logger.Info("☑️ maker.Minio: 开始构建 minio 依赖, workdir = %s", workdir)
-
+	logger.Debug("☑️ maker.Minio: 构建工作目录, workdir = %s", workdir)
-	logger.Debug("☑️ maker.Minio: 构建工作目录, workdir = %s", location)
+	_ = os.RemoveAll(workdir)
-	if err = os.MkdirAll(location, 0755); err != nil {
+	if err = os.MkdirAll(workdir, 0755); err != nil {
-		logger.Debug("❌ maker.Minio: 创建工作目录失败, workdir = %s, err = %v", location, err)
+		logger.Debug("❌ maker.Minio: 创建工作目录失败, workdir = %s, err = %v", workdir, err)
 		return err
 	}
-	logger.Debug("✅ maker.Minio: 创建工作目录成功, workdir = %s", location)
+	logger.Debug("✅ maker.Minio: 创建工作目录成功, workdir = %s", workdir)
-	filename := filepath.Join(location, "minio.yaml")
+	filename := filepath.Join(workdir, "minio.yaml")
 	logger.Debug("☑️ maker.Minio: 准备资源文件, filename = %s, storage = %s", filename, storage)
 	bs := []byte(fmt.Sprintf(resource.YAMLMinIO, storage))
 	if err = os.WriteFile(filename, bs, 0644); err != nil {
@@ -38,13 +39,13 @@ func (m *maker) Minio(ctx context.Context, storage string) error {
 	logger.Debug("☑️ maker.Minio: 开始获取所需镜像...")
 	var images = []*model.Image{
-		{Name: "hub.yizhisec.com/hybridscope/v3/minio-init:latest", Fallback: "", Save: "dep.minio-init.tar"},
+		{Name: opt.IMAGE_MINIO_BASE, Fallback: "", Save: "minio-init.tar"},
-		{Name: "hub.yizhisec.com/external/minio:RELEASE.2025-03-12T18-04-18Z", Fallback: "", Save: "dep.minio.tar"},
+		{Name: opt.IMAGE_MINIO, Fallback: "", Save: "minio.tar"},
 	}
 	for _, image := range images {
 		opts := []ImageOpt{
 			WithImageFallback(image.Fallback),
-			WithImageSave(filepath.Join(location, image.Save)),
+			WithImageSave(filepath.Join(workdir, image.Save)),
 			WithImageForcePull(image.Force),
 		}
@@ -56,7 +57,7 @@ func (m *maker) Minio(ctx context.Context, storage string) error {
 	}
 	logger.Debug("✅ maker.Minio: 获取所需镜像成功!!!")
-	logger.Info("✅ maker.Minio: 构建 minio 依赖成功, workdir = %s", location)
+	logger.Info("✅ maker.Minio: 构建 minio 依赖成功, workdir = %s", workdir)
 	return nil
 }
--- a/internal/controller/maker/mysql.go
+++ b/internal/controller/maker/mysql.go
@@ -7,9 +7,9 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/downloader"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
--- a/internal/controller/maker/proxy.go
+++ b/internal/controller/maker/proxy.go
@@ -6,8 +6,8 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/pkg/downloader"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
--- a/internal/controller/maker/redis.go
+++ b/internal/controller/maker/redis.go
@@ -6,9 +6,9 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/downloader"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 )
--- a/internal/controller/maker/registry.go
+++ b/internal/controller/maker/registry.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
--- a/internal/controller/maker/seafile.go
+++ b/internal/controller/maker/seafile.go
@@ -6,8 +6,8 @@ import (
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/internal/opt"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
@@ -123,7 +123,7 @@ kubectl rollout restart deployment backup-seafile-deployment -n seafile`
 			ServerHostname: "cloud.hybridscope.com",
 			Storage:        "50Gi",
 		}
-    workdir = filepath.Join(m.workdir, "dependency", "seafile")
+		workdir = filepath.Join(m.workdir, "dependency", "seafile")
 	)
 	for _, fn := range opts {
@@ -187,7 +187,7 @@ kubectl rollout restart deployment backup-seafile-deployment -n seafile`
 	// 7. prepare images
 	logger.Debug("☑️ make.Seafile: 准备 images")
-    imgDir := filepath.Join(m.workdir, "dependency", "image")
+	imgDir := filepath.Join(m.workdir, "dependency", "image")
 	if err = os.MkdirAll(imgDir, 0755); err != nil {
 		logger.Error("❌ make.Seafile: 准备 images 目录: %s 失败, err = %v", imgDir, err)
 		return err
--- a/internal/controller/maker/yosguard.go
+++ b/internal/controller/maker/yosguard.go
@@ -2,34 +2,38 @@ package maker
 import (
 	"context"
 	"fmt"
 	"os"
 	"path/filepath"
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
 	"yizhisec.com/hsv2/forge/pkg/downloader"
 	"yizhisec.com/hsv2/forge/pkg/logger"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
 type YosguardOpt func(*yosguardOpt)
-type yosguardOpt struct{}
+type yosguardOpt struct {
 	Pkg bool
 }
 func WithYosguardPkg(makePkg bool) YosguardOpt {
 	return func(o *yosguardOpt) {
 		o.Pkg = makePkg
 	}
 }
 func (m *maker) Yosguard(ctx context.Context, opts ...YosguardOpt) error {
 	const (
 		_config = `
-AsController: true                                                                                                                                                                                                                                                                                                            
+Web:
-AsGateway: false
+  Host: __ip__
-ControllerServer:
+  Port: 7788
  Host: dasheng.zhsftech.debug
  Port: 443 
 Database:
  SQLite:
    DBPath: /etc/yosguard/db/yosguard.db
 HeartbeatDuration: 5
 UUIDFilePath: /etc/yosguard/uuid
 Web:
  Host: __ip__
  Port: 7788
 `
 		systemdService = `
@@ -52,10 +56,23 @@ WantedBy=multi-user.target`
 		binURL = "https://artifactory.yizhisec.com:443/artifactory/filestore/hsv2/bin/yosguard"
 	)
-	location := filepath.Join(m.workdir, "dependency", "yosguard")
+	var (
 		location = filepath.Join(m.workdir, "dependency", "yosguard")
 		o        = &yosguardOpt{}
 	)
 	for _, fn := range opts {
 		fn(o)
 	}
 	logger.Info("☑️ maker.Yosguard: 开始构建 yosguard...")
 	logger.Debug("☑️ maker.Yosguard: 创建目录 %s", location)
 	if err := os.RemoveAll(location); err != nil {
 		logger.Debug("❌ maker.Yosguard: 删除 yosguard 目录失败, dir = %s, err = %v", location, err)
 		return err
 	}
 	if err := os.MkdirAll(location, 0755); err != nil {
 		logger.Debug("❌ maker.Yosguard: 创建 yosguard 目录失败: %v", err)
 		return err
@@ -96,6 +113,15 @@ WantedBy=multi-user.target`
 	}
 	logger.Debug("✅ maker.Yosguard: 写入 yosguard.service 文件成功, dest = %s", filepath.Join(location, "yosguard.service"))
 	if o.Pkg {
 		_cmd := fmt.Sprintf("cd %s && 7za a -pRrPt7Uo9WM1dkXOJmHps56T8BZY2qA4g -mhe=on yosguard.pkg *", location)
 		logger.Debug("☑️ maker.Yosguard: start create yosguard.pkg by 7zip, cmd = '%s'", _cmd)
 		if err := m.RunCommand(ctx, location, _cmd); err != nil {
 			logger.Debug("❌ maker.Yosguard: 创建 yosguard.pkg 失败, err = %v", err)
 			return err
 		}
 	}
 	logger.Info("✅ maker.Yosguard: 构建 yosguard 成功!!!")
 	return nil
 }
--- a/internal/opt/var.go
+++ b/internal/opt/var.go
@@ -0,0 +1,8 @@
 package opt
 const (
 	IMAGE_NGINX      = "docker-mirror.yizhisec.com/library/nginx:1.29.4-alpine3.23"
 	IMAGE_MINIO      = "hub.yizhisec.com/external/minio:RELEASE.2025-03-12T18-04-18Z"
 	IMAGE_ALPINE     = "docker-mirror.yizhisec.com/library/alpine:3.23.2"
 	IMAGE_MINIO_BASE = "hub.yizhisec.com/hsv2/base/minio-init:latest"
 )
--- a/pkg/archiver/archiver.go
+++ b/pkg/archiver/archiver.go
@@ -12,7 +12,7 @@ import (
 	"path/filepath"
 	"strings"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 // Options defines options for downloading and extracting archives
--- a/pkg/archiver/archiver_test.go
+++ b/pkg/archiver/archiver_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"testing"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 func TestDownloadAndExtract(t *testing.T) {
--- a/pkg/downloader/downloader.go
+++ b/pkg/downloader/downloader.go
@@ -9,7 +9,7 @@ import (
 	"os"
 	"path/filepath"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 // Options defines options for downloading files
--- a/pkg/extractor/extractor.go
+++ b/pkg/extractor/extractor.go
@@ -10,7 +10,7 @@ import (
 	"path/filepath"
 	"strings"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 type Options struct {
--- a/pkg/imager/pull.go
+++ b/pkg/imager/pull.go
@@ -13,7 +13,7 @@ import (
 	"strings"
 	"time"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 // PullOption is a functional option for configuring image pull
--- a/pkg/imager/pull_test.go
+++ b/pkg/imager/pull_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"
-	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/logger"
 )
 // TestPullImage_PublicImage tests pulling a public image from Docker Hub
--- a/pkg/logger/ctx.go
+++ b/pkg/logger/ctx.go
@@ -0,0 +1,53 @@
 package logger
 import (
 	"context"
 	uuid2 "github.com/google/uuid"
 )
 type _traceId struct{}
 var TraceId = _traceId{}
 func traceId(ctx context.Context) string {
 	if ctx == nil {
 		uuid, _ := uuid2.NewV7()
 		return uuid.String()
 	}
 	if id, _ := ctx.Value(TraceId).(string); id != "" {
 		return id
 	}
 	uuid, _ := uuid2.NewV7()
 	return uuid.String()
 }
 func DebugCtx(ctx context.Context, msg string, data ...any) {
 	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Debug(msg, data...)
 }
 func InfoCtx(ctx context.Context, msg string, data ...any) {
 	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Info(msg, data...)
 }
 func WarnCtx(ctx context.Context, msg string, data ...any) {
 	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Warn(msg, data...)
 }
 func ErrorCtx(ctx context.Context, msg string, data ...any) {
 	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Error(msg, data...)
 }
 func PanicCtx(ctx context.Context, msg string, data ...any) {
 	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Panic(msg, data...)
 }
 func FatalCtx(ctx context.Context, msg string, data ...any) {
 	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Fatal(msg, data...)
 }
--- a/pkg/logger/ctx_test.go
+++ b/pkg/logger/ctx_test.go
@@ -0,0 +1,17 @@
 package logger
 import (
 	"context"
 	"testing"
 )
 func TestCtxLog(t *testing.T) {
 	DebugCtx(nil, "hello %s", "world")
 	InfoCtx(nil, "hello %s", "world")
 	WarnCtx(context.Background(), "hello %s", "world")
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, TraceId, "value")
 	SetLogLevel(LogLevelDebug)
 	DebugCtx(ctx, "hello %s", "world")
 	ErrorCtx(ctx, "hello %s", "world")
 }
--- a/pkg/logger/default.go
+++ b/pkg/logger/default.go
@@ -0,0 +1,67 @@
 package logger
 import (
 	"fmt"
 	"os"
 	"sync"
 )
 var (
 	nilLogger    = func(prefix, timestamp, msg string, data ...any) {}
 	normalLogger = func(prefix, timestamp, msg string, data ...any) {
 		fmt.Printf(prefix+"| "+timestamp+" | "+msg+"\n", data...)
 	}
 	panicLogger = func(prefix, timestamp, msg string, data ...any) {
 		panic(fmt.Sprintf(prefix+"| "+timestamp+" | "+msg+"\n", data...))
 	}
 	fatalLogger = func(prefix, timestamp, msg string, data ...any) {
 		fmt.Printf(prefix+"| "+timestamp+" | "+msg+"\n", data...)
 		os.Exit(1)
 	}
 	DefaultLogger = &logger{
 		Mutex:      sync.Mutex{},
 		timeFormat: "2006-01-02T15:04:05",
 		writer:     os.Stdout,
 		level:      LogLevelInfo,
 		debug:      nilLogger,
 		info:       normalLogger,
 		warn:       normalLogger,
 		error:      normalLogger,
 		panic:      panicLogger,
 		fatal:      fatalLogger,
 	}
 )
 func SetTimeFormat(format string) {
 	DefaultLogger.SetTimeFormat(format)
 }
 func SetLogLevel(level LogLevel) {
 	DefaultLogger.SetLogLevel(level)
 }
 func Debug(msg string, data ...any) {
 	DefaultLogger.Debug(msg, data...)
 }
 func Info(msg string, data ...any) {
 	DefaultLogger.Info(msg, data...)
 }
 func Warn(msg string, data ...any) {
 	DefaultLogger.Warn(msg, data...)
 }
 func Error(msg string, data ...any) {
 	DefaultLogger.Error(msg, data...)
 }
 func Panic(msg string, data ...any) {
 	DefaultLogger.Panic(msg, data...)
 }
 func Fatal(msg string, data ...any) {
 	DefaultLogger.Fatal(msg, data...)
 }
--- a/pkg/logger/logger.go
+++ b/pkg/logger/logger.go
@@ -0,0 +1,115 @@
 package logger
 import (
 	"github.com/fatih/color"
 	"io"
 	"sync"
 	"time"
 )
 type LogLevel uint32
 const (
 	LogLevelDebug = iota
 	LogLevelInfo
 	LogLevelWarn
 	LogLevelError
 	LogLevelPanic
 	LogLevelFatal
 )
 type logger struct {
 	sync.Mutex
 	timeFormat string
 	writer     io.Writer
 	level      LogLevel
 	debug      func(prefix, timestamp, msg string, data ...any)
 	info       func(prefix, timestamp, msg string, data ...any)
 	warn       func(prefix, timestamp, msg string, data ...any)
 	error      func(prefix, timestamp, msg string, data ...any)
 	panic      func(prefix, timestamp, msg string, data ...any)
 	fatal      func(prefix, timestamp, msg string, data ...any)
 }
 var (
 	red    = color.New(color.FgRed)
 	hired  = color.New(color.FgHiRed)
 	green  = color.New(color.FgGreen)
 	yellow = color.New(color.FgYellow)
 	white  = color.New(color.FgWhite)
 )
 func (l *logger) SetTimeFormat(format string) {
 	l.Lock()
 	defer l.Unlock()
 	l.timeFormat = format
 }
 func (l *logger) SetLogLevel(level LogLevel) {
 	l.Lock()
 	defer l.Unlock()
 	if level > LogLevelDebug {
 		l.debug = nilLogger
 	} else {
 		l.debug = normalLogger
 	}
 	if level > LogLevelInfo {
 		l.info = nilLogger
 	} else {
 		l.info = normalLogger
 	}
 	if level > LogLevelWarn {
 		l.warn = nilLogger
 	} else {
 		l.warn = normalLogger
 	}
 	if level > LogLevelError {
 		l.error = nilLogger
 	} else {
 		l.error = normalLogger
 	}
 	if level > LogLevelPanic {
 		l.panic = nilLogger
 	} else {
 		l.panic = panicLogger
 	}
 	if level > LogLevelFatal {
 		l.fatal = nilLogger
 	} else {
 		l.fatal = fatalLogger
 	}
 }
 func (l *logger) Debug(msg string, data ...any) {
 	l.debug(white.Sprint("Debug "), time.Now().Format(l.timeFormat), msg, data...)
 }
 func (l *logger) Info(msg string, data ...any) {
 	l.info(green.Sprint("Info  "), time.Now().Format(l.timeFormat), msg, data...)
 }
 func (l *logger) Warn(msg string, data ...any) {
 	l.warn(yellow.Sprint("Warn  "), time.Now().Format(l.timeFormat), msg, data...)
 }
 func (l *logger) Error(msg string, data ...any) {
 	l.error(red.Sprint("Error "), time.Now().Format(l.timeFormat), msg, data...)
 }
 func (l *logger) Panic(msg string, data ...any) {
 	l.panic(hired.Sprint("Panic "), time.Now().Format(l.timeFormat), msg, data...)
 }
 func (l *logger) Fatal(msg string, data ...any) {
 	l.fatal(hired.Sprint("Fatal "), time.Now().Format(l.timeFormat), msg, data...)
 }
 type WroteLogger interface {
 	Info(msg string, data ...any)
 }
--- a/pkg/logger/new.go
+++ b/pkg/logger/new.go
@@ -0,0 +1,21 @@
 package logger
 import (
 	"os"
 	"sync"
 )
 func New() *logger {
 	return &logger{
 		Mutex:      sync.Mutex{},
 		timeFormat: "2006-01-02T15:04:05",
 		writer:     os.Stdout,
 		level:      LogLevelInfo,
 		debug:      nilLogger,
 		info:       normalLogger,
 		warn:       normalLogger,
 		error:      normalLogger,
 		panic:      panicLogger,
 		fatal:      fatalLogger,
 	}
 }
--- a/pkg/model/vendor.go
+++ b/pkg/model/vendor.go
@@ -10,28 +10,28 @@ type Vendor struct {
 var (
 	vendorMap = map[string]*Vendor{
-		"standard": &Vendor{
+		"standard": {
-			Name:                   "Standard",
+			Name:                   "standard",
 			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz",
 			OEMDir:                 "oem",
 			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user:latest",
 			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
 		},
-		"elink": &Vendor{
+		"elink": {
 			Name:                   "elink",
 			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz",
 			OEMDir:                 "oem_csgElink",
 			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user-elink:latest",
 			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
 		},
-		"noah": &Vendor{
+		"noah": {
 			Name:                   "noah",
 			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_noah.tar.gz",
 			OEMDir:                 "oem_noah",
 			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user:latest",
 			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
 		},
-		"heishuimeng": &Vendor{
+		"heishuimeng": {
 			Name:                   "heishuimeng",
 			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_heishuimeng.tar.gz",
 			OEMDir:                 "oem_heishuimeng",
--- a/pkg/resource/nginx/client.conf
+++ b/pkg/resource/nginx/client.conf
@@ -33,16 +33,16 @@ server {
    client_max_body_size 50M;
    location /api/v2_2 {                                                                                                                                                                                                                                                                                                  
        proxy_pass http://u-api-service;
    }
    location /api/v1/pkg/archive {
-        proxy_pass http://u-api-service/api/v2_2/client/download/check;
+        proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/check.json;
    }
-    location /api/v1/version {                               
+    location /api/v1/pkg/config/setup {
-        proxy_pass http://u-api-service/api/v2_2/client/version;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/config/setup.json;
    }
    location /api/v2_2/_client/win {
        proxy_pass http://app-helper-service.hsv2;
    }
    location /api/ {
@@ -148,24 +148,25 @@ server {
    client_max_body_size 50M;
-    location /api/v2_2 {                                                                                                                                                                                                                                                                                                  
+    location /api/v1/pkg/config/setup {
-        proxy_pass http://u-api-service;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/config/setup.json;
    }
    location /api/v1/pkg/archive {
        proxy_pass http://u-api-service/api/v2_2/client/download/check;
    }
    location /api/v1/pkg/archive/version {
-        proxy_pass http://u-api-service/api/v2_2/client/version;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/old/version.json;
    }
-    location /api/v1/version {                               
+    location /api/v1/pkg/archive {
-        proxy_pass http://u-api-service/api/v2_2/client/version;
+        proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/check.json;
    }
    location /static/config/rc.json {
-        proxy_pass http://u-api-service/api/v2_2/client/rc/json?os=win;
+        proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/rc.json;
    }
    location /api/v2_2/_client/win {
        proxy_pass http://app-helper-service.hsv2;
    }
    # location = /api/v1/version {
--- a/pkg/resource/nginx/common.conf
+++ b/pkg/resource/nginx/common.conf
@@ -47,15 +47,6 @@ location /client/dl/ {
    }
 }
 location /user/avatar/ {
    auth_request /token_auth;
    proxy_set_header Cookie $http_cookie;
    alias /static/avatar/;
    expires 7d;
    add_header Cache-Control public;
 }
 location /file/share/ {
    auth_request /token_auth;
--- a/pkg/resource/nginx/web.conf
+++ b/pkg/resource/nginx/web.conf
@@ -32,19 +32,27 @@ server {
    }
    location /api/my/sys/client/installer {
-        proxy_pass http://u-api-service/api/v2_2/client/download/list;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/client/download/list;
    }
    location /api/system/version {
-        proxy_pass http://u-api-service/api/v2_2/system/version;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/system/version;
    }
-    location /api/v2_2/client {
+    location /api/v2_2/system/elink {
-        proxy_pass http://u-api-service;
+        proxy_pass http://app-helper-service.hsv2;
    }
-    location /api/v2_2/system {
+    location /api/v2_2/_client/win {
-        proxy_pass http://u-api-service;
+        proxy_pass http://app-helper-service.hsv2;
    }
    location /api/v2_2/_client/mac{
        proxy_pass http://client-mac-service;
    }
    location /api/v2_2/_client/linux{
        proxy_pass http://client-linux-service;
    }
    location / {
@@ -70,23 +78,32 @@ server {
    server_tokens off;
    location / {
        proxy_pass http://front-admin-service;
    }
    location /api/system/version {
-        proxy_pass http://u-api-service/api/v2_2/system/version;
+        proxy_pass http://app-helper-service/api/v2_2/system/version;
    }
    location /oem {
        proxy_pass http://oem-service;
    }
    location /api/v2_2/system/elink {
        proxy_pass http://app-helper-service.hsv2;
    }
-    # location /wm/ {
+    location /user/avatar/ {
-    #     alias /data/wm/;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/_obj/;
-    #     expires 30d;
+    }
    #     add_header Cache-Control public;
    # }
-    location / {
+    location /api/account/profile/avatar {
-        proxy_pass http://front-admin-service;
+        proxy_pass http://app-helper-service.hsv2/api/v2_2/user/profile/avatar/update;
    }
    location /api/admin/business-center/network-app/tunnel {
        proxy_pass http://app-helper-service.hsv2/api/v2_2/interceptor/mie/resource/icon$request_uri;
    }
    location /api/v2_1/user {
@@ -97,6 +114,22 @@ server {
        proxy_read_timeout 300s;
    }
    location /api/v2_2/_client/win {
        proxy_pass http://app-helper-service.hsv2;
    }
    location /api/v2_2/_client/mac{
        proxy_pass http://client-mac-service;
    }
    location /api/v2_2/_client/linux{
        proxy_pass http://client-linux-service;
    }
    location /api/v2_2/yosguard {
        proxy_pass http://10.118.2.10:7788;
    }
    include /etc/nginx/common/common.conf;
    location /ws {
@@ -107,28 +140,11 @@ server {
        proxy_read_timeout 300s;
    }
    # location /backup {
    #     proxy_pass http://hs-backup-server;
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_read_timeout 300s;
    # }
    location /api/local/user/import/template {
        auth_request /token_auth;
        alias /static/resource/local_user_import_template.xlsx;
    }
    # location /wm/api {
    #     proxy_pass http://hs-watermark-server;
    #     proxy_http_version 1.1;
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $proxy_protocol_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_read_timeout 300s;
    # }
    location @my_401 {
        default_type text/html;
        return 401 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>401</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>401 Unauthorized</h1>';
--- a/pkg/resource/resource.go
+++ b/pkg/resource/resource.go
@@ -71,6 +71,9 @@ var (
 	//go:embed yaml/app.nginx.yaml
 	YAMLAppNGINX string
 	//go:embed yaml/app.helper.yaml
 	YAMLAppHelper string
 	//go:embed yaml/client.pkg.yaml
 	YAMLClientPKG string
--- a/pkg/resource/yaml/app.helper.yaml
+++ b/pkg/resource/yaml/app.helper.yaml
@@ -0,0 +1,87 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: app-helper-sa
  namespace: hsv2
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: app-helper-role
  namespace: hsv2
 rules:
 - apiGroups: ["apps"]
  resources: ["deployments", "deployments/status"]
  verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: app-helper-rolebinding
  namespace: hsv2
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: app-helper-role
 subjects:
 - kind: ServiceAccount
  name: app-helper-sa
  namespace: hsv2
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: app-helper-deployment
  namespace: hsv2
 spec:
  replicas: %d
  selector:
    matchLabels:
      app: app-helper
  template:
    metadata:
      labels:
        app: app-helper
    spec:
      serviceAccountName: app-helper-sa
      topologySpreadConstraints:
      - maxSkew: 1 
        topologyKey: kubernetes.io/hostname 
        whenUnsatisfiable: ScheduleAnyway 
        labelSelector:
          matchLabels:
            app: app-helper
      containers:
      - name: app-helper
        image: hub.yizhisec.com/hsv2/app/helper:%s
        imagePullPolicy: IfNotPresent
        command:
        - app_helper
        - --debug
        - --redis-host
        - "redis-master.db-redis"
        - --redis-password
        - "HybridScope0xRed1s."
        ports:
        - containerPort: 80
        volumeMounts:
        - name: config-version
          mountPath: /app/version
      volumes:
      - name: config-version
        configMap:
          name: config-version
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: app-helper-service
  namespace: hsv2
 spec:
  selector:
    app: app-helper
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP
Author	SHA1	Message	Date
zhaoyupeng	da6a846550	feat: 许多变化 1. make apps 逻辑大变更， vendor 成标准传入 args 2. nginx -> app-helper	2026-01-12 20:01:45 +08:00
zhaoyupeng	ce6ab8ab5f	chore: 8443 proxy v2_2 yosguard	2026-01-08 09:55:29 +08:00
zhaoyupeng	aafe60ee35	chore: 完善个模块打包	2026-01-07 18:55:22 +08:00