fix some error (#2164 )

refactor: update alert-cur-event api
move sqlite.sql to docker dir
2026-03-03 06:29:16 +00:00 · 2024-09-12 15:35:59 +08:00 · 2024-09-03 18:17:28 +08:00 · 2024-09-03 17:51:35 +08:00 · 2024-09-03 17:50:13 +08:00 · 2024-09-03 17:46:57 +08:00
425 changed files with 137548 additions and 88014 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -1,67 +0,0 @@
-name: Bug Report
-description: Report a bug encountered while running Nightingale
-labels: ["kind/bug"]
-
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking time to fill out this bug report! 
-        The more detailed the form is filled in, the easier the problem will be solved.
-  - type: textarea
-    id: config
-    attributes:
-      label: Your config.toml
-      description: Place config in the toml code section. This will be automatically formatted into toml, so no need for backticks.
-      render: toml
-    validations:
-      required: true
-  - type: textarea
-    id: logs
-    attributes:
-      label: Relevant logs
-      description: categraf | telegraf | n9e | prometheus | chrome request/response ...
-      render: text
-    validations:
-      required: true
-  - type: input
-    id: system-info
-    attributes:
-      label: System info
-      description: Include nightingale version, operating system, and other relevant details
-      placeholder: ex. n9e 5.9.2, n9e-fe 5.5.0, categraf 0.1.0, Ubuntu 20.04, Docker 20.10.8
-    validations:
-      required: true
-  - type: textarea
-    id: reproduce
-    attributes:
-      label: Steps to reproduce
-      description: Describe the steps to reproduce the bug.
-      value: |
-        1.
-        2.
-        3.
-        ...
-    validations:
-      required: true
-  - type: textarea
-    id: expected-behavior
-    attributes:
-      label: Expected behavior
-      description: Describe what you expected to happen when you performed the above steps.
-    validations:
-      required: true
-  - type: textarea
-    id: actual-behavior
-    attributes:
-      label: Actual behavior
-      description: Describe what actually happened when you performed the above steps.
-    validations:
-      required: true
-  - type: textarea
-    id: additional-info
-    attributes:
-      label: Additional info
-      description: Include gist of relevant config, logs, etc.
-    validations:
-      required: false
--- a/.github/ISSUE_TEMPLATE/question.yml
+++ b/.github/ISSUE_TEMPLATE/question.yml
@@ -0,0 +1,33 @@
+name: Bug Report & Usage Question
+description: Reporting a bug or asking a question about how to use Nightingale 
+labels: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        The more detailed the form is filled in, the easier the problem will be solved.
+        提供的信息越详细，问题解决的可能性就越大。另外, 提问之前请先搜索历史 issue (包括 close 的), 以免重复提问。
+  - type: textarea
+    id: question
+    attributes:
+      label: Question and Steps to reproduce
+      description: Describe your question and steps to reproduce the bug. 描述问题以及复现步骤
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant logs and configurations
+      description: Relevant logs and configurations. 报错日志（[查看方法](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale-v6/faq/how-to-check-logs/)）以及各个相关组件的配置信息
+      render: text
+    validations:
+      required: true
+  - type: textarea
+    id: system-info
+    attributes:
+      label: Version
+      description: Include nightingale version, operating system, and other relevant details. 请告知夜莺的版本、操作系统的版本、CPU架构等信息
+    validations:
+      required: true
+ 
--- a/.github/workflows/n9e.yml
+++ b/.github/workflows/n9e.yml
@@ -26,7 +26,8 @@ jobs:
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v3
        with:
-          version: latest
+          distribution: goreleaser
+          version: '~> v1'
          args: release --rm-dist
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/README.md
+++ b/README.md
@@ -28,52 +28,80 @@
 [English](./README_en.md) | [中文](./README.md)

 ## 夜莺 Nightingale 是什么
-夜莺 Nightingale 是中国计算机学会接受捐赠并托管的第一个开源项目，是一个 All-in-One 的云原生监控工具，集合了 Prometheus 和 Grafana 的优点，你可以在 WebUI 上管理和配置告警策略，也可以对分布在多个 Region 的指标、日志、链路追踪数据进行统一的可视化和分析。夜莺融入了一线互联网公司可观测性最佳实践，沉淀了众多社区专家经验，开箱即用。[了解更多...](https://flashcat.cloud/product/nightingale/)
+
+夜莺监控是一款开源云原生观测分析工具，采用 All-in-One 的设计理念，集数据采集、可视化、监控告警、数据分析于一体，与云原生生态紧密集成，提供开箱即用的企业级监控分析和告警能力。夜莺于 2020 年 3 月 20 日，在 GitHub 上发布 v1 版本，已累计迭代 100 多个版本。
+
+夜莺最初由滴滴开发和开源，并于 2022 年 5 月 11 日，捐赠予中国计算机学会开源发展委员会（CCF ODC），为 CCF ODC 成立后接受捐赠的第一个开源项目。夜莺的核心研发团队，也是 Open-Falcon 项目原核心研发人员，从 2014 年（Open-Falcon 是 2014 年开源）算起来，也有 10 年了，只为把监控这个事情做好。


 ## 快速开始
- 👉[文档](https://flashcat.cloud/docs/) | [提问](https://answer.flashcat.cloud/) | [下载](https://flashcat.cloud/download/nightingale/) | [安装](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale-v6/install/intro/)
- ❤️[报告 Bug](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Fbug&projects=&template=bug_report.yml)
- ℹ️为了提供更快速的访问体验，上述文档和下载站点托管于 [FlashcatCloud](https://flashcat.cloud)
+- 👉 [文档中心](https://flashcat.cloud/docs/) | [下载中心](https://flashcat.cloud/download/nightingale/)
+- ❤️ [报告 Bug](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=&projects=&template=question.yml)
+- ℹ️ 为了提供更快速的访问体验，上述文档和下载站点托管于 [FlashcatCloud](https://flashcat.cloud)

 ## 功能特点

 - 对接多种时序库：支持对接 Prometheus、VictoriaMetrics、Thanos、Mimir、M3DB、TDengine 等多种时序库，实现统一告警管理。
- 专业告警能力：内置支持多种告警规则，可以扩展支持常见通知媒介，支持告警屏蔽/抑制/聚合/自愈、告警事件管理。
+- 专业告警能力：内置支持多种告警规则，可以扩展支持常见通知媒介，支持告警屏蔽/抑制/订阅/自愈、告警事件管理。
 - 高性能可视化引擎：支持多种图表样式，内置众多 Dashboard 模版，也可导入 Grafana 模版，开箱即用，开源协议商业友好。
 - 支持常见采集器：支持 [Categraf](https://flashcat.cloud/product/categraf)、Telegraf、Grafana-agent、Datadog-agent、各种 Exporter 作为采集器，没有什么数据是不能监控的。
- 一体化观测平台：从 V6 版本开始，支持对接 ElasticSearch、Jaeger 数据源，实现日志、链路、指标多维度的统一可观测。
 - 👀无缝搭配 [Flashduty](https://flashcat.cloud/product/flashcat-duty/)：实现告警聚合收敛、认领、升级、排班、IM集成，确保告警处理不遗漏，减少打扰，高效协同。


-## 功能演示
-![演示](https://fcpub-1301667576.cos.ap-nanjing.myqcloud.com/n9e/n9e-demo.gif)
+## 截图演示

-## 部署架构
-<p align=center>中心化部署</p>

-![中心化部署](https://fcpub-1301667576.cos.ap-nanjing.myqcloud.com/flashcat/images/blog/n9e-opensource-china/8.png)
+你可以在页面的右上角，切换语言和主题，目前我们支持英语、简体中文、繁体中文。

-<p align=center>多机房部署</p>
+![语言切换](https://download.flashcat.cloud/ulric/n9e-switch-i18n.png)
+
+即时查询，类似 Prometheus 内置的查询分析页面，做 ad-hoc 查询，夜莺做了一些 UI 优化，同时提供了一些内置 promql 指标，让不太了解 promql 的用户也可以快速查询。
+
+![即时查询](https://download.flashcat.cloud/ulric/20240513103305.png)
+
+当然，也可以直接通过指标视图查看，有了指标视图，即时查询基本可以不用了，或者只有高端玩家使用即时查询，普通用户直接通过指标视图查询即可。
+
+![指标视图](https://download.flashcat.cloud/ulric/20240513103530.png)
+
+夜莺内置了常用仪表盘，可以直接导入使用。也可以导入 Grafana 仪表盘，不过只能兼容 Grafana 基本图表，如果已经习惯了 Grafana 建议继续使用 Grafana 看图，把夜莺作为一个告警引擎使用。
+
+![内置仪表盘](https://download.flashcat.cloud/ulric/20240513103628.png)
+
+除了内置的仪表盘，也内置了很多告警规则，开箱即用。
+
+![内置告警规则](https://download.flashcat.cloud/ulric/20240513103825.png)
+
+
+
+## 产品架构
+
+社区使用夜莺最多的场景就是使用夜莺做告警引擎，对接多套时序库，统一告警规则管理。绘图仍然使用 Grafana 居多。作为一个告警引擎，夜莺的产品架构如下：
+
+![产品架构](https://download.flashcat.cloud/ulric/20240221152601.png)
+
+对于个别边缘机房，如果和中心夜莺服务端网络链路不好，希望提升告警可用性，我们也提供边缘机房告警引擎下沉部署模式，这个模式下，即便网络割裂，告警功能也不受影响。
+
+![边缘部署模式](https://download.flashcat.cloud/ulric/20240222102119.png)

-![多机房部署](https://fcpub-1301667576.cos.ap-nanjing.myqcloud.com/flashcat/images/blog/n9e-opensource-china/9.png)

 ## 交流渠道
 - 报告Bug，优先推荐提交[夜莺GitHub Issue](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Fbug&projects=&template=bug_report.yml)
 - 推荐完整浏览[夜莺文档站点](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale-v7/introduction/)，了解更多信息
 - 推荐搜索关注夜莺公众号，第一时间获取社区动态：`夜莺监控Nightingale`
- 日常答疑、技术分享、用户之间的交流，统一使用知识星球，大伙可以免费加入交流，[入口在这里](https://download.flashcat.cloud/ulric/20240319095409.png)
+- 日常问题交流：
+  - QQ群：730841964
+  - [加入微信群](https://download.flashcat.cloud/ulric/20240830175821.png)

 ## 广受关注
 [![Stargazers over time](https://api.star-history.com/svg?repos=ccfos/nightingale&type=Date)](https://star-history.com/#ccfos/nightingale&Date)


 ## 社区共建
- ❇️请阅读浏览[夜莺开源项目和社区治理架构草案](./doc/community-governance.md)，真诚欢迎每一位用户、开发者、公司以及组织，使用夜莺监控、积极反馈 Bug、提交功能需求、分享最佳实践，共建专业、活跃的夜莺开源社区。
- 夜莺贡献者❤️
+- ❇️ 请阅读浏览[夜莺开源项目和社区治理架构草案](./doc/community-governance.md)，真诚欢迎每一位用户、开发者、公司以及组织，使用夜莺监控、积极反馈 Bug、提交功能需求、分享最佳实践，共建专业、活跃的夜莺开源社区。
+- ❤️ 夜莺贡献者
 <a href="https://github.com/ccfos/nightingale/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=ccfos/nightingale" />
 </a>

 ## License
- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
+- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
--- a/README_en.md
+++ b/README_en.md
@@ -1,104 +1,113 @@
 <p align="center">
  <a href="https://github.com/ccfos/nightingale">
-    <img src="doc/img/Nightingale_L_V.png" alt="nightingale - cloud native monitoring" width="240" /></a>
+    <img src="doc/img/Nightingale_L_V.png" alt="nightingale - cloud native monitoring" width="100" /></a>
+</p>
+<p align="center">
+  <b>Open-source Alert Management Expert, an Integrated Observability Platform</b>
 </p>

 <p align="center">
-<img alt="GitHub latest release" src="https://img.shields.io/github/v/release/ccfos/nightingale"/>
-<a href="https://n9e.github.io">
+<a href="https://flashcat.cloud/docs/">
  <img alt="Docs" src="https://img.shields.io/badge/docs-get%20started-brightgreen"/></a>
 <a href="https://hub.docker.com/u/flashcatcloud">
  <img alt="Docker pulls" src="https://img.shields.io/docker/pulls/flashcatcloud/nightingale"/></a>
-<img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/ccfos/nightingale">
-<img alt="GitHub Repo issues" src="https://img.shields.io/github/issues/ccfos/nightingale">
-<img alt="GitHub Repo issues closed" src="https://img.shields.io/github/issues-closed/ccfos/nightingale">
-<img alt="GitHub forks" src="https://img.shields.io/github/forks/ccfos/nightingale">
 <a href="https://github.com/ccfos/nightingale/graphs/contributors">
  <img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/ccfos/nightingale"/></a>
+<img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/ccfos/nightingale">
+<img alt="GitHub forks" src="https://img.shields.io/github/forks/ccfos/nightingale">
+<br/><img alt="GitHub Repo issues" src="https://img.shields.io/github/issues/ccfos/nightingale">
+<img alt="GitHub Repo issues closed" src="https://img.shields.io/github/issues-closed/ccfos/nightingale">
+<img alt="GitHub latest release" src="https://img.shields.io/github/v/release/ccfos/nightingale"/>
+<img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-blue"/>
 <a href="https://n9e-talk.slack.com/">
  <img alt="GitHub contributors" src="https://img.shields.io/badge/join%20slack-%23n9e-brightgreen.svg"/></a>
-<img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-blue"/>
-</p>
-<p align="center">
-  An open-source cloud-native monitoring system that is <b>all-in-one</b> <br/>
-  <b>Out-of-the-box</b>, it integrates data collection, visualization, and monitoring alert <br/>
-  We recommend upgrading your <b>Prometheus + AlertManager + Grafana</b> combination to Nightingale!
 </p>

+
+
 [English](./README_en.md) | [中文](./README.md)

+## What is Nightingale

-## Highlighted Features
+Nightingale aims to combine the advantages of Prometheus and Grafana. It manages alert rules and visualizes metrics, logs, traces in a beautiful WebUI.

- **Out-of-the-box**
-  - Supports multiple deployment methods such as **Docker, Helm Chart, and cloud services**, integrates data collection, monitoring, and alerting into one system, and comes with various monitoring dashboards, quick views, and alert rule templates. **It greatly reduces the construction cost, learning cost, and usage cost of cloud-native monitoring systems**.
- **Professional Alerting**
-  - Provides visual alert configuration and management, supports various alert rules, offers the ability to configure silence and subscription rules, supports multiple alert delivery channels, and has features such as alert self-healing and event management.
- **Cloud-Native**
-  - Quickly builds an enterprise-level cloud-native monitoring system through a turnkey approach, supports multiple collectors such as [Categraf](https://github.com/flashcatcloud/categraf), Telegraf, and Grafana-agent, supports multiple data sources such as Prometheus, VictoriaMetrics, M3DB, ElasticSearch, and Jaeger, and is compatible with importing Grafana dashboards. **It seamlessly integrates with the cloud-native ecosystem**.
- **High Performance and High Availability**
-  - Due to the multi-data-source management engine of Nightingale and its excellent architecture design, and utilizing a high-performance time-series database, it can handle data collection, storage, and alert analysis scenarios with billions of time-series data, saving a lot of costs.
-  - Nightingale components can be horizontally scaled with no single point of failure. It has been deployed in thousands of enterprises and tested in harsh production practices. Many leading Internet companies have used Nightingale for cluster machines with hundreds of nodes, processing billions of time-series data.
- **Flexible Extension and Centralized Management**
-  - Nightingale can be deployed on a 1-core 1G cloud host, deployed in a cluster of hundreds of machines, or run in Kubernetes. Time-series databases, alert engines, and other components can also be decentralized to various data centers and regions, balancing edge deployment with centralized management. **It solves the problem of data fragmentation and lack of unified views**.
+Originally developed and open-sourced by Didi, Nightingale was donated to the China Computer Federation Open Source Development Committee (CCF ODC) on May 11, 2022, becoming the first open-source project accepted by the CCF ODC after its establishment. 


-#### If you are using Prometheus and have one or more of the following requirement scenarios, it is recommended that you upgrade to Nightingale:
+## Quick Start

- Multiple systems such as Prometheus, Alertmanager, Grafana, etc. are fragmented and lack a unified view and cannot be used out of the box;
- The way to manage Prometheus and Alertmanager by modifying configuration files has a big learning curve and is difficult to collaborate;
- Too much data to scale-up your Prometheus cluster;
- Multiple Prometheus clusters running in production environments, which faced high management and usage costs;
+- 👉 [Documentation](https://flashcat.cloud/docs/) | [Download](https://flashcat.cloud/download/nightingale/)
+- ❤️ [Report a Bug](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=&projects=&template=question.yml)
+- ℹ️ For faster access, the above documentation and download sites are hosted on [FlashcatCloud](https://flashcat.cloud).

-#### If you are using Zabbix and have the following scenarios, it is recommended that you upgrade to Nightingale:
+## Features

- Monitoring too much data and wanting a better scalable solution;
- A high learning curve and a desire for better efficiency of collaborative use in a multi-person, multi-team model;
- Microservice and cloud-native architectures with variable monitoring data lifecycles and high monitoring data dimension bases, which are not easily adaptable to the Zabbix data model;
+- **Integration with Multiple Time-Series Databases:** Supports integration with various time-series databases such as Prometheus, VictoriaMetrics, Thanos, Mimir, M3DB, and TDengine, enabling unified alert management.
+- **Advanced Alerting Capabilities:** Comes with built-in support for multiple alerting rules, extensible to common notification channels. It also supports alert suppression, silencing, subscription, self-healing, and alert event management.
+- **High-Performance Visualization Engine:** Offers various chart styles with numerous built-in dashboard templates and the ability to import Grafana templates. Ready to use with a business-friendly open-source license.
+- **Support for Common Collectors:** Compatible with [Categraf](https://flashcat.cloud/product/categraf), Telegraf, Grafana-agent, Datadog-agent, and various exporters as collectors—there's no data that can't be monitored.
+- **Seamless Integration with [Flashduty](https://flashcat.cloud/product/flashcat-duty/):** Enables alert aggregation, acknowledgment, escalation, scheduling, and IM integration, ensuring no alerts are missed, reducing unnecessary interruptions, and enhancing efficient collaboration.


-#### If you are using [open-falcon](https://github.com/open-falcon/falcon-plus), we recommend you to upgrade to Nightingale：
- For more information about open-falcon and Nightingale, please refer to read [Ten features and trends of cloud-native monitoring](https://mp.weixin.qq.com/s?__biz=MzkzNjI5OTM5Nw==&mid=2247483738&idx=1&sn=e8bdbb974a2cd003c1abcc2b5405dd18&chksm=c2a19fb0f5d616a63185cd79277a79a6b80118ef2185890d0683d2bb20451bd9303c78d083c5#rd)。
-
-## Getting Started
-
-[https://n9e.github.io/](https://n9e.github.io/)
-
 ## Screenshots

-https://user-images.githubusercontent.com/792850/216888712-2565fcea-9df5-47bd-a49e-d60af9bd76e8.mp4
+You can switch languages and themes in the top right corner. We now support English, Simplified Chinese, and Traditional Chinese. 
+
+![18n switch](https://download.flashcat.cloud/ulric/n9e-switch-i18n.png)
+
+### Instant Query
+
+Similar to the built-in query analysis page in Prometheus, Nightingale offers an ad-hoc query feature with UI enhancements. It also provides built-in PromQL metrics, allowing users unfamiliar with PromQL to quickly perform queries.
+
+![Instant Query](https://download.flashcat.cloud/ulric/20240513103305.png)
+
+### Metric View
+
+Alternatively, you can use the Metric View to access data. With this feature, Instant Query becomes less necessary, as it caters more to advanced users. Regular users can easily perform queries using the Metric View.
+
+![Metric View](https://download.flashcat.cloud/ulric/20240513103530.png)
+
+### Built-in Dashboards
+
+Nightingale includes commonly used dashboards that can be imported and used directly. You can also import Grafana dashboards, although compatibility is limited to basic Grafana charts. If you’re accustomed to Grafana, it’s recommended to continue using it for visualization, with Nightingale serving as an alerting engine.
+
+![Built-in Dashboards](https://download.flashcat.cloud/ulric/20240513103628.png)
+
+### Built-in Alert Rules
+
+In addition to the built-in dashboards, Nightingale also comes with numerous alert rules that are ready to use out of the box.
+
+![Built-in Alert Rules](https://download.flashcat.cloud/ulric/20240513103825.png)
+
+

 ## Architecture

-<img src="doc/img/arch-product.png" width="600">
+In most community scenarios, Nightingale is primarily used as an alert engine, integrating with multiple time-series databases to unify alert rule management. Grafana remains the preferred tool for visualization. As an alert engine, the product architecture of Nightingale is as follows:

-Nightingale monitoring can receive monitoring data reported by various collectors (such as [Categraf](https://github.com/flashcatcloud/categraf) , telegraf, grafana-agent, Prometheus, etc.) and write them to various popular time-series databases (such as Prometheus, M3DB, VictoriaMetrics, Thanos, TDEngine, etc.). It provides configuration capabilities for alert rules, silence rules, and subscription rules, as well as the ability to view monitoring data. It also provides automatic alarm self-healing mechanisms (such as automatically calling back to a webhook address or executing a script after an alarm is triggered), and the ability to store and manage historical alarm events and view them in groups.
+![Product Architecture](https://download.flashcat.cloud/ulric/20240221152601.png)

-If the performance of a standalone time-series database (such as Prometheus) has bottlenecks or poor disaster recovery, we recommend using [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics). The VictoriaMetrics architecture is relatively simple, has excellent performance, and is easy to deploy and maintain. The architecture diagram is as shown above. For more detailed documentation on VictoriaMetrics, please refer to its [official website](https://victoriametrics.com/).
+For certain edge data centers with poor network connectivity to the central Nightingale server, we offer a distributed deployment mode for the alert engine. In this mode, even if the network is disconnected, the alerting functionality remains unaffected.

-**We welcome you to participate in the Nightingale open-source project and community in various ways, including but not limited to**：
- Adding and improving documentation => [n9e.github.io](https://n9e.github.io/)
- Sharing your best practices and experience in using Nightingale monitoring => [Article sharing]((https://n9e.github.io/docs/prologue/share/))
- Submitting product suggestions => [github issue](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Ffeature&template=enhancement.md)
- Submitting code to make Nightingale monitoring faster, more stable, and easier to use => [github pull request](https://github.com/didi/nightingale/pulls)
+![Edge Deployment Mode](https://download.flashcat.cloud/ulric/20240222102119.png)


-**Respecting, recognizing, and recording the work of every contributor** is the first guiding principle of the Nightingale open-source community. We advocate effective questioning, which not only respects the developer's time but also contributes to the accumulation of knowledge in the entire community
- Before asking a question, please first refer to the [FAQ](https://www.gitlink.org.cn/ccfos/nightingale/wiki/faq) 
- We use [GitHub Discussions](https://github.com/ccfos/nightingale/discussions) as the communication forum. You can search and ask questions here.
- We also recommend that you join ours [Slack channel](https://n9e-talk.slack.com/) to exchange experiences with other Nightingale users.
+## Communication Channels

-
-## Who is using Nightingale
-You can register your usage and share your experience by posting on **[Who is Using Nightingale](https://github.com/ccfos/nightingale/issues/897)**.
+- **Report Bugs:** It is highly recommended to submit issues via the [Nightingale GitHub Issue tracker](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Fbug&projects=&template=bug_report.yml).
+- **Documentation:** For more information, we recommend thoroughly browsing the [Nightingale Documentation Site](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale-v7/introduction/).

 ## Stargazers over time
-[![Stargazers over time](https://starchart.cc/ccfos/nightingale.svg)](https://starchart.cc/ccfos/nightingale)

-## Contributors
+[![Stargazers over time](https://api.star-history.com/svg?repos=ccfos/nightingale&type=Date)](https://star-history.com/#ccfos/nightingale&Date)
+
+## Community Co-Building
+
+- ❇️ Please read the [Nightingale Open Source Project and Community Governance Draft](./doc/community-governance.md). We sincerely welcome every user, developer, company, and organization to use Nightingale, actively report bugs, submit feature requests, share best practices, and help build a professional and active open-source community.
+-  ❤️ Nightingale Contributors
 <a href="https://github.com/ccfos/nightingale/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=ccfos/nightingale" />
 </a>

 ## License
-[Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
+- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
--- a/alert/aconf/conf.go
+++ b/alert/aconf/conf.go
@@ -32,6 +32,7 @@ type Alerting struct {
 	Timeout           int64
 	TemplatesDir      string
 	NotifyConcurrency int
+	WebhookBatchSend  bool
 }

 type CallPlugin struct {
@@ -46,13 +47,6 @@ type RedisPub struct {
 	ChannelKey    string
 }

-type Ibex struct {
-	Address       string
-	BasicAuthUser string
-	BasicAuthPass string
-	Timeout       int64
-}
-
 func (a *Alert) PreCheck(configDir string) {
 	if a.Alerting.TemplatesDir == "" {
 		a.Alerting.TemplatesDir = path.Join(configDir, "template")
--- a/alert/alert.go
+++ b/alert/alert.go
@@ -24,7 +24,10 @@ import (
 	"github.com/ccfos/nightingale/v6/prom"
 	"github.com/ccfos/nightingale/v6/pushgw/pconf"
 	"github.com/ccfos/nightingale/v6/pushgw/writer"
+	"github.com/ccfos/nightingale/v6/storage"
 	"github.com/ccfos/nightingale/v6/tdengine"
+
+	"github.com/flashcatcloud/ibex/src/cmd/ibex"
 )

 func Initialize(configDir string, cryptoKey string) (func(), error) {
@@ -40,11 +43,17 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {

 	ctx := ctx.NewContext(context.Background(), nil, false, config.CenterApi)

+	var redis storage.Redis
+	redis, err = storage.NewRedis(config.Redis)
+	if err != nil {
+		return nil, err
+	}
+
 	syncStats := memsto.NewSyncStats()
 	alertStats := astats.NewSyncStats()

 	configCache := memsto.NewConfigCache(ctx, syncStats, nil, "")
-	targetCache := memsto.NewTargetCache(ctx, syncStats, nil)
+	targetCache := memsto.NewTargetCache(ctx, syncStats, redis)
 	busiGroupCache := memsto.NewBusiGroupCache(ctx, syncStats)
 	alertMuteCache := memsto.NewAlertMuteCache(ctx, syncStats)
 	alertRuleCache := memsto.NewAlertRuleCache(ctx, syncStats)
@@ -52,16 +61,22 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	dsCache := memsto.NewDatasourceCache(ctx, syncStats)
 	userCache := memsto.NewUserCache(ctx, syncStats)
 	userGroupCache := memsto.NewUserGroupCache(ctx, syncStats)
+	taskTplsCache := memsto.NewTaskTplCache(ctx)

 	promClients := prom.NewPromClient(ctx)
 	tdengineClients := tdengine.NewTdengineClient(ctx, config.Alert.Heartbeat)

 	externalProcessors := process.NewExternalProcessors()

-	Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, dsCache, ctx, promClients, tdengineClients, userCache, userGroupCache)
+	Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, tdengineClients, userCache, userGroupCache)

 	r := httpx.GinEngine(config.Global.RunMode, config.HTTP)
 	rt := router.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors)
+
+	if config.Ibex.Enable {
+		ibex.ServerStart(false, nil, redis, config.HTTP.APIForService.BasicAuth, config.Alert.Heartbeat, &config.CenterApi, r, nil, config.Ibex, config.HTTP.Port)
+	}
+
 	rt.Config(r)
 	dumper.ConfigRouter(r)

@@ -74,7 +89,7 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 }

 func Start(alertc aconf.Alert, pushgwc pconf.Pushgw, syncStats *memsto.Stats, alertStats *astats.Stats, externalProcessors *process.ExternalProcessorsType, targetCache *memsto.TargetCacheType, busiGroupCache *memsto.BusiGroupCacheType,
-	alertMuteCache *memsto.AlertMuteCacheType, alertRuleCache *memsto.AlertRuleCacheType, notifyConfigCache *memsto.NotifyConfigCacheType, datasourceCache *memsto.DatasourceCacheType, ctx *ctx.Context,
+	alertMuteCache *memsto.AlertMuteCacheType, alertRuleCache *memsto.AlertRuleCacheType, notifyConfigCache *memsto.NotifyConfigCacheType, taskTplsCache *memsto.TaskTplCache, datasourceCache *memsto.DatasourceCacheType, ctx *ctx.Context,
 	promClients *prom.PromClientMap, tdendgineClients *tdengine.TdengineClientMap, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType) {
 	alertSubscribeCache := memsto.NewAlertSubscribeCache(ctx, syncStats)
 	recordingRuleCache := memsto.NewRecordingRuleCache(ctx, syncStats)
@@ -90,12 +105,12 @@ func Start(alertc aconf.Alert, pushgwc pconf.Pushgw, syncStats *memsto.Stats, al
 	eval.NewScheduler(alertc, externalProcessors, alertRuleCache, targetCache, targetsOfAlertRulesCache,
 		busiGroupCache, alertMuteCache, datasourceCache, promClients, tdendgineClients, naming, ctx, alertStats)

-	dp := dispatch.NewDispatch(alertRuleCache, userCache, userGroupCache, alertSubscribeCache, targetCache, notifyConfigCache, alertc.Alerting, ctx, alertStats)
-	consumer := dispatch.NewConsumer(alertc.Alerting, ctx, dp)
+	dp := dispatch.NewDispatch(alertRuleCache, userCache, userGroupCache, alertSubscribeCache, targetCache, notifyConfigCache, taskTplsCache, alertc.Alerting, ctx, alertStats)
+	consumer := dispatch.NewConsumer(alertc.Alerting, ctx, dp, promClients)

 	go dp.ReloadTpls()
 	go consumer.LoopConsume()

 	go queue.ReportQueueSize(alertStats)
-	go sender.InitEmailSender(notifyConfigCache)
+	go sender.InitEmailSender(ctx, notifyConfigCache)
 }
--- a/alert/common/key.go
+++ b/alert/common/key.go
@@ -2,6 +2,7 @@ package common

 import (
 	"fmt"
+	"strings"

 	"github.com/ccfos/nightingale/v6/models"
 )
@@ -34,9 +35,9 @@ func MatchGroupsName(groupName string, groupFilter []models.TagFilter) bool {
 func matchTag(value string, filter models.TagFilter) bool {
 	switch filter.Func {
 	case "==":
-		return filter.Value == value
+		return strings.TrimSpace(filter.Value) == strings.TrimSpace(value)
 	case "!=":
-		return filter.Value != value
+		return strings.TrimSpace(filter.Value) != strings.TrimSpace(value)
 	case "in":
 		_, has := filter.Vset[value]
 		return has
--- a/alert/dispatch/consume.go
+++ b/alert/dispatch/consume.go
@@ -1,14 +1,19 @@
 package dispatch

 import (
+	"encoding/json"
 	"fmt"
+	"strings"
 	"time"

 	"github.com/ccfos/nightingale/v6/alert/aconf"
+	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/alert/queue"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/poster"
+	promsdk "github.com/ccfos/nightingale/v6/pkg/prom"
+	"github.com/ccfos/nightingale/v6/prom"

 	"github.com/toolkits/pkg/concurrent/semaphore"
 	"github.com/toolkits/pkg/logger"
@@ -18,15 +23,17 @@ type Consumer struct {
 	alerting aconf.Alerting
 	ctx      *ctx.Context

-	dispatch *Dispatch
+	dispatch    *Dispatch
+	promClients *prom.PromClientMap
 }

 // 创建一个 Consumer 实例
-func NewConsumer(alerting aconf.Alerting, ctx *ctx.Context, dispatch *Dispatch) *Consumer {
+func NewConsumer(alerting aconf.Alerting, ctx *ctx.Context, dispatch *Dispatch, promClients *prom.PromClientMap) *Consumer {
 	return &Consumer{
-		alerting: alerting,
-		ctx:      ctx,
-		dispatch: dispatch,
+		alerting:    alerting,
+		ctx:         ctx,
+		dispatch:    dispatch,
+		promClients: promClients,
 	}
 }

@@ -73,17 +80,19 @@ func (e *Consumer) consumeOne(event *models.AlertCurEvent) {
 		event.RuleName = fmt.Sprintf("failed to parse rule name: %v", err)
 	}

-	if err := event.ParseRule("rule_note"); err != nil {
-		logger.Warningf("ruleid:%d failed to parse rule note: %v", event.RuleId, err)
-		event.RuleNote = fmt.Sprintf("failed to parse rule note: %v", err)
-	}
-
 	if err := event.ParseRule("annotations"); err != nil {
 		logger.Warningf("ruleid:%d failed to parse annotations: %v", event.RuleId, err)
 		event.Annotations = fmt.Sprintf("failed to parse annotations: %v", err)
 		event.AnnotationsJSON["error"] = event.Annotations
 	}

+	e.queryRecoveryVal(event)
+
+	if err := event.ParseRule("rule_note"); err != nil {
+		logger.Warningf("ruleid:%d failed to parse rule note: %v", event.RuleId, err)
+		event.RuleNote = fmt.Sprintf("failed to parse rule note: %v", err)
+	}
+
 	e.persist(event)

 	if event.IsRecovered && event.NotifyRecovered == 0 {
@@ -115,3 +124,68 @@ func (e *Consumer) persist(event *models.AlertCurEvent) {
 		e.dispatch.Astats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", event.DatasourceId), "persist_event").Inc()
 	}
 }
+
+func (e *Consumer) queryRecoveryVal(event *models.AlertCurEvent) {
+	if !event.IsRecovered {
+		return
+	}
+
+	// If the event is a recovery event, execute the recovery_promql query
+	promql, ok := event.AnnotationsJSON["recovery_promql"]
+	if !ok {
+		return
+	}
+
+	promql = strings.TrimSpace(promql)
+	if promql == "" {
+		logger.Warningf("rule_eval:%s promql is blank", getKey(event))
+		return
+	}
+
+	if e.promClients.IsNil(event.DatasourceId) {
+		logger.Warningf("rule_eval:%s error reader client is nil", getKey(event))
+		return
+	}
+
+	readerClient := e.promClients.GetCli(event.DatasourceId)
+
+	var warnings promsdk.Warnings
+	value, warnings, err := readerClient.Query(e.ctx.Ctx, promql, time.Now())
+	if err != nil {
+		logger.Errorf("rule_eval:%s promql:%s, error:%v", getKey(event), promql, err)
+		event.AnnotationsJSON["recovery_promql_error"] = fmt.Sprintf("promql:%s error:%v", promql, err)
+
+		b, err := json.Marshal(event.AnnotationsJSON)
+		if err != nil {
+			event.AnnotationsJSON = make(map[string]string)
+			event.AnnotationsJSON["error"] = fmt.Sprintf("failed to parse annotations: %v", err)
+		} else {
+			event.Annotations = string(b)
+		}
+		return
+	}
+
+	if len(warnings) > 0 {
+		logger.Errorf("rule_eval:%s promql:%s, warnings:%v", getKey(event), promql, warnings)
+	}
+
+	anomalyPoints := common.ConvertAnomalyPoints(value)
+	if len(anomalyPoints) == 0 {
+		logger.Warningf("rule_eval:%s promql:%s, result is empty", getKey(event), promql)
+		event.AnnotationsJSON["recovery_promql_error"] = fmt.Sprintf("promql:%s error:%s", promql, "result is empty")
+	} else {
+		event.AnnotationsJSON["recovery_value"] = fmt.Sprintf("%v", anomalyPoints[0].Value)
+	}
+
+	b, err := json.Marshal(event.AnnotationsJSON)
+	if err != nil {
+		event.AnnotationsJSON = make(map[string]string)
+		event.AnnotationsJSON["error"] = fmt.Sprintf("failed to parse annotations: %v", err)
+	} else {
+		event.Annotations = string(b)
+	}
+}
+
+func getKey(event *models.AlertCurEvent) string {
+	return common.RuleKey(event.DatasourceId, event.RuleId)
+}
--- a/alert/dispatch/dispatch.go
+++ b/alert/dispatch/dispatch.go
@@ -4,7 +4,9 @@ import (
 	"bytes"
 	"encoding/json"
 	"html/template"
+	"net/url"
 	"strconv"
+	"strings"
 	"sync"
 	"time"

@@ -26,10 +28,12 @@ type Dispatch struct {
 	alertSubscribeCache *memsto.AlertSubscribeCacheType
 	targetCache         *memsto.TargetCacheType
 	notifyConfigCache   *memsto.NotifyConfigCacheType
+	taskTplsCache       *memsto.TaskTplCache

 	alerting aconf.Alerting

 	Senders          map[string]sender.Sender
+	CallBacks        map[string]sender.CallBacker
 	tpls             map[string]*template.Template
 	ExtraSenders     map[string]sender.Sender
 	BeforeSenderHook func(*models.AlertCurEvent) bool
@@ -43,7 +47,7 @@ type Dispatch struct {
 // 创建一个 Notify 实例
 func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType,
 	alertSubscribeCache *memsto.AlertSubscribeCacheType, targetCache *memsto.TargetCacheType, notifyConfigCache *memsto.NotifyConfigCacheType,
-	alerting aconf.Alerting, ctx *ctx.Context, astats *astats.Stats) *Dispatch {
+	taskTplsCache *memsto.TaskTplCache, alerting aconf.Alerting, ctx *ctx.Context, astats *astats.Stats) *Dispatch {
 	notify := &Dispatch{
 		alertRuleCache:      alertRuleCache,
 		userCache:           userCache,
@@ -51,6 +55,7 @@ func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.Us
 		alertSubscribeCache: alertSubscribeCache,
 		targetCache:         targetCache,
 		notifyConfigCache:   notifyConfigCache,
+		taskTplsCache:       taskTplsCache,

 		alerting: alerting,

@@ -95,6 +100,21 @@ func (e *Dispatch) relaodTpls() error {
 		models.Mm:         sender.NewSender(models.Mm, tmpTpls),
 		models.Telegram:   sender.NewSender(models.Telegram, tmpTpls),
 		models.FeishuCard: sender.NewSender(models.FeishuCard, tmpTpls),
+		models.Lark:       sender.NewSender(models.Lark, tmpTpls),
+		models.LarkCard:   sender.NewSender(models.LarkCard, tmpTpls),
+	}
+
+	// domain -> Callback()
+	callbacks := map[string]sender.CallBacker{
+		models.DingtalkDomain:   sender.NewCallBacker(models.DingtalkDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.WecomDomain:      sender.NewCallBacker(models.WecomDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.FeishuDomain:     sender.NewCallBacker(models.FeishuDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.TelegramDomain:   sender.NewCallBacker(models.TelegramDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.FeishuCardDomain: sender.NewCallBacker(models.FeishuCardDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.IbexDomain:       sender.NewCallBacker(models.IbexDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.LarkDomain:       sender.NewCallBacker(models.LarkDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.DefaultDomain:    sender.NewCallBacker(models.DefaultDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
+		models.LarkCardDomain:   sender.NewCallBacker(models.LarkCardDomain, e.targetCache, e.userCache, e.taskTplsCache, tmpTpls),
 	}

 	e.RwLock.RLock()
@@ -106,6 +126,7 @@ func (e *Dispatch) relaodTpls() error {
 	e.RwLock.Lock()
 	e.tpls = tmpTpls
 	e.Senders = senders
+	e.CallBacks = callbacks
 	e.RwLock.Unlock()
 	return nil
 }
@@ -146,7 +167,7 @@ func (e *Dispatch) HandleEventNotify(event *models.AlertCurEvent, isSubscribe bo
 	}

 	// 处理事件发送,这里用一个goroutine处理一个event的所有发送事件
-	go e.Send(rule, event, notifyTarget)
+	go e.Send(rule, event, notifyTarget, isSubscribe)

 	// 如果是不是订阅规则出现的event, 则需要处理订阅规则的event
 	if !isSubscribe {
@@ -217,11 +238,12 @@ func (e *Dispatch) handleSub(sub *models.AlertSubscribe, event models.AlertCurEv
 	e.HandleEventNotify(&event, true)
 }

-func (e *Dispatch) Send(rule *models.AlertRule, event *models.AlertCurEvent, notifyTarget *NotifyTarget) {
+func (e *Dispatch) Send(rule *models.AlertRule, event *models.AlertCurEvent, notifyTarget *NotifyTarget, isSubscribe bool) {
 	needSend := e.BeforeSenderHook(event)
 	if needSend {
 		for channel, uids := range notifyTarget.ToChannelUserMap() {
-			msgCtx := sender.BuildMessageContext(rule, []*models.AlertCurEvent{event}, uids, e.userCache, e.Astats)
+			msgCtx := sender.BuildMessageContext(e.ctx, rule, []*models.AlertCurEvent{event},
+				uids, e.userCache, e.Astats)
 			e.RwLock.RLock()
 			s := e.Senders[channel]
 			e.RwLock.RUnlock()
@@ -241,13 +263,94 @@ func (e *Dispatch) Send(rule *models.AlertRule, event *models.AlertCurEvent, not
 	}

 	// handle event callbacks
-	sender.SendCallbacks(e.ctx, notifyTarget.ToCallbackList(), event, e.targetCache, e.userCache, e.notifyConfigCache.GetIbex(), e.Astats)
+	e.SendCallbacks(rule, notifyTarget, event)

 	// handle global webhooks
-	sender.SendWebhooks(notifyTarget.ToWebhookList(), event, e.Astats)
+	if e.alerting.WebhookBatchSend {
+		sender.BatchSendWebhooks(e.ctx, notifyTarget.ToWebhookList(), event, e.Astats)
+	} else {
+		sender.SingleSendWebhooks(e.ctx, notifyTarget.ToWebhookList(), event, e.Astats)
+	}

 	// handle plugin call
-	go sender.MayPluginNotify(e.genNoticeBytes(event), e.notifyConfigCache.GetNotifyScript(), e.Astats)
+	go sender.MayPluginNotify(e.ctx, e.genNoticeBytes(event), e.notifyConfigCache.
+		GetNotifyScript(), e.Astats, event)
+
+	if !isSubscribe {
+		// handle ibex callbacks
+		e.HandleIbex(rule, event)
+	}
+}
+
+func (e *Dispatch) SendCallbacks(rule *models.AlertRule, notifyTarget *NotifyTarget, event *models.AlertCurEvent) {
+
+	uids := notifyTarget.ToUidList()
+	urls := notifyTarget.ToCallbackList()
+	for _, urlStr := range urls {
+		if len(urlStr) == 0 {
+			continue
+		}
+
+		cbCtx := sender.BuildCallBackContext(e.ctx, urlStr, rule, []*models.AlertCurEvent{event}, uids, e.userCache, e.alerting.WebhookBatchSend, e.Astats)
+
+		if strings.HasPrefix(urlStr, "${ibex}") {
+			e.CallBacks[models.IbexDomain].CallBack(cbCtx)
+			continue
+		}
+
+		if !(strings.HasPrefix(urlStr, "http://") || strings.HasPrefix(urlStr, "https://")) {
+			cbCtx.CallBackURL = "http://" + urlStr
+		}
+
+		parsedURL, err := url.Parse(urlStr)
+		if err != nil {
+			logger.Errorf("SendCallbacks: failed to url.Parse(urlStr=%s): %v", urlStr, err)
+			continue
+		}
+
+		// process feishu card
+		if parsedURL.Host == models.FeishuDomain && parsedURL.Query().Get("card") == "1" {
+			e.CallBacks[models.FeishuCardDomain].CallBack(cbCtx)
+			continue
+		}
+
+		// process lark card
+		if parsedURL.Host == models.LarkDomain && parsedURL.Query().Get("card") == "1" {
+			e.CallBacks[models.LarkCardDomain].CallBack(cbCtx)
+			continue
+		}
+
+		callBacker, ok := e.CallBacks[parsedURL.Host]
+		if ok {
+			callBacker.CallBack(cbCtx)
+		} else {
+			e.CallBacks[models.DefaultDomain].CallBack(cbCtx)
+		}
+	}
+}
+
+func (e *Dispatch) HandleIbex(rule *models.AlertRule, event *models.AlertCurEvent) {
+	// 解析 RuleConfig 字段
+	var ruleConfig struct {
+		TaskTpls []*models.Tpl `json:"task_tpls"`
+	}
+	json.Unmarshal([]byte(rule.RuleConfig), &ruleConfig)
+
+	for _, t := range ruleConfig.TaskTpls {
+		if t.TplId == 0 {
+			continue
+		}
+
+		if len(t.Host) == 0 {
+			sender.CallIbex(e.ctx, t.TplId, event.TargetIdent,
+				e.taskTplsCache, e.targetCache, e.userCache, event)
+			continue
+		}
+		for _, host := range t.Host {
+			sender.CallIbex(e.ctx, t.TplId, host,
+				e.taskTplsCache, e.targetCache, e.userCache, event)
+		}
+	}
 }

 type Notice struct {
--- a/alert/dispatch/notify_target.go
+++ b/alert/dispatch/notify_target.go
@@ -79,11 +79,35 @@ func (s *NotifyTarget) ToCallbackList() []string {
 func (s *NotifyTarget) ToWebhookList() []*models.Webhook {
 	webhooks := make([]*models.Webhook, 0, len(s.webhooks))
 	for _, wh := range s.webhooks {
+		if wh.Batch == 0 {
+			wh.Batch = 1000
+		}
+
+		if wh.Timeout == 0 {
+			wh.Timeout = 10
+		}
+
+		if wh.RetryCount == 0 {
+			wh.RetryCount = 10
+		}
+
+		if wh.RetryInterval == 0 {
+			wh.RetryInterval = 10
+		}
+
 		webhooks = append(webhooks, wh)
 	}
 	return webhooks
 }

+func (s *NotifyTarget) ToUidList() []int64 {
+	uids := make([]int64, len(s.userMap))
+	for uid, _ := range s.userMap {
+		uids = append(uids, uid)
+	}
+	return uids
+}
+
 // Dispatch 抽象由告警事件到信息接收者的路由策略
 // rule: 告警规则
 // event: 告警事件
--- a/alert/eval/eval.go
+++ b/alert/eval/eval.go
@@ -46,6 +46,14 @@ const (
 	QUERY_DATA      = "query_data"
 )

+type JoinType string
+
+const (
+	Left  JoinType = "left"
+	Right JoinType = "right"
+	Inner JoinType = "inner"
+)
+
 func NewAlertRuleWorker(rule *models.AlertRule, datasourceId int64, processor *process.Processor, promClients *prom.PromClientMap, tdengineClients *tdengine.TdengineClientMap, ctx *ctx.Context) *AlertRuleWorker {
 	arw := &AlertRuleWorker{
 		datasourceId: datasourceId,
@@ -128,10 +136,40 @@ func (arw *AlertRuleWorker) Eval() {
 		return
 	}

-	for _, point := range recoverPoints {
-		str := fmt.Sprintf("%v", point.Value)
-		arw.processor.RecoverSingle(process.Hash(cachedRule.Id, arw.processor.DatasourceId(), point), point.Timestamp, &str)
+	if arw.inhibit {
+		pointsMap := make(map[string]common.AnomalyPoint)
+		for _, point := range recoverPoints {
+			// 对于恢复的事件，合并处理
+			tagHash := process.TagHash(point)
+
+			p, exists := pointsMap[tagHash]
+			if !exists {
+				pointsMap[tagHash] = point
+				continue
+			}
+
+			if p.Severity > point.Severity {
+				hash := process.Hash(cachedRule.Id, arw.processor.DatasourceId(), p)
+				arw.processor.DeleteProcessEvent(hash)
+				models.AlertCurEventDelByHash(arw.ctx, hash)
+
+				pointsMap[tagHash] = point
+			}
+		}
+
+		now := time.Now().Unix()
+		for _, point := range pointsMap {
+			str := fmt.Sprintf("%v", point.Value)
+			arw.processor.RecoverSingle(process.Hash(cachedRule.Id, arw.processor.DatasourceId(), point), now, &str)
+		}
+	} else {
+		now := time.Now().Unix()
+		for _, point := range recoverPoints {
+			str := fmt.Sprintf("%v", point.Value)
+			arw.processor.RecoverSingle(process.Hash(cachedRule.Id, arw.processor.DatasourceId(), point), now, &str)
+		}
 	}
+
 	arw.processor.Handle(anomalyPoints, "inner", arw.inhibit)
 }

@@ -192,7 +230,6 @@ func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) []common.Anom
 			logger.Errorf("rule_eval:%s promql:%s, warnings:%v", arw.Key(), promql, warnings)
 			arw.processor.Stats.CounterQueryDataErrorTotal.WithLabelValues(fmt.Sprintf("%d", arw.datasourceId)).Inc()
 			arw.processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.processor.DatasourceId()), QUERY_DATA).Inc()
-			continue
 		}

 		logger.Debugf("rule_eval:%s query:%+v, value:%v", arw.Key(), query, value)
@@ -229,9 +266,12 @@ func (arw *AlertRuleWorker) GetTdengineAnomalyPoint(rule *models.AlertRule, dsId
 	arw.inhibit = ruleQuery.Inhibit
 	if len(ruleQuery.Queries) > 0 {
 		seriesStore := make(map[uint64]models.DataResp)
-		seriesTagIndex := make(map[uint64][]uint64)
+		// 将不同查询的 hash 索引分组存放
+		seriesTagIndexes := make([]map[uint64][]uint64, 0)

 		for _, query := range ruleQuery.Queries {
+			seriesTagIndex := make(map[uint64][]uint64)
+
 			arw.processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.datasourceId)).Inc()
 			cli := arw.tdengineClients.GetCli(dsId)
 			if cli == nil {
@@ -249,13 +289,13 @@ func (arw *AlertRuleWorker) GetTdengineAnomalyPoint(rule *models.AlertRule, dsId
 				arw.processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.processor.DatasourceId()), QUERY_DATA).Inc()
 				continue
 			}
-
 			//  此条日志很重要，是告警判断的现场值
 			logger.Debugf("rule_eval rid:%d req:%+v resp:%+v", rule.Id, query, series)
 			MakeSeriesMap(series, seriesTagIndex, seriesStore)
+			seriesTagIndexes = append(seriesTagIndexes, seriesTagIndex)
 		}

-		points, recoverPoints = GetAnomalyPoint(rule.Id, ruleQuery, seriesTagIndex, seriesStore)
+		points, recoverPoints = GetAnomalyPoint(rule.Id, ruleQuery, seriesTagIndexes, seriesStore)
 	}

 	return points, recoverPoints
@@ -319,7 +359,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) []common.Anom
 					missTargets = append(missTargets, ident)
 				}
 			}
-
+			logger.Debugf("rule_eval:%s missTargets:%v", arw.Key(), missTargets)
 			targets := arw.processor.TargetCache.Gets(missTargets)
 			for _, target := range targets {
 				m := make(map[string]string)
@@ -357,7 +397,6 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) []common.Anom
 					// means this target is not collect by categraf, do not check offset
 					continue
 				}
-
 				if target, exists := targetMap[ident]; exists {
 					if now-target.UpdateAt > 120 {
 						// means this target is not a active host, do not check offset
@@ -371,6 +410,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) []common.Anom
 				}
 			}

+			logger.Debugf("rule_eval:%s offsetIdents:%v", arw.Key(), offsetIdents)
 			for host, offset := range offsetIdents {
 				m := make(map[string]string)
 				target, exists := arw.processor.TargetCache.Get(host)
@@ -405,7 +445,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) []common.Anom
 					missTargets = append(missTargets, ident)
 				}
 			}
-
+			logger.Debugf("rule_eval:%s missTargets:%v", arw.Key(), missTargets)
 			pct := float64(len(missTargets)) / float64(len(idents)) * 100
 			if pct >= float64(trigger.Percent) {
 				lst = append(lst, common.NewAnomalyPoint(trigger.Type, nil, now, pct, trigger.Severity))
@@ -415,17 +455,76 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) []common.Anom
 	return lst
 }

-func GetAnomalyPoint(ruleId int64, ruleQuery models.RuleQuery, seriesTagIndex map[uint64][]uint64, seriesStore map[uint64]models.DataResp) ([]common.AnomalyPoint, []common.AnomalyPoint) {
+func GetAnomalyPoint(ruleId int64, ruleQuery models.RuleQuery, seriesTagIndexes []map[uint64][]uint64, seriesStore map[uint64]models.DataResp) ([]common.AnomalyPoint, []common.AnomalyPoint) {
 	points := []common.AnomalyPoint{}
 	recoverPoints := []common.AnomalyPoint{}

+	if len(ruleQuery.Triggers) == 0 {
+		return points, recoverPoints
+	}
+
 	for _, trigger := range ruleQuery.Triggers {
+		// seriesTagIndex 的 key 仅做分组使用，value 为每组 series 的 hash
+		seriesTagIndex := make(map[uint64][]uint64)
+
+		if len(trigger.Joins) == 0 {
+			// 没有 join 条件，走原逻辑
+			last := seriesTagIndexes[0]
+			for i := 1; i < len(seriesTagIndexes); i++ {
+				last = originalJoin(last, seriesTagIndexes[i])
+			}
+			seriesTagIndex = last
+		} else {
+			// 有 join 条件，按条件依次合并
+			if len(seriesTagIndexes) != len(trigger.Joins)+1 {
+				logger.Errorf("rule_eval rid:%d queries' count: %d not match join condition's count: %d", ruleId, len(seriesTagIndexes), len(trigger.Joins))
+				continue
+			}
+
+			last := seriesTagIndexes[0]
+			lastRehashed := rehashSet(last, seriesStore, trigger.Joins[0].On)
+			for i := range trigger.Joins {
+				cur := seriesTagIndexes[i+1]
+				switch trigger.Joins[i].JoinType {
+				case "original":
+					last = originalJoin(last, cur)
+				case "none":
+					last = noneJoin(last, cur)
+				case "cartesian":
+					last = cartesianJoin(last, cur)
+				case "inner_join":
+					curRehashed := rehashSet(cur, seriesStore, trigger.Joins[i].On)
+					lastRehashed = onJoin(lastRehashed, curRehashed, Inner)
+					last = flatten(lastRehashed)
+				case "left_join":
+					curRehashed := rehashSet(cur, seriesStore, trigger.Joins[i].On)
+					lastRehashed = onJoin(lastRehashed, curRehashed, Left)
+					last = flatten(lastRehashed)
+				case "right_join":
+					curRehashed := rehashSet(cur, seriesStore, trigger.Joins[i].On)
+					lastRehashed = onJoin(curRehashed, lastRehashed, Right)
+					last = flatten(lastRehashed)
+				case "left_exclude":
+					curRehashed := rehashSet(cur, seriesStore, trigger.Joins[i].On)
+					lastRehashed = exclude(lastRehashed, curRehashed)
+					last = flatten(lastRehashed)
+				case "right_exclude":
+					curRehashed := rehashSet(cur, seriesStore, trigger.Joins[i].On)
+					lastRehashed = exclude(curRehashed, lastRehashed)
+					last = flatten(lastRehashed)
+				default:
+					logger.Warningf("rule_eval rid:%d join type:%s not support", ruleId, trigger.Joins[i].JoinType)
+				}
+			}
+			seriesTagIndex = last
+		}
+
 		for _, seriesHash := range seriesTagIndex {
 			sort.Slice(seriesHash, func(i, j int) bool {
 				return seriesHash[i] < seriesHash[j]
 			})

-			m := make(map[string]float64)
+			m := make(map[string]interface{})
 			var ts int64
 			var sample models.DataResp
 			var value float64
@@ -490,6 +589,143 @@ func GetAnomalyPoint(ruleId int64, ruleQuery models.RuleQuery, seriesTagIndex ma
 	return points, recoverPoints
 }

+func flatten(rehashed map[uint64][][]uint64) map[uint64][]uint64 {
+	seriesTagIndex := make(map[uint64][]uint64)
+	var i uint64
+	for _, HashTagIndex := range rehashed {
+		for u := range HashTagIndex {
+			seriesTagIndex[i] = HashTagIndex[u]
+			i++
+		}
+	}
+	return seriesTagIndex
+}
+
+// onJoin 组合两个经过 rehash 之后的集合
+// 如查询 A，经过 on data_base rehash 分组后
+// [[A1{data_base=1, table=alert}，A2{data_base=1, table=alert}]，[A5{data_base=1, table=board}]]
+// [[A3{data_base=2, table=board}]，[A4{data_base=2, table=alert}]]
+// 查询 B，经过 on data_base rehash 分组后
+// [[B1{data_base=1, table=alert}]]
+// [[B2{data_base=2, table=alert}]]
+// 内联得到
+// [[A1{data_base=1, table=alert}，A2{data_base=1, table=alert}，B1{data_base=1, table=alert}]，[A5{data_base=1, table=board}，[B1{data_base=1, table=alert}]]
+// [[A3{data_base=2, table=board}，B2{data_base=2, table=alert}]，[A4{data_base=2, table=alert}，B2{data_base=2, table=alert}]]
+func onJoin(reHashTagIndex1 map[uint64][][]uint64, reHashTagIndex2 map[uint64][][]uint64, joinType JoinType) map[uint64][][]uint64 {
+	reHashTagIndex := make(map[uint64][][]uint64)
+	for rehash, _ := range reHashTagIndex1 {
+		if _, ok := reHashTagIndex2[rehash]; ok {
+			// 若有 rehash 相同的记录，两两合并
+			for i1 := range reHashTagIndex1[rehash] {
+				for i2 := range reHashTagIndex2[rehash] {
+					reHashTagIndex[rehash] = append(reHashTagIndex[rehash], mergeNewArray(reHashTagIndex1[rehash][i1], reHashTagIndex2[rehash][i2]))
+				}
+			}
+		} else {
+			// 合并方式不为 inner 时，需要保留 reHashTagIndex1 中未匹配的记录
+			if joinType != Inner {
+				reHashTagIndex[rehash] = reHashTagIndex1[rehash]
+			}
+		}
+	}
+	return reHashTagIndex
+}
+
+// rehashSet 重新 hash 分组
+// 如当前查询 A 有五条记录
+// A1{data_base=1, table=alert}
+// A2{data_base=1, table=alert}
+// A3{data_base=2, table=board}
+// A4{data_base=2, table=alert}
+// A5{data_base=1, table=board}
+// 经过预处理（按曲线分组，此步已在进入 GetAnomalyPoint 函数前完成）后，分为 4 组，
+// [A1{data_base=1, table=alert}，A2{data_base=1, table=alert}]
+// [A3{data_base=2, table=board}]
+// [A4{data_base=2, table=alert}]
+// [A5{data_base=1, table=board}]
+// 若 rehashSet 按 data_base 重新分组，此时会得到按 rehash 值分的二维数组，即不会将 rehash 值相同的记录完全合并
+// [[A1{data_base=1, table=alert}，A2{data_base=1, table=alert}]，[A5{data_base=1, table=board}]]
+// [[A3{data_base=2, table=board}]，[A4{data_base=2, table=alert}]]
+func rehashSet(seriesTagIndex1 map[uint64][]uint64, seriesStore map[uint64]models.DataResp, on []string) map[uint64][][]uint64 {
+	reHashTagIndex := make(map[uint64][][]uint64)
+	for _, seriesHashes := range seriesTagIndex1 {
+		if len(seriesHashes) == 0 {
+			continue
+		}
+		series, exists := seriesStore[seriesHashes[0]]
+		if !exists {
+			continue
+		}
+		rehash := hash.GetTargetTagHash(series.Metric, on)
+		if _, ok := reHashTagIndex[rehash]; !ok {
+			reHashTagIndex[rehash] = make([][]uint64, 0)
+		}
+		reHashTagIndex[rehash] = append(reHashTagIndex[rehash], seriesHashes)
+	}
+	return reHashTagIndex
+}
+
+// 笛卡尔积，查询的结果两两合并
+func cartesianJoin(seriesTagIndex1 map[uint64][]uint64, seriesTagIndex2 map[uint64][]uint64) map[uint64][]uint64 {
+	var index uint64
+	seriesTagIndex := make(map[uint64][]uint64)
+	for _, seriesHashes1 := range seriesTagIndex1 {
+		for _, seriesHashes2 := range seriesTagIndex2 {
+			seriesTagIndex[index] = mergeNewArray(seriesHashes1, seriesHashes2)
+			index++
+		}
+	}
+	return seriesTagIndex
+}
+
+// noneJoin 直接拼接
+func noneJoin(seriesTagIndex1 map[uint64][]uint64, seriesTagIndex2 map[uint64][]uint64) map[uint64][]uint64 {
+	seriesTagIndex := make(map[uint64][]uint64)
+	var index uint64
+	for _, seriesHashes := range seriesTagIndex1 {
+		seriesTagIndex[index] = seriesHashes
+		index++
+	}
+	for _, seriesHashes := range seriesTagIndex2 {
+		seriesTagIndex[index] = seriesHashes
+		index++
+	}
+	return seriesTagIndex
+}
+
+// originalJoin 原始分组方案，key 相同，即标签全部相同分为一组
+func originalJoin(seriesTagIndex1 map[uint64][]uint64, seriesTagIndex2 map[uint64][]uint64) map[uint64][]uint64 {
+	seriesTagIndex := make(map[uint64][]uint64)
+	for tagHash, seriesHashes := range seriesTagIndex1 {
+		if _, ok := seriesTagIndex[tagHash]; !ok {
+			seriesTagIndex[tagHash] = mergeNewArray(seriesHashes)
+		} else {
+			seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], seriesHashes...)
+		}
+	}
+
+	for tagHash, seriesHashes := range seriesTagIndex2 {
+		if _, ok := seriesTagIndex[tagHash]; !ok {
+			seriesTagIndex[tagHash] = mergeNewArray(seriesHashes)
+		} else {
+			seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], seriesHashes...)
+		}
+	}
+
+	return seriesTagIndex
+}
+
+// exclude 左斥，留下在 reHashTagIndex1 中，但不在 reHashTagIndex2 中的记录
+func exclude(reHashTagIndex1 map[uint64][][]uint64, reHashTagIndex2 map[uint64][][]uint64) map[uint64][][]uint64 {
+	reHashTagIndex := make(map[uint64][][]uint64)
+	for rehash, _ := range reHashTagIndex1 {
+		if _, ok := reHashTagIndex2[rehash]; !ok {
+			reHashTagIndex[rehash] = reHashTagIndex1[rehash]
+		}
+	}
+	return reHashTagIndex
+}
+
 func MakeSeriesMap(series []models.DataResp, seriesTagIndex map[uint64][]uint64, seriesStore map[uint64]models.DataResp) {
 	for i := 0; i < len(series); i++ {
 		serieHash := hash.GetHash(series[i].Metric, series[i].Ref)
@@ -503,3 +739,11 @@ func MakeSeriesMap(series []models.DataResp, seriesTagIndex map[uint64][]uint64,
 		seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], serieHash)
 	}
 }
+
+func mergeNewArray(arg ...[]uint64) []uint64 {
+	res := make([]uint64, 0)
+	for _, a := range arg {
+		res = append(res, a...)
+	}
+	return res
+}
--- a/alert/eval/eval_test.go
+++ b/alert/eval/eval_test.go
@@ -0,0 +1,271 @@
+package eval
+
+import (
+	"reflect"
+	"testing"
+
+	"golang.org/x/exp/slices"
+)
+
+var (
+	reHashTagIndex1 = map[uint64][][]uint64{
+		1: {
+			{1, 2}, {3, 4},
+		},
+		2: {
+			{5, 6}, {7, 8},
+		},
+	}
+	reHashTagIndex2 = map[uint64][][]uint64{
+		1: {
+			{9, 10}, {11, 12},
+		},
+		3: {
+			{13, 14}, {15, 16},
+		},
+	}
+	seriesTagIndex1 = map[uint64][]uint64{
+		1: {1, 2, 3, 4},
+		2: {5, 6, 7, 8},
+	}
+	seriesTagIndex2 = map[uint64][]uint64{
+		1: {9, 10, 11, 12},
+		3: {13, 14, 15, 16},
+	}
+)
+
+func Test_originalJoin(t *testing.T) {
+	type args struct {
+		seriesTagIndex1 map[uint64][]uint64
+		seriesTagIndex2 map[uint64][]uint64
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[uint64][]uint64
+	}{
+		{
+			name: "original join",
+			args: args{
+				seriesTagIndex1: map[uint64][]uint64{
+					1: {1, 2, 3, 4},
+					2: {5, 6, 7, 8},
+				},
+				seriesTagIndex2: map[uint64][]uint64{
+					1: {9, 10, 11, 12},
+					3: {13, 14, 15, 16},
+				},
+			},
+			want: map[uint64][]uint64{
+				1: {1, 2, 3, 4, 9, 10, 11, 12},
+				2: {5, 6, 7, 8},
+				3: {13, 14, 15, 16},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := originalJoin(tt.args.seriesTagIndex1, tt.args.seriesTagIndex2); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("originalJoin() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_exclude(t *testing.T) {
+	type args struct {
+		reHashTagIndex1 map[uint64][][]uint64
+		reHashTagIndex2 map[uint64][][]uint64
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[uint64][]uint64
+	}{
+		{
+			name: "left exclude",
+			args: args{
+				reHashTagIndex1: reHashTagIndex1,
+				reHashTagIndex2: reHashTagIndex2,
+			},
+			want: map[uint64][]uint64{
+				0: {5, 6},
+				1: {7, 8},
+			},
+		},
+		{
+			name: "right exclude",
+			args: args{
+				reHashTagIndex1: reHashTagIndex2,
+				reHashTagIndex2: reHashTagIndex1,
+			},
+			want: map[uint64][]uint64{
+				3: {13, 14},
+				4: {15, 16},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := exclude(tt.args.reHashTagIndex1, tt.args.reHashTagIndex2); !allValueDeepEqual(flatten(got), tt.want) {
+				t.Errorf("exclude() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_noneJoin(t *testing.T) {
+	type args struct {
+		seriesTagIndex1 map[uint64][]uint64
+		seriesTagIndex2 map[uint64][]uint64
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[uint64][]uint64
+	}{
+		{
+			name: "none join, direct splicing",
+			args: args{
+				seriesTagIndex1: seriesTagIndex1,
+				seriesTagIndex2: seriesTagIndex2,
+			},
+			want: map[uint64][]uint64{
+				0: {1, 2, 3, 4},
+				1: {5, 6, 7, 8},
+				2: {9, 10, 11, 12},
+				3: {13, 14, 15, 16},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := noneJoin(tt.args.seriesTagIndex1, tt.args.seriesTagIndex2); !allValueDeepEqual(got, tt.want) {
+				t.Errorf("noneJoin() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_cartesianJoin(t *testing.T) {
+	type args struct {
+		seriesTagIndex1 map[uint64][]uint64
+		seriesTagIndex2 map[uint64][]uint64
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[uint64][]uint64
+	}{
+		{
+			name: "cartesian join",
+			args: args{
+				seriesTagIndex1: seriesTagIndex1,
+				seriesTagIndex2: seriesTagIndex2,
+			},
+			want: map[uint64][]uint64{
+				0: {1, 2, 3, 4, 9, 10, 11, 12},
+				1: {5, 6, 7, 8, 9, 10, 11, 12},
+				2: {5, 6, 7, 8, 13, 14, 15, 16},
+				3: {1, 2, 3, 4, 13, 14, 15, 16},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := cartesianJoin(tt.args.seriesTagIndex1, tt.args.seriesTagIndex2); !allValueDeepEqual(got, tt.want) {
+				t.Errorf("cartesianJoin() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_onJoin(t *testing.T) {
+	type args struct {
+		reHashTagIndex1 map[uint64][][]uint64
+		reHashTagIndex2 map[uint64][][]uint64
+		joinType        JoinType
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[uint64][]uint64
+	}{
+		{
+			name: "left join",
+			args: args{
+				reHashTagIndex1: reHashTagIndex1,
+				reHashTagIndex2: reHashTagIndex2,
+				joinType:        Left,
+			},
+			want: map[uint64][]uint64{
+				1: {1, 2, 9, 10},
+				2: {3, 4, 9, 10},
+				3: {1, 2, 11, 12},
+				4: {3, 4, 11, 12},
+				5: {5, 6},
+				6: {7, 8},
+			},
+		},
+		{
+			name: "right join",
+			args: args{
+				reHashTagIndex1: reHashTagIndex2,
+				reHashTagIndex2: reHashTagIndex1,
+				joinType:        Right,
+			},
+			want: map[uint64][]uint64{
+				1: {1, 2, 9, 10},
+				2: {3, 4, 9, 10},
+				3: {1, 2, 11, 12},
+				4: {3, 4, 11, 12},
+				5: {13, 14},
+				6: {15, 16},
+			},
+		},
+
+		{
+			name: "inner join",
+			args: args{
+				reHashTagIndex1: reHashTagIndex1,
+				reHashTagIndex2: reHashTagIndex2,
+				joinType:        Inner,
+			},
+			want: map[uint64][]uint64{
+				1: {1, 2, 9, 10},
+				2: {3, 4, 9, 10},
+				3: {1, 2, 11, 12},
+				4: {3, 4, 11, 12},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := onJoin(tt.args.reHashTagIndex1, tt.args.reHashTagIndex2, tt.args.joinType); !allValueDeepEqual(flatten(got), tt.want) {
+				t.Errorf("onJoin() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+// allValueDeepEqual 判断 map 的 value 是否相同，不考虑 key
+func allValueDeepEqual(got, want map[uint64][]uint64) bool {
+	if len(got) != len(want) {
+		return false
+	}
+	for _, v1 := range got {
+		curEqual := false
+		slices.Sort(v1)
+		for _, v2 := range want {
+			slices.Sort(v2)
+			if reflect.DeepEqual(v1, v2) {
+				curEqual = true
+				break
+			}
+		}
+		if !curEqual {
+			return false
+		}
+	}
+	return true
+}
--- a/alert/mute/mute.go
+++ b/alert/mute/mute.go
@@ -12,28 +12,28 @@ import (
 	"github.com/toolkits/pkg/logger"
 )

-func IsMuted(rule *models.AlertRule, event *models.AlertCurEvent, targetCache *memsto.TargetCacheType, alertMuteCache *memsto.AlertMuteCacheType) bool {
+func IsMuted(rule *models.AlertRule, event *models.AlertCurEvent, targetCache *memsto.TargetCacheType, alertMuteCache *memsto.AlertMuteCacheType) (bool, string) {
 	if rule.Disabled == 1 {
-		return true
+		return true, "rule disabled"
 	}

 	if TimeSpanMuteStrategy(rule, event) {
-		return true
+		return true, "rule is not effective for period of time"
 	}

 	if IdentNotExistsMuteStrategy(rule, event, targetCache) {
-		return true
+		return true, "ident not exists mute"
 	}

 	if BgNotMatchMuteStrategy(rule, event, targetCache) {
-		return true
+		return true, "bg not match mute"
 	}

 	if EventMuteStrategy(event, alertMuteCache) {
-		return true
+		return true, "match mute rule"
 	}

-	return false
+	return false, ""
 }

 // TimeSpanMuteStrategy 根据规则配置的告警生效时间段过滤,如果产生的告警不在规则配置的告警生效时间段内,则不告警,即被mute
--- a/alert/naming/hashring.go
+++ b/alert/naming/hashring.go
@@ -67,6 +67,12 @@ func (chr *DatasourceHashRingType) Set(datasourceId string, r *consistent.Consis
 	chr.Rings[datasourceId] = r
 }

+func (chr *DatasourceHashRingType) Del(datasourceId string) {
+	chr.Lock()
+	defer chr.Unlock()
+	delete(chr.Rings, datasourceId)
+}
+
 func (chr *DatasourceHashRingType) Clear(engineName string) {
 	chr.Lock()
 	defer chr.Unlock()
--- a/alert/naming/heartbeat.go
+++ b/alert/naming/heartbeat.go
@@ -110,7 +110,9 @@ func (n *Naming) heartbeat() error {
 		}
 	}

+	newDatasource := make(map[int64]struct{})
 	for i := 0; i < len(datasourceIds); i++ {
+		newDatasource[datasourceIds[i]] = struct{}{}
 		servers, err := n.ActiveServers(datasourceIds[i])
 		if err != nil {
 			logger.Warningf("hearbeat %d get active server err:%v", datasourceIds[i], err)
@@ -130,6 +132,13 @@ func (n *Naming) heartbeat() error {
 		localss[datasourceIds[i]] = newss
 	}

+	for dsId := range localss {
+		if _, exists := newDatasource[dsId]; !exists {
+			delete(localss, dsId)
+			DatasourceHashRing.Del(fmt.Sprintf("%d", dsId))
+		}
+	}
+
 	// host 告警使用的是 hash ring
 	err = models.AlertingEngineHeartbeatWithCluster(n.ctx, n.heartbeatConfig.Endpoint, n.heartbeatConfig.EngineName, HostDatasource)
 	if err != nil {
--- a/alert/process/process.go
+++ b/alert/process/process.go
@@ -18,6 +18,9 @@ import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/tplx"
+	"github.com/ccfos/nightingale/v6/pushgw/writer"
+
+	"github.com/prometheus/prometheus/prompb"
 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/str"
 )
@@ -50,10 +53,11 @@ type Processor struct {
 	datasourceId int64
 	EngineName   string

-	rule     *models.AlertRule
-	fires    *AlertCurEventMap
-	pendings *AlertCurEventMap
-	inhibit  bool
+	rule                 *models.AlertRule
+	fires                *AlertCurEventMap
+	pendings             *AlertCurEventMap
+	pendingsUseByRecover *AlertCurEventMap
+	inhibit              bool

 	tagsMap    map[string]string
 	tagsArr    []string
@@ -145,9 +149,10 @@ func (p *Processor) Handle(anomalyPoints []common.AnomalyPoint, from string, inh
 		// 如果 event 被 mute 了,本质也是 fire 的状态,这里无论如何都添加到 alertingKeys 中,防止 fire 的事件自动恢复了
 		hash := event.Hash
 		alertingKeys[hash] = struct{}{}
-		if mute.IsMuted(cachedRule, event, p.TargetCache, p.alertMuteCache) {
+		isMuted, detail := mute.IsMuted(cachedRule, event, p.TargetCache, p.alertMuteCache)
+		if isMuted {
 			p.Stats.CounterMuteTotal.WithLabelValues(event.GroupName).Inc()
-			logger.Debugf("rule_eval:%s event:%v is muted", p.Key(), event)
+			logger.Debugf("rule_eval:%s event:%v is muted, detail:%s", p.Key(), event, detail)
 			continue
 		}

@@ -165,7 +170,7 @@ func (p *Processor) Handle(anomalyPoints []common.AnomalyPoint, from string, inh
 		p.handleEvent(events)
 	}

-	p.HandleRecover(alertingKeys, now)
+	p.HandleRecover(alertingKeys, now, inhibit)
 }

 func (p *Processor) BuildEvent(anomalyPoint common.AnomalyPoint, from string, now int64) *models.AlertCurEvent {
@@ -207,15 +212,76 @@ func (p *Processor) BuildEvent(anomalyPoint common.AnomalyPoint, from string, no
 	event.ExtraConfig = p.rule.ExtraConfigJSON
 	event.PromQl = anomalyPoint.Query

+	if p.target != "" {
+		if pt, exist := p.TargetCache.Get(p.target); exist {
+			event.Target = pt
+		} else {
+			logger.Infof("Target[ident: %s] doesn't exist in cache.", p.target)
+		}
+	}
+
+	if event.TriggerValues != "" && strings.Count(event.TriggerValues, "$") > 1 {
+		// TriggerValues 有多个变量，将多个变量都放到 TriggerValue 中
+		event.TriggerValue = event.TriggerValues
+	}
+
 	if from == "inner" {
 		event.LastEvalTime = now
 	} else {
 		event.LastEvalTime = event.TriggerTime
 	}
+
+	// 生成事件之后，立马进程 relabel 处理
+	Relabel(p.rule, event)
 	return event
 }

-func (p *Processor) HandleRecover(alertingKeys map[string]struct{}, now int64) {
+func Relabel(rule *models.AlertRule, event *models.AlertCurEvent) {
+	if rule == nil {
+		return
+	}
+
+	if len(rule.EventRelabelConfig) == 0 {
+		return
+	}
+
+	// need to keep the original label
+	event.OriginalTags = event.Tags
+	event.OriginalTagsJSON = make([]string, len(event.TagsJSON))
+
+	labels := make([]prompb.Label, len(event.TagsJSON))
+	for i, tag := range event.TagsJSON {
+		label := strings.SplitN(tag, "=", 2)
+		event.OriginalTagsJSON[i] = tag
+		labels[i] = prompb.Label{Name: label[0], Value: label[1]}
+	}
+
+	for i := 0; i < len(rule.EventRelabelConfig); i++ {
+		if rule.EventRelabelConfig[i].Replacement == "" {
+			rule.EventRelabelConfig[i].Replacement = "$1"
+		}
+
+		if rule.EventRelabelConfig[i].Separator == "" {
+			rule.EventRelabelConfig[i].Separator = ";"
+		}
+
+		if rule.EventRelabelConfig[i].Regex == "" {
+			rule.EventRelabelConfig[i].Regex = "(.*)"
+		}
+	}
+
+	// relabel process
+	relabels := writer.Process(labels, rule.EventRelabelConfig...)
+	event.TagsJSON = make([]string, len(relabels))
+	event.TagsMap = make(map[string]string, len(relabels))
+	for i, label := range relabels {
+		event.TagsJSON[i] = fmt.Sprintf("%s=%s", label.Name, label.Value)
+		event.TagsMap[label.Name] = label.Value
+	}
+	event.Tags = strings.Join(event.TagsJSON, ",,")
+}
+
+func (p *Processor) HandleRecover(alertingKeys map[string]struct{}, now int64, inhibit bool) {
 	for _, hash := range p.pendings.Keys() {
 		if _, has := alertingKeys[hash]; has {
 			continue
@@ -223,11 +289,55 @@ func (p *Processor) HandleRecover(alertingKeys map[string]struct{}, now int64) {
 		p.pendings.Delete(hash)
 	}

+	hashArr := make([]string, 0, len(alertingKeys))
 	for hash := range p.fires.GetAll() {
 		if _, has := alertingKeys[hash]; has {
 			continue
 		}
-		p.RecoverSingle(hash, now, nil)
+
+		hashArr = append(hashArr, hash)
+	}
+	p.HandleRecoverEvent(hashArr, now, inhibit)
+
+}
+
+func (p *Processor) HandleRecoverEvent(hashArr []string, now int64, inhibit bool) {
+	cachedRule := p.rule
+	if cachedRule == nil {
+		return
+	}
+
+	if !inhibit {
+		for _, hash := range hashArr {
+			p.RecoverSingle(hash, now, nil)
+		}
+		return
+	}
+
+	eventMap := make(map[string]models.AlertCurEvent)
+	for _, hash := range hashArr {
+		event, has := p.fires.Get(hash)
+		if !has {
+			continue
+		}
+
+		e, exists := eventMap[event.Tags]
+		if !exists {
+			eventMap[event.Tags] = *event
+			continue
+		}
+
+		if e.Severity > event.Severity {
+			// hash 对应的恢复事件的被抑制了，把之前的事件删除
+			p.fires.Delete(e.Hash)
+			p.pendings.Delete(e.Hash)
+			models.AlertCurEventDelByHash(p.ctx, e.Hash)
+			eventMap[event.Tags] = *event
+		}
+	}
+
+	for _, event := range eventMap {
+		p.RecoverSingle(event.Hash, now, nil)
 	}
 }

@@ -241,11 +351,22 @@ func (p *Processor) RecoverSingle(hash string, now int64, value *string, values
 	if !has {
 		return
 	}
+
 	// 如果配置了留观时长，就不能立马恢复了
-	if cachedRule.RecoverDuration > 0 && now-event.LastEvalTime < cachedRule.RecoverDuration {
-		logger.Debugf("rule_eval:%s event:%v not recover", p.Key(), event)
-		return
+	if cachedRule.RecoverDuration > 0 {
+		lastPendingEvent, has := p.pendingsUseByRecover.Get(hash)
+		if !has {
+			// 说明没有产生过异常点，就不需要恢复了
+			logger.Debugf("rule_eval:%s event:%v do not has pending event, not recover", p.Key(), event)
+			return
+		}
+
+		if now-lastPendingEvent.LastEvalTime < cachedRule.RecoverDuration {
+			logger.Debugf("rule_eval:%s event:%v not recover", p.Key(), event)
+			return
+		}
 	}
+
 	if value != nil {
 		event.TriggerValue = *value
 		if len(values) > 0 {
@@ -257,6 +378,7 @@ func (p *Processor) RecoverSingle(hash string, now int64, value *string, values
 	// 我确实无法分辨，是prom中有值但是未满足阈值所以没返回，还是prom中确实丢了一些点导致没有数据可以返回，尴尬
 	p.fires.Delete(hash)
 	p.pendings.Delete(hash)
+	p.pendingsUseByRecover.Delete(hash)

 	// 可能是因为调整了promql才恢复的，所以事件里边要体现最新的promql，否则用户会比较困惑
 	// 当然，其实rule的各个字段都可能发生变化了，都更新一下吧
@@ -276,6 +398,13 @@ func (p *Processor) handleEvent(events []*models.AlertCurEvent) {
 		if event == nil {
 			continue
 		}
+
+		if _, has := p.pendingsUseByRecover.Get(event.Hash); has {
+			p.pendingsUseByRecover.UpdateLastEvalTime(event.Hash, event.LastEvalTime)
+		} else {
+			p.pendingsUseByRecover.Set(event.Hash, event)
+		}
+
 		if p.rule.PromForDuration == 0 {
 			fireEvents = append(fireEvents, event)
 			if severity > event.Severity {
@@ -284,7 +413,7 @@ func (p *Processor) handleEvent(events []*models.AlertCurEvent) {
 			continue
 		}

-		var preTriggerTime int64
+		var preTriggerTime int64 // 第一个 pending event 的触发时间
 		preEvent, has := p.pendings.Get(event.Hash)
 		if has {
 			p.pendings.UpdateLastEvalTime(event.Hash, event.LastEvalTime)
@@ -376,6 +505,7 @@ func (p *Processor) pushEventToQueue(e *models.AlertCurEvent) {

 func (p *Processor) RecoverAlertCurEventFromDb() {
 	p.pendings = NewAlertCurEventMap(nil)
+	p.pendingsUseByRecover = NewAlertCurEventMap(nil)

 	curEvents, err := models.AlertCurEventGetByRuleIdAndDsId(p.ctx, p.rule.Id, p.datasourceId)
 	if err != nil {
@@ -386,6 +516,7 @@ func (p *Processor) RecoverAlertCurEventFromDb() {
 	}

 	fireMap := make(map[string]*models.AlertCurEvent)
+	pendingsUseByRecoverMap := make(map[string]*models.AlertCurEvent)
 	for _, event := range curEvents {
 		if event.Cate == models.HOST {
 			target, exists := p.TargetCache.Get(event.TargetIdent)
@@ -397,9 +528,14 @@ func (p *Processor) RecoverAlertCurEventFromDb() {

 		event.DB2Mem()
 		fireMap[event.Hash] = event
+		e := *event
+		pendingsUseByRecoverMap[event.Hash] = &e
 	}

 	p.fires = NewAlertCurEventMap(fireMap)
+
+	// 修改告警规则，或者进程重启之后，需要重新加载 pendingsUseByRecover
+	p.pendingsUseByRecover = NewAlertCurEventMap(pendingsUseByRecoverMap)
 }

 func (p *Processor) fillTags(anomalyPoint common.AnomalyPoint) {
@@ -472,6 +608,12 @@ func (p *Processor) mayHandleGroup() {
 	}
 }

+func (p *Processor) DeleteProcessEvent(hash string) {
+	p.fires.Delete(hash)
+	p.pendings.Delete(hash)
+	p.pendingsUseByRecover.Delete(hash)
+}
+
 func labelMapToArr(m map[string]string) []string {
 	numLabels := len(m)

--- a/alert/record/prom_rule.go
+++ b/alert/record/prom_rule.go
@@ -10,6 +10,7 @@ import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/prom"
 	"github.com/ccfos/nightingale/v6/pushgw/writer"
+	"github.com/robfig/cron/v3"

 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/str"
@@ -19,19 +20,35 @@ type RecordRuleContext struct {
 	datasourceId int64
 	quit         chan struct{}

+	scheduler   *cron.Cron
 	rule        *models.RecordingRule
 	promClients *prom.PromClientMap
 	stats       *astats.Stats
 }

 func NewRecordRuleContext(rule *models.RecordingRule, datasourceId int64, promClients *prom.PromClientMap, writers *writer.WritersType, stats *astats.Stats) *RecordRuleContext {
-	return &RecordRuleContext{
+	rrc := &RecordRuleContext{
 		datasourceId: datasourceId,
 		quit:         make(chan struct{}),
 		rule:         rule,
 		promClients:  promClients,
 		stats:        stats,
 	}
+
+	if rule.CronPattern == "" && rule.PromEvalInterval != 0 {
+		rule.CronPattern = fmt.Sprintf("@every %ds", rule.PromEvalInterval)
+	}
+
+	rrc.scheduler = cron.New(cron.WithSeconds())
+	_, err := rrc.scheduler.AddFunc(rule.CronPattern, func() {
+		rrc.Eval()
+	})
+
+	if err != nil {
+		logger.Errorf("add cron pattern error: %v", err)
+	}
+
+	return rrc
 }

 func (rrc *RecordRuleContext) Key() string {
@@ -39,11 +56,12 @@ func (rrc *RecordRuleContext) Key() string {
 }

 func (rrc *RecordRuleContext) Hash() string {
-	return str.MD5(fmt.Sprintf("%d_%d_%s_%d",
+	return str.MD5(fmt.Sprintf("%d_%s_%s_%d_%s",
 		rrc.rule.Id,
-		rrc.rule.PromEvalInterval,
+		rrc.rule.CronPattern,
 		rrc.rule.PromQl,
 		rrc.datasourceId,
+		rrc.rule.AppendTags,
 	))
 }

@@ -51,23 +69,7 @@ func (rrc *RecordRuleContext) Prepare() {}

 func (rrc *RecordRuleContext) Start() {
 	logger.Infof("eval:%s started", rrc.Key())
-	interval := rrc.rule.PromEvalInterval
-	if interval <= 0 {
-		interval = 10
-	}
-
-	ticker := time.NewTicker(time.Duration(interval) * time.Second)
-	go func() {
-		defer ticker.Stop()
-		for {
-			select {
-			case <-rrc.quit:
-				return
-			case <-ticker.C:
-				rrc.Eval()
-			}
-		}
-	}()
+	rrc.scheduler.Start()
 }

 func (rrc *RecordRuleContext) Eval() {
@@ -109,5 +111,8 @@ func (rrc *RecordRuleContext) Eval() {

 func (rrc *RecordRuleContext) Stop() {
 	logger.Infof("%s stopped", rrc.Key())
+
+	c := rrc.scheduler.Stop()
+	<-c.Done()
 	close(rrc.quit)
 }
--- a/alert/sender/callback.go
+++ b/alert/sender/callback.go
@@ -1,64 +1,186 @@
 package sender

 import (
-	"encoding/json"
-	"strconv"
+	"html/template"
+	"net/url"
 	"strings"
 	"time"

-	"github.com/ccfos/nightingale/v6/alert/aconf"
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
-	"github.com/ccfos/nightingale/v6/pkg/ibex"
 	"github.com/ccfos/nightingale/v6/pkg/poster"

 	"github.com/toolkits/pkg/logger"
 )

-func SendCallbacks(ctx *ctx.Context, urls []string, event *models.AlertCurEvent, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType,
-	ibexConf aconf.Ibex, stats *astats.Stats) {
-	for _, url := range urls {
-		if url == "" {
-			continue
-		}
+type (
+	// CallBacker 进行回调的接口
+	CallBacker interface {
+		CallBack(ctx CallBackContext)
+	}

-		if strings.HasPrefix(url, "${ibex}") {
-			if !event.IsRecovered {
-				handleIbex(ctx, url, event, targetCache, userCache, ibexConf)
-			}
-			continue
-		}
+	// CallBackContext 回调时所需的上下文
+	CallBackContext struct {
+		Ctx         *ctx.Context
+		CallBackURL string
+		Users       []*models.User
+		Rule        *models.AlertRule
+		Events      []*models.AlertCurEvent
+		Stats       *astats.Stats
+		BatchSend   bool
+	}

-		if !(strings.HasPrefix(url, "http://") || strings.HasPrefix(url, "https://")) {
-			url = "http://" + url
-		}
+	DefaultCallBacker struct{}
+)

-		stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
-		resp, code, err := poster.PostJSON(url, 5*time.Second, event, 3)
-		if err != nil {
-			logger.Errorf("event_callback_fail(rule_id=%d url=%s), resp: %s, err: %v, code: %d", event.RuleId, url, string(resp), err, code)
-			stats.AlertNotifyErrorTotal.WithLabelValues("rule_callback").Inc()
-		} else {
-			logger.Infof("event_callback_succ(rule_id=%d url=%s), resp: %s, code: %d", event.RuleId, url, string(resp), code)
-		}
+func BuildCallBackContext(ctx *ctx.Context, callBackURL string, rule *models.AlertRule, events []*models.AlertCurEvent,
+	uids []int64, userCache *memsto.UserCacheType, batchSend bool, stats *astats.Stats) CallBackContext {
+	users := userCache.GetByUserIds(uids)
+
+	newCallBackUrl, _ := events[0].ParseURL(callBackURL)
+	return CallBackContext{
+		Ctx:         ctx,
+		CallBackURL: newCallBackUrl,
+		Rule:        rule,
+		Events:      events,
+		Users:       users,
+		BatchSend:   batchSend,
+		Stats:       stats,
 	}
 }

-type TaskForm struct {
-	Title     string   `json:"title"`
-	Account   string   `json:"account"`
-	Batch     int      `json:"batch"`
-	Tolerance int      `json:"tolerance"`
-	Timeout   int      `json:"timeout"`
-	Pause     string   `json:"pause"`
-	Script    string   `json:"script"`
-	Args      string   `json:"args"`
-	Stdin     string   `json:"stdin"`
-	Action    string   `json:"action"`
-	Creator   string   `json:"creator"`
-	Hosts     []string `json:"hosts"`
+func ExtractAtsParams(rawURL string) []string {
+	ans := make([]string, 0, 1)
+	parsedURL, err := url.Parse(rawURL)
+	if err != nil {
+		logger.Errorf("ExtractAtsParams(url=%s), err: %v", rawURL, err)
+		return ans
+	}
+
+	queryParams := parsedURL.Query()
+	atParam := queryParams.Get("ats")
+	if atParam == "" {
+		return ans
+	}
+
+	// Split the atParam by comma and return the result as a slice
+	return strings.Split(atParam, ",")
+}
+
+func NewCallBacker(
+	key string,
+	targetCache *memsto.TargetCacheType,
+	userCache *memsto.UserCacheType,
+	taskTplCache *memsto.TaskTplCache,
+	tpls map[string]*template.Template,
+) CallBacker {
+
+	switch key {
+	case models.IbexDomain: // Distribute to Ibex
+		return &IbexCallBacker{
+			targetCache:  targetCache,
+			userCache:    userCache,
+			taskTplCache: taskTplCache,
+		}
+	case models.DefaultDomain: // default callback
+		return &DefaultCallBacker{}
+	case models.DingtalkDomain:
+		return &DingtalkSender{tpl: tpls[models.Dingtalk]}
+	case models.WecomDomain:
+		return &WecomSender{tpl: tpls[models.Wecom]}
+	case models.FeishuDomain:
+		return &FeishuSender{tpl: tpls[models.Feishu]}
+	case models.FeishuCardDomain:
+		return &FeishuCardSender{tpl: tpls[models.FeishuCard]}
+	//case models.Mm:
+	//	return &MmSender{tpl: tpls[models.Mm]}
+	case models.TelegramDomain:
+		return &TelegramSender{tpl: tpls[models.Telegram]}
+	case models.LarkDomain:
+		return &LarkSender{tpl: tpls[models.Lark]}
+	case models.LarkCardDomain:
+		return &LarkCardSender{tpl: tpls[models.LarkCard]}
+	}
+
+	return nil
+}
+
+func (c *DefaultCallBacker) CallBack(ctx CallBackContext) {
+	if len(ctx.CallBackURL) == 0 || len(ctx.Events) == 0 {
+		return
+	}
+
+	event := ctx.Events[0]
+
+	if ctx.BatchSend {
+		webhookConf := &models.Webhook{
+			Type:          models.RuleCallback,
+			Enable:        true,
+			Url:           ctx.CallBackURL,
+			Timeout:       5,
+			RetryCount:    3,
+			RetryInterval: 10,
+			Batch:         1000,
+		}
+
+		PushCallbackEvent(ctx.Ctx, webhookConf, event, ctx.Stats)
+		return
+	}
+
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
+	resp, code, err := poster.PostJSON(ctx.CallBackURL, 5*time.Second, event, 3)
+	if err != nil {
+		logger.Errorf("event_callback_fail(rule_id=%d url=%s), event:%+v, resp: %s, err: %v, code: %d",
+			event.RuleId, ctx.CallBackURL, event, string(resp), err, code)
+		ctx.Stats.AlertNotifyErrorTotal.WithLabelValues("rule_callback").Inc()
+	} else {
+		logger.Infof("event_callback_succ(rule_id=%d url=%s), event:%+v, resp: %s, code: %d",
+			event.RuleId, ctx.CallBackURL, event, string(resp), code)
+	}
+}
+
+func doSendAndRecord(ctx *ctx.Context, url, token string, body interface{}, channel string,
+	stats *astats.Stats, event *models.AlertCurEvent) {
+	res, err := doSend(url, body, channel, stats)
+	NotifyRecord(ctx, event, channel, token, res, err)
+}
+
+func NotifyRecord(ctx *ctx.Context, evt *models.AlertCurEvent, channel, target, res string, err error) {
+	noti := models.NewNotificationRecord(evt, channel, target)
+	if err != nil {
+		noti.SetStatus(models.NotiStatusFailure)
+		noti.SetDetails(err.Error())
+	} else if res != "" {
+		noti.SetDetails(string(res))
+	}
+
+	if !ctx.IsCenter {
+		_, err := poster.PostByUrlsWithResp[int64](ctx, "/v1/n9e/notify-record", noti)
+		if err != nil {
+			logger.Errorf("add noti:%v failed, err: %v", noti, err)
+		}
+		return
+	}
+
+	if err := noti.Add(ctx); err != nil {
+		logger.Errorf("add noti:%v failed, err: %v", noti, err)
+	}
+}
+
+func doSend(url string, body interface{}, channel string, stats *astats.Stats) (string, error) {
+	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
+
+	res, code, err := poster.PostJSON(url, time.Second*5, body, 3)
+	if err != nil {
+		logger.Errorf("%s_sender: result=fail url=%s code=%d error=%v req:%v response=%s", channel, url, code, err, body, string(res))
+		stats.AlertNotifyErrorTotal.WithLabelValues(channel).Inc()
+		return "", err
+	}
+
+	logger.Infof("%s_sender: result=succ url=%s code=%d req:%v response=%s", channel, url, code, body, string(res))
+	return string(res), nil
 }

 type TaskCreateReply struct {
@@ -66,157 +188,26 @@ type TaskCreateReply struct {
 	Dat int64  `json:"dat"` // task.id
 }

-func handleIbex(ctx *ctx.Context, url string, event *models.AlertCurEvent, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType, ibexConf aconf.Ibex) {
-	arr := strings.Split(url, "/")
+func PushCallbackEvent(ctx *ctx.Context, webhook *models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
+	CallbackEventQueueLock.RLock()
+	queue := CallbackEventQueue[webhook.Url]
+	CallbackEventQueueLock.RUnlock()

-	var idstr string
-	var host string
-
-	if len(arr) > 1 {
-		idstr = arr[1]
-	}
-
-	if len(arr) > 2 {
-		host = arr[2]
-	}
-
-	id, err := strconv.ParseInt(idstr, 10, 64)
-	if err != nil {
-		logger.Errorf("event_callback_ibex: failed to parse url: %s", url)
-		return
-	}
-
-	if host == "" {
-		// 用户在callback url中没有传入host，就从event中解析
-		host = event.TargetIdent
-	}
-
-	if host == "" {
-		logger.Error("event_callback_ibex: failed to get host")
-		return
-	}
-
-	tpl, err := models.TaskTplGetById(ctx, id)
-	if err != nil {
-		logger.Errorf("event_callback_ibex: failed to get tpl: %v", err)
-		return
-	}
-
-	if tpl == nil {
-		logger.Errorf("event_callback_ibex: no such tpl(%d)", id)
-		return
-	}
-
-	// check perm
-	// tpl.GroupId - host - account 三元组校验权限
-	can, err := canDoIbex(ctx, tpl.UpdateBy, tpl, host, targetCache, userCache)
-	if err != nil {
-		logger.Errorf("event_callback_ibex: check perm fail: %v", err)
-		return
-	}
-
-	if !can {
-		logger.Errorf("event_callback_ibex: user(%s) no permission", tpl.UpdateBy)
-		return
-	}
-
-	tagsMap := make(map[string]string)
-	for i := 0; i < len(event.TagsJSON); i++ {
-		pair := strings.TrimSpace(event.TagsJSON[i])
-		if pair == "" {
-			continue
+	if queue == nil {
+		queue = &WebhookQueue{
+			list:    NewSafeListLimited(QueueMaxSize),
+			closeCh: make(chan struct{}),
 		}

-		arr := strings.Split(pair, "=")
-		if len(arr) != 2 {
-			continue
-		}
+		CallbackEventQueueLock.Lock()
+		CallbackEventQueue[webhook.Url] = queue
+		CallbackEventQueueLock.Unlock()

-		tagsMap[arr[0]] = arr[1]
-	}
-	// 附加告警级别  告警触发值标签
-	tagsMap["alert_severity"] = strconv.Itoa(event.Severity)
-	tagsMap["alert_trigger_value"] = event.TriggerValue
-
-	tags, err := json.Marshal(tagsMap)
-	if err != nil {
-		logger.Errorf("event_callback_ibex: failed to marshal tags to json: %v", tagsMap)
-		return
+		StartConsumer(ctx, queue, webhook.Batch, webhook, stats)
 	}

-	// call ibex
-	in := TaskForm{
-		Title:     tpl.Title + " FH: " + host,
-		Account:   tpl.Account,
-		Batch:     tpl.Batch,
-		Tolerance: tpl.Tolerance,
-		Timeout:   tpl.Timeout,
-		Pause:     tpl.Pause,
-		Script:    tpl.Script,
-		Args:      tpl.Args,
-		Stdin:     string(tags),
-		Action:    "start",
-		Creator:   tpl.UpdateBy,
-		Hosts:     []string{host},
-	}
-
-	var res TaskCreateReply
-	err = ibex.New(
-		ibexConf.Address,
-		ibexConf.BasicAuthUser,
-		ibexConf.BasicAuthPass,
-		ibexConf.Timeout,
-	).
-		Path("/ibex/v1/tasks").
-		In(in).
-		Out(&res).
-		POST()
-
-	if err != nil {
-		logger.Errorf("event_callback_ibex: call ibex fail: %v", err)
-		return
-	}
-
-	if res.Err != "" {
-		logger.Errorf("event_callback_ibex: call ibex response error: %v", res.Err)
-		return
-	}
-
-	// write db
-	record := models.TaskRecord{
-		Id:           res.Dat,
-		EventId:      event.Id,
-		GroupId:      tpl.GroupId,
-		IbexAddress:  ibexConf.Address,
-		IbexAuthUser: ibexConf.BasicAuthUser,
-		IbexAuthPass: ibexConf.BasicAuthPass,
-		Title:        in.Title,
-		Account:      in.Account,
-		Batch:        in.Batch,
-		Tolerance:    in.Tolerance,
-		Timeout:      in.Timeout,
-		Pause:        in.Pause,
-		Script:       in.Script,
-		Args:         in.Args,
-		CreateAt:     time.Now().Unix(),
-		CreateBy:     in.Creator,
-	}
-
-	if err = record.Add(ctx); err != nil {
-		logger.Errorf("event_callback_ibex: persist task_record fail: %v", err)
+	succ := queue.list.PushFront(event)
+	if !succ {
+		logger.Warningf("Write channel(%s) full, current channel size: %d event:%v", webhook.Url, queue.list.Len(), event)
 	}
 }
-
-func canDoIbex(ctx *ctx.Context, username string, tpl *models.TaskTpl, host string, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType) (bool, error) {
-	user := userCache.GetByUsername(username)
-	if user != nil && user.IsAdmin() {
-		return true, nil
-	}
-
-	target, has := targetCache.Get(host)
-	if !has {
-		return false, nil
-	}
-
-	return target.GroupId == tpl.GroupId, nil
-}
--- a/alert/sender/dingtalk.go
+++ b/alert/sender/dingtalk.go
@@ -3,13 +3,8 @@ package sender
 import (
 	"html/template"
 	"strings"
-	"time"

-	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
-	"github.com/ccfos/nightingale/v6/pkg/poster"
-
-	"github.com/toolkits/pkg/logger"
 )

 type dingtalkMarkdown struct {
@@ -28,6 +23,10 @@ type dingtalk struct {
 	At       dingtalkAt       `json:"at"`
 }

+var (
+	_ CallBacker = (*DingtalkSender)(nil)
+)
+
 type DingtalkSender struct {
 	tpl *template.Template
 }
@@ -37,13 +36,13 @@ func (ds *DingtalkSender) Send(ctx MessageContext) {
 		return
 	}

-	urls, ats := ds.extract(ctx.Users)
+	urls, ats, tokens := ds.extract(ctx.Users)
 	if len(urls) == 0 {
 		return
 	}
 	message := BuildTplMessage(models.Dingtalk, ds.tpl, ctx.Events)

-	for _, url := range urls {
+	for i, url := range urls {
 		var body dingtalk
 		// NoAt in url
 		if strings.Contains(url, "noat=1") {
@@ -68,14 +67,47 @@ func (ds *DingtalkSender) Send(ctx MessageContext) {
 			}
 		}

-		doSend(url, body, models.Dingtalk, ctx.Stats)
+		doSendAndRecord(ctx.Ctx, url, tokens[i], body, models.Dingtalk, ctx.Stats, ctx.Events[0])
 	}
 }

+func (ds *DingtalkSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	body := dingtalk{
+		Msgtype: "markdown",
+		Markdown: dingtalkMarkdown{
+			Title: ctx.Events[0].RuleName,
+		},
+	}
+
+	ats := ExtractAtsParams(ctx.CallBackURL)
+	message := BuildTplMessage(models.Dingtalk, ds.tpl, ctx.Events)
+
+	if len(ats) > 0 {
+		body.Markdown.Text = message + "\n@" + strings.Join(ats, "@")
+		body.At = dingtalkAt{
+			AtMobiles: ats,
+			IsAtAll:   false,
+		}
+	} else {
+		// NoAt in url
+		body.Markdown.Text = message
+	}
+
+	doSendAndRecord(ctx.Ctx, ctx.CallBackURL, ctx.CallBackURL, body,
+		"callback", ctx.Stats, ctx.Events[0])
+
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
+}
+
 // extract urls and ats from Users
-func (ds *DingtalkSender) extract(users []*models.User) ([]string, []string) {
+func (ds *DingtalkSender) extract(users []*models.User) ([]string, []string, []string) {
 	urls := make([]string, 0, len(users))
 	ats := make([]string, 0, len(users))
+	tokens := make([]string, 0, len(users))

 	for _, user := range users {
 		if user.Phone != "" {
@@ -87,19 +119,8 @@ func (ds *DingtalkSender) extract(users []*models.User) ([]string, []string) {
 				url = "https://oapi.dingtalk.com/robot/send?access_token=" + token
 			}
 			urls = append(urls, url)
+			tokens = append(tokens, token)
 		}
 	}
-	return urls, ats
-}
-
-func doSend(url string, body interface{}, channel string, stats *astats.Stats) {
-	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
-
-	res, code, err := poster.PostJSON(url, time.Second*5, body, 3)
-	if err != nil {
-		logger.Errorf("%s_sender: result=fail url=%s code=%d error=%v req:%v response=%s", channel, url, code, err, body, string(res))
-		stats.AlertNotifyErrorTotal.WithLabelValues(channel).Inc()
-	} else {
-		logger.Infof("%s_sender: result=succ url=%s code=%d req:%v response=%s", channel, url, code, body, string(res))
-	}
+	return urls, ats, tokens
 }
--- a/alert/sender/email.go
+++ b/alert/sender/email.go
@@ -9,13 +9,14 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/aconf"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"

 	"github.com/toolkits/pkg/logger"

 	"gopkg.in/gomail.v2"
 )

-var mailch chan *gomail.Message
+var mailch chan *EmailContext

 type EmailSender struct {
 	subjectTpl *template.Template
@@ -23,6 +24,11 @@ type EmailSender struct {
 	smtp       aconf.SMTPConfig
 }

+type EmailContext struct {
+	event *models.AlertCurEvent
+	mail  *gomail.Message
+}
+
 func (es *EmailSender) Send(ctx MessageContext) {
 	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
 		return
@@ -36,7 +42,7 @@ func (es *EmailSender) Send(ctx MessageContext) {
 		subject = ctx.Events[0].RuleName
 	}
 	content := BuildTplMessage(models.Email, es.contentTpl, ctx.Events)
-	es.WriteEmail(subject, content, tos)
+	es.WriteEmail(subject, content, tos, ctx.Events[0])

 	ctx.Stats.AlertNotifyTotal.WithLabelValues(models.Email).Add(float64(len(tos)))
 }
@@ -73,7 +79,8 @@ func SendEmail(subject, content string, tos []string, stmp aconf.SMTPConfig) err
 	return nil
 }

-func (es *EmailSender) WriteEmail(subject, content string, tos []string) {
+func (es *EmailSender) WriteEmail(subject, content string, tos []string,
+	event *models.AlertCurEvent) {
 	m := gomail.NewMessage()

 	m.SetHeader("From", es.smtp.From)
@@ -81,40 +88,45 @@ func (es *EmailSender) WriteEmail(subject, content string, tos []string) {
 	m.SetHeader("Subject", subject)
 	m.SetBody("text/html", content)

-	mailch <- m
+	mailch <- &EmailContext{event, m}
 }

 func dialSmtp(d *gomail.Dialer) gomail.SendCloser {
 	for {
-		if s, err := d.Dial(); err != nil {
-			logger.Errorf("email_sender: failed to dial smtp: %s", err)
+		select {
+		case <-mailQuit:
+			// Note that Sendcloser is not obtained below,
+			// and the outgoing signal (with configuration changes) exits the current dial
+			return nil
+		default:
+			if s, err := d.Dial(); err != nil {
+				logger.Errorf("email_sender: failed to dial smtp: %s", err)
+			} else {
+				return s
+			}
 			time.Sleep(time.Second)
-			continue
-		} else {
-			return s
 		}
 	}
 }

 var mailQuit = make(chan struct{})

-func RestartEmailSender(smtp aconf.SMTPConfig) {
-	close(mailQuit)
-	mailQuit = make(chan struct{})
-	startEmailSender(smtp)
+func RestartEmailSender(ctx *ctx.Context, smtp aconf.SMTPConfig) {
+	// Notify internal start exit
+	mailQuit <- struct{}{}
+	startEmailSender(ctx, smtp)
 }

 var smtpConfig aconf.SMTPConfig

-func InitEmailSender(ncc *memsto.NotifyConfigCacheType) {
-	mailch = make(chan *gomail.Message, 100000)
-	go updateSmtp(ncc)
+func InitEmailSender(ctx *ctx.Context, ncc *memsto.NotifyConfigCacheType) {
+	mailch = make(chan *EmailContext, 100000)
+	go updateSmtp(ctx, ncc)
 	smtpConfig = ncc.GetSMTP()
-	startEmailSender(smtpConfig)
-
+	startEmailSender(ctx, smtpConfig)
 }

-func updateSmtp(ncc *memsto.NotifyConfigCacheType) {
+func updateSmtp(ctx *ctx.Context, ncc *memsto.NotifyConfigCacheType) {
 	for {
 		time.Sleep(1 * time.Minute)
 		smtp := ncc.GetSMTP()
@@ -122,12 +134,12 @@ func updateSmtp(ncc *memsto.NotifyConfigCacheType) {
 			smtpConfig.Pass != smtp.Pass || smtpConfig.User != smtp.User || smtpConfig.Port != smtp.Port ||
 			smtpConfig.InsecureSkipVerify != smtp.InsecureSkipVerify { //diff
 			smtpConfig = smtp
-			RestartEmailSender(smtp)
+			RestartEmailSender(ctx, smtp)
 		}
 	}
 }

-func startEmailSender(smtp aconf.SMTPConfig) {
+func startEmailSender(ctx *ctx.Context, smtp aconf.SMTPConfig) {
 	conf := smtp
 	if conf.Host == "" || conf.Port == 0 {
 		logger.Warning("SMTP configurations invalid")
@@ -154,9 +166,16 @@ func startEmailSender(smtp aconf.SMTPConfig) {

 			if !open {
 				s = dialSmtp(d)
+				if s == nil {
+					// Indicates that the dialing failed and exited the current goroutine directly,
+					// but put the Message back in the mailch
+					mailch <- m
+					return
+				}
 				open = true
 			}
-			if err := gomail.Send(s, m); err != nil {
+			var err error
+			if err = gomail.Send(s, m.mail); err != nil {
 				logger.Errorf("email_sender: failed to send: %s", err)

 				// close and retry
@@ -165,13 +184,24 @@ func startEmailSender(smtp aconf.SMTPConfig) {
 				}

 				s = dialSmtp(d)
+				if s == nil {
+					// Indicates that the dialing failed and exited the current goroutine directly,
+					// but put the Message back in the mailch
+					mailch <- m
+					return
+				}
 				open = true

-				if err := gomail.Send(s, m); err != nil {
+				if err = gomail.Send(s, m.mail); err != nil {
 					logger.Errorf("email_sender: failed to retry send: %s", err)
 				}
 			} else {
-				logger.Infof("email_sender: result=succ subject=%v to=%v", m.GetHeader("Subject"), m.GetHeader("To"))
+				logger.Infof("email_sender: result=succ subject=%v to=%v",
+					m.mail.GetHeader("Subject"), m.mail.GetHeader("To"))
+			}
+
+			for _, to := range m.mail.GetHeader("To") {
+				NotifyRecord(ctx, m.event, models.Email, to, "", err)
 			}

 			size++
--- a/alert/sender/feishu.go
+++ b/alert/sender/feishu.go
@@ -1,6 +1,7 @@
 package sender

 import (
+	"fmt"
 	"html/template"
 	"strings"

@@ -22,17 +23,49 @@ type feishu struct {
 	At      feishuAt      `json:"at"`
 }

+var (
+	_ CallBacker = (*FeishuSender)(nil)
+)
+
 type FeishuSender struct {
 	tpl *template.Template
 }

+func (fs *FeishuSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	ats := ExtractAtsParams(ctx.CallBackURL)
+	message := BuildTplMessage(models.Feishu, fs.tpl, ctx.Events)
+
+	if len(ats) > 0 {
+		atTags := ""
+		for _, at := range ats {
+			atTags += fmt.Sprintf("<at user_id=\"%s\"></at> ", at)
+		}
+		message = atTags + message
+	}
+
+	body := feishu{
+		Msgtype: "text",
+		Content: feishuContent{
+			Text: message,
+		},
+	}
+
+	doSendAndRecord(ctx.Ctx, ctx.CallBackURL, ctx.CallBackURL, body, "callback",
+		ctx.Stats, ctx.Events[0])
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
+}
+
 func (fs *FeishuSender) Send(ctx MessageContext) {
 	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
 		return
 	}
-	urls, ats := fs.extract(ctx.Users)
+	urls, ats, tokens := fs.extract(ctx.Users)
 	message := BuildTplMessage(models.Feishu, fs.tpl, ctx.Events)
-	for _, url := range urls {
+	for i, url := range urls {
 		body := feishu{
 			Msgtype: "text",
 			Content: feishuContent{
@@ -45,13 +78,14 @@ func (fs *FeishuSender) Send(ctx MessageContext) {
 				IsAtAll:   false,
 			}
 		}
-		doSend(url, body, models.Feishu, ctx.Stats)
+		doSendAndRecord(ctx.Ctx, url, tokens[i], body, models.Feishu, ctx.Stats, ctx.Events[0])
 	}
 }

-func (fs *FeishuSender) extract(users []*models.User) ([]string, []string) {
+func (fs *FeishuSender) extract(users []*models.User) ([]string, []string, []string) {
 	urls := make([]string, 0, len(users))
 	ats := make([]string, 0, len(users))
+	tokens := make([]string, 0, len(users))

 	for _, user := range users {
 		if user.Phone != "" {
@@ -63,7 +97,8 @@ func (fs *FeishuSender) extract(users []*models.User) ([]string, []string) {
 				url = "https://open.feishu.cn/open-apis/bot/v2/hook/" + token
 			}
 			urls = append(urls, url)
+			tokens = append(tokens, token)
 		}
 	}
-	return urls, ats
+	return urls, ats, tokens
 }
--- a/alert/sender/feishucard.go
+++ b/alert/sender/feishucard.go
@@ -3,6 +3,7 @@ package sender
 import (
 	"fmt"
 	"html/template"
+	"net/url"
 	"strings"

 	"github.com/ccfos/nightingale/v6/models"
@@ -91,11 +92,57 @@ var (
 	}
 )

+func (fs *FeishuCardSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	ats := ExtractAtsParams(ctx.CallBackURL)
+	message := BuildTplMessage(models.FeishuCard, fs.tpl, ctx.Events)
+
+	if len(ats) > 0 {
+		atTags := ""
+		for _, at := range ats {
+			if strings.Contains(at, "@") {
+				atTags += fmt.Sprintf("<at email=\"%s\" ></at>", at)
+			} else {
+				atTags += fmt.Sprintf("<at id=\"%s\" ></at>", at)
+			}
+		}
+		message = atTags + message
+	}
+
+	color := "red"
+	lowerUnicode := strings.ToLower(message)
+	if strings.Count(lowerUnicode, Recovered) > 0 && strings.Count(lowerUnicode, Triggered) > 0 {
+		color = "orange"
+	} else if strings.Count(lowerUnicode, Recovered) > 0 {
+		color = "green"
+	}
+
+	SendTitle := fmt.Sprintf("🔔 %s", ctx.Events[0].RuleName)
+	body.Card.Header.Title.Content = SendTitle
+	body.Card.Header.Template = color
+	body.Card.Elements[0].Text.Content = message
+	body.Card.Elements[2].Elements[0].Content = SendTitle
+
+	// This is to be compatible with the feishucard interface, if with query string parameters, the request will fail
+	// Remove query parameters from the URL,
+	parsedURL, err := url.Parse(ctx.CallBackURL)
+	if err != nil {
+		return
+	}
+	parsedURL.RawQuery = ""
+
+	doSendAndRecord(ctx.Ctx, parsedURL.String(), parsedURL.String(), body, "callback",
+		ctx.Stats, ctx.Events[0])
+}
+
 func (fs *FeishuCardSender) Send(ctx MessageContext) {
 	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
 		return
 	}
-	urls, _ := fs.extract(ctx.Users)
+	urls, tokens := fs.extract(ctx.Users)
 	message := BuildTplMessage(models.FeishuCard, fs.tpl, ctx.Events)
 	color := "red"
 	lowerUnicode := strings.ToLower(message)
@@ -110,14 +157,15 @@ func (fs *FeishuCardSender) Send(ctx MessageContext) {
 	body.Card.Header.Template = color
 	body.Card.Elements[0].Text.Content = message
 	body.Card.Elements[2].Elements[0].Content = SendTitle
-	for _, url := range urls {
-		doSend(url, body, models.FeishuCard, ctx.Stats)
+	for i, url := range urls {
+		doSendAndRecord(ctx.Ctx, url, tokens[i], body, models.FeishuCard,
+			ctx.Stats, ctx.Events[0])
 	}
 }

 func (fs *FeishuCardSender) extract(users []*models.User) ([]string, []string) {
 	urls := make([]string, 0, len(users))
-	ats := make([]string, 0)
+	tokens := make([]string, 0, len(users))
 	for i := range users {
 		if token, has := users[i].ExtractToken(models.FeishuCard); has {
 			url := token
@@ -125,7 +173,8 @@ func (fs *FeishuCardSender) extract(users []*models.User) ([]string, []string) {
 				url = "https://open.feishu.cn/open-apis/bot/v2/hook/" + strings.TrimSpace(token)
 			}
 			urls = append(urls, url)
+			tokens = append(tokens, token)
 		}
 	}
-	return urls, ats
+	return urls, tokens
 }
--- a/alert/sender/ibex.go
+++ b/alert/sender/ibex.go
@@ -0,0 +1,270 @@
+// @Author: Ciusyan 6/5/24
+
+package sender
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/memsto"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	imodels "github.com/flashcatcloud/ibex/src/models"
+	"github.com/flashcatcloud/ibex/src/storage"
+
+	"github.com/toolkits/pkg/logger"
+)
+
+var (
+	_ CallBacker = (*IbexCallBacker)(nil)
+)
+
+type IbexCallBacker struct {
+	targetCache  *memsto.TargetCacheType
+	userCache    *memsto.UserCacheType
+	taskTplCache *memsto.TaskTplCache
+}
+
+func (c *IbexCallBacker) CallBack(ctx CallBackContext) {
+	if len(ctx.CallBackURL) == 0 || len(ctx.Events) == 0 {
+		return
+	}
+
+	event := ctx.Events[0]
+
+	if event.IsRecovered {
+		return
+	}
+
+	c.handleIbex(ctx.Ctx, ctx.CallBackURL, event)
+}
+
+func (c *IbexCallBacker) handleIbex(ctx *ctx.Context, url string, event *models.AlertCurEvent) {
+	if imodels.DB() == nil && ctx.IsCenter {
+		logger.Warning("event_callback_ibex: db is nil")
+		return
+	}
+
+	arr := strings.Split(url, "/")
+
+	var idstr string
+	var host string
+
+	if len(arr) > 1 {
+		idstr = arr[1]
+	}
+
+	if len(arr) > 2 {
+		host = arr[2]
+	}
+
+	id, err := strconv.ParseInt(idstr, 10, 64)
+	if err != nil {
+		logger.Errorf("event_callback_ibex: failed to parse url: %s", url)
+		return
+	}
+
+	if host == "" {
+		// 用户在callback url中没有传入host，就从event中解析
+		host = event.TargetIdent
+	}
+
+	if host == "" {
+		logger.Error("event_callback_ibex: failed to get host")
+		return
+	}
+
+	CallIbex(ctx, id, host, c.taskTplCache, c.targetCache, c.userCache, event)
+}
+
+func CallIbex(ctx *ctx.Context, id int64, host string,
+	taskTplCache *memsto.TaskTplCache, targetCache *memsto.TargetCacheType,
+	userCache *memsto.UserCacheType, event *models.AlertCurEvent) {
+	tpl := taskTplCache.Get(id)
+	if tpl == nil {
+		logger.Errorf("event_callback_ibex: no such tpl(%d)", id)
+		return
+	}
+	// check perm
+	// tpl.GroupId - host - account 三元组校验权限
+	can, err := canDoIbex(tpl.UpdateBy, tpl, host, targetCache, userCache)
+	if err != nil {
+		logger.Errorf("event_callback_ibex: check perm fail: %v", err)
+		return
+	}
+
+	if !can {
+		logger.Errorf("event_callback_ibex: user(%s) no permission", tpl.UpdateBy)
+		return
+	}
+
+	tagsMap := make(map[string]string)
+	for i := 0; i < len(event.TagsJSON); i++ {
+		pair := strings.TrimSpace(event.TagsJSON[i])
+		if pair == "" {
+			continue
+		}
+
+		arr := strings.Split(pair, "=")
+		if len(arr) != 2 {
+			continue
+		}
+
+		tagsMap[arr[0]] = arr[1]
+	}
+	// 附加告警级别  告警触发值标签
+	tagsMap["alert_severity"] = strconv.Itoa(event.Severity)
+	tagsMap["alert_trigger_value"] = event.TriggerValue
+
+	tags, err := json.Marshal(tagsMap)
+	if err != nil {
+		logger.Errorf("event_callback_ibex: failed to marshal tags to json: %v", tagsMap)
+		return
+	}
+
+	// call ibex
+	in := models.TaskForm{
+		Title:          tpl.Title + " FH: " + host,
+		Account:        tpl.Account,
+		Batch:          tpl.Batch,
+		Tolerance:      tpl.Tolerance,
+		Timeout:        tpl.Timeout,
+		Pause:          tpl.Pause,
+		Script:         tpl.Script,
+		Args:           tpl.Args,
+		Stdin:          string(tags),
+		Action:         "start",
+		Creator:        tpl.UpdateBy,
+		Hosts:          []string{host},
+		AlertTriggered: true,
+	}
+
+	id, err = TaskAdd(in, tpl.UpdateBy, ctx.IsCenter)
+	if err != nil {
+		logger.Errorf("event_callback_ibex: call ibex fail: %v", err)
+		return
+	}
+
+	// write db
+	record := models.TaskRecord{
+		Id:        id,
+		EventId:   event.Id,
+		GroupId:   tpl.GroupId,
+		Title:     in.Title,
+		Account:   in.Account,
+		Batch:     in.Batch,
+		Tolerance: in.Tolerance,
+		Timeout:   in.Timeout,
+		Pause:     in.Pause,
+		Script:    in.Script,
+		Args:      in.Args,
+		CreateAt:  time.Now().Unix(),
+		CreateBy:  in.Creator,
+	}
+
+	if err = record.Add(ctx); err != nil {
+		logger.Errorf("event_callback_ibex: persist task_record fail: %v", err)
+	}
+}
+
+func canDoIbex(username string, tpl *models.TaskTpl, host string, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType) (bool, error) {
+	user := userCache.GetByUsername(username)
+	if user != nil && user.IsAdmin() {
+		return true, nil
+	}
+
+	target, has := targetCache.Get(host)
+	if !has {
+		return false, nil
+	}
+
+	return target.GroupId == tpl.GroupId, nil
+}
+
+func TaskAdd(f models.TaskForm, authUser string, isCenter bool) (int64, error) {
+	hosts := cleanHosts(f.Hosts)
+	if len(hosts) == 0 {
+		return 0, fmt.Errorf("arg(hosts) empty")
+	}
+
+	taskMeta := &imodels.TaskMeta{
+		Title:     f.Title,
+		Account:   f.Account,
+		Batch:     f.Batch,
+		Tolerance: f.Tolerance,
+		Timeout:   f.Timeout,
+		Pause:     f.Pause,
+		Script:    f.Script,
+		Args:      f.Args,
+		Stdin:     f.Stdin,
+		Creator:   f.Creator,
+	}
+
+	err := taskMeta.CleanFields()
+	if err != nil {
+		return 0, err
+	}
+
+	taskMeta.HandleFH(hosts[0])
+
+	// 任务类型分为"告警规则触发"和"n9e center用户下发"两种；
+	// 边缘机房"告警规则触发"的任务不需要规划，并且它可能是失联的，无法使用db资源，所以放入redis缓存中，直接下发给agentd执行
+	if !isCenter && f.AlertTriggered {
+		if err := taskMeta.Create(); err != nil {
+			// 当网络不连通时，生成唯一的id，防止边缘机房中不同任务的id相同；
+			// 方法是，redis自增id去防止同一个机房的不同n9e edge生成的id相同；
+			// 但没法防止不同边缘机房生成同样的id，所以，生成id的数据不会上报存入数据库，只用于闭环执行。
+			taskMeta.Id, err = storage.IdGet()
+			if err != nil {
+				return 0, err
+			}
+		}
+
+		taskHost := imodels.TaskHost{
+			Id:     taskMeta.Id,
+			Host:   hosts[0],
+			Status: "running",
+		}
+		if err = taskHost.Create(); err != nil {
+			logger.Warningf("task_add_fail: authUser=%s title=%s err=%s", authUser, taskMeta.Title, err.Error())
+		}
+
+		// 缓存任务元信息和待下发的任务
+		err = taskMeta.Cache(hosts[0])
+		if err != nil {
+			return 0, err
+		}
+
+	} else {
+		// 如果是中心机房，还是保持之前的逻辑
+		err = taskMeta.Save(hosts, f.Action)
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	logger.Infof("task_add_succ: authUser=%s title=%s", authUser, taskMeta.Title)
+	return taskMeta.Id, nil
+}
+
+func cleanHosts(formHosts []string) []string {
+	cnt := len(formHosts)
+	arr := make([]string, 0, cnt)
+	for i := 0; i < cnt; i++ {
+		item := strings.TrimSpace(formHosts[i])
+		if item == "" {
+			continue
+		}
+
+		if strings.HasPrefix(item, "#") {
+			continue
+		}
+
+		arr = append(arr, item)
+	}
+
+	return arr
+}
--- a/alert/sender/lark.go
+++ b/alert/sender/lark.go
@@ -0,0 +1,65 @@
+package sender
+
+import (
+	"html/template"
+	"strings"
+
+	"github.com/ccfos/nightingale/v6/models"
+)
+
+var (
+	_ CallBacker = (*LarkSender)(nil)
+)
+
+type LarkSender struct {
+	tpl *template.Template
+}
+
+func (lk *LarkSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	body := feishu{
+		Msgtype: "text",
+		Content: feishuContent{
+			Text: BuildTplMessage(models.Lark, lk.tpl, ctx.Events),
+		},
+	}
+
+	doSendAndRecord(ctx.Ctx, ctx.CallBackURL, ctx.CallBackURL, body, "callback",
+		ctx.Stats, ctx.Events[0])
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
+}
+
+func (lk *LarkSender) Send(ctx MessageContext) {
+	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
+		return
+	}
+	urls := lk.extract(ctx.Users)
+	message := BuildTplMessage(models.Lark, lk.tpl, ctx.Events)
+	for _, url := range urls {
+		body := feishu{
+			Msgtype: "text",
+			Content: feishuContent{
+				Text: message,
+			},
+		}
+		doSend(url, body, models.Lark, ctx.Stats)
+	}
+}
+
+func (lk *LarkSender) extract(users []*models.User) []string {
+	urls := make([]string, 0, len(users))
+
+	for _, user := range users {
+		if token, has := user.ExtractToken(models.Lark); has {
+			url := token
+			if !strings.HasPrefix(token, "https://") && !strings.HasPrefix(token, "http://") {
+				url = "https://open.larksuite.com/open-apis/bot/v2/hook/" + token
+			}
+			urls = append(urls, url)
+		}
+	}
+	return urls
+}
--- a/alert/sender/larkcard.go
+++ b/alert/sender/larkcard.go
@@ -0,0 +1,99 @@
+package sender
+
+import (
+	"fmt"
+	"html/template"
+	"net/url"
+	"strings"
+
+	"github.com/ccfos/nightingale/v6/models"
+)
+
+type LarkCardSender struct {
+	tpl *template.Template
+}
+
+func (fs *LarkCardSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	ats := ExtractAtsParams(ctx.CallBackURL)
+	message := BuildTplMessage(models.LarkCard, fs.tpl, ctx.Events)
+
+	if len(ats) > 0 {
+		atTags := ""
+		for _, at := range ats {
+			if strings.Contains(at, "@") {
+				atTags += fmt.Sprintf("<at email=\"%s\" ></at>", at)
+			} else {
+				atTags += fmt.Sprintf("<at id=\"%s\" ></at>", at)
+			}
+		}
+		message = atTags + message
+	}
+
+	color := "red"
+	lowerUnicode := strings.ToLower(message)
+	if strings.Count(lowerUnicode, Recovered) > 0 && strings.Count(lowerUnicode, Triggered) > 0 {
+		color = "orange"
+	} else if strings.Count(lowerUnicode, Recovered) > 0 {
+		color = "green"
+	}
+
+	SendTitle := fmt.Sprintf("🔔 %s", ctx.Events[0].RuleName)
+	body.Card.Header.Title.Content = SendTitle
+	body.Card.Header.Template = color
+	body.Card.Elements[0].Text.Content = message
+	body.Card.Elements[2].Elements[0].Content = SendTitle
+
+	// This is to be compatible with the Larkcard interface, if with query string parameters, the request will fail
+	// Remove query parameters from the URL,
+	parsedURL, err := url.Parse(ctx.CallBackURL)
+	if err != nil {
+		return
+	}
+	parsedURL.RawQuery = ""
+
+	doSendAndRecord(ctx.Ctx, ctx.CallBackURL, ctx.CallBackURL, body, "callback",
+		ctx.Stats, ctx.Events[0])
+}
+
+func (fs *LarkCardSender) Send(ctx MessageContext) {
+	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
+		return
+	}
+	urls, _ := fs.extract(ctx.Users)
+	message := BuildTplMessage(models.LarkCard, fs.tpl, ctx.Events)
+	color := "red"
+	lowerUnicode := strings.ToLower(message)
+	if strings.Count(lowerUnicode, Recovered) > 0 && strings.Count(lowerUnicode, Triggered) > 0 {
+		color = "orange"
+	} else if strings.Count(lowerUnicode, Recovered) > 0 {
+		color = "green"
+	}
+
+	SendTitle := fmt.Sprintf("🔔 %s", ctx.Events[0].RuleName)
+	body.Card.Header.Title.Content = SendTitle
+	body.Card.Header.Template = color
+	body.Card.Elements[0].Text.Content = message
+	body.Card.Elements[2].Elements[0].Content = SendTitle
+	for _, url := range urls {
+		doSend(url, body, models.LarkCard, ctx.Stats)
+	}
+}
+
+func (fs *LarkCardSender) extract(users []*models.User) ([]string, []string) {
+	urls := make([]string, 0, len(users))
+	ats := make([]string, 0)
+	for i := range users {
+		if token, has := users[i].ExtractToken(models.Lark); has {
+			url := token
+			if !strings.HasPrefix(token, "https://") && !strings.HasPrefix(token, "http://") {
+				url = "https://open.larksuite.com/open-apis/bot/v2/hook/" + strings.TrimSpace(token)
+			}
+			urls = append(urls, url)
+		}
+	}
+	return urls, ats
+}
--- a/alert/sender/mm.go
+++ b/alert/sender/mm.go
@@ -7,6 +7,7 @@ import (

 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"

 	"github.com/toolkits/pkg/logger"
 )
@@ -38,11 +39,26 @@ func (ms *MmSender) Send(ctx MessageContext) {
 	}
 	message := BuildTplMessage(models.Mm, ms.tpl, ctx.Events)

-	SendMM(MatterMostMessage{
+	SendMM(ctx.Ctx, MatterMostMessage{
 		Text:   message,
 		Tokens: urls,
 		Stats:  ctx.Stats,
-	})
+	}, ctx.Events[0])
+}
+
+func (ms *MmSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+	message := BuildTplMessage(models.Mm, ms.tpl, ctx.Events)
+
+	SendMM(ctx.Ctx, MatterMostMessage{
+		Text:   message,
+		Tokens: []string{ctx.CallBackURL},
+		Stats:  ctx.Stats,
+	}, ctx.Events[0])
+
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
 }

 func (ms *MmSender) extract(users []*models.User) []string {
@@ -55,7 +71,7 @@ func (ms *MmSender) extract(users []*models.User) []string {
 	return tokens
 }

-func SendMM(message MatterMostMessage) {
+func SendMM(ctx *ctx.Context, message MatterMostMessage, event *models.AlertCurEvent) {
 	for i := 0; i < len(message.Tokens); i++ {
 		u, err := url.Parse(message.Tokens[i])
 		if err != nil {
@@ -88,7 +104,7 @@ func SendMM(message MatterMostMessage) {
 				Username: username,
 				Text:     txt + message.Text,
 			}
-			doSend(ur, body, models.Mm, message.Stats)
+			doSendAndRecord(ctx, ur, message.Tokens[i], body, models.Mm, message.Stats, event)
 		}
 	}
 }
--- a/alert/sender/plugin.go
+++ b/alert/sender/plugin.go
@@ -2,26 +2,30 @@ package sender

 import (
 	"bytes"
+	"fmt"
 	"os"
 	"os/exec"
 	"time"

 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"

 	"github.com/toolkits/pkg/file"
 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/sys"
 )

-func MayPluginNotify(noticeBytes []byte, notifyScript models.NotifyScript, stats *astats.Stats) {
+func MayPluginNotify(ctx *ctx.Context, noticeBytes []byte, notifyScript models.NotifyScript,
+	stats *astats.Stats, event *models.AlertCurEvent) {
 	if len(noticeBytes) == 0 {
 		return
 	}
-	alertingCallScript(noticeBytes, notifyScript, stats)
+	alertingCallScript(ctx, noticeBytes, notifyScript, stats, event)
 }

-func alertingCallScript(stdinBytes []byte, notifyScript models.NotifyScript, stats *astats.Stats) {
+func alertingCallScript(ctx *ctx.Context, stdinBytes []byte, notifyScript models.NotifyScript,
+	stats *astats.Stats, event *models.AlertCurEvent) {
 	// not enable or no notify.py? do nothing
 	config := notifyScript
 	if !config.Enable || config.Content == "" {
@@ -81,6 +85,7 @@ func alertingCallScript(stdinBytes []byte, notifyScript models.NotifyScript, sta
 	}

 	err, isTimeout := sys.WrapTimeout(cmd, time.Duration(config.Timeout)*time.Second)
+	NotifyRecord(ctx, event, channel, cmd.String(), "", buildErr(err, isTimeout))

 	if isTimeout {
 		if err == nil {
@@ -102,3 +107,11 @@ func alertingCallScript(stdinBytes []byte, notifyScript models.NotifyScript, sta

 	logger.Infof("event_script_notify_ok: exec %s output: %s", fpath, buf.String())
 }
+
+func buildErr(err error, isTimeout bool) error {
+	if err == nil && !isTimeout {
+		return nil
+	} else {
+		return fmt.Errorf("is_timeout: %v, err: %v", isTimeout, err)
+	}
+}
--- a/alert/sender/sender.go
+++ b/alert/sender/sender.go
@@ -8,6 +8,7 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
 )

 type (
@@ -22,6 +23,7 @@ type (
 		Rule   *models.AlertRule
 		Events []*models.AlertCurEvent
 		Stats  *astats.Stats
+		Ctx    *ctx.Context
 	}
 )

@@ -41,17 +43,23 @@ func NewSender(key string, tpls map[string]*template.Template, smtp ...aconf.SMT
 		return &MmSender{tpl: tpls[models.Mm]}
 	case models.Telegram:
 		return &TelegramSender{tpl: tpls[models.Telegram]}
+	case models.Lark:
+		return &LarkSender{tpl: tpls[models.Lark]}
+	case models.LarkCard:
+		return &LarkCardSender{tpl: tpls[models.LarkCard]}
 	}
 	return nil
 }

-func BuildMessageContext(rule *models.AlertRule, events []*models.AlertCurEvent, uids []int64, userCache *memsto.UserCacheType, stats *astats.Stats) MessageContext {
+func BuildMessageContext(ctx *ctx.Context, rule *models.AlertRule, events []*models.AlertCurEvent,
+	uids []int64, userCache *memsto.UserCacheType, stats *astats.Stats) MessageContext {
 	users := userCache.GetByUserIds(uids)
 	return MessageContext{
 		Rule:   rule,
 		Events: events,
 		Users:  users,
 		Stats:  stats,
+		Ctx:    ctx,
 	}
 }

--- a/alert/sender/telegram.go
+++ b/alert/sender/telegram.go
@@ -6,6 +6,7 @@ import (

 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"

 	"github.com/toolkits/pkg/logger"
 )
@@ -21,10 +22,29 @@ type telegram struct {
 	Text      string `json:"text"`
 }

+var (
+	_ CallBacker = (*TelegramSender)(nil)
+)
+
 type TelegramSender struct {
 	tpl *template.Template
 }

+func (ts *TelegramSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	message := BuildTplMessage(models.Telegram, ts.tpl, ctx.Events)
+	SendTelegram(ctx.Ctx, TelegramMessage{
+		Text:   message,
+		Tokens: []string{ctx.CallBackURL},
+		Stats:  ctx.Stats,
+	}, ctx.Events[0])
+
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
+}
+
 func (ts *TelegramSender) Send(ctx MessageContext) {
 	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
 		return
@@ -32,11 +52,11 @@ func (ts *TelegramSender) Send(ctx MessageContext) {
 	tokens := ts.extract(ctx.Users)
 	message := BuildTplMessage(models.Telegram, ts.tpl, ctx.Events)

-	SendTelegram(TelegramMessage{
+	SendTelegram(ctx.Ctx, TelegramMessage{
 		Text:   message,
 		Tokens: tokens,
 		Stats:  ctx.Stats,
-	})
+	}, ctx.Events[0])
 }

 func (ts *TelegramSender) extract(users []*models.User) []string {
@@ -49,7 +69,7 @@ func (ts *TelegramSender) extract(users []*models.User) []string {
 	return tokens
 }

-func SendTelegram(message TelegramMessage) {
+func SendTelegram(ctx *ctx.Context, message TelegramMessage, event *models.AlertCurEvent) {
 	for i := 0; i < len(message.Tokens); i++ {
 		if !strings.Contains(message.Tokens[i], "/") && !strings.HasPrefix(message.Tokens[i], "https://") {
 			logger.Errorf("telegram_sender: result=fail invalid token=%s", message.Tokens[i])
@@ -73,6 +93,6 @@ func SendTelegram(message TelegramMessage) {
 			Text:      message.Text,
 		}

-		doSend(url, body, models.Telegram, message.Stats)
+		doSendAndRecord(ctx, url, message.Tokens[i], body, models.Telegram, message.Stats, event)
 	}
 }
--- a/alert/sender/webhook.go
+++ b/alert/sender/webhook.go
@@ -2,70 +2,184 @@ package sender

 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
+	"sync"
 	"time"

 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"

 	"github.com/toolkits/pkg/logger"
 )

-func SendWebhooks(webhooks []*models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
-	for _, conf := range webhooks {
-		if conf.Url == "" || !conf.Enable {
-			continue
-		}
-		bs, err := json.Marshal(event)
-		if err != nil {
-			continue
-		}
+func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats) (bool, string, error) {
+	channel := "webhook"
+	if webhook.Type == models.RuleCallback {
+		channel = "callback"
+	}

-		bf := bytes.NewBuffer(bs)
+	conf := webhook
+	if conf.Url == "" || !conf.Enable {
+		return false, "", nil
+	}
+	bs, err := json.Marshal(event)
+	if err != nil {
+		logger.Errorf("%s alertingWebhook failed to marshal event:%+v err:%v", channel, event, err)
+		return false, "", err
+	}

-		req, err := http.NewRequest("POST", conf.Url, bf)
-		if err != nil {
-			logger.Warning("alertingWebhook failed to new request", err)
-			continue
-		}
+	bf := bytes.NewBuffer(bs)

-		req.Header.Set("Content-Type", "application/json")
-		if conf.BasicAuthUser != "" && conf.BasicAuthPass != "" {
-			req.SetBasicAuth(conf.BasicAuthUser, conf.BasicAuthPass)
-		}
+	req, err := http.NewRequest("POST", conf.Url, bf)
+	if err != nil {
+		logger.Warningf("%s alertingWebhook failed to new reques event:%s err:%v", channel, string(bs), err)
+		return true, "", err
+	}

-		if len(conf.Headers) > 0 && len(conf.Headers)%2 == 0 {
-			for i := 0; i < len(conf.Headers); i += 2 {
-				if conf.Headers[i] == "host" {
-					req.Host = conf.Headers[i+1]
-					continue
-				}
-				req.Header.Set(conf.Headers[i], conf.Headers[i+1])
+	req.Header.Set("Content-Type", "application/json")
+	if conf.BasicAuthUser != "" && conf.BasicAuthPass != "" {
+		req.SetBasicAuth(conf.BasicAuthUser, conf.BasicAuthPass)
+	}
+
+	if len(conf.Headers) > 0 && len(conf.Headers)%2 == 0 {
+		for i := 0; i < len(conf.Headers); i += 2 {
+			if conf.Headers[i] == "host" || conf.Headers[i] == "Host" {
+				req.Host = conf.Headers[i+1]
+				continue
 			}
+			req.Header.Set(conf.Headers[i], conf.Headers[i+1])
 		}
+	}
+	insecureSkipVerify := false
+	if webhook != nil {
+		insecureSkipVerify = webhook.SkipVerify
+	}
+	client := http.Client{
+		Timeout: time.Duration(conf.Timeout) * time.Second,
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: insecureSkipVerify},
+		},
+	}

-		// todo add skip verify
-		client := http.Client{
-			Timeout: time.Duration(conf.Timeout) * time.Second,
+	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
+	var resp *http.Response
+	var body []byte
+	resp, err = client.Do(req)
+
+	if err != nil {
+		stats.AlertNotifyErrorTotal.WithLabelValues(channel).Inc()
+		logger.Errorf("event_%s_fail, event:%s, url: [%s], error: [%s]", channel, string(bs), conf.Url, err)
+		return true, "", err
+	}
+
+	if resp.Body != nil {
+		defer resp.Body.Close()
+		body, _ = io.ReadAll(resp.Body)
+	}
+
+	if resp.StatusCode == 429 {
+		logger.Errorf("event_%s_fail, url: %s, response code: %d, body: %s event:%s", channel, conf.Url, resp.StatusCode, string(body), string(bs))
+		return true, string(body), fmt.Errorf("status code is 429")
+	}
+
+	logger.Debugf("event_%s_succ, url: %s, response code: %d, body: %s event:%s", channel, conf.Url, resp.StatusCode, string(body), string(bs))
+	return false, string(body), nil
+}
+
+func SingleSendWebhooks(ctx *ctx.Context, webhooks []*models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
+	for _, conf := range webhooks {
+		retryCount := 0
+		for retryCount < 3 {
+			needRetry, res, err := sendWebhook(conf, event, stats)
+			NotifyRecord(ctx, event, "webhook", conf.Url, res, err)
+			if !needRetry {
+				break
+			}
+			retryCount++
+			time.Sleep(time.Minute * 1 * time.Duration(retryCount))
 		}
-
-		stats.AlertNotifyTotal.WithLabelValues("webhook").Inc()
-		var resp *http.Response
-		resp, err = client.Do(req)
-		if err != nil {
-			stats.AlertNotifyErrorTotal.WithLabelValues("webhook").Inc()
-			logger.Errorf("event_webhook_fail, ruleId: [%d], eventId: [%d], url: [%s], error: [%s]", event.RuleId, event.Id, conf.Url, err)
-			continue
-		}
-
-		var body []byte
-		if resp.Body != nil {
-			defer resp.Body.Close()
-			body, _ = io.ReadAll(resp.Body)
-		}
-
-		logger.Debugf("event_webhook_succ, url: %s, response code: %d, body: %s event:%+v", conf.Url, resp.StatusCode, string(body), event)
+	}
+}
+
+func BatchSendWebhooks(ctx *ctx.Context, webhooks []*models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
+	for _, conf := range webhooks {
+		logger.Infof("push event:%+v to queue:%v", event, conf)
+		PushEvent(ctx, conf, event, stats)
+	}
+}
+
+var EventQueue = make(map[string]*WebhookQueue)
+var CallbackEventQueue = make(map[string]*WebhookQueue)
+var CallbackEventQueueLock sync.RWMutex
+var EventQueueLock sync.RWMutex
+
+const QueueMaxSize = 100000
+
+type WebhookQueue struct {
+	list    *SafeListLimited
+	closeCh chan struct{}
+}
+
+func PushEvent(ctx *ctx.Context, webhook *models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
+	EventQueueLock.RLock()
+	queue := EventQueue[webhook.Url]
+	EventQueueLock.RUnlock()
+
+	if queue == nil {
+		queue = &WebhookQueue{
+			list:    NewSafeListLimited(QueueMaxSize),
+			closeCh: make(chan struct{}),
+		}
+
+		EventQueueLock.Lock()
+		EventQueue[webhook.Url] = queue
+		EventQueueLock.Unlock()
+
+		StartConsumer(ctx, queue, webhook.Batch, webhook, stats)
+	}
+
+	succ := queue.list.PushFront(event)
+	if !succ {
+		stats.AlertNotifyErrorTotal.WithLabelValues("push_event_queue").Inc()
+		logger.Warningf("Write channel(%s) full, current channel size: %d event:%v", webhook.Url, queue.list.Len(), event)
+	}
+}
+
+func StartConsumer(ctx *ctx.Context, queue *WebhookQueue, popSize int, webhook *models.Webhook, stats *astats.Stats) {
+	for {
+		select {
+		case <-queue.closeCh:
+			logger.Infof("event queue:%v closed", queue)
+			return
+		default:
+			events := queue.list.PopBack(popSize)
+			if len(events) == 0 {
+				time.Sleep(time.Millisecond * 400)
+				continue
+			}
+
+			retryCount := 0
+			for retryCount < webhook.RetryCount {
+				needRetry, res, err := sendWebhook(webhook, events, stats)
+				if !needRetry {
+					break
+				}
+				go RecordEvents(ctx, webhook, events, stats, res, err)
+				retryCount++
+				time.Sleep(time.Second * time.Duration(webhook.RetryInterval) * time.Duration(retryCount))
+			}
+		}
+	}
+}
+
+func RecordEvents(ctx *ctx.Context, webhook *models.Webhook, events []*models.AlertCurEvent, stats *astats.Stats, res string, err error) {
+	for _, event := range events {
+		time.Sleep(time.Millisecond * 10)
+		NotifyRecord(ctx, event, "webhook", webhook.Url, res, err)
 	}
 }
--- a/alert/sender/webhook_queue.go
+++ b/alert/sender/webhook_queue.go
@@ -0,0 +1,111 @@
+package sender
+
+import (
+	"container/list"
+	"sync"
+
+	"github.com/ccfos/nightingale/v6/models"
+)
+
+type SafeList struct {
+	sync.RWMutex
+	L *list.List
+}
+
+func NewSafeList() *SafeList {
+	return &SafeList{L: list.New()}
+}
+
+func (sl *SafeList) PushFront(v interface{}) *list.Element {
+	sl.Lock()
+	e := sl.L.PushFront(v)
+	sl.Unlock()
+	return e
+}
+
+func (sl *SafeList) PushFrontBatch(vs []interface{}) {
+	sl.Lock()
+	for _, item := range vs {
+		sl.L.PushFront(item)
+	}
+	sl.Unlock()
+}
+
+func (sl *SafeList) PopBack(max int) []*models.AlertCurEvent {
+	sl.Lock()
+
+	count := sl.L.Len()
+	if count == 0 {
+		sl.Unlock()
+		return []*models.AlertCurEvent{}
+	}
+
+	if count > max {
+		count = max
+	}
+
+	items := make([]*models.AlertCurEvent, 0, count)
+	for i := 0; i < count; i++ {
+		item := sl.L.Remove(sl.L.Back())
+		sample, ok := item.(*models.AlertCurEvent)
+		if ok {
+			items = append(items, sample)
+		}
+	}
+
+	sl.Unlock()
+	return items
+}
+
+func (sl *SafeList) RemoveAll() {
+	sl.Lock()
+	sl.L.Init()
+	sl.Unlock()
+}
+
+func (sl *SafeList) Len() int {
+	sl.RLock()
+	size := sl.L.Len()
+	sl.RUnlock()
+	return size
+}
+
+// SafeList with Limited Size
+type SafeListLimited struct {
+	maxSize int
+	SL      *SafeList
+}
+
+func NewSafeListLimited(maxSize int) *SafeListLimited {
+	return &SafeListLimited{SL: NewSafeList(), maxSize: maxSize}
+}
+
+func (sll *SafeListLimited) PopBack(max int) []*models.AlertCurEvent {
+	return sll.SL.PopBack(max)
+}
+
+func (sll *SafeListLimited) PushFront(v interface{}) bool {
+	if sll.SL.Len() >= sll.maxSize {
+		return false
+	}
+
+	sll.SL.PushFront(v)
+	return true
+}
+
+func (sll *SafeListLimited) PushFrontBatch(vs []interface{}) bool {
+	if sll.SL.Len() >= sll.maxSize {
+		return false
+	}
+
+	sll.SL.PushFrontBatch(vs)
+	return true
+}
+
+func (sll *SafeListLimited) RemoveAll() {
+	sll.SL.RemoveAll()
+}
+
+func (sll *SafeListLimited) Len() int {
+	return sll.SL.Len()
+}
--- a/alert/sender/wecom.go
+++ b/alert/sender/wecom.go
@@ -16,29 +16,52 @@ type wecom struct {
 	Markdown wecomMarkdown `json:"markdown"`
 }

+var (
+	_ CallBacker = (*WecomSender)(nil)
+)
+
 type WecomSender struct {
 	tpl *template.Template
 }

+func (ws *WecomSender) CallBack(ctx CallBackContext) {
+	if len(ctx.Events) == 0 || len(ctx.CallBackURL) == 0 {
+		return
+	}
+
+	message := BuildTplMessage(models.Wecom, ws.tpl, ctx.Events)
+	body := wecom{
+		Msgtype: "markdown",
+		Markdown: wecomMarkdown{
+			Content: message,
+		},
+	}
+
+	doSendAndRecord(ctx.Ctx, ctx.CallBackURL, ctx.CallBackURL, body, "callback",
+		ctx.Stats, ctx.Events[0])
+	ctx.Stats.AlertNotifyTotal.WithLabelValues("rule_callback").Inc()
+}
+
 func (ws *WecomSender) Send(ctx MessageContext) {
 	if len(ctx.Users) == 0 || len(ctx.Events) == 0 {
 		return
 	}
-	urls := ws.extract(ctx.Users)
+	urls, tokens := ws.extract(ctx.Users)
 	message := BuildTplMessage(models.Wecom, ws.tpl, ctx.Events)
-	for _, url := range urls {
+	for i, url := range urls {
 		body := wecom{
 			Msgtype: "markdown",
 			Markdown: wecomMarkdown{
 				Content: message,
 			},
 		}
-		doSend(url, body, models.Wecom, ctx.Stats)
+		doSendAndRecord(ctx.Ctx, url, tokens[i], body, models.Wecom, ctx.Stats, ctx.Events[0])
 	}
 }

-func (ws *WecomSender) extract(users []*models.User) []string {
+func (ws *WecomSender) extract(users []*models.User) ([]string, []string) {
 	urls := make([]string, 0, len(users))
+	tokens := make([]string, 0, len(users))
 	for _, user := range users {
 		if token, has := user.ExtractToken(models.Wecom); has {
 			url := token
@@ -46,7 +69,8 @@ func (ws *WecomSender) extract(users []*models.User) []string {
 				url = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=" + token
 			}
 			urls = append(urls, url)
+			tokens = append(tokens, token)
 		}
 	}
-	return urls
+	return urls, tokens
 }
--- a/center/cconf/conf.go
+++ b/center/cconf/conf.go
@@ -12,6 +12,8 @@ type Center struct {
 	AnonymousAccess        AnonymousAccess
 	UseFileAssets          bool
 	FlashDuty              FlashDuty
+	EventHistoryGroupView  bool
+	CleanNotifyRecordDay   int
 }

 type Plugin struct {
@@ -22,8 +24,9 @@ type Plugin struct {
 }

 type FlashDuty struct {
-	Api     string        `json:"api"`
-	Timeout time.Duration `json:"timeout"`
+	Api     string
+	Headers map[string]string
+	Timeout time.Duration
 }

 type AnonymousAccess struct {
--- a/center/cconf/metric.go
+++ b/center/cconf/metric.go
@@ -18,20 +18,28 @@ var MetricDesc MetricDescType
 // GetMetricDesc , if metric is not registered, empty string will be returned
 func GetMetricDesc(lang, metric string) string {
 	var m map[string]string
-	if lang == "zh" {
-		m = MetricDesc.Zh
-	} else {
+
+	switch lang {
+	case "en":
 		m = MetricDesc.En
+	default:
+		m = MetricDesc.Zh
 	}
+
 	if m != nil {
-		if desc, has := m[metric]; has {
+		if desc, ok := m[metric]; ok {
 			return desc
 		}
 	}

-	return MetricDesc.CommonDesc[metric]
-}
+	if MetricDesc.CommonDesc != nil {
+		if desc, ok := MetricDesc.CommonDesc[metric]; ok {
+			return desc
+		}
+	}

+	return ""
+}
 func LoadMetricsYaml(configDir, metricsYamlFile string) error {
 	fp := metricsYamlFile
 	if fp == "" {
--- a/center/cconf/ops.go
+++ b/center/cconf/ops.go
@@ -76,7 +76,9 @@ ops:
    - "/dashboards/add"
    - "/dashboards/put"
    - "/dashboards/del"
-    - "/dashboards-built-in"
+    - "/embedded-dashboards/put"
+    - "/embedded-dashboards"
+    - "/public-dashboards"

 - name: alert
  cname: 告警规则
@@ -85,7 +87,7 @@ ops:
    - "/alert-rules/add"
    - "/alert-rules/put"
    - "/alert-rules/del"
-    - "/alert-rules-built-in"
+
 - name: alert-mutes
  cname: 告警静默管理
  ops:
@@ -172,6 +174,22 @@ ops:
  - "/busi-groups/put"
  - "/busi-groups/del"

+- name: builtin-metrics
+  cname: 指标视图
+  ops:
+    - "/metrics-built-in"
+    - "/builtin-metrics/add"
+    - "/builtin-metrics/put"
+    - "/builtin-metrics/del"
+
+- name: built-in-components
+  cname: 模版中心
+  ops:
+    - "/built-in-components"
+    - "/built-in-components/add"
+    - "/built-in-components/put"
+    - "/built-in-components/del"
+
 - name: system
  cname: 系统信息
  ops:
--- a/center/center.go
+++ b/center/center.go
@@ -7,12 +7,16 @@ import (
 	"github.com/ccfos/nightingale/v6/alert"
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/alert/process"
+	alertrt "github.com/ccfos/nightingale/v6/alert/router"
 	"github.com/ccfos/nightingale/v6/center/cconf"
 	"github.com/ccfos/nightingale/v6/center/cconf/rsa"
 	"github.com/ccfos/nightingale/v6/center/cstats"
+	"github.com/ccfos/nightingale/v6/center/integration"
 	"github.com/ccfos/nightingale/v6/center/metas"
+	centerrt "github.com/ccfos/nightingale/v6/center/router"
 	"github.com/ccfos/nightingale/v6/center/sso"
 	"github.com/ccfos/nightingale/v6/conf"
+	"github.com/ccfos/nightingale/v6/cron"
 	"github.com/ccfos/nightingale/v6/dumper"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
@@ -25,13 +29,12 @@ import (
 	"github.com/ccfos/nightingale/v6/pkg/version"
 	"github.com/ccfos/nightingale/v6/prom"
 	"github.com/ccfos/nightingale/v6/pushgw/idents"
+	pushgwrt "github.com/ccfos/nightingale/v6/pushgw/router"
 	"github.com/ccfos/nightingale/v6/pushgw/writer"
 	"github.com/ccfos/nightingale/v6/storage"
 	"github.com/ccfos/nightingale/v6/tdengine"

-	alertrt "github.com/ccfos/nightingale/v6/alert/router"
-	centerrt "github.com/ccfos/nightingale/v6/center/router"
-	pushgwrt "github.com/ccfos/nightingale/v6/pushgw/router"
+	"github.com/flashcatcloud/ibex/src/cmd/ibex"
 )

 func Initialize(configDir string, cryptoKey string) (func(), error) {
@@ -62,11 +65,14 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	migrate.Migrate(db)
 	models.InitRoot(ctx)

+	config.HTTP.JWTAuth.SigningKey = models.InitJWTSigningKey(ctx)
+
 	err = rsa.InitRSAConfig(ctx, &config.HTTP.RSA)
 	if err != nil {
 		return nil, err
 	}

+	integration.Init(ctx, config.Center.BuiltinIntegrationsDir)
 	var redis storage.Redis
 	redis, err = storage.NewRedis(config.Redis)
 	if err != nil {
@@ -79,8 +85,6 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	syncStats := memsto.NewSyncStats()
 	alertStats := astats.NewSyncStats()

-	sso := sso.Init(config.Center, ctx)
-
 	configCache := memsto.NewConfigCache(ctx, syncStats, config.HTTP.RSA.RSAPrivateKey, config.HTTP.RSA.RSAPassWord)
 	busiGroupCache := memsto.NewBusiGroupCache(ctx, syncStats)
 	targetCache := memsto.NewTargetCache(ctx, syncStats, redis)
@@ -90,19 +94,23 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	notifyConfigCache := memsto.NewNotifyConfigCache(ctx, configCache)
 	userCache := memsto.NewUserCache(ctx, syncStats)
 	userGroupCache := memsto.NewUserGroupCache(ctx, syncStats)
+	taskTplCache := memsto.NewTaskTplCache(ctx)

+	sso := sso.Init(config.Center, ctx, configCache)
 	promClients := prom.NewPromClient(ctx)
 	tdengineClients := tdengine.NewTdengineClient(ctx, config.Alert.Heartbeat)

 	externalProcessors := process.NewExternalProcessors()
-	alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, dsCache, ctx, promClients, tdengineClients, userCache, userGroupCache)
+	alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplCache, dsCache, ctx, promClients, tdengineClients, userCache, userGroupCache)

 	writers := writer.NewWriters(config.Pushgw)

 	go version.GetGithubVersion()

+	go cron.CleanNotifyRecord(ctx, config.Center.CleanNotifyRecordDay)
+
 	alertrtRouter := alertrt.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors)
-	centerRouter := centerrt.New(config.HTTP, config.Center, config.Alert, cconf.Operations, dsCache, notifyConfigCache, promClients, tdengineClients,
+	centerRouter := centerrt.New(config.HTTP, config.Center, config.Alert, config.Ibex, cconf.Operations, dsCache, notifyConfigCache, promClients, tdengineClients,
 		redis, sso, ctx, metas, idents, targetCache, userCache, userGroupCache)
 	pushgwRouter := pushgwrt.New(config.HTTP, config.Pushgw, config.Alert, targetCache, busiGroupCache, idents, metas, writers, ctx)

@@ -113,6 +121,11 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	pushgwRouter.Config(r)
 	dumper.ConfigRouter(r)

+	if config.Ibex.Enable {
+		migrate.MigrateIbexTables(db)
+		ibex.ServerStart(true, db, redis, config.HTTP.APIForService.BasicAuth, config.Alert.Heartbeat, &config.CenterApi, r, centerRouter, config.Ibex, config.HTTP.Port)
+	}
+
 	httpClean := httpx.Init(config.HTTP, r)

 	return func() {
--- a/center/integration/init.go
+++ b/center/integration/init.go
@@ -0,0 +1,374 @@
+package integration
+
+import (
+	"encoding/json"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/toolkits/pkg/file"
+	"github.com/toolkits/pkg/logger"
+	"github.com/toolkits/pkg/runner"
+)
+
+const SYSTEM = "system"
+
+func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
+	err := models.InitBuiltinPayloads(ctx)
+	if err != nil {
+		logger.Warning("init old builtinPayloads fail ", err)
+		return
+	}
+
+	fp := builtinIntegrationsDir
+	if fp == "" {
+		fp = path.Join(runner.Cwd, "integrations")
+	}
+
+	// var fileList []string
+	dirList, err := file.DirsUnder(fp)
+	if err != nil {
+		logger.Warning("read builtin component dir fail ", err)
+		return
+	}
+
+	for _, dir := range dirList {
+		// components icon
+		componentDir := fp + "/" + dir
+		component := models.BuiltinComponent{
+			Ident: dir,
+		}
+
+		// get logo name
+		// /api/n9e/integrations/icon/AliYun/aliyun.png
+		files, err := file.FilesUnder(componentDir + "/icon")
+		if err == nil && len(files) > 0 {
+			component.Logo = "/api/n9e/integrations/icon/" + component.Ident + "/" + files[0]
+		} else if err != nil {
+			logger.Warningf("read builtin component icon dir fail %s %v", component.Ident, err)
+		}
+
+		// get description
+		files, err = file.FilesUnder(componentDir + "/markdown")
+		if err == nil && len(files) > 0 {
+			var readmeFile string
+			for _, file := range files {
+				if strings.HasSuffix(strings.ToLower(file), "md") {
+					readmeFile = componentDir + "/markdown/" + file
+					break
+				}
+			}
+			if readmeFile != "" {
+				component.Readme, _ = file.ReadString(readmeFile)
+			}
+		} else if err != nil {
+			logger.Warningf("read builtin component markdown dir fail %s %v", component.Ident, err)
+		}
+
+		exists, _ := models.BuiltinComponentExists(ctx, &component)
+		if !exists {
+			err = component.Add(ctx, SYSTEM)
+			if err != nil {
+				logger.Warning("add builtin component fail ", component, err)
+				continue
+			}
+		} else {
+			old, err := models.BuiltinComponentGet(ctx, "ident = ?", component.Ident)
+			if err != nil {
+				logger.Warning("get builtin component fail ", component, err)
+				continue
+			}
+
+			if old == nil {
+				logger.Warning("get builtin component nil ", component)
+				continue
+			}
+
+			if old.UpdatedBy == SYSTEM {
+				now := time.Now().Unix()
+				old.CreatedAt = now
+				old.UpdatedAt = now
+				old.Readme = component.Readme
+				old.UpdatedBy = SYSTEM
+
+				err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
+				if err != nil {
+					logger.Warning("update builtin component fail ", old, err)
+				}
+			}
+			component.ID = old.ID
+		}
+
+		// delete uuid is emtpy
+		err = models.DB(ctx).Exec("delete from builtin_payloads where uuid = 0 and type != 'collect' and (updated_by = 'system' or updated_by = '')").Error
+		if err != nil {
+			logger.Warning("delete builtin payloads fail ", err)
+		}
+
+		// delete builtin metrics uuid is emtpy
+		err = models.DB(ctx).Exec("delete from builtin_metrics where uuid = 0 and (updated_by = 'system' or updated_by = '')").Error
+		if err != nil {
+			logger.Warning("delete builtin metrics fail ", err)
+		}
+
+		// alerts
+		files, err = file.FilesUnder(componentDir + "/alerts")
+		if err == nil && len(files) > 0 {
+			for _, f := range files {
+				fp := componentDir + "/alerts/" + f
+				bs, err := file.ReadBytes(fp)
+				if err != nil {
+					logger.Warning("read builtin component alerts file fail ", f, err)
+					continue
+				}
+
+				alerts := []models.AlertRule{}
+				err = json.Unmarshal(bs, &alerts)
+				if err != nil {
+					logger.Warning("parse builtin component alerts file fail ", f, err)
+					continue
+				}
+
+				newAlerts := []models.AlertRule{}
+				writeAlertFileFlag := false
+				for _, alert := range alerts {
+					if alert.UUID == 0 {
+						writeAlertFileFlag = true
+						alert.UUID = time.Now().UnixNano()
+					}
+
+					newAlerts = append(newAlerts, alert)
+					content, err := json.Marshal(alert)
+					if err != nil {
+						logger.Warning("marshal builtin alert fail ", alert, err)
+						continue
+					}
+
+					cate := strings.Replace(f, ".json", "", -1)
+					builtinAlert := models.BuiltinPayload{
+						ComponentID: component.ID,
+						Type:        "alert",
+						Cate:        cate,
+						Name:        alert.Name,
+						Tags:        alert.AppendTags,
+						Content:     string(content),
+						UUID:        alert.UUID,
+					}
+
+					old, err := models.BuiltinPayloadGet(ctx, "uuid = ?", alert.UUID)
+					if err != nil {
+						logger.Warning("get builtin alert fail ", builtinAlert, err)
+						continue
+					}
+
+					if old == nil {
+						err := builtinAlert.Add(ctx, SYSTEM)
+						if err != nil {
+							logger.Warning("add builtin alert fail ", builtinAlert, err)
+						}
+						continue
+					}
+
+					if old.UpdatedBy == SYSTEM {
+						old.ComponentID = component.ID
+						old.Content = string(content)
+						old.Name = alert.Name
+						old.Tags = alert.AppendTags
+						err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
+						if err != nil {
+							logger.Warningf("update builtin alert:%+v fail %v", builtinAlert, err)
+						}
+					}
+				}
+
+				if writeAlertFileFlag {
+					bs, err = json.MarshalIndent(newAlerts, "", "    ")
+					if err != nil {
+						logger.Warning("marshal builtin alerts fail ", newAlerts, err)
+						continue
+					}
+
+					_, err = file.WriteBytes(fp, bs)
+					if err != nil {
+						logger.Warning("write builtin alerts file fail ", f, err)
+					}
+				}
+
+			}
+		}
+
+		// dashboards
+		files, err = file.FilesUnder(componentDir + "/dashboards")
+		if err == nil && len(files) > 0 {
+			for _, f := range files {
+				fp := componentDir + "/dashboards/" + f
+				bs, err := file.ReadBytes(fp)
+				if err != nil {
+					logger.Warning("read builtin component dashboards file fail ", f, err)
+					continue
+				}
+
+				dashboard := BuiltinBoard{}
+				err = json.Unmarshal(bs, &dashboard)
+				if err != nil {
+					logger.Warning("parse builtin component dashboards file fail ", f, err)
+					continue
+				}
+
+				if dashboard.UUID == 0 {
+					dashboard.UUID = time.Now().UnixNano()
+					// 补全文件中的 uuid
+					bs, err = json.MarshalIndent(dashboard, "", "    ")
+					if err != nil {
+						logger.Warning("marshal builtin dashboard fail ", dashboard, err)
+						continue
+					}
+
+					_, err = file.WriteBytes(fp, bs)
+					if err != nil {
+						logger.Warning("write builtin dashboard file fail ", f, err)
+					}
+				}
+
+				content, err := json.Marshal(dashboard)
+				if err != nil {
+					logger.Warning("marshal builtin dashboard fail ", dashboard, err)
+					continue
+				}
+
+				builtinDashboard := models.BuiltinPayload{
+					ComponentID: component.ID,
+					Type:        "dashboard",
+					Cate:        "",
+					Name:        dashboard.Name,
+					Tags:        dashboard.Tags,
+					Content:     string(content),
+					UUID:        dashboard.UUID,
+				}
+
+				old, err := models.BuiltinPayloadGet(ctx, "uuid = ?", dashboard.UUID)
+				if err != nil {
+					logger.Warning("get builtin alert fail ", builtinDashboard, err)
+					continue
+				}
+
+				if old == nil {
+					err := builtinDashboard.Add(ctx, SYSTEM)
+					if err != nil {
+						logger.Warning("add builtin alert fail ", builtinDashboard, err)
+					}
+					continue
+				}
+
+				if old.UpdatedBy == SYSTEM {
+					old.ComponentID = component.ID
+					old.Content = string(content)
+					old.Name = dashboard.Name
+					old.Tags = dashboard.Tags
+					err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
+					if err != nil {
+						logger.Warningf("update builtin alert:%+v fail %v", builtinDashboard, err)
+					}
+				}
+			}
+		} else if err != nil {
+			logger.Warningf("read builtin component dash dir fail %s %v", component.Ident, err)
+		}
+
+		// metrics
+		files, err = file.FilesUnder(componentDir + "/metrics")
+		if err == nil && len(files) > 0 {
+			for _, f := range files {
+				fp := componentDir + "/metrics/" + f
+				bs, err := file.ReadBytes(fp)
+				if err != nil {
+					logger.Warning("read builtin component metrics file fail", f, err)
+					continue
+				}
+
+				metrics := []models.BuiltinMetric{}
+				newMetrics := []models.BuiltinMetric{}
+				err = json.Unmarshal(bs, &metrics)
+				if err != nil {
+					logger.Warning("parse builtin component metrics file fail", f, err)
+					continue
+				}
+
+				writeMetricFileFlag := false
+				for _, metric := range metrics {
+					if metric.UUID == 0 {
+						writeMetricFileFlag = true
+						metric.UUID = time.Now().UnixNano()
+					}
+					newMetrics = append(newMetrics, metric)
+
+					old, err := models.BuiltinMetricGet(ctx, "uuid = ?", metric.UUID)
+					if err != nil {
+						logger.Warning("get builtin metrics fail ", metric, err)
+						continue
+					}
+
+					if old == nil {
+						err := metric.Add(ctx, SYSTEM)
+						if err != nil {
+							logger.Warning("add builtin metrics fail ", metric, err)
+						}
+						continue
+					}
+
+					if old.UpdatedBy == SYSTEM {
+						old.Collector = metric.Collector
+						old.Typ = metric.Typ
+						old.Name = metric.Name
+						old.Unit = metric.Unit
+						old.Note = metric.Note
+						old.Lang = metric.Lang
+						old.Expression = metric.Expression
+
+						err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
+						if err != nil {
+							logger.Warningf("update builtin metric:%+v fail %v", metric, err)
+						}
+					}
+				}
+
+				if writeMetricFileFlag {
+					bs, err = json.MarshalIndent(newMetrics, "", "    ")
+					if err != nil {
+						logger.Warning("marshal builtin metrics fail ", newMetrics, err)
+						continue
+					}
+
+					_, err = file.WriteBytes(fp, bs)
+					if err != nil {
+						logger.Warning("write builtin metrics file fail ", f, err)
+					}
+				}
+
+			}
+		} else if err != nil {
+			logger.Warningf("read builtin component metrics dir fail %s %v", component.Ident, err)
+		}
+	}
+}
+
+type BuiltinBoard struct {
+	Id         int64       `json:"id" gorm:"primaryKey"`
+	GroupId    int64       `json:"group_id"`
+	Name       string      `json:"name"`
+	Ident      string      `json:"ident"`
+	Tags       string      `json:"tags"`
+	CreateAt   int64       `json:"create_at"`
+	CreateBy   string      `json:"create_by"`
+	UpdateAt   int64       `json:"update_at"`
+	UpdateBy   string      `json:"update_by"`
+	Configs    interface{} `json:"configs" gorm:"-"`
+	Public     int         `json:"public"`      // 0: false, 1: true
+	PublicCate int         `json:"public_cate"` // 0: anonymous, 1: login, 2: busi
+	Bgids      []int64     `json:"bgids" gorm:"-"`
+	BuiltIn    int         `json:"built_in"` // 0: false, 1: true
+	Hide       int         `json:"hide"`     // 0: false, 1: true
+	UUID       int64       `json:"uuid"`
+}
--- a/center/router/router.go
+++ b/center/router/router.go
@@ -13,6 +13,7 @@ import (
 	"github.com/ccfos/nightingale/v6/center/cstats"
 	"github.com/ccfos/nightingale/v6/center/metas"
 	"github.com/ccfos/nightingale/v6/center/sso"
+	"github.com/ccfos/nightingale/v6/conf"
 	_ "github.com/ccfos/nightingale/v6/front/statik"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/pkg/aop"
@@ -34,6 +35,7 @@ import (
 type Router struct {
 	HTTP              httpx.Config
 	Center            cconf.Center
+	Ibex              conf.Ibex
 	Alert             aconf.Alert
 	Operations        cconf.Operation
 	DatasourceCache   *memsto.DatasourceCacheType
@@ -48,13 +50,15 @@ type Router struct {
 	UserCache         *memsto.UserCacheType
 	UserGroupCache    *memsto.UserGroupCacheType
 	Ctx               *ctx.Context
+	HeartbeatHook     HeartbeatHookFunc
 }

-func New(httpConfig httpx.Config, center cconf.Center, alert aconf.Alert, operations cconf.Operation, ds *memsto.DatasourceCacheType, ncc *memsto.NotifyConfigCacheType, pc *prom.PromClientMap, tdendgineClients *tdengine.TdengineClientMap, redis storage.Redis, sso *sso.SsoClient, ctx *ctx.Context, metaSet *metas.Set, idents *idents.Set, tc *memsto.TargetCacheType, uc *memsto.UserCacheType, ugc *memsto.UserGroupCacheType) *Router {
+func New(httpConfig httpx.Config, center cconf.Center, alert aconf.Alert, ibex conf.Ibex, operations cconf.Operation, ds *memsto.DatasourceCacheType, ncc *memsto.NotifyConfigCacheType, pc *prom.PromClientMap, tdendgineClients *tdengine.TdengineClientMap, redis storage.Redis, sso *sso.SsoClient, ctx *ctx.Context, metaSet *metas.Set, idents *idents.Set, tc *memsto.TargetCacheType, uc *memsto.UserCacheType, ugc *memsto.UserGroupCacheType) *Router {
 	return &Router{
 		HTTP:              httpConfig,
 		Center:            center,
 		Alert:             alert,
+		Ibex:              ibex,
 		Operations:        operations,
 		DatasourceCache:   ds,
 		NotifyConfigCache: ncc,
@@ -68,6 +72,7 @@ func New(httpConfig httpx.Config, center cconf.Center, alert aconf.Alert, operat
 		UserCache:         uc,
 		UserGroupCache:    ugc,
 		Ctx:               ctx,
+		HeartbeatHook:     func(ident string) map[string]interface{} { return nil },
 	}
 }

@@ -91,15 +96,17 @@ func languageDetector(i18NHeaderKey string) gin.HandlerFunc {
 		if headerKey != "" {
 			lang := c.GetHeader(headerKey)
 			if lang != "" {
-				if strings.HasPrefix(lang, "zh") {
-					c.Request.Header.Set("X-Language", "zh")
+				if strings.HasPrefix(lang, "zh_HK") {
+					c.Request.Header.Set("X-Language", "zh_HK")
+				} else if strings.HasPrefix(lang, "zh") {
+					c.Request.Header.Set("X-Language", "zh_CN")
 				} else if strings.HasPrefix(lang, "en") {
 					c.Request.Header.Set("X-Language", "en")
 				} else {
 					c.Request.Header.Set("X-Language", lang)
 				}
 			} else {
-				c.Request.Header.Set("X-Language", "en")
+				c.Request.Header.Set("X-Language", "zh_CN")
 			}
 		}
 		c.Next()
@@ -112,7 +119,7 @@ func (rt *Router) configNoRoute(r *gin.Engine, fs *http.FileSystem) {
 		suffix := arr[len(arr)-1]

 		switch suffix {
-		case "png", "jpeg", "jpg", "svg", "ico", "gif", "css", "js", "html", "htm", "gz", "zip", "map", "ttf":
+		case "png", "jpeg", "jpg", "svg", "ico", "gif", "css", "js", "html", "htm", "gz", "zip", "map", "ttf", "md":
 			if !rt.Center.UseFileAssets {
 				c.FileFromFS(c.Request.URL.Path, *fs)
 			} else {
@@ -229,6 +236,20 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.POST("/metric-views", rt.auth(), rt.user(), rt.metricViewAdd)
 		pages.PUT("/metric-views", rt.auth(), rt.user(), rt.metricViewPut)

+		pages.GET("/builtin-metric-filters", rt.auth(), rt.user(), rt.metricFilterGets)
+		pages.DELETE("/builtin-metric-filters", rt.auth(), rt.user(), rt.metricFilterDel)
+		pages.POST("/builtin-metric-filters", rt.auth(), rt.user(), rt.metricFilterAdd)
+		pages.PUT("/builtin-metric-filters", rt.auth(), rt.user(), rt.metricFilterPut)
+		pages.POST("/builtin-metric-promql", rt.auth(), rt.user(), rt.getMetricPromql)
+
+		pages.POST("/builtin-metrics", rt.auth(), rt.user(), rt.perm("/builtin-metrics/add"), rt.builtinMetricsAdd)
+		pages.PUT("/builtin-metrics", rt.auth(), rt.user(), rt.perm("/builtin-metrics/put"), rt.builtinMetricsPut)
+		pages.DELETE("/builtin-metrics", rt.auth(), rt.user(), rt.perm("/builtin-metrics/del"), rt.builtinMetricsDel)
+		pages.GET("/builtin-metrics", rt.auth(), rt.user(), rt.builtinMetricsGets)
+		pages.GET("/builtin-metrics/types", rt.auth(), rt.user(), rt.builtinMetricsTypes)
+		pages.GET("/builtin-metrics/types/default", rt.auth(), rt.user(), rt.builtinMetricsDefaultTypes)
+		pages.GET("/builtin-metrics/collectors", rt.auth(), rt.user(), rt.builtinMetricsCollectors)
+
 		pages.GET("/user-groups", rt.auth(), rt.user(), rt.userGroupGets)
 		pages.POST("/user-groups", rt.auth(), rt.user(), rt.perm("/user-groups/add"), rt.userGroupAdd)
 		pages.GET("/user-group/:id", rt.auth(), rt.user(), rt.userGroupGet)
@@ -260,20 +281,21 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.POST("/builtin-cate-favorite", rt.auth(), rt.user(), rt.builtinCateFavoriteAdd)
 		pages.DELETE("/builtin-cate-favorite/:name", rt.auth(), rt.user(), rt.builtinCateFavoriteDel)

-		pages.GET("/builtin-boards", rt.builtinBoardGets)
-		pages.GET("/builtin-board/:name", rt.builtinBoardGet)
-		pages.GET("/dashboards/builtin/list", rt.builtinBoardGets)
-		pages.GET("/builtin-boards-cates", rt.auth(), rt.user(), rt.builtinBoardCateGets)
-		pages.POST("/builtin-boards-detail", rt.auth(), rt.user(), rt.builtinBoardDetailGets)
 		pages.GET("/integrations/icon/:cate/:name", rt.builtinIcon)
-		pages.GET("/integrations/makedown/:cate", rt.builtinMarkdown)
+
+		// pages.GET("/builtin-boards", rt.builtinBoardGets)
+		// pages.GET("/builtin-board/:name", rt.builtinBoardGet)
+		// pages.GET("/dashboards/builtin/list", rt.builtinBoardGets)
+		// pages.GET("/builtin-boards-cates", rt.auth(), rt.user(), rt.builtinBoardCateGets)
+		// pages.POST("/builtin-boards-detail", rt.auth(), rt.user(), rt.builtinBoardDetailGets)
+		// pages.GET("/integrations/makedown/:cate", rt.builtinMarkdown)

 		pages.GET("/busi-groups/public-boards", rt.auth(), rt.user(), rt.perm("/dashboards"), rt.publicBoardGets)
 		pages.GET("/busi-groups/boards", rt.auth(), rt.user(), rt.perm("/dashboards"), rt.boardGetsByGids)
 		pages.GET("/busi-group/:id/boards", rt.auth(), rt.user(), rt.perm("/dashboards"), rt.bgro(), rt.boardGets)
 		pages.POST("/busi-group/:id/boards", rt.auth(), rt.user(), rt.perm("/dashboards/add"), rt.bgrw(), rt.boardAdd)
 		pages.POST("/busi-group/:id/board/:bid/clone", rt.auth(), rt.user(), rt.perm("/dashboards/add"), rt.bgrw(), rt.boardClone)
-		pages.POST("/busi-group/:id/boards/clones", rt.auth(), rt.user(), rt.perm("/dashboards/add"), rt.boardBatchClone)
+		pages.POST("/busi-groups/boards/clones", rt.auth(), rt.user(), rt.perm("/dashboards/add"), rt.boardBatchClone)

 		pages.GET("/board/:bid", rt.boardGet)
 		pages.GET("/board/:bid/pure", rt.boardPureGet)
@@ -285,19 +307,24 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/share-charts", rt.chartShareGets)
 		pages.POST("/share-charts", rt.auth(), rt.chartShareAdd)

-		pages.GET("/alert-rules/builtin/alerts-cates", rt.auth(), rt.user(), rt.builtinAlertCateGets)
-		pages.GET("/alert-rules/builtin/list", rt.auth(), rt.user(), rt.builtinAlertRules)
+		// pages.GET("/alert-rules/builtin/alerts-cates", rt.auth(), rt.user(), rt.builtinAlertCateGets)
+		// pages.GET("/alert-rules/builtin/list", rt.auth(), rt.user(), rt.builtinAlertRules)
 		pages.GET("/alert-rules/callbacks", rt.auth(), rt.user(), rt.alertRuleCallbacks)

 		pages.GET("/busi-groups/alert-rules", rt.auth(), rt.user(), rt.perm("/alert-rules"), rt.alertRuleGetsByGids)
 		pages.GET("/busi-group/:id/alert-rules", rt.auth(), rt.user(), rt.perm("/alert-rules"), rt.alertRuleGets)
 		pages.POST("/busi-group/:id/alert-rules", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.bgrw(), rt.alertRuleAddByFE)
 		pages.POST("/busi-group/:id/alert-rules/import", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.bgrw(), rt.alertRuleAddByImport)
+		pages.POST("/busi-group/:id/alert-rules/import-prom-rule", rt.auth(),
+			rt.user(), rt.perm("/alert-rules/add"), rt.bgrw(), rt.alertRuleAddByImportPromRule)
 		pages.DELETE("/busi-group/:id/alert-rules", rt.auth(), rt.user(), rt.perm("/alert-rules/del"), rt.bgrw(), rt.alertRuleDel)
 		pages.PUT("/busi-group/:id/alert-rules/fields", rt.auth(), rt.user(), rt.perm("/alert-rules/put"), rt.bgrw(), rt.alertRulePutFields)
 		pages.PUT("/busi-group/:id/alert-rule/:arid", rt.auth(), rt.user(), rt.perm("/alert-rules/put"), rt.alertRulePutByFE)
 		pages.GET("/alert-rule/:arid", rt.auth(), rt.user(), rt.perm("/alert-rules"), rt.alertRuleGet)
+		pages.GET("/alert-rule/:arid/pure", rt.auth(), rt.user(), rt.perm("/alert-rules"), rt.alertRulePureGet)
 		pages.PUT("/busi-group/alert-rule/validate", rt.auth(), rt.user(), rt.perm("/alert-rules/put"), rt.alertRuleValidation)
+		pages.POST("/relabel-test", rt.auth(), rt.user(), rt.relabelTest)
+		pages.POST("/busi-group/:id/alert-rules/clone", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.bgrw(), rt.cloneToMachine)

 		pages.GET("/busi-groups/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGetsByGids)
 		pages.GET("/busi-group/:id/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGets)
@@ -326,16 +353,18 @@ func (rt *Router) Config(r *gin.Engine) {
 		if rt.Center.AnonymousAccess.AlertDetail {
 			pages.GET("/alert-cur-event/:eid", rt.alertCurEventGet)
 			pages.GET("/alert-his-event/:eid", rt.alertHisEventGet)
+			pages.GET("/event-notify-records/:eid", rt.notificationRecordList)
 		} else {
-			pages.GET("/alert-cur-event/:eid", rt.auth(), rt.alertCurEventGet)
-			pages.GET("/alert-his-event/:eid", rt.auth(), rt.alertHisEventGet)
+			pages.GET("/alert-cur-event/:eid", rt.auth(), rt.user(), rt.alertCurEventGet)
+			pages.GET("/alert-his-event/:eid", rt.auth(), rt.user(), rt.alertHisEventGet)
+			pages.GET("/event-notify-records/:eid", rt.auth(), rt.user(), rt.notificationRecordList)
 		}

 		// card logic
-		pages.GET("/alert-cur-events/list", rt.auth(), rt.alertCurEventsList)
-		pages.GET("/alert-cur-events/card", rt.auth(), rt.alertCurEventsCard)
+		pages.GET("/alert-cur-events/list", rt.auth(), rt.user(), rt.alertCurEventsList)
+		pages.GET("/alert-cur-events/card", rt.auth(), rt.user(), rt.alertCurEventsCard)
 		pages.POST("/alert-cur-events/card/details", rt.auth(), rt.alertCurEventsCardDetails)
-		pages.GET("/alert-his-events/list", rt.auth(), rt.alertHisEventsList)
+		pages.GET("/alert-his-events/list", rt.auth(), rt.user(), rt.alertHisEventsList)
 		pages.DELETE("/alert-cur-events", rt.auth(), rt.user(), rt.perm("/alert-cur-events/del"), rt.alertCurEventDel)
 		pages.GET("/alert-cur-events/stats", rt.auth(), rt.alertCurEventsStatistics)

@@ -356,11 +385,9 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/busi-groups/tasks", rt.auth(), rt.user(), rt.perm("/job-tasks"), rt.taskGetsByGids)
 		pages.GET("/busi-group/:id/tasks", rt.auth(), rt.user(), rt.perm("/job-tasks"), rt.bgro(), rt.taskGets)
 		pages.POST("/busi-group/:id/tasks", rt.auth(), rt.user(), rt.perm("/job-tasks/add"), rt.bgrw(), rt.taskAdd)
-		pages.GET("/busi-group/:id/task/*url", rt.auth(), rt.user(), rt.perm("/job-tasks"), rt.taskProxy)
-		pages.PUT("/busi-group/:id/task/*url", rt.auth(), rt.user(), rt.perm("/job-tasks/put"), rt.bgrw(), rt.taskProxy)

-		pages.GET("/servers", rt.auth(), rt.admin(), rt.serversGet)
-		pages.GET("/server-clusters", rt.auth(), rt.admin(), rt.serverClustersGet)
+		pages.GET("/servers", rt.auth(), rt.user(), rt.serversGet)
+		pages.GET("/server-clusters", rt.auth(), rt.user(), rt.serverClustersGet)

 		pages.POST("/datasource/list", rt.auth(), rt.user(), rt.datasourceList)
 		pages.POST("/datasource/plugin/list", rt.auth(), rt.pluginList)
@@ -410,6 +437,9 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.PUT("/es-index-pattern", rt.auth(), rt.admin(), rt.esIndexPatternPut)
 		pages.DELETE("/es-index-pattern", rt.auth(), rt.admin(), rt.esIndexPatternDel)

+		pages.GET("/embedded-dashboards", rt.auth(), rt.user(), rt.perm("/embedded-dashboards"), rt.embeddedDashboardsGet)
+		pages.PUT("/embedded-dashboards", rt.auth(), rt.user(), rt.perm("/embedded-dashboards/put"), rt.embeddedDashboardsPut)
+
 		pages.GET("/user-variable-configs", rt.auth(), rt.user(), rt.perm("/help/variable-configs"), rt.userVariableConfigGets)
 		pages.POST("/user-variable-config", rt.auth(), rt.user(), rt.perm("/help/variable-configs"), rt.userVariableConfigAdd)
 		pages.PUT("/user-variable-config/:id", rt.auth(), rt.user(), rt.perm("/help/variable-configs"), rt.userVariableConfigPut)
@@ -422,6 +452,17 @@ func (rt *Router) Config(r *gin.Engine) {
 		// for admin api
 		pages.GET("/user/busi-groups", rt.auth(), rt.admin(), rt.userBusiGroupsGets)

+		pages.GET("/builtin-components", rt.auth(), rt.user(), rt.builtinComponentsGets)
+		pages.POST("/builtin-components", rt.auth(), rt.user(), rt.perm("/built-in-components/add"), rt.builtinComponentsAdd)
+		pages.PUT("/builtin-components", rt.auth(), rt.user(), rt.perm("/built-in-components/put"), rt.builtinComponentsPut)
+		pages.DELETE("/builtin-components", rt.auth(), rt.user(), rt.perm("/built-in-components/del"), rt.builtinComponentsDel)
+
+		pages.GET("/builtin-payloads", rt.auth(), rt.user(), rt.builtinPayloadsGets)
+		pages.GET("/builtin-payloads/cates", rt.auth(), rt.user(), rt.builtinPayloadcatesGet)
+		pages.POST("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/built-in-components/add"), rt.builtinPayloadsAdd)
+		pages.GET("/builtin-payload/:id", rt.auth(), rt.user(), rt.perm("/built-in-components"), rt.builtinPayloadGet)
+		pages.PUT("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/built-in-components/put"), rt.builtinPayloadsPut)
+		pages.DELETE("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/built-in-components/del"), rt.builtinPayloadsDel)
 	}

 	r.GET("/api/n9e/versions", func(c *gin.Context) {
@@ -455,10 +496,14 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/user-group-members", rt.userGroupMemberGetsByService)

 			service.GET("/targets", rt.targetGetsByService)
+			service.GET("/target/extra-meta", rt.targetExtendInfoByIdent)
+			service.POST("/target/list", rt.targetGetsByHostFilter)
+			service.DELETE("/targets", rt.targetDelByService)
 			service.GET("/targets/tags", rt.targetGetTags)
 			service.POST("/targets/tags", rt.targetBindTagsByService)
 			service.DELETE("/targets/tags", rt.targetUnbindTagsByService)
 			service.PUT("/targets/note", rt.targetUpdateNoteByService)
+			service.PUT("/targets/bgid", rt.targetUpdateBgidByService)

 			service.POST("/alert-rules", rt.alertRuleAddByService)
 			service.POST("/alert-rule-add", rt.alertRuleAddOneByService)
@@ -488,6 +533,8 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/alert-his-event/:eid", rt.alertHisEventGet)

 			service.GET("/task-tpl/:tid", rt.taskTplGetByService)
+			service.GET("/task-tpls", rt.taskTplGetsByService)
+			service.GET("/task-tpl/statistics", rt.taskTplStatistics)

 			service.GET("/config/:id", rt.configGet)
 			service.GET("/configs", rt.configsGet)
@@ -509,6 +556,9 @@ func (rt *Router) Config(r *gin.Engine) {

 			service.GET("/targets-of-alert-rule", rt.targetsOfAlertRule)

+			service.POST("/notify-record", rt.notificationRecordAdd)
+
+			service.GET("/alert-cur-events-del-by-hash", rt.alertCurEventDelByHash)
 		}
 	}

--- a/center/router/router_alert_cur_event.go
+++ b/center/router/router_alert_cur_event.go
@@ -43,7 +43,6 @@ func (rt *Router) alertCurEventsCard(c *gin.Context) {
 	stime, etime := getTimeRange(c)
 	severity := ginx.QueryInt(c, "severity", -1)
 	query := ginx.QueryStr(c, "query", "")
-	busiGroupId := ginx.QueryInt64(c, "bgid", 0)
 	dsIds := queryDatasourceIds(c)
 	rules := parseAggrRules(c)

@@ -62,8 +61,11 @@ func (rt *Router) alertCurEventsCard(c *gin.Context) {
 		cates = strings.Split(cate, ",")
 	}

+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView)
+	ginx.Dangerous(err)
+
 	// 最多获取50000个，获取太多也没啥意义
-	list, err := models.AlertCurEventGets(rt.Ctx, prods, busiGroupId, stime, etime, severity, dsIds, cates, query, 50000, 0)
+	list, err := models.AlertCurEventGets(rt.Ctx, prods, bgids, stime, etime, severity, dsIds, cates, query, 50000, 0)
 	ginx.Dangerous(err)

 	cardmap := make(map[string]*AlertCard)
@@ -142,7 +144,6 @@ func (rt *Router) alertCurEventsList(c *gin.Context) {
 	severity := ginx.QueryInt(c, "severity", -1)
 	query := ginx.QueryStr(c, "query", "")
 	limit := ginx.QueryInt(c, "limit", 20)
-	busiGroupId := ginx.QueryInt64(c, "bgid", 0)
 	dsIds := queryDatasourceIds(c)

 	prod := ginx.QueryStr(c, "prods", "")
@@ -161,10 +162,13 @@ func (rt *Router) alertCurEventsList(c *gin.Context) {
 		cates = strings.Split(cate, ",")
 	}

-	total, err := models.AlertCurEventTotal(rt.Ctx, prods, busiGroupId, stime, etime, severity, dsIds, cates, query)
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView)
 	ginx.Dangerous(err)

-	list, err := models.AlertCurEventGets(rt.Ctx, prods, busiGroupId, stime, etime, severity, dsIds, cates, query, limit, ginx.Offset(c, limit))
+	total, err := models.AlertCurEventTotal(rt.Ctx, prods, bgids, stime, etime, severity, dsIds, cates, query)
+	ginx.Dangerous(err)
+
+	list, err := models.AlertCurEventGets(rt.Ctx, prods, bgids, stime, etime, severity, dsIds, cates, query, limit, ginx.Offset(c, limit))
 	ginx.Dangerous(err)

 	cache := make(map[int64]*models.UserGroup)
@@ -214,6 +218,16 @@ func (rt *Router) alertCurEventGet(c *gin.Context) {
 		ginx.Bomb(404, "No such active event")
 	}

+	if !rt.Center.AnonymousAccess.AlertDetail && rt.Center.EventHistoryGroupView {
+		rt.bgroCheck(c, event.GroupId)
+	}
+
+	ruleConfig, needReset := models.FillRuleConfigTplName(rt.Ctx, event.RuleConfig)
+	if needReset {
+		event.RuleConfigJson = ruleConfig
+	}
+
+	event.LastEvalTime = event.TriggerTime
 	ginx.NewRender(c).Data(event, nil)
 }

@@ -221,3 +235,8 @@ func (rt *Router) alertCurEventsStatistics(c *gin.Context) {

 	ginx.NewRender(c).Data(models.AlertCurEventStatistics(rt.Ctx, time.Now()), nil)
 }
+
+func (rt *Router) alertCurEventDelByHash(c *gin.Context) {
+	hash := ginx.QueryStr(c, "hash")
+	ginx.NewRender(c).Message(models.AlertCurEventDelByHash(rt.Ctx, hash))
+}
--- a/center/router/router_alert_his_event.go
+++ b/center/router/router_alert_his_event.go
@@ -1,13 +1,16 @@
 package router

 import (
+	"fmt"
 	"strings"
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"golang.org/x/exp/slices"
 )

 func getTimeRange(c *gin.Context) (stime, etime int64) {
@@ -33,7 +36,6 @@ func (rt *Router) alertHisEventsList(c *gin.Context) {
 	recovered := ginx.QueryInt(c, "is_recovered", -1)
 	query := ginx.QueryStr(c, "query", "")
 	limit := ginx.QueryInt(c, "limit", 20)
-	busiGroupId := ginx.QueryInt64(c, "bgid", 0)
 	dsIds := queryDatasourceIds(c)

 	prod := ginx.QueryStr(c, "prods", "")
@@ -52,10 +54,13 @@ func (rt *Router) alertHisEventsList(c *gin.Context) {
 		cates = strings.Split(cate, ",")
 	}

-	total, err := models.AlertHisEventTotal(rt.Ctx, prods, busiGroupId, stime, etime, severity, recovered, dsIds, cates, query)
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView)
 	ginx.Dangerous(err)

-	list, err := models.AlertHisEventGets(rt.Ctx, prods, busiGroupId, stime, etime, severity, recovered, dsIds, cates, query, limit, ginx.Offset(c, limit))
+	total, err := models.AlertHisEventTotal(rt.Ctx, prods, bgids, stime, etime, severity, recovered, dsIds, cates, query)
+	ginx.Dangerous(err)
+
+	list, err := models.AlertHisEventGets(rt.Ctx, prods, bgids, stime, etime, severity, recovered, dsIds, cates, query, limit, ginx.Offset(c, limit))
 	ginx.Dangerous(err)

 	cache := make(map[int64]*models.UserGroup)
@@ -78,5 +83,55 @@ func (rt *Router) alertHisEventGet(c *gin.Context) {
 		ginx.Bomb(404, "No such alert event")
 	}

+	if !rt.Center.AnonymousAccess.AlertDetail && rt.Center.EventHistoryGroupView {
+		rt.bgroCheck(c, event.GroupId)
+	}
+
+	ruleConfig, needReset := models.FillRuleConfigTplName(rt.Ctx, event.RuleConfig)
+	if needReset {
+		event.RuleConfigJson = ruleConfig
+	}
+
 	ginx.NewRender(c).Data(event, err)
 }
+
+func GetBusinessGroupIds(c *gin.Context, ctx *ctx.Context, eventHistoryGroupView bool) ([]int64, error) {
+	bgid := ginx.QueryInt64(c, "bgid", 0)
+	var bgids []int64
+
+	if !eventHistoryGroupView || strings.HasPrefix(c.Request.URL.Path, "/v1") {
+		if bgid > 0 {
+			return []int64{bgid}, nil
+		}
+		return bgids, nil
+	}
+
+	user := c.MustGet("user").(*models.User)
+	if user.IsAdmin() {
+		if bgid > 0 {
+			return []int64{bgid}, nil
+		}
+		return bgids, nil
+	}
+
+	bussGroupIds, err := models.MyBusiGroupIds(ctx, user.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(bussGroupIds) == 0 {
+		// 如果没查到用户属于任何业务组，需要返回一个0，否则会导致查询到全部告警历史
+		return []int64{0}, nil
+	}
+
+	if bgid > 0 && !slices.Contains(bussGroupIds, bgid) {
+		return nil, fmt.Errorf("business group ID not allowed")
+	}
+
+	if bgid > 0 {
+		// Pass filter parameters, priority to use
+		return []int64{bgid}, nil
+	}
+
+	return bussGroupIds, nil
+}
--- a/center/router/router_alert_rule.go
+++ b/center/router/router_alert_rule.go
@@ -1,14 +1,23 @@
 package router

 import (
+	"encoding/json"
+	"fmt"
 	"net/http"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"

+	"gopkg.in/yaml.v2"
+
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pushgw/pconf"
+	"github.com/ccfos/nightingale/v6/pushgw/writer"

 	"github.com/gin-gonic/gin"
+	"github.com/jinzhu/copier"
+	"github.com/prometheus/prometheus/prompb"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
 	"github.com/toolkits/pkg/str"
@@ -40,6 +49,11 @@ func (rt *Router) alertRuleGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

@@ -116,6 +130,34 @@ func (rt *Router) alertRuleAddByImport(c *gin.Context) {
 	ginx.NewRender(c).Data(reterr, nil)
 }

+type promRuleForm struct {
+	Payload       string  `json:"payload" binding:"required"`
+	DatasourceIds []int64 `json:"datasource_ids" binding:"required"`
+	Disabled      int     `json:"disabled" binding:"gte=0,lte=1"`
+}
+
+func (rt *Router) alertRuleAddByImportPromRule(c *gin.Context) {
+	var f promRuleForm
+	ginx.Dangerous(c.BindJSON(&f))
+
+	var pr struct {
+		Groups []models.PromRuleGroup `yaml:"groups"`
+	}
+	err := yaml.Unmarshal([]byte(f.Payload), &pr)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, "invalid yaml format, please use the example format. err: %v", err)
+	}
+
+	if len(pr.Groups) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "input yaml is empty")
+	}
+
+	lst := models.DealPromGroup(pr.Groups, f.DatasourceIds, f.Disabled)
+	username := c.MustGet("username").(string)
+	bgid := ginx.UrlParamInt64(c, "id")
+	ginx.NewRender(c).Data(rt.alertRuleAdd(lst, username, bgid, c.GetHeader("X-Language")), nil)
+}
+
 func (rt *Router) alertRuleAddByService(c *gin.Context) {
 	var lst []models.AlertRule
 	ginx.BindJSON(c, &lst)
@@ -266,6 +308,43 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 			continue
 		}

+		if f.Action == "update_triggers" {
+			if triggers, has := f.Fields["triggers"]; has {
+				originRule := ar.RuleConfigJson.(map[string]interface{})
+				originRule["triggers"] = triggers
+				b, err := json.Marshal(originRule)
+				ginx.Dangerous(err)
+				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"rule_config": string(b)}))
+				continue
+			}
+		}
+
+		if f.Action == "annotations_add" {
+			if annotations, has := f.Fields["annotations"]; has {
+				annotationsMap := annotations.(map[string]interface{})
+				for k, v := range annotationsMap {
+					ar.AnnotationsJSON[k] = v.(string)
+				}
+				b, err := json.Marshal(ar.AnnotationsJSON)
+				ginx.Dangerous(err)
+				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"annotations": string(b)}))
+				continue
+			}
+		}
+
+		if f.Action == "annotations_del" {
+			if annotations, has := f.Fields["annotations"]; has {
+				annotationsKeys := annotations.(map[string]interface{})
+				for key := range annotationsKeys {
+					delete(ar.AnnotationsJSON, key)
+				}
+				b, err := json.Marshal(ar.AnnotationsJSON)
+				ginx.Dangerous(err)
+				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"annotations": string(b)}))
+				continue
+			}
+		}
+
 		if f.Action == "callback_add" {
 			// 增加一个 callback 地址
 			if callbacks, has := f.Fields["callbacks"]; has {
@@ -311,6 +390,20 @@ func (rt *Router) alertRuleGet(c *gin.Context) {
 	ginx.NewRender(c).Data(ar, err)
 }

+func (rt *Router) alertRulePureGet(c *gin.Context) {
+	arid := ginx.UrlParamInt64(c, "arid")
+
+	ar, err := models.AlertRuleGetById(rt.Ctx, arid)
+	ginx.Dangerous(err)
+
+	if ar == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("No such AlertRule")
+		return
+	}
+
+	ginx.NewRender(c).Data(ar, err)
+}
+
 // pre validation before save rule
 func (rt *Router) alertRuleValidation(c *gin.Context) {
 	var f models.AlertRule //new
@@ -383,3 +476,138 @@ func (rt *Router) alertRuleCallbacks(c *gin.Context) {

 	ginx.NewRender(c).Data(callbacks, nil)
 }
+
+type alertRuleTestForm struct {
+	Configs []*pconf.RelabelConfig `json:"configs"`
+	Tags    []string               `json:"tags"`
+}
+
+func (rt *Router) relabelTest(c *gin.Context) {
+	var f alertRuleTestForm
+	ginx.BindJSON(c, &f)
+
+	if len(f.Tags) == 0 || len(f.Configs) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "relabel config is empty")
+	}
+
+	labels := make([]prompb.Label, len(f.Tags))
+	for i, tag := range f.Tags {
+		label := strings.Split(tag, "=")
+		if len(label) != 2 {
+			ginx.Bomb(http.StatusBadRequest, "tag:%s format error", tag)
+		}
+
+		labels[i] = prompb.Label{Name: label[0], Value: label[1]}
+	}
+
+	for i := 0; i < len(f.Configs); i++ {
+		if f.Configs[i].Replacement == "" {
+			f.Configs[i].Replacement = "$1"
+		}
+
+		if f.Configs[i].Separator == "" {
+			f.Configs[i].Separator = ";"
+		}
+
+		if f.Configs[i].Regex == "" {
+			f.Configs[i].Regex = "(.*)"
+		}
+	}
+
+	relabels := writer.Process(labels, f.Configs...)
+
+	var tags []string
+	for _, label := range relabels {
+		tags = append(tags, fmt.Sprintf("%s=%s", label.Name, label.Value))
+	}
+
+	ginx.NewRender(c).Data(tags, nil)
+}
+
+type identListForm struct {
+	Ids       []int64  `json:"ids"`
+	IdentList []string `json:"ident_list"`
+}
+
+func containsIdentOperator(s string) bool {
+	pattern := `ident\s*(!=|!~|=~)`
+	matched, err := regexp.MatchString(pattern, s)
+	if err != nil {
+		return false
+	}
+	return matched
+}
+
+func (rt *Router) cloneToMachine(c *gin.Context) {
+	var f identListForm
+	ginx.BindJSON(c, &f)
+
+	if len(f.IdentList) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "ident_list is empty")
+	}
+
+	alertRules, err := models.AlertRuleGetsByIds(rt.Ctx, f.Ids)
+	ginx.Dangerous(err)
+
+	re := regexp.MustCompile(`ident\s*=\s*\\".*?\\"`)
+
+	user := c.MustGet("username").(string)
+	now := time.Now().Unix()
+
+	newRules := make([]*models.AlertRule, 0)
+
+	reterr := make(map[string]map[string]string)
+
+	for i := range alertRules {
+		errMsg := make(map[string]string)
+
+		if alertRules[i].Cate != "prometheus" {
+			errMsg["all"] = "Only Prometheus rule can be cloned to machines"
+			reterr[alertRules[i].Name] = errMsg
+			continue
+		}
+
+		if containsIdentOperator(alertRules[i].RuleConfig) {
+			errMsg["all"] = "promql is missing ident"
+			reterr[alertRules[i].Name] = errMsg
+			continue
+		}
+
+		for j := range f.IdentList {
+			alertRules[i].RuleConfig = re.ReplaceAllString(alertRules[i].RuleConfig, fmt.Sprintf(`ident=\"%s\"`, f.IdentList[j]))
+
+			newRule := &models.AlertRule{}
+			if err := copier.Copy(newRule, alertRules[i]); err != nil {
+				errMsg[f.IdentList[j]] = fmt.Sprintf("fail to clone rule, err: %s", err)
+				continue
+			}
+
+			newRule.Id = 0
+			newRule.Name = alertRules[i].Name + "_" + f.IdentList[j]
+			newRule.CreateBy = user
+			newRule.UpdateBy = user
+			newRule.UpdateAt = now
+			newRule.CreateAt = now
+			newRule.RuleConfig = alertRules[i].RuleConfig
+
+			exist, err := models.AlertRuleExists(rt.Ctx, 0, newRule.GroupId, newRule.DatasourceIdsJson, newRule.Name)
+			if err != nil {
+				errMsg[f.IdentList[j]] = err.Error()
+				continue
+			}
+
+			if exist {
+				errMsg[f.IdentList[j]] = fmt.Sprintf("rule already exists, ruleName: %s", newRule.Name)
+				continue
+			}
+
+			newRules = append(newRules, newRule)
+		}
+
+		if len(errMsg) > 0 {
+			reterr[alertRules[i].Name] = errMsg
+		}
+	}
+
+	ginx.NewRender(c).Data(reterr, models.InsertAlertRule(rt.Ctx, newRules))
+}
--- a/center/router/router_alert_subscribe.go
+++ b/center/router/router_alert_subscribe.go
@@ -42,6 +42,11 @@ func (rt *Router) alertSubscribeGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

--- a/center/router/router_board.go
+++ b/center/router/router_board.go
@@ -1,6 +1,7 @@
 package router

 import (
+	"fmt"
 	"net/http"
 	"time"

@@ -269,6 +270,11 @@ func (rt *Router) boardGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

@@ -294,7 +300,7 @@ func (rt *Router) boardClone(c *gin.Context) {
 	me := c.MustGet("user").(*models.User)
 	bo := rt.Board(ginx.UrlParamInt64(c, "bid"))

-	newBoard := bo.Clone(me.Username, bo.GroupId)
+	newBoard := bo.Clone(me.Username, bo.GroupId, " Cloned")

 	ginx.Dangerous(newBoard.Add(rt.Ctx))

@@ -311,32 +317,34 @@ func (rt *Router) boardClone(c *gin.Context) {

 type boardsForm struct {
 	BoardIds []int64 `json:"board_ids"`
+	Bgids    []int64 `json:"bgids"`
 }

 func (rt *Router) boardBatchClone(c *gin.Context) {
 	me := c.MustGet("user").(*models.User)
-	bgid := ginx.UrlParamInt64(c, "id")
-	rt.bgrwCheck(c, bgid)
-
 	var f boardsForm
 	ginx.BindJSON(c, &f)

+	for _, bgid := range f.Bgids {
+		rt.bgrwCheck(c, bgid)
+	}
+
 	reterr := make(map[string]string, len(f.BoardIds))
 	lang := c.GetHeader("X-Language")
-	for _, bid := range f.BoardIds {
-		bo := rt.Board(bid)

-		newBoard := bo.Clone(me.Username, bgid)
-		payload, err := models.BoardPayloadGet(rt.Ctx, bo.Id)
-		if err != nil {
-			reterr[newBoard.Name] = i18n.Sprintf(lang, err.Error())
-			continue
-		}
+	for _, bgid := range f.Bgids {
+		for _, bid := range f.BoardIds {
+			bo := rt.Board(bid)
+			newBoard := bo.Clone(me.Username, bgid, "")
+			payload, err := models.BoardPayloadGet(rt.Ctx, bo.Id)
+			if err != nil {
+				reterr[fmt.Sprintf("%s-%d", newBoard.Name, bgid)] = i18n.Sprintf(lang, err.Error())
+				continue
+			}

-		if err = newBoard.AtomicAdd(rt.Ctx, payload); err != nil {
-			reterr[newBoard.Name] = i18n.Sprintf(lang, err.Error())
-		} else {
-			reterr[newBoard.Name] = ""
+			if err = newBoard.AtomicAdd(rt.Ctx, payload); err != nil {
+				reterr[fmt.Sprintf("%s-%d", newBoard.Name, bgid)] = i18n.Sprintf(lang, err.Error())
+			}
 		}
 	}

--- a/center/router/router_builtin_componet.go
+++ b/center/router/router_builtin_componet.go
@@ -0,0 +1,92 @@
+package router
+
+import (
+	"net/http"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/ginx"
+	"gorm.io/gorm"
+)
+
+const SYSTEM = "system"
+
+func (rt *Router) builtinComponentsAdd(c *gin.Context) {
+	var lst []models.BuiltinComponent
+	ginx.BindJSON(c, &lst)
+
+	username := Username(c)
+
+	count := len(lst)
+	if count == 0 {
+		ginx.Bomb(http.StatusBadRequest, "input json is empty")
+	}
+
+	reterr := make(map[string]string)
+	for i := 0; i < count; i++ {
+		if err := lst[i].Add(rt.Ctx, username); err != nil {
+			reterr[lst[i].Ident] = err.Error()
+		}
+	}
+
+	ginx.NewRender(c).Data(reterr, nil)
+}
+
+func (rt *Router) builtinComponentsGets(c *gin.Context) {
+	query := ginx.QueryStr(c, "query", "")
+
+	bc, err := models.BuiltinComponentGets(rt.Ctx, query)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(bc, nil)
+}
+
+func (rt *Router) builtinComponentsPut(c *gin.Context) {
+	var req models.BuiltinComponent
+	ginx.BindJSON(c, &req)
+
+	bc, err := models.BuiltinComponentGet(rt.Ctx, "id = ?", req.ID)
+	ginx.Dangerous(err)
+
+	if bc == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("No such builtin component")
+		return
+	}
+
+	if bc.CreatedBy == SYSTEM {
+		req.Ident = bc.Ident
+	}
+
+	username := Username(c)
+	req.UpdatedBy = username
+
+	err = models.DB(rt.Ctx).Transaction(func(tx *gorm.DB) error {
+		tCtx := &ctx.Context{
+			DB: tx,
+		}
+
+		txErr := models.BuiltinMetricBatchUpdateColumn(tCtx, "typ", bc.Ident, req.Ident, req.UpdatedBy)
+		if txErr != nil {
+			return txErr
+		}
+
+		txErr = bc.Update(tCtx, req)
+		if txErr != nil {
+			return txErr
+		}
+		return nil
+	})
+
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) builtinComponentsDel(c *gin.Context) {
+	var req idsForm
+	ginx.BindJSON(c, &req)
+
+	req.Verify()
+
+	ginx.NewRender(c).Message(models.BuiltinComponentDels(rt.Ctx, req.Ids))
+}
--- a/center/router/router_builtin_metric_filter.go
+++ b/center/router/router_builtin_metric_filter.go
@@ -0,0 +1,120 @@
+package router
+
+import (
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/prom"
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/ginx"
+)
+
+func (rt *Router) metricFilterGets(c *gin.Context) {
+	lst, err := models.MetricFilterGets(rt.Ctx, "")
+	ginx.Dangerous(err)
+	me := c.MustGet("user").(*models.User)
+
+	gids, err := models.MyGroupIds(rt.Ctx, me.Id)
+	ginx.Dangerous(err)
+	arr := make([]models.MetricFilter, 0)
+
+	for _, f := range lst {
+		if me.Username == f.CreateBy {
+			arr = append(arr, f)
+			continue
+		}
+
+		if HasPerm(gids, f.GroupsPerm, false) {
+			arr = append(arr, f)
+		}
+	}
+
+	ginx.NewRender(c).Data(arr, err)
+}
+
+func (rt *Router) metricFilterAdd(c *gin.Context) {
+	var f models.MetricFilter
+	ginx.BindJSON(c, &f)
+	me := c.MustGet("user").(*models.User)
+
+	f.CreateBy = me.Username
+	f.UpdateBy = me.Username
+	ginx.Dangerous(f.Add(rt.Ctx))
+	ginx.NewRender(c).Data(f, nil)
+}
+
+func (rt *Router) metricFilterDel(c *gin.Context) {
+	var f idsForm
+	ginx.BindJSON(c, &f)
+	f.Verify()
+
+	me := c.MustGet("user").(*models.User)
+
+	for _, id := range f.Ids {
+		old, err := models.MetricFilterGet(rt.Ctx, id)
+		ginx.Dangerous(err)
+
+		if me.Username != old.CreateBy {
+			gids, err := models.MyGroupIds(rt.Ctx, me.Id)
+			ginx.Dangerous(err)
+
+			if !HasPerm(gids, old.GroupsPerm, true) {
+				ginx.NewRender(c).Message("no permission")
+				return
+			}
+		}
+	}
+
+	ginx.NewRender(c).Message(models.MetricFilterDel(rt.Ctx, f.Ids))
+}
+
+func (rt *Router) metricFilterPut(c *gin.Context) {
+	var f models.MetricFilter
+	ginx.BindJSON(c, &f)
+
+	me := c.MustGet("user").(*models.User)
+	old, err := models.MetricFilterGet(rt.Ctx, f.ID)
+	ginx.Dangerous(err)
+
+	if me.Username != old.CreateBy {
+		gids, err := models.MyGroupIds(rt.Ctx, me.Id)
+		ginx.Dangerous(err)
+
+		if !HasPerm(gids, old.GroupsPerm, true) {
+			ginx.NewRender(c).Message("no permission")
+			return
+		}
+	}
+
+	f.UpdateBy = me.Username
+	ginx.NewRender(c).Message(f.Update(rt.Ctx))
+}
+
+type metricPromqlReq struct {
+	LabelFilter string `json:"label_filter"`
+	Promql      string `json:"promql"`
+}
+
+func (rt *Router) getMetricPromql(c *gin.Context) {
+	var req metricPromqlReq
+	ginx.BindJSON(c, &req)
+
+	promql := prom.AddLabelToPromQL(req.LabelFilter, req.Promql)
+	ginx.NewRender(c).Data(promql, nil)
+}
+
+func HasPerm(gids []int64, gps []models.GroupPerm, checkWrite bool) bool {
+	gmap := make(map[int64]struct{})
+	for _, gp := range gps {
+		if checkWrite && !gp.Write {
+			continue
+		}
+		gmap[gp.Gid] = struct{}{}
+	}
+
+	for _, gid := range gids {
+		if _, ok := gmap[gid]; ok {
+			return true
+		}
+	}
+
+	return false
+}
--- a/center/router/router_builtin_metrics.go
+++ b/center/router/router_builtin_metrics.go
@@ -0,0 +1,116 @@
+package router
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/i18n"
+)
+
+// single or import
+func (rt *Router) builtinMetricsAdd(c *gin.Context) {
+	var lst []models.BuiltinMetric
+	ginx.BindJSON(c, &lst)
+	username := Username(c)
+	count := len(lst)
+	if count == 0 {
+		ginx.Bomb(http.StatusBadRequest, "input json is empty")
+	}
+
+	lang := c.GetHeader("X-Language")
+	if lang == "" {
+		lang = "zh_CN"
+	}
+
+	reterr := make(map[string]string)
+	for i := 0; i < count; i++ {
+		lst[i].Lang = lang
+		lst[i].UUID = time.Now().UnixNano()
+		if err := lst[i].Add(rt.Ctx, username); err != nil {
+			reterr[lst[i].Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+		}
+	}
+	ginx.NewRender(c).Data(reterr, nil)
+}
+
+func (rt *Router) builtinMetricsGets(c *gin.Context) {
+	collector := ginx.QueryStr(c, "collector", "")
+	typ := ginx.QueryStr(c, "typ", "")
+	query := ginx.QueryStr(c, "query", "")
+	limit := ginx.QueryInt(c, "limit", 20)
+	lang := c.GetHeader("X-Language")
+	unit := ginx.QueryStr(c, "unit", "")
+	if lang == "" {
+		lang = "zh_CN"
+	}
+
+	bm, err := models.BuiltinMetricGets(rt.Ctx, lang, collector, typ, query, unit, limit, ginx.Offset(c, limit))
+	ginx.Dangerous(err)
+
+	total, err := models.BuiltinMetricCount(rt.Ctx, lang, collector, typ, query, unit)
+	ginx.Dangerous(err)
+	ginx.NewRender(c).Data(gin.H{
+		"list":  bm,
+		"total": total,
+	}, nil)
+}
+
+func (rt *Router) builtinMetricsPut(c *gin.Context) {
+	var req models.BuiltinMetric
+	ginx.BindJSON(c, &req)
+
+	bm, err := models.BuiltinMetricGet(rt.Ctx, "id = ?", req.ID)
+	ginx.Dangerous(err)
+	if bm == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("No such builtin metric")
+		return
+	}
+	username := Username(c)
+
+	req.UpdatedBy = username
+	ginx.NewRender(c).Message(bm.Update(rt.Ctx, req))
+}
+
+func (rt *Router) builtinMetricsDel(c *gin.Context) {
+	var req idsForm
+	ginx.BindJSON(c, &req)
+	req.Verify()
+
+	ginx.NewRender(c).Message(models.BuiltinMetricDels(rt.Ctx, req.Ids))
+}
+
+func (rt *Router) builtinMetricsDefaultTypes(c *gin.Context) {
+	lst := []string{
+		"Linux",
+		"cAdvisor",
+		"Ping",
+		"MySQL",
+		"Redis",
+		"Kafka",
+		"Elasticsearch",
+		"PostgreSQL",
+		"MongoDB",
+		"Memcached",
+	}
+	ginx.NewRender(c).Data(lst, nil)
+}
+
+func (rt *Router) builtinMetricsTypes(c *gin.Context) {
+	collector := ginx.QueryStr(c, "collector", "")
+	query := ginx.QueryStr(c, "query", "")
+	lang := c.GetHeader("X-Language")
+
+	ginx.NewRender(c).Data(models.BuiltinMetricTypes(rt.Ctx, lang, collector, query))
+}
+
+func (rt *Router) builtinMetricsCollectors(c *gin.Context) {
+	typ := ginx.QueryStr(c, "typ", "")
+	query := ginx.QueryStr(c, "query", "")
+	lang := c.GetHeader("X-Language")
+
+	ginx.NewRender(c).Data(models.BuiltinMetricCollectors(rt.Ctx, lang, typ, query))
+}
--- a/center/router/router_builtin_payload.go
+++ b/center/router/router_builtin_payload.go
@@ -0,0 +1,262 @@
+package router
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/BurntSushi/toml"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/i18n"
+)
+
+type Board struct {
+	Name    string      `json:"name"`
+	Tags    string      `json:"tags"`
+	Configs interface{} `json:"configs"`
+	UUID    int64       `json:"uuid"`
+}
+
+func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
+	var lst []models.BuiltinPayload
+	ginx.BindJSON(c, &lst)
+
+	username := Username(c)
+
+	count := len(lst)
+	if count == 0 {
+		ginx.Bomb(http.StatusBadRequest, "input json is empty")
+	}
+
+	reterr := make(map[string]string)
+	for i := 0; i < count; i++ {
+		if lst[i].Type == "alert" {
+			if strings.HasPrefix(strings.TrimSpace(lst[i].Content), "[") {
+				// 处理多个告警规则模板的情况
+				alertRules := []models.AlertRule{}
+				if err := json.Unmarshal([]byte(lst[i].Content), &alertRules); err != nil {
+					reterr[lst[i].Name] = err.Error()
+				}
+
+				for _, rule := range alertRules {
+					if rule.UUID == 0 {
+						rule.UUID = time.Now().UnixNano()
+					}
+
+					contentBytes, err := json.Marshal(rule)
+					if err != nil {
+						reterr[rule.Name] = err.Error()
+						continue
+					}
+
+					bp := models.BuiltinPayload{
+						Type:        lst[i].Type,
+						ComponentID: lst[i].ComponentID,
+						Cate:        lst[i].Cate,
+						Name:        rule.Name,
+						Tags:        rule.AppendTags,
+						UUID:        rule.UUID,
+						Content:     string(contentBytes),
+						CreatedBy:   username,
+						UpdatedBy:   username,
+					}
+
+					if err := bp.Add(rt.Ctx, username); err != nil {
+						reterr[bp.Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+					}
+				}
+				continue
+			}
+
+			alertRule := models.AlertRule{}
+			if err := json.Unmarshal([]byte(lst[i].Content), &alertRule); err != nil {
+				reterr[lst[i].Name] = err.Error()
+				continue
+			}
+
+			if alertRule.UUID == 0 {
+				alertRule.UUID = time.Now().UnixNano()
+			}
+
+			bp := models.BuiltinPayload{
+				Type:        lst[i].Type,
+				ComponentID: lst[i].ComponentID,
+				Cate:        lst[i].Cate,
+				Name:        alertRule.Name,
+				Tags:        alertRule.AppendTags,
+				UUID:        alertRule.UUID,
+				Content:     lst[i].Content,
+				CreatedBy:   username,
+				UpdatedBy:   username,
+			}
+
+			if err := bp.Add(rt.Ctx, username); err != nil {
+				reterr[bp.Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+			}
+		} else if lst[i].Type == "dashboard" {
+			if strings.HasPrefix(strings.TrimSpace(lst[i].Content), "[") {
+				// 处理多个告警规则模板的情况
+				dashboards := []Board{}
+				if err := json.Unmarshal([]byte(lst[i].Content), &dashboards); err != nil {
+					reterr[lst[i].Name] = err.Error()
+				}
+
+				for _, dashboard := range dashboards {
+					if dashboard.UUID == 0 {
+						dashboard.UUID = time.Now().UnixNano()
+					}
+
+					contentBytes, err := json.Marshal(dashboard)
+					if err != nil {
+						reterr[dashboard.Name] = err.Error()
+						continue
+					}
+
+					bp := models.BuiltinPayload{
+						Type:        lst[i].Type,
+						ComponentID: lst[i].ComponentID,
+						Cate:        lst[i].Cate,
+						Name:        dashboard.Name,
+						Tags:        dashboard.Tags,
+						UUID:        dashboard.UUID,
+						Content:     string(contentBytes),
+						CreatedBy:   username,
+						UpdatedBy:   username,
+					}
+
+					if err := bp.Add(rt.Ctx, username); err != nil {
+						reterr[bp.Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+					}
+				}
+				continue
+			}
+
+			dashboard := Board{}
+			if err := json.Unmarshal([]byte(lst[i].Content), &dashboard); err != nil {
+				reterr[lst[i].Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+				continue
+			}
+
+			if dashboard.UUID == 0 {
+				dashboard.UUID = time.Now().UnixNano()
+			}
+
+			bp := models.BuiltinPayload{
+				Type:        lst[i].Type,
+				ComponentID: lst[i].ComponentID,
+				Cate:        lst[i].Cate,
+				Name:        dashboard.Name,
+				Tags:        dashboard.Tags,
+				UUID:        dashboard.UUID,
+				Content:     lst[i].Content,
+				CreatedBy:   username,
+				UpdatedBy:   username,
+			}
+
+			if err := bp.Add(rt.Ctx, username); err != nil {
+				reterr[bp.Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+			}
+		} else {
+			if lst[i].Type == "collect" {
+				c := make(map[string]interface{})
+				if _, err := toml.Decode(lst[i].Content, &c); err != nil {
+					reterr[lst[i].Name] = err.Error()
+					continue
+				}
+			}
+
+			if err := lst[i].Add(rt.Ctx, username); err != nil {
+				reterr[lst[i].Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+			}
+		}
+
+	}
+
+	ginx.NewRender(c).Data(reterr, nil)
+}
+
+func (rt *Router) builtinPayloadsGets(c *gin.Context) {
+	typ := ginx.QueryStr(c, "type", "")
+	ComponentID := ginx.QueryInt64(c, "component_id", 0)
+
+	cate := ginx.QueryStr(c, "cate", "")
+	query := ginx.QueryStr(c, "query", "")
+
+	lst, err := models.BuiltinPayloadGets(rt.Ctx, uint64(ComponentID), typ, cate, query)
+	ginx.NewRender(c).Data(lst, err)
+}
+
+func (rt *Router) builtinPayloadcatesGet(c *gin.Context) {
+	typ := ginx.QueryStr(c, "type", "")
+	ComponentID := ginx.QueryInt64(c, "component_id", 0)
+
+	cates, err := models.BuiltinPayloadCates(rt.Ctx, typ, uint64(ComponentID))
+	ginx.NewRender(c).Data(cates, err)
+}
+
+func (rt *Router) builtinPayloadGet(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+
+	bp, err := models.BuiltinPayloadGet(rt.Ctx, "id = ?", id)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, err.Error())
+	}
+	if bp == nil {
+		ginx.Bomb(http.StatusNotFound, "builtin payload not found")
+	}
+
+	ginx.NewRender(c).Data(bp, nil)
+}
+
+func (rt *Router) builtinPayloadsPut(c *gin.Context) {
+	var req models.BuiltinPayload
+	ginx.BindJSON(c, &req)
+
+	bp, err := models.BuiltinPayloadGet(rt.Ctx, "id = ?", req.ID)
+	ginx.Dangerous(err)
+
+	if bp == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("No such builtin payload")
+		return
+	}
+
+	if req.Type == "alert" {
+		alertRule := models.AlertRule{}
+		if err := json.Unmarshal([]byte(req.Content), &alertRule); err != nil {
+			ginx.Bomb(http.StatusBadRequest, err.Error())
+		}
+
+		req.Name = alertRule.Name
+		req.Tags = alertRule.AppendTags
+	} else if req.Type == "dashboard" {
+		dashboard := Board{}
+		if err := json.Unmarshal([]byte(req.Content), &dashboard); err != nil {
+			ginx.Bomb(http.StatusBadRequest, err.Error())
+		}
+
+		req.Name = dashboard.Name
+		req.Tags = dashboard.Tags
+	} else if req.Type == "collect" {
+		c := make(map[string]interface{})
+		if _, err := toml.Decode(req.Content, &c); err != nil {
+			ginx.Bomb(http.StatusBadRequest, err.Error())
+		}
+	}
+
+	username := Username(c)
+	req.UpdatedBy = username
+
+	ginx.NewRender(c).Message(bp.Update(rt.Ctx, req))
+}
+
+func (rt *Router) builtinPayloadsDel(c *gin.Context) {
+	var req idsForm
+	ginx.BindJSON(c, &req)
+
+	req.Verify()
+
+	ginx.NewRender(c).Message(models.BuiltinPayloadDels(rt.Ctx, req.Ids))
+}
--- a/center/router/router_configs.go
+++ b/center/router/router_configs.go
@@ -1,13 +1,16 @@
 package router

 import (
-	"github.com/ccfos/nightingale/v6/models"
 	"time"

+	"github.com/ccfos/nightingale/v6/models"
+
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 )

+const EMBEDDEDDASHBOARD = "embedded-dashboards"
+
 func (rt *Router) configsGet(c *gin.Context) {
 	prefix := ginx.QueryStr(c, "prefix", "")
 	limit := ginx.QueryInt(c, "limit", 10)
@@ -33,6 +36,18 @@ func (rt *Router) configPutByKey(c *gin.Context) {
 	ginx.NewRender(c).Message(models.ConfigsSetWithUname(rt.Ctx, f.Ckey, f.Cval, username))
 }

+func (rt *Router) embeddedDashboardsGet(c *gin.Context) {
+	config, err := models.ConfigsGet(rt.Ctx, EMBEDDEDDASHBOARD)
+	ginx.NewRender(c).Data(config, err)
+}
+
+func (rt *Router) embeddedDashboardsPut(c *gin.Context) {
+	var f models.Configs
+	ginx.BindJSON(c, &f)
+	username := c.MustGet("username").(string)
+	ginx.NewRender(c).Message(models.ConfigsSetWithUname(rt.Ctx, EMBEDDEDDASHBOARD, f.Cval, username))
+}
+
 func (rt *Router) configsDel(c *gin.Context) {
 	var f idsForm
 	ginx.BindJSON(c, &f)
--- a/center/router/router_funcs.go
+++ b/center/router/router_funcs.go
@@ -1,17 +1,14 @@
 package router

 import (
-	"fmt"
 	"net/http"
 	"strconv"
 	"strings"

-	"github.com/ccfos/nightingale/v6/alert/aconf"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
-	"github.com/ccfos/nightingale/v6/pkg/ibex"
-	"github.com/gin-gonic/gin"

+	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 )

@@ -68,6 +65,23 @@ func queryDatasourceIds(c *gin.Context) []int64 {
 	return ids
 }

+func queryStrListField(c *gin.Context, fieldName string, sep ...string) []string {
+	str := ginx.QueryStr(c, fieldName, "")
+	if str == "" {
+		return nil
+	}
+
+	lst := []string{str}
+	for _, s := range sep {
+		var newLst []string
+		for _, str := range lst {
+			newLst = append(newLst, strings.Split(str, s)...)
+		}
+		lst = newLst
+	}
+	return lst
+}
+
 type idsForm struct {
 	Ids               []int64 `json:"ids"`
 	IsSyncToFlashDuty bool    `json:"is_sync_to_flashduty"`
@@ -135,31 +149,6 @@ type TaskCreateReply struct {
 	Dat int64  `json:"dat"` // task.id
 }

-// return task.id, error
-func TaskCreate(v interface{}, ibexc aconf.Ibex) (int64, error) {
-	var res TaskCreateReply
-	err := ibex.New(
-		ibexc.Address,
-		ibexc.BasicAuthUser,
-		ibexc.BasicAuthPass,
-		ibexc.Timeout,
-	).
-		Path("/ibex/v1/tasks").
-		In(v).
-		Out(&res).
-		POST()
-
-	if err != nil {
-		return 0, err
-	}
-
-	if res.Err != "" {
-		return 0, fmt.Errorf("response.err: %v", res.Err)
-	}
-
-	return res.Dat, nil
-}
-
 func Username(c *gin.Context) string {
 	username := c.GetString(gin.AuthUserKey)
 	if username == "" {
--- a/center/router/router_heartbeat.go
+++ b/center/router/router_heartbeat.go
@@ -3,19 +3,34 @@ package router
 import (
 	"compress/gzip"
 	"encoding/json"
+	"errors"
 	"io/ioutil"
 	"sort"
 	"strings"
 	"time"

+	"github.com/ccfos/nightingale/v6/center/metas"
+	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pushgw/idents"

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

+type HeartbeatHookFunc func(ident string) map[string]interface{}
+
 func (rt *Router) heartbeat(c *gin.Context) {
+	req, err := HandleHeartbeat(c, rt.Ctx, rt.Alert.Heartbeat.EngineName, rt.MetaSet, rt.IdentSet, rt.TargetCache)
+	ginx.Dangerous(err)
+
+	m := rt.HeartbeatHook(req.Hostname)
+	ginx.NewRender(c).Data(m, err)
+}
+
+func HandleHeartbeat(c *gin.Context, ctx *ctx.Context, engineName string, metaSet *metas.Set, identSet *idents.Set, targetCache *memsto.TargetCacheType) (models.HostMeta, error) {
 	var bs []byte
 	var err error
 	var r *gzip.Reader
@@ -24,7 +39,7 @@ func (rt *Router) heartbeat(c *gin.Context) {
 		r, err = gzip.NewReader(c.Request.Body)
 		if err != nil {
 			c.String(400, err.Error())
-			return
+			return req, err
 		}
 		defer r.Close()
 		bs, err = ioutil.ReadAll(r)
@@ -32,11 +47,19 @@ func (rt *Router) heartbeat(c *gin.Context) {
 	} else {
 		defer c.Request.Body.Close()
 		bs, err = ioutil.ReadAll(c.Request.Body)
-		ginx.Dangerous(err)
+		if err != nil {
+			return req, err
+		}
 	}

 	err = json.Unmarshal(bs, &req)
-	ginx.Dangerous(err)
+	if err != nil {
+		return req, err
+	}
+
+	if req.Hostname == "" {
+		return req, errors.New("hostname is required")
+	}

 	// maybe from pushgw
 	if req.Offset == 0 {
@@ -48,51 +71,100 @@ func (rt *Router) heartbeat(c *gin.Context) {
 	}

 	if req.EngineName == "" {
-		req.EngineName = rt.Alert.Heartbeat.EngineName
+		req.EngineName = engineName
 	}

-	rt.MetaSet.Set(req.Hostname, req)
+	metaSet.Set(req.Hostname, req)
 	var items = make(map[string]struct{})
 	items[req.Hostname] = struct{}{}
-	rt.IdentSet.MSet(items)
+	identSet.MSet(items)

-	if target, has := rt.TargetCache.Get(req.Hostname); has && target != nil {
+	if target, has := targetCache.Get(req.Hostname); has && target != nil {
 		gid := ginx.QueryInt64(c, "gid", 0)
 		hostIp := strings.TrimSpace(req.HostIp)

-		filed := make(map[string]interface{})
+		newTarget := models.Target{}
+		targetNeedUpdate := false
 		if gid != 0 && gid != target.GroupId {
-			filed["group_id"] = gid
+			newTarget.GroupId = gid
+			targetNeedUpdate = true
 		}

 		if hostIp != "" && hostIp != target.HostIp {
-			filed["host_ip"] = hostIp
+			newTarget.HostIp = hostIp
+			targetNeedUpdate = true
 		}

-		if len(req.GlobalLabels) > 0 {
+		hostTagsMap := target.GetHostTagsMap()
+		hostTagNeedUpdate := false
+		if len(hostTagsMap) != len(req.GlobalLabels) {
+			hostTagNeedUpdate = true
+		} else {
+			for k, v := range req.GlobalLabels {
+				if v == "" {
+					continue
+				}
+
+				if tagv, ok := hostTagsMap[k]; !ok || tagv != v {
+					hostTagNeedUpdate = true
+					break
+				}
+			}
+		}
+
+		if hostTagNeedUpdate {
 			lst := []string{}
 			for k, v := range req.GlobalLabels {
 				lst = append(lst, k+"="+v)
 			}
 			sort.Strings(lst)
-			labels := strings.Join(lst, " ")
-			if target.Tags != labels {
-				filed["tags"] = labels
+			newTarget.HostTags = lst
+			targetNeedUpdate = true
+		}
+
+		userTagsMap := target.GetTagsMap()
+		userTagNeedUpdate := false
+		userTags := []string{}
+		for k, v := range userTagsMap {
+			if v == "" {
+				continue
+			}
+
+			if _, ok := req.GlobalLabels[k]; !ok {
+				userTags = append(userTags, k+"="+v)
+			} else { // 该key在hostTags中已经存在
+				userTagNeedUpdate = true
 			}
 		}

-		if req.EngineName != "" && req.EngineName != target.EngineName {
-			filed["engine_name"] = req.EngineName
+		if userTagNeedUpdate {
+			newTarget.Tags = strings.Join(userTags, " ") + " "
+			targetNeedUpdate = true
 		}

-		if len(filed) > 0 {
-			err := target.UpdateFieldsMap(rt.Ctx, filed)
+		if req.EngineName != "" && req.EngineName != target.EngineName {
+			newTarget.EngineName = req.EngineName
+			targetNeedUpdate = true
+		}
+
+		if req.AgentVersion != "" && req.AgentVersion != target.AgentVersion {
+			newTarget.AgentVersion = req.AgentVersion
+			targetNeedUpdate = true
+		}
+
+		if req.OS != "" && req.OS != target.OS {
+			newTarget.OS = req.OS
+			targetNeedUpdate = true
+		}
+
+		if targetNeedUpdate {
+			err := models.DB(ctx).Model(&target).Updates(newTarget).Error
 			if err != nil {
 				logger.Errorf("update target fields failed, err: %v", err)
 			}
 		}
-		logger.Debugf("heartbeat field:%+v target: %v", filed, *target)
+		logger.Debugf("heartbeat field:%+v target: %v", newTarget, *target)
 	}

-	ginx.NewRender(c).Message(err)
+	return req, nil
 }
--- a/center/router/router_login.go
+++ b/center/router/router_login.go
@@ -55,12 +55,12 @@ func (rt *Router) loginPost(c *gin.Context) {
 	var err error
 	lc := rt.Sso.LDAP.Copy()
 	if lc.Enable {
-		user, err = ldapx.LdapLogin(rt.Ctx, f.Username, authPassWord, lc.DefaultRoles, lc)
+		user, err = ldapx.LdapLogin(rt.Ctx, f.Username, authPassWord, lc.DefaultRoles, lc.DefaultTeams, lc)
 		if err != nil {
 			logger.Debugf("ldap login failed: %v username: %s", err, f.Username)
 			var errLoginInN9e error
 			// to use n9e as the minimum guarantee for login
-			if user, errLoginInN9e = models.PassLogin(rt.Ctx, f.Username, authPassWord); errLoginInN9e != nil {
+			if user, errLoginInN9e = models.PassLogin(rt.Ctx, rt.Redis, f.Username, authPassWord); errLoginInN9e != nil {
 				ginx.NewRender(c).Message("ldap login failed: %v; n9e login failed: %v", err, errLoginInN9e)
 				return
 			}
@@ -68,7 +68,7 @@ func (rt *Router) loginPost(c *gin.Context) {
 			user.RolesLst = strings.Fields(user.Roles)
 		}
 	} else {
-		user, err = models.PassLogin(rt.Ctx, f.Username, authPassWord)
+		user, err = models.PassLogin(rt.Ctx, rt.Redis, f.Username, authPassWord)
 		ginx.Dangerous(err)
 	}

@@ -92,7 +92,7 @@ func (rt *Router) loginPost(c *gin.Context) {
 }

 func (rt *Router) logoutPost(c *gin.Context) {
-	logger.Infof("username:%s login from:%s", c.GetString("username"), c.ClientIP())
+	logger.Infof("username:%s logout from:%s", c.GetString("username"), c.ClientIP())
 	metadata, err := rt.extractTokenMetadata(c.Request)
 	if err != nil {
 		ginx.NewRender(c, http.StatusBadRequest).Message("failed to parse jwt token")
@@ -262,6 +262,15 @@ func (rt *Router) loginCallback(c *gin.Context) {
 		user.FullSsoFields("oidc", ret.Username, ret.Nickname, ret.Phone, ret.Email, rt.Sso.OIDC.DefaultRoles)
 		// create user from oidc
 		ginx.Dangerous(user.Add(rt.Ctx))
+
+		if len(rt.Sso.OIDC.DefaultTeams) > 0 {
+			for _, gid := range rt.Sso.OIDC.DefaultTeams {
+				err = models.UserGroupMemberAdd(rt.Ctx, gid, user.Id)
+				if err != nil {
+					logger.Errorf("user:%v UserGroupMemberAdd: %s", user, err)
+				}
+			}
+		}
 	}

 	// set user login state
--- a/center/router/router_mute.go
+++ b/center/router/router_mute.go
@@ -33,6 +33,11 @@ func (rt *Router) alertMuteGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

@@ -90,7 +95,8 @@ func (rt *Router) alertMuteAddByService(c *gin.Context) {
 	var f models.AlertMute
 	ginx.BindJSON(c, &f)

-	ginx.NewRender(c).Message(f.Add(rt.Ctx))
+	err := f.Add(rt.Ctx)
+	ginx.NewRender(c).Data(f.Id, err)
 }

 func (rt *Router) alertMuteDel(c *gin.Context) {
@@ -101,7 +107,7 @@ func (rt *Router) alertMuteDel(c *gin.Context) {
 	ginx.NewRender(c).Message(models.AlertMuteDel(rt.Ctx, f.Ids))
 }

-// alertMuteGetById returns the alert mute by ID
+// alertMuteGet returns the alert mute by ID
 func (rt *Router) alertMuteGet(c *gin.Context) {
 	amid := ginx.UrlParamInt64(c, "amid")
 	am, err := models.AlertMuteGetById(rt.Ctx, amid)
--- a/center/router/router_mw.go
+++ b/center/router/router_mw.go
@@ -92,6 +92,10 @@ func (rt *Router) jwtAuth() gin.HandlerFunc {
 	}
 }

+func (rt *Router) Auth() gin.HandlerFunc {
+	return rt.auth()
+}
+
 func (rt *Router) auth() gin.HandlerFunc {
 	if rt.HTTP.ProxyAuth.Enable {
 		return rt.proxyAuth()
@@ -120,6 +124,10 @@ func (rt *Router) jwtMock() gin.HandlerFunc {
 	}
 }

+func (rt *Router) User() gin.HandlerFunc {
+	return rt.user()
+}
+
 func (rt *Router) user() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		userid := c.MustGet("userid").(int64)
@@ -135,6 +143,8 @@ func (rt *Router) user() gin.HandlerFunc {

 		c.Set("user", user)
 		c.Set("isadmin", user.IsAdmin())
+		// Update user.LastActiveTime
+		rt.UserCache.SetLastActiveTime(user.Id, time.Now().Unix())
 		c.Next()
 	}
 }
@@ -174,6 +184,10 @@ func (rt *Router) bgro() gin.HandlerFunc {
 }

 // bgrw 逐步要被干掉，不安全
+func (rt *Router) Bgrw() gin.HandlerFunc {
+	return rt.bgrw()
+}
+
 func (rt *Router) bgrw() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		me := c.MustGet("user").(*models.User)
@@ -233,6 +247,10 @@ func (rt *Router) bgroCheck(c *gin.Context, bgid int64) {
 	c.Set("busi_group", bg)
 }

+func (rt *Router) Perm(operation string) gin.HandlerFunc {
+	return rt.perm(operation)
+}
+
 func (rt *Router) perm(operation string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		me := c.MustGet("user").(*models.User)
--- a/center/router/router_notification_record.go
+++ b/center/router/router_notification_record.go
@@ -0,0 +1,205 @@
+package router
+
+import (
+	"strings"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/logger"
+)
+
+type NotificationResponse struct {
+	SubRules []SubRule           `json:"sub_rules"`
+	Notifies map[string][]Record `json:"notifies"`
+}
+
+type SubRule struct {
+	SubID    int64               `json:"sub_id"`
+	Notifies map[string][]Record `json:"notifies"`
+}
+
+type Notify struct {
+	Channel string   `json:"channel"`
+	Records []Record `json:"records"`
+}
+
+type Record struct {
+	Target   string `json:"target"`
+	Username string `json:"username"`
+	Status   int    `json:"status"`
+	Detail   string `json:"detail"`
+}
+
+// notificationRecordAdd
+func (rt *Router) notificationRecordAdd(c *gin.Context) {
+	var req models.NotificaitonRecord
+	ginx.BindJSON(c, &req)
+	err := req.Add(rt.Ctx)
+
+	ginx.NewRender(c).Data(req.Id, err)
+}
+
+func (rt *Router) notificationRecordList(c *gin.Context) {
+	eid := ginx.UrlParamInt64(c, "eid")
+	lst, err := models.NotificaitonRecordsGetByEventId(rt.Ctx, eid)
+	ginx.Dangerous(err)
+
+	response := buildNotificationResponse(rt.Ctx, lst)
+	ginx.NewRender(c).Data(response, nil)
+}
+
+func buildNotificationResponse(ctx *ctx.Context, nl []*models.NotificaitonRecord) NotificationResponse {
+	response := NotificationResponse{
+		SubRules: []SubRule{},
+		Notifies: make(map[string][]Record),
+	}
+
+	subRuleMap := make(map[int64]*SubRule)
+
+	// Collect all group IDs
+	groupIdSet := make(map[int64]struct{})
+
+	// map[SubId]map[Channel]map[Target]index
+	filter := make(map[int64]map[string]map[string]int)
+
+	for i, n := range nl {
+		// 对相同的 channel-target 进行合并
+		for _, gid := range n.GetGroupIds(ctx) {
+			groupIdSet[gid] = struct{}{}
+		}
+
+		if _, exists := filter[n.SubId]; !exists {
+			filter[n.SubId] = make(map[string]map[string]int)
+		}
+
+		if _, exists := filter[n.SubId][n.Channel]; !exists {
+			filter[n.SubId][n.Channel] = make(map[string]int)
+		}
+
+		idx, exists := filter[n.SubId][n.Channel][n.Target]
+		if !exists {
+			filter[n.SubId][n.Channel][n.Target] = i
+		} else {
+			if nl[idx].Status < n.Status {
+				nl[idx].Status = n.Status
+			}
+			nl[idx].Details = nl[idx].Details + ", " + n.Details
+			nl[i] = nil
+		}
+
+	}
+
+	// Fill usernames only once
+	usernameByTarget := fillUserNames(ctx, groupIdSet)
+
+	for _, n := range nl {
+		if n == nil {
+			continue
+		}
+
+		m := usernameByTarget[n.Target]
+		usernames := make([]string, 0, len(m))
+		for k := range m {
+			usernames = append(usernames, k)
+		}
+
+		if !checkChannel(n.Channel) {
+			// Hide sensitive information
+			n.Target = replaceLastEightChars(n.Target)
+		}
+		record := Record{
+			Target: n.Target,
+			Status: n.Status,
+			Detail: n.Details,
+		}
+
+		record.Username = strings.Join(usernames, ",")
+
+		if n.SubId > 0 {
+			// Handle SubRules
+			subRule, ok := subRuleMap[n.SubId]
+			if !ok {
+				newSubRule := &SubRule{
+					SubID: n.SubId,
+				}
+				newSubRule.Notifies = make(map[string][]Record)
+				newSubRule.Notifies[n.Channel] = []Record{record}
+
+				subRuleMap[n.SubId] = newSubRule
+			} else {
+				if _, exists := subRule.Notifies[n.Channel]; !exists {
+
+					subRule.Notifies[n.Channel] = []Record{record}
+				} else {
+					subRule.Notifies[n.Channel] = append(subRule.Notifies[n.Channel], record)
+				}
+			}
+			continue
+		}
+
+		if response.Notifies == nil {
+			response.Notifies = make(map[string][]Record)
+		}
+
+		if _, exists := response.Notifies[n.Channel]; !exists {
+			response.Notifies[n.Channel] = []Record{record}
+		} else {
+			response.Notifies[n.Channel] = append(response.Notifies[n.Channel], record)
+		}
+	}
+
+	for _, subRule := range subRuleMap {
+		response.SubRules = append(response.SubRules, *subRule)
+	}
+
+	return response
+}
+
+// check channel is one of the following:  tx-sms, tx-voice, ali-sms, ali-voice, email, script
+func checkChannel(channel string) bool {
+	switch channel {
+	case "tx-sms", "tx-voice", "ali-sms", "ali-voice", "email", "script":
+		return true
+	}
+	return false
+}
+
+func replaceLastEightChars(s string) string {
+	if len(s) <= 8 {
+		return strings.Repeat("*", len(s))
+	}
+	return s[:len(s)-8] + strings.Repeat("*", 8)
+}
+
+func fillUserNames(ctx *ctx.Context, groupIdSet map[int64]struct{}) map[string]map[string]struct{} {
+	userNameByTarget := make(map[string]map[string]struct{})
+
+	gids := make([]int64, 0, len(groupIdSet))
+	for gid := range groupIdSet {
+		gids = append(gids, gid)
+	}
+
+	users, err := models.UsersGetByGroupIds(ctx, gids)
+	if err != nil {
+		logger.Errorf("UsersGetByGroupIds failed, err: %v", err)
+		return userNameByTarget
+	}
+
+	for _, user := range users {
+		logger.Warningf("user: %s", user.Username)
+		for _, ch := range models.DefaultChannels {
+			target, exist := user.ExtractToken(ch)
+			if exist {
+				if _, ok := userNameByTarget[target]; !ok {
+					userNameByTarget[target] = make(map[string]struct{})
+				}
+				userNameByTarget[target][user.Username] = struct{}{}
+			}
+		}
+	}
+
+	return userNameByTarget
+}
--- a/center/router/router_notify_config.go
+++ b/center/router/router_notify_config.go
@@ -90,7 +90,8 @@ func (rt *Router) notifyChannelPuts(c *gin.Context) {
 	var notifyChannels []models.NotifyChannel
 	ginx.BindJSON(c, &notifyChannels)

-	channels := []string{models.Dingtalk, models.Wecom, models.Feishu, models.Mm, models.Telegram, models.Email}
+	channels := []string{models.Dingtalk, models.Wecom, models.Feishu, models.Mm, models.Telegram,
+		models.Email, models.Lark, models.LarkCard}

 	m := make(map[string]struct{})
 	for _, v := range notifyChannels {
@@ -126,7 +127,8 @@ func (rt *Router) notifyContactPuts(c *gin.Context) {
 	var notifyContacts []models.NotifyContact
 	ginx.BindJSON(c, &notifyContacts)

-	keys := []string{models.DingtalkKey, models.WecomKey, models.FeishuKey, models.MmKey, models.TelegramKey}
+	keys := []string{models.DingtalkKey, models.WecomKey, models.FeishuKey, models.MmKey,
+		models.TelegramKey, models.LarkKey}

 	m := make(map[string]struct{})
 	for _, v := range notifyContacts {
@@ -169,10 +171,6 @@ func (rt *Router) notifyConfigPut(c *gin.Context) {
 		var smtp aconf.SMTPConfig
 		err := toml.Unmarshal([]byte(text), &smtp)
 		ginx.Dangerous(err)
-	case models.IBEX:
-		var ibex aconf.Ibex
-		err := toml.Unmarshal([]byte(f.Cval), &ibex)
-		ginx.Dangerous(err)
 	default:
 		ginx.Bomb(200, "key %s can not modify", f.Ckey)
 	}
@@ -184,7 +182,7 @@ func (rt *Router) notifyConfigPut(c *gin.Context) {

 		smtp, errSmtp := SmtpValidate(text)
 		ginx.Dangerous(errSmtp)
-		go sender.RestartEmailSender(smtp)
+		go sender.RestartEmailSender(rt.Ctx, smtp)
 	}

 	ginx.NewRender(c).Message(nil)
--- a/center/router/router_notify_tpl.go
+++ b/center/router/router_notify_tpl.go
@@ -68,7 +68,7 @@ func (rt *Router) notifyTplUpdate(c *gin.Context) {
 	}

 	// get the count of the same channel and name but different id
-	count, err := models.Count(models.DB(rt.Ctx).Model(&models.NotifyTpl{}).Where("channel = ? or name = ? and id <> ?", f.Channel, f.Name, f.Id))
+	count, err := models.Count(models.DB(rt.Ctx).Model(&models.NotifyTpl{}).Where("(channel = ? or name = ?) and id <> ?", f.Channel, f.Name, f.Id))
 	ginx.Dangerous(err)
 	if count != 0 {
 		ginx.Bomb(200, "Refuse to create duplicate channel or name")
--- a/center/router/router_recording_rule.go
+++ b/center/router/router_recording_rule.go
@@ -32,6 +32,11 @@ func (rt *Router) recordingRuleGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

--- a/center/router/router_self.go
+++ b/center/router/router_self.go
@@ -2,10 +2,13 @@ package router

 import (
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/flashduty"
 	"github.com/ccfos/nightingale/v6/pkg/ormx"
+	"github.com/ccfos/nightingale/v6/pkg/secu"

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/logger"
 )

 func (rt *Router) selfProfileGet(c *gin.Context) {
@@ -29,6 +32,11 @@ func (rt *Router) selfProfilePut(c *gin.Context) {
 	ginx.BindJSON(c, &f)

 	user := c.MustGet("user").(*models.User)
+	oldInfo := models.User{
+		Username: user.Username,
+		Phone:    user.Phone,
+		Email:    user.Email,
+	}
 	user.Nickname = f.Nickname
 	user.Phone = f.Phone
 	user.Email = f.Email
@@ -36,6 +44,10 @@ func (rt *Router) selfProfilePut(c *gin.Context) {
 	user.Contacts = f.Contacts
 	user.UpdateBy = user.Username

+	if flashduty.NeedSyncUser(rt.Ctx) {
+		flashduty.UpdateUser(rt.Ctx, oldInfo, f.Email, f.Phone)
+	}
+
 	ginx.NewRender(c).Message(user.UpdateAllFields(rt.Ctx))
 }

@@ -48,5 +60,25 @@ func (rt *Router) selfPasswordPut(c *gin.Context) {
 	var f selfPasswordForm
 	ginx.BindJSON(c, &f)
 	user := c.MustGet("user").(*models.User)
-	ginx.NewRender(c).Message(user.ChangePassword(rt.Ctx, f.OldPass, f.NewPass))
+
+	newPassWord := f.NewPass
+	oldPassWord := f.OldPass
+	if rt.HTTP.RSA.OpenRSA {
+		var err error
+		newPassWord, err = secu.Decrypt(f.NewPass, rt.HTTP.RSA.RSAPrivateKey, rt.HTTP.RSA.RSAPassWord)
+		if err != nil {
+			logger.Errorf("RSA Decrypt failed: %v username: %s", err, user.Username)
+			ginx.NewRender(c).Message(err)
+			return
+		}
+
+		oldPassWord, err = secu.Decrypt(f.OldPass, rt.HTTP.RSA.RSAPrivateKey, rt.HTTP.RSA.RSAPassWord)
+		if err != nil {
+			logger.Errorf("RSA Decrypt failed: %v username: %s", err, user.Username)
+			ginx.NewRender(c).Message(err)
+			return
+		}
+	}
+
+	ginx.NewRender(c).Message(user.ChangePassword(rt.Ctx, oldPassWord, newPassWord))
 }
--- a/center/router/router_target.go
+++ b/center/router/router_target.go
@@ -49,6 +49,11 @@ func (rt *Router) targetGets(c *gin.Context) {
 	downtime := ginx.QueryInt64(c, "downtime", 0)
 	dsIds := queryDatasourceIds(c)

+	order := ginx.QueryStr(c, "order", "ident")
+	desc := ginx.QueryBool(c, "desc", false)
+
+	hosts := queryStrListField(c, "hosts", ",", " ", "\n")
+
 	var err error
 	if len(bgids) == 0 {
 		user := c.MustGet("user").(*models.User)
@@ -62,11 +67,18 @@ func (rt *Router) targetGets(c *gin.Context) {
 			bgids = append(bgids, 0)
 		}
 	}
-
-	total, err := models.TargetTotal(rt.Ctx, bgids, dsIds, query, downtime)
+	options := []models.BuildTargetWhereOption{
+		models.BuildTargetWhereWithBgids(bgids),
+		models.BuildTargetWhereWithDsIds(dsIds),
+		models.BuildTargetWhereWithQuery(query),
+		models.BuildTargetWhereWithDowntime(downtime),
+		models.BuildTargetWhereWithHosts(hosts),
+	}
+	total, err := models.TargetTotal(rt.Ctx, options...)
 	ginx.Dangerous(err)

-	list, err := models.TargetGets(rt.Ctx, bgids, dsIds, query, downtime, limit, ginx.Offset(c, limit))
+	list, err := models.TargetGets(rt.Ctx, limit,
+		ginx.Offset(c, limit), order, desc, options...)
 	ginx.Dangerous(err)

 	if err == nil {
@@ -148,178 +160,250 @@ func (rt *Router) targetGetsByService(c *gin.Context) {
 func (rt *Router) targetGetTags(c *gin.Context) {
 	idents := ginx.QueryStr(c, "idents", "")
 	idents = strings.ReplaceAll(idents, ",", " ")
-	lst, err := models.TargetGetTags(rt.Ctx, strings.Fields(idents))
+	ignoreHostTag := ginx.QueryBool(c, "ignore_host_tag", false)
+	lst, err := models.TargetGetTags(rt.Ctx, strings.Fields(idents), ignoreHostTag)
 	ginx.NewRender(c).Data(lst, err)
 }

 type targetTagsForm struct {
-	Idents []string `json:"idents" binding:"required"`
-	Tags   []string `json:"tags" binding:"required"`
+	Idents  []string `json:"idents" binding:"required_without=HostIps"`
+	HostIps []string `json:"host_ips" binding:"required_without=Idents"`
+	Tags    []string `json:"tags" binding:"required"`
 }

 func (rt *Router) targetBindTagsByFE(c *gin.Context) {
 	var f targetTagsForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
 	}

 	rt.checkTargetPerm(c, f.Idents)

-	ginx.NewRender(c).Message(rt.targetBindTags(f))
+	ginx.NewRender(c).Data(rt.targetBindTags(f, failedResults))
 }

 func (rt *Router) targetBindTagsByService(c *gin.Context) {
 	var f targetTagsForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
 	}

-	ginx.NewRender(c).Message(rt.targetBindTags(f))
+	ginx.NewRender(c).Data(rt.targetBindTags(f, failedResults))
 }

-func (rt *Router) targetBindTags(f targetTagsForm) error {
-	for i := 0; i < len(f.Tags); i++ {
-		arr := strings.Split(f.Tags[i], "=")
+func (rt *Router) targetBindTags(f targetTagsForm, failedIdents map[string]string) (map[string]string, error) {
+	// 1. Check tags
+	if err := rt.validateTags(f.Tags); err != nil {
+		return nil, err
+	}
+
+	// 2. Acquire targets by idents
+	targets, err := models.TargetsGetByIdents(rt.Ctx, f.Idents)
+	if err != nil {
+		return nil, err
+	}
+
+	// 3. Add tags to targets
+	for _, target := range targets {
+		if err = rt.addTagsToTarget(target, f.Tags); err != nil {
+			failedIdents[target.Ident] = err.Error()
+		}
+	}
+
+	return failedIdents, nil
+}
+
+func (rt *Router) validateTags(tags []string) error {
+	for _, tag := range tags {
+		arr := strings.Split(tag, "=")
 		if len(arr) != 2 {
-			return fmt.Errorf("invalid tag(%s)", f.Tags[i])
+			return fmt.Errorf("invalid tag format: %s (expected format: key=value)", tag)
 		}

-		if strings.TrimSpace(arr[0]) == "" || strings.TrimSpace(arr[1]) == "" {
-			return fmt.Errorf("invalid tag(%s)", f.Tags[i])
+		key, value := strings.TrimSpace(arr[0]), strings.TrimSpace(arr[1])
+		if key == "" {
+			return fmt.Errorf("invalid tag: key is empty in tag %s", tag)
+		}
+		if value == "" {
+			return fmt.Errorf("invalid tag: value is empty in tag %s", tag)
 		}

-		if strings.IndexByte(arr[0], '.') != -1 {
-			return fmt.Errorf("invalid tagkey(%s): cannot contains . ", arr[0])
+		if strings.Contains(key, ".") {
+			return fmt.Errorf("invalid tag key: %s (key cannot contain '.')", key)
 		}

-		if strings.IndexByte(arr[0], '-') != -1 {
-			return fmt.Errorf("invalid tagkey(%s): cannot contains -", arr[0])
+		if strings.Contains(key, "-") {
+			return fmt.Errorf("invalid tag key: %s (key cannot contain '-')", key)
 		}

-		if !model.LabelNameRE.MatchString(arr[0]) {
-			return fmt.Errorf("invalid tagkey(%s)", arr[0])
+		if !model.LabelNameRE.MatchString(key) {
+			return fmt.Errorf("invalid tag key: %s "+
+				"(key must start with a letter or underscore, followed by letters, digits, or underscores)", key)
 		}
 	}

-	for i := 0; i < len(f.Idents); i++ {
-		target, err := models.TargetGetByIdent(rt.Ctx, f.Idents[i])
-		if err != nil {
-			return err
-		}
-
-		if target == nil {
-			continue
-		}
-
-		// 不能有同key的标签，否则附到时序数据上会产生覆盖，让人困惑
-		for j := 0; j < len(f.Tags); j++ {
-			tagkey := strings.Split(f.Tags[j], "=")[0]
-			tagkeyPrefix := tagkey + "="
-			if strings.HasPrefix(target.Tags, tagkeyPrefix) {
-				return fmt.Errorf("duplicate tagkey(%s)", tagkey)
-			}
-		}
-
-		err = target.AddTags(rt.Ctx, f.Tags)
-		if err != nil {
-			return err
-		}
-	}
 	return nil
 }

+func (rt *Router) addTagsToTarget(target *models.Target, tags []string) error {
+	hostTagsMap := target.GetHostTagsMap()
+	for _, tag := range tags {
+		tagKey := strings.Split(tag, "=")[0]
+		if _, ok := hostTagsMap[tagKey]; ok ||
+			strings.Contains(target.Tags, tagKey+"=") {
+			return fmt.Errorf("duplicate tagkey(%s)", tagKey)
+		}
+	}
+
+	return target.AddTags(rt.Ctx, tags)
+}
+
 func (rt *Router) targetUnbindTagsByFE(c *gin.Context) {
 	var f targetTagsForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
 	}

 	rt.checkTargetPerm(c, f.Idents)

-	ginx.NewRender(c).Message(rt.targetUnbindTags(f))
+	ginx.NewRender(c).Data(rt.targetUnbindTags(f, failedResults))
 }

 func (rt *Router) targetUnbindTagsByService(c *gin.Context) {
 	var f targetTagsForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
 	}

-	ginx.NewRender(c).Message(rt.targetUnbindTags(f))
+	ginx.NewRender(c).Data(rt.targetUnbindTags(f, failedResults))
 }

-func (rt *Router) targetUnbindTags(f targetTagsForm) error {
-	for i := 0; i < len(f.Idents); i++ {
-		target, err := models.TargetGetByIdent(rt.Ctx, f.Idents[i])
-		if err != nil {
-			return err
-		}
-
-		if target == nil {
-			continue
-		}
+func (rt *Router) targetUnbindTags(f targetTagsForm, failedIdents map[string]string) (map[string]string, error) {
+	// 1. Acquire targets by idents
+	targets, err := models.TargetsGetByIdents(rt.Ctx, f.Idents)
+	if err != nil {
+		return nil, err
+	}

+	// 2. Remove tags from targets
+	for _, target := range targets {
 		err = target.DelTags(rt.Ctx, f.Tags)
 		if err != nil {
-			return err
+			failedIdents[target.Ident] = err.Error()
+			continue
 		}
 	}
-	return nil
+
+	return failedIdents, nil
 }

 type targetNoteForm struct {
-	Idents []string `json:"idents" binding:"required"`
-	Note   string   `json:"note"`
+	Idents  []string `json:"idents" binding:"required_without=HostIps"`
+	HostIps []string `json:"host_ips" binding:"required_without=Idents"`
+	Note    string   `json:"note"`
 }

 func (rt *Router) targetUpdateNote(c *gin.Context) {
 	var f targetNoteForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
 	}

 	rt.checkTargetPerm(c, f.Idents)

-	ginx.NewRender(c).Message(models.TargetUpdateNote(rt.Ctx, f.Idents, f.Note))
+	ginx.NewRender(c).Data(failedResults, models.TargetUpdateNote(rt.Ctx, f.Idents, f.Note))
 }

 func (rt *Router) targetUpdateNoteByService(c *gin.Context) {
 	var f targetNoteForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
 	}

-	ginx.NewRender(c).Message(models.TargetUpdateNote(rt.Ctx, f.Idents, f.Note))
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
+	}
+
+	ginx.NewRender(c).Data(failedResults, models.TargetUpdateNote(rt.Ctx, f.Idents, f.Note))
 }

 type targetBgidForm struct {
-	Idents []string `json:"idents" binding:"required"`
-	Bgid   int64    `json:"bgid"`
+	Idents  []string `json:"idents" binding:"required_without=HostIps"`
+	HostIps []string `json:"host_ips" binding:"required_without=Idents"`
+	Bgid    int64    `json:"bgid"`
 }

 func (rt *Router) targetUpdateBgid(c *gin.Context) {
 	var f targetBgidForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
 	}

 	user := c.MustGet("user").(*models.User)
 	if user.IsAdmin() {
-		ginx.NewRender(c).Message(models.TargetUpdateBgid(rt.Ctx, f.Idents, f.Bgid, false))
+		ginx.NewRender(c).Data(failedResults, models.TargetUpdateBgid(rt.Ctx, f.Idents, f.Bgid, false))
 		return
 	}

@@ -361,24 +445,69 @@ func (rt *Router) targetUpdateBgid(c *gin.Context) {
 		ginx.Bomb(http.StatusBadRequest, "invalid bgid")
 	}

-	ginx.NewRender(c).Message(models.TargetUpdateBgid(rt.Ctx, f.Idents, f.Bgid, false))
+	ginx.NewRender(c).Data(failedResults, models.TargetUpdateBgid(rt.Ctx, f.Idents, f.Bgid, false))
+}
+
+func (rt *Router) targetUpdateBgidByService(c *gin.Context) {
+	var f targetBgidForm
+	var err error
+	var failedResults = make(map[string]string)
+	ginx.BindJSON(c, &f)
+
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
+	}
+
+	ginx.NewRender(c).Data(failedResults, models.TargetUpdateBgid(rt.Ctx, f.Idents, f.Bgid, false))
 }

 type identsForm struct {
-	Idents []string `json:"idents" binding:"required"`
+	Idents  []string `json:"idents" binding:"required_without=HostIps"`
+	HostIps []string `json:"host_ips" binding:"required_without=Idents"`
 }

 func (rt *Router) targetDel(c *gin.Context) {
 	var f identsForm
+	var err error
+	var failedResults = make(map[string]string)
 	ginx.BindJSON(c, &f)

-	if len(f.Idents) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "idents empty")
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
 	}

-	rt.checkTargetPerm(c, f.Idents)
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
+	}

-	ginx.NewRender(c).Message(models.TargetDel(rt.Ctx, f.Idents))
+	ginx.NewRender(c).Data(failedResults, models.TargetDel(rt.Ctx, f.Idents))
+}
+
+func (rt *Router) targetDelByService(c *gin.Context) {
+	var f identsForm
+	var err error
+	var failedResults = make(map[string]string)
+	ginx.BindJSON(c, &f)
+
+	if len(f.Idents) == 0 && len(f.HostIps) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "idents or host_ips must be provided")
+	}
+
+	// Acquire idents by idents and hostIps
+	failedResults, f.Idents, err = models.TargetsGetIdentsByIdentsAndHostIps(rt.Ctx, f.Idents, f.HostIps)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
+	}
+
+	ginx.NewRender(c).Data(failedResults, models.TargetDel(rt.Ctx, f.Idents))
 }

 func (rt *Router) checkTargetPerm(c *gin.Context, idents []string) {
--- a/center/router/router_task.go
+++ b/center/router/router_task.go
@@ -1,17 +1,14 @@
 package router

 import (
-	"fmt"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"strings"
 	"time"

+	"github.com/ccfos/nightingale/v6/alert/sender"
 	"github.com/ccfos/nightingale/v6/models"

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/i18n"
 	"github.com/toolkits/pkg/str"
 )

@@ -54,6 +51,11 @@ func (rt *Router) taskGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

@@ -96,71 +98,6 @@ type taskForm struct {
 	Hosts     []string `json:"hosts" binding:"required"`
 }

-func (f *taskForm) Verify() error {
-	if f.Batch < 0 {
-		return fmt.Errorf("arg(batch) should be nonnegative")
-	}
-
-	if f.Tolerance < 0 {
-		return fmt.Errorf("arg(tolerance) should be nonnegative")
-	}
-
-	if f.Timeout < 0 {
-		return fmt.Errorf("arg(timeout) should be nonnegative")
-	}
-
-	if f.Timeout > 3600*24 {
-		return fmt.Errorf("arg(timeout) longer than one day")
-	}
-
-	if f.Timeout == 0 {
-		f.Timeout = 30
-	}
-
-	f.Pause = strings.Replace(f.Pause, "，", ",", -1)
-	f.Pause = strings.Replace(f.Pause, " ", "", -1)
-	f.Args = strings.Replace(f.Args, "，", ",", -1)
-
-	if f.Title == "" {
-		return fmt.Errorf("arg(title) is required")
-	}
-
-	if str.Dangerous(f.Title) {
-		return fmt.Errorf("arg(title) is dangerous")
-	}
-
-	if f.Script == "" {
-		return fmt.Errorf("arg(script) is required")
-	}
-	f.Script = strings.Replace(f.Script, "\r\n", "\n", -1)
-
-	if str.Dangerous(f.Args) {
-		return fmt.Errorf("arg(args) is dangerous")
-	}
-
-	if str.Dangerous(f.Pause) {
-		return fmt.Errorf("arg(pause) is dangerous")
-	}
-
-	if len(f.Hosts) == 0 {
-		return fmt.Errorf("arg(hosts) empty")
-	}
-
-	if f.Action != "start" && f.Action != "pause" {
-		return fmt.Errorf("arg(action) invalid")
-	}
-
-	return nil
-}
-
-func (f *taskForm) HandleFH(fh string) {
-	i := strings.Index(f.Title, " FH: ")
-	if i > 0 {
-		f.Title = f.Title[:i]
-	}
-	f.Title = f.Title + " FH: " + fh
-}
-
 func (rt *Router) taskRecordAdd(c *gin.Context) {
 	var f *models.TaskRecord
 	ginx.BindJSON(c, &f)
@@ -168,7 +105,12 @@ func (rt *Router) taskRecordAdd(c *gin.Context) {
 }

 func (rt *Router) taskAdd(c *gin.Context) {
-	var f taskForm
+	if !rt.Ibex.Enable {
+		ginx.Bomb(400, i18n.Sprintf(c.GetHeader("X-Language"), "This functionality has not been enabled. Please contact the system administrator to activate it."))
+		return
+	}
+
+	var f models.TaskForm
 	ginx.BindJSON(c, &f)

 	bgid := ginx.UrlParamInt64(c, "id")
@@ -184,7 +126,7 @@ func (rt *Router) taskAdd(c *gin.Context) {
 	rt.checkTargetPerm(c, f.Hosts)

 	// call ibex
-	taskId, err := TaskCreate(f, rt.NotifyConfigCache.GetIbex())
+	taskId, err := sender.TaskAdd(f, user.Username, rt.Ctx.IsCenter)
 	ginx.Dangerous(err)

 	if taskId <= 0 {
@@ -193,65 +135,20 @@ func (rt *Router) taskAdd(c *gin.Context) {

 	// write db
 	record := models.TaskRecord{
-		Id:           taskId,
-		GroupId:      bgid,
-		IbexAddress:  rt.NotifyConfigCache.GetIbex().Address,
-		IbexAuthUser: rt.NotifyConfigCache.GetIbex().BasicAuthUser,
-		IbexAuthPass: rt.NotifyConfigCache.GetIbex().BasicAuthPass,
-		Title:        f.Title,
-		Account:      f.Account,
-		Batch:        f.Batch,
-		Tolerance:    f.Tolerance,
-		Timeout:      f.Timeout,
-		Pause:        f.Pause,
-		Script:       f.Script,
-		Args:         f.Args,
-		CreateAt:     time.Now().Unix(),
-		CreateBy:     f.Creator,
+		Id:        taskId,
+		GroupId:   bgid,
+		Title:     f.Title,
+		Account:   f.Account,
+		Batch:     f.Batch,
+		Tolerance: f.Tolerance,
+		Timeout:   f.Timeout,
+		Pause:     f.Pause,
+		Script:    f.Script,
+		Args:      f.Args,
+		CreateAt:  time.Now().Unix(),
+		CreateBy:  f.Creator,
 	}

 	err = record.Add(rt.Ctx)
 	ginx.NewRender(c).Data(taskId, err)
 }
-
-func (rt *Router) taskProxy(c *gin.Context) {
-	target, err := url.Parse(rt.NotifyConfigCache.GetIbex().Address)
-	if err != nil {
-		ginx.NewRender(c).Message("invalid ibex address: %s", rt.NotifyConfigCache.GetIbex().Address)
-		return
-	}
-
-	director := func(req *http.Request) {
-		req.URL.Scheme = target.Scheme
-		req.URL.Host = target.Host
-
-		// fe request e.g. /api/n9e/busi-group/:id/task/*url
-		index := strings.Index(req.URL.Path, "/task/")
-		if index == -1 {
-			panic("url path invalid")
-		}
-
-		req.URL.Path = "/ibex/v1" + req.URL.Path[index:]
-
-		if target.RawQuery == "" || req.URL.RawQuery == "" {
-			req.URL.RawQuery = target.RawQuery + req.URL.RawQuery
-		} else {
-			req.URL.RawQuery = target.RawQuery + "&" + req.URL.RawQuery
-		}
-
-		if rt.NotifyConfigCache.GetIbex().BasicAuthUser != "" {
-			req.SetBasicAuth(rt.NotifyConfigCache.GetIbex().BasicAuthUser, rt.NotifyConfigCache.GetIbex().BasicAuthPass)
-		}
-	}
-
-	errFunc := func(w http.ResponseWriter, r *http.Request, err error) {
-		ginx.NewRender(c, http.StatusBadGateway).Message(err)
-	}
-
-	proxy := &httputil.ReverseProxy{
-		Director:     director,
-		ErrorHandler: errFunc,
-	}
-
-	proxy.ServeHTTP(c.Writer, c.Request)
-}
--- a/center/router/router_task_tpl.go
+++ b/center/router/router_task_tpl.go
@@ -10,6 +10,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/i18n"
 	"github.com/toolkits/pkg/str"
 )

@@ -45,6 +46,11 @@ func (rt *Router) taskTplGetsByGids(c *gin.Context) {
 			var err error
 			gids, err = models.MyBusiGroupIds(rt.Ctx, me.Id)
 			ginx.Dangerous(err)
+
+			if len(gids) == 0 {
+				ginx.NewRender(c).Data([]int{}, nil)
+				return
+			}
 		}
 	}

@@ -91,6 +97,14 @@ func (rt *Router) taskTplGetByService(c *gin.Context) {
 	ginx.NewRender(c).Data(tpl, err)
 }

+func (rt *Router) taskTplGetsByService(c *gin.Context) {
+	ginx.NewRender(c).Data(models.TaskTplGetAll(rt.Ctx))
+}
+
+func (rt *Router) taskTplStatistics(c *gin.Context) {
+	ginx.NewRender(c).Data(models.TaskTplStatistics(rt.Ctx))
+}
+
 type taskTplForm struct {
 	Title     string   `json:"title" binding:"required"`
 	Batch     int      `json:"batch"`
@@ -105,6 +119,11 @@ type taskTplForm struct {
 }

 func (rt *Router) taskTplAdd(c *gin.Context) {
+	if !rt.Ibex.Enable {
+		ginx.Bomb(400, i18n.Sprintf(c.GetHeader("X-Language"), "This functionality has not been enabled. Please contact the system administrator to activate it."))
+		return
+	}
+
 	var f taskTplForm
 	ginx.BindJSON(c, &f)

@@ -177,6 +196,13 @@ func (rt *Router) taskTplDel(c *gin.Context) {
 		return
 	}

+	ids, err := models.GetAlertRuleIdsByTaskId(rt.Ctx, tid)
+	ginx.Dangerous(err)
+	if len(ids) > 0 {
+		ginx.NewRender(c).Message("can't del this task tpl, used by alert rule ids(%v) ", ids)
+		return
+	}
+
 	ginx.NewRender(c).Message(tpl.Del(rt.Ctx))
 }

--- a/center/router/router_user.go
+++ b/center/router/router_user.go
@@ -5,10 +5,13 @@ import (
 	"strings"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/flashduty"
 	"github.com/ccfos/nightingale/v6/pkg/ormx"
+	"github.com/ccfos/nightingale/v6/pkg/secu"

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/logger"
 )

 func (rt *Router) userBusiGroupsGets(c *gin.Context) {
@@ -39,13 +42,17 @@ func (rt *Router) userFindAll(c *gin.Context) {
 }

 func (rt *Router) userGets(c *gin.Context) {
+	stime, etime := getTimeRange(c)
 	limit := ginx.QueryInt(c, "limit", 20)
 	query := ginx.QueryStr(c, "query", "")
+	order := ginx.QueryStr(c, "order", "username")
+	desc := ginx.QueryBool(c, "desc", false)

-	total, err := models.UserTotal(rt.Ctx, query)
+	go rt.UserCache.UpdateUsersLastActiveTime()
+	total, err := models.UserTotal(rt.Ctx, query, stime, etime)
 	ginx.Dangerous(err)

-	list, err := models.UserGets(rt.Ctx, query, limit, ginx.Offset(c, limit))
+	list, err := models.UserGets(rt.Ctx, query, limit, ginx.Offset(c, limit), stime, etime, order, desc)
 	ginx.Dangerous(err)

 	user := c.MustGet("user").(*models.User)
@@ -72,7 +79,18 @@ func (rt *Router) userAddPost(c *gin.Context) {
 	var f userAddForm
 	ginx.BindJSON(c, &f)

-	password, err := models.CryptoPass(rt.Ctx, f.Password)
+	authPassWord := f.Password
+	if rt.HTTP.RSA.OpenRSA {
+		decPassWord, err := secu.Decrypt(f.Password, rt.HTTP.RSA.RSAPrivateKey, rt.HTTP.RSA.RSAPassWord)
+		if err != nil {
+			logger.Errorf("RSA Decrypt failed: %v username: %s", err, f.Username)
+			ginx.NewRender(c).Message(err)
+			return
+		}
+		authPassWord = decPassWord
+	}
+
+	password, err := models.CryptoPass(rt.Ctx, authPassWord)
 	ginx.Dangerous(err)

 	if len(f.Roles) == 0 {
@@ -94,6 +112,7 @@ func (rt *Router) userAddPost(c *gin.Context) {
 		UpdateBy: username,
 	}

+	ginx.Dangerous(u.Verify())
 	ginx.NewRender(c).Message(u.Add(rt.Ctx))
 }

@@ -143,6 +162,11 @@ func (rt *Router) userProfilePut(c *gin.Context) {
 	}

 	target := User(rt.Ctx, ginx.UrlParamInt64(c, "id"))
+	oldInfo := models.User{
+		Username: target.Username,
+		Phone:    target.Phone,
+		Email:    target.Email,
+	}
 	target.Nickname = f.Nickname
 	target.Phone = f.Phone
 	target.Email = f.Email
@@ -150,6 +174,10 @@ func (rt *Router) userProfilePut(c *gin.Context) {
 	target.Contacts = f.Contacts
 	target.UpdateBy = c.MustGet("username").(string)

+	if flashduty.NeedSyncUser(rt.Ctx) {
+		flashduty.UpdateUser(rt.Ctx, oldInfo, f.Email, f.Phone)
+	}
+
 	ginx.NewRender(c).Message(target.UpdateAllFields(rt.Ctx))
 }

@@ -163,7 +191,18 @@ func (rt *Router) userPasswordPut(c *gin.Context) {

 	target := User(rt.Ctx, ginx.UrlParamInt64(c, "id"))

-	cryptoPass, err := models.CryptoPass(rt.Ctx, f.Password)
+	authPassWord := f.Password
+	if rt.HTTP.RSA.OpenRSA {
+		decPassWord, err := secu.Decrypt(f.Password, rt.HTTP.RSA.RSAPrivateKey, rt.HTTP.RSA.RSAPassWord)
+		if err != nil {
+			logger.Errorf("RSA Decrypt failed: %v username: %s", err, target.Username)
+			ginx.NewRender(c).Message(err)
+			return
+		}
+		authPassWord = decPassWord
+	}
+
+	cryptoPass, err := models.CryptoPass(rt.Ctx, authPassWord)
 	ginx.Dangerous(err)

 	ginx.NewRender(c).Message(target.UpdatePassword(rt.Ctx, cryptoPass, c.MustGet("username").(string)))
--- a/center/router/router_user_group.go
+++ b/center/router/router_user_group.go
@@ -10,6 +10,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
+	"github.com/toolkits/pkg/str"
 )

 func (rt *Router) checkBusiGroupPerm(c *gin.Context) {
@@ -31,8 +32,36 @@ func (rt *Router) userGroupGets(c *gin.Context) {
 }

 func (rt *Router) userGroupGetsByService(c *gin.Context) {
-	lst, err := models.UserGroupGetAll(rt.Ctx)
-	ginx.NewRender(c).Data(lst, err)
+	ids := str.IdsInt64(ginx.QueryStr(c, "ids", ""))
+
+	if len(ids) == 0 {
+		lst, err := models.UserGroupGetAll(rt.Ctx)
+		ginx.Dangerous(err)
+		for i := 0; i < len(lst); i++ {
+			ids, err := models.MemberIds(rt.Ctx, lst[i].Id)
+			ginx.Dangerous(err)
+
+			lst[i].Users, err = models.UserGetsByIds(rt.Ctx, ids)
+			ginx.Dangerous(err)
+		}
+		ginx.NewRender(c).Data(lst, err)
+		return
+	}
+
+	lst := make([]models.UserGroup, 0)
+	for _, id := range ids {
+		ug := UserGroup(rt.Ctx, id)
+
+		ids, err := models.MemberIds(rt.Ctx, ug.Id)
+		ginx.Dangerous(err)
+
+		ug.Users, err = models.UserGetsByIds(rt.Ctx, ids)
+		ginx.Dangerous(err)
+
+		lst = append(lst, *ug)
+	}
+
+	ginx.NewRender(c).Data(lst, nil)
 }

 // user group member get by service
--- a/center/sso/init.go
+++ b/center/sso/init.go
@@ -1,27 +1,32 @@
 package sso

 import (
+	"fmt"
 	"log"
 	"time"

 	"github.com/ccfos/nightingale/v6/center/cconf"
+	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/cas"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/ldapx"
 	"github.com/ccfos/nightingale/v6/pkg/oauth2x"
 	"github.com/ccfos/nightingale/v6/pkg/oidcx"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"

 	"github.com/BurntSushi/toml"
 	"github.com/toolkits/pkg/logger"
 )

 type SsoClient struct {
-	OIDC           *oidcx.SsoClient
-	LDAP           *ldapx.SsoClient
-	CAS            *cas.SsoClient
-	OAuth2         *oauth2x.SsoClient
-	LastUpdateTime int64
+	OIDC                 *oidcx.SsoClient
+	LDAP                 *ldapx.SsoClient
+	CAS                  *cas.SsoClient
+	OAuth2               *oauth2x.SsoClient
+	LastUpdateTime       int64
+	configCache          *memsto.ConfigCache
+	configLastUpdateTime int64
 }

 const LDAP = `
@@ -111,7 +116,7 @@ Phone = 'phone_number'
 Email = 'email'
 `

-func Init(center cconf.Center, ctx *ctx.Context) *SsoClient {
+func Init(center cconf.Center, ctx *ctx.Context, configCache *memsto.ConfigCache) *SsoClient {
 	ssoClient := new(SsoClient)
 	m := make(map[string]string)
 	m["LDAP"] = LDAP
@@ -140,6 +145,11 @@ func Init(center cconf.Center, ctx *ctx.Context) *SsoClient {
 			log.Fatalln(err)
 		}
 	}
+	if configCache == nil {
+		log.Fatalln(fmt.Errorf("configCache is nil, sso initialization failed"))
+	}
+	ssoClient.configCache = configCache
+	userVariableMap := configCache.Get()

 	configs, err := models.SsoConfigGets(ctx)
 	if err != nil {
@@ -147,6 +157,7 @@ func Init(center cconf.Center, ctx *ctx.Context) *SsoClient {
 	}

 	for _, cfg := range configs {
+		cfg.Content = tplx.ReplaceTemplateUseText(cfg.Name, cfg.Content, userVariableMap)
 		switch cfg.Name {
 		case "LDAP":
 			var config ldapx.Config
@@ -185,7 +196,7 @@ func Init(center cconf.Center, ctx *ctx.Context) *SsoClient {
 		}
 	}

-	ssoClient.SyncSsoUsers(ctx)
+	go ssoClient.SyncSsoUsers(ctx)
 	go ssoClient.Reload(ctx)
 	return ssoClient
 }
@@ -197,7 +208,8 @@ func (s *SsoClient) reload(ctx *ctx.Context) error {
 		return err
 	}

-	if lastUpdateTime == s.LastUpdateTime {
+	lastCacheUpdateTime := s.configCache.GetLastUpdateTime()
+	if lastUpdateTime == s.LastUpdateTime && lastCacheUpdateTime == s.configLastUpdateTime {
 		return nil
 	}

@@ -205,8 +217,9 @@ func (s *SsoClient) reload(ctx *ctx.Context) error {
 	if err != nil {
 		return err
 	}
-
+	userVariableMap := s.configCache.Get()
 	for _, cfg := range configs {
+		cfg.Content = tplx.ReplaceTemplateUseText(cfg.Name, cfg.Content, userVariableMap)
 		switch cfg.Name {
 		case "LDAP":
 			var config ldapx.Config
@@ -250,6 +263,7 @@ func (s *SsoClient) reload(ctx *ctx.Context) error {
 	}

 	s.LastUpdateTime = lastUpdateTime
+	s.configLastUpdateTime = lastCacheUpdateTime
 	return nil
 }

--- a/cmd/edge/edge.go
+++ b/cmd/edge/edge.go
@@ -8,6 +8,7 @@ import (
 	"github.com/ccfos/nightingale/v6/alert"
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/alert/process"
+	alertrt "github.com/ccfos/nightingale/v6/alert/router"
 	"github.com/ccfos/nightingale/v6/center/metas"
 	"github.com/ccfos/nightingale/v6/conf"
 	"github.com/ccfos/nightingale/v6/dumper"
@@ -17,12 +18,12 @@ import (
 	"github.com/ccfos/nightingale/v6/pkg/logx"
 	"github.com/ccfos/nightingale/v6/prom"
 	"github.com/ccfos/nightingale/v6/pushgw/idents"
+	pushgwrt "github.com/ccfos/nightingale/v6/pushgw/router"
 	"github.com/ccfos/nightingale/v6/pushgw/writer"
 	"github.com/ccfos/nightingale/v6/storage"
 	"github.com/ccfos/nightingale/v6/tdengine"

-	alertrt "github.com/ccfos/nightingale/v6/alert/router"
-	pushgwrt "github.com/ccfos/nightingale/v6/pushgw/router"
+	"github.com/flashcatcloud/ibex/src/cmd/ibex"
 )

 func Initialize(configDir string, cryptoKey string) (func(), error) {
@@ -42,16 +43,14 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	ctx := ctx.NewContext(context.Background(), nil, false, config.CenterApi)

 	var redis storage.Redis
-	if config.Redis.Address != "" {
-		redis, err = storage.NewRedis(config.Redis)
-		if err != nil {
-			return nil, err
-		}
+	redis, err = storage.NewRedis(config.Redis)
+	if err != nil {
+		return nil, err
 	}

 	syncStats := memsto.NewSyncStats()

-	targetCache := memsto.NewTargetCache(ctx, syncStats, nil)
+	targetCache := memsto.NewTargetCache(ctx, syncStats, redis)
 	busiGroupCache := memsto.NewBusiGroupCache(ctx, syncStats)
 	idents := idents.New(ctx, redis)
 	metas := metas.New(redis)
@@ -69,17 +68,22 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 		notifyConfigCache := memsto.NewNotifyConfigCache(ctx, configCache)
 		userCache := memsto.NewUserCache(ctx, syncStats)
 		userGroupCache := memsto.NewUserGroupCache(ctx, syncStats)
+		taskTplsCache := memsto.NewTaskTplCache(ctx)

 		promClients := prom.NewPromClient(ctx)
 		tdengineClients := tdengine.NewTdengineClient(ctx, config.Alert.Heartbeat)
 		externalProcessors := process.NewExternalProcessors()

 		alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache,
-			alertRuleCache, notifyConfigCache, dsCache, ctx, promClients, tdengineClients, userCache, userGroupCache)
+			alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, tdengineClients, userCache, userGroupCache)

 		alertrtRouter := alertrt.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors)

 		alertrtRouter.Config(r)
+
+		if config.Ibex.Enable {
+			ibex.ServerStart(false, nil, redis, config.HTTP.APIForService.BasicAuth, config.Alert.Heartbeat, &config.CenterApi, r, nil, config.Ibex, config.HTTP.Port)
+		}
 	}

 	dumper.ConfigRouter(r)
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -27,6 +27,7 @@ type ConfigType struct {
 	Pushgw pconf.Pushgw
 	Alert  aconf.Alert
 	Center cconf.Center
+	Ibex   Ibex
 }

 type CenterApi struct {
@@ -40,6 +41,17 @@ type GlobalConfig struct {
 	RunMode string
 }

+type Ibex struct {
+	Enable    bool
+	RPCListen string
+	Output    Output
+}
+
+type Output struct {
+	ComeFrom string
+	AgtdPort int
+}
+
 func InitConfig(configDir, cryptoKey string) (*ConfigType, error) {
 	var config = new(ConfigType)

--- a/cron/clean_notify_record.go
+++ b/cron/clean_notify_record.go
@@ -0,0 +1,41 @@
+package cron
+
+import (
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+
+	"github.com/robfig/cron/v3"
+	"github.com/toolkits/pkg/logger"
+)
+
+func cleanNotifyRecord(ctx *ctx.Context, day int) {
+	lastWeek := time.Now().Unix() - 86400*int64(day)
+	err := models.DB(ctx).Model(&models.NotificaitonRecord{}).Where("created_at < ?", lastWeek).Delete(&models.NotificaitonRecord{}).Error
+	if err != nil {
+		logger.Errorf("Failed to clean notify record: %v", err)
+	}
+
+}
+
+// 每天凌晨1点执行清理任务
+func CleanNotifyRecord(ctx *ctx.Context, day int) {
+	c := cron.New()
+	if day < 1 {
+		day = 7
+	}
+
+	// 使用cron表达式设置每天凌晨1点执行
+	_, err := c.AddFunc("0 1 * * *", func() {
+		cleanNotifyRecord(ctx, day)
+	})
+
+	if err != nil {
+		logger.Errorf("Failed to add clean notify record cron job: %v", err)
+		return
+	}
+
+	// 启动cron任务
+	c.Start()
+}
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,12 +0,0 @@
-FROM python:3-slim
-#FROM ubuntu:21.04
-
-WORKDIR /app
-ADD n9e /app
-ADD http://download.flashcat.cloud/wait /wait
-RUN chmod +x /wait
-RUN chmod +x n9e
-
-EXPOSE 17000
-
-CMD ["/app/n9e", "-h"]
--- a/docker/Dockerfile.goreleaser
+++ b/docker/Dockerfile.goreleaser
@@ -3,7 +3,7 @@ FROM --platform=$TARGETPLATFORM python:3-slim

 WORKDIR /app
 ADD n9e /app/
-ADD etc /app/
+ADD etc /app/etc/
 ADD integrations /app/integrations/
 RUN pip install requests

--- a/docker/Dockerfile.goreleaser.arm64
+++ b/docker/Dockerfile.goreleaser.arm64
@@ -3,7 +3,7 @@ FROM --platform=$TARGETPLATFORM python:3-slim

 WORKDIR /app
 ADD n9e /app/
-ADD etc /app/
+ADD etc /app/etc/
 ADD integrations /app/integrations/

 EXPOSE 17000
--- a/docker/compose-bridge/docker-compose.yaml
+++ b/docker/compose-bridge/docker-compose.yaml
@@ -69,27 +69,6 @@ services:
    command:
      - "--loggerTimezone=Asia/Shanghai"

-  ibex:
-    image: flashcatcloud/ibex:v1.2.0
-    container_name: ibex
-    hostname: ibex
-    restart: always
-    environment:
-      GIN_MODE: release
-      TZ: Asia/Shanghai
-      WAIT_HOSTS: mysql:3306
-    volumes:
-      - ./etc-ibex:/app/etc
-    networks:
-      - nightingale
-    ports:
-      - "10090:10090"
-      - "20090:20090"
-    depends_on:
-      - mysql
-    command: >
-      sh -c "/app/ibex server"
-
  nightingale:
    image: flashcatcloud/nightingale:latest
    container_name: nightingale
@@ -105,6 +84,7 @@ services:
      - nightingale
    ports:
      - "17000:17000"
+      - "20090:20090"
    depends_on:
      - mysql
      - redis
@@ -122,7 +102,7 @@ services:
      HOST_PROC: /hostfs/proc
      HOST_SYS: /hostfs/sys
      HOST_MOUNT_PREFIX: /hostfs
-      WAIT_HOSTS: nightingale:17000, ibex:20090
+      WAIT_HOSTS: nightingale:17000, nightingale:20090
    volumes:
      - ./etc-categraf:/etc/categraf/conf
      - /:/hostfs
--- a/docker/compose-bridge/etc-categraf/config.toml
+++ b/docker/compose-bridge/etc-categraf/config.toml
@@ -78,6 +78,6 @@ enable = true
 ## ibex flush interval
 interval = "1000ms"
 ## n9e ibex server rpc address
-servers = ["ibex:20090"]
+servers = ["nightingale:20090"]
 ## temp script dir
 meta_dir = "./meta"
--- a/docker/compose-bridge/etc-ibex/server.conf
+++ b/docker/compose-bridge/etc-ibex/server.conf
@@ -1,97 +0,0 @@
-# debug, release
-RunMode = "release"
-
-[Log]
-# log write dir
-Dir = "logs-server"
-# log level: DEBUG INFO WARNING ERROR
-Level = "DEBUG"
-# stdout, stderr, file
-Output = "stdout"
-# # rotate by time
-# KeepHours: 4
-# # rotate by size
-# RotateNum = 3
-# # unit: MB
-# RotateSize = 256
-
-[HTTP]
-Enable = true
-# http listening address
-Host = "0.0.0.0"
-# http listening port
-Port = 10090
-# https cert file path
-CertFile = ""
-# https key file path
-KeyFile = ""
-# whether print access log
-PrintAccessLog = true
-# whether enable pprof
-PProf = false
-# http graceful shutdown timeout, unit: s
-ShutdownTimeout = 30
-# max content length: 64M
-MaxContentLength = 67108864
-# http server read timeout, unit: s
-ReadTimeout = 20
-# http server write timeout, unit: s
-WriteTimeout = 40
-# http server idle timeout, unit: s
-IdleTimeout = 120
-
-[BasicAuth]
-# using when call apis
-ibex = "ibex"
-
-[RPC]
-Listen = "0.0.0.0:20090"
-
-[Heartbeat]
-# auto detect if blank
-IP = ""
-# unit: ms
-Interval = 1000
-
-[Output]
-# database | remote
-ComeFrom = "database"
-AgtdPort = 2090
-
-[Gorm]
-# enable debug mode or not
-Debug = false
-# mysql postgres
-DBType = "mysql"
-# unit: s
-MaxLifetime = 7200
-# max open connections
-MaxOpenConns = 150
-# max idle connections
-MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
-
-[MySQL]
-# mysql address host:port
-Address = "mysql:3306"
-# mysql username
-User = "root"
-# mysql password
-Password = "1234"
-# database name
-DBName = "ibex"
-# connection params
-Parameters = "charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords=true"
-
-[Postgres]
-# pg address host:port
-Address = "postgres:5432"
-# pg user
-User = "root"
-# pg password
-Password = "1234"
-# database name
-DBName = "ibex"
-# ssl mode
-SSLMode = "disable"
--- a/docker/compose-bridge/etc-nightingale/config.toml
+++ b/docker/compose-bridge/etc-nightingale/config.toml
@@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
@@ -96,8 +94,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
 # enable auto migrate or not
 # EnableAutoMigrate = false

@@ -181,3 +177,7 @@ MaxIdleConnsPerHost = 100
 # Regex = "([^:]+)(?::\\d+)?"
 # Replacement = "$1:80"
 # TargetLabel = "__address__"
+
+[Ibex]
+Enable = true
+RPCListen = "0.0.0.0:20090"
--- a/docker/compose-host-network-metric-log/docker-compose.yaml
+++ b/docker/compose-host-network-metric-log/docker-compose.yaml
@@ -42,23 +42,6 @@ services:
      - "--enable-feature=remote-write-receiver"
      - "--query.lookback-delta=2m"

-  ibex:
-    image: flashcatcloud/ibex:v0.5.0
-    container_name: ibex
-    hostname: ibex
-    restart: always
-    environment:
-      GIN_MODE: release
-      TZ: Asia/Shanghai
-      WAIT_HOSTS: 127.0.0.1:3306
-    volumes:
-      - ./etc-ibex:/app/etc
-    network_mode: host
-    depends_on:
-      - mysql
-    command: >
-      sh -c "/app/ibex server"
-
  n9e:
    image: flashcatcloud/nightingale:latest
    container_name: n9e
--- a/docker/compose-host-network-metric-log/etc-ibex/server.conf
+++ b/docker/compose-host-network-metric-log/etc-ibex/server.conf
@@ -1,97 +0,0 @@
-# debug, release
-RunMode = "release"
-
-[Log]
-# log write dir
-Dir = "logs-server"
-# log level: DEBUG INFO WARNING ERROR
-Level = "DEBUG"
-# stdout, stderr, file
-Output = "stdout"
-# # rotate by time
-# KeepHours: 4
-# # rotate by size
-# RotateNum = 3
-# # unit: MB
-# RotateSize = 256
-
-[HTTP]
-Enable = true
-# http listening address
-Host = "0.0.0.0"
-# http listening port
-Port = 10090
-# https cert file path
-CertFile = ""
-# https key file path
-KeyFile = ""
-# whether print access log
-PrintAccessLog = true
-# whether enable pprof
-PProf = false
-# http graceful shutdown timeout, unit: s
-ShutdownTimeout = 30
-# max content length: 64M
-MaxContentLength = 67108864
-# http server read timeout, unit: s
-ReadTimeout = 20
-# http server write timeout, unit: s
-WriteTimeout = 40
-# http server idle timeout, unit: s
-IdleTimeout = 120
-
-[BasicAuth]
-# using when call apis
-ibex = "ibex"
-
-[RPC]
-Listen = "0.0.0.0:20090"
-
-[Heartbeat]
-# auto detect if blank
-IP = ""
-# unit: ms
-Interval = 1000
-
-[Output]
-# database | remote
-ComeFrom = "database"
-AgtdPort = 2090
-
-[Gorm]
-# enable debug mode or not
-Debug = false
-# mysql postgres
-DBType = "mysql"
-# unit: s
-MaxLifetime = 7200
-# max open connections
-MaxOpenConns = 150
-# max idle connections
-MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
-
-[MySQL]
-# mysql address host:port
-Address = "127.0.0.1:3306"
-# mysql username
-User = "root"
-# mysql password
-Password = "1234"
-# database name
-DBName = "ibex"
-# connection params
-Parameters = "charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords=true"
-
-[Postgres]
-# pg address host:port
-Address = "127.0.0.1:5432"
-# pg user
-User = "root"
-# pg password
-Password = "1234"
-# database name
-DBName = "ibex"
-# ssl mode
-SSLMode = "disable"
--- a/docker/compose-host-network-metric-log/etc-nightingale/config.toml
+++ b/docker/compose-host-network-metric-log/etc-nightingale/config.toml
@@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
@@ -97,8 +95,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
 # enable auto migrate or not
 # EnableAutoMigrate = false

@@ -182,3 +178,7 @@ MaxIdleConnsPerHost = 100
 # Regex = "([^:]+)(?::\\d+)?"
 # Replacement = "$1:80"
 # TargetLabel = "__address__"
+
+[Ibex]
+Enable = true
+RPCListen = "0.0.0.0:20090"
--- a/docker/compose-host-network/docker-compose.yaml
+++ b/docker/compose-host-network/docker-compose.yaml
@@ -42,23 +42,6 @@ services:
      - "--enable-feature=remote-write-receiver"
      - "--query.lookback-delta=2m"

-  ibex:
-    image: flashcatcloud/ibex:v0.5.0
-    container_name: ibex
-    hostname: ibex
-    restart: always
-    environment:
-      GIN_MODE: release
-      TZ: Asia/Shanghai
-      WAIT_HOSTS: 127.0.0.1:3306
-    volumes:
-      - ./etc-ibex:/app/etc
-    network_mode: host
-    depends_on:
-      - mysql
-    command: >
-      sh -c "/app/ibex server"
-
  n9e:
    image: flashcatcloud/nightingale:latest
    container_name: n9e
--- a/docker/compose-host-network/etc-ibex/server.conf
+++ b/docker/compose-host-network/etc-ibex/server.conf
@@ -1,97 +0,0 @@
-# debug, release
-RunMode = "release"
-
-[Log]
-# log write dir
-Dir = "logs-server"
-# log level: DEBUG INFO WARNING ERROR
-Level = "DEBUG"
-# stdout, stderr, file
-Output = "stdout"
-# # rotate by time
-# KeepHours: 4
-# # rotate by size
-# RotateNum = 3
-# # unit: MB
-# RotateSize = 256
-
-[HTTP]
-Enable = true
-# http listening address
-Host = "0.0.0.0"
-# http listening port
-Port = 10090
-# https cert file path
-CertFile = ""
-# https key file path
-KeyFile = ""
-# whether print access log
-PrintAccessLog = true
-# whether enable pprof
-PProf = false
-# http graceful shutdown timeout, unit: s
-ShutdownTimeout = 30
-# max content length: 64M
-MaxContentLength = 67108864
-# http server read timeout, unit: s
-ReadTimeout = 20
-# http server write timeout, unit: s
-WriteTimeout = 40
-# http server idle timeout, unit: s
-IdleTimeout = 120
-
-[BasicAuth]
-# using when call apis
-ibex = "ibex"
-
-[RPC]
-Listen = "0.0.0.0:20090"
-
-[Heartbeat]
-# auto detect if blank
-IP = ""
-# unit: ms
-Interval = 1000
-
-[Output]
-# database | remote
-ComeFrom = "database"
-AgtdPort = 2090
-
-[Gorm]
-# enable debug mode or not
-Debug = false
-# mysql postgres
-DBType = "mysql"
-# unit: s
-MaxLifetime = 7200
-# max open connections
-MaxOpenConns = 150
-# max idle connections
-MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
-
-[MySQL]
-# mysql address host:port
-Address = "127.0.0.1:3306"
-# mysql username
-User = "root"
-# mysql password
-Password = "1234"
-# database name
-DBName = "ibex"
-# connection params
-Parameters = "charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords=true"
-
-[Postgres]
-# pg address host:port
-Address = "127.0.0.1:5432"
-# pg user
-User = "root"
-# pg password
-Password = "1234"
-# database name
-DBName = "ibex"
-# ssl mode
-SSLMode = "disable"
--- a/docker/compose-host-network/etc-nightingale/config.toml
+++ b/docker/compose-host-network/etc-nightingale/config.toml
@@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
@@ -97,8 +95,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
 # enable auto migrate or not
 # EnableAutoMigrate = false

@@ -182,3 +178,7 @@ MaxIdleConnsPerHost = 100
 # Regex = "([^:]+)(?::\\d+)?"
 # Replacement = "$1:80"
 # TargetLabel = "__address__"
+
+[Ibex]
+Enable = true
+RPCListen = "0.0.0.0:20090"
--- a/docker/compose-postgres/categraf/conf/config.toml
+++ b/docker/compose-postgres/categraf/conf/config.toml
@@ -78,6 +78,6 @@ enable = true
 ## ibex flush interval
 interval = "1000ms"
 ## n9e ibex server rpc address
-servers = ["ibex:20090"]
+servers = ["nightingale:20090"]
 ## temp script dir
 meta_dir = "./meta"
--- a/docker/compose-postgres/docker-compose.yaml
+++ b/docker/compose-postgres/docker-compose.yaml
@@ -51,29 +51,6 @@ services:
    command:
      - "--loggerTimezone=Asia/Shanghai"

-  ibex:
-    image: flashcatcloud/ibex:v1.2.0
-    container_name: ibex
-    hostname: ibex
-    restart: always
-    environment:
-      GIN_MODE: release
-      TZ: Asia/Shanghai
-      WAIT_HOSTS: postgres:5432
-    ports:
-      - "10090:10090"
-      - "20090:20090"
-    volumes:
-      - ./ibexetc_pg:/app/etc
-    networks:
-      - nightingale
-    depends_on:
-      - postgres
-    links:
-      - postgres:postgres
-    command: >
-      sh -c "/app/ibex server"
-
  nightingale:
    image: flashcatcloud/nightingale:latest
    container_name: nightingale
@@ -93,12 +70,10 @@ services:
      - postgres
      - redis
      - victoriametrics
-      - ibex
    links:
      - postgres:postgres
      - redis:redis
      - victoriametrics:victoriametrics
-      - ibex:ibex
    command: >
      sh -c "/app/n9e"

@@ -112,7 +87,7 @@ services:
      HOST_PROC: /hostfs/proc
      HOST_SYS: /hostfs/sys
      HOST_MOUNT_PREFIX: /hostfs
-      WAIT_HOSTS: nightingale:17000, ibex:20090
+      WAIT_HOSTS: nightingale:17000, nightingale:20090
    volumes:
      - ./categraf/conf:/etc/categraf/conf
      - /:/hostfs
@@ -124,7 +99,5 @@ services:
      - nightingale
    depends_on:
      - nightingale
-      - ibex
    links:
-      - nightingale:nightingale
-      - ibex:ibex
+      - nightingale:nightingale
--- a/docker/compose-postgres/ibexetc_pg/server.conf
+++ b/docker/compose-postgres/ibexetc_pg/server.conf
@@ -1,97 +0,0 @@
-# debug, release
-RunMode = "release"
-
-[Log]
-# log write dir
-Dir = "logs-server"
-# log level: DEBUG INFO WARNING ERROR
-Level = "DEBUG"
-# stdout, stderr, file
-Output = "stdout"
-# # rotate by time
-# KeepHours: 4
-# # rotate by size
-# RotateNum = 3
-# # unit: MB
-# RotateSize = 256
-
-[HTTP]
-Enable = true
-# http listening address
-Host = "0.0.0.0"
-# http listening port
-Port = 10090
-# https cert file path
-CertFile = ""
-# https key file path
-KeyFile = ""
-# whether print access log
-PrintAccessLog = true
-# whether enable pprof
-PProf = false
-# http graceful shutdown timeout, unit: s
-ShutdownTimeout = 30
-# max content length: 64M
-MaxContentLength = 67108864
-# http server read timeout, unit: s
-ReadTimeout = 20
-# http server write timeout, unit: s
-WriteTimeout = 40
-# http server idle timeout, unit: s
-IdleTimeout = 120
-
-[BasicAuth]
-# using when call apis
-ibex = "ibex"
-
-[RPC]
-Listen = "0.0.0.0:20090"
-
-[Heartbeat]
-# auto detect if blank
-IP = ""
-# unit: ms
-Interval = 1000
-
-[Output]
-# database | remote
-ComeFrom = "database"
-AgtdPort = 2090
-
-[Gorm]
-# enable debug mode or not
-Debug = false
-# mysql postgres
-DBType = "postgres"
-# unit: s
-MaxLifetime = 7200
-# max open connections
-MaxOpenConns = 150
-# max idle connections
-MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
-
-[MySQL]
-# mysql address host:port
-Address = "mysql:3306"
-# mysql username
-User = "root"
-# mysql password
-Password = "1234"
-# database name
-DBName = "ibex"
-# connection params
-Parameters = "charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords=true"
-
-[Postgres]
-# pg address host:port
-Address = "postgres:5432"
-# pg user
-User = "root"
-# pg password
-Password = "1234"
-# database name
-DBName = "n9e_v6"
-# ssl mode
-SSLMode = "disable"
--- a/docker/compose-postgres/initsql_for_postgres/a-n9e-for-Postgres.sql
+++ b/docker/compose-postgres/initsql_for_postgres/a-n9e-for-Postgres.sql
@@ -1,26 +1,31 @@
 CREATE TABLE users (
    id bigserial,
-    username varchar(64) not null ,
-    nickname varchar(64) not null ,
+    username varchar(64) not null,
+    nickname varchar(64) not null,
    password varchar(128) not null default '',
    phone varchar(16) not null default '',
    email varchar(64) not null default '',
-    portrait varchar(255) not null default '' ,
-    roles varchar(255) not null ,
-    contacts varchar(1024) ,
-    maintainer smallint not null default 0,
+    portrait varchar(255) not null default '',
+    roles varchar(255) not null,
+    contacts varchar(1024),
+    maintainer int not null default 0,
+    belong varchar(16) not null default '',
+    last_active_time bigint not null default 0,
    create_at bigint not null default 0,
    create_by varchar(64) not null default '',
    update_at bigint not null default 0,
    update_by varchar(64) not null default '',
    PRIMARY KEY (id),
    UNIQUE (username)
-) ;
-COMMENT ON COLUMN users.username IS 'login name, cannot rename';
+);
+
+COMMENT ON COLUMN users.id IS 'id';
+COMMENT ON COLUMN users.username IS 'login name, cannot rename';  
 COMMENT ON COLUMN users.nickname IS 'display name, chinese name';
 COMMENT ON COLUMN users.portrait IS 'portrait image url';
 COMMENT ON COLUMN users.roles IS 'Admin | Standard | Guest, split by space';
 COMMENT ON COLUMN users.contacts IS 'json e.g. {wecom:xx, dingtalk_robot_token:yy}';
+COMMENT ON COLUMN users.belong IS 'belong';

 insert into users(id, username, nickname, password, roles, create_at, create_by, update_at, update_by) values(1, 'root', '超管', 'root.2020', 'Admin', date_part('epoch',current_timestamp)::int, 'system', date_part('epoch',current_timestamp)::int, 'system');

@@ -54,9 +59,16 @@ CREATE TABLE configs (
    id bigserial,
    ckey varchar(191) not null,
    cval text not null default '',
+    note varchar(1024) not null default '',
+    external int not null default 0,
+    encrypted int not null default 0,
+    create_at bigint not null default 0,
+    create_by varchar(64) not null default '',
+    update_at bigint not null default 0,
+    update_by varchar(64) not null default '',
    PRIMARY KEY (id),
    UNIQUE (ckey)
-) ;
+);

 CREATE TABLE role (
    id bigserial,
@@ -366,32 +378,37 @@ COMMENT ON COLUMN alert_mute.disabled IS '0:enabled 1:disabled';
 CREATE TABLE alert_subscribe (
    id bigserial,
    name varchar(255) not null default '',
-    disabled smallint not null default 0 ,
-    group_id bigint not null default 0 ,
+    disabled int not null default 0,
+    group_id bigint not null default 0,
    prod varchar(255) not null default '',
    cate varchar(128) not null,
-    datasource_ids varchar(255) not null default '' ,
+    datasource_ids varchar(255) not null default '',
    cluster varchar(128) not null,
    rule_id bigint not null default 0,
    severities varchar(32) not null default '',
    tags varchar(4096) not null default '[]',
    redefine_severity smallint default 0 ,
-    new_severity smallint not null ,
+    new_severity smallint not null,
    redefine_channels smallint default 0 ,
-    new_channels varchar(255) not null default '' ,
-    user_group_ids varchar(250) not null ,
+    new_channels varchar(255) not null default '',
+    user_group_ids varchar(250) not null,
+    busi_groups VARCHAR(4096) NOT NULL DEFAULT '[]',
+    note VARCHAR(1024) DEFAULT '',
+    rule_ids VARCHAR(1024) DEFAULT '',
    webhooks text not null,
    extra_config text not null,
-    redefine_webhooks smallint default 0,
+    redefine_webhooks int default 0,
    for_duration bigint not null default 0,
    create_at bigint not null default 0,
    create_by varchar(64) not null default '',
    update_at bigint not null default 0,
    update_by varchar(64) not null default '',
    PRIMARY KEY (id)
-) ;
-CREATE INDEX alert_subscribe_group_id_idx ON alert_subscribe (group_id);
-CREATE INDEX alert_subscribe_update_at_idx ON alert_subscribe (update_at);
+);
+
+CREATE INDEX ON alert_subscribe (update_at);
+CREATE INDEX ON alert_subscribe (group_id);
+
 COMMENT ON COLUMN alert_subscribe.disabled IS '0:enabled 1:disabled';
 COMMENT ON COLUMN alert_subscribe.group_id IS 'busi group id';
 COMMENT ON COLUMN alert_subscribe.datasource_ids IS 'datasource ids';
@@ -401,25 +418,34 @@ COMMENT ON COLUMN alert_subscribe.new_severity IS '0:Emergency 1:Warning 2:Notic
 COMMENT ON COLUMN alert_subscribe.redefine_channels IS 'is redefine channels?';
 COMMENT ON COLUMN alert_subscribe.new_channels IS 'split by space: sms voice email dingtalk wecom';
 COMMENT ON COLUMN alert_subscribe.user_group_ids IS 'split by space 1 34 5, notify cc to user_group_ids';
+COMMENT ON COLUMN alert_subscribe.note IS 'note';
+COMMENT ON COLUMN alert_subscribe.rule_ids IS 'rule_ids';
 COMMENT ON COLUMN alert_subscribe.extra_config IS 'extra_config';


 CREATE TABLE target (
    id bigserial,
-    group_id bigint not null default 0 ,
-    ident varchar(191) not null ,
-    note varchar(255) not null default '' ,
-    tags varchar(512) not null default '' ,
+    group_id bigint not null default 0,
+    ident varchar(191) not null,
+    note varchar(255) not null default '',
+    tags varchar(512) not null default '',
+    host_ip varchar(15) default '',
+    agent_version varchar(255) default '',
+    engine_name varchar(255) default '',
    update_at bigint not null default 0,
    PRIMARY KEY (id),
    UNIQUE (ident)
-) ;
-CREATE INDEX target_group_id_idx ON target (group_id);
+);
+
+CREATE INDEX ON target (group_id);
+
 COMMENT ON COLUMN target.group_id IS 'busi group id';
 COMMENT ON COLUMN target.ident IS 'target id';
 COMMENT ON COLUMN target.note IS 'append to alert event as field';
 COMMENT ON COLUMN target.tags IS 'append to series data as tags, split by space, append external space at suffix';
-
+COMMENT ON COLUMN target.host_ip IS 'IPv4 string';
+COMMENT ON COLUMN target.agent_version IS 'agent version';
+COMMENT ON COLUMN target.engine_name IS 'engine_name';
 -- case1: target_idents; case2: target_tags
 -- CREATE TABLE collect_rule (
 --     id bigserial,
@@ -535,7 +561,7 @@ CREATE TABLE alert_cur_event (
    target_note varchar(191) not null default '' ,
    first_trigger_time bigint,
    trigger_time bigint not null,
-    trigger_value varchar(255) not null,
+    trigger_value varchar(2048) not null,
    annotations text not null ,
    rule_config text not null ,
    tags varchar(1024) not null default '' ,
@@ -595,7 +621,7 @@ CREATE TABLE alert_his_event (
    target_note varchar(191) not null default '' ,
    first_trigger_time bigint,
    trigger_time bigint not null,
-    trigger_value varchar(255) not null,
+    trigger_value varchar(2048) not null,
    recover_time bigint not null default 0,
    last_eval_time bigint not null default 0 ,
    tags varchar(1024) not null default '' ,
@@ -606,6 +632,7 @@ CREATE TABLE alert_his_event (
 CREATE INDEX alert_his_event_hash_idx ON alert_his_event (hash);
 CREATE INDEX alert_his_event_rule_id_idx ON alert_his_event (rule_id);
 CREATE INDEX alert_his_event_tg_idx ON alert_his_event (trigger_time, group_id);
+CREATE INDEX alert_his_event_nrn_idx ON alert_his_event (last_eval_time);
 COMMENT ON COLUMN alert_his_event.group_id IS 'busi group id of rule';
 COMMENT ON COLUMN alert_his_event.datasource_id IS 'datasource id';
 COMMENT ON COLUMN alert_his_event.group_name IS 'busi group name';
@@ -717,6 +744,7 @@ CREATE TABLE datasource
    status varchar(255) not null default '',
    http varchar(4096) not null default '',
    auth varchar(8192) not null default '',
+    is_default boolean not null default false,
    created_at bigint not null default 0,
    created_by varchar(64) not null default '',
    updated_at bigint not null default 0,
@@ -737,17 +765,22 @@ CREATE TABLE notify_tpl (
    channel varchar(32) not null,
    name varchar(255) not null,
    content text not null,
+    create_at bigint not null default 0,
+    create_by varchar(64) not null default '',
+    update_at bigint not null default 0,
+    update_by varchar(64) not null default '',
    PRIMARY KEY (id),
    UNIQUE (channel)
-) ;
+);

 CREATE TABLE sso_config (
    id bigserial,
    name varchar(191) not null,
    content text not null,
+    update_at bigint not null default 0,
    PRIMARY KEY (id),
    UNIQUE (name)
-) ;
+);


 CREATE TABLE es_index_pattern (
@@ -765,3 +798,91 @@ CREATE TABLE es_index_pattern (
    UNIQUE (datasource_id, name)
 ) ;
 COMMENT ON COLUMN es_index_pattern.datasource_id IS 'datasource id';
+
+CREATE TABLE builtin_metrics (
+  id bigserial,
+  collector varchar(191) NOT NULL,
+  typ varchar(191) NOT NULL,
+  name varchar(191) NOT NULL,
+  unit varchar(191) NOT NULL,
+  lang varchar(191) NOT NULL DEFAULT '',
+  note varchar(4096) NOT NULL,
+  expression varchar(4096) NOT NULL,
+  created_at bigint NOT NULL DEFAULT 0,
+  created_by varchar(191) NOT NULL DEFAULT '',
+  updated_at bigint NOT NULL DEFAULT 0,
+  updated_by varchar(191) NOT NULL DEFAULT '',
+  PRIMARY KEY (id),
+  UNIQUE (lang, collector, typ, name)
+);
+
+CREATE INDEX idx_collector ON builtin_metrics (collector);
+CREATE INDEX idx_typ ON builtin_metrics (typ);
+CREATE INDEX idx_name ON builtin_metrics (name);
+CREATE INDEX idx_lang ON builtin_metrics (lang);
+
+COMMENT ON COLUMN builtin_metrics.id IS 'unique identifier';
+COMMENT ON COLUMN builtin_metrics.collector IS 'type of collector';
+COMMENT ON COLUMN builtin_metrics.typ IS 'type of metric';
+COMMENT ON COLUMN builtin_metrics.name IS 'name of metric';
+COMMENT ON COLUMN builtin_metrics.unit IS 'unit of metric';
+COMMENT ON COLUMN builtin_metrics.lang IS 'language of metric';
+COMMENT ON COLUMN builtin_metrics.note IS 'description of metric in Chinese';
+COMMENT ON COLUMN builtin_metrics.expression IS 'expression of metric';
+COMMENT ON COLUMN builtin_metrics.created_at IS 'create time';
+COMMENT ON COLUMN builtin_metrics.created_by IS 'creator';
+COMMENT ON COLUMN builtin_metrics.updated_at IS 'update time';
+COMMENT ON COLUMN builtin_metrics.updated_by IS 'updater';
+
+CREATE TABLE metric_filter (
+  id BIGSERIAL PRIMARY KEY,
+  name VARCHAR(191) NOT NULL,
+  configs VARCHAR(4096) NOT NULL,
+  groups_perm TEXT,
+  create_at BIGINT NOT NULL DEFAULT 0,
+  create_by VARCHAR(191) NOT NULL DEFAULT '',
+  update_at BIGINT NOT NULL DEFAULT 0,
+  update_by VARCHAR(191) NOT NULL DEFAULT ''
+);
+
+CREATE INDEX idx_metric_filter_name ON metric_filter (name);
+
+CREATE TABLE board_busigroup (
+  busi_group_id BIGINT NOT NULL DEFAULT 0,
+  board_id BIGINT NOT NULL DEFAULT 0,
+  PRIMARY KEY (busi_group_id, board_id)
+);
+
+
+CREATE TABLE builtin_components (
+  id BIGSERIAL PRIMARY KEY,
+  ident VARCHAR(191) NOT NULL,
+  logo VARCHAR(191) NOT NULL,
+  readme TEXT NOT NULL,
+  created_at BIGINT NOT NULL DEFAULT 0,
+  created_by VARCHAR(191) NOT NULL DEFAULT '',
+  updated_at BIGINT NOT NULL DEFAULT 0,
+  updated_by VARCHAR(191) NOT NULL DEFAULT ''
+);
+
+CREATE INDEX idx_ident ON builtin_components (ident);
+
+CREATE TABLE builtin_payloads (
+  id BIGSERIAL PRIMARY KEY,
+  type VARCHAR(191) NOT NULL,
+  uuid BIGINT NOT NULL DEFAULT 0,
+  component VARCHAR(191) NOT NULL,
+  cate VARCHAR(191) NOT NULL,
+  name VARCHAR(191) NOT NULL,
+  tags VARCHAR(191) NOT NULL DEFAULT '',
+  content TEXT NOT NULL,
+  created_at BIGINT NOT NULL DEFAULT 0,
+  created_by VARCHAR(191) NOT NULL DEFAULT '',
+  updated_at BIGINT NOT NULL DEFAULT 0,
+  updated_by VARCHAR(191) NOT NULL DEFAULT ''
+);
+
+CREATE INDEX idx_component ON builtin_payloads (component);
+CREATE INDEX idx_builtin_payloads_name ON builtin_payloads (name);
+CREATE INDEX idx_cate ON builtin_payloads (cate);
+CREATE INDEX idx_type ON builtin_payloads (type);
--- a/docker/compose-postgres/n9eetc_pg/config.toml
+++ b/docker/compose-postgres/n9eetc_pg/config.toml
@@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
@@ -92,8 +90,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
 # enable auto migrate or not
 # EnableAutoMigrate = false

@@ -177,3 +173,7 @@ MaxIdleConnsPerHost = 100
 # Regex = "([^:]+)(?::\\d+)?"
 # Replacement = "$1:80"
 # TargetLabel = "__address__"
+
+[Ibex]
+Enable = true
+RPCListen = "0.0.0.0:20090"
--- a/docker/compose-postgres/n9eetc_pg/template/dingtalk.tpl
+++ b/docker/compose-postgres/n9eetc_pg/template/dingtalk.tpl
@@ -1,11 +1,25 @@
-#### {{if .IsRecovered}}<font color="#008800">S{{.Severity}} - Recovered - {{.RuleName}}</font>{{else}}<font color="#FF0000">S{{.Severity}} - Triggered - {{.RuleName}}</font>{{end}}
+#### {{if .IsRecovered}}<font color="#008800">💚{{.RuleName}}</font>{{else}}<font color="#FF0000">💔{{.RuleName}}</font>{{end}}

 ---
-
- **规则标题**: {{.RuleName}}{{if .RuleNote}}
- **规则备注**: {{.RuleNote}}{{end}}
- **监控指标**: {{.TagsJSON}}
- {{if .IsRecovered}}**恢复时间**：{{timeformat .LastEvalTime}}{{else}}**触发时间**: {{timeformat .TriggerTime}}
- **触发时值**: {{.TriggerValue}}{{end}}
- **发送时间**: {{timestamp}}
-
+{{$time_duration := sub now.Unix .FirstTriggerTime }}{{if .IsRecovered}}{{$time_duration = sub .LastEvalTime .FirstTriggerTime }}{{end}}
+- **告警级别**: {{.Severity}}级
+{{- if .RuleNote}}
+- **规则备注**: {{.RuleNote}}
+{{- end}}
+{{- if not .IsRecovered}}
+- **当次触发时值**: {{.TriggerValue}}
+- **当次触发时间**: {{timeformat .TriggerTime}}
+- **告警持续时长**: {{humanizeDurationInterface $time_duration}}
+{{- else}}
+{{- if .AnnotationsJSON.recovery_value}}
+- **恢复时值**: {{formatDecimal .AnnotationsJSON.recovery_value 4}}
+{{- end}}
+- **恢复时间**: {{timeformat .LastEvalTime}}
+- **告警持续时长**: {{humanizeDurationInterface $time_duration}}
+{{- end}}
+- **告警事件标签**:
+{{- range $key, $val := .TagsMap}}
+{{- if ne $key "rulename" }}
+  - `{{$key}}`: `{{$val}}`
+{{- end}}
+{{- end}}
--- a/docker/initsql/a-n9e.sql
+++ b/docker/initsql/a-n9e.sql
--- a/docker/initsql/b-ibex.sql
+++ b/docker/initsql/b-ibex.sql
--- a/docker/migratesql/migrate.sql
+++ b/docker/migratesql/migrate.sql
@@ -1,40 +1,109 @@
-use n9e_v6;
+/* v7.0.0-beta.3 */
+CREATE TABLE `builtin_metrics` (
+    `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'unique identifier',
+    `collector` varchar(191) NOT NULL COMMENT 'type of collector',
+    `typ` varchar(191) NOT NULL COMMENT 'type of metric',
+    `name` varchar(191) NOT NULL COMMENT 'name of metric',
+    `unit` varchar(191) NOT NULL COMMENT 'unit of metric',
+    `lang` varchar(191) NOT NULL DEFAULT '' COMMENT 'language of metric',
+    `note` varchar(4096) NOT NULL COMMENT 'description of metric in Chinese',
+    `expression` varchar(4096) NOT NULL COMMENT 'expression of metric',
+    `created_at` bigint NOT NULL DEFAULT 0 COMMENT 'create time',
+    `created_by` varchar(191) NOT NULL DEFAULT '' COMMENT 'creator',
+    `updated_at` bigint NOT NULL DEFAULT 0 COMMENT 'update time',
+    `updated_by` varchar(191) NOT NULL DEFAULT '' COMMENT 'updater',
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `idx_collector_typ_name` (`lang`,`collector`, `typ`, `name`),
+    INDEX `idx_collector` (`collector`),
+    INDEX `idx_typ` (`typ`),
+    INDEX `idx_name` (`name`),
+    INDEX `idx_lang` (`lang`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

-- Alter table for AlertSubscribe
-ALTER TABLE alert_subscribe ADD COLUMN busi_groups VARCHAR(4096) NOT NULL DEFAULT '[]';
-ALTER TABLE alert_subscribe ADD COLUMN note VARCHAR(1024) DEFAULT '' COMMENT 'note';
-ALTER TABLE alert_subscribe ADD COLUMN rule_ids VARCHAR(1024) DEFAULT '' COMMENT 'rule_ids';
+CREATE TABLE `metric_filter` (
+  `id` bigint NOT NULL AUTO_INCREMENT COMMENT 'unique identifier',
+  `name` varchar(191) NOT NULL COMMENT 'name of metric filter',
+  `configs` varchar(4096) NOT NULL COMMENT 'configuration of metric filter',
+  `groups_perm` text,
+  `create_at` bigint NOT NULL DEFAULT '0' COMMENT 'create time',
+  `create_by` varchar(191) NOT NULL DEFAULT '' COMMENT 'creator',
+  `update_at` bigint NOT NULL DEFAULT '0' COMMENT 'update time',
+  `update_by` varchar(191) NOT NULL DEFAULT '' COMMENT 'updater',
+  PRIMARY KEY (`id`),
+  KEY `idx_name` (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

-- Alter table for TaskRecord
-ALTER TABLE task_record ADD COLUMN event_id BIGINT(20) NOT NULL DEFAULT 0 COMMENT 'event id';

-- Alter table for AlertHisEvent
-CREATE INDEX idx_last_eval_time ON alert_his_event (last_eval_time);
+CREATE TABLE `board_busigroup` (
+  `busi_group_id` bigint(20) NOT NULL DEFAULT '0' COMMENT 'busi group id',
+  `board_id` bigint(20) NOT NULL DEFAULT '0' COMMENT 'board id',
+  PRIMARY KEY (`busi_group_id`, `board_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

-- Alter table for Target
-ALTER TABLE target ADD COLUMN host_ip VARCHAR(15) DEFAULT '' COMMENT 'IPv4 string';
-ALTER TABLE target ADD COLUMN agent_version VARCHAR(255) DEFAULT '' COMMENT 'agent version';
-ALTER TABLE target ADD COLUMN engine_name VARCHAR(255) DEFAULT '' COMMENT 'engine_name';
+/* v7.0.0-beta.6 */
+CREATE TABLE `builtin_components` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '''unique identifier''',
+  `ident` varchar(191) NOT NULL COMMENT '''identifier of component''',
+  `logo` varchar(191) NOT NULL COMMENT '''logo of component''',
+  `readme` text NOT NULL COMMENT '''readme of component''',
+  `created_at` bigint(20) NOT NULL DEFAULT 0 COMMENT '''create time''',
+  `created_by` varchar(191) NOT NULL DEFAULT '' COMMENT '''creator''',
+  `updated_at` bigint(20) NOT NULL DEFAULT 0 COMMENT '''update time''',
+  `updated_by` varchar(191) NOT NULL DEFAULT '' COMMENT '''updater''',
+  PRIMARY KEY (`id`),
+  KEY `idx_ident` (`ident`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

-- Alter table for Datasource
-ALTER TABLE datasource ADD COLUMN is_default TINYINT NOT NULL DEFAULT 0 COMMENT 'is default datasource';
+CREATE TABLE `builtin_payloads` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '''unique identifier''',
+  `uuid` bigint(20) NOT NULL COMMENT '''uuid of payload''',
+  `type` varchar(191) NOT NULL COMMENT '''type of payload''',
+  `component` varchar(191) NOT NULL COMMENT '''component of payload''',
+  `cate` varchar(191) NOT NULL COMMENT '''category of payload''',
+  `name` varchar(191) NOT NULL COMMENT '''name of payload''',
+  `tags` varchar(191) NOT NULL DEFAULT '' COMMENT '''tags of payload''',
+  `content` longtext NOT NULL COMMENT '''content of payload''',
+  `created_at` bigint(20) NOT NULL DEFAULT 0 COMMENT '''create time''',
+  `created_by` varchar(191) NOT NULL DEFAULT '' COMMENT '''creator''',
+  `updated_at` bigint(20) NOT NULL DEFAULT 0 COMMENT '''update time''',
+  `updated_by` varchar(191) NOT NULL DEFAULT '' COMMENT '''updater''',
+  PRIMARY KEY (`id`),
+  KEY `idx_component` (`component`),
+  KEY `idx_name` (`name`),
+  KEY `idx_cate` (`cate`),
+  KEY `idx_uuid` (`uuid`),
+  KEY `idx_type` (`type`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

-- Alter table for Configs
-ALTER TABLE configs ADD COLUMN note VARCHAR(1024) DEFAULT '' COMMENT 'note';
-ALTER TABLE configs ADD COLUMN external INT DEFAULT 0 COMMENT '0: built-in 1: external';
-ALTER TABLE configs ADD COLUMN encrypted INT DEFAULT 0 COMMENT '0: plaintext 1: ciphertext';
-ALTER TABLE configs ADD COLUMN create_at INT DEFAULT 0 COMMENT 'create_at';
-ALTER TABLE configs ADD COLUMN create_by VARCHAR(64) DEFAULT '' COMMENT 'create_by';
-ALTER TABLE configs ADD COLUMN update_at INT DEFAULT 0 COMMENT 'update_at';
-ALTER TABLE configs ADD COLUMN update_by VARCHAR(64) DEFAULT '' COMMENT 'update_by';
-ALTER TABLE configs DROP INDEX ckey;
+/* v7.0.0-beta.7 */
+ALTER TABLE users ADD COLUMN last_active_time BIGINT NOT NULL DEFAULT 0;

-ALTER TABLE notify_tpl ADD COLUMN create_at INT DEFAULT 0 COMMENT 'create_at';
-ALTER TABLE notify_tpl ADD COLUMN create_by VARCHAR(64) DEFAULT '' COMMENT 'create_by';
-ALTER TABLE notify_tpl ADD COLUMN update_at INT DEFAULT 0 COMMENT 'update_at';
-ALTER TABLE notify_tpl ADD COLUMN update_by VARCHAR(64) DEFAULT '' COMMENT 'update_by';
+/* v7.0.0-beta.13 */
+ALTER TABLE recording_rule ADD COLUMN cron_pattern VARCHAR(255) DEFAULT '' COMMENT 'cron pattern';

-- Alter table for Users
-ALTER TABLE users ADD COLUMN belong VARCHAR(16) DEFAULT '' COMMENT 'belong';
+/* v7.0.0-beta.14 */
+ALTER TABLE alert_cur_event ADD COLUMN original_tags TEXT COMMENT 'labels key=val,,k2=v2';
+ALTER TABLE alert_his_event ADD COLUMN original_tags TEXT COMMENT 'labels key=val,,k2=v2';

-ALTER TABLE `sso_config` ADD COLUMN `update_at` INT NOT NULL DEFAULT 0 COMMENT 'update_at';
+/* v7.1.0 */
+ALTER TABLE target ADD COLUMN os VARCHAR(31) DEFAULT '' COMMENT 'os type';
+
+/* v7.2.0 */
+CREATE TABLE notification_record (
+    `id` BIGINT PRIMARY KEY AUTO_INCREMENT,
+    `event_id` BIGINT NOT NULL,
+    `sub_id` BIGINT NOT NULL,
+    `channel` VARCHAR(255) NOT NULL,
+    `status` TINYINT NOT NULL DEFAULT 0,
+    `target` VARCHAR(1024) NOT NULL,
+    `details` VARCHAR(2048),
+    `created_at` BIGINT NOT NULL,
+    INDEX idx_evt (event_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
+/* v7.3.0 2024-08-26 */
+ALTER TABLE `target` ADD COLUMN `host_tags` TEXT COMMENT 'global labels set in conf file';
+
+/* v7.4.0 2024-08-28 */
+ALTER TABLE `builtin_payloads` ADD COLUMN `component_id` bigint(20) NOT NULL DEFAULT 0 COMMENT 'component_id';
--- a/docker/sqlite.sql
+++ b/docker/sqlite.sql
--- a/etc/config.toml
+++ b/etc/config.toml
@@ -27,7 +27,7 @@ KeyFile = ""
 # whether print access log
 PrintAccessLog = false
 # whether enable pprof
-PProf = false
+PProf = true
 # expose prometheus /metrics?
 ExposeMetrics = true
 # http graceful shutdown timeout, unit: s
@@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
@@ -77,10 +75,11 @@ OpenRSA = false
 [DB]
 # postgres: host=%s port=%s user=%s dbname=%s password=%s sslmode=%s
 # postgres: DSN="host=127.0.0.1 port=5432 user=root dbname=n9e_v6 password=1234 sslmode=disable"
-DSN="root:1234@tcp(127.0.0.1:3306)/n9e_v6?charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords=true"
+# sqlite: DSN="/path/to/filename.db"
+DSN = "root:1234@tcp(127.0.0.1:3306)/n9e_v6?charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords=true"
 # enable debug mode or not
 Debug = false
-# mysql postgres
+# mysql postgres sqlite
 DBType = "mysql"
 # unit: s
 MaxLifetime = 7200
@@ -88,8 +87,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# table prefix
-TablePrefix = ""
 # enable auto migrate or not
 # EnableAutoMigrate = false

@@ -167,9 +164,13 @@ MaxIdleConnsPerHost = 100
 # TLSCert = "/etc/n9e/cert.pem"
 # TLSKey = "/etc/n9e/key.pem"
 # InsecureSkipVerify = false
-# [[Writers.WriteRelabels]]
+# [[Pushgw.Writers.WriteRelabels]]
 # Action = "replace"
 # SourceLabels = ["__address__"]
 # Regex = "([^:]+)(?::\\d+)?"
 # Replacement = "$1:80"
 # TargetLabel = "__address__"
+
+[Ibex]
+Enable = false
+RPCListen = "0.0.0.0:20090"
--- a/etc/edge/edge.toml
+++ b/etc/edge/edge.toml
@@ -116,6 +116,12 @@ MaxIdleConnsPerHost = 100
 # Replacement = "$1:80"
 # TargetLabel = "__address__"

+[Ibex]
+Enable = false
+RPCListen = "0.0.0.0:20090"
+
+# n9e-edge cannot directly reuse the redis that n9e relies on at the center.
+# It needs to deploy a separate redis in the edge region for n9e-edge to use.
 [Redis]
 # address, ip:port or ip1:port,ip2:port for cluster and sentinel(SentinelAddrs)
 Address = "127.0.0.1:6379"
@@ -129,4 +135,4 @@ RedisType = "standalone"
 # Mastername for sentinel type
 # MasterName = "mymaster"
 # SentinelUsername = ""
-# SentinelPassword = ""
+# SentinelPassword = ""
--- a/front/statik/statik.go
+++ b/front/statik/statik.go
--- a/go.mod
+++ b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/expr-lang/expr v1.16.1
+	github.com/flashcatcloud/ibex v1.3.5
 	github.com/gin-contrib/pprof v1.4.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-ldap/ldap/v3 v3.4.4
@@ -17,6 +18,7 @@ require (
 	github.com/golang/snappy v0.0.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-version v1.6.0
+	github.com/jinzhu/copier v0.4.0
 	github.com/json-iterator/go v1.1.12
 	github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7
 	github.com/mailru/easyjson v0.7.7
@@ -32,12 +34,14 @@ require (
 	github.com/spaolacci/murmur3 v1.1.0
 	github.com/tidwall/gjson v1.14.0
 	github.com/toolkits/pkg v1.3.6
+	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
 	golang.org/x/oauth2 v0.10.0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/yaml.v2 v2.4.0
 	gorm.io/driver/mysql v1.4.4
 	gorm.io/driver/postgres v1.4.5
-	gorm.io/gorm v1.24.2
+	gorm.io/driver/sqlite v1.5.5
+	gorm.io/gorm v1.25.7-0.20240204074919-46816ad31dde
 )

 require (
@@ -46,12 +50,15 @@ require (
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/dennwc/varint v1.0.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
+	github.com/go-kit/log v0.2.1 // indirect
+	github.com/go-logfmt/logfmt v0.6.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
@@ -72,23 +79,26 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/mattn/go-sqlite3 v1.14.17 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/procfs v0.11.0 // indirect
+	github.com/robfig/cron/v3 v3.0.1
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/automaxprocs v1.5.2 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/image v0.13.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/image v0.18.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,16 @@
+github.com/Azure/azure-sdk-for-go v65.0.0+incompatible h1:HzKLt3kIwMm4KeJYTdx9EbjRYTySD/t8i1Ee/W5EGXw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 h1:8q4SaHjFsClSvuVne0ID/5Ka8u3fcIHyqkLjcFpNRHQ=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
+github.com/aws/aws-sdk-go v1.44.302 h1:ST3ko6GrJKn3Xi+nAvxjG3uk/V1pW8KC52WLeIxqqNk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bsm/ginkgo/v2 v2.5.0 h1:aOAnND1T40wEdAtkGSkvSICWeQ8L3UASX7YVCqQx+eQ=
@@ -28,6 +35,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dennwc/varint v1.0.0 h1:kGNFFSSw8ToIy3obO/kKr8U9GZYUAxQEVuix4zfDWzE=
+github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
@@ -38,6 +47,8 @@ github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/flashcatcloud/ibex v1.3.5 h1:8GOOf5+aJT0TP/MC6izz7CO5JKJSdKVFBwL0vQp93Nc=
+github.com/flashcatcloud/ibex v1.3.5/go.mod h1:T8hbMUySK2q6cXUaYp0AUVeKkU9Od2LjzwmB5lmTRBM=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/garyburd/redigo v1.6.2/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
@@ -51,9 +62,13 @@ github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SU
 github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
 github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
+github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs=
 github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
+github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -78,6 +93,7 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -144,17 +160,22 @@ github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0f
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
 github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
@@ -171,6 +192,7 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
@@ -189,6 +211,8 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
+github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -198,9 +222,12 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mojocn/base64Captcha v1.3.6 h1:gZEKu1nsKpttuIAQgWHO+4Mhhls8cAKyiV2Ew03H+Tw=
 github.com/mojocn/base64Captcha v1.3.6/go.mod h1:i5CtHvm+oMbj1UzEPXaA8IH/xHFZ3DGY3Wh3dBpZ28E=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
+github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
 github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -216,6 +243,7 @@ github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUo
 github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
 github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4=
 github.com/prometheus/procfs v0.11.0 h1:5EAgkfkMl659uZPbe9AS2N68a7Cc1TJbPEuGzFuRbyk=
 github.com/prometheus/procfs v0.11.0/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
 github.com/prometheus/prometheus v0.47.1 h1:bd2LiZyxzHn9Oo2Ei4eK2D86vz/L/OiqR1qYo0XmMBo=
@@ -224,6 +252,8 @@ github.com/rakyll/statik v0.1.7 h1:OF3QCZUuyPxuGEP7B4ypUa7sB/iHtqOTDYZXGM8KOdQ=
 github.com/rakyll/statik v0.1.7/go.mod h1:AlZONWzMtEnMs7W4e/1LURLiI49pIMmp6V9Unghqrcc=
 github.com/redis/go-redis/v9 v9.0.2 h1:BA426Zqe/7r56kCcvxYLWe1mkaz71LKF77GwgFzSxfE=
 github.com/redis/go-redis/v9 v9.0.2/go.mod h1:/xDTe9EF1LM61hek62Poq2nzQSGj0xSrEtEHbBQevps=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62/go.mod h1:65XQgovT59RWatovFwnwocoUxiI/eENTnOY5GK3STuY=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
@@ -280,9 +310,12 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
 go.uber.org/automaxprocs v1.5.2 h1:2LxUOGiR3O6tw8ui5sZa2LAaHnsviZdVOUZw4fvbnME=
 go.uber.org/automaxprocs v1.5.2/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
@@ -307,10 +340,13 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/image v0.13.0 h1:3cge/F/QTkNLauhf2QoE9zp+7sr+ZcL4HnoZmdwg9sg=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/image v0.13.0/go.mod h1:6mmbMOeV28HuMTgA6OSRkdXKYw/t5W9Uwn2Yv1r3Yxk=
+golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
+golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@@ -331,8 +367,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
 golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -341,6 +377,7 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -363,8 +400,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -382,8 +419,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -434,9 +471,11 @@ gorm.io/driver/mysql v1.4.4 h1:MX0K9Qvy0Na4o7qSC/YI7XxqUw5KDw01umqgID+svdQ=
 gorm.io/driver/mysql v1.4.4/go.mod h1:BCg8cKI+R0j/rZRQxeKis/forqRwRSYOR8OM3Wo6hOM=
 gorm.io/driver/postgres v1.4.5 h1:mTeXTTtHAgnS9PgmhN2YeUbazYpLhUI1doLnw42XUZc=
 gorm.io/driver/postgres v1.4.5/go.mod h1:GKNQYSJ14qvWkvPwXljMGehpKrhlDNsqYRr5HnYGncg=
+gorm.io/driver/sqlite v1.5.5 h1:7MDMtUZhV065SilG62E0MquljeArQZNfJnjd9i9gx3E=
+gorm.io/driver/sqlite v1.5.5/go.mod h1:6NgQ7sQWAIFsPrJJl1lSNSu2TABh0ZZ/zm5fosATavE=
 gorm.io/gorm v1.23.8/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
 gorm.io/gorm v1.24.1-0.20221019064659-5dd2bb482755/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
-gorm.io/gorm v1.24.2 h1:9wR6CFD+G8nOusLdvkZelOEhpJVwwHzpQOUM+REd6U0=
-gorm.io/gorm v1.24.2/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/gorm v1.25.7-0.20240204074919-46816ad31dde h1:9DShaph9qhkIYw7QF91I/ynrr4cOO2PZra2PFD7Mfeg=
+gorm.io/gorm v1.25.7-0.20240204074919-46816ad31dde/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
--- a/integrations/AMD_ROCm_SMI/collect/amd_rocm_smi/rocm.toml
+++ b/integrations/AMD_ROCm_SMI/collect/amd_rocm_smi/rocm.toml
--- a/integrations/AliYun/collect/aliyun/cloud.toml
+++ b/integrations/AliYun/collect/aliyun/cloud.toml
--- a/integrations/AliYun/dashboards/arms-api.json
+++ b/integrations/AliYun/dashboards/arms-api.json
--- a/integrations/AliYun/dashboards/arms-application.json
+++ b/integrations/AliYun/dashboards/arms-application.json
--- a/Show More
+++ b/Show More