refactor: http support tracing (#3083 )

feat: alert time tz support (#3081 )
optimize event detail api
2026-03-02 22:19:10 +00:00 · 2026-02-12 17:00:45 +08:00 · 2026-02-11 19:15:09 +08:00 · 2026-02-11 11:45:54 +08:00 · 2026-02-10 22:40:23 +08:00 · 2026-02-10 20:13:29 +08:00
428 changed files with 47242 additions and 13665 deletions
--- a/.github/workflows/issue-translator.yml
+++ b/.github/workflows/issue-translator.yml
@@ -0,0 +1,22 @@
+name: 'Issue Translator'
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  translate:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: read
+    steps:
+      - name: Translate Issues
+        uses: usthe/issues-translate-action@v2.7
+        with:
+          # 是否翻译 issue 标题
+          IS_MODIFY_TITLE: true
+          # GitHub Token
+          BOT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # 自定义翻译标注（可选）
+          # CUSTOM_BOT_NOTE: "Translation by bot"
--- a/.gitignore
+++ b/.gitignore
@@ -58,6 +58,10 @@ _test
 .idea
 .index
 .vscode
+.issue
+.issue/*
+.cursor
+.claude
 .DS_Store
 .cache-loader
 .payload
--- a/.typos.toml
+++ b/.typos.toml
@@ -0,0 +1,41 @@
+# Configuration for typos tool
+[files]
+extend-exclude = [
+    # Ignore auto-generated easyjson files
+    "*_easyjson.go",
+    # Ignore binary files
+    "*.gz",
+    "*.tar",
+    "n9e",
+    "n9e-*"
+]
+
+[default.extend-identifiers]
+# Didi is a company name (DiDi), not a typo
+Didi = "Didi"
+# datas is intentionally used as plural of data (slice variable)
+datas = "datas"
+# pendings is intentionally used as plural
+pendings = "pendings"
+pendingsUseByRecover = "pendingsUseByRecover"
+pendingsUseByRecoverMap = "pendingsUseByRecoverMap"
+# typs is intentionally used as shorthand for types (parameter name)
+typs = "typs"
+
+[default.extend-words]
+# Some false positives
+ba = "ba"
+# Specific corrections for ambiguous typos
+contigious = "contiguous"
+onw = "own"
+componet = "component"
+Patten = "Pattern"
+Requets = "Requests"
+Mis = "Miss"
+exporer = "exporter"
+soruce = "source"
+verison = "version"
+Configations = "Configurations"
+emmited = "emitted"
+Utlization = "Utilization"
+serie = "series"
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
    <img src="doc/img/Nightingale_L_V.png" alt="nightingale - cloud native monitoring" width="100" /></a>
 </p>
 <p align="center">
-  <b>开源告警管理专家 一体化的可观测平台</b>
+  <b>Open-Source Alerting Expert</b>
 </p>

 <p align="center">
@@ -25,85 +25,93 @@



-[English](./README_en.md) | [中文](./README.md)
+[English](./README.md) | [中文](./README_zh.md)

-## 夜莺 Nightingale 是什么
+## 🎯 What is Nightingale

-> 夜莺 Nightingale 是什么，解决什么问题？以大家都很熟悉的 Grafana 做个类比，Grafana 擅长对接各种各样的数据源，然后提供灵活、强大、好看的可视化面板。夜莺则擅长对接各种多样的数据源，提供灵活、强大、高效的监控告警管理能力。从发展路径和定位来说，夜莺和 Grafana 很像，可以总结为一句话：可视化就用 Grafana，监控告警就找夜莺。
->
-> 在可视化领域，Grafana 是毫无争议的领导者，Grafana 在影响力、装机量、用户群、开发者数量等各个维度的数字上，相比夜莺都是追赶的榜样。巨无霸往往都是从一个切入点打开局面的，Grafana Labs 有了在可视化领域 Grafana 这个王牌，逐步扩展到整个可观测性方向，比如 Logging 维度有 Loki，Tracing 维度有 Tempo，Profiling 维度有收购来的 Pyroscope，On-call 维度有同样是收购来的 Grafana-OnCall 项目，还有时序数据库 Mimir、eBPF 采集器 Beyla、OpenTelemetry 采集器 Alloy、前端监控 SDK Faro，最终构成了一个完整的可观测性工具矩阵，但整个飞轮都是从 Grafana 项目开始转动起来的。
->
->夜莺，则是从监控告警这个切入点打开局面，也逐步横向做了相应扩展，比如夜莺也自研了可视化面板，如果你想有一个 all-in-one 的监控告警+可视化的工具，那么用夜莺也是正确的选择；比如 OnCall 方向，夜莺可以和 [Flashduty SaaS](https://flashcat.cloud/product/flashcat-duty/) 服务无缝的集成；在采集器方向，夜莺有配套的 [Categraf](https://flashcat.cloud/product/categraf)，可以一个采集器中管理所有的 exporter，并同时支持指标和日志的采集，极大减轻工程师维护的采集器数量和工作量（这个点太痛了，你可能也遇到过业务团队吐槽采集器数量比业务应用进程数量还多的窘况吧）。
+Nightingale is an open-source monitoring project that focuses on alerting. Similar to Grafana, Nightingale also connects with various existing data sources. However, while Grafana emphasizes visualization, Nightingale places greater emphasis on the alerting engine, as well as the processing and distribution of alarms.

-夜莺 Nightingale 作为一款开源云原生监控工具，最初由滴滴开发和开源，并于 2022 年 5 月 11 日，捐赠予中国计算机学会开源发展委员会（CCF ODC），为 CCF ODC 成立后接受捐赠的第一个开源项目。在 GitHub 上有超过 10000 颗星，是广受关注和使用的开源监控工具。夜莺的核心研发团队，也是 Open-Falcon 项目原核心研发人员，从 2014 年（Open-Falcon 是 2014 年开源）算起来，也有 10 年了，只为把监控做到极致。
+> 💡 Nightingale has now officially launched the [MCP-Server](https://github.com/n9e/n9e-mcp-server/). This MCP Server enables AI assistants to interact with the Nightingale API using natural language, facilitating alert management, monitoring, and observability tasks.
+> 
+> The Nightingale project was initially developed and open-sourced by DiDi.inc. On May 11, 2022, it was donated to the Open Source Development Committee of the China Computer Federation (CCF ODTC).

+![](https://n9e.github.io/img/global/arch-bg.png)

-## 快速开始
- 👉 [文档中心](https://flashcat.cloud/docs/) | [下载中心](https://flashcat.cloud/download/nightingale/)
- ❤️ [报告 Bug](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=&projects=&template=question.yml)
- ℹ️ 为了提供更快速的访问体验，上述文档和下载站点托管于 [FlashcatCloud](https://flashcat.cloud)
- 💡 前后端代码分离，前端代码仓库：[https://github.com/n9e/fe](https://github.com/n9e/fe)
+## 💡 How Nightingale Works

-## 功能特点
+Many users have already collected metrics and log data. In this case, you can connect your storage repositories (such as VictoriaMetrics, ElasticSearch, etc.) as data sources in Nightingale. This allows you to configure alerting rules and notification rules within Nightingale, enabling the generation and distribution of alarms.

- 对接多种时序库，实现统一监控告警管理：支持对接的时序库包括 Prometheus、VictoriaMetrics、Thanos、Mimir、M3DB、TDengine 等。
- 对接日志库，实现针对日志的监控告警：支持对接的日志库包括 ElasticSearch、Loki 等。
- 专业告警能力：内置支持多种告警规则，可以扩展支持常见通知媒介，支持告警屏蔽/抑制/订阅/自愈、告警事件管理。
- 高性能可视化引擎：支持多种图表样式，内置众多 Dashboard 模版，也可导入 Grafana 模版，开箱即用，开源协议商业友好。
- 支持常见采集器：支持 [Categraf](https://flashcat.cloud/product/categraf)、Telegraf、Grafana-agent、Datadog-agent、各种 Exporter 作为采集器，没有什么数据是不能监控的。
- 👀无缝搭配 [Flashduty](https://flashcat.cloud/product/flashcat-duty/)：实现告警聚合收敛、认领、升级、排班、IM集成，确保告警处理不遗漏，减少打扰，高效协同。
+![Nightingale Product Architecture](doc/img/readme/20240221152601.png)

+Nightingale itself does not provide monitoring data collection capabilities. We recommend using [Categraf](https://github.com/flashcatcloud/categraf) as the collector, which integrates seamlessly with Nightingale.

-## 截图演示
+[Categraf](https://github.com/flashcatcloud/categraf) can collect monitoring data from operating systems, network devices, various middleware, and databases. It pushes this data to Nightingale via the `Prometheus Remote Write` protocol. Nightingale then stores the monitoring data in a time-series database (such as Prometheus, VictoriaMetrics, etc.) and provides alerting and visualization capabilities.

+For certain edge data centers with poor network connectivity to the central Nightingale server, we offer a distributed deployment mode for the alerting engine. In this mode, even if the network is disconnected, the alerting functionality remains unaffected.

-你可以在页面的右上角，切换语言和主题，目前我们支持英语、简体中文、繁体中文。
+![Edge Deployment Mode](doc/img/readme/multi-region-arch.png)

-![语言切换](doc/img/readme/n9e-switch-i18n.png)
+> In the above diagram, Data Center A has a good network with the central data center, so it uses the Nightingale process in the central data center as the alerting engine. Data Center B has a poor network with the central data center, so it deploys `n9e-edge` as the alerting engine to handle alerting for its own data sources.

-即时查询，类似 Prometheus 内置的查询分析页面，做 ad-hoc 查询，夜莺做了一些 UI 优化，同时提供了一些内置 promql 指标，让不太了解 promql 的用户也可以快速查询。
+## 🔕 Alert Noise Reduction, Escalation, and Collaboration

-![即时查询](doc/img/readme/20240513103305.png)
+Nightingale focuses on being an alerting engine, responsible for generating alarms and flexibly distributing them based on rules. It supports 20 built-in notification medias (such as phone calls, SMS, email, DingTalk, Slack, etc.).

-当然，也可以直接通过指标视图查看，有了指标视图，即时查询基本可以不用了，或者只有高端玩家使用即时查询，普通用户直接通过指标视图查询即可。
+If you have more advanced requirements, such as:
+- Want to consolidate events from multiple monitoring systems into one platform for unified noise reduction, response handling, and data analysis.
+- Want to support personnel scheduling, practice on-call culture, and support alert escalation (to avoid missing alerts) and collaborative handling.

-![指标视图](doc/img/readme/20240513103530.png)
+Then Nightingale is not suitable. It is recommended that you choose on-call products such as PagerDuty and FlashDuty. These products are simple and easy to use.

-夜莺内置了常用仪表盘，可以直接导入使用。也可以导入 Grafana 仪表盘，不过只能兼容 Grafana 基本图表，如果已经习惯了 Grafana 建议继续使用 Grafana 看图，把夜莺作为一个告警引擎使用。
+## 🗨️ Communication Channels

-![内置仪表盘](doc/img/readme/20240513103628.png)
+- **Report Bugs:** It is highly recommended to submit issues via the [Nightingale GitHub Issue tracker](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Fbug&projects=&template=bug_report.yml).
+- **Documentation:** For more information, we recommend thoroughly browsing the [Nightingale Documentation Site](https://n9e.github.io/).

-除了内置的仪表盘，也内置了很多告警规则，开箱即用。
+## 🔑 Key Features

-![内置告警规则](doc/img/readme/20240513103825.png)
+![Nightingale Alerting rules](doc/img/readme/alerting-rules-en.png)

+- Nightingale supports alerting rules, mute rules, subscription rules, and notification rules. It natively supports 20 types of notification media and allows customization of message templates.  
+- It supports event pipelines for Pipeline processing of alarms, facilitating automated integration with in-house systems. For example, it can append metadata to alarms or perform relabeling on events. 
+- It introduces the concept of business groups and a permission system to manage various rules in a categorized manner.  
+- Many databases and middleware come with built-in alert rules that can be directly imported and used. It also supports direct import of Prometheus alerting rules.  
+- It supports alerting self-healing, which automatically triggers a script to execute predefined logic after an alarm is generated—such as cleaning up disk space or capturing the current system state.

+![Nightingale Alarm Dashboard](doc/img/readme/active-events-en.png)

-## 产品架构
+- Nightingale archives historical alarms and supports multi-dimensional query and statistics.  
+- It supports flexible aggregation grouping, allowing a clear view of the distribution of alarms across the company.

-社区使用夜莺最多的场景就是使用夜莺做告警引擎，对接多套时序库，统一告警规则管理。绘图仍然使用 Grafana 居多。作为一个告警引擎，夜莺的产品架构如下：
+![Nightingale Integration Center](doc/img/readme/integration-components-en.png)

-![产品架构](doc/img/readme/20240221152601.png)
+- Nightingale has built-in metric descriptions, dashboards, and alerting rules for common operating systems, middleware, and databases, which are contributed by the community with varying quality.  
+- It directly receives data via multiple protocols such as Remote Write, OpenTSDB, Datadog, and Falcon, integrates with various Agents.  
+- It supports data sources like Prometheus, ElasticSearch, Loki, ClickHouse, MySQL, Postgres, allowing alerting based on data from these sources.  
+- Nightingale can be easily embedded into internal enterprise systems (e.g. Grafana, CMDB), and even supports configuring menu visibility for these embedded systems.

-对于个别边缘机房，如果和中心夜莺服务端网络链路不好，希望提升告警可用性，我们也提供边缘机房告警引擎下沉部署模式，这个模式下，即便网络割裂，告警功能也不受影响。
+![Nightingale dashboards](doc/img/readme/dashboard-en.png)

-![边缘部署模式](doc/img/readme/20240222102119.png)
+- Nightingale supports dashboard functionality, including common chart types, and comes with pre-built dashboards. The image above is a screenshot of one of these dashboards.  
+- If you are already accustomed to Grafana, it is recommended to continue using Grafana for visualization, as Grafana has deeper expertise in this area.  
+- For machine-related monitoring data collected by Categraf, it is advisable to use Nightingale's built-in dashboards for viewing. This is because Categraf's metric naming follows Telegraf's convention, which differs from that of Node Exporter.  
+- Due to Nightingale's concept of business groups (where machines can belong to different groups), there may be scenarios where you only want to view machines within the current business group on the dashboard. Thus, Nightingale's dashboards can be linked with business groups for interactive filtering.

+## 🌟 Stargazers over time

-## 交流渠道
- 报告Bug，优先推荐提交[夜莺GitHub Issue](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Fbug&projects=&template=bug_report.yml)
- 推荐完整浏览[夜莺文档站点](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale-v7/introduction/)，了解更多信息
- 加我微信：`picobyte`（我已关闭好友验证）拉入微信群，备注：`夜莺互助群`
-
-## 广受关注
 [![Stargazers over time](https://api.star-history.com/svg?repos=ccfos/nightingale&type=Date)](https://star-history.com/#ccfos/nightingale&Date)

-## 社区共建
- ❇️ 请阅读浏览[夜莺开源项目和社区治理架构草案](./doc/community-governance.md)，真诚欢迎每一位用户、开发者、公司以及组织，使用夜莺监控、积极反馈 Bug、提交功能需求、分享最佳实践，共建专业、活跃的夜莺开源社区。
- ❤️ 夜莺贡献者
+## 🔥 Users
+
+![User Logos](doc/img/readme/logos.png)
+
+## 🤝 Community Co-Building
+
+- ❇️ Please read the [Nightingale Open Source Project and Community Governance Draft](./doc/community-governance.md). We sincerely welcome every user, developer, company, and organization to use Nightingale, actively report bugs, submit feature requests, share best practices, and help build a professional and active open-source community.
+- ❤️ Nightingale Contributors
 <a href="https://github.com/ccfos/nightingale/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=ccfos/nightingale" />
 </a>

-## License
- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
+## 📜 License
+- [Apache License V2.0](https://github.com/ccfos/nightingale/blob/main/LICENSE)
--- a/README_en.md
+++ b/README_en.md
@@ -1,113 +0,0 @@
-<p align="center">
-  <a href="https://github.com/ccfos/nightingale">
-    <img src="doc/img/Nightingale_L_V.png" alt="nightingale - cloud native monitoring" width="100" /></a>
-</p>
-<p align="center">
-  <b>Open-source Alert Management Expert, an Integrated Observability Platform</b>
-</p>
-
-<p align="center">
-<a href="https://flashcat.cloud/docs/">
-  <img alt="Docs" src="https://img.shields.io/badge/docs-get%20started-brightgreen"/></a>
-<a href="https://hub.docker.com/u/flashcatcloud">
-  <img alt="Docker pulls" src="https://img.shields.io/docker/pulls/flashcatcloud/nightingale"/></a>
-<a href="https://github.com/ccfos/nightingale/graphs/contributors">
-  <img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/ccfos/nightingale"/></a>
-<img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/ccfos/nightingale">
-<img alt="GitHub forks" src="https://img.shields.io/github/forks/ccfos/nightingale">
-<br/><img alt="GitHub Repo issues" src="https://img.shields.io/github/issues/ccfos/nightingale">
-<img alt="GitHub Repo issues closed" src="https://img.shields.io/github/issues-closed/ccfos/nightingale">
-<img alt="GitHub latest release" src="https://img.shields.io/github/v/release/ccfos/nightingale"/>
-<img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-blue"/>
-<a href="https://n9e-talk.slack.com/">
-  <img alt="GitHub contributors" src="https://img.shields.io/badge/join%20slack-%23n9e-brightgreen.svg"/></a>
-</p>
-
-
-
-[English](./README_en.md) | [中文](./README.md)
-
-## What is Nightingale
-
-Nightingale is an open-source project focused on alerting. Similar to Grafana's data source integration approach, Nightingale also connects with various existing data sources. However, while Grafana focuses on visualization, Nightingale focuses on alerting engines.
-
-Originally developed and open-sourced by Didi, Nightingale was donated to the China Computer Federation Open Source Development Committee (CCF ODC) on May 11, 2022, becoming the first open-source project accepted by the CCF ODC after its establishment. 
-
-
-## Quick Start
-
- 👉 [Documentation](https://flashcat.cloud/docs/) | [Download](https://flashcat.cloud/download/nightingale/)
- ❤️ [Report a Bug](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=&projects=&template=question.yml)
- ℹ️ For faster access, the above documentation and download sites are hosted on [FlashcatCloud](https://flashcat.cloud).
-
-## Features
-
- **Integration with Multiple Time-Series Databases:** Supports integration with various time-series databases such as Prometheus, VictoriaMetrics, Thanos, Mimir, M3DB, and TDengine, enabling unified alert management.
- **Advanced Alerting Capabilities:** Comes with built-in support for multiple alerting rules, extensible to common notification channels. It also supports alert suppression, silencing, subscription, self-healing, and alert event management.
- **High-Performance Visualization Engine:** Offers various chart styles with numerous built-in dashboard templates and the ability to import Grafana templates. Ready to use with a business-friendly open-source license.
- **Support for Common Collectors:** Compatible with [Categraf](https://flashcat.cloud/product/categraf), Telegraf, Grafana-agent, Datadog-agent, and various exporters as collectors—there's no data that can't be monitored.
- **Seamless Integration with [Flashduty](https://flashcat.cloud/product/flashcat-duty/):** Enables alert aggregation, acknowledgment, escalation, scheduling, and IM integration, ensuring no alerts are missed, reducing unnecessary interruptions, and enhancing efficient collaboration.
-
-
-## Screenshots
-
-You can switch languages and themes in the top right corner. We now support English, Simplified Chinese, and Traditional Chinese. 
-
-![18n switch](doc/img/readme/n9e-switch-i18n.png)
-
-### Instant Query
-
-Similar to the built-in query analysis page in Prometheus, Nightingale offers an ad-hoc query feature with UI enhancements. It also provides built-in PromQL metrics, allowing users unfamiliar with PromQL to quickly perform queries.
-
-![Instant Query](doc/img/readme/20240513103305.png)
-
-### Metric View
-
-Alternatively, you can use the Metric View to access data. With this feature, Instant Query becomes less necessary, as it caters more to advanced users. Regular users can easily perform queries using the Metric View.
-
-![Metric View](doc/img/readme/20240513103530.png)
-
-### Built-in Dashboards
-
-Nightingale includes commonly used dashboards that can be imported and used directly. You can also import Grafana dashboards, although compatibility is limited to basic Grafana charts. If you’re accustomed to Grafana, it’s recommended to continue using it for visualization, with Nightingale serving as an alerting engine.
-
-![Built-in Dashboards](doc/img/readme/20240513103628.png)
-
-### Built-in Alert Rules
-
-In addition to the built-in dashboards, Nightingale also comes with numerous alert rules that are ready to use out of the box.
-
-![Built-in Alert Rules](doc/img/readme/20240513103825.png)
-
-
-
-## Architecture
-
-In most community scenarios, Nightingale is primarily used as an alert engine, integrating with multiple time-series databases to unify alert rule management. Grafana remains the preferred tool for visualization. As an alert engine, the product architecture of Nightingale is as follows:
-
-![Product Architecture](doc/img/readme/20240221152601.png)
-
-For certain edge data centers with poor network connectivity to the central Nightingale server, we offer a distributed deployment mode for the alert engine. In this mode, even if the network is disconnected, the alerting functionality remains unaffected.
-
-![Edge Deployment Mode](doc/img/readme/20240222102119.png)
-
-
-## Communication Channels
-
- **Report Bugs:** It is highly recommended to submit issues via the [Nightingale GitHub Issue tracker](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Fbug&projects=&template=bug_report.yml).
- **Documentation:** For more information, we recommend thoroughly browsing the [Nightingale Documentation Site](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale-v7/introduction/).
-
-## Stargazers over time
-
-[![Stargazers over time](https://api.star-history.com/svg?repos=ccfos/nightingale&type=Date)](https://star-history.com/#ccfos/nightingale&Date)
-
-## Community Co-Building
-
- ❇️ Please read the [Nightingale Open Source Project and Community Governance Draft](./doc/community-governance.md). We sincerely welcome every user, developer, company, and organization to use Nightingale, actively report bugs, submit feature requests, share best practices, and help build a professional and active open-source community.
-  ❤️ Nightingale Contributors
-<a href="https://github.com/ccfos/nightingale/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=ccfos/nightingale" />
-</a>
-
-## License
- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
--- a/README_zh.md
+++ b/README_zh.md
@@ -0,0 +1,123 @@
+<p align="center">
+  <a href="https://github.com/ccfos/nightingale">
+    <img src="doc/img/Nightingale_L_V.png" alt="nightingale - cloud native monitoring" width="100" /></a>
+</p>
+<p align="center">
+  <b>开源监控告警管理专家</b>
+</p>
+
+<p align="center">
+<a href="https://flashcat.cloud/docs/">
+  <img alt="Docs" src="https://img.shields.io/badge/docs-get%20started-brightgreen"/></a>
+<a href="https://hub.docker.com/u/flashcatcloud">
+  <img alt="Docker pulls" src="https://img.shields.io/docker/pulls/flashcatcloud/nightingale"/></a>
+<a href="https://github.com/ccfos/nightingale/graphs/contributors">
+  <img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/ccfos/nightingale"/></a>
+<img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/ccfos/nightingale">
+<img alt="GitHub forks" src="https://img.shields.io/github/forks/ccfos/nightingale">
+<br/><img alt="GitHub Repo issues" src="https://img.shields.io/github/issues/ccfos/nightingale">
+<img alt="GitHub Repo issues closed" src="https://img.shields.io/github/issues-closed/ccfos/nightingale">
+<img alt="GitHub latest release" src="https://img.shields.io/github/v/release/ccfos/nightingale"/>
+<img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-blue"/>
+<a href="https://n9e-talk.slack.com/">
+  <img alt="GitHub contributors" src="https://img.shields.io/badge/join%20slack-%23n9e-brightgreen.svg"/></a>
+</p>
+
+
+
+[English](./README.md) | [中文](./README_zh.md)
+
+## 夜莺是什么
+
+夜莺 Nightingale 是一款开源云原生监控告警工具，是中国计算机学会接受捐赠并托管的第一个开源项目，在 GitHub 上有超过 12000 颗星，广受关注和使用。夜莺的统一告警引擎，可以对接 Prometheus、Elasticsearch、ClickHouse、Loki、MySQL 等多种数据源，提供全面的告警判定、丰富的事件处理和灵活的告警分发及通知能力。
+
+夜莺侧重于监控告警，类似于 Grafana 的数据源集成方式，夜莺也是对接多种既有的数据源，不过 Grafana 侧重于可视化，夜莺则是侧重于告警引擎、告警事件的处理和分发。
+
+> - 💡夜莺正式推出了 [MCP-Server](https://github.com/n9e/n9e-mcp-server/)，此 MCP Server 允许 AI 助手通过自然语言与夜莺 API 交互，实现告警管理、监控和可观测性任务。
+> - 夜莺监控项目，最初由滴滴开发和开源，并于 2022 年 5 月 11 日，捐赠予中国计算机学会开源发展技术委员会（CCF ODTC），为 CCF ODTC 成立后接受捐赠的第一个开源项目。
+
+![](https://n9e.github.io/img/global/arch-bg.png)
+
+## 夜莺的工作逻辑
+
+很多用户已经自行采集了指标、日志数据，此时就把存储库（VictoriaMetrics、ElasticSearch等）作为数据源接入夜莺，即可在夜莺里配置告警规则、通知规则，完成告警事件的生成和派发。
+
+![夜莺产品架构](doc/img/readme/20240221152601.png)
+
+夜莺项目本身不提供监控数据采集能力。推荐您使用 [Categraf](https://github.com/flashcatcloud/categraf) 作为采集器，可以和夜莺丝滑对接。
+
+[Categraf](https://github.com/flashcatcloud/categraf) 可以采集操作系统、网络设备、各类中间件、数据库的监控数据，通过 Remote Write 协议推送给夜莺，夜莺把监控数据转存到时序库（如 Prometheus、VictoriaMetrics 等），并提供告警和可视化能力。
+
+对于个别边缘机房，如果和中心夜莺服务端网络链路不好，希望提升告警可用性，夜莺也提供边缘机房告警引擎下沉部署模式，这个模式下，即便边缘和中心端网络割裂，告警功能也不受影响。
+
+![边缘部署模式](doc/img/readme/20240222102119.png)
+
+> 上图中，机房A和中心机房的网络链路很好，所以直接由中心端的夜莺进程做告警引擎，机房B和中心机房的网络链路不好，所以在机房B部署了 `n9e-edge` 做告警引擎，对机房B的数据源做告警判定。
+
+## 告警降噪、升级、协同
+
+夜莺的侧重点是做告警引擎，即负责产生告警事件，并根据规则做灵活派发，内置支持 20 种通知媒介（电话、短信、邮件、钉钉、飞书、企微、Slack 等）。
+
+如果您有更高级的需求，比如：
+
+- 想要把公司的多套监控系统产生的事件聚拢到一个平台，统一做收敛降噪、响应处理、数据分析
+- 想要支持人员的排班，践行 On-call 文化，想要支持告警认领、升级（避免遗漏）、协同处理
+
+那夜莺是不合适的，推荐您选用 [FlashDuty](https://flashcat.cloud/product/flashcat-duty/) 这样的 On-call 产品，产品简单易用，也有免费套餐。
+
+
+## 相关资料 & 交流渠道
+- 📚 [夜莺介绍PPT](https://mp.weixin.qq.com/s/Mkwx_46xrltSq8NLqAIYow) 对您了解夜莺各项关键特性会有帮助（PPT链接在文末）
+- 👉 [文档中心](https://flashcat.cloud/docs/) 为了更快的访问速度，站点托管在 [FlashcatCloud](https://flashcat.cloud)
+- ❤️ [报告 Bug](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=&projects=&template=question.yml) 写清楚问题描述、复现步骤、截图等信息，更容易得到答案
+- 💡 前后端代码分离，前端代码仓库：[https://github.com/n9e/fe](https://github.com/n9e/fe)
+- 🎯 关注[这个公众号](https://gitlink.org.cn/UlricQin)了解更多夜莺动态和知识
+- 🌟 加我微信：`picobyte`（我已关闭好友验证）拉入微信群，备注：`夜莺互助群`，如果已经把夜莺上到生产环境，可联系我拉入资深监控用户群
+
+
+## 关键特性简介
+
+![夜莺告警规则](doc/img/readme/2025-05-23_18-43-37.png)
+
+- 夜莺支持告警规则、屏蔽规则、订阅规则、通知规则，内置支持 20 种通知媒介，支持消息模板自定义
+- 支持事件管道，对告警事件做 Pipeline 处理，方便和自有系统做自动化整合，比如给告警事件附加一些元信息，对事件做 relabel
+- 支持业务组概念，引入权限体系，分门别类管理各类规则
+- 很多数据库、中间件内置了告警规则，可以直接导入使用，也可以直接导入 Prometheus 的告警规则
+- 支持告警自愈，即告警之后自动触发一个脚本执行一些预定义的逻辑，比如清理一下磁盘、抓一下现场等
+
+![夜莺事件大盘](doc/img/readme/2025-05-30_08-49-28.png)
+
+- 夜莺存档了历史告警事件，支持多维度的查询和统计
+- 支持灵活的聚合分组，一目了然看到公司的告警事件分布情况
+
+![夜莺集成中心](doc/img/readme/2025-05-23_18-46-06.png)
+
+- 夜莺内置常用操作系统、中间件、数据库的的指标说明、仪表盘、告警规则，不过都是社区贡献的，整体也是参差不齐
+- 夜莺直接接收 Remote Write、OpenTSDB、Datadog、Falcon 等多种协议的数据，故而可以和各类 Agent 对接
+- 夜莺支持 Prometheus、ElasticSearch、Loki、TDEngine 等多种数据源，可以对其中的数据做告警
+- 夜莺可以很方便内嵌企业内部系统，比如 Grafana、CMDB 等，甚至可以配置这些内嵌系统的菜单可见性
+
+
+![夜莺仪表盘](doc/img/readme/2025-05-23_18-49-02.png)
+
+- 夜莺支持仪表盘功能，支持常见的图表类型，也内置了一些仪表盘，上图是其中一个仪表盘的截图。
+- 如果你已经习惯了 Grafana，建议仍然使用 Grafana 看图。Grafana 在看图方面道行更深。
+- 机器相关的监控数据，如果是 Categraf 采集的，建议使用夜莺自带的仪表盘查看，因为 Categraf 的指标命名 Follow 的是 Telegraf 的命名方式，和 Node Exporter 不同
+- 因为夜莺有个业务组的概念，机器可以归属不同的业务组，有时在仪表盘里只想查看当前所属业务组的机器，所以夜莺的仪表盘可以和业务组联动
+
+## 广受关注
+[![Stargazers over time](https://api.star-history.com/svg?repos=ccfos/nightingale&type=Date)](https://star-history.com/#ccfos/nightingale&Date)
+
+## 感谢众多企业的信赖
+
+![夜莺客户](doc/img/readme/logos.png)
+
+## 社区共建
+- ❇️ 请阅读浏览[夜莺开源项目和社区治理架构草案](./doc/community-governance.md)，真诚欢迎每一位用户、开发者、公司以及组织，使用夜莺监控、积极反馈 Bug、提交功能需求、分享最佳实践，共建专业、活跃的夜莺开源社区。
+- ❤️ 夜莺贡献者
+<a href="https://github.com/ccfos/nightingale/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=ccfos/nightingale" />
+</a>
+
+## License
+- [Apache License V2.0](https://github.com/ccfos/nightingale/blob/main/LICENSE)
--- a/alert/alert.go
+++ b/alert/alert.go
@@ -75,11 +75,11 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {

 	macros.RegisterMacro(macros.MacroInVain)
 	dscache.Init(ctx, false)
-	Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache)
+	Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, configCvalCache)

 	r := httpx.GinEngine(config.Global.RunMode, config.HTTP,
 		configCvalCache.PrintBodyPaths, configCvalCache.PrintAccessLog)
-	rt := router.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors)
+	rt := router.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors, config.Log.Dir)

 	if config.Ibex.Enable {
 		ibex.ServerStart(false, nil, redis, config.HTTP.APIForService.BasicAuth, config.Alert.Heartbeat, &config.CenterApi, r, nil, config.Ibex, config.HTTP.Port)
@@ -98,7 +98,7 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {

 func Start(alertc aconf.Alert, pushgwc pconf.Pushgw, syncStats *memsto.Stats, alertStats *astats.Stats, externalProcessors *process.ExternalProcessorsType, targetCache *memsto.TargetCacheType, busiGroupCache *memsto.BusiGroupCacheType,
 	alertMuteCache *memsto.AlertMuteCacheType, alertRuleCache *memsto.AlertRuleCacheType, notifyConfigCache *memsto.NotifyConfigCacheType, taskTplsCache *memsto.TaskTplCache, datasourceCache *memsto.DatasourceCacheType, ctx *ctx.Context,
-	promClients *prom.PromClientMap, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType, notifyRuleCache *memsto.NotifyRuleCacheType, notifyChannelCache *memsto.NotifyChannelCacheType, messageTemplateCache *memsto.MessageTemplateCacheType) {
+	promClients *prom.PromClientMap, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType, notifyRuleCache *memsto.NotifyRuleCacheType, notifyChannelCache *memsto.NotifyChannelCacheType, messageTemplateCache *memsto.MessageTemplateCacheType, configCvalCache *memsto.CvalCache) {
 	alertSubscribeCache := memsto.NewAlertSubscribeCache(ctx, syncStats)
 	recordingRuleCache := memsto.NewRecordingRuleCache(ctx, syncStats)
 	targetsOfAlertRulesCache := memsto.NewTargetOfAlertRuleCache(ctx, alertc.Heartbeat.EngineName, syncStats)
@@ -115,14 +115,16 @@ func Start(alertc aconf.Alert, pushgwc pconf.Pushgw, syncStats *memsto.Stats, al
 	eval.NewScheduler(alertc, externalProcessors, alertRuleCache, targetCache, targetsOfAlertRulesCache,
 		busiGroupCache, alertMuteCache, datasourceCache, promClients, naming, ctx, alertStats)

-	dp := dispatch.NewDispatch(alertRuleCache, userCache, userGroupCache, alertSubscribeCache, targetCache, notifyConfigCache, taskTplsCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, alertc.Alerting, ctx, alertStats)
-	consumer := dispatch.NewConsumer(alertc.Alerting, ctx, dp, promClients)
+	eventProcessorCache := memsto.NewEventProcessorCache(ctx, syncStats)

-	notifyRecordComsumer := sender.NewNotifyRecordConsumer(ctx)
+	dp := dispatch.NewDispatch(alertRuleCache, userCache, userGroupCache, alertSubscribeCache, targetCache, notifyConfigCache, taskTplsCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, eventProcessorCache, configCvalCache, alertc.Alerting, ctx, alertStats)
+	consumer := dispatch.NewConsumer(alertc.Alerting, ctx, dp, promClients, alertMuteCache)
+
+	notifyRecordConsumer := sender.NewNotifyRecordConsumer(ctx)

 	go dp.ReloadTpls()
 	go consumer.LoopConsume()
-	go notifyRecordComsumer.LoopConsume()
+	go notifyRecordConsumer.LoopConsume()

 	go queue.ReportQueueSize(alertStats)
 	go sender.ReportNotifyRecordQueueSize(alertStats)
--- a/alert/astats/stats.go
+++ b/alert/astats/stats.go
@@ -17,6 +17,7 @@ type Stats struct {
 	CounterRuleEval             *prometheus.CounterVec
 	CounterQueryDataErrorTotal  *prometheus.CounterVec
 	CounterQueryDataTotal       *prometheus.CounterVec
+	CounterVarFillingQuery      *prometheus.CounterVec
 	CounterRecordEval           *prometheus.CounterVec
 	CounterRecordEvalErrorTotal *prometheus.CounterVec
 	CounterMuteTotal            *prometheus.CounterVec
@@ -24,6 +25,7 @@ type Stats struct {
 	CounterHeartbeatErrorTotal  *prometheus.CounterVec
 	CounterSubEventTotal        *prometheus.CounterVec
 	GaugeQuerySeriesCount       *prometheus.GaugeVec
+	GaugeRuleEvalDuration       *prometheus.GaugeVec
 	GaugeNotifyRecordQueueSize  prometheus.Gauge
 }

@@ -54,7 +56,7 @@ func NewSyncStats() *Stats {
 		Subsystem: subsystem,
 		Name:      "query_data_total",
 		Help:      "Number of rule eval query data.",
-	}, []string{"datasource"})
+	}, []string{"datasource", "rule_id"})

 	CounterRecordEval := prometheus.NewCounterVec(prometheus.CounterOpts{
 		Namespace: namespace,
@@ -135,6 +137,20 @@ func NewSyncStats() *Stats {
 		Help:      "The size of notify record queue.",
 	})

+	GaugeRuleEvalDuration := prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Namespace: namespace,
+		Subsystem: subsystem,
+		Name:      "rule_eval_duration_ms",
+		Help:      "Duration of rule eval in milliseconds.",
+	}, []string{"rule_id", "datasource_id"})
+
+	CounterVarFillingQuery := prometheus.NewCounterVec(prometheus.CounterOpts{
+		Namespace: namespace,
+		Subsystem: subsystem,
+		Name:      "var_filling_query_total",
+		Help:      "Number of var filling query.",
+	}, []string{"rule_id", "datasource_id", "ref", "typ"})
+
 	prometheus.MustRegister(
 		CounterAlertsTotal,
 		GaugeAlertQueueSize,
@@ -150,7 +166,9 @@ func NewSyncStats() *Stats {
 		CounterHeartbeatErrorTotal,
 		CounterSubEventTotal,
 		GaugeQuerySeriesCount,
+		GaugeRuleEvalDuration,
 		GaugeNotifyRecordQueueSize,
+		CounterVarFillingQuery,
 	)

 	return &Stats{
@@ -168,6 +186,8 @@ func NewSyncStats() *Stats {
 		CounterHeartbeatErrorTotal:  CounterHeartbeatErrorTotal,
 		CounterSubEventTotal:        CounterSubEventTotal,
 		GaugeQuerySeriesCount:       GaugeQuerySeriesCount,
+		GaugeRuleEvalDuration:       GaugeRuleEvalDuration,
 		GaugeNotifyRecordQueueSize:  GaugeNotifyRecordQueueSize,
+		CounterVarFillingQuery:      CounterVarFillingQuery,
 	}
 }
--- a/alert/common/key.go
+++ b/alert/common/key.go
@@ -1,6 +1,7 @@
 package common

 import (
+	"encoding/json"
 	"fmt"
 	"strings"

@@ -13,6 +14,20 @@ func RuleKey(datasourceId, id int64) string {

 func MatchTags(eventTagsMap map[string]string, itags []models.TagFilter) bool {
 	for _, filter := range itags {
+		// target_group in和not in优先特殊处理：匹配通过则继续下一个 filter，匹配失败则整组不匹配
+		if filter.Key == "target_group" {
+			// target 字段从 event.JsonTagsAndValue() 中获取的
+			v, ok := eventTagsMap["target"]
+			if !ok {
+				return false
+			}
+			if !targetGroupMatch(v, filter) {
+				return false
+			}
+			continue
+		}
+
+		// 普通标签按原逻辑处理
 		value, has := eventTagsMap[filter.Key]
 		if !has {
 			return false
@@ -35,9 +50,9 @@ func MatchGroupsName(groupName string, groupFilter []models.TagFilter) bool {
 func matchTag(value string, filter models.TagFilter) bool {
 	switch filter.Func {
 	case "==":
-		return strings.TrimSpace(filter.Value) == strings.TrimSpace(value)
+		return strings.TrimSpace(fmt.Sprintf("%v", filter.Value)) == strings.TrimSpace(value)
 	case "!=":
-		return strings.TrimSpace(filter.Value) != strings.TrimSpace(value)
+		return strings.TrimSpace(fmt.Sprintf("%v", filter.Value)) != strings.TrimSpace(value)
 	case "in":
 		_, has := filter.Vset[value]
 		return has
@@ -49,6 +64,65 @@ func matchTag(value string, filter models.TagFilter) bool {
 	case "!~":
 		return !filter.Regexp.MatchString(value)
 	}
-	// unexpect func
+	// unexpected func
 	return false
 }
+
+// targetGroupMatch 处理 target_group 的特殊匹配逻辑
+func targetGroupMatch(value string, filter models.TagFilter) bool {
+	var valueMap map[string]interface{}
+	if err := json.Unmarshal([]byte(value), &valueMap); err != nil {
+		return false
+	}
+	switch filter.Func {
+	case "in", "not in":
+		// float64 类型的 id 切片
+		filterValueIds, ok := filter.Value.([]interface{})
+		if !ok {
+			return false
+		}
+		filterValueIdsMap := make(map[float64]struct{})
+		for _, id := range filterValueIds {
+			filterValueIdsMap[id.(float64)] = struct{}{}
+		}
+		// float64 类型的 groupIds 切片
+		groupIds, ok := valueMap["group_ids"].([]interface{})
+		if !ok {
+			return false
+		}
+		// in 只要 groupIds 中有一个在 filterGroupIds 中出现，就返回 true
+		// not in 则相反
+		found := false
+		for _, gid := range groupIds {
+			if _, found = filterValueIdsMap[gid.(float64)]; found {
+				break
+			}
+		}
+		if filter.Func == "in" {
+			return found
+		}
+		// filter.Func == "not in"
+		return !found
+
+	case "=~", "!~":
+		// 正则满足一个就认为 matched
+		groupNames, ok := valueMap["group_names"].([]interface{})
+		if !ok {
+			return false
+		}
+		matched := false
+		for _, gname := range groupNames {
+			if filter.Regexp.MatchString(fmt.Sprintf("%v", gname)) {
+				matched = true
+				break
+			}
+		}
+		if filter.Func == "=~" {
+			return matched
+		}
+		// "!~": 只要有一个匹配就返回 false，否则返回 true
+		return !matched
+	default:
+		return false
+	}
+}
--- a/alert/dispatch/consume.go
+++ b/alert/dispatch/consume.go
@@ -8,8 +8,8 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/alert/aconf"
-	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/alert/queue"
+	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/poster"
@@ -26,10 +26,15 @@ type Consumer struct {
 	alerting aconf.Alerting
 	ctx      *ctx.Context

-	dispatch    *Dispatch
-	promClients *prom.PromClientMap
+	dispatch       *Dispatch
+	promClients    *prom.PromClientMap
+	alertMuteCache *memsto.AlertMuteCacheType
 }

+type EventMuteHookFunc func(event *models.AlertCurEvent) bool
+
+var EventMuteHook EventMuteHookFunc = func(event *models.AlertCurEvent) bool { return false }
+
 func InitRegisterQueryFunc(promClients *prom.PromClientMap) {
 	tplx.RegisterQueryFunc(func(datasourceID int64, promql string) model.Value {
 		if promClients.IsNil(datasourceID) {
@@ -43,12 +48,14 @@ func InitRegisterQueryFunc(promClients *prom.PromClientMap) {
 }

 // 创建一个 Consumer 实例
-func NewConsumer(alerting aconf.Alerting, ctx *ctx.Context, dispatch *Dispatch, promClients *prom.PromClientMap) *Consumer {
+func NewConsumer(alerting aconf.Alerting, ctx *ctx.Context, dispatch *Dispatch, promClients *prom.PromClientMap, alertMuteCache *memsto.AlertMuteCacheType) *Consumer {
 	return &Consumer{
 		alerting:    alerting,
 		ctx:         ctx,
 		dispatch:    dispatch,
 		promClients: promClients,
+
+		alertMuteCache: alertMuteCache,
 	}
 }

@@ -91,12 +98,12 @@ func (e *Consumer) consumeOne(event *models.AlertCurEvent) {
 	e.dispatch.Astats.CounterAlertsTotal.WithLabelValues(event.Cluster, eventType, event.GroupName).Inc()

 	if err := event.ParseRule("rule_name"); err != nil {
-		logger.Warningf("ruleid:%d failed to parse rule name: %v", event.RuleId, err)
+		logger.Warningf("alert_eval_%d datasource_%d failed to parse rule name: %v", event.RuleId, event.DatasourceId, err)
 		event.RuleName = fmt.Sprintf("failed to parse rule name: %v", err)
 	}

 	if err := event.ParseRule("annotations"); err != nil {
-		logger.Warningf("ruleid:%d failed to parse annotations: %v", event.RuleId, err)
+		logger.Warningf("alert_eval_%d datasource_%d failed to parse annotations: %v", event.RuleId, event.DatasourceId, err)
 		event.Annotations = fmt.Sprintf("failed to parse annotations: %v", err)
 		event.AnnotationsJSON["error"] = event.Annotations
 	}
@@ -104,16 +111,12 @@ func (e *Consumer) consumeOne(event *models.AlertCurEvent) {
 	e.queryRecoveryVal(event)

 	if err := event.ParseRule("rule_note"); err != nil {
-		logger.Warningf("ruleid:%d failed to parse rule note: %v", event.RuleId, err)
+		logger.Warningf("alert_eval_%d datasource_%d failed to parse rule note: %v", event.RuleId, event.DatasourceId, err)
 		event.RuleNote = fmt.Sprintf("failed to parse rule note: %v", err)
 	}

 	e.persist(event)

-	if event.IsRecovered && event.NotifyRecovered == 0 {
-		return
-	}
-
 	e.dispatch.HandleEventNotify(event, false)
 }

@@ -127,7 +130,7 @@ func (e *Consumer) persist(event *models.AlertCurEvent) {
 		var err error
 		event.Id, err = poster.PostByUrlsWithResp[int64](e.ctx, "/v1/n9e/event-persist", event)
 		if err != nil {
-			logger.Errorf("event:%+v persist err:%v", event, err)
+			logger.Errorf("event:%s persist err:%v", event.Hash, err)
 			e.dispatch.Astats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", event.DatasourceId), "persist_event", event.GroupName, fmt.Sprintf("%v", event.RuleId)).Inc()
 		}
 		return
@@ -135,7 +138,7 @@ func (e *Consumer) persist(event *models.AlertCurEvent) {

 	err := models.EventPersist(e.ctx, event)
 	if err != nil {
-		logger.Errorf("event%+v persist err:%v", event, err)
+		logger.Errorf("event:%s persist err:%v", event.Hash, err)
 		e.dispatch.Astats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", event.DatasourceId), "persist_event", event.GroupName, fmt.Sprintf("%v", event.RuleId)).Inc()
 	}
 }
@@ -153,12 +156,12 @@ func (e *Consumer) queryRecoveryVal(event *models.AlertCurEvent) {

 	promql = strings.TrimSpace(promql)
 	if promql == "" {
-		logger.Warningf("rule_eval:%s promql is blank", getKey(event))
+		logger.Warningf("alert_eval_%d datasource_%d promql is blank", event.RuleId, event.DatasourceId)
 		return
 	}

 	if e.promClients.IsNil(event.DatasourceId) {
-		logger.Warningf("rule_eval:%s error reader client is nil", getKey(event))
+		logger.Warningf("alert_eval_%d datasource_%d error reader client is nil", event.RuleId, event.DatasourceId)
 		return
 	}

@@ -167,7 +170,7 @@ func (e *Consumer) queryRecoveryVal(event *models.AlertCurEvent) {
 	var warnings promsdk.Warnings
 	value, warnings, err := readerClient.Query(e.ctx.Ctx, promql, time.Now())
 	if err != nil {
-		logger.Errorf("rule_eval:%s promql:%s, error:%v", getKey(event), promql, err)
+		logger.Errorf("alert_eval_%d datasource_%d promql:%s, error:%v", event.RuleId, event.DatasourceId, promql, err)
 		event.AnnotationsJSON["recovery_promql_error"] = fmt.Sprintf("promql:%s error:%v", promql, err)

 		b, err := json.Marshal(event.AnnotationsJSON)
@@ -181,12 +184,12 @@ func (e *Consumer) queryRecoveryVal(event *models.AlertCurEvent) {
 	}

 	if len(warnings) > 0 {
-		logger.Errorf("rule_eval:%s promql:%s, warnings:%v", getKey(event), promql, warnings)
+		logger.Errorf("alert_eval_%d datasource_%d promql:%s, warnings:%v", event.RuleId, event.DatasourceId, promql, warnings)
 	}

 	anomalyPoints := models.ConvertAnomalyPoints(value)
 	if len(anomalyPoints) == 0 {
-		logger.Warningf("rule_eval:%s promql:%s, result is empty", getKey(event), promql)
+		logger.Warningf("alert_eval_%d datasource_%d promql:%s, result is empty", event.RuleId, event.DatasourceId, promql)
 		event.AnnotationsJSON["recovery_promql_error"] = fmt.Sprintf("promql:%s error:%s", promql, "result is empty")
 	} else {
 		event.AnnotationsJSON["recovery_value"] = fmt.Sprintf("%v", anomalyPoints[0].Value)
@@ -201,6 +204,3 @@ func (e *Consumer) queryRecoveryVal(event *models.AlertCurEvent) {
 	}
 }

-func getKey(event *models.AlertCurEvent) string {
-	return common.RuleKey(event.DatasourceId, event.RuleId)
-}
--- a/alert/dispatch/dispatch.go
+++ b/alert/dispatch/dispatch.go
@@ -3,6 +3,8 @@ package dispatch
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
+	"fmt"
 	"html/template"
 	"net/url"
 	"strconv"
@@ -13,6 +15,8 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/aconf"
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/alert/common"
+	"github.com/ccfos/nightingale/v6/alert/pipeline"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/engine"
 	"github.com/ccfos/nightingale/v6/alert/sender"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
@@ -21,6 +25,17 @@ import (
 	"github.com/toolkits/pkg/logger"
 )

+var ShouldSkipNotify func(*ctx.Context, *models.AlertCurEvent, int64) bool
+var SendByNotifyRule func(*ctx.Context, *memsto.UserCacheType, *memsto.UserGroupCacheType, *memsto.NotifyChannelCacheType, *memsto.CvalCache,
+	[]*models.AlertCurEvent, int64, *models.NotifyConfig, *models.NotifyChannelConfig, *models.MessageTemplate)
+
+var EventProcessorCache *memsto.EventProcessorCacheType
+
+func init() {
+	ShouldSkipNotify = shouldSkipNotify
+	SendByNotifyRule = SendNotifyRuleMessage
+}
+
 type Dispatch struct {
 	alertRuleCache      *memsto.AlertRuleCacheType
 	userCache           *memsto.UserCacheType
@@ -29,10 +44,12 @@ type Dispatch struct {
 	targetCache         *memsto.TargetCacheType
 	notifyConfigCache   *memsto.NotifyConfigCacheType
 	taskTplsCache       *memsto.TaskTplCache
+	configCvalCache     *memsto.CvalCache

 	notifyRuleCache      *memsto.NotifyRuleCacheType
 	notifyChannelCache   *memsto.NotifyChannelCacheType
 	messageTemplateCache *memsto.MessageTemplateCacheType
+	eventProcessorCache  *memsto.EventProcessorCacheType

 	alerting aconf.Alerting

@@ -41,9 +58,8 @@ type Dispatch struct {
 	tpls             map[string]*template.Template
 	ExtraSenders     map[string]sender.Sender
 	BeforeSenderHook func(*models.AlertCurEvent) bool
-
-	ctx    *ctx.Context
-	Astats *astats.Stats
+	ctx              *ctx.Context
+	Astats           *astats.Stats

 	RwLock sync.RWMutex
 }
@@ -52,7 +68,7 @@ type Dispatch struct {
 func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType,
 	alertSubscribeCache *memsto.AlertSubscribeCacheType, targetCache *memsto.TargetCacheType, notifyConfigCache *memsto.NotifyConfigCacheType,
 	taskTplsCache *memsto.TaskTplCache, notifyRuleCache *memsto.NotifyRuleCacheType, notifyChannelCache *memsto.NotifyChannelCacheType,
-	messageTemplateCache *memsto.MessageTemplateCacheType, alerting aconf.Alerting, ctx *ctx.Context, astats *astats.Stats) *Dispatch {
+	messageTemplateCache *memsto.MessageTemplateCacheType, eventProcessorCache *memsto.EventProcessorCacheType, configCvalCache *memsto.CvalCache, alerting aconf.Alerting, c *ctx.Context, astats *astats.Stats) *Dispatch {
 	notify := &Dispatch{
 		alertRuleCache:       alertRuleCache,
 		userCache:            userCache,
@@ -64,6 +80,8 @@ func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.Us
 		notifyRuleCache:      notifyRuleCache,
 		notifyChannelCache:   notifyChannelCache,
 		messageTemplateCache: messageTemplateCache,
+		eventProcessorCache:  eventProcessorCache,
+		configCvalCache:      configCvalCache,

 		alerting: alerting,

@@ -72,14 +90,21 @@ func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.Us
 		ExtraSenders:     make(map[string]sender.Sender),
 		BeforeSenderHook: func(*models.AlertCurEvent) bool { return true },

-		ctx:    ctx,
+		ctx:    c,
 		Astats: astats,
 	}
+
+	pipeline.Init()
+	EventProcessorCache = eventProcessorCache
+
+	// 设置通知记录回调函数
+	notifyChannelCache.SetNotifyRecordFunc(sender.NotifyRecord)
+
 	return notify
 }

 func (e *Dispatch) ReloadTpls() error {
-	err := e.relaodTpls()
+	err := e.reloadTpls()
 	if err != nil {
 		logger.Errorf("failed to reload tpls: %v", err)
 	}
@@ -87,13 +112,13 @@ func (e *Dispatch) ReloadTpls() error {
 	duration := time.Duration(9000) * time.Millisecond
 	for {
 		time.Sleep(duration)
-		if err := e.relaodTpls(); err != nil {
+		if err := e.reloadTpls(); err != nil {
 			logger.Warning("failed to reload tpls:", err)
 		}
 	}
 }

-func (e *Dispatch) relaodTpls() error {
+func (e *Dispatch) reloadTpls() error {
 	tmpTpls, err := models.ListTpls(e.ctx)
 	if err != nil {
 		return err
@@ -139,11 +164,14 @@ func (e *Dispatch) relaodTpls() error {
 	return nil
 }

-func (e *Dispatch) HandleEventWithNotifyRule(event *models.AlertCurEvent, isSubscribe bool) {
+func (e *Dispatch) HandleEventWithNotifyRule(eventOrigin *models.AlertCurEvent) {

-	if len(event.NotifyRuleIDs) > 0 {
-		for _, notifyRuleId := range event.NotifyRuleIDs {
-			logger.Infof("notify rule ids: %v, event: %+v", notifyRuleId, event)
+	if len(eventOrigin.NotifyRuleIds) > 0 {
+		for _, notifyRuleId := range eventOrigin.NotifyRuleIds {
+			// 深拷贝新的 event，避免并发修改 event 冲突
+			eventCopy := eventOrigin.DeepCopy()
+
+			logger.Infof("notify rule ids: %v, event: %s", notifyRuleId, eventCopy.Hash)
 			notifyRule := e.notifyRuleCache.Get(notifyRuleId)
 			if notifyRule == nil {
 				continue
@@ -152,32 +180,152 @@ func (e *Dispatch) HandleEventWithNotifyRule(event *models.AlertCurEvent, isSubs
 			if !notifyRule.Enable {
 				continue
 			}
+			eventCopy.NotifyRuleId = notifyRuleId
+			eventCopy.NotifyRuleName = notifyRule.Name

+			eventCopy = HandleEventPipeline(notifyRule.PipelineConfigs, eventOrigin, eventCopy, e.eventProcessorCache, e.ctx, notifyRuleId, "notify_rule")
+			if ShouldSkipNotify(e.ctx, eventCopy, notifyRuleId) {
+				logger.Infof("notify_id: %d, event:%s, should skip notify", notifyRuleId, eventCopy.Hash)
+				continue
+			}
+
+			// notify
 			for i := range notifyRule.NotifyConfigs {
-				if !NotifyRuleApplicable(&notifyRule.NotifyConfigs[i], event) {
+				err := NotifyRuleMatchCheck(&notifyRule.NotifyConfigs[i], eventCopy)
+				if err != nil {
+					logger.Errorf("notify_id: %d, event:%s, channel_id:%d, template_id: %d, notify_config:%+v, err:%v", notifyRuleId, eventCopy.Hash, notifyRule.NotifyConfigs[i].ChannelID, notifyRule.NotifyConfigs[i].TemplateID, notifyRule.NotifyConfigs[i], err)
 					continue
 				}
+
 				notifyChannel := e.notifyChannelCache.Get(notifyRule.NotifyConfigs[i].ChannelID)
 				messageTemplate := e.messageTemplateCache.Get(notifyRule.NotifyConfigs[i].TemplateID)
 				if notifyChannel == nil {
-					logger.Warningf("notify_id: %d, event:%+v, channel_id:%d, template_id: %d, notify_channel not found", notifyRuleId, event, notifyRule.NotifyConfigs[i].ChannelID, notifyRule.NotifyConfigs[i].TemplateID)
+					sender.NotifyRecord(e.ctx, []*models.AlertCurEvent{eventCopy}, notifyRuleId, fmt.Sprintf("notify_channel_id:%d", notifyRule.NotifyConfigs[i].ChannelID), "", "", errors.New("notify_channel not found"))
+					logger.Warningf("notify_id: %d, event:%s, channel_id:%d, template_id: %d, notify_channel not found", notifyRuleId, eventCopy.Hash, notifyRule.NotifyConfigs[i].ChannelID, notifyRule.NotifyConfigs[i].TemplateID)
 					continue
 				}

-				if notifyChannel.RequestType != "flashduty" && messageTemplate == nil {
-					logger.Warningf("notify_id: %d, channel_name: %v, event:%+v, template_id: %d, message_template not found", notifyRuleId, notifyChannel.Ident, event, notifyRule.NotifyConfigs[i].TemplateID)
+				if notifyChannel.RequestType != "flashduty" && notifyChannel.RequestType != "pagerduty" && messageTemplate == nil {
+					logger.Warningf("notify_id: %d, channel_name: %v, event:%s, template_id: %d, message_template not found", notifyRuleId, notifyChannel.Ident, eventCopy.Hash, notifyRule.NotifyConfigs[i].TemplateID)
+					sender.NotifyRecord(e.ctx, []*models.AlertCurEvent{eventCopy}, notifyRuleId, notifyChannel.Name, "", "", errors.New("message_template not found"))
+
 					continue
 				}

-				// todo go send
-				// todo 聚合 event
-				go e.sendV2([]*models.AlertCurEvent{event}, notifyRuleId, &notifyRule.NotifyConfigs[i], notifyChannel, messageTemplate)
+				go SendByNotifyRule(e.ctx, e.userCache, e.userGroupCache, e.notifyChannelCache, e.configCvalCache, []*models.AlertCurEvent{eventCopy}, notifyRuleId, &notifyRule.NotifyConfigs[i], notifyChannel, messageTemplate)
 			}
 		}
 	}
 }

-func NotifyRuleApplicable(notifyConfig *models.NotifyConfig, event *models.AlertCurEvent) bool {
+func shouldSkipNotify(ctx *ctx.Context, event *models.AlertCurEvent, notifyRuleId int64) bool {
+	if event == nil {
+		// 如果 eventCopy 为 nil，说明 eventCopy 被 processor drop 掉了, 不再发送通知
+		return true
+	}
+
+	if event.IsRecovered && event.NotifyRecovered == 0 {
+		// 如果 eventCopy 是恢复事件，且 NotifyRecovered 为 0，则不发送通知
+		return true
+	}
+	return false
+}
+
+func HandleEventPipeline(pipelineConfigs []models.PipelineConfig, eventOrigin, event *models.AlertCurEvent, eventProcessorCache *memsto.EventProcessorCacheType, ctx *ctx.Context, id int64, from string) *models.AlertCurEvent {
+	workflowEngine := engine.NewWorkflowEngine(ctx)
+
+	for _, pipelineConfig := range pipelineConfigs {
+		if !pipelineConfig.Enable {
+			continue
+		}
+
+		eventPipeline := eventProcessorCache.Get(pipelineConfig.PipelineId)
+		if eventPipeline == nil {
+			logger.Warningf("processor_by_%s_id:%d pipeline_id:%d, event pipeline not found, event: %s", from, id, pipelineConfig.PipelineId, event.Hash)
+			continue
+		}
+
+		if !PipelineApplicable(eventPipeline, event) {
+			logger.Debugf("processor_by_%s_id:%d pipeline_id:%d, event pipeline not applicable, event: %s", from, id, pipelineConfig.PipelineId, event.Hash)
+			continue
+		}
+
+		// 统一使用工作流引擎执行（兼容线性模式和工作流模式）
+		triggerCtx := &models.WorkflowTriggerContext{
+			Mode:      models.TriggerModeEvent,
+			TriggerBy: from + "_" + strconv.FormatInt(id, 10),
+		}
+
+		resultEvent, result, err := workflowEngine.Execute(eventPipeline, event, triggerCtx)
+		if err != nil {
+			logger.Errorf("processor_by_%s_id:%d pipeline_id:%d, pipeline execute error: %v", from, id, pipelineConfig.PipelineId, err)
+			continue
+		}
+
+		if resultEvent == nil {
+			logger.Infof("processor_by_%s_id:%d pipeline_id:%d, event dropped, event: %s", from, id, pipelineConfig.PipelineId, eventOrigin.Hash)
+			if from == "notify_rule" {
+				sender.NotifyRecord(ctx, []*models.AlertCurEvent{eventOrigin}, id, "", "", result.Message, fmt.Errorf("processor_by_%s_id:%d pipeline_id:%d, drop by pipeline", from, id, pipelineConfig.PipelineId))
+			}
+			return nil
+		}
+
+		event = resultEvent
+		logger.Infof("processor_by_%s_id:%d pipeline_id:%d, pipeline executed, status:%s, message:%s", from, id, pipelineConfig.PipelineId, result.Status, result.Message)
+	}
+
+	event.FE2DB()
+	event.FillTagsMap()
+	return event
+}
+
+func PipelineApplicable(pipeline *models.EventPipeline, event *models.AlertCurEvent) bool {
+	if pipeline == nil {
+		return true
+	}
+
+	if !pipeline.FilterEnable {
+		return true
+	}
+
+	tagMatch := true
+	if len(pipeline.LabelFilters) > 0 {
+		// Deep copy to avoid concurrent map writes on cached objects
+		labelFiltersCopy := make([]models.TagFilter, len(pipeline.LabelFilters))
+		copy(labelFiltersCopy, pipeline.LabelFilters)
+		for i := range labelFiltersCopy {
+			if labelFiltersCopy[i].Func == "" {
+				labelFiltersCopy[i].Func = labelFiltersCopy[i].Op
+			}
+		}
+
+		tagFilters, err := models.ParseTagFilter(labelFiltersCopy)
+		if err != nil {
+			logger.Errorf("pipeline applicable failed to parse tag filter: %v event:%s pipeline:%+v", err, event.Hash, pipeline)
+			return false
+		}
+		tagMatch = common.MatchTags(event.TagsMap, tagFilters)
+	}
+
+	attributesMatch := true
+	if len(pipeline.AttrFilters) > 0 {
+		// Deep copy to avoid concurrent map writes on cached objects
+		attrFiltersCopy := make([]models.TagFilter, len(pipeline.AttrFilters))
+		copy(attrFiltersCopy, pipeline.AttrFilters)
+
+		tagFilters, err := models.ParseTagFilter(attrFiltersCopy)
+		if err != nil {
+			logger.Errorf("pipeline applicable failed to parse tag filter: %v event:%s pipeline:%+v err:%v", tagFilters, event.Hash, pipeline, err)
+			return false
+		}
+
+		attributesMatch = common.MatchTags(event.JsonTagsAndValue(), tagFilters)
+	}
+
+	return tagMatch && attributesMatch
+}
+
+func NotifyRuleMatchCheck(notifyConfig *models.NotifyConfig, event *models.AlertCurEvent) error {
 	tm := time.Unix(event.TriggerTime, 0)
 	triggerTime := tm.Format("15:04")
 	triggerWeek := int(tm.Weekday())
@@ -229,6 +377,10 @@ func NotifyRuleApplicable(notifyConfig *models.NotifyConfig, event *models.Alert
 		}
 	}

+	if !timeMatch {
+		return fmt.Errorf("event time not match time filter")
+	}
+
 	severityMatch := false
 	for i := range notifyConfig.Severities {
 		if notifyConfig.Severities[i] == event.Severity {
@@ -236,39 +388,60 @@ func NotifyRuleApplicable(notifyConfig *models.NotifyConfig, event *models.Alert
 		}
 	}

+	if !severityMatch {
+		return fmt.Errorf("event severity not match severity filter")
+	}
+
 	tagMatch := true
 	if len(notifyConfig.LabelKeys) > 0 {
-		for i := range notifyConfig.LabelKeys {
-			if notifyConfig.LabelKeys[i].Func == "" {
-				notifyConfig.LabelKeys[i].Func = notifyConfig.LabelKeys[i].Op
+		// Deep copy to avoid concurrent map writes on cached objects
+		labelKeysCopy := make([]models.TagFilter, len(notifyConfig.LabelKeys))
+		copy(labelKeysCopy, notifyConfig.LabelKeys)
+		for i := range labelKeysCopy {
+			if labelKeysCopy[i].Func == "" {
+				labelKeysCopy[i].Func = labelKeysCopy[i].Op
 			}
 		}

-		tagFilters, err := models.ParseTagFilter(notifyConfig.LabelKeys)
+		tagFilters, err := models.ParseTagFilter(labelKeysCopy)
 		if err != nil {
-			logger.Errorf("notify send failed to parse tag filter: %v event:%+v notify_config:%+v", err, event, notifyConfig)
-			return false
+			logger.Errorf("notify send failed to parse tag filter: %v event:%s notify_config:%+v", err, event.Hash, notifyConfig)
+			return fmt.Errorf("failed to parse tag filter: %v", err)
 		}
 		tagMatch = common.MatchTags(event.TagsMap, tagFilters)
 	}

+	if !tagMatch {
+		return fmt.Errorf("event tag not match tag filter")
+	}
+
 	attributesMatch := true
 	if len(notifyConfig.Attributes) > 0 {
-		tagFilters, err := models.ParseTagFilter(notifyConfig.Attributes)
+		// Deep copy to avoid concurrent map writes on cached objects
+		attributesCopy := make([]models.TagFilter, len(notifyConfig.Attributes))
+		copy(attributesCopy, notifyConfig.Attributes)
+
+		tagFilters, err := models.ParseTagFilter(attributesCopy)
 		if err != nil {
-			logger.Errorf("notify send failed to parse tag filter: %v event:%+v notify_config:%+v err:%v", tagFilters, event, notifyConfig, err)
-			return false
+			logger.Errorf("notify send failed to parse tag filter: %v event:%s notify_config:%+v err:%v", tagFilters, event.Hash, notifyConfig, err)
+			return fmt.Errorf("failed to parse tag filter: %v", err)
 		}

 		attributesMatch = common.MatchTags(event.JsonTagsAndValue(), tagFilters)
 	}
-	logger.Infof("notify send timeMatch:%v severityMatch:%v tagMatch:%v attributesMatch:%v event:%+v notify_config:%+v", timeMatch, severityMatch, tagMatch, attributesMatch, event, notifyConfig)
-	return timeMatch && severityMatch && tagMatch && attributesMatch
+
+	if !attributesMatch {
+		return fmt.Errorf("event attributes not match attributes filter")
+	}
+
+	logger.Infof("notify send timeMatch:%v severityMatch:%v tagMatch:%v attributesMatch:%v event:%s notify_config:%+v", timeMatch, severityMatch, tagMatch, attributesMatch, event.Hash, notifyConfig)
+	return nil
 }

-func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType) ([]string, []int64, map[string]string) {
+func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType) ([]string, []int64, []string, map[string]string) {
 	customParams := make(map[string]string)
 	var flashDutyChannelIDs []int64
+	var pagerDutyRoutingKeys []string
 	var userInfoParams models.CustomParams

 	for key, value := range notifyConfig.Params {
@@ -286,13 +459,26 @@ func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string,
 					}
 				}
 			}
+		case "pagerduty_integration_keys", "pagerduty_integration_ids":
+			if key == "pagerduty_integration_ids" {
+				// 不处理ids，直接跳过，这个字段只给前端标记用
+				continue
+			}
+			if data, err := json.Marshal(value); err == nil {
+				var keys []string
+				if json.Unmarshal(data, &keys) == nil {
+					pagerDutyRoutingKeys = keys
+					break
+				}
+			}
 		default:
+			// 避免直接 value.(string) 导致 panic，支持多种类型并统一为字符串
 			customParams[key] = value.(string)
 		}
 	}

 	if len(userInfoParams.UserIDs) == 0 && len(userInfoParams.UserGroupIDs) == 0 {
-		return []string{}, flashDutyChannelIDs, customParams
+		return []string{}, flashDutyChannelIDs, pagerDutyRoutingKeys, customParams
 	}

 	userIds := make([]int64, 0)
@@ -321,22 +507,27 @@ func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string,
 			sendto, _ = user.ExtractToken(contactKey)
 		}

+		if sendto == "" {
+			continue
+		}
 		sendtos = append(sendtos, sendto)
 		visited[user.Id] = true
 	}

-	return sendtos, flashDutyChannelIDs, customParams
+	return sendtos, flashDutyChannelIDs, pagerDutyRoutingKeys, customParams
 }

-func (e *Dispatch) sendV2(events []*models.AlertCurEvent, notifyRuleId int64, notifyConfig *models.NotifyConfig, notifyChannel *models.NotifyChannelConfig, messageTemplate *models.MessageTemplate) {
+func SendNotifyRuleMessage(ctx *ctx.Context, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType, notifyChannelCache *memsto.NotifyChannelCacheType, configCvalCache *memsto.CvalCache,
+	events []*models.AlertCurEvent, notifyRuleId int64, notifyConfig *models.NotifyConfig, notifyChannel *models.NotifyChannelConfig, messageTemplate *models.MessageTemplate) {
 	if len(events) == 0 {
 		logger.Errorf("notify_id: %d events is empty", notifyRuleId)
 		return
 	}

+	siteInfo := configCvalCache.GetSiteInfo()
 	tplContent := make(map[string]interface{})
 	if notifyChannel.RequestType != "flashduty" {
-		tplContent = messageTemplate.RenderEvent(events)
+		tplContent = messageTemplate.RenderEvent(events, siteInfo.SiteUrl)
 	}

 	var contactKey string
@@ -344,53 +535,62 @@ func (e *Dispatch) sendV2(events []*models.AlertCurEvent, notifyRuleId int64, no
 		contactKey = notifyChannel.ParamConfig.UserInfo.ContactKey
 	}

-	sendtos, flashDutyChannelIDs, customParams := GetNotifyConfigParams(notifyConfig, contactKey, e.userCache, e.userGroupCache)
-
-	e.Astats.GaugeNotifyRecordQueueSize.Inc()
-	defer e.Astats.GaugeNotifyRecordQueueSize.Dec()
+	sendtos, flashDutyChannelIDs, pagerdutyRoutingKeys, customParams := GetNotifyConfigParams(notifyConfig, contactKey, userCache, userGroupCache)

 	switch notifyChannel.RequestType {
 	case "flashduty":
+		if len(flashDutyChannelIDs) == 0 {
+			flashDutyChannelIDs = []int64{0} // 如果 flashduty 通道没有配置，则使用 0, 给 SendFlashDuty 判断使用, 不给 flashduty 传 channel_id 参数
+		}
+
 		for i := range flashDutyChannelIDs {
-			respBody, err := notifyChannel.SendFlashDuty(events, flashDutyChannelIDs[i], e.notifyChannelCache.GetHttpClient(notifyChannel.ID))
-			logger.Infof("notify_id: %d, channel_name: %v, event:%+v, IntegrationUrl: %v dutychannel_id: %v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0], notifyChannel.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, flashDutyChannelIDs[i], respBody, err)
-			sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, strconv.FormatInt(flashDutyChannelIDs[i], 10), respBody, err)
+			start := time.Now()
+			respBody, err := notifyChannel.SendFlashDuty(events, flashDutyChannelIDs[i], notifyChannelCache.GetHttpClient(notifyChannel.ID))
+			respBody = fmt.Sprintf("send_time: %s duration: %d ms %s", time.Now().Format("2006-01-02 15:04:05"), time.Since(start).Milliseconds(), respBody)
+			logger.Infof("duty_sender notify_id: %d, channel_name: %v, event:%s, IntegrationUrl: %v dutychannel_id: %v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0].Hash, notifyChannel.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, flashDutyChannelIDs[i], respBody, err)
+			sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, strconv.FormatInt(flashDutyChannelIDs[i], 10), respBody, err)
 		}
-		return
+
+	case "pagerduty":
+		for _, routingKey := range pagerdutyRoutingKeys {
+			start := time.Now()
+			respBody, err := notifyChannel.SendPagerDuty(events, routingKey, siteInfo.SiteUrl, notifyChannelCache.GetHttpClient(notifyChannel.ID))
+			respBody = fmt.Sprintf("send_time: %s duration: %d ms %s", time.Now().Format("2006-01-02 15:04:05"), time.Since(start).Milliseconds(), respBody)
+			logger.Infof("pagerduty_sender notify_id: %d, channel_name: %v, event:%s, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0].Hash, respBody, err)
+			sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, "", respBody, err)
+		}
+
 	case "http":
-		if e.notifyChannelCache.HttpConcurrencyAdd(notifyChannel.ID) {
-			defer e.notifyChannelCache.HttpConcurrencyDone(notifyChannel.ID)
-		}
-		if notifyChannel.RequestConfig == nil {
-			logger.Warningf("notify_id: %d, channel_name: %v, event:%+v, request config not found", notifyRuleId, notifyChannel.Name, events[0])
+		// 使用队列模式处理 http 通知
+		// 创建通知任务
+		task := &memsto.NotifyTask{
+			Events:        events,
+			NotifyRuleId:  notifyRuleId,
+			NotifyChannel: notifyChannel,
+			TplContent:    tplContent,
+			CustomParams:  customParams,
+			Sendtos:       sendtos,
 		}

-		if notifyChannel.RequestConfig.HTTPRequestConfig == nil {
-			logger.Warningf("notify_id: %d, channel_name: %v, event:%+v, http request config not found", notifyRuleId, notifyChannel.Name, events[0])
-		}
-
-		if NeedBatchContacts(notifyChannel.RequestConfig.HTTPRequestConfig) || len(sendtos) == 0 {
-			resp, err := notifyChannel.SendHTTP(events, tplContent, customParams, sendtos, e.notifyChannelCache.GetHttpClient(notifyChannel.ID))
-			logger.Infof("notify_id: %d, channel_name: %v, event:%+v, tplContent:%s, customParams:%v, userInfo:%+v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0], tplContent, customParams, sendtos, resp, err)
-
-			sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, getSendTarget(customParams, sendtos), resp, err)
-		} else {
-			for i := range sendtos {
-				resp, err := notifyChannel.SendHTTP(events, tplContent, customParams, []string{sendtos[i]}, e.notifyChannelCache.GetHttpClient(notifyChannel.ID))
-				logger.Infof("notify_id: %d, channel_name: %v, event:%+v, tplContent:%s, customParams:%v, userInfo:%+v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0], tplContent, customParams, sendtos[i], resp, err)
-				sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, getSendTarget(customParams, []string{sendtos[i]}), resp, err)
-			}
+		// 将任务加入队列
+		success := notifyChannelCache.EnqueueNotifyTask(task)
+		if !success {
+			logger.Errorf("failed to enqueue notify task for channel %d, notify_id: %d", notifyChannel.ID, notifyRuleId)
+			// 如果入队失败，记录错误通知
+			sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, getSendTarget(customParams, sendtos), "", errors.New("failed to enqueue notify task, queue is full"))
 		}

 	case "smtp":
-		notifyChannel.SendEmail(notifyRuleId, events, tplContent, sendtos, e.notifyChannelCache.GetSmtpClient(notifyChannel.ID))
+		notifyChannel.SendEmail(notifyRuleId, events, tplContent, sendtos, notifyChannelCache.GetSmtpClient(notifyChannel.ID))

 	case "script":
+		start := time.Now()
 		target, res, err := notifyChannel.SendScript(events, tplContent, customParams, sendtos)
-		logger.Infof("notify_id: %d, channel_name: %v, event:%+v, tplContent:%s, customParams:%v, target:%s, res:%s, err:%v", notifyRuleId, notifyChannel.Name, events[0], tplContent, customParams, target, res, err)
-		sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, target, res, err)
+		res = fmt.Sprintf("send_time: %s duration: %d ms %s", time.Now().Format("2006-01-02 15:04:05"), time.Since(start).Milliseconds(), res)
+		logger.Infof("script_sender notify_id: %d, channel_name: %v, event:%s, tplContent:%s, customParams:%v, target:%s, res:%s, err:%v", notifyRuleId, notifyChannel.Name, events[0].Hash, tplContent, customParams, target, res, err)
+		sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, target, res, err)
 	default:
-		logger.Warningf("notify_id: %d, channel_name: %v, event:%+v send type not found", notifyRuleId, notifyChannel.Name, events[0])
+		logger.Warningf("notify_id: %d, channel_name: %v, event:%s send type not found", notifyRuleId, notifyChannel.Name, events[0].Hash)
 	}
 }

@@ -403,13 +603,13 @@ func NeedBatchContacts(requestConfig *models.HTTPRequestConfig) bool {
 // event: 告警/恢复事件
 // isSubscribe: 告警事件是否由subscribe的配置产生
 func (e *Dispatch) HandleEventNotify(event *models.AlertCurEvent, isSubscribe bool) {
-	rule := e.alertRuleCache.Get(event.RuleId)
-	if rule == nil {
+	go e.HandleEventWithNotifyRule(event)
+	if event.IsRecovered && event.NotifyRecovered == 0 {
 		return
 	}

-	if e.blockEventNotify(rule, event) {
-		logger.Infof("block event notify: rule_id:%d event:%+v", rule.Id, event)
+	rule := e.alertRuleCache.Get(event.RuleId)
+	if rule == nil {
 		return
 	}

@@ -440,8 +640,6 @@ func (e *Dispatch) HandleEventNotify(event *models.AlertCurEvent, isSubscribe bo
 		notifyTarget.AndMerge(handler(rule, event, notifyTarget, e))
 	}

-	// 处理事件发送,这里用一个goroutine处理一个event的所有发送事件
-	go e.HandleEventWithNotifyRule(event, isSubscribe)
 	go e.Send(rule, event, notifyTarget, isSubscribe)

 	// 如果是不是订阅规则出现的event, 则需要处理订阅规则的event
@@ -450,25 +648,6 @@ func (e *Dispatch) HandleEventNotify(event *models.AlertCurEvent, isSubscribe bo
 	}
 }

-func (e *Dispatch) blockEventNotify(rule *models.AlertRule, event *models.AlertCurEvent) bool {
-	ruleType := rule.GetRuleType()
-
-	// 若为机器则先看机器是否删除
-	if ruleType == models.HOST {
-		host, ok := e.targetCache.Get(event.TagsMap["ident"])
-		if !ok || host == nil {
-			return true
-		}
-	}
-
-	// 恢复通知，检测规则配置是否改变
-	// if event.IsRecovered && event.RuleHash != rule.Hash() {
-	// 	return true
-	// }
-
-	return false
-}
-
 func (e *Dispatch) handleSubs(event *models.AlertCurEvent) {
 	// handle alert subscribes
 	subscribes := make([]*models.AlertSubscribe, 0)
@@ -500,6 +679,10 @@ func (e *Dispatch) handleSub(sub *models.AlertSubscribe, event models.AlertCurEv
 		return
 	}

+	if !sub.MatchCate(event.Cate) {
+		return
+	}
+
 	if !common.MatchTags(event.TagsMap, sub.ITags) {
 		return
 	}
@@ -551,7 +734,7 @@ func (e *Dispatch) Send(rule *models.AlertRule, event *models.AlertCurEvent, not
 				event = msgCtx.Events[0]
 			}

-			logger.Debugf("send to channel:%s event:%+v users:%+v", channel, event, msgCtx.Users)
+			logger.Debugf("send to channel:%s event:%s users:%+v", channel, event.Hash, msgCtx.Users)
 			s.Send(msgCtx)
 		}
 	}
@@ -638,6 +821,11 @@ func (e *Dispatch) HandleIbex(rule *models.AlertRule, event *models.AlertCurEven
 	}
 	json.Unmarshal([]byte(rule.RuleConfig), &ruleConfig)

+	if event.IsRecovered {
+		// 恢复事件不需要走故障自愈的逻辑
+		return
+	}
+
 	for _, t := range ruleConfig.TaskTpls {
 		if t.TplId == 0 {
 			continue
@@ -645,12 +833,12 @@ func (e *Dispatch) HandleIbex(rule *models.AlertRule, event *models.AlertCurEven

 		if len(t.Host) == 0 {
 			sender.CallIbex(e.ctx, t.TplId, event.TargetIdent,
-				e.taskTplsCache, e.targetCache, e.userCache, event)
+				e.taskTplsCache, e.targetCache, e.userCache, event, "")
 			continue
 		}
 		for _, host := range t.Host {
 			sender.CallIbex(e.ctx, t.TplId, host,
-				e.taskTplsCache, e.targetCache, e.userCache, event)
+				e.taskTplsCache, e.targetCache, e.userCache, event, "")
 		}
 	}
 }
@@ -724,10 +912,10 @@ func getSendTarget(customParams map[string]string, sendtos []string) string {

 	values := make([]string, 0)
 	for _, value := range customParams {
-		if len(value) <= 4 {
+		runes := []rune(value)
+		if len(runes) <= 4 {
 			values = append(values, value)
 		} else {
-			runes := []rune(value)
 			maskedValue := string(runes[:len(runes)-4]) + "****"
 			values = append(values, maskedValue)
 		}
--- a/alert/dispatch/log.go
+++ b/alert/dispatch/log.go
@@ -18,17 +18,18 @@ func LogEvent(event *models.AlertCurEvent, location string, err ...error) {
 	}

 	logger.Infof(
-		"event(%s %s) %s: rule_id=%d sub_id:%d notify_rule_ids:%v cluster:%s %v%s@%d %s",
+		"alert_eval_%d event(%s %s) %s: sub_id:%d notify_rule_ids:%v cluster:%s %v%s@%d last_eval_time:%d %s",
+		event.RuleId,
 		event.Hash,
 		status,
 		location,
-		event.RuleId,
 		event.SubRuleId,
-		event.NotifyRuleIDs,
+		event.NotifyRuleIds,
 		event.Cluster,
 		event.TagsJSON,
 		event.TriggerValue,
 		event.TriggerTime,
+		event.LastEvalTime,
 		message,
 	)
 }
--- a/alert/eval/alert_rule.go
+++ b/alert/eval/alert_rule.go
@@ -93,7 +93,7 @@ func (s *Scheduler) syncAlertRules() {
 		}

 		ruleType := rule.GetRuleType()
-		if rule.IsPrometheusRule() || rule.IsLokiRule() || rule.IsTdengineRule() || rule.IsClickHouseRule() || rule.IsElasticSearch() {
+		if rule.IsPrometheusRule() || rule.IsInnerRule() {
 			datasourceIds := s.datasourceCache.GetIDsByDsCateAndQueries(rule.Cate, rule.DatasourceQueries)
 			for _, dsId := range datasourceIds {
 				if !naming.DatasourceHashRing.IsHit(strconv.FormatInt(dsId, 10), fmt.Sprintf("%d", rule.Id), s.aconf.Heartbeat.Endpoint) {
@@ -101,17 +101,17 @@ func (s *Scheduler) syncAlertRules() {
 				}
 				ds := s.datasourceCache.GetById(dsId)
 				if ds == nil {
-					logger.Debugf("datasource %d not found", dsId)
+					logger.Debugf("alert_eval_%d datasource %d not found", rule.Id, dsId)
 					continue
 				}

 				if ds.PluginType != ruleType {
-					logger.Debugf("datasource %d category is %s not %s", dsId, ds.PluginType, ruleType)
+					logger.Debugf("alert_eval_%d datasource %d category is %s not %s", rule.Id, dsId, ds.PluginType, ruleType)
 					continue
 				}

 				if ds.Status != "enabled" {
-					logger.Debugf("datasource %d status is %s", dsId, ds.Status)
+					logger.Debugf("alert_eval_%d datasource %d status is %s", rule.Id, dsId, ds.Status)
 					continue
 				}
 				processor := process.NewProcessor(s.aconf.Heartbeat.EngineName, rule, dsId, s.alertRuleCache, s.targetCache, s.targetsOfAlertRuleCache, s.busiGroupCache, s.alertMuteCache, s.datasourceCache, s.ctx, s.stats)
@@ -134,12 +134,12 @@ func (s *Scheduler) syncAlertRules() {
 			for _, dsId := range dsIds {
 				ds := s.datasourceCache.GetById(dsId)
 				if ds == nil {
-					logger.Debugf("datasource %d not found", dsId)
+					logger.Debugf("alert_eval_%d datasource %d not found", rule.Id, dsId)
 					continue
 				}

 				if ds.Status != "enabled" {
-					logger.Debugf("datasource %d status is %s", dsId, ds.Status)
+					logger.Debugf("alert_eval_%d datasource %d status is %s", rule.Id, dsId, ds.Status)
 					continue
 				}
 				processor := process.NewProcessor(s.aconf.Heartbeat.EngineName, rule, dsId, s.alertRuleCache, s.targetCache, s.targetsOfAlertRuleCache, s.busiGroupCache, s.alertMuteCache, s.datasourceCache, s.ctx, s.stats)
--- a/alert/eval/eval.go
+++ b/alert/eval/eval.go
@@ -11,8 +11,10 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"text/template"
 	"time"

+	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/alert/process"
 	"github.com/ccfos/nightingale/v6/dscache"
@@ -20,8 +22,10 @@ import (
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/hash"
 	"github.com/ccfos/nightingale/v6/pkg/parser"
+	"github.com/ccfos/nightingale/v6/pkg/poster"
 	promsdk "github.com/ccfos/nightingale/v6/pkg/prom"
 	promql2 "github.com/ccfos/nightingale/v6/pkg/promql"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"
 	"github.com/ccfos/nightingale/v6/pkg/unit"
 	"github.com/ccfos/nightingale/v6/prom"
 	"github.com/prometheus/common/model"
@@ -35,7 +39,6 @@ type AlertRuleWorker struct {
 	DatasourceId int64
 	Quit         chan struct{}
 	Inhibit      bool
-	Severity     int

 	Rule *models.AlertRule

@@ -59,6 +62,7 @@ const (
 	CHECK_QUERY     = "check_query_config"
 	GET_CLIENT      = "get_client"
 	QUERY_DATA      = "query_data"
+	EXEC_TEMPLATE   = "exec_template"
 )

 const (
@@ -98,14 +102,14 @@ func NewAlertRuleWorker(rule *models.AlertRule, datasourceId int64, Processor *p
 		rule.CronPattern = fmt.Sprintf("@every %ds", interval)
 	}

-	arw.Scheduler = cron.New(cron.WithSeconds())
+	arw.Scheduler = cron.New(cron.WithSeconds(), cron.WithChain(cron.SkipIfStillRunning(cron.DefaultLogger)))

 	entryID, err := arw.Scheduler.AddFunc(rule.CronPattern, func() {
 		arw.Eval()
 	})

 	if err != nil {
-		logger.Errorf("alert rule %s add cron pattern error: %v", arw.Key(), err)
+		logger.Errorf("alert_eval_%d datasource_%d add cron pattern error: %v", arw.Rule.Id, arw.DatasourceId, err)
 	}

 	Processor.ScheduleEntry = arw.Scheduler.Entry(entryID)
@@ -143,14 +147,24 @@ func (arw *AlertRuleWorker) Start() {
 }

 func (arw *AlertRuleWorker) Eval() {
-	logger.Infof("eval:%s started", arw.Key())
+	begin := time.Now()
+	var message string
+
+	defer func() {
+		if len(message) == 0 {
+			logger.Infof("alert_eval_%d datasource_%d finished, duration:%v", arw.Rule.Id, arw.DatasourceId, time.Since(begin))
+		} else {
+			logger.Warningf("alert_eval_%d datasource_%d finished, duration:%v, message:%s", arw.Rule.Id, arw.DatasourceId, time.Since(begin), message)
+		}
+	}()
+
 	if arw.Processor.PromEvalInterval == 0 {
 		arw.Processor.PromEvalInterval = getPromEvalInterval(arw.Processor.ScheduleEntry.Schedule)
 	}

 	cachedRule := arw.Rule
 	if cachedRule == nil {
-		// logger.Errorf("rule_eval:%s Rule not found", arw.Key())
+		message = "rule not found"
 		return
 	}
 	arw.Processor.Stats.CounterRuleEval.WithLabelValues().Inc()
@@ -171,16 +185,16 @@ func (arw *AlertRuleWorker) Eval() {
 	case models.LOKI:
 		anomalyPoints, err = arw.GetPromAnomalyPoint(cachedRule.RuleConfig)
 	default:
-		anomalyPoints, recoverPoints = arw.GetAnomalyPoint(cachedRule, arw.Processor.DatasourceId())
+		anomalyPoints, recoverPoints, err = arw.GetAnomalyPoint(cachedRule, arw.Processor.DatasourceId())
 	}

 	if err != nil {
-		logger.Errorf("rule_eval:%s get anomaly point err:%s", arw.Key(), err.Error())
+		message = fmt.Sprintf("failed to get anomaly points: %v", err)
 		return
 	}

 	if arw.Processor == nil {
-		logger.Warningf("rule_eval:%s Processor is nil", arw.Key())
+		message = "processor is nil"
 		return
 	}

@@ -222,7 +236,7 @@ func (arw *AlertRuleWorker) Eval() {
 }

 func (arw *AlertRuleWorker) Stop() {
-	logger.Infof("rule_eval %s stopped", arw.Key())
+	logger.Infof("alert_eval_%d datasource_%d stopped", arw.Rule.Id, arw.DatasourceId)
 	close(arw.Quit)
 	c := arw.Scheduler.Stop()
 	<-c.Done()
@@ -231,11 +245,14 @@ func (arw *AlertRuleWorker) Stop() {

 func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) ([]models.AnomalyPoint, error) {
 	var lst []models.AnomalyPoint
-	var severity int
+	start := time.Now()
+	defer func() {
+		arw.Processor.Stats.GaugeRuleEvalDuration.WithLabelValues(fmt.Sprintf("%v", arw.Rule.Id), fmt.Sprintf("%v", arw.Processor.DatasourceId())).Set(float64(time.Since(start).Milliseconds()))
+	}()

 	var rule *models.PromRuleConfig
 	if err := json.Unmarshal([]byte(ruleConfig), &rule); err != nil {
-		logger.Errorf("rule_eval:%s rule_config:%s, error:%v", arw.Key(), ruleConfig, err)
+		logger.Errorf("alert_eval_%d datasource_%d rule_config:%s, error:%v", arw.Rule.Id, arw.DatasourceId, ruleConfig, err)
 		arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_RULE_CONFIG, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 		arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 			fmt.Sprintf("%v", arw.Rule.Id),
@@ -246,7 +263,7 @@ func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) ([]models.Ano
 	}

 	if rule == nil {
-		logger.Errorf("rule_eval:%s rule_config:%s, error:rule is nil", arw.Key(), ruleConfig)
+		logger.Errorf("alert_eval_%d datasource_%d rule_config:%s, error:rule is nil", arw.Rule.Id, arw.DatasourceId, ruleConfig)
 		arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_RULE_CONFIG, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 		arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 			fmt.Sprintf("%v", arw.Rule.Id),
@@ -258,14 +275,10 @@ func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) ([]models.Ano

 	arw.Inhibit = rule.Inhibit
 	for i, query := range rule.Queries {
-		if query.Severity < severity {
-			arw.Severity = query.Severity
-		}
-
 		readerClient := arw.PromClients.GetCli(arw.DatasourceId)

 		if readerClient == nil {
-			logger.Warningf("rule_eval:%s error reader client is nil", arw.Key())
+			logger.Warningf("alert_eval_%d datasource_%d error reader client is nil", arw.Rule.Id, arw.DatasourceId)
 			arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_CLIENT, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 			arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 				fmt.Sprintf("%v", arw.Rule.Id),
@@ -275,36 +288,48 @@ func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) ([]models.Ano
 			continue
 		}

-		if query.VarEnabled {
+		if query.VarEnabled && strings.Contains(query.PromQl, "$") {
 			var anomalyPoints []models.AnomalyPoint
 			if hasLabelLossAggregator(query) || notExactMatch(query) {
 				// 若有聚合函数或非精确匹配则需要先填充变量然后查询，这个方式效率较低
 				anomalyPoints = arw.VarFillingBeforeQuery(query, readerClient)
+				arw.Processor.Stats.CounterVarFillingQuery.WithLabelValues(
+					fmt.Sprintf("%v", arw.Rule.Id),
+					fmt.Sprintf("%v", arw.Processor.DatasourceId()),
+					fmt.Sprintf("%v", i),
+					"BeforeQuery",
+				).Inc()
 			} else {
 				// 先查询再过滤变量，效率较高，但无法处理有聚合函数的情况
 				anomalyPoints = arw.VarFillingAfterQuery(query, readerClient)
+				arw.Processor.Stats.CounterVarFillingQuery.WithLabelValues(
+					fmt.Sprintf("%v", arw.Rule.Id),
+					fmt.Sprintf("%v", arw.Processor.DatasourceId()),
+					fmt.Sprintf("%v", i),
+					"AfterQuery",
+				).Inc()
 			}
 			lst = append(lst, anomalyPoints...)
 		} else {
 			// 无变量
 			promql := strings.TrimSpace(query.PromQl)
 			if promql == "" {
-				logger.Warningf("rule_eval:%s promql is blank", arw.Key())
+				logger.Warningf("alert_eval_%d datasource_%d promql is blank", arw.Rule.Id, arw.DatasourceId)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), CHECK_QUERY, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				continue
 			}

 			if arw.PromClients.IsNil(arw.DatasourceId) {
-				logger.Warningf("rule_eval:%s error reader client is nil", arw.Key())
+				logger.Warningf("alert_eval_%d datasource_%d error reader client is nil", arw.Rule.Id, arw.DatasourceId)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_CLIENT, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				continue
 			}

 			var warnings promsdk.Warnings
-			arw.Processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId)).Inc()
+			arw.Processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId), fmt.Sprintf("%d", arw.Rule.Id)).Inc()
 			value, warnings, err := readerClient.Query(context.Background(), promql, time.Now())
 			if err != nil {
-				logger.Errorf("rule_eval:%s promql:%s, error:%v", arw.Key(), promql, err)
+				logger.Errorf("alert_eval_%d datasource_%d promql:%s, error:%v", arw.Rule.Id, arw.DatasourceId, promql, err)
 				arw.Processor.Stats.CounterQueryDataErrorTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId)).Inc()
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), QUERY_DATA, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
@@ -316,12 +341,12 @@ func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) ([]models.Ano
 			}

 			if len(warnings) > 0 {
-				logger.Errorf("rule_eval:%s promql:%s, warnings:%v", arw.Key(), promql, warnings)
+				logger.Errorf("alert_eval_%d datasource_%d promql:%s, warnings:%v", arw.Rule.Id, arw.DatasourceId, promql, warnings)
 				arw.Processor.Stats.CounterQueryDataErrorTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId)).Inc()
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), QUERY_DATA, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 			}

-			logger.Infof("rule_eval:%s query:%+v, value:%v", arw.Key(), query, value)
+			logger.Infof("alert_eval_%d datasource_%d query:%+v, value:%v", arw.Rule.Id, arw.DatasourceId, query, value)
 			points := models.ConvertAnomalyPoints(value)
 			arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 				fmt.Sprintf("%v", arw.Rule.Id),
@@ -412,16 +437,17 @@ func (arw *AlertRuleWorker) VarFillingAfterQuery(query models.PromQuery, readerC
 				realQuery = strings.Replace(realQuery, fmt.Sprintf("$%s", key), val, -1)
 			}
 			// 得到满足值变量的所有结果
+			arw.Processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId), fmt.Sprintf("%d", arw.Rule.Id)).Inc()
 			value, _, err := readerClient.Query(context.Background(), curQuery, time.Now())
 			if err != nil {
-				logger.Errorf("rule_eval:%s, promql:%s, error:%v", arw.Key(), curQuery, err)
+				logger.Errorf("alert_eval_%d datasource_%d promql:%s, error:%v", arw.Rule.Id, arw.DatasourceId, curQuery, err)
 				continue
 			}
 			seqVals := getSamples(value)
 			// 得到参数变量的所有组合
 			paramPermutation, err := arw.getParamPermutation(param, ParamKeys, varToLabel, query.PromQl, readerClient)
 			if err != nil {
-				logger.Errorf("rule_eval:%s, paramPermutation error:%v", arw.Key(), err)
+				logger.Errorf("alert_eval_%d datasource_%d paramPermutation error:%v", arw.Rule.Id, arw.DatasourceId, err)
 				continue
 			}
 			// 判断哪些参数值符合条件
@@ -554,14 +580,14 @@ func (arw *AlertRuleWorker) getParamPermutation(paramVal map[string]models.Param
 		case "host":
 			hostIdents, err := arw.getHostIdents(paramQuery)
 			if err != nil {
-				logger.Errorf("rule_eval:%s, fail to get host idents, error:%v", arw.Key(), err)
+				logger.Errorf("alert_eval_%d datasource_%d fail to get host idents, error:%v", arw.Rule.Id, arw.DatasourceId, err)
 				break
 			}
 			params = hostIdents
 		case "device":
 			deviceIdents, err := arw.getDeviceIdents(paramQuery)
 			if err != nil {
-				logger.Errorf("rule_eval:%s, fail to get device idents, error:%v", arw.Key(), err)
+				logger.Errorf("alert_eval_%d datasource_%d fail to get device idents, error:%v", arw.Rule.Id, arw.DatasourceId, err)
 				break
 			}
 			params = deviceIdents
@@ -570,12 +596,12 @@ func (arw *AlertRuleWorker) getParamPermutation(paramVal map[string]models.Param
 			var query []string
 			err := json.Unmarshal(q, &query)
 			if err != nil {
-				logger.Errorf("query:%s fail to unmarshalling into string slice, error:%v", paramQuery.Query, err)
+				logger.Errorf("alert_eval_%d datasource_%d query:%s fail to unmarshalling into string slice, error:%v", arw.Rule.Id, arw.DatasourceId, paramQuery.Query, err)
 			}
 			if len(query) == 0 {
-				paramsKeyAllLabel, err := getParamKeyAllLabel(varToLabel[paramKey], originPromql, readerClient)
+				paramsKeyAllLabel, err := getParamKeyAllLabel(varToLabel[paramKey], originPromql, readerClient, arw.DatasourceId, arw.Rule.Id, arw.Processor.Stats)
 				if err != nil {
-					logger.Errorf("rule_eval:%s, fail to getParamKeyAllLabel, error:%v query:%s", arw.Key(), err, paramQuery.Query)
+					logger.Errorf("alert_eval_%d datasource_%d fail to getParamKeyAllLabel, error:%v query:%s", arw.Rule.Id, arw.DatasourceId, err, paramQuery.Query)
 				}
 				params = paramsKeyAllLabel
 			} else {
@@ -589,7 +615,7 @@ func (arw *AlertRuleWorker) getParamPermutation(paramVal map[string]models.Param
 			return nil, fmt.Errorf("param key: %s, params is empty", paramKey)
 		}

-		logger.Infof("rule_eval:%s paramKey: %s, params: %v", arw.Key(), paramKey, params)
+		logger.Infof("alert_eval_%d datasource_%d paramKey: %s, params: %v", arw.Rule.Id, arw.DatasourceId, paramKey, params)
 		paramMap[paramKey] = params
 	}

@@ -604,7 +630,7 @@ func (arw *AlertRuleWorker) getParamPermutation(paramVal map[string]models.Param
 	return res, nil
 }

-func getParamKeyAllLabel(paramKey string, promql string, client promsdk.API) ([]string, error) {
+func getParamKeyAllLabel(paramKey string, promql string, client promsdk.API, dsId int64, rid int64, stats *astats.Stats) ([]string, error) {
 	labels, metricName, err := promql2.GetLabelsAndMetricNameWithReplace(promql, "$")
 	if err != nil {
 		return nil, fmt.Errorf("promql:%s, get labels error:%v", promql, err)
@@ -618,6 +644,7 @@ func getParamKeyAllLabel(paramKey string, promql string, client promsdk.API) ([]
 	}
 	pr := metricName + "{" + strings.Join(labelstrs, ",") + "}"

+	stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", dsId), fmt.Sprintf("%d", rid)).Inc()
 	value, _, err := client.Query(context.Background(), pr, time.Now())
 	if err != nil {
 		return nil, fmt.Errorf("promql: %s query error: %v", pr, err)
@@ -672,16 +699,27 @@ func (arw *AlertRuleWorker) getHostIdents(paramQuery models.ParamQuery) ([]strin
 		return nil, err
 	}

-	hostsQuery := models.GetHostsQuery(queries)
-	session := models.TargetFilterQueryBuild(arw.Ctx, hostsQuery, 0, 0)
-	var lst []*models.Target
-	err = session.Find(&lst).Error
-	if err != nil {
-		return nil, err
-	}
-	for i := range lst {
-		params = append(params, lst[i].Ident)
+	if !arw.Ctx.IsCenter {
+		lst, err := poster.PostByUrlsWithResp[[]*models.Target](arw.Ctx, "/v1/n9e/targets-of-host-query", queries)
+		if err != nil {
+			return nil, err
+		}
+		for i := range lst {
+			params = append(params, lst[i].Ident)
+		}
+	} else {
+		hostsQuery := models.GetHostsQuery(queries)
+		session := models.TargetFilterQueryBuild(arw.Ctx, hostsQuery, 0, 0)
+		var lst []*models.Target
+		err = session.Find(&lst).Error
+		if err != nil {
+			return nil, err
+		}
+		for i := range lst {
+			params = append(params, lst[i].Ident)
+		}
 	}
+
 	arw.HostAndDeviceIdentCache.Store(cacheKey, params)
 	return params, nil
 }
@@ -721,11 +759,14 @@ func combine(paramKeys []string, paraMap map[string][]string, index int, current

 func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.AnomalyPoint, error) {
 	var lst []models.AnomalyPoint
-	var severity int
+	start := time.Now()
+	defer func() {
+		arw.Processor.Stats.GaugeRuleEvalDuration.WithLabelValues(fmt.Sprintf("%v", arw.Rule.Id), fmt.Sprintf("%v", arw.Processor.DatasourceId())).Set(float64(time.Since(start).Milliseconds()))
+	}()

 	var rule *models.HostRuleConfig
 	if err := json.Unmarshal([]byte(ruleConfig), &rule); err != nil {
-		logger.Errorf("rule_eval:%s rule_config:%s, error:%v", arw.Key(), ruleConfig, err)
+		logger.Errorf("alert_eval_%d datasource_%d rule_config:%s, error:%v", arw.Rule.Id, arw.DatasourceId, ruleConfig, err)
 		arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_RULE_CONFIG, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 		arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 			fmt.Sprintf("%v", arw.Rule.Id),
@@ -736,7 +777,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 	}

 	if rule == nil {
-		logger.Errorf("rule_eval:%s rule_config:%s, error:rule is nil", arw.Key(), ruleConfig)
+		logger.Errorf("alert_eval_%d datasource_%d rule_config:%s, error:rule is nil", arw.Rule.Id, arw.DatasourceId, ruleConfig)
 		arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_RULE_CONFIG, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 		arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 			fmt.Sprintf("%v", arw.Rule.Id),
@@ -749,10 +790,6 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 	arw.Inhibit = rule.Inhibit
 	now := time.Now().Unix()
 	for _, trigger := range rule.Triggers {
-		if trigger.Severity < severity {
-			arw.Severity = trigger.Severity
-		}
-
 		switch trigger.Type {
 		case "target_miss":
 			t := now - int64(trigger.Duration)
@@ -763,7 +800,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 				// 如果是中心节点, 将不再上报数据的主机 engineName 为空的机器，也加入到 targets 中
 				missEngineIdents, exists = arw.Processor.TargetsOfAlertRuleCache.Get("", arw.Rule.Id)
 				if !exists {
-					logger.Debugf("rule_eval:%s targets not found engineName:%s", arw.Key(), arw.Processor.EngineName)
+					logger.Debugf("alert_eval_%d datasource_%d targets not found engineName:%s", arw.Rule.Id, arw.DatasourceId, arw.Processor.EngineName)
 					arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), QUERY_DATA, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				}
 			}
@@ -771,7 +808,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano

 			engineIdents, exists = arw.Processor.TargetsOfAlertRuleCache.Get(arw.Processor.EngineName, arw.Rule.Id)
 			if !exists {
-				logger.Warningf("rule_eval:%s targets not found engineName:%s", arw.Key(), arw.Processor.EngineName)
+				logger.Warningf("alert_eval_%d datasource_%d targets not found engineName:%s", arw.Rule.Id, arw.DatasourceId, arw.Processor.EngineName)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), QUERY_DATA, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 			}
 			idents = append(idents, engineIdents...)
@@ -798,7 +835,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 				"",
 			).Set(float64(len(missTargets)))

-			logger.Debugf("rule_eval:%s missTargets:%v", arw.Key(), missTargets)
+			logger.Debugf("alert_eval_%d datasource_%d missTargets:%v", arw.Rule.Id, arw.DatasourceId, missTargets)
 			targets := arw.Processor.TargetCache.Gets(missTargets)
 			for _, target := range targets {
 				m := make(map[string]string)
@@ -807,7 +844,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 				}
 				m["ident"] = target.Ident

-				lst = append(lst, models.NewAnomalyPoint(trigger.Type, m, now, float64(now-target.UpdateAt), trigger.Severity))
+				lst = append(lst, models.NewAnomalyPoint(trigger.Type, m, now, float64(now-target.BeatTime), trigger.Severity))
 			}
 		case "offset":
 			idents, exists := arw.Processor.TargetsOfAlertRuleCache.Get(arw.Processor.EngineName, arw.Rule.Id)
@@ -817,7 +854,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 					fmt.Sprintf("%v", arw.Processor.DatasourceId()),
 					"",
 				).Set(0)
-				logger.Warningf("rule_eval:%s targets not found", arw.Key())
+				logger.Warningf("alert_eval_%d datasource_%d targets not found", arw.Rule.Id, arw.DatasourceId)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), QUERY_DATA, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				continue
 			}
@@ -836,7 +873,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 					continue
 				}
 				if target, exists := targetMap[ident]; exists {
-					if now-target.UpdateAt > 120 {
+					if now-target.BeatTime > 120 {
 						// means this target is not a active host, do not check offset
 						continue
 					}
@@ -848,7 +885,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 				}
 			}

-			logger.Debugf("rule_eval:%s offsetIdents:%v", arw.Key(), offsetIdents)
+			logger.Debugf("alert_eval_%d datasource_%d offsetIdents:%v", arw.Rule.Id, arw.DatasourceId, offsetIdents)
 			arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 				fmt.Sprintf("%v", arw.Rule.Id),
 				fmt.Sprintf("%v", arw.Processor.DatasourceId()),
@@ -875,7 +912,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 					fmt.Sprintf("%v", arw.Processor.DatasourceId()),
 					"",
 				).Set(0)
-				logger.Warningf("rule_eval:%s targets not found", arw.Key())
+				logger.Warningf("alert_eval_%d datasource_%d targets not found", arw.Rule.Id, arw.DatasourceId)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), QUERY_DATA, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				continue
 			}
@@ -887,7 +924,7 @@ func (arw *AlertRuleWorker) GetHostAnomalyPoint(ruleConfig string) ([]models.Ano
 					missTargets = append(missTargets, ident)
 				}
 			}
-			logger.Debugf("rule_eval:%s missTargets:%v", arw.Key(), missTargets)
+			logger.Debugf("alert_eval_%d datasource_%d missTargets:%v", arw.Rule.Id, arw.DatasourceId, missTargets)
 			arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 				fmt.Sprintf("%v", arw.Rule.Id),
 				fmt.Sprintf("%v", arw.Processor.DatasourceId()),
@@ -1042,15 +1079,15 @@ func exclude(reHashTagIndex1 map[uint64][][]uint64, reHashTagIndex2 map[uint64][

 func MakeSeriesMap(series []models.DataResp, seriesTagIndex map[uint64][]uint64, seriesStore map[uint64]models.DataResp) {
 	for i := 0; i < len(series); i++ {
-		serieHash := hash.GetHash(series[i].Metric, series[i].Ref)
+		seriesHash := hash.GetHash(series[i].Metric, series[i].Ref)
 		tagHash := hash.GetTagHash(series[i].Metric)
-		seriesStore[serieHash] = series[i]
+		seriesStore[seriesHash] = series[i]

 		// 将曲线按照相同的 tag 分组
 		if _, exists := seriesTagIndex[tagHash]; !exists {
 			seriesTagIndex[tagHash] = make([]uint64, 0)
 		}
-		seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], serieHash)
+		seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], seriesHash)
 	}
 }

@@ -1083,7 +1120,7 @@ func ProcessJoins(ruleId int64, trigger models.Trigger, seriesTagIndexes map[str

 	// 有 join 条件，按条件依次合并
 	if len(seriesTagIndexes) < len(trigger.Joins)+1 {
-		logger.Errorf("rule_eval rid:%d queries' count: %d not match join condition's count: %d", ruleId, len(seriesTagIndexes), len(trigger.Joins))
+		logger.Errorf("alert_eval_%d queries' count: %d not match join condition's count: %d", ruleId, len(seriesTagIndexes), len(trigger.Joins))
 		return nil
 	}

@@ -1119,7 +1156,7 @@ func ProcessJoins(ruleId int64, trigger models.Trigger, seriesTagIndexes map[str
 			lastRehashed = exclude(curRehashed, lastRehashed)
 			last = flatten(lastRehashed)
 		default:
-			logger.Warningf("rule_eval rid:%d join type:%s not support", ruleId, trigger.Joins[i].JoinType)
+			logger.Warningf("alert_eval_%d join type:%s not support", ruleId, trigger.Joins[i].JoinType)
 		}
 	}
 	return last
@@ -1239,7 +1276,7 @@ func (arw *AlertRuleWorker) VarFillingBeforeQuery(query models.PromQuery, reader
 			// 得到参数变量的所有组合
 			paramPermutation, err := arw.getParamPermutation(param, ParamKeys, varToLabel, query.PromQl, readerClient)
 			if err != nil {
-				logger.Errorf("rule_eval:%s, paramPermutation error:%v", arw.Key(), err)
+				logger.Errorf("alert_eval_%d datasource_%d paramPermutation error:%v", arw.Rule.Id, arw.DatasourceId, err)
 				continue
 			}

@@ -1264,12 +1301,13 @@ func (arw *AlertRuleWorker) VarFillingBeforeQuery(query models.PromQuery, reader
 						<-semaphore
 						wg.Done()
 					}()
+					arw.Processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId), fmt.Sprintf("%d", arw.Rule.Id)).Inc()
 					value, _, err := readerClient.Query(context.Background(), promql, time.Now())
 					if err != nil {
-						logger.Errorf("rule_eval:%s, promql:%s, error:%v", arw.Key(), promql, err)
+						logger.Errorf("alert_eval_%d datasource_%d promql:%s, error:%v", arw.Rule.Id, arw.DatasourceId, promql, err)
 						return
 					}
-					logger.Infof("rule_eval:%s, promql:%s, value:%+v", arw.Key(), promql, value)
+					logger.Infof("alert_eval_%d datasource_%d promql:%s, value:%+v", arw.Rule.Id, arw.DatasourceId, promql, value)

 					points := models.ConvertAnomalyPoints(value)
 					if len(points) == 0 {
@@ -1397,13 +1435,18 @@ func fillVar(curRealQuery string, paramKey string, val string) string {
 	return curRealQuery
 }

-func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64) ([]models.AnomalyPoint, []models.AnomalyPoint) {
+func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64) ([]models.AnomalyPoint, []models.AnomalyPoint, error) {
 	// 获取查询和规则判断条件
+	start := time.Now()
+	defer func() {
+		arw.Processor.Stats.GaugeRuleEvalDuration.WithLabelValues(fmt.Sprintf("%v", arw.Rule.Id), fmt.Sprintf("%v", arw.Processor.DatasourceId())).Set(float64(time.Since(start).Milliseconds()))
+	}()
+
 	points := []models.AnomalyPoint{}
 	recoverPoints := []models.AnomalyPoint{}
 	ruleConfig := strings.TrimSpace(rule.RuleConfig)
 	if ruleConfig == "" {
-		logger.Warningf("rule_eval:%d promql is blank", rule.Id)
+		logger.Warningf("alert_eval_%d datasource_%d ruleConfig is blank", rule.Id, dsId)
 		arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_RULE_CONFIG, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 		arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 			fmt.Sprintf("%v", arw.Rule.Id),
@@ -1411,15 +1454,15 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 			"",
 		).Set(0)

-		return points, recoverPoints
+		return points, recoverPoints, fmt.Errorf("alert_eval_%d datasource_%d ruleConfig is blank", rule.Id, dsId)
 	}

 	var ruleQuery models.RuleQuery
 	err := json.Unmarshal([]byte(ruleConfig), &ruleQuery)
 	if err != nil {
-		logger.Warningf("rule_eval:%d promql parse error:%s", rule.Id, err.Error())
+		logger.Warningf("alert_eval_%d datasource_%d promql parse error:%s", rule.Id, dsId, err.Error())
 		arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_RULE_CONFIG, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
-		return points, recoverPoints
+		return points, recoverPoints, fmt.Errorf("alert_eval_%d datasource_%d promql parse error:%s", rule.Id, dsId, err.Error())
 	}

 	arw.Inhibit = ruleQuery.Inhibit
@@ -1431,7 +1474,7 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)

 			plug, exists := dscache.DsCache.Get(rule.Cate, dsId)
 			if !exists {
-				logger.Warningf("rule_eval rid:%d datasource:%d not exists", rule.Id, dsId)
+				logger.Warningf("alert_eval_%d datasource_%d not exists", rule.Id, dsId)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_CLIENT, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()

 				arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
@@ -1439,14 +1482,25 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 					fmt.Sprintf("%v", arw.Processor.DatasourceId()),
 					fmt.Sprintf("%v", i),
 				).Set(-2)
-				continue
+
+				return points, recoverPoints, fmt.Errorf("alert_eval_%d datasource_%d not exists", rule.Id, dsId)
+			}
+
+			if err = ExecuteQueryTemplate(rule.Cate, query, nil); err != nil {
+				logger.Warningf("alert_eval_%d datasource_%d execute query template error: %v", rule.Id, dsId, err)
+				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), EXEC_TEMPLATE, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
+				arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
+					fmt.Sprintf("%v", arw.Rule.Id),
+					fmt.Sprintf("%v", arw.Processor.DatasourceId()),
+					fmt.Sprintf("%v", i),
+				).Set(-3)
 			}

 			ctx := context.WithValue(context.Background(), "delay", int64(rule.Delay))
 			series, err := plug.QueryData(ctx, query)
-			arw.Processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId)).Inc()
+			arw.Processor.Stats.CounterQueryDataTotal.WithLabelValues(fmt.Sprintf("%d", arw.DatasourceId), fmt.Sprintf("%d", rule.Id)).Inc()
 			if err != nil {
-				logger.Warningf("rule_eval rid:%d query data error: %v", rule.Id, err)
+				logger.Warningf("alert_eval_%d datasource_%d query data error: %v", rule.Id, dsId, err)
 				arw.Processor.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", arw.Processor.DatasourceId()), GET_CLIENT, arw.Processor.BusiGroupCache.GetNameByBusiGroupId(arw.Rule.GroupId), fmt.Sprintf("%v", arw.Rule.Id)).Inc()
 				arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
 					fmt.Sprintf("%v", arw.Rule.Id),
@@ -1454,7 +1508,7 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 					fmt.Sprintf("%v", i),
 				).Set(-1)

-				continue
+				return points, recoverPoints, fmt.Errorf("alert_eval_%d datasource_%d query data error: %v", rule.Id, dsId, err)
 			}

 			arw.Processor.Stats.GaugeQuerySeriesCount.WithLabelValues(
@@ -1464,21 +1518,21 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 			).Set(float64(len(series)))

 			//  此条日志很重要，是告警判断的现场值
-			logger.Infof("rule_eval rid:%d req:%+v resp:%v", rule.Id, query, series)
+			logger.Infof("alert_eval_%d datasource_%d req:%+v resp:%v", rule.Id, dsId, query, series)
 			for i := 0; i < len(series); i++ {
-				serieHash := hash.GetHash(series[i].Metric, series[i].Ref)
+				seriesHash := hash.GetHash(series[i].Metric, series[i].Ref)
 				tagHash := hash.GetTagHash(series[i].Metric)
-				seriesStore[serieHash] = series[i]
+				seriesStore[seriesHash] = series[i]

 				// 将曲线按照相同的 tag 分组
 				if _, exists := seriesTagIndex[tagHash]; !exists {
 					seriesTagIndex[tagHash] = make([]uint64, 0)
 				}
-				seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], serieHash)
+				seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], seriesHash)
 			}
 			ref, err := GetQueryRef(query)
 			if err != nil {
-				logger.Warningf("rule_eval rid:%d query:%+v get ref error:%s", rule.Id, query, err.Error())
+				logger.Warningf("alert_eval_%d datasource_%d query:%+v get ref error:%s", rule.Id, dsId, query, err.Error())
 				continue
 			}
 			seriesTagIndexes[ref] = seriesTagIndex
@@ -1488,6 +1542,7 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 		for _, query := range ruleQuery.Queries {
 			ref, unit, err := GetQueryRefAndUnit(query)
 			if err != nil {
+				logger.Warningf("alert_eval_%d datasource_%d query:%+v get ref and unit error:%s", rule.Id, dsId, query, err.Error())
 				continue
 			}
 			unitMap[ref] = unit
@@ -1507,15 +1562,15 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 					var ts int64
 					var sample models.DataResp
 					var value float64
-					for _, serieHash := range seriesHash {
-						series, exists := seriesStore[serieHash]
+					for _, seriesHash := range seriesHash {
+						series, exists := seriesStore[seriesHash]
 						if !exists {
-							logger.Warningf("rule_eval rid:%d series:%+v not found", rule.Id, series)
+							logger.Warningf("alert_eval_%d datasource_%d series:%+v not found", rule.Id, dsId, series)
 							continue
 						}
 						t, v, exists := series.Last()
 						if !exists {
-							logger.Warningf("rule_eval rid:%d series:%+v value not found", rule.Id, series)
+							logger.Warningf("alert_eval_%d datasource_%d series:%+v value not found", rule.Id, dsId, series)
 							continue
 						}

@@ -1546,12 +1601,12 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 						ts = int64(t)
 						sample = series
 						value = v
-						logger.Infof("rule_eval rid:%d origin series labels:%+v", rule.Id, series.Metric)
+						logger.Infof("alert_eval_%d datasource_%d origin series labels:%+v", rule.Id, dsId, series.Metric)
 					}

 					isTriggered := parser.CalcWithRid(trigger.Exp, m, rule.Id)
 					//  此条日志很重要，是告警判断的现场值
-					logger.Infof("rule_eval rid:%d trigger:%+v exp:%s res:%v m:%v", rule.Id, trigger, trigger.Exp, isTriggered, m)
+					logger.Infof("alert_eval_%d datasource_%d trigger:%+v exp:%s res:%v m:%v", rule.Id, dsId, trigger, trigger.Exp, isTriggered, m)

 					var values string
 					for k, v := range m {
@@ -1559,14 +1614,23 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 							continue
 						}

-						switch v.(type) {
-						case float64:
-							values += fmt.Sprintf("%s:%.3f ", k, v)
-						case string:
-							values += fmt.Sprintf("%s:%s ", k, v)
+						if u, exists := valuesUnitMap[k]; exists { // 配置了单位，优先用配置了单位的值
+							values += fmt.Sprintf("%s:%s ", k, u.Text)
+						} else {
+							switch v.(type) {
+							case float64:
+								values += fmt.Sprintf("%s:%.3f ", k, v)
+							case string:
+								values += fmt.Sprintf("%s:%s ", k, v)
+							}
 						}
 					}

+					queries := ruleQuery.Queries
+					if sample.Query != "" {
+						queries = []interface{}{sample.Query}
+					}
+
 					point := models.AnomalyPoint{
 						Key:           sample.MetricName(),
 						Labels:        sample.Metric,
@@ -1575,7 +1639,7 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 						Values:        values,
 						Severity:      trigger.Severity,
 						Triggered:     isTriggered,
-						Query:         fmt.Sprintf("query:%+v trigger:%+v", ruleQuery.Queries, trigger),
+						Query:         fmt.Sprintf("query:%+v trigger:%+v", queries, trigger),
 						RecoverConfig: trigger.RecoverConfig,
 						ValuesUnit:    valuesUnitMap,
 					}
@@ -1615,7 +1679,7 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)

 						// 检查是否超过 resolve_after 时间
 						if now-int64(lastTs) > int64(ruleQuery.NodataTrigger.ResolveAfter) {
-							logger.Infof("rule_eval rid:%d series:%+v resolve after %d seconds now:%d lastTs:%d", rule.Id, lastSeries, ruleQuery.NodataTrigger.ResolveAfter, now, int64(lastTs))
+							logger.Infof("alert_eval_%d datasource_%d series:%+v resolve after %d seconds now:%d lastTs:%d", rule.Id, dsId, lastSeries, ruleQuery.NodataTrigger.ResolveAfter, now, int64(lastTs))
 							delete(arw.LastSeriesStore, hash)
 							continue
 						}
@@ -1636,7 +1700,7 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 							TriggerType: models.TriggerTypeNodata,
 						}
 						points = append(points, point)
-						logger.Infof("rule_eval rid:%d nodata point:%+v", rule.Id, point)
+						logger.Infof("alert_eval_%d datasource_%d nodata point:%+v", rule.Id, dsId, point)
 					}
 				}

@@ -1649,5 +1713,63 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 		}
 	}

-	return points, recoverPoints
+	return points, recoverPoints, nil
+}
+
+// ExecuteQueryTemplate 根据数据源类型对 Query 进行模板渲染处理
+// cate: 数据源类别，如 "mysql", "pgsql" 等
+// query: 查询对象，如果是数据库类型的数据源，会处理其中的 sql 字段
+// data: 模板数据对象，如果为 nil 则使用空结构体（不支持变量渲染），如果不为 nil 则使用传入的数据（支持变量渲染）
+func ExecuteQueryTemplate(cate string, query interface{}, data interface{}) error {
+	// 检查 query 是否是 map，且包含 sql 字段
+	queryMap, ok := query.(map[string]interface{})
+	if !ok {
+		return nil
+	}
+
+	sqlVal, exists := queryMap["sql"]
+	if !exists {
+		return nil
+	}
+
+	sqlStr, ok := sqlVal.(string)
+	if !ok {
+		return nil
+	}
+
+	// 调用 ExecuteSqlTemplate 处理 sql 字段
+	processedSQL, err := ExecuteSqlTemplate(sqlStr, data)
+	if err != nil {
+		return fmt.Errorf("execute sql template error: %w", err)
+	}
+
+	// 更新 query 中的 sql 字段
+	queryMap["sql"] = processedSQL
+	return nil
+}
+
+// ExecuteSqlTemplate 执行 query 中的 golang 模板语法函数
+// query: 要处理的 query 字符串
+// data: 模板数据对象，如果为 nil 则使用空结构体（不支持变量渲染），如果不为 nil 则使用传入的数据（支持变量渲染）
+func ExecuteSqlTemplate(query string, data interface{}) (string, error) {
+	if !strings.Contains(query, "{{") || !strings.Contains(query, "}}") {
+		return query, nil
+	}
+
+	tmpl, err := template.New("query").Funcs(tplx.TemplateFuncMap).Parse(query)
+	if err != nil {
+		return "", fmt.Errorf("query tmpl parse error: %w", err)
+	}
+
+	var buf strings.Builder
+	templateData := data
+	if templateData == nil {
+		templateData = struct{}{}
+	}
+
+	if err := tmpl.Execute(&buf, templateData); err != nil {
+		return "", fmt.Errorf("query tmpl execute error: %w", err)
+	}
+
+	return buf.String(), nil
 }
--- a/alert/mute/mute.go
+++ b/alert/mute/mute.go
@@ -1,6 +1,7 @@
 package mute

 import (
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -9,6 +10,7 @@ import (
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"

+	"github.com/pkg/errors"
 	"github.com/toolkits/pkg/logger"
 )

@@ -39,11 +41,37 @@ func IsMuted(rule *models.AlertRule, event *models.AlertCurEvent, targetCache *m

 // TimeSpanMuteStrategy 根据规则配置的告警生效时间段过滤,如果产生的告警不在规则配置的告警生效时间段内,则不告警,即被mute
 // 时间范围，左闭右开，默认范围：00:00-24:00
+// 如果规则配置了时区，则在该时区下进行时间判断；如果时区为空，则使用系统时区
 func TimeSpanMuteStrategy(rule *models.AlertRule, event *models.AlertCurEvent) bool {
-	tm := time.Unix(event.TriggerTime, 0)
+	// 确定使用的时区
+	var targetLoc *time.Location
+	var err error
+
+	timezone := rule.TimeZone
+	if timezone == "" {
+		// 如果时区为空，使用系统时区（保持原有逻辑）
+		targetLoc = time.Local
+	} else {
+		// 加载规则配置的时区
+		targetLoc, err = time.LoadLocation(timezone)
+		if err != nil {
+			// 如果时区加载失败，记录错误并使用系统时区
+			logger.Warningf("Failed to load timezone %s for rule %d, using system timezone: %v", timezone, rule.Id, err)
+			targetLoc = time.Local
+		}
+	}
+
+	// 将触发时间转换到目标时区
+	tm := time.Unix(event.TriggerTime, 0).In(targetLoc)
 	triggerTime := tm.Format("15:04")
 	triggerWeek := strconv.Itoa(int(tm.Weekday()))

+	if rule.EnableDaysOfWeek == "" {
+		// 如果规则没有配置生效时间，则默认全天生效
+
+		return false
+	}
+
 	enableStime := strings.Fields(rule.EnableStime)
 	enableEtime := strings.Fields(rule.EnableEtime)
 	enableDaysOfWeek := strings.Split(rule.EnableDaysOfWeek, ";")
@@ -94,7 +122,7 @@ func IdentNotExistsMuteStrategy(rule *models.AlertRule, event *models.AlertCurEv
 	// 如果是target_up的告警,且ident已经不存在了,直接过滤掉
 	// 这里的判断有点太粗暴了,但是目前没有更好的办法
 	if !exists && strings.Contains(rule.PromQl, "target_up") {
-		logger.Debugf("[%s] mute: rule_eval:%d cluster:%s ident:%s", "IdentNotExistsMuteStrategy", rule.Id, event.Cluster, ident)
+		logger.Debugf("alert_eval_%d [IdentNotExistsMuteStrategy] mute: cluster:%s ident:%s", rule.Id, event.Cluster, ident)
 		return true
 	}
 	return false
@@ -116,7 +144,7 @@ func BgNotMatchMuteStrategy(rule *models.AlertRule, event *models.AlertCurEvent,
 	// 对于包含ident的告警事件，check一下ident所属bg和rule所属bg是否相同
 	// 如果告警规则选择了只在本BG生效，那其他BG的机器就不能因此规则产生告警
 	if exists && !target.MatchGroupId(rule.GroupId) {
-		logger.Debugf("[%s] mute: rule_eval:%d cluster:%s", "BgNotMatchMuteStrategy", rule.Id, event.Cluster)
+		logger.Debugf("alert_eval_%d [BgNotMatchMuteStrategy] mute: cluster:%s", rule.Id, event.Cluster)
 		return true
 	}
 	return false
@@ -129,7 +157,8 @@ func EventMuteStrategy(event *models.AlertCurEvent, alertMuteCache *memsto.Alert
 	}

 	for i := 0; i < len(mutes); i++ {
-		if matchMute(event, mutes[i]) {
+		matched, _ := MatchMute(event, mutes[i])
+		if matched {
 			return true, mutes[i].Id
 		}
 	}
@@ -137,61 +166,35 @@ func EventMuteStrategy(event *models.AlertCurEvent, alertMuteCache *memsto.Alert
 	return false, 0
 }

-// matchMute 如果传入了clock这个可选参数，就表示使用这个clock表示的时间，否则就从event的字段中取TriggerTime
-func matchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int64) bool {
+// MatchMute 如果传入了clock这个可选参数，就表示使用这个clock表示的时间，否则就从event的字段中取TriggerTime
+func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int64) (bool, error) {
 	if mute.Disabled == 1 {
-		return false
-	}
-	ts := event.TriggerTime
-	if len(clock) > 0 {
-		ts = clock[0]
+		return false, errors.New("mute is disabled")
 	}

 	// 如果不是全局的，判断 匹配的 datasource id
 	if len(mute.DatasourceIdsJson) != 0 && mute.DatasourceIdsJson[0] != 0 && event.DatasourceId != 0 {
-		idm := make(map[int64]struct{}, len(mute.DatasourceIdsJson))
-		for i := 0; i < len(mute.DatasourceIdsJson); i++ {
-			idm[mute.DatasourceIdsJson[i]] = struct{}{}
-		}
-
-		// 判断 event.datasourceId 是否包含在 idm 中
-		if _, has := idm[event.DatasourceId]; !has {
-			return false
+		if !slices.Contains(mute.DatasourceIdsJson, event.DatasourceId) {
+			return false, errors.New("datasource id not match")
 		}
 	}

-	var matchTime bool
 	if mute.MuteTimeType == models.TimeRange {
-		if ts < mute.Btime || ts > mute.Etime {
-			return false
+		if !mute.IsWithinTimeRange(event.TriggerTime) {
+			return false, errors.New("event trigger time not within mute time range")
 		}
-		matchTime = true
 	} else if mute.MuteTimeType == models.Periodic {
-		tm := time.Unix(event.TriggerTime, 0)
-		triggerTime := tm.Format("15:04")
-		triggerWeek := strconv.Itoa(int(tm.Weekday()))
-
-		for i := 0; i < len(mute.PeriodicMutesJson); i++ {
-			if strings.Contains(mute.PeriodicMutesJson[i].EnableDaysOfWeek, triggerWeek) {
-				if mute.PeriodicMutesJson[i].EnableStime == mute.PeriodicMutesJson[i].EnableEtime || (mute.PeriodicMutesJson[i].EnableStime == "00:00" && mute.PeriodicMutesJson[i].EnableEtime == "23:59") {
-					matchTime = true
-					break
-				} else if mute.PeriodicMutesJson[i].EnableStime < mute.PeriodicMutesJson[i].EnableEtime {
-					if triggerTime >= mute.PeriodicMutesJson[i].EnableStime && triggerTime < mute.PeriodicMutesJson[i].EnableEtime {
-						matchTime = true
-						break
-					}
-				} else {
-					if triggerTime >= mute.PeriodicMutesJson[i].EnableStime || triggerTime < mute.PeriodicMutesJson[i].EnableEtime {
-						matchTime = true
-						break
-					}
-				}
-			}
+		ts := event.TriggerTime
+		if len(clock) > 0 {
+			ts = clock[0]
 		}
-	}
-	if !matchTime {
-		return false
+
+		if !mute.IsWithinPeriodicMute(ts) {
+			return false, errors.New("event trigger time not within periodic mute range")
+		}
+	} else {
+		logger.Warningf("mute time type invalid, %d", mute.MuteTimeType)
+		return false, errors.New("mute time type invalid")
 	}

 	var matchSeverity bool
@@ -207,12 +210,14 @@ func matchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int
 	}

 	if !matchSeverity {
-		return false
+		return false, errors.New("event severity not match mute severity")
 	}

-	if mute.ITags == nil || len(mute.ITags) == 0 {
-		return true
+	if len(mute.ITags) == 0 {
+		return true, nil
 	}
-
-	return common.MatchTags(event.TagsMap, mute.ITags)
+	if !common.MatchTags(event.TagsMap, mute.ITags) {
+		return false, errors.New("event tags not match mute tags")
+	}
+	return true, nil
 }
--- a/alert/naming/heartbeat.go
+++ b/alert/naming/heartbeat.go
@@ -115,7 +115,7 @@ func (n *Naming) heartbeat() error {
 		newDatasource[datasourceIds[i]] = struct{}{}
 		servers, err := n.ActiveServers(datasourceIds[i])
 		if err != nil {
-			logger.Warningf("hearbeat %d get active server err:%v", datasourceIds[i], err)
+			logger.Warningf("heartbeat %d get active server err:%v", datasourceIds[i], err)
 			n.astats.CounterHeartbeatErrorTotal.WithLabelValues().Inc()
 			continue
 		}
@@ -148,7 +148,7 @@ func (n *Naming) heartbeat() error {

 	servers, err := n.ActiveServersByEngineName()
 	if err != nil {
-		logger.Warningf("hearbeat %d get active server err:%v", HostDatasource, err)
+		logger.Warningf("heartbeat %d get active server err:%v", HostDatasource, err)
 		n.astats.CounterHeartbeatErrorTotal.WithLabelValues().Inc()
 		return nil
 	}
--- a/alert/pipeline/engine/engine.go
+++ b/alert/pipeline/engine/engine.go
@@ -0,0 +1,380 @@
+package engine
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/google/uuid"
+	"github.com/toolkits/pkg/logger"
+)
+
+type WorkflowEngine struct {
+	ctx *ctx.Context
+}
+
+func NewWorkflowEngine(c *ctx.Context) *WorkflowEngine {
+	return &WorkflowEngine{ctx: c}
+}
+
+func (e *WorkflowEngine) Execute(pipeline *models.EventPipeline, event *models.AlertCurEvent, triggerCtx *models.WorkflowTriggerContext) (*models.AlertCurEvent, *models.WorkflowResult, error) {
+	startTime := time.Now()
+
+	wfCtx := e.initWorkflowContext(pipeline, event, triggerCtx)
+
+	nodes := pipeline.GetWorkflowNodes()
+	connections := pipeline.GetWorkflowConnections()
+
+	if len(nodes) == 0 {
+		return event, &models.WorkflowResult{
+			Event:   event,
+			Status:  models.ExecutionStatusSuccess,
+			Message: "no nodes to execute",
+		}, nil
+	}
+
+	nodeMap := make(map[string]*models.WorkflowNode)
+	for i := range nodes {
+		if nodes[i].RetryInterval == 0 {
+			nodes[i].RetryInterval = 1
+		}
+
+		if nodes[i].MaxRetries == 0 {
+			nodes[i].MaxRetries = 1
+		}
+
+		nodeMap[nodes[i].ID] = &nodes[i]
+	}
+
+	result := e.executeDAG(nodeMap, connections, wfCtx)
+	result.Event = wfCtx.Event
+
+	duration := time.Since(startTime).Milliseconds()
+
+	if triggerCtx != nil && triggerCtx.Mode != "" {
+		e.saveExecutionRecord(pipeline, wfCtx, result, triggerCtx, startTime.Unix(), duration)
+	}
+
+	return wfCtx.Event, result, nil
+}
+
+func (e *WorkflowEngine) initWorkflowContext(pipeline *models.EventPipeline, event *models.AlertCurEvent, triggerCtx *models.WorkflowTriggerContext) *models.WorkflowContext {
+	// 合并输入参数
+	inputs := pipeline.GetInputsMap()
+	if triggerCtx != nil && triggerCtx.InputsOverrides != nil {
+		for k, v := range triggerCtx.InputsOverrides {
+			inputs[k] = v
+		}
+	}
+
+	metadata := map[string]string{
+		"start_time":  fmt.Sprintf("%d", time.Now().Unix()),
+		"pipeline_id": fmt.Sprintf("%d", pipeline.ID),
+	}
+
+	// 是否启用流式输出
+	stream := false
+	if triggerCtx != nil {
+		metadata["request_id"] = triggerCtx.RequestID
+		metadata["trigger_mode"] = triggerCtx.Mode
+		metadata["trigger_by"] = triggerCtx.TriggerBy
+		stream = triggerCtx.Stream
+	}
+
+	return &models.WorkflowContext{
+		Event:    event,
+		Inputs:   inputs,
+		Vars:     make(map[string]interface{}), // 初始化空的 Vars，供节点间传递数据
+		Metadata: metadata,
+		Stream:   stream,
+	}
+}
+
+// executeDAG 使用 Kahn 算法执行 DAG
+func (e *WorkflowEngine) executeDAG(nodeMap map[string]*models.WorkflowNode, connections models.Connections, wfCtx *models.WorkflowContext) *models.WorkflowResult {
+	result := &models.WorkflowResult{
+		Status:      models.ExecutionStatusSuccess,
+		NodeResults: make([]*models.NodeExecutionResult, 0),
+		Stream:      wfCtx.Stream, // 从上下文继承流式输出设置
+	}
+
+	// 计算每个节点的入度
+	inDegree := make(map[string]int)
+	for nodeID := range nodeMap {
+		inDegree[nodeID] = 0
+	}
+
+	// 遍历连接，计算入度
+	for _, nodeConns := range connections {
+		for _, targets := range nodeConns.Main {
+			for _, target := range targets {
+				inDegree[target.Node]++
+			}
+		}
+	}
+
+	// 找到所有入度为 0 的节点（起始节点）
+	queue := make([]string, 0)
+	for nodeID, degree := range inDegree {
+		if degree == 0 {
+			queue = append(queue, nodeID)
+		}
+	}
+
+	// 如果没有起始节点，说明存在循环依赖
+	if len(queue) == 0 && len(nodeMap) > 0 {
+		result.Status = models.ExecutionStatusFailed
+		result.Message = "workflow has circular dependency"
+		return result
+	}
+
+	// 记录已执行的节点
+	executed := make(map[string]bool)
+	// 记录节点的分支选择结果
+	branchResults := make(map[string]*int)
+
+	for len(queue) > 0 {
+		// 取出队首节点
+		nodeID := queue[0]
+		queue = queue[1:]
+
+		// 检查是否已执行
+		if executed[nodeID] {
+			continue
+		}
+
+		node, exists := nodeMap[nodeID]
+		if !exists {
+			continue
+		}
+
+		// 执行节点
+		nodeResult, nodeOutput := e.executeNode(node, wfCtx)
+		result.NodeResults = append(result.NodeResults, nodeResult)
+
+		if nodeOutput != nil && nodeOutput.Stream && nodeOutput.StreamChan != nil {
+			// 流式输出节点通常是最后一个节点
+			// 直接传递 StreamChan 给 WorkflowResult，不阻塞等待
+			result.Stream = true
+			result.StreamChan = nodeOutput.StreamChan
+			result.Event = wfCtx.Event
+			result.Status = "streaming"
+			result.Message = fmt.Sprintf("streaming output from node: %s", node.Name)
+
+			// 更新节点状态为 streaming
+			nodeResult.Status = "streaming"
+			nodeResult.Message = "streaming in progress"
+
+			// 立即返回，让 API 层处理流式响应
+			return result
+		}
+		executed[nodeID] = true
+
+		// 保存分支结果
+		if nodeResult.BranchIndex != nil {
+			branchResults[nodeID] = nodeResult.BranchIndex
+		}
+
+		// 检查执行状态
+		if nodeResult.Status == "failed" {
+			if !node.ContinueOnFail {
+				result.Status = models.ExecutionStatusFailed
+				result.ErrorNode = nodeID
+				result.Message = fmt.Sprintf("node %s failed: %s", node.Name, nodeResult.Error)
+			}
+		}
+
+		// 检查是否终止
+		if nodeResult.Status == "terminated" {
+			result.Message = fmt.Sprintf("workflow terminated at node %s", node.Name)
+			return result
+		}
+
+		// 更新后继节点的入度
+		if nodeConns, ok := connections[nodeID]; ok {
+			for outputIndex, targets := range nodeConns.Main {
+				// 检查是否应该走这个分支
+				if !e.shouldFollowBranch(nodeID, outputIndex, branchResults) {
+					continue
+				}
+
+				for _, target := range targets {
+					inDegree[target.Node]--
+					if inDegree[target.Node] == 0 {
+						queue = append(queue, target.Node)
+					}
+				}
+			}
+		}
+	}
+
+	return result
+}
+
+// executeNode 执行单个节点
+// 返回：节点执行结果、节点输出（用于流式输出检测）
+func (e *WorkflowEngine) executeNode(node *models.WorkflowNode, wfCtx *models.WorkflowContext) (*models.NodeExecutionResult, *models.NodeOutput) {
+	startTime := time.Now()
+	nodeResult := &models.NodeExecutionResult{
+		NodeID:    node.ID,
+		NodeName:  node.Name,
+		NodeType:  node.Type,
+		StartedAt: startTime.Unix(),
+	}
+
+	var nodeOutput *models.NodeOutput
+
+	// 跳过禁用的节点
+	if node.Disabled {
+		nodeResult.Status = "skipped"
+		nodeResult.Message = "node is disabled"
+		nodeResult.FinishedAt = time.Now().Unix()
+		nodeResult.DurationMs = time.Since(startTime).Milliseconds()
+		return nodeResult, nil
+	}
+
+	// 获取处理器
+	processor, err := models.GetProcessorByType(node.Type, node.Config)
+	if err != nil {
+		nodeResult.Status = "failed"
+		nodeResult.Error = fmt.Sprintf("failed to get processor: %v", err)
+		nodeResult.FinishedAt = time.Now().Unix()
+		nodeResult.DurationMs = time.Since(startTime).Milliseconds()
+		return nodeResult, nil
+	}
+
+	// 执行处理器（带重试）
+	var retries int
+	maxRetries := node.MaxRetries
+	if !node.RetryOnFail {
+		maxRetries = 0
+	}
+
+	for retries <= maxRetries {
+		// 检查是否为分支处理器
+		if branchProcessor, ok := processor.(models.BranchProcessor); ok {
+			output, err := branchProcessor.ProcessWithBranch(e.ctx, wfCtx)
+			if err != nil {
+				if retries < maxRetries {
+					retries++
+					time.Sleep(time.Duration(node.RetryInterval) * time.Second)
+					continue
+				}
+				nodeResult.Status = "failed"
+				nodeResult.Error = err.Error()
+			} else {
+				nodeResult.Status = "success"
+				if output != nil {
+					nodeOutput = output
+					if output.WfCtx != nil {
+						wfCtx = output.WfCtx
+					}
+					nodeResult.Message = output.Message
+					nodeResult.BranchIndex = output.BranchIndex
+					if output.Terminate {
+						nodeResult.Status = "terminated"
+					}
+				}
+			}
+			break
+		}
+
+		// 普通处理器
+		newWfCtx, msg, err := processor.Process(e.ctx, wfCtx)
+		if err != nil {
+			if retries < maxRetries {
+				retries++
+				time.Sleep(time.Duration(node.RetryInterval) * time.Second)
+				continue
+			}
+			nodeResult.Status = "failed"
+			nodeResult.Error = err.Error()
+		} else {
+			nodeResult.Status = "success"
+			nodeResult.Message = msg
+			if newWfCtx != nil {
+				wfCtx = newWfCtx
+
+				// 检测流式输出标记
+				if newWfCtx.Stream && newWfCtx.StreamChan != nil {
+					nodeOutput = &models.NodeOutput{
+						WfCtx:      newWfCtx,
+						Message:    msg,
+						Stream:     true,
+						StreamChan: newWfCtx.StreamChan,
+					}
+				}
+			}
+
+			// 如果事件被 drop（返回 nil 或 Event 为 nil），标记为终止
+			if newWfCtx == nil || newWfCtx.Event == nil {
+				nodeResult.Status = "terminated"
+				nodeResult.Message = msg
+			}
+		}
+		break
+	}
+
+	nodeResult.FinishedAt = time.Now().Unix()
+	nodeResult.DurationMs = time.Since(startTime).Milliseconds()
+
+	logger.Infof("workflow: executed node %s (type=%s) status=%s msg=%s duration=%dms",
+		node.Name, node.Type, nodeResult.Status, nodeResult.Message, nodeResult.DurationMs)
+
+	return nodeResult, nodeOutput
+}
+
+// shouldFollowBranch 判断是否应该走某个分支
+func (e *WorkflowEngine) shouldFollowBranch(nodeID string, outputIndex int, branchResults map[string]*int) bool {
+	branchIndex, hasBranch := branchResults[nodeID]
+	if !hasBranch {
+		// 没有分支结果，说明不是分支节点，只走第一个输出
+		return outputIndex == 0
+	}
+
+	if branchIndex == nil {
+		// branchIndex 为 nil，走默认分支（通常是最后一个）
+		return true
+	}
+
+	// 只走选中的分支
+	return outputIndex == *branchIndex
+}
+
+func (e *WorkflowEngine) saveExecutionRecord(pipeline *models.EventPipeline, wfCtx *models.WorkflowContext, result *models.WorkflowResult, triggerCtx *models.WorkflowTriggerContext, startTime int64, duration int64) {
+	executionID := triggerCtx.RequestID
+	if executionID == "" {
+		executionID = uuid.New().String()
+	}
+
+	execution := &models.EventPipelineExecution{
+		ID:           executionID,
+		PipelineID:   pipeline.ID,
+		PipelineName: pipeline.Name,
+		Mode:         triggerCtx.Mode,
+		Status:       result.Status,
+		ErrorMessage: result.Message,
+		ErrorNode:    result.ErrorNode,
+		CreatedAt:    startTime,
+		FinishedAt:   time.Now().Unix(),
+		DurationMs:   duration,
+		TriggerBy:    triggerCtx.TriggerBy,
+	}
+
+	if wfCtx.Event != nil {
+		execution.EventID = wfCtx.Event.Id
+	}
+
+	if err := execution.SetNodeResults(result.NodeResults); err != nil {
+		logger.Errorf("workflow: failed to set node results: pipeline_id=%d, error=%v", pipeline.ID, err)
+	}
+
+	if err := execution.SetInputsSnapshot(wfCtx.Inputs); err != nil {
+		logger.Errorf("workflow: failed to set inputs snapshot: pipeline_id=%d, error=%v", pipeline.ID, err)
+	}
+
+	if err := models.CreateEventPipelineExecution(e.ctx, execution); err != nil {
+		logger.Errorf("workflow: failed to save execution record: pipeline_id=%d, error=%v", pipeline.ID, err)
+	}
+}
--- a/alert/pipeline/pipeline.go
+++ b/alert/pipeline/pipeline.go
@@ -0,0 +1,13 @@
+package pipeline
+
+import (
+	_ "github.com/ccfos/nightingale/v6/alert/pipeline/processor/aisummary"
+	_ "github.com/ccfos/nightingale/v6/alert/pipeline/processor/callback"
+	_ "github.com/ccfos/nightingale/v6/alert/pipeline/processor/eventdrop"
+	_ "github.com/ccfos/nightingale/v6/alert/pipeline/processor/eventupdate"
+	_ "github.com/ccfos/nightingale/v6/alert/pipeline/processor/logic"
+	_ "github.com/ccfos/nightingale/v6/alert/pipeline/processor/relabel"
+)
+
+func Init() {
+}
--- a/alert/pipeline/processor/aisummary/ai_summary.go
+++ b/alert/pipeline/processor/aisummary/ai_summary.go
@@ -0,0 +1,246 @@
+package aisummary
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"text/template"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/callback"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"
+)
+
+const (
+	HTTP_STATUS_SUCCESS_MAX = 299
+)
+
+// AISummaryConfig 配置结构体
+type AISummaryConfig struct {
+	callback.HTTPConfig
+	ModelName      string                 `json:"model_name"`
+	APIKey         string                 `json:"api_key"`
+	PromptTemplate string                 `json:"prompt_template"`
+	CustomParams   map[string]interface{} `json:"custom_params"`
+}
+
+type Message struct {
+	Role    string `json:"role"`
+	Content string `json:"content"`
+}
+
+type ChatCompletionResponse struct {
+	Choices []struct {
+		Message struct {
+			Content string `json:"content"`
+		} `json:"message"`
+	} `json:"choices"`
+}
+
+func init() {
+	models.RegisterProcessor("ai_summary", &AISummaryConfig{})
+}
+
+func (c *AISummaryConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*AISummaryConfig](settings)
+	return result, err
+}
+
+func (c *AISummaryConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	event := wfCtx.Event
+	if c.Client == nil {
+		if err := c.initHTTPClient(); err != nil {
+			return wfCtx, "", fmt.Errorf("failed to initialize HTTP client: %v processor: %v", err, c)
+		}
+	}
+
+	// 准备告警事件信息
+	eventInfo, err := c.prepareEventInfo(wfCtx)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to prepare event info: %v processor: %v", err, c)
+	}
+
+	// 调用AI模型生成总结
+	summary, err := c.generateAISummary(eventInfo)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to generate AI summary: %v processor: %v", err, c)
+	}
+
+	// 将总结添加到annotations字段
+	if event.AnnotationsJSON == nil {
+		event.AnnotationsJSON = make(map[string]string)
+	}
+	event.AnnotationsJSON["ai_summary"] = summary
+
+	// 更新Annotations字段
+	b, err := json.Marshal(event.AnnotationsJSON)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to marshal annotations: %v processor: %v", err, c)
+	}
+	event.Annotations = string(b)
+
+	return wfCtx, "", nil
+}
+
+func (c *AISummaryConfig) initHTTPClient() error {
+	transport := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipSSLVerify},
+	}
+
+	if c.Proxy != "" {
+		proxyURL, err := url.Parse(c.Proxy)
+		if err != nil {
+			return fmt.Errorf("failed to parse proxy url: %v", err)
+		}
+		transport.Proxy = http.ProxyURL(proxyURL)
+	}
+
+	c.Client = &http.Client{
+		Timeout:   time.Duration(c.Timeout) * time.Millisecond,
+		Transport: transport,
+	}
+	return nil
+}
+
+func (c *AISummaryConfig) prepareEventInfo(wfCtx *models.WorkflowContext) (string, error) {
+	var defs = []string{
+		"{{$event := .Event}}",
+		"{{$inputs := .Inputs}}",
+	}
+
+	text := strings.Join(append(defs, c.PromptTemplate), "")
+	t, err := template.New("prompt").Funcs(template.FuncMap(tplx.TemplateFuncMap)).Parse(text)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse prompt template: %v", err)
+	}
+
+	var body bytes.Buffer
+	err = t.Execute(&body, wfCtx)
+	if err != nil {
+		return "", fmt.Errorf("failed to execute prompt template: %v", err)
+	}
+
+	return body.String(), nil
+}
+
+func (c *AISummaryConfig) generateAISummary(eventInfo string) (string, error) {
+	// 构建基础请求参数
+	reqParams := map[string]interface{}{
+		"model": c.ModelName,
+		"messages": []Message{
+			{
+				Role:    "user",
+				Content: eventInfo,
+			},
+		},
+	}
+
+	// 合并自定义参数
+	for k, v := range c.CustomParams {
+		converted, err := convertCustomParam(v)
+		if err != nil {
+			return "", fmt.Errorf("failed to convert custom param %s: %v", k, err)
+		}
+		reqParams[k] = converted
+	}
+
+	// 序列化请求体
+	jsonData, err := json.Marshal(reqParams)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal request body: %v", err)
+	}
+
+	// 创建HTTP请求
+	req, err := http.NewRequest("POST", c.URL, bytes.NewBuffer(jsonData))
+	if err != nil {
+		return "", fmt.Errorf("failed to create request: %v", err)
+	}
+
+	// 设置请求头
+	req.Header.Set("Authorization", "Bearer "+c.APIKey)
+	req.Header.Set("Content-Type", "application/json")
+	for k, v := range c.Headers {
+		req.Header.Set(k, v)
+	}
+
+	// 发送请求
+	resp, err := c.Client.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("failed to send request: %v", err)
+	}
+	defer resp.Body.Close()
+
+	// 检查响应状态码
+	if resp.StatusCode > HTTP_STATUS_SUCCESS_MAX {
+		body, _ := io.ReadAll(resp.Body)
+		return "", fmt.Errorf("unexpected status code: %d, body: %s", resp.StatusCode, string(body))
+	}
+
+	// 读取响应
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", fmt.Errorf("failed to read response body: %v", err)
+	}
+
+	// 解析响应
+	var chatResp ChatCompletionResponse
+	if err := json.Unmarshal(body, &chatResp); err != nil {
+		return "", fmt.Errorf("failed to unmarshal response: %v", err)
+	}
+
+	if len(chatResp.Choices) == 0 {
+		return "", fmt.Errorf("no response from AI model")
+	}
+
+	return chatResp.Choices[0].Message.Content, nil
+}
+
+// convertCustomParam 将前端传入的参数转换为正确的类型
+func convertCustomParam(value interface{}) (interface{}, error) {
+	if value == nil {
+		return nil, nil
+	}
+
+	// 如果是字符串，尝试转换为其他类型
+	if str, ok := value.(string); ok {
+		// 尝试转换为数字
+		if f, err := strconv.ParseFloat(str, 64); err == nil {
+			// 检查是否为整数
+			if f == float64(int64(f)) {
+				return int64(f), nil
+			}
+			return f, nil
+		}
+
+		// 尝试转换为布尔值
+		if b, err := strconv.ParseBool(str); err == nil {
+			return b, nil
+		}
+
+		// 尝试解析为JSON数组
+		if strings.HasPrefix(strings.TrimSpace(str), "[") {
+			var arr []interface{}
+			if err := json.Unmarshal([]byte(str), &arr); err == nil {
+				return arr, nil
+			}
+		}
+
+		// 尝试解析为JSON对象
+		if strings.HasPrefix(strings.TrimSpace(str), "{") {
+			var obj map[string]interface{}
+			if err := json.Unmarshal([]byte(str), &obj); err == nil {
+				return obj, nil
+			}
+		}
+	}
+	return value, nil
+}
--- a/alert/pipeline/processor/aisummary/ai_summary_test.go
+++ b/alert/pipeline/processor/aisummary/ai_summary_test.go
@@ -0,0 +1,145 @@
+package aisummary
+
+import (
+	"testing"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/callback"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAISummaryConfig_Process(t *testing.T) {
+	// 创建测试配置
+	config := &AISummaryConfig{
+		HTTPConfig: callback.HTTPConfig{
+			URL:           "https://generativelanguage.googleapis.com/v1beta/openai/chat/completions",
+			Timeout:       30000,
+			SkipSSLVerify: true,
+			Headers: map[string]string{
+				"Content-Type": "application/json",
+			},
+		},
+		ModelName:      "gemini-2.0-flash",
+		APIKey:         "*",
+		PromptTemplate: "告警规则：{{$event.RuleName}}\n严重程度：{{$event.Severity}}",
+		CustomParams: map[string]interface{}{
+			"temperature": 0.7,
+			"max_tokens":  2000,
+			"top_p":       0.9,
+		},
+	}
+
+	// 创建测试事件
+	event := &models.AlertCurEvent{
+		RuleName: "Test Rule",
+		Severity: 1,
+		TagsMap: map[string]string{
+			"host": "test-host",
+		},
+		AnnotationsJSON: map[string]string{
+			"description": "Test alert",
+		},
+	}
+
+	// 创建 WorkflowContext
+	wfCtx := &models.WorkflowContext{
+		Event:  event,
+		Inputs: map[string]string{},
+	}
+
+	// 测试模板处理
+	eventInfo, err := config.prepareEventInfo(wfCtx)
+	assert.NoError(t, err)
+	assert.Contains(t, eventInfo, "Test Rule")
+	assert.Contains(t, eventInfo, "1")
+
+	// 测试配置初始化
+	processor, err := config.Init(config)
+	assert.NoError(t, err)
+	assert.NotNil(t, processor)
+
+	// 测试处理函数
+	result, _, err := processor.Process(&ctx.Context{}, wfCtx)
+	assert.NoError(t, err)
+	assert.NotNil(t, result)
+	assert.NotEmpty(t, result.Event.AnnotationsJSON["ai_summary"])
+
+	// 展示处理结果
+	t.Log("\n=== 处理结果 ===")
+	t.Logf("告警规则: %s", result.Event.RuleName)
+	t.Logf("严重程度: %d", result.Event.Severity)
+	t.Logf("标签: %v", result.Event.TagsMap)
+	t.Logf("原始注释: %v", result.Event.AnnotationsJSON["description"])
+	t.Logf("AI总结: %s", result.Event.AnnotationsJSON["ai_summary"])
+}
+
+func TestConvertCustomParam(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    interface{}
+		expected interface{}
+		hasError bool
+	}{
+		{
+			name:     "nil value",
+			input:    nil,
+			expected: nil,
+			hasError: false,
+		},
+		{
+			name:     "string number to int64",
+			input:    "123",
+			expected: int64(123),
+			hasError: false,
+		},
+		{
+			name:     "string float to float64",
+			input:    "123.45",
+			expected: 123.45,
+			hasError: false,
+		},
+		{
+			name:     "string boolean to bool",
+			input:    "true",
+			expected: true,
+			hasError: false,
+		},
+		{
+			name:     "string false to bool",
+			input:    "false",
+			expected: false,
+			hasError: false,
+		},
+		{
+			name:     "JSON array string to slice",
+			input:    `["a", "b", "c"]`,
+			expected: []interface{}{"a", "b", "c"},
+			hasError: false,
+		},
+		{
+			name:     "JSON object string to map",
+			input:    `{"key": "value", "num": 123}`,
+			expected: map[string]interface{}{"key": "value", "num": float64(123)},
+			hasError: false,
+		},
+		{
+			name:     "plain string remains string",
+			input:    "hello world",
+			expected: "hello world",
+			hasError: false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			converted, err := convertCustomParam(test.input)
+			if test.hasError {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, test.expected, converted)
+		})
+	}
+}
--- a/alert/pipeline/processor/callback/callback.go
+++ b/alert/pipeline/processor/callback/callback.go
@@ -0,0 +1,110 @@
+package callback
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/utils"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/toolkits/pkg/logger"
+)
+
+type HTTPConfig struct {
+	URL           string            `json:"url"`
+	Method        string            `json:"method,omitempty"`
+	Body          string            `json:"body,omitempty"`
+	Headers       map[string]string `json:"header"`
+	AuthUsername  string            `json:"auth_username"`
+	AuthPassword  string            `json:"auth_password"`
+	Timeout       int               `json:"timeout"` // 单位:ms
+	SkipSSLVerify bool              `json:"skip_ssl_verify"`
+	Proxy         string            `json:"proxy"`
+	Client        *http.Client      `json:"-"`
+}
+
+// RelabelConfig
+type CallbackConfig struct {
+	HTTPConfig
+}
+
+func init() {
+	models.RegisterProcessor("callback", &CallbackConfig{})
+}
+
+func (c *CallbackConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*CallbackConfig](settings)
+	return result, err
+}
+
+func (c *CallbackConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	event := wfCtx.Event
+	if c.Client == nil {
+		transport := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipSSLVerify},
+		}
+
+		if c.Proxy != "" {
+			proxyURL, err := url.Parse(c.Proxy)
+			if err != nil {
+				return wfCtx, "", fmt.Errorf("failed to parse proxy url: %v processor: %v", err, c)
+			} else {
+				transport.Proxy = http.ProxyURL(proxyURL)
+			}
+		}
+
+		c.Client = &http.Client{
+			Timeout:   time.Duration(c.Timeout) * time.Millisecond,
+			Transport: transport,
+		}
+	}
+
+	headers := make(map[string]string)
+	headers["Content-Type"] = "application/json"
+	for k, v := range c.Headers {
+		headers[k] = v
+	}
+
+	url, err := utils.TplRender(wfCtx, c.URL)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to render url template: %v processor: %v", err, c)
+	}
+
+	body, err := json.Marshal(event)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to marshal event: %v processor: %v", err, c)
+	}
+
+	req, err := http.NewRequest("POST", url, strings.NewReader(string(body)))
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to create request: %v processor: %v", err, c)
+	}
+
+	for k, v := range headers {
+		req.Header.Set(k, v)
+	}
+
+	if c.AuthUsername != "" && c.AuthPassword != "" {
+		req.SetBasicAuth(c.AuthUsername, c.AuthPassword)
+	}
+
+	resp, err := c.Client.Do(req)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to send request: %v processor: %v", err, c)
+	}
+
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to read response body: %v processor: %v", err, c)
+	}
+
+	logger.Debugf("callback processor response body: %s", string(b))
+	return wfCtx, "callback success", nil
+}
--- a/alert/pipeline/processor/common/common.go
+++ b/alert/pipeline/processor/common/common.go
@@ -0,0 +1,24 @@
+package common
+
+import (
+	"encoding/json"
+)
+
+// InitProcessor 是一个通用的初始化处理器的方法
+// 使用泛型简化处理器初始化逻辑
+// T 必须是 models.Processor 接口的实现
+func InitProcessor[T any](settings interface{}) (T, error) {
+	var zero T
+	b, err := json.Marshal(settings)
+	if err != nil {
+		return zero, err
+	}
+
+	var result T
+	err = json.Unmarshal(b, &result)
+	if err != nil {
+		return zero, err
+	}
+
+	return result, nil
+}
--- a/alert/pipeline/processor/eventdrop/event_drop.go
+++ b/alert/pipeline/processor/eventdrop/event_drop.go
@@ -0,0 +1,63 @@
+package eventdrop
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	texttemplate "text/template"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"
+	"github.com/toolkits/pkg/logger"
+)
+
+type EventDropConfig struct {
+	Content string `json:"content"`
+}
+
+func init() {
+	models.RegisterProcessor("event_drop", &EventDropConfig{})
+}
+
+func (c *EventDropConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*EventDropConfig](settings)
+	return result, err
+}
+
+func (c *EventDropConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	// 使用背景是可以根据此处理器，实现对事件进行更加灵活的过滤的逻辑
+	// 在标签过滤和属性过滤都不满足需求时可以使用
+	// 如果模板执行结果为 true，则删除该事件
+	event := wfCtx.Event
+
+	var defs = []string{
+		"{{ $event := .Event }}",
+		"{{ $labels := .Event.TagsMap }}",
+		"{{ $value := .Event.TriggerValue }}",
+		"{{ $inputs := .Inputs }}",
+	}
+
+	text := strings.Join(append(defs, c.Content), "")
+
+	tpl, err := texttemplate.New("eventdrop").Funcs(tplx.TemplateFuncMap).Parse(text)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("processor failed to parse template: %v processor: %v", err, c)
+	}
+
+	var body bytes.Buffer
+	if err = tpl.Execute(&body, wfCtx); err != nil {
+		return wfCtx, "", fmt.Errorf("processor failed to execute template: %v processor: %v", err, c)
+	}
+
+	result := strings.TrimSpace(body.String())
+	logger.Infof("processor eventdrop result: %v", result)
+	if result == "true" {
+		wfCtx.Event = nil
+		logger.Infof("processor eventdrop drop event: %s", event.Hash)
+		return wfCtx, "drop event success", nil
+	}
+
+	return wfCtx, "drop event failed", nil
+}
--- a/alert/pipeline/processor/eventupdate/event_update.go
+++ b/alert/pipeline/processor/eventupdate/event_update.go
@@ -0,0 +1,97 @@
+package eventupdate
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/callback"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/toolkits/pkg/logger"
+)
+
+// RelabelConfig
+type EventUpdateConfig struct {
+	callback.HTTPConfig
+}
+
+func init() {
+	models.RegisterProcessor("event_update", &EventUpdateConfig{})
+}
+
+func (c *EventUpdateConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*EventUpdateConfig](settings)
+	return result, err
+}
+
+func (c *EventUpdateConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	event := wfCtx.Event
+	if c.Client == nil {
+		transport := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipSSLVerify},
+		}
+
+		if c.Proxy != "" {
+			proxyURL, err := url.Parse(c.Proxy)
+			if err != nil {
+				return wfCtx, "", fmt.Errorf("failed to parse proxy url: %v processor: %v", err, c)
+			} else {
+				transport.Proxy = http.ProxyURL(proxyURL)
+			}
+		}
+
+		c.Client = &http.Client{
+			Timeout:   time.Duration(c.Timeout) * time.Millisecond,
+			Transport: transport,
+		}
+	}
+
+	headers := make(map[string]string)
+	headers["Content-Type"] = "application/json"
+	for k, v := range c.Headers {
+		headers[k] = v
+	}
+
+	body, err := json.Marshal(event)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to marshal event: %v processor: %v", err, c)
+	}
+
+	req, err := http.NewRequest("POST", c.URL, strings.NewReader(string(body)))
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to create request: %v processor: %v", err, c)
+	}
+
+	for k, v := range headers {
+		req.Header.Set(k, v)
+	}
+
+	if c.AuthUsername != "" && c.AuthPassword != "" {
+		req.SetBasicAuth(c.AuthUsername, c.AuthPassword)
+	}
+
+	resp, err := c.Client.Do(req)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to send request: %v processor: %v", err, c)
+	}
+
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to read response body: %v processor: %v", err, c)
+	}
+	logger.Debugf("event update processor response body: %s", string(b))
+
+	err = json.Unmarshal(b, &event)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("failed to unmarshal response body: %v processor: %v", err, c)
+	}
+
+	return wfCtx, "", nil
+}
--- a/alert/pipeline/processor/logic/if.go
+++ b/alert/pipeline/processor/logic/if.go
@@ -0,0 +1,197 @@
+package logic
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"text/template"
+
+	alertCommon "github.com/ccfos/nightingale/v6/alert/common"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"
+)
+
+// 判断模式常量
+const (
+	ConditionModeExpression = "expression" // 表达式模式（默认）
+	ConditionModeTags       = "tags"       // 标签/属性模式
+)
+
+// IfConfig If 条件处理器配置
+type IfConfig struct {
+	// 判断模式：expression（表达式）或 tags（标签/属性）
+	Mode string `json:"mode,omitempty"`
+
+	// 表达式模式配置
+	// 条件表达式（支持 Go 模板语法）
+	// 例如：{{ if eq .Severity 1 }}true{{ end }}
+	Condition string `json:"condition,omitempty"`
+
+	// 标签/属性模式配置
+	LabelKeys  []models.TagFilter `json:"label_keys,omitempty"` // 适用标签
+	Attributes []models.TagFilter `json:"attributes,omitempty"` // 适用属性
+
+	// 内部使用，解析后的过滤器
+	parsedLabelKeys  []models.TagFilter `json:"-"`
+	parsedAttributes []models.TagFilter `json:"-"`
+}
+
+func init() {
+	models.RegisterProcessor("logic.if", &IfConfig{})
+}
+
+func (c *IfConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*IfConfig](settings)
+	if err != nil {
+		return nil, err
+	}
+
+	// 解析标签过滤器
+	if len(result.LabelKeys) > 0 {
+		// Deep copy to avoid concurrent map writes on cached objects
+		labelKeysCopy := make([]models.TagFilter, len(result.LabelKeys))
+		copy(labelKeysCopy, result.LabelKeys)
+		for i := range labelKeysCopy {
+			if labelKeysCopy[i].Func == "" {
+				labelKeysCopy[i].Func = labelKeysCopy[i].Op
+			}
+		}
+		result.parsedLabelKeys, err = models.ParseTagFilter(labelKeysCopy)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse label_keys: %v", err)
+		}
+	}
+
+	// 解析属性过滤器
+	if len(result.Attributes) > 0 {
+		// Deep copy to avoid concurrent map writes on cached objects
+		attributesCopy := make([]models.TagFilter, len(result.Attributes))
+		copy(attributesCopy, result.Attributes)
+		for i := range attributesCopy {
+			if attributesCopy[i].Func == "" {
+				attributesCopy[i].Func = attributesCopy[i].Op
+			}
+		}
+		result.parsedAttributes, err = models.ParseTagFilter(attributesCopy)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse attributes: %v", err)
+		}
+	}
+
+	return result, nil
+}
+
+// Process 实现 Processor 接口（兼容旧模式）
+func (c *IfConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	result, err := c.evaluateCondition(wfCtx)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("if processor: failed to evaluate condition: %v", err)
+	}
+
+	if result {
+		return wfCtx, "condition matched (true branch)", nil
+	}
+	return wfCtx, "condition not matched (false branch)", nil
+}
+
+// ProcessWithBranch 实现 BranchProcessor 接口
+func (c *IfConfig) ProcessWithBranch(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.NodeOutput, error) {
+	result, err := c.evaluateCondition(wfCtx)
+	if err != nil {
+		return nil, fmt.Errorf("if processor: failed to evaluate condition: %v", err)
+	}
+
+	output := &models.NodeOutput{
+		WfCtx: wfCtx,
+	}
+
+	if result {
+		// 条件为 true，走输出 0（true 分支）
+		branchIndex := 0
+		output.BranchIndex = &branchIndex
+		output.Message = "condition matched (true branch)"
+	} else {
+		// 条件为 false，走输出 1（false 分支）
+		branchIndex := 1
+		output.BranchIndex = &branchIndex
+		output.Message = "condition not matched (false branch)"
+	}
+
+	return output, nil
+}
+
+// evaluateCondition 评估条件
+func (c *IfConfig) evaluateCondition(wfCtx *models.WorkflowContext) (bool, error) {
+	mode := c.Mode
+	if mode == "" {
+		mode = ConditionModeExpression // 默认表达式模式
+	}
+
+	switch mode {
+	case ConditionModeTags:
+		return c.evaluateTagsCondition(wfCtx.Event)
+	default:
+		return c.evaluateExpressionCondition(wfCtx)
+	}
+}
+
+// evaluateExpressionCondition 评估表达式条件
+func (c *IfConfig) evaluateExpressionCondition(wfCtx *models.WorkflowContext) (bool, error) {
+	if c.Condition == "" {
+		return true, nil
+	}
+
+	// 构建模板数据
+	var defs = []string{
+		"{{ $event := .Event }}",
+		"{{ $labels := .Event.TagsMap }}",
+		"{{ $value := .Event.TriggerValue }}",
+		"{{ $inputs := .Inputs }}",
+	}
+
+	text := strings.Join(append(defs, c.Condition), "")
+
+	tpl, err := template.New("if_condition").Funcs(tplx.TemplateFuncMap).Parse(text)
+	if err != nil {
+		return false, err
+	}
+
+	var buf bytes.Buffer
+	if err = tpl.Execute(&buf, wfCtx); err != nil {
+		return false, err
+	}
+
+	result := strings.TrimSpace(strings.ToLower(buf.String()))
+	return result == "true" || result == "1", nil
+}
+
+// evaluateTagsCondition 评估标签/属性条件
+func (c *IfConfig) evaluateTagsCondition(event *models.AlertCurEvent) (bool, error) {
+	// 如果没有配置任何过滤条件，默认返回 true
+	if len(c.parsedLabelKeys) == 0 && len(c.parsedAttributes) == 0 {
+		return true, nil
+	}
+
+	// 匹配标签 (TagsMap)
+	if len(c.parsedLabelKeys) > 0 {
+		tagsMap := event.TagsMap
+		if tagsMap == nil {
+			tagsMap = make(map[string]string)
+		}
+		if !alertCommon.MatchTags(tagsMap, c.parsedLabelKeys) {
+			return false, nil
+		}
+	}
+
+	// 匹配属性 (JsonTagsAndValue - 所有 JSON 字段)
+	if len(c.parsedAttributes) > 0 {
+		attributesMap := event.JsonTagsAndValue()
+		if !alertCommon.MatchTags(attributesMap, c.parsedAttributes) {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
--- a/alert/pipeline/processor/logic/switch.go
+++ b/alert/pipeline/processor/logic/switch.go
@@ -0,0 +1,224 @@
+package logic
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"text/template"
+
+	alertCommon "github.com/ccfos/nightingale/v6/alert/common"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"
+)
+
+// SwitchCase Switch 分支定义
+type SwitchCase struct {
+	// 判断模式：expression（表达式）或 tags（标签/属性）
+	Mode string `json:"mode,omitempty"`
+
+	// 表达式模式配置
+	// 条件表达式（支持 Go 模板语法）
+	Condition string `json:"condition,omitempty"`
+
+	// 标签/属性模式配置
+	LabelKeys  []models.TagFilter `json:"label_keys,omitempty"` // 适用标签
+	Attributes []models.TagFilter `json:"attributes,omitempty"` // 适用属性
+
+	// 分支名称（可选，用于日志）
+	Name string `json:"name,omitempty"`
+
+	// 内部使用，解析后的过滤器
+	parsedLabelKeys  []models.TagFilter `json:"-"`
+	parsedAttributes []models.TagFilter `json:"-"`
+}
+
+// SwitchConfig Switch 多分支处理器配置
+type SwitchConfig struct {
+	// 分支条件列表
+	// 按顺序匹配，第一个为 true 的分支将被选中
+	Cases []SwitchCase `json:"cases"`
+	// 是否允许多个分支同时匹配（默认 false，只走第一个匹配的）
+	AllowMultiple bool `json:"allow_multiple,omitempty"`
+}
+
+func init() {
+	models.RegisterProcessor("logic.switch", &SwitchConfig{})
+}
+
+func (c *SwitchConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*SwitchConfig](settings)
+	if err != nil {
+		return nil, err
+	}
+
+	// 解析每个 case 的标签和属性过滤器
+	for i := range result.Cases {
+		if len(result.Cases[i].LabelKeys) > 0 {
+			// Deep copy to avoid concurrent map writes on cached objects
+			labelKeysCopy := make([]models.TagFilter, len(result.Cases[i].LabelKeys))
+			copy(labelKeysCopy, result.Cases[i].LabelKeys)
+			for j := range labelKeysCopy {
+				if labelKeysCopy[j].Func == "" {
+					labelKeysCopy[j].Func = labelKeysCopy[j].Op
+				}
+			}
+			result.Cases[i].parsedLabelKeys, err = models.ParseTagFilter(labelKeysCopy)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse label_keys for case[%d]: %v", i, err)
+			}
+		}
+
+		if len(result.Cases[i].Attributes) > 0 {
+			// Deep copy to avoid concurrent map writes on cached objects
+			attributesCopy := make([]models.TagFilter, len(result.Cases[i].Attributes))
+			copy(attributesCopy, result.Cases[i].Attributes)
+			for j := range attributesCopy {
+				if attributesCopy[j].Func == "" {
+					attributesCopy[j].Func = attributesCopy[j].Op
+				}
+			}
+			result.Cases[i].parsedAttributes, err = models.ParseTagFilter(attributesCopy)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse attributes for case[%d]: %v", i, err)
+			}
+		}
+	}
+
+	return result, nil
+}
+
+// Process 实现 Processor 接口（兼容旧模式）
+func (c *SwitchConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	index, caseName, err := c.evaluateCases(wfCtx)
+	if err != nil {
+		return wfCtx, "", fmt.Errorf("switch processor: failed to evaluate cases: %v", err)
+	}
+
+	if index >= 0 {
+		if caseName != "" {
+			return wfCtx, fmt.Sprintf("matched case[%d]: %s", index, caseName), nil
+		}
+		return wfCtx, fmt.Sprintf("matched case[%d]", index), nil
+	}
+
+	// 走默认分支（最后一个输出）
+	return wfCtx, "no case matched, using default branch", nil
+}
+
+// ProcessWithBranch 实现 BranchProcessor 接口
+func (c *SwitchConfig) ProcessWithBranch(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.NodeOutput, error) {
+	index, caseName, err := c.evaluateCases(wfCtx)
+	if err != nil {
+		return nil, fmt.Errorf("switch processor: failed to evaluate cases: %v", err)
+	}
+
+	output := &models.NodeOutput{
+		WfCtx: wfCtx,
+	}
+
+	if index >= 0 {
+		output.BranchIndex = &index
+		if caseName != "" {
+			output.Message = fmt.Sprintf("matched case[%d]: %s", index, caseName)
+		} else {
+			output.Message = fmt.Sprintf("matched case[%d]", index)
+		}
+	} else {
+		// 默认分支的索引是 cases 数量（即最后一个输出端口）
+		defaultIndex := len(c.Cases)
+		output.BranchIndex = &defaultIndex
+		output.Message = "no case matched, using default branch"
+	}
+
+	return output, nil
+}
+
+// evaluateCases 评估所有分支条件
+// 返回匹配的分支索引和分支名称，如果没有匹配返回 -1
+func (c *SwitchConfig) evaluateCases(wfCtx *models.WorkflowContext) (int, string, error) {
+	for i := range c.Cases {
+		matched, err := c.evaluateCaseCondition(&c.Cases[i], wfCtx)
+		if err != nil {
+			return -1, "", fmt.Errorf("case[%d] evaluation error: %v", i, err)
+		}
+		if matched {
+			return i, c.Cases[i].Name, nil
+		}
+	}
+	return -1, "", nil
+}
+
+// evaluateCaseCondition 评估单个分支条件
+func (c *SwitchConfig) evaluateCaseCondition(caseItem *SwitchCase, wfCtx *models.WorkflowContext) (bool, error) {
+	mode := caseItem.Mode
+	if mode == "" {
+		mode = ConditionModeExpression // 默认表达式模式
+	}
+
+	switch mode {
+	case ConditionModeTags:
+		return c.evaluateTagsCondition(caseItem, wfCtx.Event)
+	default:
+		return c.evaluateExpressionCondition(caseItem.Condition, wfCtx)
+	}
+}
+
+// evaluateExpressionCondition 评估表达式条件
+func (c *SwitchConfig) evaluateExpressionCondition(condition string, wfCtx *models.WorkflowContext) (bool, error) {
+	if condition == "" {
+		return false, nil
+	}
+
+	var defs = []string{
+		"{{ $event := .Event }}",
+		"{{ $labels := .Event.TagsMap }}",
+		"{{ $value := .Event.TriggerValue }}",
+		"{{ $inputs := .Inputs }}",
+	}
+
+	text := strings.Join(append(defs, condition), "")
+
+	tpl, err := template.New("switch_condition").Funcs(tplx.TemplateFuncMap).Parse(text)
+	if err != nil {
+		return false, err
+	}
+
+	var buf bytes.Buffer
+	if err = tpl.Execute(&buf, wfCtx); err != nil {
+		return false, err
+	}
+
+	result := strings.TrimSpace(strings.ToLower(buf.String()))
+	return result == "true" || result == "1", nil
+}
+
+// evaluateTagsCondition 评估标签/属性条件
+func (c *SwitchConfig) evaluateTagsCondition(caseItem *SwitchCase, event *models.AlertCurEvent) (bool, error) {
+	// 如果没有配置任何过滤条件，默认返回 false（不匹配）
+	if len(caseItem.parsedLabelKeys) == 0 && len(caseItem.parsedAttributes) == 0 {
+		return false, nil
+	}
+
+	// 匹配标签 (TagsMap)
+	if len(caseItem.parsedLabelKeys) > 0 {
+		tagsMap := event.TagsMap
+		if tagsMap == nil {
+			tagsMap = make(map[string]string)
+		}
+		if !alertCommon.MatchTags(tagsMap, caseItem.parsedLabelKeys) {
+			return false, nil
+		}
+	}
+
+	// 匹配属性 (JsonTagsAndValue - 所有 JSON 字段)
+	if len(caseItem.parsedAttributes) > 0 {
+		attributesMap := event.JsonTagsAndValue()
+		if !alertCommon.MatchTags(attributesMap, caseItem.parsedAttributes) {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
--- a/alert/pipeline/processor/relabel/relabel.go
+++ b/alert/pipeline/processor/relabel/relabel.go
@@ -0,0 +1,107 @@
+package relabel
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/common"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pushgw/pconf"
+	"github.com/ccfos/nightingale/v6/pushgw/writer"
+
+	"github.com/prometheus/common/model"
+	"github.com/prometheus/prometheus/prompb"
+)
+
+const (
+	REPLACE_DOT = "___"
+)
+
+// RelabelConfig
+type RelabelConfig struct {
+	SourceLabels  []string `json:"source_labels"`
+	Separator     string   `json:"separator"`
+	Regex         string   `json:"regex"`
+	RegexCompiled *regexp.Regexp
+	If            string `json:"if"`
+	IfRegex       *regexp.Regexp
+	Modulus       uint64 `json:"modulus"`
+	TargetLabel   string `json:"target_label"`
+	Replacement   string `json:"replacement"`
+	Action        string `json:"action"`
+}
+
+func init() {
+	models.RegisterProcessor("relabel", &RelabelConfig{})
+}
+
+func (r *RelabelConfig) Init(settings interface{}) (models.Processor, error) {
+	result, err := common.InitProcessor[*RelabelConfig](settings)
+	return result, err
+}
+
+func (r *RelabelConfig) Process(ctx *ctx.Context, wfCtx *models.WorkflowContext) (*models.WorkflowContext, string, error) {
+	sourceLabels := make([]model.LabelName, len(r.SourceLabels))
+	for i := range r.SourceLabels {
+		sourceLabels[i] = model.LabelName(strings.ReplaceAll(r.SourceLabels[i], ".", REPLACE_DOT))
+	}
+
+	relabelConfigs := []*pconf.RelabelConfig{
+		{
+			SourceLabels:  sourceLabels,
+			Separator:     r.Separator,
+			Regex:         r.Regex,
+			RegexCompiled: r.RegexCompiled,
+			If:            r.If,
+			IfRegex:       r.IfRegex,
+			Modulus:       r.Modulus,
+			TargetLabel:   r.TargetLabel,
+			Replacement:   r.Replacement,
+			Action:        r.Action,
+		},
+	}
+
+	EventRelabel(wfCtx.Event, relabelConfigs)
+	return wfCtx, "", nil
+}
+
+func EventRelabel(event *models.AlertCurEvent, relabelConfigs []*pconf.RelabelConfig) {
+	labels := make([]prompb.Label, len(event.TagsJSON))
+	event.OriginalTagsJSON = make([]string, len(event.TagsJSON))
+	for i, tag := range event.TagsJSON {
+		label := strings.SplitN(tag, "=", 2)
+		if len(label) != 2 {
+			continue
+		}
+		event.OriginalTagsJSON[i] = tag
+
+		label[0] = strings.ReplaceAll(string(label[0]), ".", REPLACE_DOT)
+		labels[i] = prompb.Label{Name: label[0], Value: label[1]}
+	}
+
+	for i := 0; i < len(relabelConfigs); i++ {
+		if relabelConfigs[i].Replacement == "" {
+			relabelConfigs[i].Replacement = "$1"
+		}
+
+		if relabelConfigs[i].Separator == "" {
+			relabelConfigs[i].Separator = ";"
+		}
+
+		if relabelConfigs[i].Regex == "" {
+			relabelConfigs[i].Regex = "(.*)"
+		}
+	}
+
+	gotLabels := writer.Process(labels, relabelConfigs...)
+	event.TagsJSON = make([]string, len(gotLabels))
+	event.TagsMap = make(map[string]string, len(gotLabels))
+	for i, label := range gotLabels {
+		label.Name = strings.ReplaceAll(string(label.Name), REPLACE_DOT, ".")
+		event.TagsJSON[i] = fmt.Sprintf("%s=%s", label.Name, label.Value)
+		event.TagsMap[label.Name] = label.Value
+	}
+	event.Tags = strings.Join(event.TagsJSON, ",,")
+}
--- a/alert/pipeline/processor/utils/utils.go
+++ b/alert/pipeline/processor/utils/utils.go
@@ -0,0 +1,32 @@
+package utils
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"text/template"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/tplx"
+)
+
+func TplRender(wfCtx *models.WorkflowContext, content string) (string, error) {
+	var defs = []string{
+		"{{ $event := .Event }}",
+		"{{ $labels := .Event.TagsMap }}",
+		"{{ $value := .Event.TriggerValue }}",
+		"{{ $inputs := .Inputs }}",
+	}
+	text := strings.Join(append(defs, content), "")
+	tpl, err := template.New("tpl").Funcs(tplx.TemplateFuncMap).Parse(text)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse template: %v", err)
+	}
+
+	var body bytes.Buffer
+	if err = tpl.Execute(&body, wfCtx); err != nil {
+		return "", fmt.Errorf("failed to execute template: %v", err)
+	}
+
+	return strings.TrimSpace(body.String()), nil
+}
--- a/alert/process/process.go
+++ b/alert/process/process.go
@@ -14,21 +14,18 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/alert/dispatch"
 	"github.com/ccfos/nightingale/v6/alert/mute"
+	"github.com/ccfos/nightingale/v6/alert/pipeline/processor/relabel"
 	"github.com/ccfos/nightingale/v6/alert/queue"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/tplx"
-	"github.com/ccfos/nightingale/v6/pushgw/writer"

-	"github.com/prometheus/prometheus/prompb"
 	"github.com/robfig/cron/v3"
 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/str"
 )

-type EventMuteHookFunc func(event *models.AlertCurEvent) bool
-
 type ExternalProcessorsType struct {
 	ExternalLock sync.RWMutex
 	Processors   map[string]*Processor
@@ -61,11 +58,9 @@ type Processor struct {
 	pendingsUseByRecover *AlertCurEventMap
 	inhibit              bool

-	tagsMap    map[string]string
-	tagsArr    []string
-	target     string
-	targetNote string
-	groupName  string
+	tagsMap   map[string]string
+	tagsArr   []string
+	groupName string

 	alertRuleCache          *memsto.AlertRuleCacheType
 	TargetCache             *memsto.TargetCacheType
@@ -79,7 +74,6 @@ type Processor struct {

 	HandleFireEventHook    HandleEventFunc
 	HandleRecoverEventHook HandleEventFunc
-	EventMuteHook          EventMuteHookFunc

 	ScheduleEntry    cron.Entry
 	PromEvalInterval int
@@ -124,7 +118,6 @@ func NewProcessor(engineName string, rule *models.AlertRule, datasourceId int64,

 		HandleFireEventHook:    func(event *models.AlertCurEvent) {},
 		HandleRecoverEventHook: func(event *models.AlertCurEvent) {},
-		EventMuteHook:          func(event *models.AlertCurEvent) bool { return false },
 	}

 	p.mayHandleGroup()
@@ -138,7 +131,7 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh
 	p.inhibit = inhibit
 	cachedRule := p.alertRuleCache.Get(p.rule.Id)
 	if cachedRule == nil {
-		logger.Errorf("rule not found %+v", anomalyPoints)
+		logger.Warningf("alert_eval_%d datasource_%d handle error: rule not found, maybe rule has been deleted, anomalyPoints:%+v", p.rule.Id, p.datasourceId, anomalyPoints)
 		p.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", p.DatasourceId()), "handle_event", p.BusiGroupCache.GetNameByBusiGroupId(p.rule.GroupId), fmt.Sprintf("%v", p.rule.Id)).Inc()
 		return
 	}
@@ -154,13 +147,23 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh
 	eventsMap := make(map[string][]*models.AlertCurEvent)
 	for _, anomalyPoint := range anomalyPoints {
 		event := p.BuildEvent(anomalyPoint, from, now, ruleHash)
-		event.NotifyRuleIDs = cachedRule.NotifyRuleIds
+		event.NotifyRuleIds = cachedRule.NotifyRuleIds
 		// 如果 event 被 mute 了,本质也是 fire 的状态,这里无论如何都添加到 alertingKeys 中,防止 fire 的事件自动恢复了
 		hash := event.Hash
 		alertingKeys[hash] = struct{}{}
+
+		// event processor
+		eventCopy := event.DeepCopy()
+		event = dispatch.HandleEventPipeline(cachedRule.PipelineConfigs, eventCopy, event, dispatch.EventProcessorCache, p.ctx, cachedRule.Id, "alert_rule")
+		if event == nil {
+			logger.Infof("alert_eval_%d datasource_%d is muted drop by pipeline event:%s", p.rule.Id, p.datasourceId, eventCopy.Hash)
+			continue
+		}
+
+		// event mute
 		isMuted, detail, muteId := mute.IsMuted(cachedRule, event, p.TargetCache, p.alertMuteCache)
 		if isMuted {
-			logger.Debugf("rule_eval:%s event:%v is muted, detail:%s", p.Key(), event, detail)
+			logger.Infof("alert_eval_%d datasource_%d is muted, detail:%s event:%s", p.rule.Id, p.datasourceId, detail, event.Hash)
 			p.Stats.CounterMuteTotal.WithLabelValues(
 				fmt.Sprintf("%v", event.GroupName),
 				fmt.Sprintf("%v", p.rule.Id),
@@ -170,8 +173,8 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh
 			continue
 		}

-		if p.EventMuteHook(event) {
-			logger.Debugf("rule_eval:%s event:%v is muted by hook", p.Key(), event)
+		if dispatch.EventMuteHook(event) {
+			logger.Infof("alert_eval_%d datasource_%d is muted by hook event:%s", p.rule.Id, p.datasourceId, event.Hash)
 			p.Stats.CounterMuteTotal.WithLabelValues(
 				fmt.Sprintf("%v", event.GroupName),
 				fmt.Sprintf("%v", p.rule.Id),
@@ -196,7 +199,7 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh

 func (p *Processor) BuildEvent(anomalyPoint models.AnomalyPoint, from string, now int64, ruleHash string) *models.AlertCurEvent {
 	p.fillTags(anomalyPoint)
-	p.mayHandleIdent()
+
 	hash := Hash(p.rule.Id, p.datasourceId, anomalyPoint)
 	ds := p.datasourceCache.GetById(p.datasourceId)
 	var dsName string
@@ -216,8 +219,6 @@ func (p *Processor) BuildEvent(anomalyPoint models.AnomalyPoint, from string, no
 	event.DatasourceId = p.datasourceId
 	event.Cluster = dsName
 	event.Hash = hash
-	event.TargetIdent = p.target
-	event.TargetNote = p.targetNote
 	event.TriggerValue = anomalyPoint.ReadableValue()
 	event.TriggerValues = anomalyPoint.Values
 	event.TriggerValuesJson = models.EventTriggerValues{ValuesWithUnit: anomalyPoint.ValuesUnit}
@@ -246,16 +247,7 @@ func (p *Processor) BuildEvent(anomalyPoint models.AnomalyPoint, from string, no

 	if err := json.Unmarshal([]byte(p.rule.Annotations), &event.AnnotationsJSON); err != nil {
 		event.AnnotationsJSON = make(map[string]string) // 解析失败时使用空 map
-		logger.Warningf("unmarshal annotations json failed: %v, rule: %d", err, p.rule.Id)
-	}
-
-	if p.target != "" {
-		if pt, exist := p.TargetCache.Get(p.target); exist {
-			pt.GroupNames = p.BusiGroupCache.GetNamesByBusiGroupIds(pt.GroupIds)
-			event.Target = pt
-		} else {
-			logger.Infof("Target[ident: %s] doesn't exist in cache.", p.target)
-		}
+		logger.Warningf("alert_eval_%d datasource_%d unmarshal annotations json failed: %v", p.rule.Id, p.datasourceId, err)
 	}

 	if event.TriggerValues != "" && strings.Count(event.TriggerValues, "$") > 1 {
@@ -271,6 +263,19 @@ func (p *Processor) BuildEvent(anomalyPoint models.AnomalyPoint, from string, no

 	// 生成事件之后，立马进程 relabel 处理
 	Relabel(p.rule, event)
+
+	// 放到 Relabel(p.rule, event) 下面，为了处理 relabel 之后，标签里才出现 ident 的情况
+	p.mayHandleIdent(event)
+
+	if event.TargetIdent != "" {
+		if pt, exist := p.TargetCache.Get(event.TargetIdent); exist {
+			pt.GroupNames = p.BusiGroupCache.GetNamesByBusiGroupIds(pt.GroupIds)
+			event.Target = pt
+		} else {
+			logger.Infof("alert_eval_%d datasource_%d fill event target error, ident: %s doesn't exist in cache.", p.rule.Id, p.datasourceId, event.TargetIdent)
+		}
+	}
+
 	return event
 }

@@ -279,44 +284,15 @@ func Relabel(rule *models.AlertRule, event *models.AlertCurEvent) {
 		return
 	}

+	// need to keep the original label
+	event.OriginalTags = event.Tags
+	event.OriginalTagsJSON = event.TagsJSON
+
 	if len(rule.EventRelabelConfig) == 0 {
 		return
 	}

-	// need to keep the original label
-	event.OriginalTags = event.Tags
-	event.OriginalTagsJSON = make([]string, len(event.TagsJSON))
-
-	labels := make([]prompb.Label, len(event.TagsJSON))
-	for i, tag := range event.TagsJSON {
-		label := strings.SplitN(tag, "=", 2)
-		event.OriginalTagsJSON[i] = tag
-		labels[i] = prompb.Label{Name: label[0], Value: label[1]}
-	}
-
-	for i := 0; i < len(rule.EventRelabelConfig); i++ {
-		if rule.EventRelabelConfig[i].Replacement == "" {
-			rule.EventRelabelConfig[i].Replacement = "$1"
-		}
-
-		if rule.EventRelabelConfig[i].Separator == "" {
-			rule.EventRelabelConfig[i].Separator = ";"
-		}
-
-		if rule.EventRelabelConfig[i].Regex == "" {
-			rule.EventRelabelConfig[i].Regex = "(.*)"
-		}
-	}
-
-	// relabel process
-	relabels := writer.Process(labels, rule.EventRelabelConfig...)
-	event.TagsJSON = make([]string, len(relabels))
-	event.TagsMap = make(map[string]string, len(relabels))
-	for i, label := range relabels {
-		event.TagsJSON[i] = fmt.Sprintf("%s=%s", label.Name, label.Value)
-		event.TagsMap[label.Name] = label.Value
-	}
-	event.Tags = strings.Join(event.TagsJSON, ",,")
+	relabel.EventRelabel(event, rule.EventRelabelConfig)
 }

 func (p *Processor) HandleRecover(alertingKeys map[string]struct{}, now int64, inhibit bool) {
@@ -395,19 +371,19 @@ func (p *Processor) RecoverSingle(byRecover bool, hash string, now int64, value
 		lastPendingEvent, has := p.pendingsUseByRecover.Get(hash)
 		if !has {
 			// 说明没有产生过异常点，就不需要恢复了
-			logger.Debugf("rule_eval:%s event:%v do not has pending event, not recover", p.Key(), event)
+			logger.Debugf("alert_eval_%d datasource_%d event:%s do not has pending event, not recover", p.rule.Id, p.datasourceId, event.Hash)
 			return
 		}

 		if now-lastPendingEvent.LastEvalTime < cachedRule.RecoverDuration {
-			logger.Debugf("rule_eval:%s event:%v not recover", p.Key(), event)
+			logger.Debugf("alert_eval_%d datasource_%d event:%s not recover", p.rule.Id, p.datasourceId, event.Hash)
 			return
 		}
 	}

 	// 如果设置了恢复条件，则不能在此处恢复，必须依靠 recoverPoint 来恢复
 	if event.RecoverConfig.JudgeType != models.Origin && !byRecover {
-		logger.Debugf("rule_eval:%s event:%v not recover", p.Key(), event)
+		logger.Debugf("alert_eval_%d datasource_%d event:%s not recover", p.rule.Id, p.datasourceId, event.Hash)
 		return
 	}

@@ -436,8 +412,8 @@ func (p *Processor) RecoverSingle(byRecover bool, hash string, now int64, value

 func (p *Processor) handleEvent(events []*models.AlertCurEvent) {
 	var fireEvents []*models.AlertCurEvent
-	// severity 初始为 4, 一定为遇到比自己优先级高的事件
-	severity := 4
+	// severity 初始为最低优先级, 一定为遇到比自己优先级高的事件
+	severity := models.SeverityLowest
 	for _, event := range events {
 		if event == nil {
 			continue
@@ -458,17 +434,18 @@ func (p *Processor) handleEvent(events []*models.AlertCurEvent) {
 			continue
 		}

-		var preTriggerTime int64 // 第一个 pending event 的触发时间
+		var preEvalTime int64 // 第一个 pending event 的检测时间
 		preEvent, has := p.pendings.Get(event.Hash)
 		if has {
 			p.pendings.UpdateLastEvalTime(event.Hash, event.LastEvalTime)
-			preTriggerTime = preEvent.TriggerTime
+			preEvalTime = preEvent.FirstEvalTime
 		} else {
+			event.FirstEvalTime = event.LastEvalTime
 			p.pendings.Set(event.Hash, event)
-			preTriggerTime = event.TriggerTime
+			preEvalTime = event.FirstEvalTime
 		}

-		if event.LastEvalTime-preTriggerTime+int64(event.PromEvalInterval) >= int64(p.rule.PromForDuration) {
+		if event.LastEvalTime-preEvalTime+int64(event.PromEvalInterval) >= int64(p.rule.PromForDuration) {
 			fireEvents = append(fireEvents, event)
 			if severity > event.Severity {
 				severity = event.Severity
@@ -483,7 +460,7 @@ func (p *Processor) handleEvent(events []*models.AlertCurEvent) {
 func (p *Processor) inhibitEvent(events []*models.AlertCurEvent, highSeverity int) {
 	for _, event := range events {
 		if p.inhibit && event.Severity > highSeverity {
-			logger.Debugf("rule_eval:%s event:%+v inhibit highSeverity:%d", p.Key(), event, highSeverity)
+			logger.Debugf("alert_eval_%d datasource_%d event:%s inhibit highSeverity:%d", p.rule.Id, p.datasourceId, event.Hash, highSeverity)
 			continue
 		}
 		p.fireEvent(event)
@@ -497,16 +474,18 @@ func (p *Processor) fireEvent(event *models.AlertCurEvent) {
 		return
 	}

-	logger.Debugf("rule_eval:%s event:%+v fire", p.Key(), event)
+	message := "unknown"
+	defer func() {
+		logger.Infof("alert_eval_%d datasource_%d event-hash-%s %s", p.rule.Id, p.datasourceId, event.Hash, message)
+	}()
+
 	if fired, has := p.fires.Get(event.Hash); has {
 		p.fires.UpdateLastEvalTime(event.Hash, event.LastEvalTime)
 		event.FirstTriggerTime = fired.FirstTriggerTime
 		p.HandleFireEventHook(event)

 		if cachedRule.NotifyRepeatStep == 0 {
-			logger.Debugf("rule_eval:%s event:%+v repeat is zero nothing to do", p.Key(), event)
-			// 说明不想重复通知，那就直接返回了，nothing to do
-			// do not need to send alert again
+			message = "stalled, rule.notify_repeat_step is 0, no need to repeat notify"
 			return
 		}

@@ -515,21 +494,26 @@ func (p *Processor) fireEvent(event *models.AlertCurEvent) {
 			if cachedRule.NotifyMaxNumber == 0 {
 				// 最大可以发送次数如果是0，表示不想限制最大发送次数，一直发即可
 				event.NotifyCurNumber = fired.NotifyCurNumber + 1
+				message = fmt.Sprintf("fired, notify_repeat_step_matched(%d >= %d + %d * 60) notify_max_number_ignore(#%d / %d)", event.LastEvalTime, fired.LastSentTime, cachedRule.NotifyRepeatStep, event.NotifyCurNumber, cachedRule.NotifyMaxNumber)
 				p.pushEventToQueue(event)
 			} else {
 				// 有最大发送次数的限制，就要看已经发了几次了，是否达到了最大发送次数
 				if fired.NotifyCurNumber >= cachedRule.NotifyMaxNumber {
-					logger.Debugf("rule_eval:%s event:%+v reach max number", p.Key(), event)
+					message = fmt.Sprintf("stalled, notify_repeat_step_matched(%d >= %d + %d * 60) notify_max_number_not_matched(#%d / %d)", event.LastEvalTime, fired.LastSentTime, cachedRule.NotifyRepeatStep, fired.NotifyCurNumber, cachedRule.NotifyMaxNumber)
 					return
 				} else {
 					event.NotifyCurNumber = fired.NotifyCurNumber + 1
+					message = fmt.Sprintf("fired, notify_repeat_step_matched(%d >= %d + %d * 60) notify_max_number_matched(#%d / %d)", event.LastEvalTime, fired.LastSentTime, cachedRule.NotifyRepeatStep, event.NotifyCurNumber, cachedRule.NotifyMaxNumber)
 					p.pushEventToQueue(event)
 				}
 			}
+		} else {
+			message = fmt.Sprintf("stalled, notify_repeat_step_not_matched(%d < %d + %d * 60)", event.LastEvalTime, fired.LastSentTime, cachedRule.NotifyRepeatStep)
 		}
 	} else {
 		event.NotifyCurNumber = 1
 		event.FirstTriggerTime = event.TriggerTime
+		message = fmt.Sprintf("fired, first_trigger_time: %d", event.FirstTriggerTime)
 		p.HandleFireEventHook(event)
 		p.pushEventToQueue(event)
 	}
@@ -543,7 +527,7 @@ func (p *Processor) pushEventToQueue(e *models.AlertCurEvent) {

 	dispatch.LogEvent(e, "push_queue")
 	if !queue.EventQueue.PushFront(e) {
-		logger.Warningf("event_push_queue: queue is full, event:%+v", e)
+		logger.Warningf("alert_eval_%d datasource_%d event_push_queue: queue is full, event:%s", p.rule.Id, p.datasourceId, e.Hash)
 		p.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", p.DatasourceId()), "push_event_queue", p.BusiGroupCache.GetNameByBusiGroupId(p.rule.GroupId), fmt.Sprintf("%v", p.rule.Id)).Inc()
 	}
 }
@@ -554,7 +538,7 @@ func (p *Processor) RecoverAlertCurEventFromDb() {

 	curEvents, err := models.AlertCurEventGetByRuleIdAndDsId(p.ctx, p.rule.Id, p.datasourceId)
 	if err != nil {
-		logger.Errorf("recover event from db for rule:%s failed, err:%s", p.Key(), err)
+		logger.Errorf("alert_eval_%d datasource_%d recover event from db failed, err:%s", p.rule.Id, p.datasourceId, err)
 		p.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", p.DatasourceId()), "get_recover_event", p.BusiGroupCache.GetNameByBusiGroupId(p.rule.GroupId), fmt.Sprintf("%v", p.rule.Id)).Inc()
 		p.fires = NewAlertCurEventMap(nil)
 		return
@@ -567,7 +551,7 @@ func (p *Processor) RecoverAlertCurEventFromDb() {
 		if alertRule == nil {
 			continue
 		}
-		event.NotifyRuleIDs = alertRule.NotifyRuleIds
+		event.NotifyRuleIds = alertRule.NotifyRuleIds

 		if event.Cate == models.HOST {
 			target, exists := p.TargetCache.Get(event.TargetIdent)
@@ -607,7 +591,9 @@ func (p *Processor) fillTags(anomalyPoint models.AnomalyPoint) {
 	}

 	// handle rule tags
-	for _, tag := range p.rule.AppendTagsJSON {
+	tags := p.rule.AppendTagsJSON
+	tags = append(tags, "rulename="+p.rule.Name)
+	for _, tag := range tags {
 		arr := strings.SplitN(tag, "=", 2)

 		var defs = []string{
@@ -633,27 +619,25 @@ func (p *Processor) fillTags(anomalyPoint models.AnomalyPoint) {

 		tagsMap[arr[0]] = body.String()
 	}
-
-	tagsMap["rulename"] = p.rule.Name
 	p.tagsMap = tagsMap

 	// handle tagsArr
 	p.tagsArr = labelMapToArr(tagsMap)
 }

-func (p *Processor) mayHandleIdent() {
+func (p *Processor) mayHandleIdent(event *models.AlertCurEvent) {
 	// handle ident
-	if ident, has := p.tagsMap["ident"]; has {
+	if ident, has := event.TagsMap["ident"]; has {
 		if target, exists := p.TargetCache.Get(ident); exists {
-			p.target = target.Ident
-			p.targetNote = target.Note
+			event.TargetIdent = target.Ident
+			event.TargetNote = target.Note
 		} else {
-			p.target = ident
-			p.targetNote = ""
+			event.TargetIdent = ident
+			event.TargetNote = ""
 		}
 	} else {
-		p.target = ""
-		p.targetNote = ""
+		event.TargetIdent = ""
+		event.TargetNote = ""
 	}
 }

--- a/alert/record/prom_rule.go
+++ b/alert/record/prom_rule.go
@@ -39,7 +39,7 @@ func NewRecordRuleContext(rule *models.RecordingRule, datasourceId int64, promCl
 		rule.CronPattern = fmt.Sprintf("@every %ds", rule.PromEvalInterval)
 	}

-	rrc.scheduler = cron.New(cron.WithSeconds())
+	rrc.scheduler = cron.New(cron.WithSeconds(), cron.WithChain(cron.SkipIfStillRunning(cron.DefaultLogger)))
 	_, err := rrc.scheduler.AddFunc(rule.CronPattern, func() {
 		rrc.Eval()
 	})
@@ -56,12 +56,13 @@ func (rrc *RecordRuleContext) Key() string {
 }

 func (rrc *RecordRuleContext) Hash() string {
-	return str.MD5(fmt.Sprintf("%d_%s_%s_%d_%s",
+	return str.MD5(fmt.Sprintf("%d_%s_%s_%d_%s_%s",
 		rrc.rule.Id,
 		rrc.rule.CronPattern,
 		rrc.rule.PromQl,
 		rrc.datasourceId,
 		rrc.rule.AppendTags,
+		rrc.rule.Name,
 	))
 }

--- a/alert/router/router.go
+++ b/alert/router/router.go
@@ -22,10 +22,11 @@ type Router struct {
 	AlertStats         *astats.Stats
 	Ctx                *ctx.Context
 	ExternalProcessors *process.ExternalProcessorsType
+	LogDir             string
 }

 func New(httpConfig httpx.Config, alert aconf.Alert, amc *memsto.AlertMuteCacheType, tc *memsto.TargetCacheType, bgc *memsto.BusiGroupCacheType,
-	astats *astats.Stats, ctx *ctx.Context, externalProcessors *process.ExternalProcessorsType) *Router {
+	astats *astats.Stats, ctx *ctx.Context, externalProcessors *process.ExternalProcessorsType, logDir string) *Router {
 	return &Router{
 		HTTP:               httpConfig,
 		Alert:              alert,
@@ -35,6 +36,7 @@ func New(httpConfig httpx.Config, alert aconf.Alert, amc *memsto.AlertMuteCacheT
 		AlertStats:         astats,
 		Ctx:                ctx,
 		ExternalProcessors: externalProcessors,
+		LogDir:             logDir,
 	}
 }

@@ -50,6 +52,9 @@ func (rt *Router) Config(r *gin.Engine) {
 	service.POST("/event", rt.pushEventToQueue)
 	service.POST("/event-persist", rt.eventPersist)
 	service.POST("/make-event", rt.makeEvent)
+	service.GET("/event-detail/:hash", rt.eventDetail)
+	service.GET("/alert-eval-detail/:id", rt.alertEvalDetail)
+	service.GET("/trace-logs/:traceid", rt.traceLogs)
 }

 func Render(c *gin.Context, data, msg interface{}) {
--- a/alert/router/router_alert_eval_detail.go
+++ b/alert/router/router_alert_eval_detail.go
@@ -0,0 +1,28 @@
+package router
+
+import (
+	"fmt"
+
+	"github.com/ccfos/nightingale/v6/pkg/loggrep"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+)
+
+func (rt *Router) alertEvalDetail(c *gin.Context) {
+	id := ginx.UrlParamStr(c, "id")
+	if !loggrep.IsValidRuleID(id) {
+		ginx.Bomb(200, "invalid rule id format")
+	}
+
+	instance := fmt.Sprintf("%s:%d", rt.Alert.Heartbeat.IP, rt.HTTP.Port)
+
+	keyword := fmt.Sprintf("alert_eval_%s", id)
+	logs, err := loggrep.GrepLogDir(rt.LogDir, keyword)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(loggrep.EventDetailResp{
+		Logs:     logs,
+		Instance: instance,
+	}, nil)
+}
--- a/alert/router/router_event.go
+++ b/alert/router/router_event.go
@@ -13,9 +13,9 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/queue"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/poster"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

@@ -25,6 +25,7 @@ func (rt *Router) pushEventToQueue(c *gin.Context) {
 	if event.RuleId == 0 {
 		ginx.Bomb(200, "event is illegal")
 	}
+	event.FE2DB()

 	event.TagsMap = make(map[string]string)
 	for i := 0; i < len(event.TagsJSON); i++ {
@@ -40,7 +41,7 @@ func (rt *Router) pushEventToQueue(c *gin.Context) {

 		event.TagsMap[arr[0]] = arr[1]
 	}
-	hit, _ :=  mute.EventMuteStrategy(event, rt.AlertMuteCache)
+	hit, _ := mute.EventMuteStrategy(event, rt.AlertMuteCache)
 	if hit {
 		logger.Infof("event_muted: rule_id=%d %s", event.RuleId, event.Hash)
 		ginx.NewRender(c).Message(nil)
@@ -74,7 +75,7 @@ func (rt *Router) pushEventToQueue(c *gin.Context) {

 	dispatch.LogEvent(event, "http_push_queue")
 	if !queue.EventQueue.PushFront(event) {
-		msg := fmt.Sprintf("event:%+v push_queue err: queue is full", event)
+		msg := fmt.Sprintf("event:%s push_queue err: queue is full", event.Hash)
 		ginx.Bomb(200, msg)
 		logger.Warningf(msg)
 	}
@@ -104,21 +105,21 @@ func (rt *Router) makeEvent(c *gin.Context) {
 	for i := 0; i < len(events); i++ {
 		node, err := naming.DatasourceHashRing.GetNode(strconv.FormatInt(events[i].DatasourceId, 10), fmt.Sprintf("%d", events[i].RuleId))
 		if err != nil {
-			logger.Warningf("event:%+v get node err:%v", events[i], err)
+			logger.Warningf("event(rule_id=%d ds_id=%d) get node err:%v", events[i].RuleId, events[i].DatasourceId, err)
 			ginx.Bomb(200, "event node not exists")
 		}

 		if node != rt.Alert.Heartbeat.Endpoint {
 			err := forwardEvent(events[i], node)
 			if err != nil {
-				logger.Warningf("event:%+v forward err:%v", events[i], err)
+				logger.Warningf("event(rule_id=%d ds_id=%d) forward err:%v", events[i].RuleId, events[i].DatasourceId, err)
 				ginx.Bomb(200, "event forward error")
 			}
 			continue
 		}

 		ruleWorker, exists := rt.ExternalProcessors.GetExternalAlertRule(events[i].DatasourceId, events[i].RuleId)
-		logger.Debugf("handle event:%+v exists:%v", events[i], exists)
+		logger.Debugf("handle event(rule_id=%d ds_id=%d) exists:%v", events[i].RuleId, events[i].DatasourceId, exists)
 		if !exists {
 			ginx.Bomb(200, "rule not exists")
 		}
@@ -142,6 +143,6 @@ func forwardEvent(event *eventForm, instance string) error {
 	if err != nil {
 		return err
 	}
-	logger.Infof("forward event: result=succ url=%s code=%d event:%v response=%s", ur, code, event, string(res))
+	logger.Infof("forward event: result=succ url=%s code=%d rule_id=%d response=%s", ur, code, event.RuleId, string(res))
 	return nil
 }
--- a/alert/router/router_event_detail.go
+++ b/alert/router/router_event_detail.go
@@ -0,0 +1,27 @@
+package router
+
+import (
+	"fmt"
+
+	"github.com/ccfos/nightingale/v6/pkg/loggrep"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+)
+
+func (rt *Router) eventDetail(c *gin.Context) {
+	hash := ginx.UrlParamStr(c, "hash")
+	if !loggrep.IsValidHash(hash) {
+		ginx.Bomb(200, "invalid hash format")
+	}
+
+	instance := fmt.Sprintf("%s:%d", rt.Alert.Heartbeat.IP, rt.HTTP.Port)
+
+	logs, err := loggrep.GrepLogDir(rt.LogDir, hash)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(loggrep.EventDetailResp{
+		Logs:     logs,
+		Instance: instance,
+	}, nil)
+}
--- a/alert/router/router_trace_logs.go
+++ b/alert/router/router_trace_logs.go
@@ -0,0 +1,28 @@
+package router
+
+import (
+	"fmt"
+
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+	"github.com/ccfos/nightingale/v6/pkg/loggrep"
+
+	"github.com/gin-gonic/gin"
+)
+
+func (rt *Router) traceLogs(c *gin.Context) {
+	traceId := ginx.UrlParamStr(c, "traceid")
+	if !loggrep.IsValidTraceID(traceId) {
+		ginx.Bomb(200, "invalid trace id format")
+	}
+
+	instance := fmt.Sprintf("%s:%d", rt.Alert.Heartbeat.IP, rt.HTTP.Port)
+
+	keyword := "trace_id=" + traceId
+	logs, err := loggrep.GrepLatestLogFiles(rt.LogDir, keyword)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(loggrep.EventDetailResp{
+		Logs:     logs,
+		Instance: instance,
+	}, nil)
+}
--- a/alert/sender/callback.go
+++ b/alert/sender/callback.go
@@ -1,6 +1,7 @@
 package sender

 import (
+	"fmt"
 	"html/template"
 	"net/url"
 	"strings"
@@ -140,7 +141,7 @@ func doSendAndRecord(ctx *ctx.Context, url, token string, body interface{}, chan

 func NotifyRecord(ctx *ctx.Context, evts []*models.AlertCurEvent, notifyRuleID int64, channel, target, res string, err error) {
 	// 一个通知可能对应多个 event，都需要记录
-	notis := make([]*models.NotificaitonRecord, 0, len(evts))
+	notis := make([]*models.NotificationRecord, 0, len(evts))
 	for _, evt := range evts {
 		noti := models.NewNotificationRecord(evt, notifyRuleID, channel, target)
 		if err != nil {
@@ -166,11 +167,13 @@ func NotifyRecord(ctx *ctx.Context, evts []*models.AlertCurEvent, notifyRuleID i
 func doSend(url string, body interface{}, channel string, stats *astats.Stats) (string, error) {
 	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()

+	start := time.Now()
 	res, code, err := poster.PostJSON(url, time.Second*5, body, 3)
+	res = []byte(fmt.Sprintf("duration: %d ms status_code:%d, response:%s", time.Since(start).Milliseconds(), code, string(res)))
 	if err != nil {
 		logger.Errorf("%s_sender: result=fail url=%s code=%d error=%v req:%v response=%s", channel, url, code, err, body, string(res))
 		stats.AlertNotifyErrorTotal.WithLabelValues(channel).Inc()
-		return "", err
+		return string(res), err
 	}

 	logger.Infof("%s_sender: result=succ url=%s code=%d req:%v response=%s", channel, url, code, body, string(res))
@@ -202,6 +205,6 @@ func PushCallbackEvent(ctx *ctx.Context, webhook *models.Webhook, event *models.

 	succ := queue.eventQueue.Push(event)
 	if !succ {
-		logger.Warningf("Write channel(%s) full, current channel size: %d event:%v", webhook.Url, queue.eventQueue.Len(), event)
+		logger.Warningf("Write channel(%s) full, current channel size: %d event:%s", webhook.Url, queue.eventQueue.Len(), event.Hash)
 	}
 }
--- a/alert/sender/email.go
+++ b/alert/sender/email.go
@@ -141,7 +141,7 @@ func updateSmtp(ctx *ctx.Context, ncc *memsto.NotifyConfigCacheType) {
 func startEmailSender(ctx *ctx.Context, smtp aconf.SMTPConfig) {
 	conf := smtp
 	if conf.Host == "" || conf.Port == 0 {
-		logger.Warning("SMTP configurations invalid")
+		logger.Debug("SMTP configurations invalid")
 		<-mailQuit
 		return
 	}
--- a/alert/sender/ibex.go
+++ b/alert/sender/ibex.go
@@ -30,12 +30,14 @@ type IbexCallBacker struct {

 func (c *IbexCallBacker) CallBack(ctx CallBackContext) {
 	if len(ctx.CallBackURL) == 0 || len(ctx.Events) == 0 {
+		logger.Warningf("event_callback_ibex: url or events is empty, url: %s", ctx.CallBackURL)
 		return
 	}

 	event := ctx.Events[0]

 	if event.IsRecovered {
+		logger.Infof("event_callback_ibex: event is recovered, event: %s", event.Hash)
 		return
 	}

@@ -43,8 +45,9 @@ func (c *IbexCallBacker) CallBack(ctx CallBackContext) {
 }

 func (c *IbexCallBacker) handleIbex(ctx *ctx.Context, url string, event *models.AlertCurEvent) {
+	logger.Infof("event_callback_ibex: url: %s, event: %s", url, event.Hash)
 	if imodels.DB() == nil && ctx.IsCenter {
-		logger.Warning("event_callback_ibex: db is nil")
+		logger.Warningf("event_callback_ibex: db is nil, event: %s", event.Hash)
 		return
 	}

@@ -63,42 +66,53 @@ func (c *IbexCallBacker) handleIbex(ctx *ctx.Context, url string, event *models.

 	id, err := strconv.ParseInt(idstr, 10, 64)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: failed to parse url: %s", url)
+		logger.Errorf("event_callback_ibex: failed to parse url: %s event: %s", url, event.Hash)
 		return
 	}

 	if host == "" {
 		// 用户在callback url中没有传入host，就从event中解析
 		host = event.TargetIdent
+
+		if host == "" {
+			if ident, has := event.TagsMap["ident"]; has {
+				host = ident
+			}
+		}
 	}

 	if host == "" {
-		logger.Error("event_callback_ibex: failed to get host")
+		logger.Errorf("event_callback_ibex: failed to get host, id: %d, event: %s", id, event.Hash)
 		return
 	}

-	CallIbex(ctx, id, host, c.taskTplCache, c.targetCache, c.userCache, event)
+	CallIbex(ctx, id, host, c.taskTplCache, c.targetCache, c.userCache, event, "")
 }

 func CallIbex(ctx *ctx.Context, id int64, host string,
 	taskTplCache *memsto.TaskTplCache, targetCache *memsto.TargetCacheType,
-	userCache *memsto.UserCacheType, event *models.AlertCurEvent) {
+	userCache *memsto.UserCacheType, event *models.AlertCurEvent, args string) (int64, error) {
+	logger.Infof("event_callback_ibex: id: %d, host: %s, args: %s, event: %s", id, host, args, event.Hash)
+
 	tpl := taskTplCache.Get(id)
 	if tpl == nil {
-		logger.Errorf("event_callback_ibex: no such tpl(%d)", id)
-		return
+		err := fmt.Errorf("event_callback_ibex: no such tpl(%d), event: %s", id, event.Hash)
+		logger.Errorf("%s", err)
+		return 0, err
 	}
 	// check perm
 	// tpl.GroupId - host - account 三元组校验权限
-	can, err := canDoIbex(tpl.UpdateBy, tpl, host, targetCache, userCache)
+	can, err := CanDoIbex(tpl.UpdateBy, tpl, host, targetCache, userCache)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: check perm fail: %v", err)
-		return
+		err = fmt.Errorf("event_callback_ibex: check perm fail: %v, event: %s", err, event.Hash)
+		logger.Errorf("%s", err)
+		return 0, err
 	}

 	if !can {
-		logger.Errorf("event_callback_ibex: user(%s) no permission", tpl.UpdateBy)
-		return
+		err = fmt.Errorf("event_callback_ibex: user(%s) no permission, event: %s", tpl.UpdateBy, event.Hash)
+		logger.Errorf("%s", err)
+		return 0, err
 	}

 	tagsMap := make(map[string]string)
@@ -122,11 +136,16 @@ func CallIbex(ctx *ctx.Context, id int64, host string,

 	tags, err := json.Marshal(tagsMap)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: failed to marshal tags to json: %v", tagsMap)
-		return
+		err = fmt.Errorf("event_callback_ibex: failed to marshal tags to json: %v, event: %s", tagsMap, event.Hash)
+		logger.Errorf("%s", err)
+		return 0, err
 	}

 	// call ibex
+	taskArgs := tpl.Args
+	if args != "" {
+		taskArgs = args
+	}
 	in := models.TaskForm{
 		Title:          tpl.Title + " FH: " + host,
 		Account:        tpl.Account,
@@ -135,7 +154,7 @@ func CallIbex(ctx *ctx.Context, id int64, host string,
 		Timeout:        tpl.Timeout,
 		Pause:          tpl.Pause,
 		Script:         tpl.Script,
-		Args:           tpl.Args,
+		Args:           taskArgs,
 		Stdin:          string(tags),
 		Action:         "start",
 		Creator:        tpl.UpdateBy,
@@ -145,8 +164,9 @@ func CallIbex(ctx *ctx.Context, id int64, host string,

 	id, err = TaskAdd(in, tpl.UpdateBy, ctx.IsCenter)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: call ibex fail: %v", err)
-		return
+		err = fmt.Errorf("event_callback_ibex: call ibex fail: %v, event: %s", err, event.Hash)
+		logger.Errorf("%s", err)
+		return 0, err
 	}

 	// write db
@@ -167,11 +187,14 @@ func CallIbex(ctx *ctx.Context, id int64, host string,
 	}

 	if err = record.Add(ctx); err != nil {
-		logger.Errorf("event_callback_ibex: persist task_record fail: %v", err)
+		err = fmt.Errorf("event_callback_ibex: persist task_record fail: %v, event: %s", err, event.Hash)
+		logger.Errorf("%s", err)
+		return id, err
 	}
+	return id, nil
 }

-func canDoIbex(username string, tpl *models.TaskTpl, host string, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType) (bool, error) {
+func CanDoIbex(username string, tpl *models.TaskTpl, host string, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType) (bool, error) {
 	user := userCache.GetByUsername(username)
 	if user != nil && user.IsAdmin() {
 		return true, nil
@@ -187,7 +210,7 @@ func canDoIbex(username string, tpl *models.TaskTpl, host string, targetCache *m

 func TaskAdd(f models.TaskForm, authUser string, isCenter bool) (int64, error) {
 	if storage.Cache == nil {
-		logger.Warning("event_callback_ibex: redis cache is nil")
+		logger.Warningf("event_callback_ibex: redis cache is nil, task: %+v", f)
 		return 0, fmt.Errorf("redis cache is nil")
 	}

--- a/alert/sender/notify_record_queue.go
+++ b/alert/sender/notify_record_queue.go
@@ -24,7 +24,7 @@ func ReportNotifyRecordQueueSize(stats *astats.Stats) {

 // 推送通知记录到队列
 // 若队列满 则返回 error
-func PushNotifyRecords(records []*models.NotificaitonRecord) error {
+func PushNotifyRecords(records []*models.NotificationRecord) error {
 	for _, record := range records {
 		if ok := NotifyRecordQueue.PushFront(record); !ok {
 			logger.Warningf("notify record queue is full, record: %+v", record)
@@ -59,16 +59,16 @@ func (c *NotifyRecordConsumer) LoopConsume() {
 		}

 		// 类型转换，不然 CreateInBatches 会报错
-		notis := make([]*models.NotificaitonRecord, 0, len(inotis))
+		notis := make([]*models.NotificationRecord, 0, len(inotis))
 		for _, inoti := range inotis {
-			notis = append(notis, inoti.(*models.NotificaitonRecord))
+			notis = append(notis, inoti.(*models.NotificationRecord))
 		}

 		c.consume(notis)
 	}
 }

-func (c *NotifyRecordConsumer) consume(notis []*models.NotificaitonRecord) {
+func (c *NotifyRecordConsumer) consume(notis []*models.NotificationRecord) {
 	if err := models.DB(c.ctx).CreateInBatches(notis, 100).Error; err != nil {
 		logger.Errorf("add notis:%v failed, err: %v", notis, err)
 	}
--- a/alert/sender/plugin.go
+++ b/alert/sender/plugin.go
@@ -35,7 +35,7 @@ func alertingCallScript(ctx *ctx.Context, stdinBytes []byte, notifyScript models

 	channel := "script"
 	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
-	fpath := ".notify_scriptt"
+	fpath := ".notify_script"
 	if config.Type == 1 {
 		fpath = config.Content
 	} else {
@@ -79,6 +79,7 @@ func alertingCallScript(ctx *ctx.Context, stdinBytes []byte, notifyScript models
 	cmd.Stdout = &buf
 	cmd.Stderr = &buf

+	start := time.Now()
 	err := startCmd(cmd)
 	if err != nil {
 		logger.Errorf("event_script_notify_fail: run cmd err: %v", err)
@@ -88,6 +89,7 @@ func alertingCallScript(ctx *ctx.Context, stdinBytes []byte, notifyScript models
 	err, isTimeout := sys.WrapTimeout(cmd, time.Duration(config.Timeout)*time.Second)

 	res := buf.String()
+	res = fmt.Sprintf("send_time: %s duration: %d ms %s", time.Now().Format("2006-01-02 15:04:05"), time.Since(start).Milliseconds(), res)

 	// 截断超出长度的输出
 	if len(res) > 512 {
--- a/alert/sender/webhook.go
+++ b/alert/sender/webhook.go
@@ -13,10 +13,53 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/poster"

 	"github.com/toolkits/pkg/logger"
 )

+// webhookClientCache 缓存 http.Client，避免每次请求都创建新的 Client 导致连接泄露
+var webhookClientCache sync.Map // key: clientKey (string), value: *http.Client
+
+// 相同配置的 webhook 会复用同一个 Client
+func getWebhookClient(webhook *models.Webhook) *http.Client {
+	clientKey := webhook.Hash()
+
+	if client, ok := webhookClientCache.Load(clientKey); ok {
+		return client.(*http.Client)
+	}
+
+	// 创建新的 Client
+	transport := &http.Transport{
+		TLSClientConfig:     &tls.Config{InsecureSkipVerify: webhook.SkipVerify},
+		MaxIdleConns:        100,
+		MaxIdleConnsPerHost: 10,
+		IdleConnTimeout:     90 * time.Second,
+	}
+
+	if poster.UseProxy(webhook.Url) {
+		transport.Proxy = http.ProxyFromEnvironment
+	}
+
+	timeout := webhook.Timeout
+	if timeout <= 0 {
+		timeout = 10
+	}
+
+	newClient := &http.Client{
+		Timeout:   time.Duration(timeout) * time.Second,
+		Transport: transport,
+	}
+
+	// 使用 LoadOrStore 确保并发安全，避免重复创建
+	actual, loaded := webhookClientCache.LoadOrStore(clientKey, newClient)
+	if loaded {
+		return actual.(*http.Client)
+	}
+
+	return newClient
+}
+
 func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats) (bool, string, error) {
 	channel := "webhook"
 	if webhook.Type == models.RuleCallback {
@@ -29,7 +72,7 @@ func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats
 	}
 	bs, err := json.Marshal(event)
 	if err != nil {
-		logger.Errorf("%s alertingWebhook failed to marshal event:%+v err:%v", channel, event, err)
+		logger.Errorf("%s alertingWebhook failed to marshal event err:%v", channel, err)
 		return false, "", err
 	}

@@ -37,7 +80,7 @@ func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats

 	req, err := http.NewRequest("POST", conf.Url, bf)
 	if err != nil {
-		logger.Warningf("%s alertingWebhook failed to new reques event:%s err:%v", channel, string(bs), err)
+		logger.Warningf("%s alertingWebhook failed to new request event:%s err:%v", channel, string(bs), err)
 		return true, "", err
 	}

@@ -55,25 +98,13 @@ func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats
 			req.Header.Set(conf.Headers[i], conf.Headers[i+1])
 		}
 	}
-	insecureSkipVerify := false
-	if webhook != nil {
-		insecureSkipVerify = webhook.SkipVerify
-	}
-
-	if conf.Client == nil {
-		logger.Warningf("event_%s, event:%s, url: [%s], error: [%s]", channel, string(bs), conf.Url, "client is nil")
-		conf.Client = &http.Client{
-			Timeout: time.Duration(conf.Timeout) * time.Second,
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: insecureSkipVerify},
-			},
-		}
-	}
+	// 使用全局 Client 缓存，避免每次请求都创建新的 Client 导致连接泄露
+	client := getWebhookClient(conf)

 	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
 	var resp *http.Response
 	var body []byte
-	resp, err = conf.Client.Do(req)
+	resp, err = client.Do(req)

 	if err != nil {
 		stats.AlertNotifyErrorTotal.WithLabelValues(channel).Inc()
@@ -88,18 +119,20 @@ func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats

 	if resp.StatusCode == 429 {
 		logger.Errorf("event_%s_fail, url: %s, response code: %d, body: %s event:%s", channel, conf.Url, resp.StatusCode, string(body), string(bs))
-		return true, string(body), fmt.Errorf("status code is 429")
+		return true, fmt.Sprintf("status_code:%d, response:%s", resp.StatusCode, string(body)), fmt.Errorf("status code is 429")
 	}

 	logger.Debugf("event_%s_succ, url: %s, response code: %d, body: %s event:%s", channel, conf.Url, resp.StatusCode, string(body), string(bs))
-	return false, string(body), nil
+	return false, fmt.Sprintf("status_code:%d, response:%s", resp.StatusCode, string(body)), nil
 }

 func SingleSendWebhooks(ctx *ctx.Context, webhooks map[string]*models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
 	for _, conf := range webhooks {
 		retryCount := 0
 		for retryCount < 3 {
+			start := time.Now()
 			needRetry, res, err := sendWebhook(conf, event, stats)
+			res = fmt.Sprintf("send_time: %s duration: %d ms %s", time.Now().Format("2006-01-02 15:04:05"), time.Since(start).Milliseconds(), res)
 			NotifyRecord(ctx, []*models.AlertCurEvent{event}, 0, "webhook", conf.Url, res, err)
 			if !needRetry {
 				break
@@ -112,7 +145,7 @@ func SingleSendWebhooks(ctx *ctx.Context, webhooks map[string]*models.Webhook, e

 func BatchSendWebhooks(ctx *ctx.Context, webhooks map[string]*models.Webhook, event *models.AlertCurEvent, stats *astats.Stats) {
 	for _, conf := range webhooks {
-		logger.Infof("push event:%+v to queue:%v", event, conf)
+		logger.Infof("push event:%s to queue:%v", event.Hash, conf)
 		PushEvent(ctx, conf, event, stats)
 	}
 }
@@ -150,7 +183,7 @@ func PushEvent(ctx *ctx.Context, webhook *models.Webhook, event *models.AlertCur
 	succ := queue.eventQueue.Push(event)
 	if !succ {
 		stats.AlertNotifyErrorTotal.WithLabelValues("push_event_queue").Inc()
-		logger.Warningf("Write channel(%s) full, current channel size: %d event:%v", webhook.Url, queue.eventQueue.Len(), event)
+		logger.Warningf("Write channel(%s) full, current channel size: %d event:%s", webhook.Url, queue.eventQueue.Len(), event.Hash)
 	}
 }

@@ -169,7 +202,9 @@ func StartConsumer(ctx *ctx.Context, queue *WebhookQueue, popSize int, webhook *

 			retryCount := 0
 			for retryCount < webhook.RetryCount {
+				start := time.Now()
 				needRetry, res, err := sendWebhook(webhook, events, stats)
+				res = fmt.Sprintf("send_time: %s duration: %d ms %s", time.Now().Format("2006-01-02 15:04:05"), time.Since(start).Milliseconds(), res)
 				go NotifyRecord(ctx, events, 0, "webhook", webhook.Url, res, err)
 				if !needRetry {
 					break
--- a/center/cconf/conf.go
+++ b/center/cconf/conf.go
@@ -1,20 +1,26 @@
 package cconf

-import "time"
+import (
+	"time"
+
+	"github.com/ccfos/nightingale/v6/pkg/httpx"
+)

 type Center struct {
-	Plugins                []Plugin
-	MetricsYamlFile        string
-	OpsYamlFile            string
-	BuiltinIntegrationsDir string
-	I18NHeaderKey          string
-	MetricDesc             MetricDescType
-	AnonymousAccess        AnonymousAccess
-	UseFileAssets          bool
-	FlashDuty              FlashDuty
-	EventHistoryGroupView  bool
-	CleanNotifyRecordDay   int
-	MigrateBusiGroupLabel  bool
+	Plugins                   []Plugin
+	MetricsYamlFile           string
+	OpsYamlFile               string
+	BuiltinIntegrationsDir    string
+	I18NHeaderKey             string
+	MetricDesc                MetricDescType
+	AnonymousAccess           AnonymousAccess
+	UseFileAssets             bool
+	FlashDuty                 FlashDuty
+	EventHistoryGroupView     bool
+	CleanNotifyRecordDay      int
+	CleanPipelineExecutionDay int
+	MigrateBusiGroupLabel     bool
+	RSA                       httpx.RSAConfig
 }

 type Plugin struct {
--- a/center/cconf/ops.go
+++ b/center/cconf/ops.go
@@ -85,254 +85,221 @@ func MergeOperationConf() error {
 const (
 	builtInOps = `
 ops:
- name: dashboards
-  cname: Dashboards
-  ops:
-    - name: "/dashboards"
-      cname: View Dashboards
-    - name: "/dashboards/add"
-      cname: Add Dashboard
-    - name: "/dashboards/put"
-      cname: Modify Dashboard
-    - name: "/dashboards/del"
-      cname: Delete Dashboard
-    - name: "/embedded-dashboards/put"
-      cname: Modify Embedded Dashboard
-    - name: "/embedded-dashboards"
-      cname: View Embedded Dashboard
-    - name: "/public-dashboards"
-      cname: View Public Dashboard
-
- name: metric
-  cname: Time Series Metrics
-  ops:
-    - name: "/metric/explorer"
-      cname: View Metric Data
-    - name: "/object/explorer"
-      cname: View Object Data
-
- name: builtin-metrics
-  cname: Metric Views
-  ops:
-    - name: "/metrics-built-in"
-      cname: View Built-in Metrics
-    - name: "/builtin-metrics/add"
-      cname: Add Built-in Metric
-    - name: "/builtin-metrics/put"
-      cname: Modify Built-in Metric
-    - name: "/builtin-metrics/del"
-      cname: Delete Built-in Metric
-
- name: recording-rules
-  cname: Recording Rule Management
-  ops:
-    - name: "/recording-rules"
-      cname: View Recording Rules
-    - name: "/recording-rules/add"
-      cname: Add Recording Rule
-    - name: "/recording-rules/put"
-      cname: Modify Recording Rule
-    - name: "/recording-rules/del"
-      cname: Delete Recording Rule
-
- name: log
-  cname: Log Analysis
-  ops:
-    - name: "/log/explorer"
-      cname: View Logs
-    - name: "/log/index-patterns"
-      cname: View Index Patterns
-
- name: alert
-  cname: Alert Rules
-  ops:
-    - name: "/alert-rules"
-      cname: View Alert Rules
-    - name: "/alert-rules/add"
-      cname: Add Alert Rule
-    - name: "/alert-rules/put"
-      cname: Modify Alert Rule
-    - name: "/alert-rules/del"
-      cname: Delete Alert Rule
-
- name: alert-mutes
-  cname: Alert Silence Management
-  ops:
-    - name: "/alert-mutes"
-      cname: View Alert Silences
-    - name: "/alert-mutes/add"
-      cname: Add Alert Silence
-    - name: "/alert-mutes/put"
-      cname: Modify Alert Silence
-    - name: "/alert-mutes/del"
-      cname: Delete Alert Silence
-  
- name: alert-subscribes
-  cname: Alert Subscription Management
-  ops:
-    - name: "/alert-subscribes"
-      cname: View Alert Subscriptions
-    - name: "/alert-subscribes/add"
-      cname: Add Alert Subscription
-    - name: "/alert-subscribes/put"
-      cname: Modify Alert Subscription
-    - name: "/alert-subscribes/del"
-      cname: Delete Alert Subscription
-
- name: alert-events  
-  cname: Alert Event Management
-  ops:
-    - name: "/alert-cur-events"
-      cname: View Current Alerts
-    - name: "/alert-cur-events/del"
-      cname: Delete Current Alert
-    - name: "/alert-his-events"
-      cname: View Historical Alerts
-
- name: notification
-  cname: Alert Notification
-  ops:
-    - name: "/help/notification-settings"
-      cname: View Notification Settings
-    - name: "/help/notification-tpls"
-      cname: View Notification Templates
-
- name: job
-  cname: Task Management
-  ops:
-    - name: "/job-tpls"
-      cname: View Task Templates
-    - name: "/job-tpls/add"
-      cname: Add Task Template
-    - name: "/job-tpls/put"
-      cname: Modify Task Template
-    - name: "/job-tpls/del"
-      cname: Delete Task Template
-    - name: "/job-tasks"
-      cname: View Task Instances
-    - name: "/job-tasks/add"
-      cname: Add Task Instance
-    - name: "/job-tasks/put"
-      cname: Modify Task Instance
-
- name: targets
+- name: Infrastructure
  cname: Infrastructure
  ops:
-    - name: "/targets"
-      cname: View Objects
-    - name: "/targets/add"
-      cname: Add Object
-    - name: "/targets/put"
-      cname: Modify Object
-    - name: "/targets/del"
-      cname: Delete Object
-    - name: "/targets/bind"
-      cname: Bind Object
+    - name: /targets
+      cname: Host - View
+    - name: /targets/put
+      cname: Host - Modify
+    - name: /targets/del
+      cname: Host - Delete
+    - name: /targets/bind
+      cname: Host - Bind Uncategorized

- name: user
-  cname: User Management
+- name: Explorer
+  cname: Explorer
  ops:
-    - name: "/users"
-      cname: View User List
-    - name: "/user-groups"
-      cname: View User Groups
-    - name: "/user-groups/add"
-      cname: Add User Group
-    - name: "/user-groups/put"
-      cname: Modify User Group
-    - name: "/user-groups/del"
-      cname: Delete User Group
+    - name: /metric/explorer
+      cname: Metrics Explorer
+    - name: /object/explorer
+      cname: Quick View
+    - name: /metrics-built-in
+      cname: Built-in Metric - View
+    - name: /builtin-metrics/add
+      cname: Built-in Metric - Add
+    - name: /builtin-metrics/put
+      cname: Built-in Metric - Modify
+    - name: /builtin-metrics/del
+      cname: Built-in Metric - Delete
+    - name: /recording-rules
+      cname: Recording Rule - View
+    - name: /recording-rules/add
+      cname: Recording Rule - Add
+    - name: /recording-rules/put
+      cname: Recording Rule - Modify
+    - name: /recording-rules/del
+      cname: Recording Rule - Delete
+    - name: /log/explorer
+      cname: Logs Explorer
+    - name: /log/index-patterns # 前端有个管理索引模式的页面，所以需要一个权限点来控制，后面应该改成侧拉板
+      cname: Index Pattern - View
+    - name: /log/index-patterns/add
+      cname: Index Pattern - Add
+    - name: /log/index-patterns/put
+      cname: Index Pattern - Modify
+    - name: /log/index-patterns/del
+      cname: Index Pattern - Delete
+    - name: /dashboards
+      cname: Dashboard - View
+    - name: /dashboards/add
+      cname: Dashboard - Add
+    - name: /dashboards/put
+      cname: Dashboard - Modify
+    - name: /dashboards/del
+      cname: Dashboard - Delete
+    - name: /public-dashboards
+      cname: Dashboard - View Public

- name: busi-groups
-  cname: Business Group Management
+- name: alerting
+  cname: Alerting
  ops:
-    - name: "/busi-groups"
-      cname: View Business Groups
-    - name: "/busi-groups/add"
-      cname: Add Business Group
-    - name: "/busi-groups/put"
-      cname: Modify Business Group
-    - name: "/busi-groups/del"
-      cname: Delete Business Group
+    - name: /alert-rules
+      cname: Alerting Rule - View
+    - name: /alert-rules/add
+      cname: Alerting Rule - Add
+    - name: /alert-rules/put
+      cname: Alerting Rule - Modify
+    - name: /alert-rules/del
+      cname: Alerting Rule - Delete
+    - name: /alert-mutes
+      cname: Mutting Rule - View
+    - name: /alert-mutes/add
+      cname: Mutting Rule - Add
+    - name: /alert-mutes/put
+      cname: Mutting Rule - Modify
+    - name: /alert-mutes/del
+      cname: Mutting Rule - Delete
+    - name: /alert-subscribes
+      cname: Subscribing Rule - View
+    - name: /alert-subscribes/add
+      cname: Subscribing Rule - Add
+    - name: /alert-subscribes/put
+      cname: Subscribing Rule - Modify
+    - name: /alert-subscribes/del
+      cname: Subscribing Rule - Delete
+    - name: /job-tpls
+      cname: Self-healing-Script - View
+    - name: /job-tpls/add
+      cname: Self-healing-Script - Add
+    - name: /job-tpls/put
+      cname: Self-healing-Script - Modify
+    - name: /job-tpls/del
+      cname: Self-healing-Script - Delete
+    - name: /job-tasks
+      cname: Self-healing-Job - View
+    - name: /job-tasks/add
+      cname: Self-healing-Job - Add
+    - name: /job-tasks/put
+      cname: Self-healing-Job - Modify
+    - name: /alert-cur-events
+      cname: Active Event - View
+    - name: /alert-cur-events/del
+      cname: Active Event - Delete
+    - name: /alert-his-events
+      cname: Historical Event - View

- name: permissions
-  cname: Permission Management
+- name: Notification
+  cname: Notification
  ops:
-    - name: "/permissions"
-      cname: View Permission Settings
-    
- name: contacts
-  cname: User Contact Management
-  ops:
-    - name: "/contacts"
-      cname: User Contact Management
+    - name: /notification-rules
+      cname: Notification Rule - View
+    - name: /notification-rules/add
+      cname: Notification Rule - Add
+    - name: /notification-rules/put
+      cname: Notification Rule - Modify
+    - name: /notification-rules/del
+      cname: Notification Rule - Delete
+    - name: /notification-channels
+      cname: Media Type - View
+    - name: /notification-channels/add
+      cname: Media Type - Add
+    - name: /notification-channels/put
+      cname: Media Type - Modify
+    - name: /notification-channels/del
+      cname: Media Type - Delete
+    - name: /notification-templates
+      cname: Message Template - View
+    - name: /notification-templates/add
+      cname: Message Template - Add
+    - name: /notification-templates/put
+      cname: Message Template - Modify
+    - name: /notification-templates/del
+      cname: Message Template - Delete
+    - name: /event-pipelines
+      cname: Event Pipeline - View
+    - name: /event-pipelines/add
+      cname: Event Pipeline - Add
+    - name: /event-pipelines/put
+      cname: Event Pipeline - Modify
+    - name: /event-pipelines/del
+      cname: Event Pipeline - Delete
+    - name: /help/notification-settings # 用于控制老版本的通知设置菜单是否展示
+      cname: Notification Settings - View
+    - name: /help/notification-tpls # 用于控制老版本的通知模板菜单是否展示
+      cname: Notification Templates - View

- name: built-in-components
-  cname: Template Center
+- name: Integrations
+  cname: Integrations
  ops:
-    - name: "/built-in-components"
-      cname: View Built-in Components
-    - name: "/built-in-components/add"
-      cname: Add Built-in Component
-    - name: "/built-in-components/put"
-      cname: Modify Built-in Component
-    - name: "/built-in-components/del"
-      cname: Delete Built-in Component
+    - name: /datasources # 用于控制能否看到数据源列表页面的菜单。只有 Admin 才能修改、删除数据源
+      cname: Data Source - View
+    - name: /components
+      cname: Component - View
+    - name: /components/add
+      cname: Component - Add
+    - name: /components/put
+      cname: Component - Modify
+    - name: /components/del
+      cname: Component - Delete
+    - name: /embedded-products
+      cname: Embedded Product - View
+    - name: /embedded-product/add
+      cname: Embedded Product - Add
+    - name: /embedded-product/put
+      cname: Embedded Product - Modify
+    - name: /embedded-product/delete
+      cname: Embedded Product - Delete

- name: datasource
-  cname: Data Source Management
+- name: Organization
+  cname: Organization
  ops:
-    - name: "/help/source"
-      cname: View Data Source Configuration
+    - name: /users
+      cname: User - View
+    - name: /users/add
+      cname: User - Add
+    - name: /users/put
+      cname: User - Modify
+    - name: /users/del
+      cname: User - Delete
+    - name: /user-groups
+      cname: Team - View
+    - name: /user-groups/add
+      cname: Team - Add
+    - name: /user-groups/put
+      cname: Team - Modify
+    - name: /user-groups/del
+      cname: Team - Delete
+    - name: /busi-groups
+      cname: Business Group - View
+    - name: /busi-groups/add
+      cname: Business Group - Add
+    - name: /busi-groups/put
+      cname: Business Group - Modify
+    - name: /busi-groups/del
+      cname: Business Group - Delete
+    - name: /roles
+      cname: Role - View
+    - name: /roles/add
+      cname: Role - Add
+    - name: /roles/put
+      cname: Role - Modify
+    - name: /roles/del
+      cname: Role - Delete

- name: system
-  cname: System Information
+- name: System Settings
+  cname: System Settings
  ops:
-    - name: "/help/variable-configs"
-      cname: View Variable Configuration
-    - name: "/help/version"
-      cname: View Version Information
-    - name: "/help/servers"
-      cname: View Server Information
-    - name: "/help/sso"
-      cname: View SSO Configuration
-    - name: "/site-settings"
+    - name: /system/site-settings # 仅用于控制能否展示菜单，只有 Admin 才能修改、删除
      cname: View Site Settings
+    - name: /system/variable-settings
+      cname: View Variable Settings
+    - name: /system/sso-settings
+      cname: View SSO Settings
+    - name: /system/alerting-engines
+      cname: View Alerting Engines
+    - name: /system/version
+      cname: View Product Version

- name: message-templates
-  cname: Message Templates
-  ops:
-    - name: "/notification-templates"
-      cname: View Message Templates
-    - name: "/notification-templates/add"
-      cname: Add Message Templates
-    - name: "/notification-templates/put"
-      cname: Modify Message Templates
-    - name: "/notification-templates/del"
-      cname: Delete Message Templates
-
- name: notify-rules
-  cname: Notify Rules
-  ops:
-    - name: "/notification-rules"
-      cname: View Notify Rules
-    - name: "/notification-rules/add"
-      cname: Add Notify Rules
-    - name: "/notification-rules/put"
-      cname: Modify Notify Rules
-    - name: "/notification-rules/del"
-      cname: Delete Notify Rules
-
- name: notify-channels
-  cname: Notify Channels
-  ops:
-    - name: "/notification-channels"
-      cname: View Notify Channels
-    - name: "/notification-channels/add"
-      cname: Add Notify Channels
-    - name: "/notification-channels/put"
-      cname: Modify Notify Channels
-    - name: "/notification-channels/del"
-      cname: Delete Notify Channels
 `
 )
--- a/center/cconf/plugin.go
+++ b/center/cconf/plugin.go
@@ -25,4 +25,40 @@ var Plugins = []Plugin{
 		Type:     "tdengine",
 		TypeName: "TDengine",
 	},
+	{
+		Id:       5,
+		Category: "logging",
+		Type:     "ck",
+		TypeName: "ClickHouse",
+	},
+	{
+		Id:       6,
+		Category: "timeseries",
+		Type:     "mysql",
+		TypeName: "MySQL",
+	},
+	{
+		Id:       7,
+		Category: "timeseries",
+		Type:     "pgsql",
+		TypeName: "PostgreSQL",
+	},
+	{
+		Id:       8,
+		Category: "logging",
+		Type:     "doris",
+		TypeName: "Doris",
+	},
+	{
+		Id:       9,
+		Category: "logging",
+		Type:     "opensearch",
+		TypeName: "OpenSearch",
+	},
+	{
+		Id:       10,
+		Category: "logging",
+		Type:     "victorialogs",
+		TypeName: "VictoriaLogs",
+	},
 }
--- a/center/center.go
+++ b/center/center.go
@@ -2,10 +2,13 @@ package center

 import (
 	"context"
+	"encoding/json"
 	"fmt"

 	"github.com/ccfos/nightingale/v6/dscache"

+	"github.com/toolkits/pkg/logger"
+
 	"github.com/ccfos/nightingale/v6/alert"
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/alert/dispatch"
@@ -13,7 +16,6 @@ import (
 	alertrt "github.com/ccfos/nightingale/v6/alert/router"
 	"github.com/ccfos/nightingale/v6/center/cconf"
 	"github.com/ccfos/nightingale/v6/center/cconf/rsa"
-	"github.com/ccfos/nightingale/v6/center/cstats"
 	"github.com/ccfos/nightingale/v6/center/integration"
 	"github.com/ccfos/nightingale/v6/center/metas"
 	centerrt "github.com/ccfos/nightingale/v6/center/router"
@@ -60,7 +62,6 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	}

 	i18nx.Init(configDir)
-	cstats.Init()
 	flashduty.Init(config.Center.FlashDuty)

 	db, err := storage.New(config.DB)
@@ -86,11 +87,21 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	}

 	metas := metas.New(redis)
-	idents := idents.New(ctx, redis)
+	idents := idents.New(ctx, redis, config.Pushgw)

 	syncStats := memsto.NewSyncStats()
 	alertStats := astats.NewSyncStats()

+	if config.Center.MigrateBusiGroupLabel || models.CanMigrateBg(ctx) {
+		models.MigrateBg(ctx, config.Pushgw.BusiGroupLabelKey)
+	}
+	if models.CanMigrateEP(ctx) {
+		models.MigrateEP(ctx)
+	}
+
+	// 初始化 siteUrl，如果为空则设置默认值
+	InitSiteUrl(ctx, config.Alert.Heartbeat.IP, config.HTTP.Port)
+
 	configCache := memsto.NewConfigCache(ctx, syncStats, config.HTTP.RSA.RSAPrivateKey, config.HTTP.RSA.RSAPassWord)
 	busiGroupCache := memsto.NewBusiGroupCache(ctx, syncStats)
 	targetCache := memsto.NewTargetCache(ctx, syncStats, redis)
@@ -116,26 +127,21 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {

 	macros.RegisterMacro(macros.MacroInVain)
 	dscache.Init(ctx, false)
-	alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache)
+	alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, configCvalCache)

 	writers := writer.NewWriters(config.Pushgw)

 	go version.GetGithubVersion()

 	go cron.CleanNotifyRecord(ctx, config.Center.CleanNotifyRecordDay)
+	go cron.CleanPipelineExecution(ctx, config.Center.CleanPipelineExecutionDay)

-	alertrtRouter := alertrt.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors)
+	alertrtRouter := alertrt.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors, config.Log.Dir)
 	centerRouter := centerrt.New(config.HTTP, config.Center, config.Alert, config.Ibex,
 		cconf.Operations, dsCache, notifyConfigCache, promClients,
-		redis, sso, ctx, metas, idents, targetCache, userCache, userGroupCache, userTokenCache)
+		redis, sso, ctx, metas, idents, targetCache, userCache, userGroupCache, userTokenCache, config.Log.Dir)
 	pushgwRouter := pushgwrt.New(config.HTTP, config.Pushgw, config.Alert, targetCache, busiGroupCache, idents, metas, writers, ctx)

-	go func() {
-		if config.Center.MigrateBusiGroupLabel || models.CanMigrateBg(ctx) {
-			models.MigrateBg(ctx, pushgwRouter.Pushgw.BusiGroupLabelKey)
-		}
-	}()
-
 	r := httpx.GinEngine(config.Global.RunMode, config.HTTP, configCvalCache.PrintBodyPaths, configCvalCache.PrintAccessLog)

 	centerRouter.Config(r)
@@ -160,3 +166,67 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 		httpClean()
 	}, nil
 }
+
+// initSiteUrl 初始化 site_info 中的 site_url，如果为空则使用服务器IP和端口设置默认值
+func InitSiteUrl(ctx *ctx.Context, serverIP string, serverPort int) {
+	// 构造默认的 SiteUrl
+	defaultSiteUrl := fmt.Sprintf("http://%s:%d", serverIP, serverPort)
+
+	// 获取现有的 site_info 配置
+	siteInfoStr, err := models.ConfigsGet(ctx, "site_info")
+	if err != nil {
+		logger.Errorf("failed to get site_info config: %v", err)
+		return
+	}
+
+	// 如果 site_info 不存在，创建新的
+	if siteInfoStr == "" {
+		newSiteInfo := memsto.SiteInfo{
+			SiteUrl: defaultSiteUrl,
+		}
+		siteInfoBytes, err := json.Marshal(newSiteInfo)
+		if err != nil {
+			logger.Errorf("failed to marshal site_info: %v", err)
+			return
+		}
+
+		err = models.ConfigsSet(ctx, "site_info", string(siteInfoBytes))
+		if err != nil {
+			logger.Errorf("failed to set site_info: %v", err)
+			return
+		}
+
+		logger.Infof("initialized site_url with default value: %s", defaultSiteUrl)
+		return
+	}
+
+	// 检查现有的 site_info 中的 site_url 字段
+	var existingSiteInfo memsto.SiteInfo
+	err = json.Unmarshal([]byte(siteInfoStr), &existingSiteInfo)
+	if err != nil {
+		logger.Errorf("failed to unmarshal site_info: %v", err)
+		return
+	}
+
+	// 如果 site_url 已经有值，则不需要初始化
+	if existingSiteInfo.SiteUrl != "" {
+		return
+	}
+
+	// 设置 site_url
+	existingSiteInfo.SiteUrl = defaultSiteUrl
+
+	siteInfoBytes, err := json.Marshal(existingSiteInfo)
+	if err != nil {
+		logger.Errorf("failed to marshal updated site_info: %v", err)
+		return
+	}
+
+	err = models.ConfigsSet(ctx, "site_info", string(siteInfoBytes))
+	if err != nil {
+		logger.Errorf("failed to update site_info: %v", err)
+		return
+	}
+
+	logger.Infof("initialized site_url with default value: %s", defaultSiteUrl)
+}
--- a/center/cstats/stats.go
+++ b/center/cstats/stats.go
@@ -6,40 +6,49 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 )

-const Service = "n9e-center"
+const (
+	namespace = "n9e"
+	subsystem = "center"
+)

 var (
-	labels = []string{"service", "code", "path", "method"}
-
-	uptime = prometheus.NewCounterVec(
+	uptime = prometheus.NewCounter(
 		prometheus.CounterOpts{
-			Name: "uptime",
-			Help: "HTTP service uptime.",
-		}, []string{"service"},
-	)
-
-	RequestCounter = prometheus.NewCounterVec(
-		prometheus.CounterOpts{
-			Name: "http_request_count_total",
-			Help: "Total number of HTTP requests made.",
-		}, labels,
+			Namespace: namespace,
+			Subsystem: subsystem,
+			Name:      "uptime",
+			Help:      "HTTP service uptime.",
+		},
 	)

 	RequestDuration = prometheus.NewHistogramVec(
 		prometheus.HistogramOpts{
-			Buckets: []float64{.01, .1, 1, 10},
-			Name:    "http_request_duration_seconds",
-			Help:    "HTTP request latencies in seconds.",
-		}, labels,
+			Namespace: namespace,
+			Subsystem: subsystem,
+			Buckets:   prometheus.DefBuckets,
+			Name:      "http_request_duration_seconds",
+			Help:      "HTTP request latencies in seconds.",
+		}, []string{"code", "path", "method"},
+	)
+
+	RedisOperationLatency = prometheus.NewHistogramVec(
+		prometheus.HistogramOpts{
+			Namespace: namespace,
+			Subsystem: subsystem,
+			Name:      "redis_operation_latency_seconds",
+			Help:      "Histogram of latencies for Redis operations",
+			Buckets:   []float64{.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5},
+		},
+		[]string{"operation", "status"},
 	)
 )

-func Init() {
+func init() {
 	// Register the summary and the histogram with Prometheus's default registry.
 	prometheus.MustRegister(
 		uptime,
-		RequestCounter,
 		RequestDuration,
+		RedisOperationLatency,
 	)

 	go recordUptime()
@@ -48,6 +57,6 @@ func Init() {
 // recordUptime increases service uptime per second.
 func recordUptime() {
 	for range time.Tick(time.Second) {
-		uptime.WithLabelValues(Service).Inc()
+		uptime.Inc()
 	}
 }
--- a/center/integration/init.go
+++ b/center/integration/init.go
@@ -3,11 +3,15 @@ package integration
 import (
 	"encoding/json"
 	"path"
+	"sort"
 	"strings"
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+
+	"github.com/pkg/errors"
+	"github.com/toolkits/pkg/container/set"
 	"github.com/toolkits/pkg/file"
 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/runner"
@@ -15,7 +19,18 @@ import (

 const SYSTEM = "system"

+var BuiltinPayloadInFile *BuiltinPayloadInFileType
+
+type BuiltinPayloadInFileType struct {
+	Data      map[uint64]map[string]map[string][]*models.BuiltinPayload // map[component_id]map[type]map[cate][]*models.BuiltinPayload
+	IndexData map[int64]*models.BuiltinPayload                          // map[uuid]payload
+
+	BuiltinMetrics map[string]*models.BuiltinMetric
+}
+
 func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
+	BuiltinPayloadInFile = NewBuiltinPayloadInFileType()
+
 	err := models.InitBuiltinPayloads(ctx)
 	if err != nil {
 		logger.Warning("init old builtinPayloads fail ", err)
@@ -109,13 +124,13 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 			component.ID = old.ID
 		}

-		// delete uuid is emtpy
+		// delete uuid is empty
 		err = models.DB(ctx).Exec("delete from builtin_payloads where uuid = 0 and type != 'collect' and (updated_by = 'system' or updated_by = '')").Error
 		if err != nil {
 			logger.Warning("delete builtin payloads fail ", err)
 		}

-		// delete builtin metrics uuid is emtpy
+		// delete builtin metrics uuid is empty
 		err = models.DB(ctx).Exec("delete from builtin_metrics where uuid = 0 and (updated_by = 'system' or updated_by = '')").Error
 		if err != nil {
 			logger.Warning("delete builtin metrics fail ", err)
@@ -146,11 +161,10 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 				}

 				newAlerts := []models.AlertRule{}
-				writeAlertFileFlag := false
 				for _, alert := range alerts {
 					if alert.UUID == 0 {
-						writeAlertFileFlag = true
-						alert.UUID = time.Now().UnixNano()
+						time.Sleep(time.Microsecond)
+						alert.UUID = time.Now().UnixMicro()
 					}

 					newAlerts = append(newAlerts, alert)
@@ -169,47 +183,13 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 						Tags:        alert.AppendTags,
 						Content:     string(content),
 						UUID:        alert.UUID,
+						ID:          alert.UUID,
+						CreatedBy:   SYSTEM,
+						UpdatedBy:   SYSTEM,
 					}
+					BuiltinPayloadInFile.AddBuiltinPayload(&builtinAlert)

-					old, err := models.BuiltinPayloadGet(ctx, "uuid = ?", alert.UUID)
-					if err != nil {
-						logger.Warning("get builtin alert fail ", builtinAlert, err)
-						continue
-					}
-
-					if old == nil {
-						err := builtinAlert.Add(ctx, SYSTEM)
-						if err != nil {
-							logger.Warning("add builtin alert fail ", builtinAlert, err)
-						}
-						continue
-					}
-
-					if old.UpdatedBy == SYSTEM {
-						old.ComponentID = component.ID
-						old.Content = string(content)
-						old.Name = alert.Name
-						old.Tags = alert.AppendTags
-						err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
-						if err != nil {
-							logger.Warningf("update builtin alert:%+v fail %v", builtinAlert, err)
-						}
-					}
 				}
-
-				if writeAlertFileFlag {
-					bs, err = json.MarshalIndent(newAlerts, "", "    ")
-					if err != nil {
-						logger.Warning("marshal builtin alerts fail ", newAlerts, err)
-						continue
-					}
-
-					_, err = file.WriteBytes(fp, bs)
-					if err != nil {
-						logger.Warning("write builtin alerts file fail ", f, err)
-					}
-				}
-
 			}
 		}

@@ -259,34 +239,14 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 					Cate:        "",
 					Name:        dashboard.Name,
 					Tags:        dashboard.Tags,
+					Note:        dashboard.Note,
 					Content:     string(content),
 					UUID:        dashboard.UUID,
+					ID:          dashboard.UUID,
+					CreatedBy:   SYSTEM,
+					UpdatedBy:   SYSTEM,
 				}
-
-				old, err := models.BuiltinPayloadGet(ctx, "uuid = ?", dashboard.UUID)
-				if err != nil {
-					logger.Warning("get builtin alert fail ", builtinDashboard, err)
-					continue
-				}
-
-				if old == nil {
-					err := builtinDashboard.Add(ctx, SYSTEM)
-					if err != nil {
-						logger.Warning("add builtin alert fail ", builtinDashboard, err)
-					}
-					continue
-				}
-
-				if old.UpdatedBy == SYSTEM {
-					old.ComponentID = component.ID
-					old.Content = string(content)
-					old.Name = dashboard.Name
-					old.Tags = dashboard.Tags
-					err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
-					if err != nil {
-						logger.Warningf("update builtin alert:%+v fail %v", builtinDashboard, err)
-					}
-				}
+				BuiltinPayloadInFile.AddBuiltinPayload(&builtinDashboard)
 			}
 		} else if err != nil {
 			logger.Warningf("read builtin component dash dir fail %s %v", component.Ident, err)
@@ -304,64 +264,21 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 				}

 				metrics := []models.BuiltinMetric{}
-				newMetrics := []models.BuiltinMetric{}
 				err = json.Unmarshal(bs, &metrics)
 				if err != nil {
 					logger.Warning("parse builtin component metrics file fail", f, err)
 					continue
 				}

-				writeMetricFileFlag := false
 				for _, metric := range metrics {
-					if metric.UUID == 0 {
-						writeMetricFileFlag = true
-						metric.UUID = time.Now().UnixNano()
-					}
-					newMetrics = append(newMetrics, metric)
+					time.Sleep(time.Microsecond)
+					metric.UUID = time.Now().UnixMicro()
+					metric.ID = metric.UUID
+					metric.CreatedBy = SYSTEM
+					metric.UpdatedBy = SYSTEM

-					old, err := models.BuiltinMetricGet(ctx, "uuid = ?", metric.UUID)
-					if err != nil {
-						logger.Warning("get builtin metrics fail ", metric, err)
-						continue
-					}
-
-					if old == nil {
-						err := metric.Add(ctx, SYSTEM)
-						if err != nil {
-							logger.Warning("add builtin metrics fail ", metric, err)
-						}
-						continue
-					}
-
-					if old.UpdatedBy == SYSTEM {
-						old.Collector = metric.Collector
-						old.Typ = metric.Typ
-						old.Name = metric.Name
-						old.Unit = metric.Unit
-						old.Note = metric.Note
-						old.Lang = metric.Lang
-						old.Expression = metric.Expression
-
-						err = models.DB(ctx).Model(old).Select("*").Updates(old).Error
-						if err != nil {
-							logger.Warningf("update builtin metric:%+v fail %v", metric, err)
-						}
-					}
+					BuiltinPayloadInFile.BuiltinMetrics[metric.Expression] = &metric
 				}
-
-				if writeMetricFileFlag {
-					bs, err = json.MarshalIndent(newMetrics, "", "    ")
-					if err != nil {
-						logger.Warning("marshal builtin metrics fail ", newMetrics, err)
-						continue
-					}
-
-					_, err = file.WriteBytes(fp, bs)
-					if err != nil {
-						logger.Warning("write builtin metrics file fail ", f, err)
-					}
-				}
-
 			}
 		} else if err != nil {
 			logger.Warningf("read builtin component metrics dir fail %s %v", component.Ident, err)
@@ -375,6 +292,7 @@ type BuiltinBoard struct {
 	Name       string      `json:"name"`
 	Ident      string      `json:"ident"`
 	Tags       string      `json:"tags"`
+	Note       string      `json:"note"`
 	CreateAt   int64       `json:"create_at"`
 	CreateBy   string      `json:"create_by"`
 	UpdateAt   int64       `json:"update_at"`
@@ -387,3 +305,346 @@ type BuiltinBoard struct {
 	Hide       int         `json:"hide"`     // 0: false, 1: true
 	UUID       int64       `json:"uuid"`
 }
+
+func NewBuiltinPayloadInFileType() *BuiltinPayloadInFileType {
+	return &BuiltinPayloadInFileType{
+		Data:           make(map[uint64]map[string]map[string][]*models.BuiltinPayload),
+		IndexData:      make(map[int64]*models.BuiltinPayload),
+		BuiltinMetrics: make(map[string]*models.BuiltinMetric),
+	}
+}
+
+func (b *BuiltinPayloadInFileType) AddBuiltinPayload(bp *models.BuiltinPayload) {
+	if _, exists := b.Data[bp.ComponentID]; !exists {
+		b.Data[bp.ComponentID] = make(map[string]map[string][]*models.BuiltinPayload)
+	}
+	bpInType := b.Data[bp.ComponentID]
+	if _, exists := bpInType[bp.Type]; !exists {
+		bpInType[bp.Type] = make(map[string][]*models.BuiltinPayload)
+	}
+	bpInCate := bpInType[bp.Type]
+	if _, exists := bpInCate[bp.Cate]; !exists {
+		bpInCate[bp.Cate] = make([]*models.BuiltinPayload, 0)
+	}
+	bpInCate[bp.Cate] = append(bpInCate[bp.Cate], bp)
+
+	b.IndexData[bp.UUID] = bp
+}
+
+func (b *BuiltinPayloadInFileType) GetComponentIdentByCate(typ, cate string) string {
+
+	for _, source := range b.Data {
+		if source == nil {
+			continue
+		}
+
+		typeMap, exists := source[typ]
+		if !exists {
+			continue
+		}
+
+		payloads, exists := typeMap[cate]
+		if !exists {
+			continue
+		}
+
+		if len(payloads) > 0 {
+			return payloads[0].Component
+		}
+	}
+	return ""
+}
+
+func (b *BuiltinPayloadInFileType) GetBuiltinPayload(typ, cate, query string, componentId uint64) ([]*models.BuiltinPayload, error) {
+
+	var result []*models.BuiltinPayload
+	source := b.Data[componentId]
+
+	if source == nil {
+		return nil, nil
+	}
+
+	typeMap, exists := source[typ]
+	if !exists {
+		return nil, nil
+	}
+
+	if cate != "" {
+		payloads, exists := typeMap[cate]
+		if !exists {
+			return nil, nil
+		}
+		result = append(result, filterByQuery(payloads, query)...)
+	} else {
+		for _, payloads := range typeMap {
+			result = append(result, filterByQuery(payloads, query)...)
+		}
+	}
+
+	if len(result) > 0 {
+		sort.Slice(result, func(i, j int) bool {
+			return result[i].Name < result[j].Name
+		})
+	}
+
+	return result, nil
+}
+
+func (b *BuiltinPayloadInFileType) GetBuiltinPayloadCates(typ string, componentId uint64) ([]string, error) {
+	var result []string
+	source := b.Data[componentId]
+	if source == nil {
+		return result, nil
+	}
+
+	typeData := source[typ]
+	if typeData == nil {
+		return result, nil
+	}
+	for cate := range typeData {
+		result = append(result, cate)
+	}
+
+	sort.Strings(result)
+	return result, nil
+}
+
+func filterByQuery(payloads []*models.BuiltinPayload, query string) []*models.BuiltinPayload {
+	if query == "" {
+		return payloads
+	}
+
+	queryLower := strings.ToLower(query)
+	var filtered []*models.BuiltinPayload
+	for _, p := range payloads {
+		if strings.Contains(strings.ToLower(p.Name), queryLower) || strings.Contains(strings.ToLower(p.Tags), queryLower) {
+			filtered = append(filtered, p)
+		}
+	}
+	return filtered
+}
+
+func (b *BuiltinPayloadInFileType) BuiltinMetricGets(metricsInDB []*models.BuiltinMetric, lang, collector, typ, query, unit string, limit, offset int) ([]*models.BuiltinMetric, int, error) {
+	var filteredMetrics []*models.BuiltinMetric
+	expressionSet := set.NewStringSet()
+	builtinMetricsByDB := convertBuiltinMetricByDB(metricsInDB)
+	builtinMetricsMap := make(map[string]*models.BuiltinMetric)
+
+	for expression, metric := range builtinMetricsByDB {
+		builtinMetricsMap[expression] = metric
+	}
+
+	for expression, metric := range b.BuiltinMetrics {
+		builtinMetricsMap[expression] = metric
+	}
+
+	for _, metric := range builtinMetricsMap {
+		if !applyFilter(metric, collector, typ, query, unit) {
+			continue
+		}
+
+		// Skip if expression is already in db cache
+		// NOTE: 忽略重复的expression，特别的，在旧版本中，用户可能已经创建了重复的metrics，需要覆盖掉ByFile中相同的Metrics
+		// NOTE: Ignore duplicate expressions, especially in the old version, users may have created duplicate metrics,
+		if expressionSet.Exists(metric.Expression) {
+			continue
+		}
+
+		// Add db expression in set.
+		expressionSet.Add(metric.Expression)
+
+		// Apply language
+		trans, err := getTranslationWithLanguage(metric, lang)
+		if err != nil {
+			logger.Errorf("Error getting translation for metric %s: %v", metric.Name, err)
+			continue // Skip if translation not found
+		}
+		metric.Name = trans.Name
+		metric.Note = trans.Note
+
+		filteredMetrics = append(filteredMetrics, metric)
+	}
+
+	// Sort metrics
+	sort.Slice(filteredMetrics, func(i, j int) bool {
+		if filteredMetrics[i].Collector != filteredMetrics[j].Collector {
+			return filteredMetrics[i].Collector < filteredMetrics[j].Collector
+		}
+		if filteredMetrics[i].Typ != filteredMetrics[j].Typ {
+			return filteredMetrics[i].Typ < filteredMetrics[j].Typ
+		}
+		return filteredMetrics[i].Expression < filteredMetrics[j].Expression
+	})
+
+	totalCount := len(filteredMetrics)
+
+	// Validate parameters
+	if offset < 0 {
+		offset = 0
+	}
+	if limit < 0 {
+		limit = 0
+	}
+
+	// Handle edge cases
+	if offset >= totalCount || limit == 0 {
+		return []*models.BuiltinMetric{}, totalCount, nil
+	}
+
+	// Apply pagination
+	end := offset + limit
+	if end > totalCount {
+		end = totalCount
+	}
+
+	return filteredMetrics[offset:end], totalCount, nil
+}
+
+func (b *BuiltinPayloadInFileType) BuiltinMetricTypes(lang, collector, query string) []string {
+	typeSet := set.NewStringSet()
+	for _, metric := range b.BuiltinMetrics {
+		if !applyFilter(metric, collector, "", query, "") {
+			continue
+		}
+
+		typeSet.Add(metric.Typ)
+	}
+
+	return typeSet.ToSlice()
+}
+
+func (b *BuiltinPayloadInFileType) BuiltinMetricCollectors(lang, typ, query string) []string {
+	collectorSet := set.NewStringSet()
+	for _, metric := range b.BuiltinMetrics {
+		if !applyFilter(metric, "", typ, query, "") {
+			continue
+		}
+
+		collectorSet.Add(metric.Collector)
+	}
+	return collectorSet.ToSlice()
+}
+
+func applyFilter(metric *models.BuiltinMetric, collector, typ, query, unit string) bool {
+	if collector != "" && collector != metric.Collector {
+		return false
+	}
+
+	if typ != "" && typ != metric.Typ {
+		return false
+	}
+
+	if unit != "" && !containsUnit(unit, metric.Unit) {
+		return false
+	}
+
+	if query != "" && !applyQueryFilter(metric, query) {
+		return false
+	}
+
+	return true
+}
+
+func containsUnit(unit, metricUnit string) bool {
+	us := strings.Split(unit, ",")
+	for _, u := range us {
+		if u == metricUnit {
+			return true
+		}
+	}
+	return false
+}
+
+func applyQueryFilter(metric *models.BuiltinMetric, query string) bool {
+	qs := strings.Split(query, " ")
+	for _, q := range qs {
+		if strings.HasPrefix(q, "-") {
+			q = strings.TrimPrefix(q, "-")
+			if strings.Contains(metric.Name, q) || strings.Contains(metric.Note, q) || strings.Contains(metric.Expression, q) {
+				return false
+			}
+		} else {
+			if !strings.Contains(metric.Name, q) && !strings.Contains(metric.Note, q) && !strings.Contains(metric.Expression, q) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func getTranslationWithLanguage(bm *models.BuiltinMetric, lang string) (*models.Translation, error) {
+	var defaultTranslation *models.Translation
+	for _, t := range bm.Translation {
+		if t.Lang == lang {
+			return &t, nil
+		}
+
+		if t.Lang == "en_US" {
+			defaultTranslation = &t
+		}
+	}
+
+	if defaultTranslation != nil {
+		return defaultTranslation, nil
+	}
+
+	return nil, errors.Errorf("translation not found for metric %s", bm.Name)
+}
+
+func convertBuiltinMetricByDB(metricsInDB []*models.BuiltinMetric) map[string]*models.BuiltinMetric {
+	builtinMetricsByDB := make(map[string]*models.BuiltinMetric)
+	builtinMetricsByDBList := make(map[string][]*models.BuiltinMetric)
+
+	for _, metric := range metricsInDB {
+		builtinMetrics, ok := builtinMetricsByDBList[metric.Expression]
+		if !ok {
+			builtinMetrics = []*models.BuiltinMetric{}
+		}
+
+		builtinMetrics = append(builtinMetrics, metric)
+		builtinMetricsByDBList[metric.Expression] = builtinMetrics
+	}
+
+	for expression, builtinMetrics := range builtinMetricsByDBList {
+		if len(builtinMetrics) == 0 {
+			continue
+		}
+
+		// NOTE: 为兼容旧版本用户已经创建的 metrics，同时将修改 metrics 收敛到同一个记录上，
+		// 我们选择使用 expression 相同但是 id 最小的 metric 记录作为主要的 Metric。
+		sort.Slice(builtinMetrics, func(i, j int) bool {
+			return builtinMetrics[i].ID < builtinMetrics[j].ID
+		})
+
+		currentBuiltinMetric := builtinMetrics[0]
+		// User has no customized translation, so we can merge it
+		if len(currentBuiltinMetric.Translation) == 0 {
+			translationMap := make(map[string]models.Translation)
+			for _, bm := range builtinMetrics {
+				for _, t := range getDefaultTranslation(bm) {
+					translationMap[t.Lang] = t
+				}
+			}
+			currentBuiltinMetric.Translation = make([]models.Translation, 0, len(translationMap))
+			for _, t := range translationMap {
+				currentBuiltinMetric.Translation = append(currentBuiltinMetric.Translation, t)
+			}
+		}
+
+		builtinMetricsByDB[expression] = currentBuiltinMetric
+	}
+
+	return builtinMetricsByDB
+}
+
+func getDefaultTranslation(bm *models.BuiltinMetric) []models.Translation {
+	if len(bm.Translation) != 0 {
+		return bm.Translation
+	}
+
+	return []models.Translation{{
+		Lang: bm.Lang,
+		Name: bm.Name,
+		Note: bm.Note,
+	}}
+}
--- a/center/metas/metas.go
+++ b/center/metas/metas.go
@@ -6,6 +6,7 @@ import (
 	"sync"
 	"time"

+	"github.com/ccfos/nightingale/v6/center/cstats"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/storage"

@@ -115,15 +116,23 @@ func (s *Set) updateTargets(m map[string]models.HostMeta) error {
 		}
 		newMap[models.WrapIdent(ident)] = meta
 	}
-	err := storage.MSet(context.Background(), s.redis, newMap)
+
+	start := time.Now()
+	err := storage.MSet(context.Background(), s.redis, newMap, 7*24*time.Hour)
 	if err != nil {
+		cstats.RedisOperationLatency.WithLabelValues("mset_target_meta", "fail").Observe(time.Since(start).Seconds())
 		return err
+	} else {
+		cstats.RedisOperationLatency.WithLabelValues("mset_target_meta", "success").Observe(time.Since(start).Seconds())
 	}

 	if len(extendMap) > 0 {
-		err = storage.MSet(context.Background(), s.redis, extendMap)
+		err = storage.MSet(context.Background(), s.redis, extendMap, 7*24*time.Hour)
 		if err != nil {
+			cstats.RedisOperationLatency.WithLabelValues("mset_target_extend", "fail").Observe(time.Since(start).Seconds())
 			return err
+		} else {
+			cstats.RedisOperationLatency.WithLabelValues("mset_target_extend", "success").Observe(time.Since(start).Seconds())
 		}
 	}

--- a/center/router/router.go
+++ b/center/router/router.go
@@ -24,11 +24,11 @@ import (
 	"github.com/ccfos/nightingale/v6/prom"
 	"github.com/ccfos/nightingale/v6/pushgw/idents"
 	"github.com/ccfos/nightingale/v6/storage"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"gorm.io/gorm"

 	"github.com/gin-gonic/gin"
 	"github.com/rakyll/statik/fs"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/runner"
 )
@@ -51,6 +51,7 @@ type Router struct {
 	UserGroupCache    *memsto.UserGroupCacheType
 	UserTokenCache    *memsto.UserTokenCacheType
 	Ctx               *ctx.Context
+	LogDir            string

 	HeartbeatHook       HeartbeatHookFunc
 	TargetDeleteHook    models.TargetDeleteHookFunc
@@ -61,7 +62,7 @@ func New(httpConfig httpx.Config, center cconf.Center, alert aconf.Alert, ibex c
 	operations cconf.Operation, ds *memsto.DatasourceCacheType, ncc *memsto.NotifyConfigCacheType,
 	pc *prom.PromClientMap, redis storage.Redis,
 	sso *sso.SsoClient, ctx *ctx.Context, metaSet *metas.Set, idents *idents.Set,
-	tc *memsto.TargetCacheType, uc *memsto.UserCacheType, ugc *memsto.UserGroupCacheType, utc *memsto.UserTokenCacheType) *Router {
+	tc *memsto.TargetCacheType, uc *memsto.UserCacheType, ugc *memsto.UserGroupCacheType, utc *memsto.UserTokenCacheType, logDir string) *Router {
 	return &Router{
 		HTTP:                httpConfig,
 		Center:              center,
@@ -80,6 +81,7 @@ func New(httpConfig httpx.Config, center cconf.Center, alert aconf.Alert, ibex c
 		UserGroupCache:      ugc,
 		UserTokenCache:      utc,
 		Ctx:                 ctx,
+		LogDir:              logDir,
 		HeartbeatHook:       func(ident string) map[string]interface{} { return nil },
 		TargetDeleteHook:    func(tx *gorm.DB, idents []string) error { return nil },
 		AlertRuleModifyHook: func(ar *models.AlertRule) {},
@@ -93,10 +95,9 @@ func stat() gin.HandlerFunc {

 		code := fmt.Sprintf("%d", c.Writer.Status())
 		method := c.Request.Method
-		labels := []string{cstats.Service, code, c.FullPath(), method}
+		labels := []string{code, c.FullPath(), method}

-		cstats.RequestCounter.WithLabelValues(labels...).Inc()
-		cstats.RequestDuration.WithLabelValues(labels...).Observe(float64(time.Since(start).Seconds()))
+		cstats.RequestDuration.WithLabelValues(labels...).Observe(time.Since(start).Seconds())
 	}
 }

@@ -178,6 +179,7 @@ func (rt *Router) Config(r *gin.Engine) {
 	pages := r.Group(pagesPrefix)
 	{

+		pages.DELETE("/datasource/series", rt.auth(), rt.admin(), rt.deleteDatasourceSeries)
 		if rt.Center.AnonymousAccess.PromQuerier {
 			pages.Any("/proxy/:id/*url", rt.dsProxy)
 			pages.POST("/query-range-batch", rt.promBatchQueryRange)
@@ -211,8 +213,8 @@ func (rt *Router) Config(r *gin.Engine) {
 			pages.GET("/datasource/brief", rt.auth(), rt.user(), rt.datasourceBriefs)
 			pages.POST("/datasource/query", rt.auth(), rt.user(), rt.datasourceQuery)

-			pages.POST("/ds-query", rt.auth(), rt.QueryData)
-			pages.POST("/logs-query", rt.auth(), rt.QueryLogV2)
+			pages.POST("/ds-query", rt.auth(), rt.user(), rt.QueryData)
+			pages.POST("/logs-query", rt.auth(), rt.user(), rt.QueryLogV2)

 			pages.POST("/tdengine-databases", rt.auth(), rt.tdengineDatabases)
 			pages.POST("/tdengine-tables", rt.auth(), rt.tdengineTables)
@@ -232,6 +234,11 @@ func (rt *Router) Config(r *gin.Engine) {
 			pages.POST("/log-query", rt.QueryLog)
 		}

+		// OpenSearch 专用接口
+		pages.POST("/os-indices", rt.QueryOSIndices)
+		pages.POST("/os-variable", rt.QueryOSVariable)
+		pages.POST("/os-fields", rt.QueryOSFields)
+
 		pages.GET("/sql-template", rt.QuerySqlTemplate)
 		pages.POST("/auth/login", rt.jwtMock(), rt.loginPost)
 		pages.POST("/auth/logout", rt.jwtMock(), rt.auth(), rt.user(), rt.logoutPost)
@@ -245,9 +252,13 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/auth/redirect", rt.loginRedirect)
 		pages.GET("/auth/redirect/cas", rt.loginRedirectCas)
 		pages.GET("/auth/redirect/oauth", rt.loginRedirectOAuth)
+		pages.GET("/auth/redirect/dingtalk", rt.loginRedirectDingTalk)
+		pages.GET("/auth/redirect/feishu", rt.loginRedirectFeiShu)
 		pages.GET("/auth/callback", rt.loginCallback)
 		pages.GET("/auth/callback/cas", rt.loginCallbackCas)
 		pages.GET("/auth/callback/oauth", rt.loginCallbackOAuth)
+		pages.GET("/auth/callback/dingtalk", rt.loginCallbackDingTalk)
+		pages.GET("/auth/callback/feishu", rt.loginCallbackFeiShu)
 		pages.GET("/auth/perms", rt.allPerms)

 		pages.GET("/metrics/desc", rt.metricsDescGetFile)
@@ -255,6 +266,7 @@ func (rt *Router) Config(r *gin.Engine) {

 		pages.GET("/notify-channels", rt.notifyChannelsGets)
 		pages.GET("/contact-keys", rt.contactKeysGets)
+		pages.GET("/install-date", rt.installDateGet)

 		pages.GET("/self/perms", rt.auth(), rt.user(), rt.permsGets)
 		pages.GET("/self/profile", rt.auth(), rt.user(), rt.selfProfileGet)
@@ -265,11 +277,11 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.DELETE("/self/token/:id", rt.auth(), rt.user(), rt.deleteToken)

 		pages.GET("/users", rt.auth(), rt.user(), rt.perm("/users"), rt.userGets)
-		pages.POST("/users", rt.auth(), rt.admin(), rt.userAddPost)
+		pages.POST("/users", rt.auth(), rt.user(), rt.perm("/users/add"), rt.userAddPost)
 		pages.GET("/user/:id/profile", rt.auth(), rt.userProfileGet)
-		pages.PUT("/user/:id/profile", rt.auth(), rt.admin(), rt.userProfilePut)
-		pages.PUT("/user/:id/password", rt.auth(), rt.admin(), rt.userPasswordPut)
-		pages.DELETE("/user/:id", rt.auth(), rt.admin(), rt.userDel)
+		pages.PUT("/user/:id/profile", rt.auth(), rt.user(), rt.perm("/users/put"), rt.userProfilePut)
+		pages.PUT("/user/:id/password", rt.auth(), rt.user(), rt.perm("/users/put"), rt.userPasswordPut)
+		pages.DELETE("/user/:id", rt.auth(), rt.user(), rt.perm("/users/del"), rt.userDel)

 		pages.GET("/metric-views", rt.auth(), rt.metricViewGets)
 		pages.DELETE("/metric-views", rt.auth(), rt.user(), rt.metricViewDel)
@@ -310,6 +322,7 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/busi-groups/tags", rt.auth(), rt.user(), rt.busiGroupsGetTags)

 		pages.GET("/targets", rt.auth(), rt.user(), rt.targetGets)
+		pages.POST("/target-update", rt.auth(), rt.targetUpdate)
 		pages.GET("/target/extra-meta", rt.auth(), rt.user(), rt.targetExtendInfoByIdent)
 		pages.POST("/target/list", rt.auth(), rt.user(), rt.targetGetsByHostFilter)
 		pages.DELETE("/targets", rt.auth(), rt.user(), rt.perm("/targets/del"), rt.targetDel)
@@ -357,6 +370,7 @@ func (rt *Router) Config(r *gin.Engine) {
 		// pages.GET("/alert-rules/builtin/alerts-cates", rt.auth(), rt.user(), rt.builtinAlertCateGets)
 		// pages.GET("/alert-rules/builtin/list", rt.auth(), rt.user(), rt.builtinAlertRules)
 		pages.GET("/alert-rules/callbacks", rt.auth(), rt.user(), rt.alertRuleCallbacks)
+		pages.GET("/timezones", rt.auth(), rt.user(), rt.timezonesGet)

 		pages.GET("/busi-groups/alert-rules", rt.auth(), rt.user(), rt.perm("/alert-rules"), rt.alertRuleGetsByGids)
 		pages.GET("/busi-group/:id/alert-rules", rt.auth(), rt.user(), rt.perm("/alert-rules"), rt.alertRuleGets)
@@ -372,13 +386,16 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.PUT("/busi-group/alert-rule/validate", rt.auth(), rt.user(), rt.perm("/alert-rules/put"), rt.alertRuleValidation)
 		pages.POST("/relabel-test", rt.auth(), rt.user(), rt.relabelTest)
 		pages.POST("/busi-group/:id/alert-rules/clone", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.bgrw(), rt.cloneToMachine)
+		pages.POST("/busi-groups/alert-rules/clones", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.batchAlertRuleClone)
+		pages.POST("/busi-group/alert-rules/notify-tryrun", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.alertRuleNotifyTryRun)
+		pages.POST("/busi-group/alert-rules/enable-tryrun", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.alertRuleEnableTryRun)

 		pages.GET("/busi-groups/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGetsByGids)
 		pages.GET("/busi-group/:id/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGets)
 		pages.POST("/busi-group/:id/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules/add"), rt.bgrw(), rt.recordingRuleAddByFE)
 		pages.DELETE("/busi-group/:id/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules/del"), rt.bgrw(), rt.recordingRuleDel)
-		pages.PUT("/busi-group/:id/recording-rule/:rrid", rt.auth(), rt.user(), rt.perm("/recording-rules/put"), rt.bgrw(), rt.recordingRulePutByFE)
 		pages.GET("/recording-rule/:rrid", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGet)
+		pages.PUT("/recording-rule/:rrid", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRulePutByFE)
 		pages.PUT("/busi-group/:id/recording-rules/fields", rt.auth(), rt.user(), rt.perm("/recording-rules/put"), rt.recordingRulePutFields)

 		pages.GET("/busi-groups/alert-mutes", rt.auth(), rt.user(), rt.perm("/alert-mutes"), rt.alertMuteGetsByGids)
@@ -389,6 +406,7 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.PUT("/busi-group/:id/alert-mute/:amid", rt.auth(), rt.user(), rt.perm("/alert-mutes/put"), rt.alertMutePutByFE)
 		pages.GET("/busi-group/:id/alert-mute/:amid", rt.auth(), rt.user(), rt.perm("/alert-mutes"), rt.alertMuteGet)
 		pages.PUT("/busi-group/:id/alert-mutes/fields", rt.auth(), rt.user(), rt.perm("/alert-mutes/put"), rt.bgrw(), rt.alertMutePutFields)
+		pages.POST("/alert-mute-tryrun", rt.auth(), rt.user(), rt.perm("/alert-mutes/add"), rt.alertMuteTryRun)

 		pages.GET("/busi-groups/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes"), rt.alertSubscribeGetsByGids)
 		pages.GET("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes"), rt.bgro(), rt.alertSubscribeGets)
@@ -396,22 +414,21 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.POST("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes/add"), rt.bgrw(), rt.alertSubscribeAdd)
 		pages.PUT("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes/put"), rt.bgrw(), rt.alertSubscribePut)
 		pages.DELETE("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes/del"), rt.bgrw(), rt.alertSubscribeDel)
+		pages.POST("/alert-subscribe/alert-subscribes-tryrun", rt.auth(), rt.user(), rt.perm("/alert-subscribes/add"), rt.alertSubscribeTryRun)

-		if rt.Center.AnonymousAccess.AlertDetail {
-			pages.GET("/alert-cur-event/:eid", rt.alertCurEventGet)
-			pages.GET("/alert-his-event/:eid", rt.alertHisEventGet)
-			pages.GET("/event-notify-records/:eid", rt.notificationRecordList)
-		} else {
-			pages.GET("/alert-cur-event/:eid", rt.auth(), rt.user(), rt.alertCurEventGet)
-			pages.GET("/alert-his-event/:eid", rt.auth(), rt.user(), rt.alertHisEventGet)
-			pages.GET("/event-notify-records/:eid", rt.auth(), rt.user(), rt.notificationRecordList)
-		}
+		pages.GET("/alert-cur-event/:eid", rt.alertCurEventGet)
+		pages.GET("/alert-his-event/:eid", rt.alertHisEventGet)
+		pages.GET("/event-notify-records/:eid", rt.notificationRecordList)
+		pages.GET("/event-detail/:hash", rt.eventDetailPage)
+		pages.GET("/alert-eval-detail/:id", rt.alertEvalDetailPage)
+		pages.GET("/trace-logs/:traceid", rt.traceLogsPage)

 		// card logic
 		pages.GET("/alert-cur-events/list", rt.auth(), rt.user(), rt.alertCurEventsList)
 		pages.GET("/alert-cur-events/card", rt.auth(), rt.user(), rt.alertCurEventsCard)
 		pages.POST("/alert-cur-events/card/details", rt.auth(), rt.alertCurEventsCardDetails)
 		pages.GET("/alert-his-events/list", rt.auth(), rt.user(), rt.alertHisEventsList)
+		pages.DELETE("/alert-his-events", rt.auth(), rt.admin(), rt.alertHisEventsDelete)
 		pages.DELETE("/alert-cur-events", rt.auth(), rt.user(), rt.perm("/alert-cur-events/del"), rt.alertCurEventDel)
 		pages.GET("/alert-cur-events/stats", rt.auth(), rt.alertCurEventsStatistics)

@@ -443,13 +460,13 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.POST("/datasource/status/update", rt.auth(), rt.admin(), rt.datasourceUpdataStatus)
 		pages.DELETE("/datasource/", rt.auth(), rt.admin(), rt.datasourceDel)

-		pages.GET("/roles", rt.auth(), rt.admin(), rt.roleGets)
-		pages.POST("/roles", rt.auth(), rt.admin(), rt.roleAdd)
-		pages.PUT("/roles", rt.auth(), rt.admin(), rt.rolePut)
-		pages.DELETE("/role/:id", rt.auth(), rt.admin(), rt.roleDel)
+		pages.GET("/roles", rt.auth(), rt.user(), rt.roleGets)
+		pages.POST("/roles", rt.auth(), rt.user(), rt.perm("/roles/add"), rt.roleAdd)
+		pages.PUT("/roles", rt.auth(), rt.user(), rt.perm("/roles/put"), rt.rolePut)
+		pages.DELETE("/role/:id", rt.auth(), rt.user(), rt.perm("/roles/del"), rt.roleDel)

-		pages.GET("/role/:id/ops", rt.auth(), rt.admin(), rt.operationOfRole)
-		pages.PUT("/role/:id/ops", rt.auth(), rt.admin(), rt.roleBindOperation)
+		pages.GET("/role/:id/ops", rt.auth(), rt.user(), rt.perm("/roles"), rt.operationOfRole)
+		pages.PUT("/role/:id/ops", rt.auth(), rt.user(), rt.perm("/roles/put"), rt.roleBindOperation)
 		pages.GET("/operation", rt.operations)

 		pages.GET("/notify-tpls", rt.auth(), rt.user(), rt.notifyTplGets)
@@ -471,7 +488,7 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/notify-channel", rt.auth(), rt.user(), rt.perm("/help/notification-settings"), rt.notifyChannelGets)
 		pages.PUT("/notify-channel", rt.auth(), rt.admin(), rt.notifyChannelPuts)

-		pages.GET("/notify-contact", rt.auth(), rt.user(), rt.perm("/help/notification-settings"), rt.notifyContactGets)
+		pages.GET("/notify-contact", rt.auth(), rt.user(), rt.notifyContactGets)
 		pages.PUT("/notify-contact", rt.auth(), rt.admin(), rt.notifyContactPuts)

 		pages.GET("/notify-config", rt.auth(), rt.user(), rt.perm("/help/notification-settings"), rt.notifyConfigGet)
@@ -480,13 +497,20 @@ func (rt *Router) Config(r *gin.Engine) {

 		pages.GET("/es-index-pattern", rt.auth(), rt.esIndexPatternGet)
 		pages.GET("/es-index-pattern-list", rt.auth(), rt.esIndexPatternGetList)
-		pages.POST("/es-index-pattern", rt.auth(), rt.admin(), rt.esIndexPatternAdd)
-		pages.PUT("/es-index-pattern", rt.auth(), rt.admin(), rt.esIndexPatternPut)
-		pages.DELETE("/es-index-pattern", rt.auth(), rt.admin(), rt.esIndexPatternDel)
+		pages.POST("/es-index-pattern", rt.auth(), rt.user(), rt.perm("/log/index-patterns/add"), rt.esIndexPatternAdd)
+		pages.PUT("/es-index-pattern", rt.auth(), rt.user(), rt.perm("/log/index-patterns/put"), rt.esIndexPatternPut)
+		pages.DELETE("/es-index-pattern", rt.auth(), rt.user(), rt.perm("/log/index-patterns/del"), rt.esIndexPatternDel)

 		pages.GET("/embedded-dashboards", rt.auth(), rt.user(), rt.perm("/embedded-dashboards"), rt.embeddedDashboardsGet)
 		pages.PUT("/embedded-dashboards", rt.auth(), rt.user(), rt.perm("/embedded-dashboards/put"), rt.embeddedDashboardsPut)

+		// 获取 embedded-product 列表
+		pages.GET("/embedded-product", rt.auth(), rt.user(), rt.embeddedProductGets)
+		pages.GET("/embedded-product/:id", rt.auth(), rt.user(), rt.embeddedProductGet)
+		pages.POST("/embedded-product", rt.auth(), rt.user(), rt.perm("/embedded-product/add"), rt.embeddedProductAdd)
+		pages.PUT("/embedded-product/:id", rt.auth(), rt.user(), rt.perm("/embedded-product/put"), rt.embeddedProductPut)
+		pages.DELETE("/embedded-product/:id", rt.auth(), rt.user(), rt.perm("/embedded-product/delete"), rt.embeddedProductDelete)
+
 		pages.GET("/user-variable-configs", rt.auth(), rt.user(), rt.perm("/help/variable-configs"), rt.userVariableConfigGets)
 		pages.POST("/user-variable-config", rt.auth(), rt.user(), rt.perm("/help/variable-configs"), rt.userVariableConfigAdd)
 		pages.PUT("/user-variable-config/:id", rt.auth(), rt.user(), rt.perm("/help/variable-configs"), rt.userVariableConfigPut)
@@ -496,21 +520,23 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.PUT("/config", rt.auth(), rt.admin(), rt.configPutByKey)
 		pages.GET("/site-info", rt.siteInfo)

+		// source token 相关路由
+		pages.POST("/source-token", rt.auth(), rt.user(), rt.sourceTokenAdd)
+
 		// for admin api
 		pages.GET("/user/busi-groups", rt.auth(), rt.admin(), rt.userBusiGroupsGets)

 		pages.GET("/builtin-components", rt.auth(), rt.user(), rt.builtinComponentsGets)
-		pages.POST("/builtin-components", rt.auth(), rt.user(), rt.perm("/built-in-components/add"), rt.builtinComponentsAdd)
-		pages.PUT("/builtin-components", rt.auth(), rt.user(), rt.perm("/built-in-components/put"), rt.builtinComponentsPut)
-		pages.DELETE("/builtin-components", rt.auth(), rt.user(), rt.perm("/built-in-components/del"), rt.builtinComponentsDel)
+		pages.POST("/builtin-components", rt.auth(), rt.user(), rt.perm("/components/add"), rt.builtinComponentsAdd)
+		pages.PUT("/builtin-components", rt.auth(), rt.user(), rt.perm("/components/put"), rt.builtinComponentsPut)
+		pages.DELETE("/builtin-components", rt.auth(), rt.user(), rt.perm("/components/del"), rt.builtinComponentsDel)

 		pages.GET("/builtin-payloads", rt.auth(), rt.user(), rt.builtinPayloadsGets)
 		pages.GET("/builtin-payloads/cates", rt.auth(), rt.user(), rt.builtinPayloadcatesGet)
-		pages.POST("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/built-in-components/add"), rt.builtinPayloadsAdd)
-		pages.GET("/builtin-payload/:id", rt.auth(), rt.user(), rt.perm("/built-in-components"), rt.builtinPayloadGet)
-		pages.PUT("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/built-in-components/put"), rt.builtinPayloadsPut)
-		pages.DELETE("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/built-in-components/del"), rt.builtinPayloadsDel)
-		pages.GET("/builtin-payload", rt.auth(), rt.user(), rt.builtinPayloadsGetByUUIDOrID)
+		pages.POST("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/components/add"), rt.builtinPayloadsAdd)
+		pages.PUT("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/components/put"), rt.builtinPayloadsPut)
+		pages.DELETE("/builtin-payloads", rt.auth(), rt.user(), rt.perm("/components/del"), rt.builtinPayloadsDel)
+		pages.GET("/builtin-payload", rt.auth(), rt.user(), rt.builtinPayloadsGetByUUID)

 		pages.POST("/message-templates", rt.auth(), rt.user(), rt.perm("/notification-templates/add"), rt.messageTemplatesAdd)
 		pages.DELETE("/message-templates", rt.auth(), rt.user(), rt.perm("/notification-templates/del"), rt.messageTemplatesDel)
@@ -526,6 +552,32 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/notify-rules", rt.auth(), rt.user(), rt.perm("/notification-rules"), rt.notifyRulesGet)
 		pages.POST("/notify-rule/test", rt.auth(), rt.user(), rt.perm("/notification-rules"), rt.notifyTest)
 		pages.GET("/notify-rule/custom-params", rt.auth(), rt.user(), rt.perm("/notification-rules"), rt.notifyRuleCustomParamsGet)
+		pages.POST("/notify-rule/event-pipelines-tryrun", rt.auth(), rt.user(), rt.perm("/notification-rules/add"), rt.tryRunEventProcessorByNotifyRule)
+
+		pages.GET("/event-tagkeys", rt.auth(), rt.user(), rt.eventTagKeys)
+		pages.GET("/event-tagvalues", rt.auth(), rt.user(), rt.eventTagValues)
+
+		// 事件Pipeline相关路由
+		pages.GET("/event-pipelines", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.eventPipelinesList)
+		pages.POST("/event-pipeline", rt.auth(), rt.user(), rt.perm("/event-pipelines/add"), rt.addEventPipeline)
+		pages.PUT("/event-pipeline", rt.auth(), rt.user(), rt.perm("/event-pipelines/put"), rt.updateEventPipeline)
+		pages.GET("/event-pipeline/:id", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.getEventPipeline)
+		pages.DELETE("/event-pipelines", rt.auth(), rt.user(), rt.perm("/event-pipelines/del"), rt.deleteEventPipelines)
+		pages.POST("/event-pipeline-tryrun", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.tryRunEventPipeline)
+		pages.POST("/event-processor-tryrun", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.tryRunEventProcessor)
+
+		// API 触发工作流
+		pages.POST("/event-pipeline/:id/trigger", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.triggerEventPipelineByAPI)
+		// SSE 流式执行工作流
+		pages.POST("/event-pipeline/:id/stream", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.streamEventPipeline)
+
+		// 事件Pipeline执行记录路由
+		pages.GET("/event-pipeline-executions", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.listAllEventPipelineExecutions)
+		pages.GET("/event-pipeline/:id/executions", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.listEventPipelineExecutions)
+		pages.GET("/event-pipeline/:id/execution/:exec_id", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.getEventPipelineExecution)
+		pages.GET("/event-pipeline-execution/:exec_id", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.getEventPipelineExecution)
+		pages.GET("/event-pipeline/:id/execution-stats", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.getEventPipelineExecutionStats)
+		pages.POST("/event-pipeline-executions/clean", rt.auth(), rt.user(), rt.admin(), rt.cleanEventPipelineExecutions)

 		pages.POST("/notify-channel-configs", rt.auth(), rt.user(), rt.perm("/notification-channels/add"), rt.notifyChannelsAdd)
 		pages.DELETE("/notify-channel-configs", rt.auth(), rt.user(), rt.perm("/notification-channels/del"), rt.notifyChannelsDel)
@@ -534,8 +586,18 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/notify-channel-configs", rt.auth(), rt.user(), rt.perm("/notification-channels"), rt.notifyChannelsGet)
 		pages.GET("/simplified-notify-channel-configs", rt.notifyChannelsGetForNormalUser)
 		pages.GET("/flashduty-channel-list/:id", rt.auth(), rt.user(), rt.flashDutyNotifyChannelsGet)
+		pages.GET("/pagerduty-integration-key/:id/:service_id/:integration_id", rt.auth(), rt.user(), rt.pagerDutyIntegrationKeyGet)
+		pages.GET("/pagerduty-service-list/:id", rt.auth(), rt.user(), rt.pagerDutyNotifyServicesGet)
 		pages.GET("/notify-channel-config", rt.auth(), rt.user(), rt.notifyChannelGetBy)
 		pages.GET("/notify-channel-config/idents", rt.notifyChannelIdentsGet)
+
+		// saved view 查询条件保存相关路由
+		pages.GET("/saved-views", rt.auth(), rt.user(), rt.savedViewGets)
+		pages.POST("/saved-views", rt.auth(), rt.user(), rt.savedViewAdd)
+		pages.PUT("/saved-view/:id", rt.auth(), rt.user(), rt.savedViewPut)
+		pages.DELETE("/saved-view/:id", rt.auth(), rt.user(), rt.savedViewDel)
+		pages.POST("/saved-view/:id/favorite", rt.auth(), rt.user(), rt.savedViewFavoriteAdd)
+		pages.DELETE("/saved-view/:id/favorite", rt.auth(), rt.user(), rt.savedViewFavoriteDel)
 	}

 	r.GET("/api/n9e/versions", func(c *gin.Context) {
@@ -578,6 +640,8 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.PUT("/targets/note", rt.targetUpdateNoteByService)
 			service.PUT("/targets/bgid", rt.targetUpdateBgidByService)

+			service.POST("/targets-of-host-query", rt.targetsOfHostQuery)
+
 			service.POST("/alert-rules", rt.alertRuleAddByService)
 			service.POST("/alert-rule-add", rt.alertRuleAddOneByService)
 			service.DELETE("/alert-rules", rt.alertRuleDelByService)
@@ -590,6 +654,7 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/busi-groups", rt.busiGroupGetsByService)

 			service.GET("/datasources", rt.datasourceGetsByService)
+			service.GET("/datasource-rsa-config", rt.datasourceRsaConfigGet)
 			service.GET("/datasource-ids", rt.getDatasourceIds)
 			service.POST("/server-heartbeat", rt.serverHeartbeat)
 			service.GET("/servers-active", rt.serversActive)
@@ -597,6 +662,7 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/recording-rules", rt.recordingRuleGetsByService)

 			service.GET("/alert-mutes", rt.alertMuteGets)
+			service.GET("/active-alert-mutes", rt.activeAlertMuteGets)
 			service.POST("/alert-mutes", rt.alertMuteAddByService)
 			service.DELETE("/alert-mutes", rt.alertMuteDel)

@@ -644,6 +710,18 @@ func (rt *Router) Config(r *gin.Engine) {

 			service.GET("/message-templates", rt.messageTemplateGets)

+			service.GET("/event-pipelines", rt.eventPipelinesListByService)
+			service.POST("/event-pipeline/:id/trigger", rt.triggerEventPipelineByService)
+			service.POST("/event-pipeline/:id/stream", rt.streamEventPipelineByService)
+			service.POST("/event-pipeline-execution", rt.eventPipelineExecutionAdd)
+
+			// 手机号加密存储配置接口
+			service.POST("/users/phone/encrypt", rt.usersPhoneEncrypt)
+			service.POST("/users/phone/decrypt", rt.usersPhoneDecrypt)
+			service.POST("/users/phone/refresh-encryption-config", rt.usersPhoneDecryptRefresh)
+
+			service.GET("/builtin-components", rt.builtinComponentsGets)
+			service.GET("/builtin-payloads", rt.builtinPayloadsGets)
 		}
 	}

--- a/center/router/router_alert_aggr_view.go
+++ b/center/router/router_alert_aggr_view.go
@@ -4,9 +4,9 @@ import (
 	"net/http"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 // no param
--- a/center/router/router_alert_cur_event.go
+++ b/center/router/router_alert_cur_event.go
@@ -1,50 +1,55 @@
 package router

 import (
+	"fmt"
 	"net/http"
 	"sort"
 	"strings"
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/logger"
 )

-func parseAggrRules(c *gin.Context) []*models.AggrRule {
-	aggrRules := strings.Split(ginx.QueryStr(c, "rule", ""), "::") // e.g. field:group_name::field:severity::tagkey:ident
-
-	if len(aggrRules) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "rule empty")
+func getUserGroupIds(ctx *gin.Context, rt *Router, myGroups bool) ([]int64, error) {
+	if !myGroups {
+		return nil, nil
 	}
-
-	rules := make([]*models.AggrRule, len(aggrRules))
-	for i := 0; i < len(aggrRules); i++ {
-		pair := strings.Split(aggrRules[i], ":")
-		if len(pair) != 2 {
-			ginx.Bomb(http.StatusBadRequest, "rule invalid")
-		}
-
-		if !(pair[0] == "field" || pair[0] == "tagkey") {
-			ginx.Bomb(http.StatusBadRequest, "rule invalid")
-		}
-
-		rules[i] = &models.AggrRule{
-			Type:  pair[0],
-			Value: pair[1],
-		}
-	}
-
-	return rules
+	me := ctx.MustGet("user").(*models.User)
+	return models.MyGroupIds(rt.Ctx, me.Id)
 }

 func (rt *Router) alertCurEventsCard(c *gin.Context) {
 	stime, etime := getTimeRange(c)
-	severity := ginx.QueryInt(c, "severity", -1)
+	severity := strx.IdsInt64ForAPI(ginx.QueryStr(c, "severity", ""), ",")
 	query := ginx.QueryStr(c, "query", "")
+	myGroups := ginx.QueryBool(c, "my_groups", false) // 是否只看自己组，默认false
+
+	var gids []int64
+	var err error
+	if myGroups {
+		gids, err = getUserGroupIds(c, rt, myGroups)
+		ginx.Dangerous(err)
+		if len(gids) == 0 {
+			gids = append(gids, -1)
+		}
+	}
+
+	viewId := ginx.QueryInt64(c, "view_id")
+
+	alertView, err := models.GetAlertAggrViewByViewID(rt.Ctx, viewId)
+	ginx.Dangerous(err)
+
+	if alertView == nil {
+		ginx.Bomb(http.StatusNotFound, "alert aggr view not found")
+	}
+
 	dsIds := queryDatasourceIds(c)
-	rules := parseAggrRules(c)

 	prod := ginx.QueryStr(c, "prods", "")
 	if prod == "" {
@@ -61,17 +66,18 @@ func (rt *Router) alertCurEventsCard(c *gin.Context) {
 		cates = strings.Split(cate, ",")
 	}

-	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView)
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, myGroups)
 	ginx.Dangerous(err)

 	// 最多获取50000个，获取太多也没啥意义
 	list, err := models.AlertCurEventsGet(rt.Ctx, prods, bgids, stime, etime, severity, dsIds,
-		cates, 0, query, 50000, 0)
+		cates, 0, query, 50000, 0, []int64{})
 	ginx.Dangerous(err)

 	cardmap := make(map[string]*AlertCard)
 	for _, event := range list {
-		title := event.GenCardTitle(rules)
+		title, err := event.GenCardTitle(alertView.Rule)
+		ginx.Dangerous(err)
 		if _, has := cardmap[title]; has {
 			cardmap[title].Total++
 			cardmap[title].EventIds = append(cardmap[title].EventIds, event.Id)
@@ -86,6 +92,10 @@ func (rt *Router) alertCurEventsCard(c *gin.Context) {
 				Severity: event.Severity,
 			}
 		}
+
+		if cardmap[title].Severity < 1 {
+			cardmap[title].Severity = 3
+		}
 	}

 	titles := make([]string, 0, len(cardmap))
@@ -142,11 +152,15 @@ func (rt *Router) alertCurEventsGetByRid(c *gin.Context) {
 // 列表方式，拉取活跃告警
 func (rt *Router) alertCurEventsList(c *gin.Context) {
 	stime, etime := getTimeRange(c)
-	severity := ginx.QueryInt(c, "severity", -1)
+	severity := strx.IdsInt64ForAPI(ginx.QueryStr(c, "severity", ""), ",")
 	query := ginx.QueryStr(c, "query", "")
 	limit := ginx.QueryInt(c, "limit", 20)
+	myGroups := ginx.QueryBool(c, "my_groups", false) // 是否只看自己组，默认false
+
 	dsIds := queryDatasourceIds(c)

+	eventIds := strx.IdsInt64ForAPI(ginx.QueryStr(c, "event_ids", ""), ",")
+
 	prod := ginx.QueryStr(c, "prods", "")
 	if prod == "" {
 		prod = ginx.QueryStr(c, "rule_prods", "")
@@ -165,18 +179,19 @@ func (rt *Router) alertCurEventsList(c *gin.Context) {

 	ruleId := ginx.QueryInt64(c, "rid", 0)

-	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView)
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, myGroups)
 	ginx.Dangerous(err)

 	total, err := models.AlertCurEventTotal(rt.Ctx, prods, bgids, stime, etime, severity, dsIds,
-		cates, ruleId, query)
+		cates, ruleId, query, eventIds)
 	ginx.Dangerous(err)

 	list, err := models.AlertCurEventsGet(rt.Ctx, prods, bgids, stime, etime, severity, dsIds,
-		cates, ruleId, query, limit, ginx.Offset(c, limit))
+		cates, ruleId, query, limit, ginx.Offset(c, limit), eventIds)
 	ginx.Dangerous(err)

 	cache := make(map[int64]*models.UserGroup)
+
 	for i := 0; i < len(list); i++ {
 		list[i].FillNotifyGroups(rt.Ctx, cache)
 	}
@@ -218,24 +233,68 @@ func (rt *Router) checkCurEventBusiGroupRWPermission(c *gin.Context, ids []int64

 func (rt *Router) alertCurEventGet(c *gin.Context) {
 	eid := ginx.UrlParamInt64(c, "eid")
-	event, err := models.AlertCurEventGetById(rt.Ctx, eid)
-	ginx.Dangerous(err)
+	event, err := GetCurEventDetail(rt.Ctx, eid)

-	if event == nil {
-		ginx.Bomb(404, "No such active event")
-	}
-
-	if !rt.Center.AnonymousAccess.AlertDetail && rt.Center.EventHistoryGroupView {
+	hasPermission := HasPermission(rt.Ctx, c, "event", fmt.Sprintf("%d", eid), rt.Center.AnonymousAccess.AlertDetail)
+	if !hasPermission {
+		rt.auth()(c)
+		rt.user()(c)
 		rt.bgroCheck(c, event.GroupId)
 	}

-	ruleConfig, needReset := models.FillRuleConfigTplName(rt.Ctx, event.RuleConfig)
+	ginx.NewRender(c).Data(event, err)
+}
+
+func GetCurEventDetail(ctx *ctx.Context, eid int64) (*models.AlertCurEvent, error) {
+	event, err := models.AlertCurEventGetById(ctx, eid)
+	if err != nil {
+		return nil, err
+	}
+
+	if event == nil {
+		return nil, fmt.Errorf("no such active event")
+	}
+
+	ruleConfig, needReset := models.FillRuleConfigTplName(ctx, event.RuleConfig)
 	if needReset {
 		event.RuleConfigJson = ruleConfig
 	}

 	event.LastEvalTime = event.TriggerTime
-	ginx.NewRender(c).Data(event, nil)
+	event.NotifyVersion, err = GetEventNotifyVersion(ctx, event.RuleId, event.NotifyRuleIds)
+	ginx.Dangerous(err)
+
+	event.NotifyRules, err = GetEventNotifyRuleNames(ctx, event.NotifyRuleIds)
+	return event, err
+}
+
+func GetEventNotifyRuleNames(ctx *ctx.Context, notifyRuleIds []int64) ([]*models.EventNotifyRule, error) {
+	notifyRuleNames := make([]*models.EventNotifyRule, 0)
+	notifyRules, err := models.NotifyRulesGet(ctx, "id in ?", notifyRuleIds)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, notifyRule := range notifyRules {
+		notifyRuleNames = append(notifyRuleNames, &models.EventNotifyRule{
+			Id:   notifyRule.ID,
+			Name: notifyRule.Name,
+		})
+	}
+	return notifyRuleNames, nil
+}
+
+func GetEventNotifyVersion(ctx *ctx.Context, ruleId int64, notifyRuleIds []int64) (int, error) {
+	if len(notifyRuleIds) != 0 {
+		// 如果存在 notify_rule_ids，则认为使用新的告警通知方式
+		return 1, nil
+	}
+
+	rule, err := models.AlertRuleGetById(ctx, ruleId)
+	if err != nil {
+		return 0, err
+	}
+	return rule.NotifyVersion, nil
 }

 func (rt *Router) alertCurEventsStatistics(c *gin.Context) {
@@ -247,3 +306,123 @@ func (rt *Router) alertCurEventDelByHash(c *gin.Context) {
 	hash := ginx.QueryStr(c, "hash")
 	ginx.NewRender(c).Message(models.AlertCurEventDelByHash(rt.Ctx, hash))
 }
+
+func (rt *Router) eventTagKeys(c *gin.Context) {
+	// 获取最近1天的活跃告警事件
+	now := time.Now().Unix()
+	stime := now - 24*3600
+	etime := now
+
+	// 获取用户可见的业务组ID列表
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, false)
+	if err != nil {
+		logger.Warningf("failed to get business group ids: %v", err)
+		ginx.NewRender(c).Data([]string{"ident", "app", "service", "instance"}, nil)
+		return
+	}
+
+	// 查询活跃告警事件，限制数量以提高性能
+	events, err := models.AlertCurEventsGet(rt.Ctx, []string{}, bgids, stime, etime, []int64{}, []int64{}, []string{}, 0, "", 200, 0, []int64{})
+	if err != nil {
+		logger.Warningf("failed to get current alert events: %v", err)
+		ginx.NewRender(c).Data([]string{"ident", "app", "service", "instance"}, nil)
+		return
+	}
+
+	// 如果没有查到事件，返回默认标签
+	if len(events) == 0 {
+		ginx.NewRender(c).Data([]string{"ident", "app", "service", "instance"}, nil)
+		return
+	}
+
+	// 收集所有标签键并去重
+	tagKeys := make(map[string]struct{})
+	for _, event := range events {
+		for key := range event.TagsMap {
+			tagKeys[key] = struct{}{}
+		}
+	}
+
+	// 转换为字符串切片
+	var result []string
+	for key := range tagKeys {
+		result = append(result, key)
+	}
+
+	// 如果没有收集到任何标签键，返回默认值
+	if len(result) == 0 {
+		result = []string{"ident", "app", "service", "instance"}
+	}
+
+	ginx.NewRender(c).Data(result, nil)
+}
+
+func (rt *Router) eventTagValues(c *gin.Context) {
+	// 获取标签key
+	tagKey := ginx.QueryStr(c, "key")
+
+	// 获取最近1天的活跃告警事件
+	now := time.Now().Unix()
+	stime := now - 24*3600
+	etime := now
+
+	// 获取用户可见的业务组ID列表
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, false)
+	if err != nil {
+		logger.Warningf("failed to get business group ids: %v", err)
+		ginx.NewRender(c).Data([]string{}, nil)
+		return
+	}
+
+	// 查询活跃告警事件，获取更多数据以保证统计准确性
+	events, err := models.AlertCurEventsGet(rt.Ctx, []string{}, bgids, stime, etime, []int64{}, []int64{}, []string{}, 0, "", 1000, 0, []int64{})
+	if err != nil {
+		logger.Warningf("failed to get current alert events: %v", err)
+		ginx.NewRender(c).Data([]string{}, nil)
+		return
+	}
+
+	// 如果没有查到事件，返回空数组
+	if len(events) == 0 {
+		ginx.NewRender(c).Data([]string{}, nil)
+		return
+	}
+
+	// 统计标签值出现次数
+	valueCount := make(map[string]int)
+	for _, event := range events {
+		// TagsMap已经在AlertCurEventsGet中处理，直接使用
+		if value, exists := event.TagsMap[tagKey]; exists && value != "" {
+			valueCount[value]++
+		}
+	}
+
+	// 转换为切片并按出现次数降序排序
+	type tagValue struct {
+		value string
+		count int
+	}
+
+	tagValues := make([]tagValue, 0, len(valueCount))
+	for value, count := range valueCount {
+		tagValues = append(tagValues, tagValue{value, count})
+	}
+
+	// 按出现次数降序排序
+	sort.Slice(tagValues, func(i, j int) bool {
+		return tagValues[i].count > tagValues[j].count
+	})
+
+	// 只取Top20并转换为字符串数组
+	limit := 20
+	if len(tagValues) < limit {
+		limit = len(tagValues)
+	}
+
+	result := make([]string, 0, limit)
+	for i := 0; i < limit; i++ {
+		result = append(result, tagValues[i].value)
+	}
+
+	ginx.NewRender(c).Data(result, nil)
+}
--- a/center/router/router_alert_eval_detail.go
+++ b/center/router/router_alert_eval_detail.go
@@ -0,0 +1,168 @@
+package router
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/loggrep"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+)
+
+// alertEvalDetailPage renders an HTML log viewer page for alert rule evaluation logs.
+func (rt *Router) alertEvalDetailPage(c *gin.Context) {
+	id := ginx.UrlParamStr(c, "id")
+	if !loggrep.IsValidRuleID(id) {
+		c.String(http.StatusBadRequest, "invalid rule id format")
+		return
+	}
+
+	logs, instance, err := rt.getAlertEvalLogs(id)
+	if err != nil {
+		c.String(http.StatusInternalServerError, "Error: %v", err)
+		return
+	}
+
+	c.Header("Content-Type", "text/html; charset=utf-8")
+	err = loggrep.RenderAlertEvalHTML(c.Writer, loggrep.AlertEvalPageData{
+		RuleID:   id,
+		Instance: instance,
+		Logs:     logs,
+		Total:    len(logs),
+	})
+	if err != nil {
+		c.String(http.StatusInternalServerError, "render error: %v", err)
+	}
+}
+
+// alertEvalDetailJSON returns JSON for alert rule evaluation logs.
+func (rt *Router) alertEvalDetailJSON(c *gin.Context) {
+	id := ginx.UrlParamStr(c, "id")
+	if !loggrep.IsValidRuleID(id) {
+		ginx.Bomb(200, "invalid rule id format")
+	}
+
+	logs, instance, err := rt.getAlertEvalLogs(id)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(loggrep.EventDetailResp{
+		Logs:     logs,
+		Instance: instance,
+	}, nil)
+}
+
+// getAlertEvalLogs resolves the target instance(s) and retrieves alert eval logs.
+func (rt *Router) getAlertEvalLogs(id string) ([]string, string, error) {
+	ruleId, _ := strconv.ParseInt(id, 10, 64)
+	rule, err := models.AlertRuleGetById(rt.Ctx, ruleId)
+	if err != nil {
+		return nil, "", err
+	}
+	if rule == nil {
+		return nil, "", fmt.Errorf("no such alert rule")
+	}
+
+	instance := fmt.Sprintf("%s:%d", rt.Alert.Heartbeat.IP, rt.HTTP.Port)
+	keyword := fmt.Sprintf("alert_eval_%s", id)
+
+	// Get datasource IDs for this rule
+	dsIds := rt.DatasourceCache.GetIDsByDsCateAndQueries(rule.Cate, rule.DatasourceQueries)
+	if len(dsIds) == 0 {
+		// No datasources found (e.g. host rule), try local grep
+		logs, err := loggrep.GrepLogDir(rt.LogDir, keyword)
+		return logs, instance, err
+	}
+
+	// Find unique target nodes via hash ring, with DB fallback
+	nodeSet := make(map[string]struct{})
+	for _, dsId := range dsIds {
+		node, err := rt.getNodeForDatasource(dsId, id)
+		if err != nil {
+			continue
+		}
+		nodeSet[node] = struct{}{}
+	}
+
+	if len(nodeSet) == 0 {
+		// Hash ring not ready, grep locally
+		logs, err := loggrep.GrepLogDir(rt.LogDir, keyword)
+		return logs, instance, err
+	}
+
+	// Collect logs from all target nodes
+	var allLogs []string
+	var instances []string
+
+	for node := range nodeSet {
+		if node == instance {
+			logs, err := loggrep.GrepLogDir(rt.LogDir, keyword)
+			if err == nil {
+				allLogs = append(allLogs, logs...)
+				instances = append(instances, node)
+			}
+		} else {
+			logs, nodeAddr, err := rt.forwardAlertEvalDetail(node, id)
+			if err == nil {
+				allLogs = append(allLogs, logs...)
+				instances = append(instances, nodeAddr)
+			}
+		}
+	}
+
+	// Sort logs by timestamp descending
+	sort.Slice(allLogs, func(i, j int) bool {
+		return allLogs[i] > allLogs[j]
+	})
+
+	if len(allLogs) > loggrep.MaxLogLines {
+		allLogs = allLogs[:loggrep.MaxLogLines]
+	}
+
+	return allLogs, strings.Join(instances, ", "), nil
+}
+
+func (rt *Router) forwardAlertEvalDetail(node, id string) ([]string, string, error) {
+	url := fmt.Sprintf("http://%s/v1/n9e/alert-eval-detail/%s", node, id)
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, node, err
+	}
+
+	for user, pass := range rt.HTTP.APIForService.BasicAuth {
+		req.SetBasicAuth(user, pass)
+		break
+	}
+
+	client := &http.Client{Timeout: 15 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, node, fmt.Errorf("forward to %s failed: %v", node, err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 10*1024*1024)) // 10MB limit
+	if err != nil {
+		return nil, node, err
+	}
+
+	var result struct {
+		Dat loggrep.EventDetailResp `json:"dat"`
+		Err string                  `json:"err"`
+	}
+	if err := json.Unmarshal(body, &result); err != nil {
+		return nil, node, err
+	}
+	if result.Err != "" {
+		return nil, node, fmt.Errorf("%s", result.Err)
+	}
+
+	return result.Dat.Logs, result.Dat.Instance, nil
+}
--- a/center/router/router_alert_his_event.go
+++ b/center/router/router_alert_his_event.go
@@ -2,14 +2,16 @@ package router

 import (
 	"fmt"
+	"net/http"
 	"strings"
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/logger"
 	"golang.org/x/exp/slices"
 )

@@ -56,15 +58,15 @@ func (rt *Router) alertHisEventsList(c *gin.Context) {

 	ruleId := ginx.QueryInt64(c, "rid", 0)

-	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView)
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, false)
 	ginx.Dangerous(err)

 	total, err := models.AlertHisEventTotal(rt.Ctx, prods, bgids, stime, etime, severity,
-		recovered, dsIds, cates, ruleId, query)
+		recovered, dsIds, cates, ruleId, query, []int64{})
 	ginx.Dangerous(err)

 	list, err := models.AlertHisEventGets(rt.Ctx, prods, bgids, stime, etime, severity, recovered,
-		dsIds, cates, ruleId, query, limit, ginx.Offset(c, limit))
+		dsIds, cates, ruleId, query, limit, ginx.Offset(c, limit), []int64{})
 	ginx.Dangerous(err)

 	cache := make(map[int64]*models.UserGroup)
@@ -78,16 +80,67 @@ func (rt *Router) alertHisEventsList(c *gin.Context) {
 	}, nil)
 }

+type alertHisEventsDeleteForm struct {
+	Severities []int `json:"severities"`
+	Timestamp  int64 `json:"timestamp" binding:"required"`
+}
+
+func (rt *Router) alertHisEventsDelete(c *gin.Context) {
+	var f alertHisEventsDeleteForm
+	ginx.BindJSON(c, &f)
+	// 校验
+	if f.Timestamp == 0 {
+		ginx.Bomb(http.StatusBadRequest, "timestamp parameter is required")
+		return
+	}
+
+	user := c.MustGet("user").(*models.User)
+
+	// 启动后台清理任务
+	go func() {
+		limit := 100
+		for {
+			n, err := models.AlertHisEventBatchDelete(rt.Ctx, f.Timestamp, f.Severities, limit)
+			if err != nil {
+				logger.Errorf("Failed to delete alert history events: operator=%s, timestamp=%d, severities=%v, error=%v",
+					user.Username, f.Timestamp, f.Severities, err)
+				break
+			}
+			logger.Debugf("Successfully deleted alert history events: operator=%s, timestamp=%d, severities=%v, deleted=%d",
+				user.Username, f.Timestamp, f.Severities, n)
+			if n < int64(limit) {
+				break // 已经删完
+			}
+
+			time.Sleep(100 * time.Millisecond) // 防止锁表
+		}
+	}()
+	ginx.NewRender(c).Data("Alert history events deletion started", nil)
+}
+
+var TransferEventToCur func(*ctx.Context, *models.AlertHisEvent) *models.AlertCurEvent
+
+func init() {
+	TransferEventToCur = transferEventToCur
+}
+
+func transferEventToCur(ctx *ctx.Context, event *models.AlertHisEvent) *models.AlertCurEvent {
+	cur := event.ToCur()
+	return cur
+}
+
 func (rt *Router) alertHisEventGet(c *gin.Context) {
 	eid := ginx.UrlParamInt64(c, "eid")
 	event, err := models.AlertHisEventGetById(rt.Ctx, eid)
 	ginx.Dangerous(err)
-
 	if event == nil {
 		ginx.Bomb(404, "No such alert event")
 	}

-	if !rt.Center.AnonymousAccess.AlertDetail && rt.Center.EventHistoryGroupView {
+	hasPermission := HasPermission(rt.Ctx, c, "event", fmt.Sprintf("%d", eid), rt.Center.AnonymousAccess.AlertDetail)
+	if !hasPermission {
+		rt.auth()(c)
+		rt.user()(c)
 		rt.bgroCheck(c, event.GroupId)
 	}

@@ -96,46 +149,54 @@ func (rt *Router) alertHisEventGet(c *gin.Context) {
 		event.RuleConfigJson = ruleConfig
 	}

-	ginx.NewRender(c).Data(event, err)
+	event.NotifyVersion, err = GetEventNotifyVersion(rt.Ctx, event.RuleId, event.NotifyRuleIds)
+	ginx.Dangerous(err)
+
+	event.NotifyRules, err = GetEventNotifyRuleNames(rt.Ctx, event.NotifyRuleIds)
+	ginx.NewRender(c).Data(TransferEventToCur(rt.Ctx, event), err)
 }

-func GetBusinessGroupIds(c *gin.Context, ctx *ctx.Context, eventHistoryGroupView bool) ([]int64, error) {
+func GetBusinessGroupIds(c *gin.Context, ctx *ctx.Context, onlySelfGroupView bool, myGroups bool) ([]int64, error) {
 	bgid := ginx.QueryInt64(c, "bgid", 0)
 	var bgids []int64

-	if !eventHistoryGroupView || strings.HasPrefix(c.Request.URL.Path, "/v1") {
+	if strings.HasPrefix(c.Request.URL.Path, "/v1") {
+		// 如果请求路径以 /v1 开头，不查询用户信息
 		if bgid > 0 {
 			return []int64{bgid}, nil
 		}
+
 		return bgids, nil
 	}

 	user := c.MustGet("user").(*models.User)
-	if user.IsAdmin() {
+	if myGroups || (onlySelfGroupView && !user.IsAdmin()) {
+		// 1. 页面上勾选了我的业务组，需要查询用户所属的业务组
+		// 2. 如果 onlySelfGroupView 为 true，表示只允许查询用户所属的业务组
+		bussGroupIds, err := models.MyBusiGroupIds(ctx, user.Id)
+		if err != nil {
+			return nil, err
+		}
+
+		if len(bussGroupIds) == 0 {
+			// 如果没查到用户属于任何业务组，需要返回一个0，否则会导致查询到全部告警历史
+			return []int64{0}, nil
+		}
+
 		if bgid > 0 {
+			if !slices.Contains(bussGroupIds, bgid) && !user.IsAdmin() {
+				return nil, fmt.Errorf("business group ID not allowed")
+			}
+
 			return []int64{bgid}, nil
 		}
-		return bgids, nil
-	}

-	bussGroupIds, err := models.MyBusiGroupIds(ctx, user.Id)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(bussGroupIds) == 0 {
-		// 如果没查到用户属于任何业务组，需要返回一个0，否则会导致查询到全部告警历史
-		return []int64{0}, nil
-	}
-
-	if bgid > 0 && !slices.Contains(bussGroupIds, bgid) {
-		return nil, fmt.Errorf("business group ID not allowed")
+		return bussGroupIds, nil
 	}

 	if bgid > 0 {
-		// Pass filter parameters, priority to use
 		return []int64{bgid}, nil
 	}

-	return bussGroupIds, nil
+	return bgids, nil
 }
--- a/center/router/router_alert_rule.go
+++ b/center/router/router_alert_rule.go
@@ -11,16 +11,18 @@ import (

 	"gopkg.in/yaml.v2"

+	"github.com/ccfos/nightingale/v6/alert/mute"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
 	"github.com/ccfos/nightingale/v6/pushgw/pconf"
 	"github.com/ccfos/nightingale/v6/pushgw/writer"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/copier"
+	"github.com/pkg/errors"
 	"github.com/prometheus/prometheus/prompb"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
-	"github.com/toolkits/pkg/str"
 )

 type AlertRuleModifyHookFunc func(ar *models.AlertRule)
@@ -33,13 +35,13 @@ func (rt *Router) alertRuleGets(c *gin.Context) {
 		cache := make(map[int64]*models.UserGroup)
 		for i := 0; i < len(ars); i++ {
 			ars[i].FillNotifyGroups(rt.Ctx, cache)
-			ars[i].FillSeverities()
 		}
+		models.FillUpdateByNicknames(rt.Ctx, ars)
 	}
 	ginx.NewRender(c).Data(ars, err)
 }

-func getAlertCueEventTimeRange(c *gin.Context) (stime, etime int64) {
+func GetAlertCueEventTimeRange(c *gin.Context) (stime, etime int64) {
 	stime = ginx.QueryInt64(c, "stime", 0)
 	etime = ginx.QueryInt64(c, "etime", 0)
 	if etime == 0 {
@@ -52,7 +54,7 @@ func getAlertCueEventTimeRange(c *gin.Context) (stime, etime int64) {
 }

 func (rt *Router) alertRuleGetsByGids(c *gin.Context) {
-	gids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	gids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	if len(gids) > 0 {
 		for _, gid := range gids {
 			rt.bgroCheck(c, gid)
@@ -75,20 +77,17 @@ func (rt *Router) alertRuleGetsByGids(c *gin.Context) {
 	if err == nil {
 		cache := make(map[int64]*models.UserGroup)
 		rids := make([]int64, 0, len(ars))
-		names := make([]string, 0, len(ars))
 		for i := 0; i < len(ars); i++ {
 			ars[i].FillNotifyGroups(rt.Ctx, cache)
-			ars[i].FillSeverities()

 			if len(ars[i].DatasourceQueries) != 0 {
 				ars[i].DatasourceIdsJson = rt.DatasourceCache.GetIDsByDsCateAndQueries(ars[i].Cate, ars[i].DatasourceQueries)
 			}

 			rids = append(rids, ars[i].Id)
-			names = append(names, ars[i].UpdateBy)
 		}

-		stime, etime := getAlertCueEventTimeRange(c)
+		stime, etime := GetAlertCueEventTimeRange(c)
 		cnt := models.AlertCurEventCountByRuleId(rt.Ctx, rids, stime, etime)
 		if cnt != nil {
 			for i := 0; i < len(ars); i++ {
@@ -96,14 +95,7 @@ func (rt *Router) alertRuleGetsByGids(c *gin.Context) {
 			}
 		}

-		users := models.UserMapGet(rt.Ctx, "username in (?)", names)
-		if users != nil {
-			for i := 0; i < len(ars); i++ {
-				if user, exist := users[ars[i].UpdateBy]; exist {
-					ars[i].UpdateByNickname = user.Nickname
-				}
-			}
-		}
+		models.FillUpdateByNicknames(rt.Ctx, ars)
 	}
 	ginx.NewRender(c).Data(ars, err)
 }
@@ -135,6 +127,7 @@ func (rt *Router) alertRulesGetByService(c *gin.Context) {
 				ars[i].DatasourceIdsJson = rt.DatasourceCache.GetIDsByDsCateAndQueries(ars[i].Cate, ars[i].DatasourceQueries)
 			}
 		}
+		models.FillUpdateByNicknames(rt.Ctx, ars)
 	}
 	ginx.NewRender(c).Data(ars, err)
 }
@@ -157,6 +150,120 @@ func (rt *Router) alertRuleAddByFE(c *gin.Context) {
 	ginx.NewRender(c).Data(reterr, nil)
 }

+type AlertRuleTryRunForm struct {
+	EventId         int64            `json:"event_id" binding:"required"`
+	AlertRuleConfig models.AlertRule `json:"config" binding:"required"`
+}
+
+func (rt *Router) alertRuleNotifyTryRun(c *gin.Context) {
+	// check notify channels of old version
+	var f AlertRuleTryRunForm
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	if f.AlertRuleConfig.NotifyVersion == 1 {
+		for _, id := range f.AlertRuleConfig.NotifyRuleIds {
+			notifyRule, err := models.GetNotifyRule(rt.Ctx, id)
+			ginx.Dangerous(err)
+			for _, notifyConfig := range notifyRule.NotifyConfigs {
+				_, err = SendNotifyChannelMessage(rt.Ctx, rt.UserCache, rt.UserGroupCache, notifyConfig, []*models.AlertCurEvent{&curEvent})
+				ginx.Dangerous(err)
+			}
+		}
+
+		ginx.NewRender(c).Data("notification test ok", nil)
+		return
+	}
+
+	if len(f.AlertRuleConfig.NotifyChannelsJSON) == 0 {
+		ginx.Bomb(http.StatusOK, "no notify channels selected")
+	}
+
+	if len(f.AlertRuleConfig.NotifyGroupsJSON) == 0 {
+		ginx.Bomb(http.StatusOK, "no notify groups selected")
+	}
+
+	ancs := make([]string, 0, len(curEvent.NotifyChannelsJSON))
+	ugids := f.AlertRuleConfig.NotifyGroupsJSON
+	ngids := make([]int64, 0)
+	for i := 0; i < len(ugids); i++ {
+		if gid, err := strconv.ParseInt(ugids[i], 10, 64); err == nil {
+			ngids = append(ngids, gid)
+		}
+	}
+	userGroups := rt.UserGroupCache.GetByUserGroupIds(ngids)
+	uids := make([]int64, 0)
+	for i := range userGroups {
+		uids = append(uids, userGroups[i].UserIds...)
+	}
+	users := rt.UserCache.GetByUserIds(uids)
+	for _, NotifyChannels := range curEvent.NotifyChannelsJSON {
+		flag := true
+		// ignore non-default channels
+		switch NotifyChannels {
+		case models.Dingtalk, models.Wecom, models.Feishu, models.Mm,
+			models.Telegram, models.Email, models.FeishuCard:
+			// do nothing
+		default:
+			continue
+		}
+		// default channels
+		for ui := range users {
+			if _, b := users[ui].ExtractToken(NotifyChannels); b {
+				flag = false
+				break
+			}
+		}
+		if flag {
+			ancs = append(ancs, NotifyChannels)
+		}
+	}
+	if len(ancs) > 0 {
+		ginx.Dangerous(errors.New(fmt.Sprintf("All users are missing notify channel configurations. Please check for missing tokens (each channel should be configured with at least one user). %v", ancs)))
+	}
+
+	ginx.NewRender(c).Data("notification test ok", nil)
+}
+
+func (rt *Router) alertRuleEnableTryRun(c *gin.Context) {
+	// check notify channels of old version
+	var f AlertRuleTryRunForm
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	if f.AlertRuleConfig.Disabled == 1 {
+		ginx.Bomb(http.StatusOK, "rule is disabled")
+	}
+
+	if mute.TimeSpanMuteStrategy(&f.AlertRuleConfig, &curEvent) {
+		ginx.Bomb(http.StatusOK, "event is not match for period of time")
+	}
+
+	if mute.BgNotMatchMuteStrategy(&f.AlertRuleConfig, &curEvent, rt.TargetCache) {
+		ginx.Bomb(http.StatusOK, "event target busi group not match rule busi group")
+	}
+
+	ginx.NewRender(c).Data("event is effective", nil)
+}
+
 func (rt *Router) alertRuleAddByImport(c *gin.Context) {
 	username := c.MustGet("username").(string)

@@ -174,6 +281,15 @@ func (rt *Router) alertRuleAddByImport(c *gin.Context) {
 				models.DataSourceQueryAll,
 			}
 		}
+
+		// 将导入的规则统一转为新版本的通知规则配置
+		lst[i].NotifyVersion = 1
+		lst[i].NotifyChannelsJSON = []string{}
+		lst[i].NotifyGroupsJSON = []string{}
+		lst[i].NotifyChannels = ""
+		lst[i].NotifyGroups = ""
+		lst[i].Callbacks = ""
+		lst[i].CallbacksJSON = []string{}
 	}

 	bgid := ginx.UrlParamInt64(c, "id")
@@ -192,19 +308,52 @@ func (rt *Router) alertRuleAddByImportPromRule(c *gin.Context) {
 	var f promRuleForm
 	ginx.Dangerous(c.BindJSON(&f))

+	// 首先尝试解析带 groups 的格式
 	var pr struct {
 		Groups []models.PromRuleGroup `yaml:"groups"`
 	}
 	err := yaml.Unmarshal([]byte(f.Payload), &pr)
-	if err != nil {
-		ginx.Bomb(http.StatusBadRequest, "invalid yaml format, please use the example format. err: %v", err)
+
+	var groups []models.PromRuleGroup
+
+	if err != nil || len(pr.Groups) == 0 {
+		// 如果解析失败或没有 groups，尝试解析规则数组格式
+		var rules []models.PromRule
+		err = yaml.Unmarshal([]byte(f.Payload), &rules)
+		if err != nil {
+			// 最后尝试解析单个规则格式
+			var singleRule models.PromRule
+			err = yaml.Unmarshal([]byte(f.Payload), &singleRule)
+			if err != nil {
+				ginx.Bomb(http.StatusBadRequest, "invalid yaml format. err: %v", err)
+			}
+
+			// 验证单个规则是否有效
+			if singleRule.Alert == "" && singleRule.Record == "" {
+				ginx.Bomb(http.StatusBadRequest, "input yaml is empty or invalid")
+			}
+
+			rules = []models.PromRule{singleRule}
+		}
+
+		// 验证规则数组是否为空
+		if len(rules) == 0 {
+			ginx.Bomb(http.StatusBadRequest, "input yaml contains no rules")
+		}
+
+		// 将规则数组包装成 group
+		groups = []models.PromRuleGroup{
+			{
+				Name:  "imported_rules",
+				Rules: rules,
+			},
+		}
+	} else {
+		// 使用已解析的 groups
+		groups = pr.Groups
 	}

-	if len(pr.Groups) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "input yaml is empty")
-	}
-
-	lst := models.DealPromGroup(pr.Groups, f.DatasourceQueries, f.Disabled)
+	lst := models.DealPromGroup(groups, f.DatasourceQueries, f.Disabled)
 	username := c.MustGet("username").(string)
 	bgid := ginx.UrlParamInt64(c, "id")
 	ginx.NewRender(c).Data(rt.alertRuleAdd(lst, username, bgid, c.GetHeader("X-Language")), nil)
@@ -349,8 +498,8 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 		ginx.Bomb(http.StatusBadRequest, "fields empty")
 	}

-	f.Fields["update_by"] = c.MustGet("username").(string)
-	f.Fields["update_at"] = time.Now().Unix()
+	updateBy := c.MustGet("username").(string)
+	updateAt := time.Now().Unix()

 	for i := 0; i < len(f.Ids); i++ {
 		ar, err := models.AlertRuleGetById(rt.Ctx, f.Ids[i])
@@ -367,7 +516,6 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 				b, err := json.Marshal(originRule)
 				ginx.Dangerous(err)
 				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"rule_config": string(b)}))
-				continue
 			}
 		}

@@ -380,7 +528,6 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 				b, err := json.Marshal(ar.AnnotationsJSON)
 				ginx.Dangerous(err)
 				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"annotations": string(b)}))
-				continue
 			}
 		}

@@ -393,7 +540,6 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 				b, err := json.Marshal(ar.AnnotationsJSON)
 				ginx.Dangerous(err)
 				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"annotations": string(b)}))
-				continue
 			}
 		}

@@ -403,7 +549,6 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 				callback := callbacks.(string)
 				if !strings.Contains(ar.Callbacks, callback) {
 					ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"callbacks": ar.Callbacks + " " + callback}))
-					continue
 				}
 			}
 		}
@@ -413,7 +558,6 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 			if callbacks, has := f.Fields["callbacks"]; has {
 				callback := callbacks.(string)
 				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"callbacks": strings.ReplaceAll(ar.Callbacks, callback, "")}))
-				continue
 			}
 		}

@@ -423,7 +567,6 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 				bytes, err := json.Marshal(datasourceQueries)
 				ginx.Dangerous(err)
 				ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{"datasource_queries": bytes}))
-				continue
 			}
 		}

@@ -439,6 +582,12 @@ func (rt *Router) alertRulePutFields(c *gin.Context) {
 				ginx.Dangerous(ar.UpdateColumn(rt.Ctx, k, v))
 			}
 		}
+
+		// 统一更新更新时间和更新人，只有更新时间变了，告警规则才会被引擎拉取
+		ginx.Dangerous(ar.UpdateFieldsMap(rt.Ctx, map[string]interface{}{
+			"update_by": updateBy,
+			"update_at": updateAt,
+		}))
 	}

 	ginx.NewRender(c).Message(nil)
@@ -687,3 +836,73 @@ func (rt *Router) cloneToMachine(c *gin.Context) {

 	ginx.NewRender(c).Data(reterr, models.InsertAlertRule(rt.Ctx, newRules))
 }
+
+type alertBatchCloneForm struct {
+	RuleIds []int64 `json:"rule_ids"`
+	Bgids   []int64 `json:"bgids"`
+}
+
+// 批量克隆告警规则
+func (rt *Router) batchAlertRuleClone(c *gin.Context) {
+	me := c.MustGet("user").(*models.User)
+
+	var f alertBatchCloneForm
+	ginx.BindJSON(c, &f)
+
+	// 校验 bgids 操作权限
+	for _, bgid := range f.Bgids {
+		rt.bgrwCheck(c, bgid)
+	}
+
+	reterr := make(map[string]string, len(f.RuleIds))
+	lang := c.GetHeader("X-Language")
+
+	for _, arid := range f.RuleIds {
+		ar, err := models.AlertRuleGetById(rt.Ctx, arid)
+		for _, bgid := range f.Bgids {
+			// 为了让 bgid 和 arid 对应，将上面的 err 放到这里处理
+			if err != nil {
+				reterr[fmt.Sprintf("%d-%d", arid, bgid)] = i18n.Sprintf(lang, err.Error())
+				continue
+			}
+
+			if ar == nil {
+				reterr[fmt.Sprintf("%d-%d", arid, bgid)] = i18n.Sprintf(lang, "alert rule not found")
+				continue
+			}
+
+			newAr := ar.Clone(me.Username, bgid)
+			err = newAr.Add(rt.Ctx)
+			if err != nil {
+				reterr[fmt.Sprintf("%d-%d", arid, bgid)] = i18n.Sprintf(lang, err.Error())
+				continue
+			}
+		}
+	}
+
+	ginx.NewRender(c).Data(reterr, nil)
+}
+
+func (rt *Router) timezonesGet(c *gin.Context) {
+	// 返回常用时区列表（按时差去重，每个时差只保留一个代表性时区）
+	timezones := []string{
+		"UTC",
+		"Asia/Shanghai",       // UTC+8 (代表 Asia/Hong_Kong, Asia/Singapore 等)
+		"Asia/Tokyo",          // UTC+9 (代表 Asia/Seoul 等)
+		"Asia/Dubai",          // UTC+4
+		"Asia/Kolkata",        // UTC+5:30
+		"Asia/Bangkok",        // UTC+7 (代表 Asia/Jakarta 等)
+		"Europe/London",       // UTC+0 (代表 UTC)
+		"Europe/Paris",        // UTC+1 (代表 Europe/Berlin, Europe/Rome, Europe/Madrid 等)
+		"Europe/Moscow",       // UTC+3
+		"America/New_York",    // UTC-5 (代表 America/Toronto 等)
+		"America/Chicago",     // UTC-6 (代表 America/Mexico_City 等)
+		"America/Denver",      // UTC-7
+		"America/Los_Angeles", // UTC-8
+		"America/Sao_Paulo",   // UTC-3
+		"Australia/Sydney",    // UTC+10 (代表 Australia/Melbourne 等)
+		"Pacific/Auckland",    // UTC+12
+	}
+
+	ginx.NewRender(c).Data(timezones, nil)
+}
--- a/center/router/router_alert_subscribe.go
+++ b/center/router/router_alert_subscribe.go
@@ -2,13 +2,17 @@ package router

 import (
 	"net/http"
+	"strconv"
+	"strings"
 	"time"

+	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/str"
+	"github.com/toolkits/pkg/i18n"
 )

 // Return all, front-end search and paging
@@ -26,12 +30,13 @@ func (rt *Router) alertSubscribeGets(c *gin.Context) {
 		ginx.Dangerous(lst[i].FillDatasourceIds(rt.Ctx))
 		ginx.Dangerous(lst[i].DB2FE())
 	}
+	models.FillUpdateByNicknames(rt.Ctx, lst)

 	ginx.NewRender(c).Data(lst, err)
 }

 func (rt *Router) alertSubscribeGetsByGids(c *gin.Context) {
-	gids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	gids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	if len(gids) > 0 {
 		for _, gid := range gids {
 			rt.bgroCheck(c, gid)
@@ -62,6 +67,7 @@ func (rt *Router) alertSubscribeGetsByGids(c *gin.Context) {
 		ginx.Dangerous(lst[i].FillDatasourceIds(rt.Ctx))
 		ginx.Dangerous(lst[i].DB2FE())
 	}
+	models.FillUpdateByNicknames(rt.Ctx, lst)

 	ginx.NewRender(c).Data(lst, err)
 }
@@ -104,6 +110,148 @@ func (rt *Router) alertSubscribeAdd(c *gin.Context) {
 	ginx.NewRender(c).Message(f.Add(rt.Ctx))
 }

+type SubscribeTryRunForm struct {
+	EventId         int64                 `json:"event_id" binding:"required"`
+	SubscribeConfig models.AlertSubscribe `json:"config" binding:"required"`
+}
+
+func (rt *Router) alertSubscribeTryRun(c *gin.Context) {
+	var f SubscribeTryRunForm
+	ginx.BindJSON(c, &f)
+	ginx.Dangerous(f.SubscribeConfig.Verify())
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	lang := c.GetHeader("X-Language")
+
+	// 先判断匹配条件
+	if !f.SubscribeConfig.MatchCluster(curEvent.DatasourceId) {
+		ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "event datasource not match"))
+	}
+
+	if len(f.SubscribeConfig.RuleIds) != 0 {
+		match := false
+		for _, rid := range f.SubscribeConfig.RuleIds {
+			if rid == curEvent.RuleId {
+				match = true
+				break
+			}
+		}
+		if !match {
+			ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "event rule id not match"))
+		}
+	}
+
+	// 匹配 tag
+	f.SubscribeConfig.Parse()
+	if !common.MatchTags(curEvent.TagsMap, f.SubscribeConfig.ITags) {
+		ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "event tags not match"))
+	}
+
+	// 匹配group name
+	if !common.MatchGroupsName(curEvent.GroupName, f.SubscribeConfig.IBusiGroups) {
+		ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "event group name not match"))
+	}
+
+	// 检查严重级别（Severity）匹配
+	if len(f.SubscribeConfig.SeveritiesJson) != 0 {
+		match := false
+		for _, s := range f.SubscribeConfig.SeveritiesJson {
+			if s == curEvent.Severity || s == 0 {
+				match = true
+				break
+			}
+		}
+		if !match {
+			ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "event severity not match"))
+		}
+	}
+
+	// 新版本通知规则
+	if f.SubscribeConfig.NotifyVersion == 1 {
+		if len(f.SubscribeConfig.NotifyRuleIds) == 0 {
+			ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "no notify rules selected"))
+		}
+
+		for _, id := range f.SubscribeConfig.NotifyRuleIds {
+			notifyRule, err := models.GetNotifyRule(rt.Ctx, id)
+			if err != nil {
+				ginx.Bomb(http.StatusNotFound, i18n.Sprintf(lang, "subscribe notify rule not found: %v", err))
+			}
+
+			for _, notifyConfig := range notifyRule.NotifyConfigs {
+				_, err = SendNotifyChannelMessage(rt.Ctx, rt.UserCache, rt.UserGroupCache, notifyConfig, []*models.AlertCurEvent{&curEvent})
+				if err != nil {
+					ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "notify rule send error: %v", err))
+				}
+			}
+		}
+
+		ginx.NewRender(c).Data(i18n.Sprintf(lang, "event match subscribe and notification test ok"), nil)
+		return
+	}
+
+	// 旧版通知方式
+	f.SubscribeConfig.ModifyEvent(&curEvent)
+	if len(curEvent.NotifyChannelsJSON) == 0 {
+		ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "no notify channels selected"))
+	}
+
+	if len(curEvent.NotifyGroupsJSON) == 0 {
+		ginx.Bomb(http.StatusOK, i18n.Sprintf(lang, "no notify groups selected"))
+	}
+
+	ancs := make([]string, 0, len(curEvent.NotifyChannelsJSON))
+	ugids := strings.Fields(f.SubscribeConfig.UserGroupIds)
+	ngids := make([]int64, 0)
+	for i := 0; i < len(ugids); i++ {
+		if gid, err := strconv.ParseInt(ugids[i], 10, 64); err == nil {
+			ngids = append(ngids, gid)
+		}
+	}
+
+	userGroups := rt.UserGroupCache.GetByUserGroupIds(ngids)
+	uids := make([]int64, 0)
+	for i := range userGroups {
+		uids = append(uids, userGroups[i].UserIds...)
+	}
+	users := rt.UserCache.GetByUserIds(uids)
+	for _, NotifyChannels := range curEvent.NotifyChannelsJSON {
+		flag := true
+		// ignore non-default channels
+		switch NotifyChannels {
+		case models.Dingtalk, models.Wecom, models.Feishu, models.Mm,
+			models.Telegram, models.Email, models.FeishuCard:
+			// do nothing
+		default:
+			continue
+		}
+		// default channels
+		for ui := range users {
+			if _, b := users[ui].ExtractToken(NotifyChannels); b {
+				flag = false
+				break
+			}
+		}
+		if flag {
+			ancs = append(ancs, NotifyChannels)
+		}
+	}
+	if len(ancs) > 0 {
+		ginx.Bomb(http.StatusBadRequest, i18n.Sprintf(lang, "all users missing notify channel configurations: %v", ancs))
+	}
+
+	ginx.NewRender(c).Data(i18n.Sprintf(lang, "event match subscribe and notify settings ok"), nil)
+}
+
 func (rt *Router) alertSubscribePut(c *gin.Context) {
 	var fs []models.AlertSubscribe
 	ginx.BindJSON(c, &fs)
@@ -142,6 +290,7 @@ func (rt *Router) alertSubscribePut(c *gin.Context) {
 			"busi_groups",
 			"note",
 			"notify_rule_ids",
+			"notify_version",
 		))
 	}

--- a/center/router/router_board.go
+++ b/center/router/router_board.go
@@ -6,17 +6,18 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
-	"github.com/toolkits/pkg/str"
 )

 type boardForm struct {
 	Name       string  `json:"name"`
 	Ident      string  `json:"ident"`
 	Tags       string  `json:"tags"`
+	Note       string  `json:"note"`
 	Configs    string  `json:"configs"`
 	Public     int     `json:"public"`
 	PublicCate int     `json:"public_cate"`
@@ -34,6 +35,7 @@ func (rt *Router) boardAdd(c *gin.Context) {
 		Name:     f.Name,
 		Ident:    f.Ident,
 		Tags:     f.Tags,
+		Note:     f.Note,
 		Configs:  f.Configs,
 		CreateBy: me.Username,
 		UpdateBy: me.Username,
@@ -51,9 +53,14 @@ func (rt *Router) boardAdd(c *gin.Context) {

 func (rt *Router) boardGet(c *gin.Context) {
 	bid := ginx.UrlParamStr(c, "bid")
-	board, err := models.BoardGet(rt.Ctx, "id = ? or ident = ?", bid, bid)
+	board, err := models.BoardGet(rt.Ctx, "ident = ?", bid)
 	ginx.Dangerous(err)

+	if board == nil {
+		board, err = models.BoardGet(rt.Ctx, "id = ?", bid)
+		ginx.Dangerous(err)
+	}
+
 	if board == nil {
 		ginx.Bomb(http.StatusNotFound, "No such dashboard")
 	}
@@ -96,7 +103,7 @@ func (rt *Router) boardGet(c *gin.Context) {

 // 根据 bids 参数，获取多个 board
 func (rt *Router) boardGetsByBids(c *gin.Context) {
-	bids := str.IdsInt64(ginx.QueryStr(c, "bids", ""), ",")
+	bids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "bids", ""), ",")
 	boards, err := models.BoardGetsByBids(rt.Ctx, bids)
 	ginx.Dangerous(err)
 	ginx.NewRender(c).Data(boards, err)
@@ -110,6 +117,10 @@ func (rt *Router) boardPureGet(c *gin.Context) {
 		ginx.Bomb(http.StatusNotFound, "No such dashboard")
 	}

+	// 清除创建者和更新者信息
+	board.CreateBy = ""
+	board.UpdateBy = ""
+
 	ginx.NewRender(c).Data(board, nil)
 }

@@ -175,10 +186,11 @@ func (rt *Router) boardPut(c *gin.Context) {
 	bo.Name = f.Name
 	bo.Ident = f.Ident
 	bo.Tags = f.Tags
+	bo.Note = f.Note
 	bo.UpdateBy = me.Username
 	bo.UpdateAt = time.Now().Unix()

-	err = bo.Update(rt.Ctx, "name", "ident", "tags", "update_by", "update_at")
+	err = bo.Update(rt.Ctx, "name", "ident", "tags", "note", "update_by", "update_at")
 	ginx.NewRender(c).Data(bo, err)
 }

@@ -248,6 +260,9 @@ func (rt *Router) boardGets(c *gin.Context) {
 	query := ginx.QueryStr(c, "query", "")

 	boards, err := models.BoardGetsByGroupId(rt.Ctx, bgid, query)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, boards)
+	}
 	ginx.NewRender(c).Data(boards, err)
 }

@@ -261,11 +276,14 @@ func (rt *Router) publicBoardGets(c *gin.Context) {
 	ginx.Dangerous(err)

 	boards, err := models.BoardGets(rt.Ctx, "", "public=1 and (public_cate in (?) or id in (?))", []int64{0, 1}, boardIds)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, boards)
+	}
 	ginx.NewRender(c).Data(boards, err)
 }

 func (rt *Router) boardGetsByGids(c *gin.Context) {
-	gids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	gids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	query := ginx.QueryStr(c, "query", "")

 	if len(gids) > 0 {
@@ -300,6 +318,7 @@ func (rt *Router) boardGetsByGids(c *gin.Context) {
 			boards[i].Bgids = ids
 		}
 	}
+	models.FillUpdateByNicknames(rt.Ctx, boards)

 	ginx.NewRender(c).Data(boards, err)
 }
--- a/center/router/router_builtin.go
+++ b/center/router/router_builtin.go
@@ -8,10 +8,10 @@ import (
 	"strings"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/file"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 	"github.com/toolkits/pkg/runner"
 )
--- a/center/router/router_builtin_component.go
+++ b/center/router/router_builtin_component.go
@@ -5,9 +5,9 @@ import (

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"gorm.io/gorm"
 )

--- a/center/router/router_builtin_metric_filter.go
+++ b/center/router/router_builtin_metric_filter.go
@@ -3,8 +3,8 @@ package router
 import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/prom"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func (rt *Router) metricFilterGets(c *gin.Context) {
@@ -27,6 +27,8 @@ func (rt *Router) metricFilterGets(c *gin.Context) {
 		}
 	}

+	models.FillUpdateByNicknames(rt.Ctx, arr)
+
 	ginx.NewRender(c).Data(arr, err)
 }

@@ -57,7 +59,7 @@ func (rt *Router) metricFilterDel(c *gin.Context) {
 			ginx.Dangerous(err)

 			if !HasPerm(gids, old.GroupsPerm, true) {
-				ginx.NewRender(c).Message("no permission")
+				ginx.NewRender(c).Message("forbidden")
 				return
 			}
 		}
@@ -79,7 +81,7 @@ func (rt *Router) metricFilterPut(c *gin.Context) {
 		ginx.Dangerous(err)

 		if !HasPerm(gids, old.GroupsPerm, true) {
-			ginx.NewRender(c).Message("no permission")
+			ginx.NewRender(c).Message("forbidden")
 			return
 		}
 	}
--- a/center/router/router_builtin_metrics.go
+++ b/center/router/router_builtin_metrics.go
@@ -2,12 +2,14 @@ package router

 import (
 	"net/http"
+	"sort"
 	"time"

+	"github.com/ccfos/nightingale/v6/center/integration"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
 )

@@ -29,7 +31,7 @@ func (rt *Router) builtinMetricsAdd(c *gin.Context) {
 	reterr := make(map[string]string)
 	for i := 0; i < count; i++ {
 		lst[i].Lang = lang
-		lst[i].UUID = time.Now().UnixNano()
+		lst[i].UUID = time.Now().UnixMicro()
 		if err := lst[i].Add(rt.Ctx, username); err != nil {
 			reterr[lst[i].Name] = i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
 		}
@@ -48,11 +50,12 @@ func (rt *Router) builtinMetricsGets(c *gin.Context) {
 		lang = "zh_CN"
 	}

-	bm, err := models.BuiltinMetricGets(rt.Ctx, lang, collector, typ, query, unit, limit, ginx.Offset(c, limit))
+	bmInDB, err := models.BuiltinMetricGets(rt.Ctx, "", collector, typ, query, unit)
 	ginx.Dangerous(err)

-	total, err := models.BuiltinMetricCount(rt.Ctx, lang, collector, typ, query, unit)
+	bm, total, err := integration.BuiltinPayloadInFile.BuiltinMetricGets(bmInDB, lang, collector, typ, query, unit, limit, ginx.Offset(c, limit))
 	ginx.Dangerous(err)
+
 	ginx.NewRender(c).Data(gin.H{
 		"list":  bm,
 		"total": total,
@@ -86,15 +89,11 @@ func (rt *Router) builtinMetricsDel(c *gin.Context) {
 func (rt *Router) builtinMetricsDefaultTypes(c *gin.Context) {
 	lst := []string{
 		"Linux",
+		"Procstat",
 		"cAdvisor",
 		"Ping",
 		"MySQL",
-		"Redis",
-		"Kafka",
-		"Elasticsearch",
-		"PostgreSQL",
-		"MongoDB",
-		"Memcached",
+		"ClickHouse",
 	}
 	ginx.NewRender(c).Data(lst, nil)
 }
@@ -102,29 +101,28 @@ func (rt *Router) builtinMetricsDefaultTypes(c *gin.Context) {
 func (rt *Router) builtinMetricsTypes(c *gin.Context) {
 	collector := ginx.QueryStr(c, "collector", "")
 	query := ginx.QueryStr(c, "query", "")
-	disabled := ginx.QueryInt(c, "disabled", -1)
 	lang := c.GetHeader("X-Language")

-	metricTypeList, err := models.BuiltinMetricTypes(rt.Ctx, lang, collector, query)
+	metricTypeListInDB, err := models.BuiltinMetricTypes(rt.Ctx, lang, collector, query)
 	ginx.Dangerous(err)

-	componentList, err := models.BuiltinComponentGets(rt.Ctx, "", disabled)
-	ginx.Dangerous(err)
+	metricTypeListInFile := integration.BuiltinPayloadInFile.BuiltinMetricTypes(lang, collector, query)

-	// 创建一个 map 来存储 componentList 中的类型
-	componentTypes := make(map[string]struct{})
-	for _, comp := range componentList {
-		componentTypes[comp.Ident] = struct{}{}
+	typeMap := make(map[string]struct{})
+	for _, metricType := range metricTypeListInDB {
+		typeMap[metricType] = struct{}{}
+	}
+	for _, metricType := range metricTypeListInFile {
+		typeMap[metricType] = struct{}{}
 	}

-	filteredMetricTypeList := make([]string, 0)
-	for _, metricType := range metricTypeList {
-		if _, exists := componentTypes[metricType]; exists {
-			filteredMetricTypeList = append(filteredMetricTypeList, metricType)
-		}
+	metricTypeList := make([]string, 0, len(typeMap))
+	for metricType := range typeMap {
+		metricTypeList = append(metricTypeList, metricType)
 	}
+	sort.Strings(metricTypeList)

-	ginx.NewRender(c).Data(filteredMetricTypeList, nil)
+	ginx.NewRender(c).Data(metricTypeList, nil)
 }

 func (rt *Router) builtinMetricsCollectors(c *gin.Context) {
@@ -132,5 +130,24 @@ func (rt *Router) builtinMetricsCollectors(c *gin.Context) {
 	query := ginx.QueryStr(c, "query", "")
 	lang := c.GetHeader("X-Language")

-	ginx.NewRender(c).Data(models.BuiltinMetricCollectors(rt.Ctx, lang, typ, query))
+	collectorListInDB, err := models.BuiltinMetricCollectors(rt.Ctx, lang, typ, query)
+	ginx.Dangerous(err)
+
+	collectorListInFile := integration.BuiltinPayloadInFile.BuiltinMetricCollectors(lang, typ, query)
+
+	collectorMap := make(map[string]struct{})
+	for _, collector := range collectorListInDB {
+		collectorMap[collector] = struct{}{}
+	}
+	for _, collector := range collectorListInFile {
+		collectorMap[collector] = struct{}{}
+	}
+
+	collectorList := make([]string, 0, len(collectorMap))
+	for collector := range collectorMap {
+		collectorList = append(collectorList, collector)
+	}
+	sort.Strings(collectorList)
+
+	ginx.NewRender(c).Data(collectorList, nil)
 }
--- a/center/router/router_builtin_payload.go
+++ b/center/router/router_builtin_payload.go
@@ -7,9 +7,10 @@ import (
 	"time"

 	"github.com/BurntSushi/toml"
+	"github.com/ccfos/nightingale/v6/center/integration"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
 )

@@ -18,6 +19,7 @@ type Board struct {
 	Tags    string      `json:"tags"`
 	Configs interface{} `json:"configs"`
 	UUID    int64       `json:"uuid"`
+	Note    string      `json:"note"`
 }

 func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
@@ -128,6 +130,7 @@ func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
 						Name:        dashboard.Name,
 						Tags:        dashboard.Tags,
 						UUID:        dashboard.UUID,
+						Note:        dashboard.Note,
 						Content:     string(contentBytes),
 						CreatedBy:   username,
 						UpdatedBy:   username,
@@ -163,6 +166,7 @@ func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
 				Name:        dashboard.Name,
 				Tags:        dashboard.Tags,
 				UUID:        dashboard.UUID,
+				Note:        dashboard.Note,
 				Content:     string(contentBytes),
 				CreatedBy:   username,
 				UpdatedBy:   username,
@@ -192,13 +196,26 @@ func (rt *Router) builtinPayloadsAdd(c *gin.Context) {

 func (rt *Router) builtinPayloadsGets(c *gin.Context) {
 	typ := ginx.QueryStr(c, "type", "")
+	if typ == "" {
+		ginx.Bomb(http.StatusBadRequest, "type is required")
+		return
+	}
 	ComponentID := ginx.QueryInt64(c, "component_id", 0)

 	cate := ginx.QueryStr(c, "cate", "")
 	query := ginx.QueryStr(c, "query", "")

 	lst, err := models.BuiltinPayloadGets(rt.Ctx, uint64(ComponentID), typ, cate, query)
-	ginx.NewRender(c).Data(lst, err)
+	ginx.Dangerous(err)
+
+	lstInFile, err := integration.BuiltinPayloadInFile.GetBuiltinPayload(typ, cate, query, uint64(ComponentID))
+	ginx.Dangerous(err)
+
+	if len(lstInFile) > 0 {
+		lst = append(lst, lstInFile...)
+	}
+
+	ginx.NewRender(c).Data(lst, nil)
 }

 func (rt *Router) builtinPayloadcatesGet(c *gin.Context) {
@@ -206,21 +223,31 @@ func (rt *Router) builtinPayloadcatesGet(c *gin.Context) {
 	ComponentID := ginx.QueryInt64(c, "component_id", 0)

 	cates, err := models.BuiltinPayloadCates(rt.Ctx, typ, uint64(ComponentID))
-	ginx.NewRender(c).Data(cates, err)
-}
+	ginx.Dangerous(err)

-func (rt *Router) builtinPayloadGet(c *gin.Context) {
-	id := ginx.UrlParamInt64(c, "id")
+	catesInFile, err := integration.BuiltinPayloadInFile.GetBuiltinPayloadCates(typ, uint64(ComponentID))
+	ginx.Dangerous(err)

-	bp, err := models.BuiltinPayloadGet(rt.Ctx, "id = ?", id)
-	if err != nil {
-		ginx.Bomb(http.StatusInternalServerError, err.Error())
-	}
-	if bp == nil {
-		ginx.Bomb(http.StatusNotFound, "builtin payload not found")
+	// 使用 map 进行去重
+	cateMap := make(map[string]bool)
+
+	// 添加数据库中的分类
+	for _, cate := range cates {
+		cateMap[cate] = true
 	}

-	ginx.NewRender(c).Data(bp, nil)
+	// 添加文件中的分类
+	for _, cate := range catesInFile {
+		cateMap[cate] = true
+	}
+
+	// 将去重后的结果转换回切片
+	result := make([]string, 0, len(cateMap))
+	for cate := range cateMap {
+		result = append(result, cate)
+	}
+
+	ginx.NewRender(c).Data(result, nil)
 }

 func (rt *Router) builtinPayloadsPut(c *gin.Context) {
@@ -251,6 +278,7 @@ func (rt *Router) builtinPayloadsPut(c *gin.Context) {

 		req.Name = dashboard.Name
 		req.Tags = dashboard.Tags
+		req.Note = dashboard.Note
 	} else if req.Type == "collect" {
 		c := make(map[string]interface{})
 		if _, err := toml.Decode(req.Content, &c); err != nil {
@@ -273,14 +301,15 @@ func (rt *Router) builtinPayloadsDel(c *gin.Context) {
 	ginx.NewRender(c).Message(models.BuiltinPayloadDels(rt.Ctx, req.Ids))
 }

-func (rt *Router) builtinPayloadsGetByUUIDOrID(c *gin.Context) {
-	uuid := ginx.QueryInt64(c, "uuid", 0)
-	// 优先以 uuid 为准
-	if uuid != 0 {
-		ginx.NewRender(c).Data(models.BuiltinPayloadGet(rt.Ctx, "uuid = ?", uuid))
-		return
-	}
+func (rt *Router) builtinPayloadsGetByUUID(c *gin.Context) {
+	uuid := ginx.QueryInt64(c, "uuid")

-	id := ginx.QueryInt64(c, "id", 0)
-	ginx.NewRender(c).Data(models.BuiltinPayloadGet(rt.Ctx, "id = ?", id))
+	bp, err := models.BuiltinPayloadGet(rt.Ctx, "uuid = ?", uuid)
+	ginx.Dangerous(err)
+
+	if bp != nil {
+		ginx.NewRender(c).Data(bp, nil)
+	} else {
+		ginx.NewRender(c).Data(integration.BuiltinPayloadInFile.IndexData[uuid], nil)
+	}
 }
--- a/center/router/router_busi_group.go
+++ b/center/router/router_busi_group.go
@@ -4,11 +4,11 @@ import (
 	"net/http"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
-	"github.com/toolkits/pkg/str"
 )

 type busiGroupForm struct {
@@ -119,6 +119,9 @@ func (rt *Router) busiGroupGets(c *gin.Context) {
 	if len(lst) == 0 {
 		lst = []models.BusiGroup{}
 	}
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, lst)
+	}

 	ginx.NewRender(c).Data(lst, err)
 }
@@ -131,7 +134,7 @@ func (rt *Router) busiGroupGetsByService(c *gin.Context) {
 // 这个接口只有在活跃告警页面才调用，获取各个BG的活跃告警数量
 func (rt *Router) busiGroupAlertingsGets(c *gin.Context) {
 	ids := ginx.QueryStr(c, "ids", "")
-	ret, err := models.AlertNumbers(rt.Ctx, str.IdsInt64(ids))
+	ret, err := models.AlertNumbers(rt.Ctx, strx.IdsInt64ForAPI(ids))
 	ginx.NewRender(c).Data(ret, err)
 }

@@ -142,7 +145,7 @@ func (rt *Router) busiGroupGet(c *gin.Context) {
 }

 func (rt *Router) busiGroupsGetTags(c *gin.Context) {
-	bgids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	bgids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	targetIdents, err := models.TargetIndentsGetByBgids(rt.Ctx, bgids)
 	ginx.Dangerous(err)
 	tags, err := models.TargetGetTags(rt.Ctx, targetIdents, true, "busigroup")
--- a/center/router/router_captcha.go
+++ b/center/router/router_captcha.go
@@ -5,9 +5,9 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/storage"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
 	captcha "github.com/mojocn/base64Captcha"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

--- a/center/router/router_chart_share.go
+++ b/center/router/router_chart_share.go
@@ -4,15 +4,15 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/str"
 )

 func (rt *Router) chartShareGets(c *gin.Context) {
 	ids := ginx.QueryStr(c, "ids", "")
-	lst, err := models.ChartShareGetsByIds(rt.Ctx, str.IdsInt64(ids, ","))
+	lst, err := models.ChartShareGetsByIds(rt.Ctx, strx.IdsInt64ForAPI(ids, ","))
 	ginx.NewRender(c).Data(lst, err)
 }

--- a/center/router/router_config.go
+++ b/center/router/router_config.go
@@ -4,9 +4,9 @@ import (
 	"encoding/json"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func (rt *Router) notifyChannelsGets(c *gin.Context) {
--- a/center/router/router_configs.go
+++ b/center/router/router_configs.go
@@ -4,9 +4,9 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 const EMBEDDEDDASHBOARD = "embedded-dashboards"
@@ -15,6 +15,9 @@ func (rt *Router) configsGet(c *gin.Context) {
 	prefix := ginx.QueryStr(c, "prefix", "")
 	limit := ginx.QueryInt(c, "limit", 10)
 	configs, err := models.ConfigsGets(rt.Ctx, prefix, limit, ginx.Offset(c, limit))
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, configs)
+	}
 	ginx.NewRender(c).Data(configs, err)
 }

--- a/center/router/router_crypto.go
+++ b/center/router/router_crypto.go
@@ -2,9 +2,9 @@ package router

 import (
 	"github.com/ccfos/nightingale/v6/pkg/secu"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 type confPropCrypto struct {
--- a/center/router/router_dash_annotation.go
+++ b/center/router/router_dash_annotation.go
@@ -7,9 +7,9 @@ import (

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func checkAnnotationPermission(c *gin.Context, ctx *ctx.Context, dashboardId int64) {
--- a/center/router/router_datasource.go
+++ b/center/router/router_datasource.go
@@ -1,17 +1,23 @@
 package router

 import (
+	"context"
 	"crypto/tls"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
+	"time"

+	"github.com/ccfos/nightingale/v6/datasource/opensearch"
+	"github.com/ccfos/nightingale/v6/dskit/clickhouse"
 	"github.com/ccfos/nightingale/v6/models"
-
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/i18n"
 	"github.com/toolkits/pkg/logger"
 )

@@ -47,9 +53,41 @@ func (rt *Router) datasourceList(c *gin.Context) {
 func (rt *Router) datasourceGetsByService(c *gin.Context) {
 	typ := ginx.QueryStr(c, "typ", "")
 	lst, err := models.GetDatasourcesGetsBy(rt.Ctx, typ, "", "", "")
+
+	openRsa := rt.Center.RSA.OpenRSA
+	for _, item := range lst {
+		if err := item.Encrypt(openRsa, rt.HTTP.RSA.RSAPublicKey); err != nil {
+			logger.Errorf("datasource %+v encrypt failed: %v", item, err)
+			continue
+		}
+	}
 	ginx.NewRender(c).Data(lst, err)
 }

+func (rt *Router) datasourceRsaConfigGet(c *gin.Context) {
+	if rt.Center.RSA.OpenRSA {
+		publicKey := ""
+		privateKey := ""
+		if len(rt.HTTP.RSA.RSAPublicKey) > 0 {
+			publicKey = base64.StdEncoding.EncodeToString(rt.HTTP.RSA.RSAPublicKey)
+		}
+		if len(rt.HTTP.RSA.RSAPrivateKey) > 0 {
+			privateKey = base64.StdEncoding.EncodeToString(rt.HTTP.RSA.RSAPrivateKey)
+		}
+		logger.Debugf("OpenRSA=%v", rt.Center.RSA.OpenRSA)
+		ginx.NewRender(c).Data(models.RsaConfig{
+			OpenRSA:       rt.Center.RSA.OpenRSA,
+			RSAPublicKey:  publicKey,
+			RSAPrivateKey: privateKey,
+			RSAPassWord:   rt.HTTP.RSA.RSAPassWord,
+		}, nil)
+	} else {
+		ginx.NewRender(c).Data(models.RsaConfig{
+			OpenRSA: rt.Center.RSA.OpenRSA,
+		}, nil)
+	}
+}
+
 func (rt *Router) datasourceBriefs(c *gin.Context) {
 	var dss []*models.Datasource
 	list, err := models.GetDatasourcesGetsBy(rt.Ctx, "", "", "", "")
@@ -57,15 +95,21 @@ func (rt *Router) datasourceBriefs(c *gin.Context) {

 	for _, item := range list {
 		item.AuthJson.BasicAuthPassword = ""
-		if item.PluginType != models.PROMETHEUS {
-			item.SettingsJson = nil
-		} else {
+		if item.PluginType == models.PROMETHEUS {
 			for k, v := range item.SettingsJson {
 				if strings.HasPrefix(k, "prometheus.") {
 					item.SettingsJson[strings.TrimPrefix(k, "prometheus.")] = v
 					delete(item.SettingsJson, k)
 				}
 			}
+		} else if item.PluginType == "cloudwatch" {
+			for k := range item.SettingsJson {
+				if !strings.Contains(k, "region") {
+					delete(item.SettingsJson, k)
+				}
+			}
+		} else {
+			item.SettingsJson = nil
 		}
 		dss = append(dss, item)
 	}
@@ -94,7 +138,7 @@ func (rt *Router) datasourceUpsert(c *gin.Context) {

 	if !req.ForceSave {
 		if req.PluginType == models.PROMETHEUS || req.PluginType == models.LOKI || req.PluginType == models.TDENGINE {
-			err = DatasourceCheck(req)
+			err = DatasourceCheck(c, req)
 			if err != nil {
 				Dangerous(c, err)
 				return
@@ -102,6 +146,121 @@ func (rt *Router) datasourceUpsert(c *gin.Context) {
 		}
 	}

+	for k, v := range req.SettingsJson {
+		if strings.Contains(k, "cluster_name") {
+			req.ClusterName = v.(string)
+			break
+		}
+	}
+
+	if req.PluginType == models.OPENSEARCH {
+		b, err := json.Marshal(req.SettingsJson)
+		if err != nil {
+			logger.Warningf("marshal settings fail: %v", err)
+			return
+		}
+
+		var os opensearch.OpenSearch
+		err = json.Unmarshal(b, &os)
+		if err != nil {
+			logger.Warningf("unmarshal settings fail: %v", err)
+			return
+		}
+
+		if len(os.Nodes) == 0 {
+			logger.Warningf("nodes empty, %+v", req)
+			return
+		}
+
+		req.HTTPJson = models.HTTP{
+			Timeout: os.Timeout,
+			Url:     os.Nodes[0],
+			Headers: os.Headers,
+			TLS: models.TLS{
+				SkipTlsVerify: os.TLS.SkipTlsVerify,
+			},
+		}
+
+		req.AuthJson = models.Auth{
+			BasicAuth:         os.Basic.Enable,
+			BasicAuthUser:     os.Basic.Username,
+			BasicAuthPassword: os.Basic.Password,
+		}
+	}
+
+	if req.PluginType == models.CLICKHOUSE {
+		b, err := json.Marshal(req.SettingsJson)
+		if err != nil {
+			logger.Warningf("marshal clickhouse settings failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+
+		var ckConfig clickhouse.Clickhouse
+		err = json.Unmarshal(b, &ckConfig)
+		if err != nil {
+			logger.Warningf("unmarshal clickhouse settings failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+		// 检查ckconfig的nodes不应该以http://或https://开头
+		for _, addr := range ckConfig.Nodes {
+			if strings.HasPrefix(addr, "http://") || strings.HasPrefix(addr, "https://") {
+				err = fmt.Errorf("clickhouse node address should not start with http:// or https:// : %s", addr)
+				logger.Warningf("clickhouse node address invalid: %v", err)
+				Dangerous(c, err)
+				return
+			}
+		}
+
+		// InitCli 会自动检测并选择 HTTP 或 Native 协议
+		err = ckConfig.InitCli()
+		if err != nil {
+			logger.Warningf("clickhouse connection failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+
+		// 执行 SHOW DATABASES 测试连通性
+		_, err = ckConfig.ShowDatabases(context.Background())
+		if err != nil {
+			logger.Warningf("clickhouse test query failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+	}
+
+	if req.PluginType == models.ELASTICSEARCH {
+		skipAuto := false
+		// 若用户输入了version（version字符串存在且不为空），则不自动获取
+		if req.SettingsJson != nil {
+			if v, ok := req.SettingsJson["version"]; ok {
+				switch vv := v.(type) {
+				case string:
+					if strings.TrimSpace(vv) != "" {
+						skipAuto = true
+					}
+				default:
+					if strings.TrimSpace(fmt.Sprint(vv)) != "" {
+						skipAuto = true
+					}
+				}
+			}
+		}
+
+		if !skipAuto {
+			version, err := getElasticsearchVersion(req, 10*time.Second)
+			if err != nil {
+				logger.Warningf("failed to get elasticsearch version: %v", err)
+			} else {
+				if req.SettingsJson == nil {
+					req.SettingsJson = make(map[string]interface{})
+				}
+				req.SettingsJson["version"] = version
+			}
+		}
+	}
+
 	if req.Id == 0 {
 		req.CreatedBy = username
 		req.Status = "enabled"
@@ -117,13 +276,13 @@ func (rt *Router) datasourceUpsert(c *gin.Context) {
 		}
 		err = req.Add(rt.Ctx)
 	} else {
-		err = req.Update(rt.Ctx, "name", "description", "cluster_name", "settings", "http", "auth", "updated_by", "updated_at", "is_default")
+		err = req.Update(rt.Ctx, "name", "identifier", "description", "cluster_name", "settings", "http", "auth", "updated_by", "updated_at", "is_default", "weight")
 	}

 	Render(c, nil, err)
 }

-func DatasourceCheck(ds models.Datasource) error {
+func DatasourceCheck(c *gin.Context, ds models.Datasource) error {
 	if ds.PluginType == models.PROMETHEUS || ds.PluginType == models.LOKI || ds.PluginType == models.TDENGINE {
 		if ds.HTTPJson.Url == "" {
 			return fmt.Errorf("url is empty")
@@ -134,19 +293,24 @@ func DatasourceCheck(ds models.Datasource) error {
 		}
 	}

+	// 使用 TLS 配置（支持 mTLS）
+	tlsConfig, err := ds.HTTPJson.TLS.TLSConfig()
+	if err != nil {
+		return fmt.Errorf("failed to create TLS config: %v", err)
+	}
+
 	client := &http.Client{
 		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: ds.HTTPJson.TLS.SkipTlsVerify,
-			},
+			TLSClientConfig: tlsConfig,
 		},
 	}

+	ds.HTTPJson.Url = strings.TrimRight(ds.HTTPJson.Url, "/")
 	var fullURL string
 	req, err := ds.HTTPJson.NewReq(&fullURL)
 	if err != nil {
 		logger.Errorf("Error creating request: %v", err)
-		return fmt.Errorf("request urls:%v failed", ds.HTTPJson.GetUrls())
+		return fmt.Errorf("request urls:%v failed: %v", ds.HTTPJson.GetUrls(), err)
 	}

 	if ds.PluginType == models.PROMETHEUS {
@@ -162,14 +326,14 @@ func DatasourceCheck(ds models.Datasource) error {
 		req, err = http.NewRequest("GET", fullURL, nil)
 		if err != nil {
 			logger.Errorf("Error creating request: %v", err)
-			return fmt.Errorf("request url:%s failed", fullURL)
+			return fmt.Errorf("request url:%s failed: %v", fullURL, err)
 		}
 	} else if ds.PluginType == models.TDENGINE {
 		fullURL = fmt.Sprintf("%s/rest/sql", ds.HTTPJson.Url)
 		req, err = http.NewRequest("POST", fullURL, strings.NewReader("show databases"))
 		if err != nil {
 			logger.Errorf("Error creating request: %v", err)
-			return fmt.Errorf("request url:%s failed", fullURL)
+			return fmt.Errorf("request url:%s failed: %v", fullURL, err)
 		}
 	}

@@ -181,7 +345,11 @@ func DatasourceCheck(ds models.Datasource) error {
 		req, err = http.NewRequest("GET", fullURL, nil)
 		if err != nil {
 			logger.Errorf("Error creating request: %v", err)
-			return fmt.Errorf("request url:%s failed", fullURL)
+			if !strings.Contains(ds.HTTPJson.Url, "/loki") {
+				lang := c.GetHeader("X-Language")
+				return fmt.Errorf(i18n.Sprintf(lang, "/loki suffix is miss, please add /loki to the url: %s", ds.HTTPJson.Url+"/loki"))
+			}
+			return fmt.Errorf("request url:%s failed: %v", fullURL, err)
 		}
 	}

@@ -196,12 +364,16 @@ func DatasourceCheck(ds models.Datasource) error {
 	resp, err := client.Do(req)
 	if err != nil {
 		logger.Errorf("Error making request: %v\n", err)
-		return fmt.Errorf("request url:%s failed", fullURL)
+		return fmt.Errorf("request url:%s failed: %v", fullURL, err)
 	}
 	defer resp.Body.Close()

 	if resp.StatusCode != 200 {
 		logger.Errorf("Error making request: %v\n", resp.StatusCode)
+		if resp.StatusCode == 404 && ds.PluginType == models.LOKI && !strings.Contains(ds.HTTPJson.Url, "/loki") {
+			lang := c.GetHeader("X-Language")
+			return fmt.Errorf(i18n.Sprintf(lang, "/loki suffix is miss, please add /loki to the url: %s", ds.HTTPJson.Url+"/loki"))
+		}
 		body, _ := io.ReadAll(resp.Body)
 		return fmt.Errorf("request url:%s failed code:%d body:%s", fullURL, resp.StatusCode, string(body))
 	}
@@ -287,3 +459,82 @@ func (rt *Router) datasourceQuery(c *gin.Context) {
 	}
 	ginx.NewRender(c).Data(req, err)
 }
+
+// getElasticsearchVersion 该函数尝试从提供的Elasticsearch数据源中获取版本号，遍历所有URL，
+// 直到成功获取版本号或所有URL均尝试失败为止。
+func getElasticsearchVersion(ds models.Datasource, timeout time.Duration) (string, error) {
+	client := &http.Client{
+		Timeout: timeout,
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: ds.HTTPJson.TLS.SkipTlsVerify,
+			},
+		},
+	}
+
+	urls := make([]string, 0)
+	if len(ds.HTTPJson.Urls) > 0 {
+		urls = append(urls, ds.HTTPJson.Urls...)
+	}
+	if ds.HTTPJson.Url != "" {
+		urls = append(urls, ds.HTTPJson.Url)
+	}
+	if len(urls) == 0 {
+		return "", fmt.Errorf("no url provided")
+	}
+
+	var lastErr error
+	for _, raw := range urls {
+		baseURL := strings.TrimRight(raw, "/") + "/"
+		req, err := http.NewRequest("GET", baseURL, nil)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		if ds.AuthJson.BasicAuthUser != "" {
+			req.SetBasicAuth(ds.AuthJson.BasicAuthUser, ds.AuthJson.BasicAuthPassword)
+		}
+
+		for k, v := range ds.HTTPJson.Headers {
+			req.Header.Set(k, v)
+		}
+
+		resp, err := client.Do(req)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		body, err := io.ReadAll(resp.Body)
+		resp.Body.Close()
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		if resp.StatusCode != 200 {
+			lastErr = fmt.Errorf("request to %s failed with status: %d body:%s", baseURL, resp.StatusCode, string(body))
+			continue
+		}
+
+		var result map[string]interface{}
+		if err := json.Unmarshal(body, &result); err != nil {
+			lastErr = err
+			continue
+		}
+
+		if version, ok := result["version"].(map[string]interface{}); ok {
+			if number, ok := version["number"].(string); ok && number != "" {
+				return number, nil
+			}
+		}
+
+		lastErr = fmt.Errorf("version not found in response from %s", baseURL)
+	}
+
+	if lastErr != nil {
+		return "", lastErr
+	}
+	return "", fmt.Errorf("failed to get elasticsearch version")
+}
--- a/center/router/router_datasource_db.go
+++ b/center/router/router_datasource_db.go
@@ -6,10 +6,10 @@ import (
 	"github.com/ccfos/nightingale/v6/dscache"
 	"github.com/ccfos/nightingale/v6/dskit/types"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+	"github.com/ccfos/nightingale/v6/pkg/logx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/logger"
 )

 func (rt *Router) ShowDatabases(c *gin.Context) {
@@ -18,7 +18,7 @@ func (rt *Router) ShowDatabases(c *gin.Context) {

 	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 	if !exists {
-		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		logx.Warningf(c.Request.Context(), "cluster:%d not exists", f.DatasourceId)
 		ginx.Bomb(200, "cluster not exists")
 	}

@@ -48,7 +48,7 @@ func (rt *Router) ShowTables(c *gin.Context) {

 	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 	if !exists {
-		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		logx.Warningf(c.Request.Context(), "cluster:%d not exists", f.DatasourceId)
 		ginx.Bomb(200, "cluster not exists")
 	}

@@ -60,8 +60,8 @@ func (rt *Router) ShowTables(c *gin.Context) {
 	}
 	switch plug.(type) {
 	case TableShower:
-		if len(f.Querys) > 0 {
-			database, ok := f.Querys[0].(string)
+		if len(f.Queries) > 0 {
+			database, ok := f.Queries[0].(string)
 			if ok {
 				tables, err = plug.(TableShower).ShowTables(c.Request.Context(), database)
 			}
@@ -78,7 +78,7 @@ func (rt *Router) DescribeTable(c *gin.Context) {

 	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 	if !exists {
-		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		logx.Warningf(c.Request.Context(), "cluster:%d not exists", f.DatasourceId)
 		ginx.Bomb(200, "cluster not exists")
 	}
 	// 只接受一个入参
@@ -90,8 +90,8 @@ func (rt *Router) DescribeTable(c *gin.Context) {
 	switch plug.(type) {
 	case TableDescriber:
 		client := plug.(TableDescriber)
-		if len(f.Querys) > 0 {
-			columns, err = client.DescribeTable(c.Request.Context(), f.Querys[0])
+		if len(f.Queries) > 0 {
+			columns, err = client.DescribeTable(c.Request.Context(), f.Queries[0])
 		}
 	default:
 		ginx.Bomb(200, "datasource not exists")
--- a/center/router/router_embedded.go
+++ b/center/router/router_embedded.go
@@ -0,0 +1,142 @@
+package router
+
+import (
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+)
+
+func (rt *Router) embeddedProductGets(c *gin.Context) {
+	products, err := models.EmbeddedProductGets(rt.Ctx)
+	ginx.Dangerous(err)
+	models.FillUpdateByNicknames(rt.Ctx, products)
+	// 获取当前用户可访问的Group ID 列表
+	me := c.MustGet("user").(*models.User)
+
+	if me.IsAdmin() {
+		ginx.NewRender(c).Data(products, err)
+		return
+	}
+
+	gids, err := models.MyGroupIds(rt.Ctx, me.Id)
+	bgSet := make(map[int64]struct{}, len(gids))
+	for _, id := range gids {
+		bgSet[id] = struct{}{}
+	}
+
+	// 过滤出公开或有权限访问的私有 product link
+	var result []*models.EmbeddedProduct
+	for _, product := range products {
+		if !product.IsPrivate {
+			result = append(result, product)
+			continue
+		}
+
+		for _, tid := range product.TeamIDs {
+			if _, ok := bgSet[tid]; ok {
+				result = append(result, product)
+				break
+			}
+		}
+	}
+
+	ginx.NewRender(c).Data(result, err)
+}
+
+func (rt *Router) embeddedProductGet(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+	if id <= 0 {
+		ginx.Bomb(400, "invalid id")
+	}
+
+	data, err := models.GetEmbeddedProductByID(rt.Ctx, id)
+	ginx.Dangerous(err)
+
+	me := c.MustGet("user").(*models.User)
+	hashPermission, err := hasEmbeddedProductAccess(rt.Ctx, me, data)
+	ginx.Dangerous(err)
+
+	if !hashPermission {
+		ginx.Bomb(403, "forbidden")
+	}
+
+	ginx.NewRender(c).Data(data, nil)
+}
+
+func (rt *Router) embeddedProductAdd(c *gin.Context) {
+	var eps []models.EmbeddedProduct
+	ginx.BindJSON(c, &eps)
+
+	me := c.MustGet("user").(*models.User)
+
+	for i := range eps {
+		eps[i].CreateBy = me.Nickname
+		eps[i].UpdateBy = me.Nickname
+	}
+
+	err := models.AddEmbeddedProduct(rt.Ctx, eps)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) embeddedProductPut(c *gin.Context) {
+	var ep models.EmbeddedProduct
+	id := ginx.UrlParamInt64(c, "id")
+	ginx.BindJSON(c, &ep)
+
+	if id <= 0 {
+		ginx.Bomb(400, "invalid id")
+	}
+
+	oldProduct, err := models.GetEmbeddedProductByID(rt.Ctx, id)
+	ginx.Dangerous(err)
+	me := c.MustGet("user").(*models.User)
+
+	now := time.Now().Unix()
+	oldProduct.Name = ep.Name
+	oldProduct.URL = ep.URL
+	oldProduct.IsPrivate = ep.IsPrivate
+	oldProduct.TeamIDs = ep.TeamIDs
+	oldProduct.UpdateBy = me.Username
+	oldProduct.UpdateAt = now
+
+	err = models.UpdateEmbeddedProduct(rt.Ctx, oldProduct)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) embeddedProductDelete(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+	if id <= 0 {
+		ginx.Bomb(400, "invalid id")
+	}
+
+	err := models.DeleteEmbeddedProduct(rt.Ctx, id)
+	ginx.NewRender(c).Message(err)
+}
+
+func hasEmbeddedProductAccess(ctx *ctx.Context, user *models.User, ep *models.EmbeddedProduct) (bool, error) {
+	if user.IsAdmin() || !ep.IsPrivate {
+		return true, nil
+	}
+
+	gids, err := models.MyGroupIds(ctx, user.Id)
+	if err != nil {
+		return false, err
+	}
+
+	groupSet := make(map[int64]struct{}, len(gids))
+	for _, gid := range gids {
+		groupSet[gid] = struct{}{}
+	}
+
+	for _, tid := range ep.TeamIDs {
+		if _, ok := groupSet[tid]; ok {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
--- a/center/router/router_es.go
+++ b/center/router/router_es.go
@@ -3,10 +3,10 @@ package router
 import (
 	"github.com/ccfos/nightingale/v6/datasource/es"
 	"github.com/ccfos/nightingale/v6/dscache"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+	"github.com/ccfos/nightingale/v6/pkg/logx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/logger"
 )

 type IndexReq struct {
@@ -34,7 +34,7 @@ func (rt *Router) QueryIndices(c *gin.Context) {

 	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 	if !exists {
-		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		logx.Warningf(c.Request.Context(), "cluster:%d not exists", f.DatasourceId)
 		ginx.Bomb(200, "cluster not exists")
 	}

@@ -50,7 +50,7 @@ func (rt *Router) QueryFields(c *gin.Context) {

 	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 	if !exists {
-		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		logx.Warningf(c.Request.Context(), "cluster:%d not exists", f.DatasourceId)
 		ginx.Bomb(200, "cluster not exists")
 	}

@@ -66,7 +66,7 @@ func (rt *Router) QueryESVariable(c *gin.Context) {

 	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 	if !exists {
-		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		logx.Warningf(c.Request.Context(), "cluster:%d not exists", f.DatasourceId)
 		ginx.Bomb(200, "cluster not exists")
 	}

--- a/center/router/router_es_index_pattern.go
+++ b/center/router/router_es_index_pattern.go
@@ -5,8 +5,8 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 // 创建 ES Index Pattern
@@ -69,6 +69,10 @@ func (rt *Router) esIndexPatternGetList(c *gin.Context) {
 		lst, err = models.EsIndexPatternGets(rt.Ctx, "")
 	}

+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, lst)
+	}
+
 	ginx.NewRender(c).Data(lst, err)
 }

--- a/center/router/router_event_detail.go
+++ b/center/router/router_event_detail.go
@@ -0,0 +1,149 @@
+package router
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/alert/naming"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/loggrep"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+)
+
+// eventDetailPage renders an HTML log viewer page (for pages group).
+func (rt *Router) eventDetailPage(c *gin.Context) {
+	hash := ginx.UrlParamStr(c, "hash")
+	if !loggrep.IsValidHash(hash) {
+		c.String(http.StatusBadRequest, "invalid hash format")
+		return
+	}
+
+	logs, instance, err := rt.getEventLogs(hash)
+	if err != nil {
+		c.String(http.StatusInternalServerError, "Error: %v", err)
+		return
+	}
+
+	c.Header("Content-Type", "text/html; charset=utf-8")
+	err = loggrep.RenderHTML(c.Writer, loggrep.PageData{
+		Hash:     hash,
+		Instance: instance,
+		Logs:     logs,
+		Total:    len(logs),
+	})
+	if err != nil {
+		c.String(http.StatusInternalServerError, "render error: %v", err)
+	}
+}
+
+// eventDetailJSON returns JSON (for service group).
+func (rt *Router) eventDetailJSON(c *gin.Context) {
+	hash := ginx.UrlParamStr(c, "hash")
+	if !loggrep.IsValidHash(hash) {
+		ginx.Bomb(200, "invalid hash format")
+	}
+
+	logs, instance, err := rt.getEventLogs(hash)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(loggrep.EventDetailResp{
+		Logs:     logs,
+		Instance: instance,
+	}, nil)
+}
+
+// getNodeForDatasource returns the alert engine instance responsible for the given
+// datasource and primary key. It first checks the local hashring, and falls back
+// to querying the database for active instances if the hashring is empty
+// (e.g. when the datasource belongs to another engine cluster).
+func (rt *Router) getNodeForDatasource(datasourceId int64, pk string) (string, error) {
+	dsIdStr := strconv.FormatInt(datasourceId, 10)
+	node, err := naming.DatasourceHashRing.GetNode(dsIdStr, pk)
+	if err == nil {
+		return node, nil
+	}
+
+	// Hashring is empty for this datasource (likely belongs to another engine cluster).
+	// Query the DB for active instances.
+	servers, dbErr := models.AlertingEngineGetsInstances(rt.Ctx,
+		"datasource_id = ? and clock > ?",
+		datasourceId, time.Now().Unix()-30)
+	if dbErr != nil {
+		return "", dbErr
+	}
+	if len(servers) == 0 {
+		return "", fmt.Errorf("no active instances for datasource %d", datasourceId)
+	}
+
+	ring := naming.NewConsistentHashRing(int32(naming.NodeReplicas), servers)
+	return ring.Get(pk)
+}
+
+// getEventLogs resolves the target instance and retrieves logs.
+func (rt *Router) getEventLogs(hash string) ([]string, string, error) {
+	event, err := models.AlertHisEventGetByHash(rt.Ctx, hash)
+	if err != nil {
+		return nil, "", err
+	}
+	if event == nil {
+		return nil, "", fmt.Errorf("no such alert event")
+	}
+
+	ruleId := strconv.FormatInt(event.RuleId, 10)
+
+	instance := fmt.Sprintf("%s:%d", rt.Alert.Heartbeat.IP, rt.HTTP.Port)
+
+	node, err := rt.getNodeForDatasource(event.DatasourceId, ruleId)
+	if err != nil || node == instance {
+		// hashring not ready or target is self, handle locally
+		logs, err := loggrep.GrepLogDir(rt.LogDir, hash)
+		return logs, instance, err
+	}
+
+	// forward to the target alert instance
+	return rt.forwardEventDetail(node, hash)
+}
+
+func (rt *Router) forwardEventDetail(node, hash string) ([]string, string, error) {
+	url := fmt.Sprintf("http://%s/v1/n9e/event-detail/%s", node, hash)
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, node, err
+	}
+
+	for user, pass := range rt.HTTP.APIForService.BasicAuth {
+		req.SetBasicAuth(user, pass)
+		break
+	}
+
+	client := &http.Client{Timeout: 15 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, node, fmt.Errorf("forward to %s failed: %v", node, err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 10*1024*1024)) // 10MB limit
+	if err != nil {
+		return nil, node, err
+	}
+
+	var result struct {
+		Dat loggrep.EventDetailResp `json:"dat"`
+		Err string                  `json:"err"`
+	}
+	if err := json.Unmarshal(body, &result); err != nil {
+		return nil, node, err
+	}
+	if result.Err != "" {
+		return nil, node, fmt.Errorf("%s", result.Err)
+	}
+
+	return result.Dat.Logs, result.Dat.Instance, nil
+}
--- a/center/router/router_event_pipeline.go
+++ b/center/router/router_event_pipeline.go
@@ -0,0 +1,639 @@
+package router
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/alert/pipeline/engine"
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"github.com/toolkits/pkg/i18n"
+	"github.com/toolkits/pkg/logger"
+)
+
+// 获取事件Pipeline列表
+func (rt *Router) eventPipelinesList(c *gin.Context) {
+	me := c.MustGet("user").(*models.User)
+	pipelines, err := models.ListEventPipelines(rt.Ctx)
+	ginx.Dangerous(err)
+
+	allTids := make([]int64, 0)
+	for _, pipeline := range pipelines {
+		allTids = append(allTids, pipeline.TeamIds...)
+	}
+	ugMap, err := models.UserGroupIdAndNameMap(rt.Ctx, allTids)
+	ginx.Dangerous(err)
+	for _, pipeline := range pipelines {
+		for _, tid := range pipeline.TeamIds {
+			pipeline.TeamNames = append(pipeline.TeamNames, ugMap[tid])
+		}
+		// 兼容处理：自动填充工作流字段
+		pipeline.FillWorkflowFields()
+	}
+	models.FillUpdateByNicknames(rt.Ctx, pipelines)
+
+	gids, err := models.MyGroupIdsMap(rt.Ctx, me.Id)
+	ginx.Dangerous(err)
+
+	if me.IsAdmin() {
+		for _, pipeline := range pipelines {
+			if pipeline.TriggerMode == "" {
+				pipeline.TriggerMode = models.TriggerModeEvent
+			}
+
+			if pipeline.UseCase == "" {
+				pipeline.UseCase = models.UseCaseEventPipeline
+			}
+		}
+		ginx.NewRender(c).Data(pipelines, nil)
+		return
+	}
+
+	res := make([]*models.EventPipeline, 0)
+	for _, pipeline := range pipelines {
+		if pipeline.TriggerMode == "" {
+			pipeline.TriggerMode = models.TriggerModeEvent
+		}
+
+		if pipeline.UseCase == "" {
+			pipeline.UseCase = models.UseCaseEventPipeline
+		}
+
+		for _, tid := range pipeline.TeamIds {
+			if _, ok := gids[tid]; ok {
+				res = append(res, pipeline)
+				break
+			}
+		}
+	}
+
+	ginx.NewRender(c).Data(res, nil)
+}
+
+// 获取单个事件Pipeline详情
+func (rt *Router) getEventPipeline(c *gin.Context) {
+	me := c.MustGet("user").(*models.User)
+	id := ginx.UrlParamInt64(c, "id")
+	pipeline, err := models.GetEventPipeline(rt.Ctx, id)
+	ginx.Dangerous(err)
+	ginx.Dangerous(me.CheckGroupPermission(rt.Ctx, pipeline.TeamIds))
+
+	err = pipeline.FillTeamNames(rt.Ctx)
+	ginx.Dangerous(err)
+
+	// 兼容处理：自动填充工作流字段
+	pipeline.FillWorkflowFields()
+	if pipeline.TriggerMode == "" {
+		pipeline.TriggerMode = models.TriggerModeEvent
+	}
+	if pipeline.UseCase == "" {
+		pipeline.UseCase = models.UseCaseEventPipeline
+	}
+
+	ginx.NewRender(c).Data(pipeline, nil)
+}
+
+// 创建事件Pipeline
+func (rt *Router) addEventPipeline(c *gin.Context) {
+	var pipeline models.EventPipeline
+	ginx.BindJSON(c, &pipeline)
+
+	user := c.MustGet("user").(*models.User)
+	now := time.Now().Unix()
+	pipeline.CreateBy = user.Username
+	pipeline.CreateAt = now
+	pipeline.UpdateAt = now
+	pipeline.UpdateBy = user.Username
+
+	err := pipeline.Verify()
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
+	}
+
+	ginx.Dangerous(user.CheckGroupPermission(rt.Ctx, pipeline.TeamIds))
+	err = models.CreateEventPipeline(rt.Ctx, &pipeline)
+	ginx.NewRender(c).Message(err)
+}
+
+// 更新事件Pipeline
+func (rt *Router) updateEventPipeline(c *gin.Context) {
+	var f models.EventPipeline
+	ginx.BindJSON(c, &f)
+
+	me := c.MustGet("user").(*models.User)
+	f.UpdateBy = me.Username
+	f.UpdateAt = time.Now().Unix()
+
+	pipeline, err := models.GetEventPipeline(rt.Ctx, f.ID)
+	if err != nil {
+		ginx.Bomb(http.StatusNotFound, "No such event pipeline")
+	}
+	ginx.Dangerous(me.CheckGroupPermission(rt.Ctx, pipeline.TeamIds))
+
+	ginx.NewRender(c).Message(pipeline.Update(rt.Ctx, &f))
+}
+
+// 删除事件Pipeline
+func (rt *Router) deleteEventPipelines(c *gin.Context) {
+	var f struct {
+		Ids []int64 `json:"ids"`
+	}
+	ginx.BindJSON(c, &f)
+
+	if len(f.Ids) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "ids required")
+	}
+
+	me := c.MustGet("user").(*models.User)
+	for _, id := range f.Ids {
+		pipeline, err := models.GetEventPipeline(rt.Ctx, id)
+		ginx.Dangerous(err)
+		ginx.Dangerous(me.CheckGroupPermission(rt.Ctx, pipeline.TeamIds))
+	}
+
+	err := models.DeleteEventPipelines(rt.Ctx, f.Ids)
+	ginx.NewRender(c).Message(err)
+}
+
+// 测试事件Pipeline
+func (rt *Router) tryRunEventPipeline(c *gin.Context) {
+	var f struct {
+		EventId        int64                `json:"event_id"`
+		PipelineConfig models.EventPipeline `json:"pipeline_config"`
+		InputVariables map[string]string    `json:"input_variables,omitempty"`
+	}
+
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	if err != nil || hisEvent == nil {
+		ginx.Bomb(http.StatusBadRequest, "event not found")
+	}
+	event := hisEvent.ToCur()
+
+	lang := c.GetHeader("X-Language")
+	me := c.MustGet("user").(*models.User)
+
+	// 统一使用工作流引擎执行（兼容线性模式和工作流模式）
+	workflowEngine := engine.NewWorkflowEngine(rt.Ctx)
+
+	triggerCtx := &models.WorkflowTriggerContext{
+		Mode:            models.TriggerModeAPI,
+		TriggerBy:       me.Username,
+		InputsOverrides: f.InputVariables,
+	}
+
+	resultEvent, result, err := workflowEngine.Execute(&f.PipelineConfig, event, triggerCtx)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, "pipeline execute error: %v", err)
+	}
+
+	m := map[string]interface{}{
+		"event":        resultEvent,
+		"result":       i18n.Sprintf(lang, result.Message),
+		"status":       result.Status,
+		"node_results": result.NodeResults,
+	}
+
+	if resultEvent == nil {
+		m["result"] = i18n.Sprintf(lang, "event is dropped")
+	}
+
+	ginx.NewRender(c).Data(m, nil)
+}
+
+// 测试事件处理器
+func (rt *Router) tryRunEventProcessor(c *gin.Context) {
+	var f struct {
+		EventId         int64                  `json:"event_id"`
+		ProcessorConfig models.ProcessorConfig `json:"processor_config"`
+	}
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	if err != nil || hisEvent == nil {
+		ginx.Bomb(http.StatusBadRequest, "event not found")
+	}
+	event := hisEvent.ToCur()
+
+	processor, err := models.GetProcessorByType(f.ProcessorConfig.Typ, f.ProcessorConfig.Config)
+	if err != nil {
+		ginx.Bomb(200, "get processor err: %+v", err)
+	}
+	wfCtx := &models.WorkflowContext{
+		Event: event,
+		Vars:  make(map[string]interface{}),
+	}
+	wfCtx, res, err := processor.Process(rt.Ctx, wfCtx)
+	if err != nil {
+		ginx.Bomb(200, "processor err: %+v", err)
+	}
+
+	lang := c.GetHeader("X-Language")
+	ginx.NewRender(c).Data(map[string]interface{}{
+		"event":  wfCtx.Event,
+		"result": i18n.Sprintf(lang, res),
+	}, nil)
+}
+
+func (rt *Router) tryRunEventProcessorByNotifyRule(c *gin.Context) {
+	var f struct {
+		EventId         int64                   `json:"event_id"`
+		PipelineConfigs []models.PipelineConfig `json:"pipeline_configs"`
+	}
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	if err != nil || hisEvent == nil {
+		ginx.Bomb(http.StatusBadRequest, "event not found")
+	}
+	event := hisEvent.ToCur()
+
+	pids := make([]int64, 0)
+	for _, pc := range f.PipelineConfigs {
+		if pc.Enable {
+			pids = append(pids, pc.PipelineId)
+		}
+	}
+
+	pipelines, err := models.GetEventPipelinesByIds(rt.Ctx, pids)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, "processors not found")
+	}
+
+	wfCtx := &models.WorkflowContext{
+		Event: event,
+		Vars:  make(map[string]interface{}),
+	}
+	for _, pl := range pipelines {
+		for _, p := range pl.ProcessorConfigs {
+			processor, err := models.GetProcessorByType(p.Typ, p.Config)
+			if err != nil {
+				ginx.Bomb(http.StatusBadRequest, "get processor: %+v err: %+v", p, err)
+			}
+
+			wfCtx, _, err = processor.Process(rt.Ctx, wfCtx)
+			if err != nil {
+				ginx.Bomb(http.StatusBadRequest, "processor: %+v err: %+v", p, err)
+			}
+			if wfCtx == nil || wfCtx.Event == nil {
+				lang := c.GetHeader("X-Language")
+				ginx.NewRender(c).Data(map[string]interface{}{
+					"event":  nil,
+					"result": i18n.Sprintf(lang, "event is dropped"),
+				}, nil)
+				return
+			}
+		}
+	}
+
+	ginx.NewRender(c).Data(wfCtx.Event, nil)
+}
+
+func (rt *Router) eventPipelinesListByService(c *gin.Context) {
+	pipelines, err := models.ListEventPipelines(rt.Ctx)
+	ginx.NewRender(c).Data(pipelines, err)
+}
+
+type EventPipelineRequest struct {
+	// 事件数据（可选，如果不传则使用空事件）
+	Event *models.AlertCurEvent `json:"event,omitempty"`
+	// 输入参数覆盖
+	InputsOverrides map[string]string `json:"inputs_overrides,omitempty"`
+
+	Username string `json:"username,omitempty"`
+}
+
+// executePipelineTrigger 执行 Pipeline 触发的公共逻辑
+func (rt *Router) executePipelineTrigger(pipeline *models.EventPipeline, req *EventPipelineRequest, triggerBy string) (string, error) {
+	// 准备事件数据
+	var event *models.AlertCurEvent
+	if req.Event != nil {
+		event = req.Event
+	} else {
+		// 创建空事件
+		event = &models.AlertCurEvent{
+			TriggerTime: time.Now().Unix(),
+		}
+	}
+
+	// 生成执行ID
+	executionID := uuid.New().String()
+
+	// 创建触发上下文
+	triggerCtx := &models.WorkflowTriggerContext{
+		Mode:            models.TriggerModeAPI,
+		TriggerBy:       triggerBy,
+		InputsOverrides: req.InputsOverrides,
+		RequestID:       executionID,
+	}
+
+	// 异步执行工作流
+	go func() {
+		workflowEngine := engine.NewWorkflowEngine(rt.Ctx)
+		_, _, err := workflowEngine.Execute(pipeline, event, triggerCtx)
+		if err != nil {
+			logger.Errorf("async workflow execute error: pipeline_id=%d execution_id=%s err=%v",
+				pipeline.ID, executionID, err)
+		}
+	}()
+
+	return executionID, nil
+}
+
+// triggerEventPipelineByService Service 调用触发工作流执行
+func (rt *Router) triggerEventPipelineByService(c *gin.Context) {
+	pipelineID := ginx.UrlParamInt64(c, "id")
+	var f EventPipelineRequest
+	ginx.BindJSON(c, &f)
+
+	// 获取 Pipeline
+	pipeline, err := models.GetEventPipeline(rt.Ctx, pipelineID)
+	if err != nil {
+		ginx.Bomb(http.StatusNotFound, "pipeline not found: %v", err)
+	}
+
+	executionID, err := rt.executePipelineTrigger(pipeline, &f, f.Username)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, "%v", err)
+	}
+
+	ginx.NewRender(c).Data(gin.H{
+		"execution_id": executionID,
+		"message":      "workflow execution started",
+	}, nil)
+}
+
+// triggerEventPipelineByAPI API 触发工作流执行
+func (rt *Router) triggerEventPipelineByAPI(c *gin.Context) {
+	pipelineID := ginx.UrlParamInt64(c, "id")
+	var f EventPipelineRequest
+	ginx.BindJSON(c, &f)
+
+	// 获取 Pipeline
+	pipeline, err := models.GetEventPipeline(rt.Ctx, pipelineID)
+	if err != nil {
+		ginx.Bomb(http.StatusNotFound, "pipeline not found: %v", err)
+	}
+
+	// 检查权限
+	me := c.MustGet("user").(*models.User)
+	ginx.Dangerous(me.CheckGroupPermission(rt.Ctx, pipeline.TeamIds))
+
+	executionID, err := rt.executePipelineTrigger(pipeline, &f, me.Username)
+	if err != nil {
+		ginx.Bomb(http.StatusBadRequest, err.Error())
+	}
+
+	ginx.NewRender(c).Data(gin.H{
+		"execution_id": executionID,
+		"message":      "workflow execution started",
+	}, nil)
+}
+
+func (rt *Router) listAllEventPipelineExecutions(c *gin.Context) {
+	pipelineId := ginx.QueryInt64(c, "pipeline_id", 0)
+	pipelineName := ginx.QueryStr(c, "pipeline_name", "")
+	mode := ginx.QueryStr(c, "mode", "")
+	status := ginx.QueryStr(c, "status", "")
+	limit := ginx.QueryInt(c, "limit", 20)
+	offset := ginx.QueryInt(c, "p", 1)
+
+	if limit <= 0 || limit > 1000 {
+		limit = 20
+	}
+	if offset <= 0 {
+		offset = 1
+	}
+
+	executions, total, err := models.ListAllEventPipelineExecutions(rt.Ctx, pipelineId, pipelineName, mode, status, limit, (offset-1)*limit)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(gin.H{
+		"list":  executions,
+		"total": total,
+	}, nil)
+}
+
+func (rt *Router) listEventPipelineExecutions(c *gin.Context) {
+	pipelineID := ginx.UrlParamInt64(c, "id")
+	mode := ginx.QueryStr(c, "mode", "")
+	status := ginx.QueryStr(c, "status", "")
+	limit := ginx.QueryInt(c, "limit", 20)
+	offset := ginx.QueryInt(c, "p", 1)
+
+	if limit <= 0 || limit > 1000 {
+		limit = 20
+	}
+	if offset <= 0 {
+		offset = 1
+	}
+
+	executions, total, err := models.ListEventPipelineExecutions(rt.Ctx, pipelineID, mode, status, limit, (offset-1)*limit)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(gin.H{
+		"list":  executions,
+		"total": total,
+	}, nil)
+}
+
+func (rt *Router) getEventPipelineExecution(c *gin.Context) {
+	execID := ginx.UrlParamStr(c, "exec_id")
+
+	detail, err := models.GetEventPipelineExecutionDetail(rt.Ctx, execID)
+	if err != nil {
+		ginx.Bomb(http.StatusNotFound, "execution not found: %v", err)
+	}
+
+	ginx.NewRender(c).Data(detail, nil)
+}
+
+func (rt *Router) getEventPipelineExecutionStats(c *gin.Context) {
+	pipelineID := ginx.UrlParamInt64(c, "id")
+
+	stats, err := models.GetEventPipelineExecutionStatistics(rt.Ctx, pipelineID)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(stats, nil)
+}
+
+func (rt *Router) cleanEventPipelineExecutions(c *gin.Context) {
+	var f struct {
+		BeforeDays int `json:"before_days"`
+	}
+	ginx.BindJSON(c, &f)
+
+	if f.BeforeDays <= 0 {
+		f.BeforeDays = 30
+	}
+
+	beforeTime := time.Now().AddDate(0, 0, -f.BeforeDays).Unix()
+	affected, err := models.DeleteEventPipelineExecutions(rt.Ctx, beforeTime)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(gin.H{
+		"deleted": affected,
+	}, nil)
+}
+
+func (rt *Router) streamEventPipeline(c *gin.Context) {
+	pipelineID := ginx.UrlParamInt64(c, "id")
+
+	var f EventPipelineRequest
+	ginx.BindJSON(c, &f)
+
+	pipeline, err := models.GetEventPipeline(rt.Ctx, pipelineID)
+	if err != nil {
+		ginx.Bomb(http.StatusNotFound, "pipeline not found: %v", err)
+	}
+
+	me := c.MustGet("user").(*models.User)
+	ginx.Dangerous(me.CheckGroupPermission(rt.Ctx, pipeline.TeamIds))
+
+	var event *models.AlertCurEvent
+	if f.Event != nil {
+		event = f.Event
+	} else {
+		event = &models.AlertCurEvent{
+			TriggerTime: time.Now().Unix(),
+		}
+	}
+
+	triggerCtx := &models.WorkflowTriggerContext{
+		Mode:            models.TriggerModeAPI,
+		TriggerBy:       me.Username,
+		InputsOverrides: f.InputsOverrides,
+		RequestID:       uuid.New().String(),
+		Stream:          true, // 流式端点强制启用流式输出
+	}
+
+	workflowEngine := engine.NewWorkflowEngine(rt.Ctx)
+	_, result, err := workflowEngine.Execute(pipeline, event, triggerCtx)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, "execute failed: %v", err)
+	}
+
+	if result.Stream && result.StreamChan != nil {
+		rt.handleStreamResponse(c, result, triggerCtx.RequestID)
+		return
+	}
+
+	ginx.NewRender(c).Data(result, nil)
+}
+
+func (rt *Router) handleStreamResponse(c *gin.Context, result *models.WorkflowResult, requestID string) {
+	// 设置 SSE 响应头
+	c.Header("Content-Type", "text/event-stream")
+	c.Header("Cache-Control", "no-cache")
+	c.Header("Connection", "keep-alive")
+	c.Header("X-Accel-Buffering", "no") // 禁用 nginx 缓冲
+	c.Header("X-Request-ID", requestID)
+
+	flusher, ok := c.Writer.(http.Flusher)
+	if !ok {
+		ginx.Bomb(http.StatusInternalServerError, "streaming not supported")
+		return
+	}
+
+	// 发送初始连接成功消息
+	initData := fmt.Sprintf(`{"type":"connected","request_id":"%s","timestamp":%d}`, requestID, time.Now().UnixMilli())
+	fmt.Fprintf(c.Writer, "data: %s\n\n", initData)
+	flusher.Flush()
+
+	// 从 channel 读取并发送 SSE
+	timeout := time.After(30 * time.Minute) // 最长流式输出时间
+	for {
+		select {
+		case chunk, ok := <-result.StreamChan:
+			if !ok {
+				// channel 关闭，发送结束标记
+				return
+			}
+
+			data, err := json.Marshal(chunk)
+			if err != nil {
+				logger.Errorf("stream: failed to marshal chunk: %v", err)
+				continue
+			}
+
+			fmt.Fprintf(c.Writer, "data: %s\n\n", data)
+			flusher.Flush()
+
+			if chunk.Done {
+				return
+			}
+
+		case <-c.Request.Context().Done():
+			// 客户端断开连接
+			logger.Infof("stream: client disconnected, request_id=%s", requestID)
+			return
+		case <-timeout:
+			logger.Errorf("stream: timeout, request_id=%s", requestID)
+			return
+		}
+	}
+}
+
+func (rt *Router) streamEventPipelineByService(c *gin.Context) {
+	pipelineID := ginx.UrlParamInt64(c, "id")
+
+	var f EventPipelineRequest
+	ginx.BindJSON(c, &f)
+
+	pipeline, err := models.GetEventPipeline(rt.Ctx, pipelineID)
+	if err != nil {
+		ginx.Bomb(http.StatusNotFound, "pipeline not found: %v", err)
+	}
+
+	var event *models.AlertCurEvent
+	if f.Event != nil {
+		event = f.Event
+	} else {
+		event = &models.AlertCurEvent{
+			TriggerTime: time.Now().Unix(),
+		}
+	}
+
+	triggerCtx := &models.WorkflowTriggerContext{
+		Mode:            models.TriggerModeAPI,
+		TriggerBy:       f.Username,
+		InputsOverrides: f.InputsOverrides,
+		RequestID:       uuid.New().String(),
+		Stream:          true, // 流式端点强制启用流式输出
+	}
+
+	workflowEngine := engine.NewWorkflowEngine(rt.Ctx)
+	_, result, err := workflowEngine.Execute(pipeline, event, triggerCtx)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, "execute failed: %v", err)
+	}
+
+	// 检查是否是流式输出
+	if result.Stream && result.StreamChan != nil {
+		rt.handleStreamResponse(c, result, triggerCtx.RequestID)
+		return
+	}
+
+	ginx.NewRender(c).Data(result, nil)
+}
+
+// eventPipelineExecutionAdd 接收 edge 节点同步的 Pipeline 执行记录
+func (rt *Router) eventPipelineExecutionAdd(c *gin.Context) {
+	var execution models.EventPipelineExecution
+	ginx.BindJSON(c, &execution)
+
+	if execution.ID == "" {
+		ginx.Bomb(http.StatusBadRequest, "id is required")
+	}
+	if execution.PipelineID <= 0 {
+		ginx.Bomb(http.StatusBadRequest, "pipeline_id is required")
+	}
+
+	ginx.NewRender(c).Message(models.DB(rt.Ctx).Create(&execution).Error)
+}
--- a/center/router/router_funcs.go
+++ b/center/router/router_funcs.go
@@ -7,9 +7,9 @@ import (

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 const defaultLimit = 300
@@ -40,6 +40,10 @@ func (rt *Router) statistic(c *gin.Context) {
 		model = models.NotifyRule{}
 	case "notify_channel":
 		model = models.NotifyChannel{}
+	case "event_pipeline":
+		statistics, err = models.EventPipelineStatistics(rt.Ctx)
+		ginx.NewRender(c).Data(statistics, err)
+		return
 	case "datasource":
 		// datasource update_at is different from others
 		statistics, err = models.DatasourceStatistics(rt.Ctx)
@@ -124,6 +128,12 @@ func UserGroup(ctx *ctx.Context, id int64) *models.UserGroup {
 		ginx.Bomb(http.StatusNotFound, "No such UserGroup")
 	}

+	bgids, err := models.BusiGroupIds(ctx, []int64{id})
+	ginx.Dangerous(err)
+
+	obj.BusiGroups, err = models.BusiGroupGetByIds(ctx, bgids)
+	ginx.Dangerous(err)
+
 	return obj
 }

@@ -169,3 +179,38 @@ func Username(c *gin.Context) string {
 	}
 	return username
 }
+
+func HasPermission(ctx *ctx.Context, c *gin.Context, sourceType, sourceId string, isAnonymousAccess bool) bool {
+	if sourceType == "event" && isAnonymousAccess {
+		return true
+	}
+
+	// 尝试从请求中获取 __token 参数
+	token := ginx.QueryStr(c, "__token", "")
+
+	// 如果有 __token 参数，验证其合法性
+	if token != "" {
+		return ValidateSourceToken(ctx, sourceType, sourceId, token)
+	}
+
+	return false
+}
+
+func ValidateSourceToken(ctx *ctx.Context, sourceType, sourceId, token string) bool {
+	if token == "" {
+		return false
+	}
+
+	// 根据源类型、源ID和令牌获取源令牌记录
+	sourceToken, err := models.GetSourceTokenBySource(ctx, sourceType, sourceId, token)
+	if err != nil {
+		return false
+	}
+
+	// 检查令牌是否过期
+	if sourceToken.IsExpired() {
+		return false
+	}
+
+	return true
+}
--- a/center/router/router_heartbeat.go
+++ b/center/router/router_heartbeat.go
@@ -15,9 +15,9 @@ import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pushgw/idents"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

--- a/center/router/router_login.go
+++ b/center/router/router_login.go
@@ -2,23 +2,29 @@ package router

 import (
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/cas"
+	"github.com/ccfos/nightingale/v6/pkg/dingtalk"
+	"github.com/ccfos/nightingale/v6/pkg/feishu"
 	"github.com/ccfos/nightingale/v6/pkg/ldapx"
+	"github.com/ccfos/nightingale/v6/pkg/logx"
 	"github.com/ccfos/nightingale/v6/pkg/oauth2x"
 	"github.com/ccfos/nightingale/v6/pkg/oidcx"
 	"github.com/ccfos/nightingale/v6/pkg/secu"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
 	"github.com/pelletier/go-toml/v2"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/logger"
+	"github.com/pkg/errors"
+	"gorm.io/gorm"
 )

 type loginForm struct {
@@ -31,7 +37,9 @@ type loginForm struct {
 func (rt *Router) loginPost(c *gin.Context) {
 	var f loginForm
 	ginx.BindJSON(c, &f)
-	logger.Infof("username:%s login from:%s", f.Username, c.ClientIP())
+
+	rctx := c.Request.Context()
+	logx.Infof(rctx, "username:%s login from:%s", f.Username, c.ClientIP())

 	if rt.HTTP.ShowCaptcha.Enable {
 		if !CaptchaVerify(f.Captchaid, f.Verifyvalue) {
@@ -44,23 +52,25 @@ func (rt *Router) loginPost(c *gin.Context) {
 	if rt.HTTP.RSA.OpenRSA {
 		decPassWord, err := secu.Decrypt(f.Password, rt.HTTP.RSA.RSAPrivateKey, rt.HTTP.RSA.RSAPassWord)
 		if err != nil {
-			logger.Errorf("RSA Decrypt failed: %v username: %s", err, f.Username)
+			logx.Errorf(rctx, "RSA Decrypt failed: %v username: %s", err, f.Username)
 			ginx.NewRender(c).Message(err)
 			return
 		}
 		authPassWord = decPassWord
 	}

+	reqCtx := rt.Ctx.WithContext(rctx)
+
 	var user *models.User
 	var err error
 	lc := rt.Sso.LDAP.Copy()
 	if lc.Enable {
-		user, err = ldapx.LdapLogin(rt.Ctx, f.Username, authPassWord, lc.DefaultRoles, lc.DefaultTeams, lc)
+		user, err = ldapx.LdapLogin(reqCtx, f.Username, authPassWord, lc.DefaultRoles, lc.DefaultTeams, lc)
 		if err != nil {
-			logger.Debugf("ldap login failed: %v username: %s", err, f.Username)
+			logx.Debugf(rctx, "ldap login failed: %v username: %s", err, f.Username)
 			var errLoginInN9e error
 			// to use n9e as the minimum guarantee for login
-			if user, errLoginInN9e = models.PassLogin(rt.Ctx, rt.Redis, f.Username, authPassWord); errLoginInN9e != nil {
+			if user, errLoginInN9e = models.PassLogin(reqCtx, rt.Redis, f.Username, authPassWord); errLoginInN9e != nil {
 				ginx.NewRender(c).Message("ldap login failed: %v; n9e login failed: %v", err, errLoginInN9e)
 				return
 			}
@@ -68,7 +78,7 @@ func (rt *Router) loginPost(c *gin.Context) {
 			user.RolesLst = strings.Fields(user.Roles)
 		}
 	} else {
-		user, err = models.PassLogin(rt.Ctx, rt.Redis, f.Username, authPassWord)
+		user, err = models.PassLogin(reqCtx, rt.Redis, f.Username, authPassWord)
 		ginx.Dangerous(err)
 	}

@@ -92,7 +102,8 @@ func (rt *Router) loginPost(c *gin.Context) {
 }

 func (rt *Router) logoutPost(c *gin.Context) {
-	logger.Infof("username:%s logout from:%s", c.GetString("username"), c.ClientIP())
+	rctx := c.Request.Context()
+	logx.Infof(rctx, "username:%s logout from:%s", c.GetString("username"), c.ClientIP())
 	metadata, err := rt.extractTokenMetadata(c.Request)
 	if err != nil {
 		ginx.NewRender(c, http.StatusBadRequest).Message("failed to parse jwt token")
@@ -107,9 +118,20 @@ func (rt *Router) logoutPost(c *gin.Context) {

 	var logoutAddr string
 	user := c.MustGet("user").(*models.User)
+
+	// 获取用户的 id_token
+	idToken, err := rt.fetchIdToken(c.Request.Context(), user.Id)
+	if err != nil {
+		logx.Debugf(rctx, "fetch id_token failed: %v, user_id: %d", err, user.Id)
+		idToken = "" // 如果获取失败，使用空字符串
+	}
+
+	// 删除 id_token
+	rt.deleteIdToken(c.Request.Context(), user.Id)
+
 	switch user.Belong {
 	case "oidc":
-		logoutAddr = rt.Sso.OIDC.GetSsoLogoutAddr()
+		logoutAddr = rt.Sso.OIDC.GetSsoLogoutAddr(idToken)
 	case "cas":
 		logoutAddr = rt.Sso.CAS.GetSsoLogoutAddr()
 	case "oauth2":
@@ -152,6 +174,13 @@ func (rt *Router) refreshPost(c *gin.Context) {
 			return
 		}

+		// 看这个 token 是否还存在 redis 中
+		val, err := rt.fetchAuth(c.Request.Context(), refreshUuid)
+		if err != nil || val == "" {
+			ginx.NewRender(c, http.StatusUnauthorized).Message("refresh token expired")
+			return
+		}
+
 		userIdentity, ok := claims["user_identity"].(string)
 		if !ok {
 			// Theoretically impossible
@@ -192,6 +221,14 @@ func (rt *Router) refreshPost(c *gin.Context) {
 		ginx.Dangerous(err)
 		ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))

+		// 延长 id_token 的过期时间，使其与新的 refresh token 生命周期保持一致
+		// 注意：这里不会获取新的 id_token，只是延长 Redis 中现有 id_token 的 TTL
+		if idToken, err := rt.fetchIdToken(c.Request.Context(), userid); err == nil && idToken != "" {
+			if err := rt.saveIdToken(c.Request.Context(), userid, idToken); err != nil {
+				logx.Debugf(c.Request.Context(), "refresh id_token ttl failed: %v, user_id: %d", err, userid)
+			}
+		}
+
 		ginx.NewRender(c).Data(gin.H{
 			"access_token":  ts.AccessToken,
 			"refresh_token": ts.RefreshToken,
@@ -239,12 +276,13 @@ type CallbackOutput struct {
 }

 func (rt *Router) loginCallback(c *gin.Context) {
+	rctx := c.Request.Context()
 	code := ginx.QueryStr(c, "code", "")
 	state := ginx.QueryStr(c, "state", "")

-	ret, err := rt.Sso.OIDC.Callback(rt.Redis, c.Request.Context(), code, state)
+	ret, err := rt.Sso.OIDC.Callback(rt.Redis, rctx, code, state)
 	if err != nil {
-		logger.Errorf("sso_callback fail. code:%s, state:%s, get ret: %+v. error: %v", code, state, ret, err)
+		logx.Errorf(rctx, "sso_callback fail. code:%s, state:%s, get ret: %+v. error: %v", code, state, ret, err)
 		ginx.NewRender(c).Data(CallbackOutput{}, err)
 		return
 	}
@@ -267,7 +305,7 @@ func (rt *Router) loginCallback(c *gin.Context) {
 			for _, gid := range rt.Sso.OIDC.DefaultTeams {
 				err = models.UserGroupMemberAdd(rt.Ctx, gid, user.Id)
 				if err != nil {
-					logger.Errorf("user:%v UserGroupMemberAdd: %s", user, err)
+					logx.Errorf(rctx, "user:%v UserGroupMemberAdd: %s", user, err)
 				}
 			}
 		}
@@ -277,7 +315,14 @@ func (rt *Router) loginCallback(c *gin.Context) {
 	userIdentity := fmt.Sprintf("%d-%s", user.Id, user.Username)
 	ts, err := rt.createTokens(rt.HTTP.JWTAuth.SigningKey, userIdentity)
 	ginx.Dangerous(err)
-	ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
+	ginx.Dangerous(rt.createAuth(rctx, userIdentity, ts))
+
+	// 保存 id_token 到 Redis，用于登出时使用
+	if ret.IdToken != "" {
+		if err := rt.saveIdToken(rctx, user.Id, ret.IdToken); err != nil {
+			logx.Errorf(rctx, "save id_token failed: %v, user_id: %d", err, user.Id)
+		}
+	}

 	redirect := "/"
 	if ret.Redirect != "/login" {
@@ -316,7 +361,7 @@ func (rt *Router) loginRedirectCas(c *gin.Context) {
 	}

 	if !rt.Sso.CAS.Enable {
-		logger.Error("cas is not enable")
+		logx.Errorf(c.Request.Context(), "cas is not enable")
 		ginx.NewRender(c).Data("", nil)
 		return
 	}
@@ -331,17 +376,18 @@ func (rt *Router) loginRedirectCas(c *gin.Context) {
 }

 func (rt *Router) loginCallbackCas(c *gin.Context) {
+	rctx := c.Request.Context()
 	ticket := ginx.QueryStr(c, "ticket", "")
 	state := ginx.QueryStr(c, "state", "")
-	ret, err := rt.Sso.CAS.ValidateServiceTicket(c.Request.Context(), ticket, state, rt.Redis)
+	ret, err := rt.Sso.CAS.ValidateServiceTicket(rctx, ticket, state, rt.Redis)
 	if err != nil {
-		logger.Errorf("ValidateServiceTicket: %s", err)
+		logx.Errorf(rctx, "ValidateServiceTicket: %s", err)
 		ginx.NewRender(c).Data("", err)
 		return
 	}
 	user, err := models.UserGet(rt.Ctx, "username=?", ret.Username)
 	if err != nil {
-		logger.Errorf("UserGet: %s", err)
+		logx.Errorf(rctx, "UserGet: %s", err)
 	}
 	ginx.Dangerous(err)
 	if user != nil {
@@ -360,10 +406,10 @@ func (rt *Router) loginCallbackCas(c *gin.Context) {
 	userIdentity := fmt.Sprintf("%d-%s", user.Id, user.Username)
 	ts, err := rt.createTokens(rt.HTTP.JWTAuth.SigningKey, userIdentity)
 	if err != nil {
-		logger.Errorf("createTokens: %s", err)
+		logx.Errorf(rctx, "createTokens: %s", err)
 	}
 	ginx.Dangerous(err)
-	ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
+	ginx.Dangerous(rt.createAuth(rctx, userIdentity, ts))

 	redirect := "/"
 	if ret.Redirect != "/login" {
@@ -406,13 +452,180 @@ func (rt *Router) loginRedirectOAuth(c *gin.Context) {
 	ginx.NewRender(c).Data(redirect, err)
 }

-func (rt *Router) loginCallbackOAuth(c *gin.Context) {
+func (rt *Router) loginRedirectDingTalk(c *gin.Context) {
+	redirect := ginx.QueryStr(c, "redirect", "/")
+
+	v, exists := c.Get("userid")
+	if exists {
+		userid := v.(int64)
+		user, err := models.UserGetById(rt.Ctx, userid)
+		ginx.Dangerous(err)
+		if user == nil {
+			ginx.Bomb(200, "user not found")
+		}
+
+		if user.Username != "" { // already login
+			ginx.NewRender(c).Data(redirect, nil)
+			return
+		}
+	}
+
+	if !rt.Sso.DingTalk.Enable {
+		ginx.NewRender(c).Data("", nil)
+		return
+	}
+
+	redirect, err := rt.Sso.DingTalk.Authorize(rt.Redis, redirect)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(redirect, err)
+}
+
+func (rt *Router) loginCallbackDingTalk(c *gin.Context) {
+	rctx := c.Request.Context()
 	code := ginx.QueryStr(c, "code", "")
 	state := ginx.QueryStr(c, "state", "")

-	ret, err := rt.Sso.OAuth2.Callback(rt.Redis, c.Request.Context(), code, state)
+	ret, err := rt.Sso.DingTalk.Callback(rt.Redis, rctx, code, state)
 	if err != nil {
-		logger.Debugf("sso.callback() get ret %+v error %v", ret, err)
+		logx.Errorf(rctx, "sso_callback DingTalk fail. code:%s, state:%s, get ret: %+v. error: %v", code, state, ret, err)
+		ginx.NewRender(c).Data(CallbackOutput{}, err)
+		return
+	}
+
+	user, err := models.UserGet(rt.Ctx, "username=?", ret.Username)
+	ginx.Dangerous(err)
+
+	if user != nil {
+		if rt.Sso.DingTalk.DingTalkConfig.CoverAttributes {
+			updatedFields := user.UpdateSsoFields(dingtalk.SsoTypeName, ret.Nickname, ret.Phone, ret.Email)
+			ginx.Dangerous(user.Update(rt.Ctx, "update_at", updatedFields...))
+		}
+	} else {
+		user = new(models.User)
+		user.FullSsoFields(dingtalk.SsoTypeName, ret.Username, ret.Nickname, ret.Phone, ret.Email, rt.Sso.DingTalk.DingTalkConfig.DefaultRoles)
+		// create user from dingtalk
+		ginx.Dangerous(user.Add(rt.Ctx))
+	}
+
+	// set user login state
+	userIdentity := fmt.Sprintf("%d-%s", user.Id, user.Username)
+	ts, err := rt.createTokens(rt.HTTP.JWTAuth.SigningKey, userIdentity)
+	ginx.Dangerous(err)
+	ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
+
+	redirect := "/"
+	if ret.Redirect != "/login" {
+		redirect = ret.Redirect
+	}
+
+	ginx.NewRender(c).Data(CallbackOutput{
+		Redirect:     redirect,
+		User:         user,
+		AccessToken:  ts.AccessToken,
+		RefreshToken: ts.RefreshToken,
+	}, nil)
+
+}
+
+func (rt *Router) loginRedirectFeiShu(c *gin.Context) {
+	redirect := ginx.QueryStr(c, "redirect", "/")
+
+	v, exists := c.Get("userid")
+	if exists {
+		userid := v.(int64)
+		user, err := models.UserGetById(rt.Ctx, userid)
+		ginx.Dangerous(err)
+		if user == nil {
+			ginx.Bomb(200, "user not found")
+		}
+
+		if user.Username != "" { // already login
+			ginx.NewRender(c).Data(redirect, nil)
+			return
+		}
+	}
+
+	if rt.Sso.FeiShu == nil || !rt.Sso.FeiShu.Enable {
+		ginx.NewRender(c).Data("", nil)
+		return
+	}
+
+	redirect, err := rt.Sso.FeiShu.Authorize(rt.Redis, redirect)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(redirect, err)
+}
+
+func (rt *Router) loginCallbackFeiShu(c *gin.Context) {
+	rctx := c.Request.Context()
+	code := ginx.QueryStr(c, "code", "")
+	state := ginx.QueryStr(c, "state", "")
+
+	ret, err := rt.Sso.FeiShu.Callback(rt.Redis, rctx, code, state)
+	if err != nil {
+		logx.Errorf(rctx, "sso_callback FeiShu fail. code:%s, state:%s, get ret: %+v. error: %v", code, state, ret, err)
+		ginx.NewRender(c).Data(CallbackOutput{}, err)
+		return
+	}
+
+	user, err := models.UserGet(rt.Ctx, "username=?", ret.Username)
+	ginx.Dangerous(err)
+
+	if user != nil {
+		if rt.Sso.FeiShu != nil && rt.Sso.FeiShu.FeiShuConfig != nil && rt.Sso.FeiShu.FeiShuConfig.CoverAttributes {
+			updatedFields := user.UpdateSsoFields(feishu.SsoTypeName, ret.Nickname, ret.Phone, ret.Email)
+			ginx.Dangerous(user.Update(rt.Ctx, "update_at", updatedFields...))
+		}
+	} else {
+		user = new(models.User)
+		defaultRoles := []string{}
+		defaultUserGroups := []int64{}
+		if rt.Sso.FeiShu != nil && rt.Sso.FeiShu.FeiShuConfig != nil {
+			defaultRoles = rt.Sso.FeiShu.FeiShuConfig.DefaultRoles
+			defaultUserGroups = rt.Sso.FeiShu.FeiShuConfig.DefaultUserGroups
+		}
+
+		user.FullSsoFields(feishu.SsoTypeName, ret.Username, ret.Nickname, ret.Phone, ret.Email, defaultRoles)
+		ginx.Dangerous(user.Add(rt.Ctx))
+
+		if len(defaultUserGroups) > 0 {
+			err = user.AddToUserGroups(rt.Ctx, defaultUserGroups)
+			if err != nil {
+				logx.Errorf(rctx, "sso feishu add user group error %v %v", ret, err)
+			}
+		}
+
+	}
+
+	// set user login state
+	userIdentity := fmt.Sprintf("%d-%s", user.Id, user.Username)
+	ts, err := rt.createTokens(rt.HTTP.JWTAuth.SigningKey, userIdentity)
+	ginx.Dangerous(err)
+	ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
+
+	redirect := "/"
+	if ret.Redirect != "/login" {
+		redirect = ret.Redirect
+	}
+
+	ginx.NewRender(c).Data(CallbackOutput{
+		Redirect:     redirect,
+		User:         user,
+		AccessToken:  ts.AccessToken,
+		RefreshToken: ts.RefreshToken,
+	}, nil)
+
+}
+
+func (rt *Router) loginCallbackOAuth(c *gin.Context) {
+	rctx := c.Request.Context()
+	code := ginx.QueryStr(c, "code", "")
+	state := ginx.QueryStr(c, "state", "")
+
+	ret, err := rt.Sso.OAuth2.Callback(rt.Redis, rctx, code, state)
+	if err != nil {
+		logx.Debugf(rctx, "sso.callback() get ret %+v error %v", ret, err)
 		ginx.NewRender(c).Data(CallbackOutput{}, err)
 		return
 	}
@@ -452,13 +665,15 @@ func (rt *Router) loginCallbackOAuth(c *gin.Context) {
 }

 type SsoConfigOutput struct {
-	OidcDisplayName  string `json:"oidcDisplayName"`
-	CasDisplayName   string `json:"casDisplayName"`
-	OauthDisplayName string `json:"oauthDisplayName"`
+	OidcDisplayName     string `json:"oidcDisplayName"`
+	CasDisplayName      string `json:"casDisplayName"`
+	OauthDisplayName    string `json:"oauthDisplayName"`
+	DingTalkDisplayName string `json:"dingTalkDisplayName"`
+	FeiShuDisplayName   string `json:"feishuDisplayName"`
 }

 func (rt *Router) ssoConfigNameGet(c *gin.Context) {
-	var oidcDisplayName, casDisplayName, oauthDisplayName string
+	var oidcDisplayName, casDisplayName, oauthDisplayName, dingTalkDisplayName, feiShuDisplayName string
 	if rt.Sso.OIDC != nil {
 		oidcDisplayName = rt.Sso.OIDC.GetDisplayName()
 	}
@@ -471,23 +686,117 @@ func (rt *Router) ssoConfigNameGet(c *gin.Context) {
 		oauthDisplayName = rt.Sso.OAuth2.GetDisplayName()
 	}

+	if rt.Sso.DingTalk != nil {
+		dingTalkDisplayName = rt.Sso.DingTalk.GetDisplayName()
+	}
+
+	if rt.Sso.FeiShu != nil {
+		feiShuDisplayName = rt.Sso.FeiShu.GetDisplayName()
+	}
+
 	ginx.NewRender(c).Data(SsoConfigOutput{
-		OidcDisplayName:  oidcDisplayName,
-		CasDisplayName:   casDisplayName,
-		OauthDisplayName: oauthDisplayName,
+		OidcDisplayName:     oidcDisplayName,
+		CasDisplayName:      casDisplayName,
+		OauthDisplayName:    oauthDisplayName,
+		DingTalkDisplayName: dingTalkDisplayName,
+		FeiShuDisplayName:   feiShuDisplayName,
 	}, nil)
 }

 func (rt *Router) ssoConfigGets(c *gin.Context) {
-	ginx.NewRender(c).Data(models.SsoConfigGets(rt.Ctx))
+	var ssoConfigs []models.SsoConfig
+	lst, err := models.SsoConfigGets(rt.Ctx)
+	ginx.Dangerous(err)
+	if len(lst) == 0 {
+		ginx.NewRender(c).Data(ssoConfigs, nil)
+		return
+	}
+
+	// TODO: dingTalkExist 为了兼容当前前端配置, 后期单点登陆统一调整后不在预先设置默认内容
+	dingTalkExist := false
+	feiShuExist := false
+	for _, config := range lst {
+		var ssoReqConfig models.SsoConfig
+		ssoReqConfig.Id = config.Id
+		ssoReqConfig.Name = config.Name
+		ssoReqConfig.UpdateAt = config.UpdateAt
+		switch config.Name {
+		case dingtalk.SsoTypeName:
+			dingTalkExist = true
+			err := json.Unmarshal([]byte(config.Content), &ssoReqConfig.SettingJson)
+			ginx.Dangerous(err)
+		case feishu.SsoTypeName:
+			feiShuExist = true
+			err := json.Unmarshal([]byte(config.Content), &ssoReqConfig.SettingJson)
+			ginx.Dangerous(err)
+		default:
+			ssoReqConfig.Content = config.Content
+		}
+
+		ssoConfigs = append(ssoConfigs, ssoReqConfig)
+	}
+	// TODO: dingTalkExist 为了兼容当前前端配置, 后期单点登陆统一调整后不在预先设置默认内容
+	if !dingTalkExist {
+		var ssoConfig models.SsoConfig
+		ssoConfig.Name = dingtalk.SsoTypeName
+		ssoConfigs = append(ssoConfigs, ssoConfig)
+	}
+	if !feiShuExist {
+		var ssoConfig models.SsoConfig
+		ssoConfig.Name = feishu.SsoTypeName
+		ssoConfigs = append(ssoConfigs, ssoConfig)
+	}
+
+	ginx.NewRender(c).Data(ssoConfigs, nil)
 }

 func (rt *Router) ssoConfigUpdate(c *gin.Context) {
 	var f models.SsoConfig
-	ginx.BindJSON(c, &f)
+	var ssoConfig models.SsoConfig
+	ginx.BindJSON(c, &ssoConfig)

-	err := f.Update(rt.Ctx)
-	ginx.Dangerous(err)
+	switch ssoConfig.Name {
+	case dingtalk.SsoTypeName:
+		f.Name = ssoConfig.Name
+		setting, err := json.Marshal(ssoConfig.SettingJson)
+		ginx.Dangerous(err)
+		f.Content = string(setting)
+		f.UpdateAt = time.Now().Unix()
+		sso, err := f.Query(rt.Ctx)
+		if !errors.Is(err, gorm.ErrRecordNotFound) {
+			ginx.Dangerous(err)
+		}
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			err = f.Create(rt.Ctx)
+		} else {
+			f.Id = sso.Id
+			err = f.Update(rt.Ctx)
+		}
+		ginx.Dangerous(err)
+	case feishu.SsoTypeName:
+		f.Name = ssoConfig.Name
+		setting, err := json.Marshal(ssoConfig.SettingJson)
+		ginx.Dangerous(err)
+		f.Content = string(setting)
+		f.UpdateAt = time.Now().Unix()
+		sso, err := f.Query(rt.Ctx)
+		if !errors.Is(err, gorm.ErrRecordNotFound) {
+			ginx.Dangerous(err)
+		}
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			err = f.Create(rt.Ctx)
+		} else {
+			f.Id = sso.Id
+			err = f.Update(rt.Ctx)
+		}
+		ginx.Dangerous(err)
+	default:
+		f.Id = ssoConfig.Id
+		f.Name = ssoConfig.Name
+		f.Content = ssoConfig.Content
+		err := f.Update(rt.Ctx)
+		ginx.Dangerous(err)
+	}

 	switch f.Name {
 	case "LDAP":
@@ -511,6 +820,22 @@ func (rt *Router) ssoConfigUpdate(c *gin.Context) {
 		err := toml.Unmarshal([]byte(f.Content), &config)
 		ginx.Dangerous(err)
 		rt.Sso.OAuth2.Reload(config)
+	case dingtalk.SsoTypeName:
+		var config dingtalk.Config
+		err := json.Unmarshal([]byte(f.Content), &config)
+		ginx.Dangerous(err)
+		if rt.Sso.DingTalk == nil {
+			rt.Sso.DingTalk = dingtalk.New(config)
+		}
+		rt.Sso.DingTalk.Reload(config)
+	case feishu.SsoTypeName:
+		var config feishu.Config
+		err := json.Unmarshal([]byte(f.Content), &config)
+		ginx.Dangerous(err)
+		if rt.Sso.FeiShu == nil {
+			rt.Sso.FeiShu = feishu.New(config)
+		}
+		rt.Sso.FeiShu.Reload(config)
 	}

 	ginx.NewRender(c).Message(nil)
--- a/center/router/router_message_template.go
+++ b/center/router/router_message_template.go
@@ -10,10 +10,12 @@ import (

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/slice"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
 	"github.com/ccfos/nightingale/v6/pkg/tplx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/str"
+	"github.com/google/uuid"
 )

 func (rt *Router) messageTemplatesAdd(c *gin.Context) {
@@ -30,9 +32,12 @@ func (rt *Router) messageTemplatesAdd(c *gin.Context) {
 	ginx.Dangerous(err)
 	now := time.Now().Unix()
 	for _, tpl := range lst {
+		// 生成一个唯一的标识符，以后也不允许修改，前端不需要传这个参数
+		tpl.Ident = uuid.New().String()
+
 		ginx.Dangerous(tpl.Verify())
 		if !isAdmin && !slice.HaveIntersection(gids, tpl.UserGroupIds) {
-			ginx.Bomb(http.StatusForbidden, "no permission")
+			ginx.Bomb(http.StatusForbidden, "forbidden")
 		}
 		idents = append(idents, tpl.Ident)

@@ -75,8 +80,8 @@ func (rt *Router) messageTemplatesDel(c *gin.Context) {
 		gids, err := models.MyGroupIds(rt.Ctx, me.Id)
 		ginx.Dangerous(err)
 		for _, t := range lst {
-			if !slice.HaveIntersection[int64](gids, t.UserGroupIds) {
-				ginx.Bomb(http.StatusForbidden, "no permission")
+			if !slice.HaveIntersection(gids, t.UserGroupIds) {
+				ginx.Bomb(http.StatusForbidden, "forbidden")
 			}
 		}
 	}
@@ -105,8 +110,8 @@ func (rt *Router) messageTemplatePut(c *gin.Context) {
 	if !me.IsAdmin() {
 		gids, err := models.MyGroupIds(rt.Ctx, me.Id)
 		ginx.Dangerous(err)
-		if !slice.HaveIntersection[int64](gids, mt.UserGroupIds) {
-			ginx.Bomb(http.StatusForbidden, "no permission")
+		if !slice.HaveIntersection(gids, mt.UserGroupIds) {
+			ginx.Bomb(http.StatusForbidden, "forbidden")
 		}
 	}

@@ -125,8 +130,8 @@ func (rt *Router) messageTemplateGet(c *gin.Context) {
 	if mt == nil {
 		ginx.Bomb(http.StatusNotFound, "message template not found")
 	}
-	if mt.Private == 1 && !slice.HaveIntersection[int64](gids, mt.UserGroupIds) {
-		ginx.Bomb(http.StatusForbidden, "no permission")
+	if mt.Private == 1 && !slice.HaveIntersection(gids, mt.UserGroupIds) {
+		ginx.Bomb(http.StatusForbidden, "forbidden")
 	}

 	ginx.NewRender(c).Data(mt, nil)
@@ -137,7 +142,7 @@ func (rt *Router) messageTemplatesGet(c *gin.Context) {
 	if tmp := ginx.QueryStr(c, "notify_channel_idents", ""); tmp != "" {
 		notifyChannelIdents = strings.Split(tmp, ",")
 	}
-	notifyChannelIds := str.IdsInt64(ginx.QueryStr(c, "notify_channel_ids", ""))
+	notifyChannelIds := strx.IdsInt64ForAPI(ginx.QueryStr(c, "notify_channel_ids", ""))
 	if len(notifyChannelIds) > 0 {
 		ginx.Dangerous(models.DB(rt.Ctx).Model(models.NotifyChannelConfig{}).
 			Where("id in (?)", notifyChannelIds).Pluck("ident", &notifyChannelIdents).Error)
@@ -149,6 +154,7 @@ func (rt *Router) messageTemplatesGet(c *gin.Context) {

 	lst, err := models.MessageTemplatesGetBy(rt.Ctx, notifyChannelIdents)
 	ginx.Dangerous(err)
+	models.FillUpdateByNicknames(rt.Ctx, lst)

 	if me.IsAdmin() {
 		ginx.NewRender(c).Data(lst, nil)
@@ -188,10 +194,9 @@ func (rt *Router) eventsMessage(c *gin.Context) {
 		events[i] = he.ToCur()
 	}

-	var defs = []string{
-		"{{$events := .}}",
-		"{{$event := index . 0}}",
-	}
+	renderData := make(map[string]interface{})
+	renderData["events"] = events
+	defs := models.GetDefs(renderData)
 	ret := make(map[string]string, len(req.Tpl.Content))
 	for k, v := range req.Tpl.Content {
 		text := strings.Join(append(defs, v), "")
@@ -202,7 +207,7 @@ func (rt *Router) eventsMessage(c *gin.Context) {
 		}

 		var buf bytes.Buffer
-		err = tpl.Execute(&buf, events)
+		err = tpl.Execute(&buf, renderData)
 		if err != nil {
 			ret[k] = err.Error()
 			continue
--- a/center/router/router_metric_desc.go
+++ b/center/router/router_metric_desc.go
@@ -2,9 +2,9 @@ package router

 import (
 	"github.com/ccfos/nightingale/v6/center/cconf"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func (rt *Router) metricsDescGetFile(c *gin.Context) {
--- a/center/router/router_metric_view.go
+++ b/center/router/router_metric_view.go
@@ -4,9 +4,9 @@ import (
 	"net/http"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 // no param
--- a/center/router/router_mute.go
+++ b/center/router/router_mute.go
@@ -6,23 +6,31 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/alert/common"
+	"github.com/ccfos/nightingale/v6/alert/mute"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/str"
+	"github.com/toolkits/pkg/i18n"
 )

 // Return all, front-end search and paging
 func (rt *Router) alertMuteGetsByBG(c *gin.Context) {
 	bgid := ginx.UrlParamInt64(c, "id")
-	lst, err := models.AlertMuteGetsByBG(rt.Ctx, bgid)
+	prods := strings.Fields(ginx.QueryStr(c, "prods", ""))
+	query := ginx.QueryStr(c, "query", "")
+	expired := ginx.QueryInt(c, "expired", -1)
+	lst, err := models.AlertMuteGets(rt.Ctx, prods, bgid, -1, expired, query)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, lst)
+	}

 	ginx.NewRender(c).Data(lst, err)
 }

 func (rt *Router) alertMuteGetsByGids(c *gin.Context) {
-	gids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	gids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	if len(gids) > 0 {
 		for _, gid := range gids {
 			rt.bgroCheck(c, gid)
@@ -42,6 +50,9 @@ func (rt *Router) alertMuteGetsByGids(c *gin.Context) {
 	}

 	lst, err := models.AlertMuteGetsByBGIds(rt.Ctx, gids)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, lst)
+	}

 	ginx.NewRender(c).Data(lst, err)
 }
@@ -51,11 +62,20 @@ func (rt *Router) alertMuteGets(c *gin.Context) {
 	bgid := ginx.QueryInt64(c, "bgid", -1)
 	query := ginx.QueryStr(c, "query", "")
 	disabled := ginx.QueryInt(c, "disabled", -1)
-	lst, err := models.AlertMuteGets(rt.Ctx, prods, bgid, disabled, query)
+	expired := ginx.QueryInt(c, "expired", -1)
+	lst, err := models.AlertMuteGets(rt.Ctx, prods, bgid, disabled, expired, query)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, lst)
+	}

 	ginx.NewRender(c).Data(lst, err)
 }

+func (rt *Router) activeAlertMuteGets(c *gin.Context) {
+	lst, err := models.AlertMuteGetsAll(rt.Ctx)
+	ginx.NewRender(c).Data(lst, err)
+}
+
 func (rt *Router) alertMuteAdd(c *gin.Context) {

 	var f models.AlertMute
@@ -63,8 +83,58 @@ func (rt *Router) alertMuteAdd(c *gin.Context) {

 	username := c.MustGet("username").(string)
 	f.CreateBy = username
+	f.UpdateBy = username
 	f.GroupId = ginx.UrlParamInt64(c, "id")
-	ginx.NewRender(c).Message(f.Add(rt.Ctx))
+
+	ginx.Dangerous(f.Add(rt.Ctx))
+	ginx.NewRender(c).Data(f.Id, nil)
+}
+
+type MuteTestForm struct {
+	EventId       int64            `json:"event_id" binding:"required"`
+	AlertMute     models.AlertMute `json:"config" binding:"required"`
+	PassTimeCheck bool             `json:"pass_time_check"`
+}
+
+func (rt *Router) alertMuteTryRun(c *gin.Context) {
+	var f MuteTestForm
+	ginx.BindJSON(c, &f)
+	ginx.Dangerous(f.AlertMute.Verify())
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	if f.PassTimeCheck {
+		f.AlertMute.MuteTimeType = models.Periodic
+		f.AlertMute.PeriodicMutesJson = []models.PeriodicMute{
+			{
+				EnableDaysOfWeek: "0 1 2 3 4 5 6",
+				EnableStime:      "00:00",
+				EnableEtime:      "00:00",
+			},
+		}
+	}
+
+	match, err := mute.MatchMute(&curEvent, &f.AlertMute)
+	if err != nil {
+		// 对错误信息进行 i18n 翻译
+		translatedErr := i18n.Sprintf(c.GetHeader("X-Language"), err.Error())
+		ginx.Bomb(http.StatusBadRequest, translatedErr)
+	}
+
+	if !match {
+		ginx.NewRender(c).Data("event not match mute", nil)
+		return
+	}
+
+	ginx.NewRender(c).Data("event match mute", nil)
 }

 // Preview events (alert_cur_event) that match the mute strategy based on the following criteria:
--- a/center/router/router_mw.go
+++ b/center/router/router_mw.go
@@ -9,12 +9,13 @@ import (
 	"strings"
 	"time"

+	"github.com/ccfos/nightingale/v6/center/cstats"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt"
 	"github.com/google/uuid"
-	"github.com/toolkits/pkg/ginx"
 )

 const (
@@ -335,6 +336,12 @@ func (rt *Router) extractTokenMetadata(r *http.Request) (*AccessDetails, error)
 			return nil, errors.New("failed to parse access_uuid from jwt")
 		}

+		// accessUuid 在 redis 里存在才放行
+		val, err := rt.fetchAuth(r.Context(), accessUuid)
+		if err != nil || val == "" {
+			return nil, errors.New("unauthorized")
+		}
+
 		return &AccessDetails{
 			AccessUuid:   accessUuid,
 			UserIdentity: claims["user_identity"].(string),
@@ -355,29 +362,72 @@ func (rt *Router) extractToken(r *http.Request) string {
 }

 func (rt *Router) createAuth(ctx context.Context, userIdentity string, td *TokenDetails) error {
+	username := strings.Split(userIdentity, "-")[1]
+
+	// 如果只能有一个账号登录，那么就删除之前的 token
+	if rt.HTTP.JWTAuth.SingleLogin {
+		delKeys, err := rt.Redis.SMembers(ctx, rt.wrapJwtKey(username)).Result()
+		if err != nil {
+			return err
+		}
+
+		if len(delKeys) > 0 {
+			errDel := rt.Redis.Del(ctx, delKeys...).Err()
+			if errDel != nil {
+				return errDel
+			}
+		}
+
+		if errDel := rt.Redis.Del(ctx, rt.wrapJwtKey(username)).Err(); errDel != nil {
+			return errDel
+		}
+	}
+
 	at := time.Unix(td.AtExpires, 0)
 	rte := time.Unix(td.RtExpires, 0)
 	now := time.Now()

-	errAccess := rt.Redis.Set(ctx, rt.wrapJwtKey(td.AccessUuid), userIdentity, at.Sub(now)).Err()
-	if errAccess != nil {
-		return errAccess
+	if err := rt.Redis.Set(ctx, rt.wrapJwtKey(td.AccessUuid), userIdentity, at.Sub(now)).Err(); err != nil {
+		cstats.RedisOperationLatency.WithLabelValues("set_token", "fail").Observe(time.Since(now).Seconds())
+		return err
 	}

-	errRefresh := rt.Redis.Set(ctx, rt.wrapJwtKey(td.RefreshUuid), userIdentity, rte.Sub(now)).Err()
-	if errRefresh != nil {
-		return errRefresh
+	if err := rt.Redis.Set(ctx, rt.wrapJwtKey(td.RefreshUuid), userIdentity, rte.Sub(now)).Err(); err != nil {
+		cstats.RedisOperationLatency.WithLabelValues("set_token", "fail").Observe(time.Since(now).Seconds())
+		return err
+	}
+
+	cstats.RedisOperationLatency.WithLabelValues("set_token", "success").Observe(time.Since(now).Seconds())
+
+	if rt.HTTP.JWTAuth.SingleLogin {
+		if err := rt.Redis.SAdd(ctx, rt.wrapJwtKey(username), rt.wrapJwtKey(td.AccessUuid), rt.wrapJwtKey(td.RefreshUuid)).Err(); err != nil {
+			return err
+		}
 	}

 	return nil
 }

 func (rt *Router) fetchAuth(ctx context.Context, givenUuid string) (string, error) {
-	return rt.Redis.Get(ctx, rt.wrapJwtKey(givenUuid)).Result()
+	now := time.Now()
+	ret, err := rt.Redis.Get(ctx, rt.wrapJwtKey(givenUuid)).Result()
+	if err != nil {
+		cstats.RedisOperationLatency.WithLabelValues("get_token", "fail").Observe(time.Since(now).Seconds())
+	} else {
+		cstats.RedisOperationLatency.WithLabelValues("get_token", "success").Observe(time.Since(now).Seconds())
+	}
+
+	return ret, err
 }

 func (rt *Router) deleteAuth(ctx context.Context, givenUuid string) error {
-	return rt.Redis.Del(ctx, rt.wrapJwtKey(givenUuid)).Err()
+	err := rt.Redis.Del(ctx, rt.wrapJwtKey(givenUuid)).Err()
+	if err != nil {
+		cstats.RedisOperationLatency.WithLabelValues("del_token", "fail").Observe(time.Since(time.Now()).Seconds())
+	} else {
+		cstats.RedisOperationLatency.WithLabelValues("del_token", "success").Observe(time.Since(time.Now()).Seconds())
+	}
+	return err
 }

 func (rt *Router) deleteTokens(ctx context.Context, authD *AccessDetails) error {
@@ -403,6 +453,30 @@ func (rt *Router) wrapJwtKey(key string) string {
 	return rt.HTTP.JWTAuth.RedisKeyPrefix + key
 }

+func (rt *Router) wrapIdTokenKey(userId int64) string {
+	return fmt.Sprintf("n9e_id_token_%d", userId)
+}
+
+// saveIdToken 保存用户的 id_token 到 Redis
+func (rt *Router) saveIdToken(ctx context.Context, userId int64, idToken string) error {
+	if idToken == "" {
+		return nil
+	}
+	// id_token 的过期时间应该与 RefreshToken 保持一致，确保在整个会话期间都可用于登出
+	expiration := time.Minute * time.Duration(rt.HTTP.JWTAuth.RefreshExpired)
+	return rt.Redis.Set(ctx, rt.wrapIdTokenKey(userId), idToken, expiration).Err()
+}
+
+// fetchIdToken 从 Redis 获取用户的 id_token
+func (rt *Router) fetchIdToken(ctx context.Context, userId int64) (string, error) {
+	return rt.Redis.Get(ctx, rt.wrapIdTokenKey(userId)).Result()
+}
+
+// deleteIdToken 从 Redis 删除用户的 id_token
+func (rt *Router) deleteIdToken(ctx context.Context, userId int64) error {
+	return rt.Redis.Del(ctx, rt.wrapIdTokenKey(userId)).Err()
+}
+
 type TokenDetails struct {
 	AccessToken  string
 	RefreshToken string
--- a/center/router/router_notification_record.go
+++ b/center/router/router_notification_record.go
@@ -6,9 +6,9 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/sender"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

@@ -33,7 +33,7 @@ type Record struct {

 // notificationRecordAdd
 func (rt *Router) notificationRecordAdd(c *gin.Context) {
-	var req []*models.NotificaitonRecord
+	var req []*models.NotificationRecord
 	ginx.BindJSON(c, &req)
 	err := sender.PushNotifyRecords(req)
 	ginx.Dangerous(err, 429)
@@ -43,14 +43,14 @@ func (rt *Router) notificationRecordAdd(c *gin.Context) {

 func (rt *Router) notificationRecordList(c *gin.Context) {
 	eid := ginx.UrlParamInt64(c, "eid")
-	lst, err := models.NotificaitonRecordsGetByEventId(rt.Ctx, eid)
+	lst, err := models.NotificationRecordsGetByEventId(rt.Ctx, eid)
 	ginx.Dangerous(err)

 	response := buildNotificationResponse(rt.Ctx, lst)
 	ginx.NewRender(c).Data(response, nil)
 }

-func buildNotificationResponse(ctx *ctx.Context, nl []*models.NotificaitonRecord) NotificationResponse {
+func buildNotificationResponse(ctx *ctx.Context, nl []*models.NotificationRecord) NotificationResponse {
 	response := NotificationResponse{
 		SubRules: []SubRule{},
 		Notifies: make(map[string][]Record),
--- a/center/router/router_notify_channel.go
+++ b/center/router/router_notify_channel.go
@@ -11,15 +11,12 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func (rt *Router) notifyChannelsAdd(c *gin.Context) {
 	me := c.MustGet("user").(*models.User)
-	if !me.IsAdmin() {
-		ginx.Bomb(http.StatusForbidden, "no permission")
-	}

 	var lst []*models.NotifyChannelConfig
 	ginx.BindJSON(c, &lst)
@@ -55,11 +52,6 @@ func (rt *Router) notifyChannelsAdd(c *gin.Context) {
 }

 func (rt *Router) notifyChannelsDel(c *gin.Context) {
-	me := c.MustGet("user").(*models.User)
-	if !me.IsAdmin() {
-		ginx.Bomb(http.StatusForbidden, "no permission")
-	}
-
 	var f idsForm
 	ginx.BindJSON(c, &f)
 	f.Verify()
@@ -79,9 +71,6 @@ func (rt *Router) notifyChannelsDel(c *gin.Context) {

 func (rt *Router) notifyChannelPut(c *gin.Context) {
 	me := c.MustGet("user").(*models.User)
-	if !me.IsAdmin() {
-		ginx.Bomb(http.StatusForbidden, "no permission")
-	}

 	var f models.NotifyChannelConfig
 	ginx.BindJSON(c, &f)
@@ -129,6 +118,9 @@ func (rt *Router) notifyChannelGetBy(c *gin.Context) {

 func (rt *Router) notifyChannelsGet(c *gin.Context) {
 	lst, err := models.NotifyChannelsGet(rt.Ctx, "", nil)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, lst)
+	}
 	ginx.NewRender(c).Data(lst, err)
 }

@@ -173,21 +165,6 @@ func (rt *Router) notifyChannelIdentsGet(c *gin.Context) {
 	ginx.NewRender(c).Data(lst, nil)
 }

-type flushDutyChannelsResponse struct {
-	Error struct {
-		Code    string `json:"code"`
-		Message string `json:"message"`
-	} `json:"error"`
-	Data struct {
-		Items []struct {
-			ChannelID   int    `json:"channel_id"`
-			ChannelName string `json:"channel_name"`
-			Status      string `json:"status"`
-		} `json:"items"`
-		Total int `json:"total"`
-	} `json:"data"`
-}
-
 func (rt *Router) flashDutyNotifyChannelsGet(c *gin.Context) {
 	cid := ginx.UrlParamInt64(c, "id")
 	nc, err := models.NotifyChannelGet(rt.Ctx, "id = ?", cid)
@@ -207,18 +184,31 @@ func (rt *Router) flashDutyNotifyChannelsGet(c *gin.Context) {
 		jsonData = []byte(fmt.Sprintf(`{"member_name":"%s","email":"%s","phone":"%s"}`, me.Username, me.Email, me.Phone))
 	}

-	items, err := getFlashDutyChannels(nc.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, jsonData)
+	items, err := getFlashDutyChannels(nc.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, jsonData, time.Duration(nc.RequestConfig.FlashDutyRequestConfig.Timeout)*time.Millisecond)
 	ginx.Dangerous(err)

 	ginx.NewRender(c).Data(items, nil)
 }

-// getFlashDutyChannels 从FlashDuty API获取频道列表
-func getFlashDutyChannels(integrationUrl string, jsonData []byte) ([]struct {
+type flushDutyChannelsResponse struct {
+	Error struct {
+		Code    string `json:"code"`
+		Message string `json:"message"`
+	} `json:"error"`
+	Data struct {
+		Items []FlashDutyChannel `json:"items"`
+		Total int                `json:"total"`
+	} `json:"data"`
+}
+
+type FlashDutyChannel struct {
 	ChannelID   int    `json:"channel_id"`
 	ChannelName string `json:"channel_name"`
 	Status      string `json:"status"`
-}, error) {
+}
+
+// getFlashDutyChannels 从FlashDuty API获取频道列表
+func getFlashDutyChannels(integrationUrl string, jsonData []byte, timeout time.Duration) ([]FlashDutyChannel, error) {
 	// 解析URL，提取baseUrl和参数
 	baseUrl, integrationKey, err := parseIntegrationUrl(integrationUrl)
 	if err != nil {
@@ -238,7 +228,9 @@ func getFlashDutyChannels(integrationUrl string, jsonData []byte) ([]struct {
 	}

 	req.Header.Set("Content-Type", "application/json")
-	httpResp, err := (&http.Client{}).Do(req)
+	httpResp, err := (&http.Client{
+		Timeout: timeout,
+	}).Do(req)
 	if err != nil {
 		return nil, err
 	}
@@ -277,3 +269,149 @@ func parseIntegrationUrl(urlStr string) (baseUrl string, integrationKey string,

 	return host, integrationKey, nil
 }
+
+func (rt *Router) pagerDutyNotifyServicesGet(c *gin.Context) {
+	cid := ginx.UrlParamInt64(c, "id")
+	nc, err := models.NotifyChannelGet(rt.Ctx, "id = ?", cid)
+	ginx.Dangerous(err)
+	if err != nil || nc == nil {
+		ginx.Bomb(http.StatusNotFound, "notify channel not found")
+	}
+
+	items, err := getPagerDutyServices(nc.RequestConfig.PagerDutyRequestConfig.ApiKey, time.Duration(nc.RequestConfig.PagerDutyRequestConfig.Timeout)*time.Millisecond)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, fmt.Sprintf("failed to get pagerduty services: %v", err))
+	}
+	// 服务: []集成，扁平化为服务-集成
+	var flattenedItems []map[string]string
+	for _, svc := range items {
+		for _, integ := range svc.Integrations {
+			flattenedItems = append(flattenedItems, map[string]string{
+				"service_id":          svc.ID,
+				"service_name":        svc.Name,
+				"integration_summary": integ.Summary,
+				"integration_id":      integ.ID,
+				"integration_url":     integ.Self,
+			})
+		}
+	}
+
+	ginx.NewRender(c).Data(flattenedItems, nil)
+}
+
+func (rt *Router) pagerDutyIntegrationKeyGet(c *gin.Context) {
+	serviceId := ginx.UrlParamStr(c, "service_id")
+	integrationId := ginx.UrlParamStr(c, "integration_id")
+	cid := ginx.UrlParamInt64(c, "id")
+	nc, err := models.NotifyChannelGet(rt.Ctx, "id = ?", cid)
+	ginx.Dangerous(err)
+	if err != nil || nc == nil {
+		ginx.Bomb(http.StatusNotFound, "notify channel not found")
+	}
+
+	integrationUrl := fmt.Sprintf("https://api.pagerduty.com/services/%s/integrations/%s", serviceId, integrationId)
+	integrationKey, err := getPagerDutyIntegrationKey(integrationUrl, nc.RequestConfig.PagerDutyRequestConfig.ApiKey, time.Duration(nc.RequestConfig.PagerDutyRequestConfig.Timeout)*time.Millisecond)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, fmt.Sprintf("failed to get pagerduty integration key: %v", err))
+	}
+
+	ginx.NewRender(c).Data(map[string]string{
+		"integration_key": integrationKey,
+	}, nil)
+}
+
+type PagerDutyIntegration struct {
+	ID             string `json:"id"`
+	IntegrationKey string `json:"integration_key"`
+	Self           string `json:"self"` // integration 的 API URL
+	Summary        string `json:"summary"`
+}
+
+type PagerDutyService struct {
+	Name         string                 `json:"name"`
+	ID           string                 `json:"id"`
+	Integrations []PagerDutyIntegration `json:"integrations"`
+}
+
+// getPagerDutyServices 从 PagerDuty API 分页获取所有服务及其集成信息
+func getPagerDutyServices(apiKey string, timeout time.Duration) ([]PagerDutyService, error) {
+	const limit = 100 // 每页最大数量
+	var offset uint   // 分页偏移量
+	var allServices []PagerDutyService
+
+	for {
+		// 构建带分页参数的 URL
+		url := fmt.Sprintf("https://api.pagerduty.com/services?limit=%d&offset=%d", limit, offset)
+
+		req, err := http.NewRequest("GET", url, nil)
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set("Authorization", fmt.Sprintf("Token token=%s", apiKey))
+		req.Header.Set("Accept", "application/vnd.pagerduty+json;version=2")
+
+		httpResp, err := (&http.Client{Timeout: timeout}).Do(req)
+		if err != nil {
+			return nil, err
+		}
+
+		body, err := io.ReadAll(httpResp.Body)
+		httpResp.Body.Close()
+		if err != nil {
+			return nil, err
+		}
+
+		// 定义包含分页信息的响应结构
+		var serviceRes struct {
+			Services []PagerDutyService `json:"services"`
+			More     bool               `json:"more"` // 是否还有更多数据
+			Limit    uint               `json:"limit"`
+			Offset   uint               `json:"offset"`
+		}
+
+		if err := json.Unmarshal(body, &serviceRes); err != nil {
+			return nil, err
+		}
+		allServices = append(allServices, serviceRes.Services...)
+		// 判断是否还有更多数据
+		if !serviceRes.More || len(serviceRes.Services) < int(limit) {
+			break
+		}
+		offset += limit // 准备请求下一页
+	}
+
+	return allServices, nil
+}
+
+// getPagerDutyIntegrationKey 通过 integration 的 API URL 获取 integration key
+func getPagerDutyIntegrationKey(integrationUrl, apiKey string, timeout time.Duration) (string, error) {
+	req, err := http.NewRequest("GET", integrationUrl, nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Token token=%s", apiKey))
+
+	httpResp, err := (&http.Client{
+		Timeout: timeout,
+	}).Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer httpResp.Body.Close()
+	body, err := io.ReadAll(httpResp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	var integRes struct {
+		Integration struct {
+			IntegrationKey string `json:"integration_key"`
+		} `json:"integration"`
+	}
+
+	if err := json.Unmarshal(body, &integRes); err != nil {
+		return "", err
+	}
+
+	return integRes.Integration.IntegrationKey, nil
+}
--- a/center/router/router_notify_channel_test.go
+++ b/center/router/router_notify_channel_test.go
@@ -11,7 +11,7 @@ func TestGetFlashDutyChannels(t *testing.T) {
 	jsonData := []byte(`{}`)

 	// 调用被测试的函数
-	channels, err := getFlashDutyChannels(integrationUrl, jsonData)
+	channels, err := getFlashDutyChannels(integrationUrl, jsonData, 5000)

 	fmt.Println(channels, err)
 }
--- a/center/router/router_notify_config.go
+++ b/center/router/router_notify_config.go
@@ -10,10 +10,10 @@ import (
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/tplx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
 	"github.com/pelletier/go-toml/v2"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/str"
 )

@@ -162,7 +162,7 @@ func (rt *Router) notifyConfigPut(c *gin.Context) {
 		ginx.Bomb(200, "key %s can not modify", f.Ckey)
 	}
 	username := c.MustGet("username").(string)
-	//insert or update build-in config
+	//insert or update built-in config
 	ginx.Dangerous(models.ConfigsSetWithUname(rt.Ctx, f.Ckey, f.Cval, username))
 	if f.Ckey == models.SMTP {
 		// 重置邮件发送器
@@ -219,8 +219,8 @@ func (rt *Router) notifyChannelConfigGets(c *gin.Context) {
 	id := ginx.QueryInt64(c, "id", 0)
 	name := ginx.QueryStr(c, "name", "")
 	ident := ginx.QueryStr(c, "ident", "")
-	eabled := ginx.QueryInt(c, "eabled", -1)
+	enabled := ginx.QueryInt(c, "enabled", -1)

-	notifyChannels, err := models.NotifyChannelGets(rt.Ctx, id, name, ident, eabled)
+	notifyChannels, err := models.NotifyChannelGets(rt.Ctx, id, name, ident, enabled)
 	ginx.NewRender(c).Data(notifyChannels, err)
 }
--- a/center/router/router_notify_rule.go
+++ b/center/router/router_notify_rule.go
@@ -6,12 +6,13 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/alert/dispatch"
+	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/slice"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/pkg/errors"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

@@ -31,7 +32,7 @@ func (rt *Router) notifyRulesAdd(c *gin.Context) {
 	for _, nr := range lst {
 		ginx.Dangerous(nr.Verify())
 		if !isAdmin && !slice.HaveIntersection(gids, nr.UserGroupIds) {
-			ginx.Bomb(http.StatusForbidden, "no permission")
+			ginx.Bomb(http.StatusForbidden, "forbidden")
 		}

 		nr.CreateBy = me.Username
@@ -56,8 +57,8 @@ func (rt *Router) notifyRulesDel(c *gin.Context) {
 		gids, err := models.MyGroupIds(rt.Ctx, me.Id)
 		ginx.Dangerous(err)
 		for _, t := range lst {
-			if !slice.HaveIntersection[int64](gids, t.UserGroupIds) {
-				ginx.Bomb(http.StatusForbidden, "no permission")
+			if !slice.HaveIntersection(gids, t.UserGroupIds) {
+				ginx.Bomb(http.StatusForbidden, "forbidden")
 			}
 		}
 	}
@@ -79,8 +80,8 @@ func (rt *Router) notifyRulePut(c *gin.Context) {
 	me := c.MustGet("user").(*models.User)
 	gids, err := models.MyGroupIds(rt.Ctx, me.Id)
 	ginx.Dangerous(err)
-	if !slice.HaveIntersection[int64](gids, nr.UserGroupIds) && !me.IsAdmin() {
-		ginx.Bomb(http.StatusForbidden, "no permission")
+	if !slice.HaveIntersection(gids, nr.UserGroupIds) && !me.IsAdmin() {
+		ginx.Bomb(http.StatusForbidden, "forbidden")
 	}

 	f.UpdateBy = me.Username
@@ -99,8 +100,8 @@ func (rt *Router) notifyRuleGet(c *gin.Context) {
 		ginx.Bomb(http.StatusNotFound, "notify rule not found")
 	}

-	if !slice.HaveIntersection[int64](gids, nr.UserGroupIds) && !me.IsAdmin() {
-		ginx.Bomb(http.StatusForbidden, "no permission")
+	if !slice.HaveIntersection(gids, nr.UserGroupIds) && !me.IsAdmin() {
+		ginx.Bomb(http.StatusForbidden, "forbidden")
 	}

 	ginx.NewRender(c).Data(nr, nil)
@@ -117,6 +118,7 @@ func (rt *Router) notifyRulesGet(c *gin.Context) {

 	lst, err := models.NotifyRulesGet(rt.Ctx, "", nil)
 	ginx.Dangerous(err)
+	models.FillUpdateByNicknames(rt.Ctx, lst)
 	if me.IsAdmin() {
 		ginx.NewRender(c).Data(lst, nil)
 		return
@@ -152,96 +154,138 @@ func (rt *Router) notifyTest(c *gin.Context) {
 	for _, he := range hisEvents {
 		event := he.ToCur()
 		event.SetTagsMap()
-		if dispatch.NotifyRuleApplicable(&f.NotifyConfig, event) {
-			events = append(events, event)
+		if err := dispatch.NotifyRuleMatchCheck(&f.NotifyConfig, event); err != nil {
+			ginx.Bomb(http.StatusBadRequest, err.Error())
 		}
+
+		events = append(events, event)
 	}

-	if len(events) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "not events applicable")
+	resp, err := SendNotifyChannelMessage(rt.Ctx, rt.UserCache, rt.UserGroupCache, f.NotifyConfig, events)
+	if resp == "" {
+		resp = "success"
+	}
+	ginx.NewRender(c).Data(resp, err)
+}
+
+func SendNotifyChannelMessage(ctx *ctx.Context, userCache *memsto.UserCacheType, userGroup *memsto.UserGroupCacheType, notifyConfig models.NotifyConfig, events []*models.AlertCurEvent) (string, error) {
+	notifyChannels, err := models.NotifyChannelGets(ctx, notifyConfig.ChannelID, "", "", -1)
+	if err != nil {
+		return "", fmt.Errorf("failed to get notify channels: %v", err)
 	}

-	notifyChannels, err := models.NotifyChannelGets(rt.Ctx, f.NotifyConfig.ChannelID, "", "", -1)
-	ginx.Dangerous(err)
 	if len(notifyChannels) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "notify channel not found")
+		return "", fmt.Errorf("notify channel not found")
 	}

 	notifyChannel := notifyChannels[0]
-
-	tplContent := make(map[string]interface{})
-	if notifyChannel.RequestType != "flashtudy" {
-		messageTemplates, err := models.MessageTemplateGets(rt.Ctx, f.NotifyConfig.TemplateID, "", "")
-		ginx.Dangerous(err)
-		if len(messageTemplates) == 0 {
-			ginx.Bomb(http.StatusBadRequest, "message template not found")
-		}
-		tplContent = messageTemplates[0].RenderEvent(events)
+	if !notifyChannel.Enable {
+		return "", fmt.Errorf("notify channel not enabled, please enable it first")
 	}

+	// 获取站点URL用于模板渲染
+	siteUrl, _ := models.ConfigsGetSiteUrl(ctx)
+	if siteUrl == "" {
+		siteUrl = "http://127.0.0.1:17000"
+	}
+
+	tplContent := make(map[string]interface{})
+	if notifyChannel.RequestType != "flashduty" {
+		messageTemplates, err := models.MessageTemplateGets(ctx, notifyConfig.TemplateID, "", "")
+		if err != nil {
+			return "", fmt.Errorf("failed to get message templates: %v", err)
+		}
+
+		if len(messageTemplates) == 0 {
+			return "", fmt.Errorf("message template not found")
+		}
+		tplContent = messageTemplates[0].RenderEvent(events, siteUrl)
+	}
 	var contactKey string
 	if notifyChannel.ParamConfig != nil && notifyChannel.ParamConfig.UserInfo != nil {
 		contactKey = notifyChannel.ParamConfig.UserInfo.ContactKey
 	}

-	sendtos, flashDutyChannelIDs, customParams := dispatch.GetNotifyConfigParams(&f.NotifyConfig, contactKey, rt.UserCache, rt.UserGroupCache)
+	sendtos, flashDutyChannelIDs, pagerDutyRoutingKeys, customParams := dispatch.GetNotifyConfigParams(&notifyConfig, contactKey, userCache, userGroup)

 	var resp string
 	switch notifyChannel.RequestType {
 	case "flashduty":
 		client, err := models.GetHTTPClient(notifyChannel)
-		ginx.Dangerous(err)
+		if err != nil {
+			return "", fmt.Errorf("failed to get http client: %v", err)
+		}

 		for i := range flashDutyChannelIDs {
 			resp, err = notifyChannel.SendFlashDuty(events, flashDutyChannelIDs[i], client)
 			if err != nil {
-				break
+				return "", fmt.Errorf("failed to send flashduty notify: %v", err)
 			}
 		}
-		logger.Infof("channel_name: %v, event:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, resp, err)
-		ginx.NewRender(c).Data(resp, err)
+		logger.Infof("channel_name: %v, event:%s, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0].Hash, tplContent, customParams, resp, err)
+		return resp, nil
+	case "pagerduty":
+		client, err := models.GetHTTPClient(notifyChannel)
+		if err != nil {
+			return "", fmt.Errorf("failed to get http client: %v", err)
+		}
+
+		for _, routingKey := range pagerDutyRoutingKeys {
+			resp, err = notifyChannel.SendPagerDuty(events, routingKey, siteUrl, client)
+			if err != nil {
+				return "", fmt.Errorf("failed to send pagerduty notify: %v", err)
+			}
+		}
+		logger.Infof("channel_name: %v, event:%s, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0].Hash, tplContent, customParams, resp, err)
+		return resp, nil
 	case "http":
 		client, err := models.GetHTTPClient(notifyChannel)
-		ginx.Dangerous(err)
+		if err != nil {
+			return "", fmt.Errorf("failed to get http client: %v", err)
+		}

 		if notifyChannel.RequestConfig == nil {
-			ginx.Bomb(http.StatusBadRequest, "request config not found")
+			return "", fmt.Errorf("request config is nil")
 		}

 		if notifyChannel.RequestConfig.HTTPRequestConfig == nil {
-			ginx.Bomb(http.StatusBadRequest, "http request config not found")
+			return "", fmt.Errorf("http request config is nil")
 		}

 		if dispatch.NeedBatchContacts(notifyChannel.RequestConfig.HTTPRequestConfig) || len(sendtos) == 0 {
 			resp, err = notifyChannel.SendHTTP(events, tplContent, customParams, sendtos, client)
-			logger.Infof("channel_name: %v, event:%+v, sendtos:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], sendtos, tplContent, customParams, resp, err)
+			logger.Infof("channel_name: %v, event:%s, sendtos:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0].Hash, sendtos, tplContent, customParams, resp, err)
 			if err != nil {
-				logger.Errorf("failed to send http notify: %v", err)
+				return "", fmt.Errorf("failed to send http notify: %v", err)
 			}
-			ginx.NewRender(c).Data(resp, err)
+			return resp, nil
 		} else {
 			for i := range sendtos {
 				resp, err = notifyChannel.SendHTTP(events, tplContent, customParams, []string{sendtos[i]}, client)
-				logger.Infof("channel_name: %v, event:%+v,  tplContent:%s, customParams:%v, sendto:%+v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, sendtos[i], resp, err)
+				logger.Infof("channel_name: %v, event:%s,  tplContent:%s, customParams:%v, sendto:%+v, respBody: %v, err: %v", notifyChannel.Name, events[0].Hash, tplContent, customParams, sendtos[i], resp, err)
 				if err != nil {
-					logger.Errorf("failed to send http notify: %v", err)
-					ginx.NewRender(c).Message(err)
-					return
+					return "", fmt.Errorf("failed to send http notify: %v", err)
 				}
 			}
-			ginx.NewRender(c).Message(err)
+			return resp, nil
 		}

 	case "smtp":
+		if len(sendtos) == 0 {
+			return "", fmt.Errorf("no valid email address in the user and team")
+		}
 		err := notifyChannel.SendEmailNow(events, tplContent, sendtos)
-		ginx.NewRender(c).Message(err)
+		if err != nil {
+			return "", fmt.Errorf("failed to send email notify: %v", err)
+		}
+		return resp, nil
 	case "script":
 		resp, _, err := notifyChannel.SendScript(events, tplContent, customParams, sendtos)
-		logger.Infof("channel_name: %v, event:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, resp, err)
-		ginx.NewRender(c).Data(resp, err)
+		logger.Infof("channel_name: %v, event:%s, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0].Hash, tplContent, customParams, resp, err)
+		return resp, err
 	default:
 		logger.Errorf("unsupported request type: %v", notifyChannel.RequestType)
-		ginx.NewRender(c).Message(errors.New("unsupported request type"))
+		return "", fmt.Errorf("unsupported request type")
 	}
 }

@@ -295,8 +339,8 @@ func (rt *Router) notifyRuleCustomParamsGet(c *gin.Context) {
 			filterKey := ""
 			for key, value := range nc.Params {
 				// 找到在通知媒介中的自定义变量配置项，进行 cname 转换
-				cname, exsits := keyMap[key]
-				if exsits {
+				cname, exists := keyMap[key]
+				if exists {
 					list = append(list, paramList{
 						Name:  key,
 						CName: cname,
--- a/center/router/router_notify_tpl.go
+++ b/center/router/router_notify_tpl.go
@@ -11,9 +11,9 @@ import (
 	"github.com/ccfos/nightingale/v6/center/cconf"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/tplx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/str"
 )

@@ -25,11 +25,14 @@ func (rt *Router) notifyTplGets(c *gin.Context) {
 	m[models.EmailSubject] = struct{}{}

 	lst, err := models.NotifyTplGets(rt.Ctx)
+	ginx.Dangerous(err)
+
 	for i := 0; i < len(lst); i++ {
 		if _, exists := m[lst[i].Channel]; exists {
 			lst[i].BuiltIn = true
 		}
 	}
+	models.FillUpdateByNicknames(rt.Ctx, lst)

 	ginx.NewRender(c).Data(lst, err)
 }
@@ -45,7 +48,7 @@ func (rt *Router) notifyTplUpdateContent(c *gin.Context) {
 	ginx.Dangerous(err)

 	if notifyTpl.CreateBy != user.Username && !user.IsAdmin() {
-		ginx.Bomb(403, "no permission")
+		ginx.Bomb(403, "forbidden")
 	}

 	f.UpdateAt = time.Now().Unix()
@@ -64,7 +67,7 @@ func (rt *Router) notifyTplUpdate(c *gin.Context) {
 	ginx.Dangerous(err)

 	if notifyTpl.CreateBy != user.Username && !user.IsAdmin() {
-		ginx.Bomb(403, "no permission")
+		ginx.Bomb(403, "forbidden")
 	}

 	// get the count of the same channel and name but different id
@@ -188,7 +191,7 @@ func (rt *Router) notifyTplDel(c *gin.Context) {
 	ginx.Dangerous(err)

 	if notifyTpl.CreateBy != user.Username && !user.IsAdmin() {
-		ginx.Bomb(403, "no permission")
+		ginx.Bomb(403, "forbidden")
 	}

 	ginx.NewRender(c).Message(f.NotifyTplDelete(rt.Ctx, id))
@@ -200,6 +203,9 @@ func (rt *Router) messageTemplateGets(c *gin.Context) {
 	ident := ginx.QueryStr(c, "ident", "")

 	tpls, err := models.MessageTemplateGets(rt.Ctx, id, name, ident)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, tpls)
+	}

 	ginx.NewRender(c).Data(tpls, err)
 }
--- a/center/router/router_opensearch.go
+++ b/center/router/router_opensearch.go
@@ -0,0 +1,58 @@
+package router
+
+import (
+	"github.com/ccfos/nightingale/v6/datasource/opensearch"
+	"github.com/ccfos/nightingale/v6/dscache"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/logger"
+)
+
+func (rt *Router) QueryOSIndices(c *gin.Context) {
+	var f IndexReq
+	ginx.BindJSON(c, &f)
+
+	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
+	if !exists {
+		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		ginx.Bomb(200, "cluster not exists")
+	}
+
+	indices, err := plug.(*opensearch.OpenSearch).QueryIndices()
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(indices, nil)
+}
+
+func (rt *Router) QueryOSFields(c *gin.Context) {
+	var f IndexReq
+	ginx.BindJSON(c, &f)
+
+	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
+	if !exists {
+		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		ginx.Bomb(200, "cluster not exists")
+	}
+
+	fields, err := plug.(*opensearch.OpenSearch).QueryFields([]string{f.Index})
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(fields, nil)
+}
+
+func (rt *Router) QueryOSVariable(c *gin.Context) {
+	var f FieldValueReq
+	ginx.BindJSON(c, &f)
+
+	plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
+	if !exists {
+		logger.Warningf("cluster:%d not exists", f.DatasourceId)
+		ginx.Bomb(200, "cluster not exists")
+	}
+
+	fields, err := plug.(*opensearch.OpenSearch).QueryFieldValue([]string{f.Index}, f.Query.Field, f.Query.Query)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(fields, nil)
+}
--- a/center/router/router_proxy.go
+++ b/center/router/router_proxy.go
@@ -2,21 +2,25 @@ package router

 import (
 	"context"
-	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"regexp"
+	"strconv"
 	"strings"
 	"sync"
 	"time"

+	"github.com/ccfos/nightingale/v6/pkg/logx"
+	"github.com/ccfos/nightingale/v6/pkg/poster"
 	pkgprom "github.com/ccfos/nightingale/v6/pkg/prom"
 	"github.com/ccfos/nightingale/v6/prom"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
 	"github.com/prometheus/common/model"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
+	"github.com/toolkits/pkg/net/httplib"
 )

 type QueryFormItem struct {
@@ -35,15 +39,16 @@ func (rt *Router) promBatchQueryRange(c *gin.Context) {
 	var f BatchQueryForm
 	ginx.Dangerous(c.BindJSON(&f))

-	lst, err := PromBatchQueryRange(rt.PromClients, f)
+	lst, err := PromBatchQueryRange(c.Request.Context(), rt.PromClients, f)
 	ginx.NewRender(c).Data(lst, err)
 }

-func PromBatchQueryRange(pc *prom.PromClientMap, f BatchQueryForm) ([]model.Value, error) {
+func PromBatchQueryRange(ctx context.Context, pc *prom.PromClientMap, f BatchQueryForm) ([]model.Value, error) {
 	var lst []model.Value

 	cli := pc.GetCli(f.DatasourceId)
 	if cli == nil {
+		logx.Warningf(ctx, "no such datasource id: %d", f.DatasourceId)
 		return lst, fmt.Errorf("no such datasource id: %d", f.DatasourceId)
 	}

@@ -54,8 +59,9 @@ func PromBatchQueryRange(pc *prom.PromClientMap, f BatchQueryForm) ([]model.Valu
 			Step:  time.Duration(item.Step) * time.Second,
 		}

-		resp, _, err := cli.QueryRange(context.Background(), item.Query, r)
+		resp, _, err := cli.QueryRange(ctx, item.Query, r)
 		if err != nil {
+			logx.Warningf(ctx, "query range error: query:%s err:%v", item.Query, err)
 			return lst, err
 		}

@@ -78,22 +84,23 @@ func (rt *Router) promBatchQueryInstant(c *gin.Context) {
 	var f BatchInstantForm
 	ginx.Dangerous(c.BindJSON(&f))

-	lst, err := PromBatchQueryInstant(rt.PromClients, f)
+	lst, err := PromBatchQueryInstant(c.Request.Context(), rt.PromClients, f)
 	ginx.NewRender(c).Data(lst, err)
 }

-func PromBatchQueryInstant(pc *prom.PromClientMap, f BatchInstantForm) ([]model.Value, error) {
+func PromBatchQueryInstant(ctx context.Context, pc *prom.PromClientMap, f BatchInstantForm) ([]model.Value, error) {
 	var lst []model.Value

 	cli := pc.GetCli(f.DatasourceId)
 	if cli == nil {
-		logger.Warningf("no such datasource id: %d", f.DatasourceId)
+		logx.Warningf(ctx, "no such datasource id: %d", f.DatasourceId)
 		return lst, fmt.Errorf("no such datasource id: %d", f.DatasourceId)
 	}

 	for _, item := range f.Queries {
-		resp, _, err := cli.Query(context.Background(), item.Query, time.Unix(item.Time, 0))
+		resp, _, err := cli.Query(ctx, item.Query, time.Unix(item.Time, 0))
 		if err != nil {
+			logx.Warningf(ctx, "query instant error: query:%s err:%v", item.Query, err)
 			return lst, err
 		}

@@ -144,6 +151,8 @@ func (rt *Router) dsProxy(c *gin.Context) {

 		if ds.AuthJson.BasicAuthUser != "" {
 			req.SetBasicAuth(ds.AuthJson.BasicAuthUser, ds.AuthJson.BasicAuthPassword)
+		} else {
+			req.Header.Del("Authorization")
 		}

 		headerCount := len(ds.HTTPJson.Headers)
@@ -163,8 +172,15 @@ func (rt *Router) dsProxy(c *gin.Context) {

 	transport, has := transportGet(dsId, ds.UpdatedAt)
 	if !has {
+		// 使用 TLS 配置（支持 mTLS）
+		tlsConfig, err := ds.HTTPJson.TLS.TLSConfig()
+		if err != nil {
+			c.String(http.StatusInternalServerError, "failed to create TLS config: %s", err.Error())
+			return
+		}
+
 		transport = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: ds.HTTPJson.TLS.SkipTlsVerify},
+			TLSClientConfig: tlsConfig,
 			Proxy:           http.ProxyFromEnvironment,
 			DialContext: (&net.Dialer{
 				Timeout: time.Duration(ds.HTTPJson.DialTimeout) * time.Millisecond,
@@ -177,7 +193,7 @@ func (rt *Router) dsProxy(c *gin.Context) {

 	modifyResponse := func(r *http.Response) error {
 		if r.StatusCode == http.StatusUnauthorized {
-			logger.Warningf("proxy path:%s unauthorized access ", c.Request.URL.Path)
+			logx.Warningf(c.Request.Context(), "proxy path:%s unauthorized access ", c.Request.URL.Path)
 			return fmt.Errorf("unauthorized access")
 		}

@@ -235,3 +251,94 @@ func transportPut(dsid, updatedat int64, tran http.RoundTripper) {
 	updatedAts[dsid] = updatedat
 	transportsLock.Unlock()
 }
+
+const (
+	DatasourceTypePrometheus      = "Prometheus"
+	DatasourceTypeVictoriaMetrics = "VictoriaMetrics"
+)
+
+type deleteDatasourceSeriesForm struct {
+	DatasourceID int64    `json:"datasource_id"`
+	Match        []string `json:"match"`
+	Start        string   `json:"start"`
+	End          string   `json:"end"`
+}
+
+func (rt *Router) deleteDatasourceSeries(c *gin.Context) {
+	var ddsf deleteDatasourceSeriesForm
+	ginx.BindJSON(c, &ddsf)
+	ds := rt.DatasourceCache.GetById(ddsf.DatasourceID)
+
+	if ds == nil {
+		ginx.Bomb(http.StatusBadRequest, "no such datasource")
+		return
+	}
+
+	// Get datasource type, now only support prometheus and victoriametrics
+	datasourceType, ok := ds.SettingsJson["prometheus.tsdb_type"]
+	if !ok {
+		ginx.Bomb(http.StatusBadRequest, "datasource type not found, please check your datasource settings")
+		return
+	}
+
+	target, err := ds.HTTPJson.ParseUrl()
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, "invalid urls: %s", ds.HTTPJson.GetUrls())
+		return
+	}
+
+	timeout := time.Duration(ds.HTTPJson.DialTimeout) * time.Millisecond
+	matchQueries := make([]string, 0)
+	for _, match := range ddsf.Match {
+		matchQueries = append(matchQueries, fmt.Sprintf("match[]=%s", match))
+	}
+	matchQuery := strings.Join(matchQueries, "&")
+
+	switch datasourceType {
+	case DatasourceTypePrometheus:
+		// Prometheus delete api need POST method
+		// https://prometheus.io/docs/prometheus/latest/querying/api/#delete-series
+		url := fmt.Sprintf("http://%s/api/v1/admin/tsdb/delete_series?%s&start=%s&end=%s", target.Host, matchQuery, ddsf.Start, ddsf.End)
+		go func() {
+			resp, _, err := poster.PostJSON(url, timeout, nil)
+			if err != nil {
+				logger.Errorf("delete series error datasource_id: %d, datasource_name: %s, match: %s, start: %s, end: %s, err: %v",
+					ddsf.DatasourceID, ds.Name, ddsf.Match, ddsf.Start, ddsf.End, err)
+				return
+			}
+			logger.Infof("delete datasource series datasource_id: %d, datasource_name: %s, match: %s, start: %s, end: %s, respBody: %s",
+				ddsf.DatasourceID, ds.Name, ddsf.Match, ddsf.Start, ddsf.End, string(resp))
+		}()
+	case DatasourceTypeVictoriaMetrics:
+		// Delete API doesn’t support the deletion of specific time ranges.
+		// Refer: https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#how-to-delete-time-series
+		var url string
+		// Check VictoriaMetrics is single node or cluster
+		// Cluster will have /select/<accountID>/prometheus pattern
+		re := regexp.MustCompile(`/select/(\d+)/prometheus`)
+		matches := re.FindStringSubmatch(ds.HTTPJson.Url)
+		if len(matches) > 0 && matches[1] != "" {
+			accountID, err := strconv.Atoi(matches[1])
+			if err != nil {
+				ginx.Bomb(http.StatusInternalServerError, "invalid accountID: %s", matches[1])
+			}
+			url = fmt.Sprintf("http://%s/delete/%d/prometheus/api/v1/admin/tsdb/delete_series?%s", target.Host, accountID, matchQuery)
+		} else {
+			url = fmt.Sprintf("http://%s/api/v1/admin/tsdb/delete_series?%s", target.Host, matchQuery)
+		}
+		go func() {
+			resp, err := httplib.Get(url).SetTimeout(timeout).Response()
+			if err != nil {
+				logger.Errorf("delete series failed | datasource_id: %d, datasource_name: %s, match: %s, start: %s, end: %s, err: %v",
+					ddsf.DatasourceID, ds.Name, ddsf.Match, ddsf.Start, ddsf.End, err)
+				return
+			}
+			logger.Infof("sending delete series request | datasource_id: %d, datasource_name: %s, match: %s, start: %s, end: %s, respBody: %s",
+				ddsf.DatasourceID, ds.Name, ddsf.Match, ddsf.Start, ddsf.End, resp.Body)
+		}()
+	default:
+		ginx.Bomb(http.StatusBadRequest, "not support delete series yet")
+	}
+
+	ginx.NewRender(c).Data(nil, nil)
+}
--- a/center/router/router_query.go
+++ b/center/router/router_query.go
@@ -3,15 +3,19 @@ package router
 import (
 	"fmt"
 	"sort"
+	"sync"

+	"github.com/ccfos/nightingale/v6/alert/eval"
 	"github.com/ccfos/nightingale/v6/dscache"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/logx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/logger"
 )

-func CheckDsPerm(c *gin.Context, dsId int64, cate string, q interface{}) bool {
+type CheckDsPermFunc func(c *gin.Context, dsId int64, cate string, q interface{}) bool
+
+var CheckDsPerm CheckDsPermFunc = func(c *gin.Context, dsId int64, cate string, q interface{}) bool {
 	// todo: 后续需要根据 cate 判断是否需要权限
 	return true
 }
@@ -38,71 +42,125 @@ type LogResp struct {
 	List  []interface{} `json:"list"`
 }

-func (rt *Router) QueryLogBatch(c *gin.Context) {
-	var f QueryFrom
-	ginx.BindJSON(c, &f)
-
+func QueryLogBatchConcurrently(anonymousAccess bool, ctx *gin.Context, f QueryFrom) (LogResp, error) {
 	var resp LogResp
-	var errMsg string
+	var mu sync.Mutex
+	var wg sync.WaitGroup
+	var errs []error
+	rctx := ctx.Request.Context()
+
 	for _, q := range f.Queries {
-		if !rt.Center.AnonymousAccess.PromQuerier && !CheckDsPerm(c, q.Did, q.DsCate, q) {
-			ginx.Bomb(200, "no permission")
+		if !anonymousAccess && !CheckDsPerm(ctx, q.Did, q.DsCate, q) {
+			return LogResp{}, fmt.Errorf("forbidden")
 		}

 		plug, exists := dscache.DsCache.Get(q.DsCate, q.Did)
 		if !exists {
-			logger.Warningf("cluster:%d not exists query:%+v", q.Did, q)
-			ginx.Bomb(200, "cluster not exists")
+			logx.Warningf(rctx, "cluster:%d not exists query:%+v", q.Did, q)
+			return LogResp{}, fmt.Errorf("cluster not exists")
 		}

-		data, total, err := plug.QueryLog(c.Request.Context(), q.Query)
+		// 根据数据源类型对 Query 进行模板渲染处理
+		err := eval.ExecuteQueryTemplate(q.DsCate, q.Query, nil)
 		if err != nil {
-			errMsg += fmt.Sprintf("query data error: %v query:%v\n ", err, q)
-			logger.Warningf("query data error: %v query:%v", err, q)
-			continue
+			logx.Warningf(rctx, "query template execute error: %v", err)
+			return LogResp{}, fmt.Errorf("query template execute error: %v", err)
 		}

-		m := make(map[string]interface{})
-		m["ref"] = q.Ref
-		m["ds_id"] = q.Did
-		m["ds_cate"] = q.DsCate
-		m["data"] = data
-		resp.List = append(resp.List, m)
-		resp.Total += total
+		wg.Add(1)
+		go func(query Query) {
+			defer wg.Done()
+
+			data, total, err := plug.QueryLog(rctx, query.Query)
+			mu.Lock()
+			defer mu.Unlock()
+			if err != nil {
+				errMsg := fmt.Sprintf("query data error: %v query:%v\n ", err, query)
+				logx.Warningf(rctx, "%s", errMsg)
+				errs = append(errs, err)
+				return
+			}
+
+			m := make(map[string]interface{})
+			m["ref"] = query.Ref
+			m["ds_id"] = query.Did
+			m["ds_cate"] = query.DsCate
+			m["data"] = data
+
+			resp.List = append(resp.List, m)
+			resp.Total += total
+		}(q)
 	}

-	if errMsg != "" || len(resp.List) == 0 {
-		ginx.Bomb(200, errMsg)
+	wg.Wait()
+
+	if len(errs) > 0 {
+		return LogResp{}, errs[0]
+	}
+
+	if len(resp.List) == 0 {
+		return LogResp{}, fmt.Errorf("no data")
+	}
+
+	return resp, nil
+}
+
+func (rt *Router) QueryLogBatch(c *gin.Context) {
+	var f QueryFrom
+	ginx.BindJSON(c, &f)
+
+	resp, err := QueryLogBatchConcurrently(rt.Center.AnonymousAccess.PromQuerier, c, f)
+	if err != nil {
+		ginx.Bomb(200, "err:%v", err)
 	}

 	ginx.NewRender(c).Data(resp, nil)
 }

-func (rt *Router) QueryData(c *gin.Context) {
-	var f models.QueryParam
-	ginx.BindJSON(c, &f)
-
+func QueryDataConcurrently(anonymousAccess bool, ctx *gin.Context, f models.QueryParam) ([]models.DataResp, error) {
 	var resp []models.DataResp
-	var err error
-	for _, q := range f.Querys {
-		if !rt.Center.AnonymousAccess.PromQuerier && !CheckDsPerm(c, f.DatasourceId, f.Cate, q) {
-			ginx.Bomb(403, "no permission")
+	var mu sync.Mutex
+	var wg sync.WaitGroup
+	var errs []error
+	rctx := ctx.Request.Context()
+
+	for _, q := range f.Queries {
+		if !anonymousAccess && !CheckDsPerm(ctx, f.DatasourceId, f.Cate, q) {
+			return nil, fmt.Errorf("forbidden")
 		}

 		plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
 		if !exists {
-			logger.Warningf("cluster:%d not exists", f.DatasourceId)
-			ginx.Bomb(200, "cluster not exists")
+			logx.Warningf(rctx, "cluster:%d not exists", f.DatasourceId)
+			return nil, fmt.Errorf("cluster not exists")
 		}
-		var datas []models.DataResp
-		datas, err = plug.QueryData(c.Request.Context(), q)
-		if err != nil {
-			logger.Warningf("query data error: req:%+v err:%v", q, err)
-			ginx.Bomb(200, "err:%v", err)
-		}
-		logger.Debugf("query data: req:%+v resp:%+v", q, datas)
-		resp = append(resp, datas...)
+
+		wg.Add(1)
+		go func(query interface{}) {
+			defer wg.Done()
+
+			data, err := plug.QueryData(rctx, query)
+			if err != nil {
+				logx.Warningf(rctx, "query data error: req:%+v err:%v", query, err)
+				mu.Lock()
+				errs = append(errs, err)
+				mu.Unlock()
+				return
+			}
+
+			logx.Debugf(rctx, "query data: req:%+v resp:%+v", query, data)
+			mu.Lock()
+			resp = append(resp, data...)
+			mu.Unlock()
+		}(q)
 	}
+
+	wg.Wait()
+
+	if len(errs) > 0 {
+		return nil, errs[0]
+	}
+
 	// 面向API的统一处理
 	// 按照 .Metric 排序
 	// 确保仪表盘中相同图例的曲线颜色相同
@@ -115,62 +173,103 @@ func (rt *Router) QueryData(c *gin.Context) {
 		})
 	}

-	ginx.NewRender(c).Data(resp, err)
+	return resp, nil
+}
+
+func (rt *Router) QueryData(c *gin.Context) {
+	var f models.QueryParam
+	ginx.BindJSON(c, &f)
+
+	resp, err := QueryDataConcurrently(rt.Center.AnonymousAccess.PromQuerier, c, f)
+	if err != nil {
+		ginx.Bomb(200, "err:%v", err)
+	}
+
+	ginx.NewRender(c).Data(resp, nil)
+}
+
+// QueryLogConcurrently 并发查询日志
+func QueryLogConcurrently(anonymousAccess bool, ctx *gin.Context, f models.QueryParam) (LogResp, error) {
+	var resp LogResp
+	var mu sync.Mutex
+	var wg sync.WaitGroup
+	var errs []error
+	rctx := ctx.Request.Context()
+
+	for _, q := range f.Queries {
+		if !anonymousAccess && !CheckDsPerm(ctx, f.DatasourceId, f.Cate, q) {
+			return LogResp{}, fmt.Errorf("forbidden")
+		}
+
+		plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
+		if !exists {
+			logx.Warningf(rctx, "cluster:%d not exists query:%+v", f.DatasourceId, f)
+			return LogResp{}, fmt.Errorf("cluster not exists")
+		}
+
+		wg.Add(1)
+		go func(query interface{}) {
+			defer wg.Done()
+
+			data, total, err := plug.QueryLog(rctx, query)
+			logx.Debugf(rctx, "query log: req:%+v resp:%+v", query, data)
+			if err != nil {
+				errMsg := fmt.Sprintf("query data error: %v query:%v\n ", err, query)
+				logx.Warningf(rctx, "%s", errMsg)
+				mu.Lock()
+				errs = append(errs, err)
+				mu.Unlock()
+				return
+			}
+
+			mu.Lock()
+			resp.List = append(resp.List, data...)
+			resp.Total += total
+			mu.Unlock()
+		}(q)
+	}
+
+	wg.Wait()
+
+	if len(errs) > 0 {
+		return LogResp{}, errs[0]
+	}
+
+	if len(resp.List) == 0 {
+		return LogResp{}, fmt.Errorf("no data")
+	}
+
+	return resp, nil
 }

 func (rt *Router) QueryLogV2(c *gin.Context) {
 	var f models.QueryParam
 	ginx.BindJSON(c, &f)

-	var resp LogResp
-	var errMsg string
-	for _, q := range f.Querys {
-		if !rt.Center.AnonymousAccess.PromQuerier && !CheckDsPerm(c, f.DatasourceId, f.Cate, q) {
-			ginx.Bomb(200, "no permission")
-		}
-
-		plug, exists := dscache.DsCache.Get(f.Cate, f.DatasourceId)
-		if !exists {
-			logger.Warningf("cluster:%d not exists query:%+v", f.DatasourceId, f)
-			ginx.Bomb(200, "cluster not exists")
-		}
-
-		data, total, err := plug.QueryLog(c.Request.Context(), q)
-		if err != nil {
-			errMsg += fmt.Sprintf("query data error: %v query:%v\n ", err, q)
-			logger.Warningf("query data error: %v query:%v", err, q)
-			continue
-		}
-		resp.List = append(resp.List, data...)
-		resp.Total += total
-	}
-
-	if errMsg != "" || len(resp.List) == 0 {
-		ginx.Bomb(200, errMsg)
-	}
-
-	ginx.NewRender(c).Data(resp, nil)
+	resp, err := QueryLogConcurrently(rt.Center.AnonymousAccess.PromQuerier, c, f)
+	ginx.NewRender(c).Data(resp, err)
 }

 func (rt *Router) QueryLog(c *gin.Context) {
 	var f models.QueryParam
 	ginx.BindJSON(c, &f)
+	rctx := c.Request.Context()

 	var resp []interface{}
-	for _, q := range f.Querys {
+	for _, q := range f.Queries {
 		if !rt.Center.AnonymousAccess.PromQuerier && !CheckDsPerm(c, f.DatasourceId, f.Cate, q) {
-			ginx.Bomb(200, "no permission")
+			ginx.Bomb(200, "forbidden")
 		}

 		plug, exists := dscache.DsCache.Get("elasticsearch", f.DatasourceId)
 		if !exists {
-			logger.Warningf("cluster:%d not exists", f.DatasourceId)
+			logx.Warningf(rctx, "cluster:%d not exists", f.DatasourceId)
 			ginx.Bomb(200, "cluster not exists")
 		}

-		data, _, err := plug.QueryLog(c.Request.Context(), q)
+		data, _, err := plug.QueryLog(rctx, q)
 		if err != nil {
-			logger.Warningf("query data error: %v", err)
+			logx.Warningf(rctx, "query data error: %v", err)
 			ginx.Bomb(200, "err:%v", err)
 			continue
 		}
--- a/center/router/router_recording_rule.go
+++ b/center/router/router_recording_rule.go
@@ -6,20 +6,23 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/str"
 )

 func (rt *Router) recordingRuleGets(c *gin.Context) {
 	busiGroupId := ginx.UrlParamInt64(c, "id")
 	ars, err := models.RecordingRuleGets(rt.Ctx, busiGroupId)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, ars)
+	}
 	ginx.NewRender(c).Data(ars, err)
 }

 func (rt *Router) recordingRuleGetsByGids(c *gin.Context) {
-	gids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	gids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	if len(gids) > 0 {
 		for _, gid := range gids {
 			rt.bgroCheck(c, gid)
@@ -39,6 +42,9 @@ func (rt *Router) recordingRuleGetsByGids(c *gin.Context) {
 	}

 	ars, err := models.RecordingRuleGetsByBGIds(rt.Ctx, gids)
+	if err == nil {
+		models.FillUpdateByNicknames(rt.Ctx, ars)
+	}
 	ginx.NewRender(c).Data(ars, err)
 }

@@ -112,6 +118,7 @@ func (rt *Router) recordingRulePutByFE(c *gin.Context) {
 	}

 	rt.bgrwCheck(c, ar.GroupId)
+	rt.bgroCheck(c, f.GroupId)

 	f.UpdateBy = c.MustGet("username").(string)
 	ginx.NewRender(c).Message(ar.Update(rt.Ctx, f))
@@ -149,6 +156,12 @@ func (rt *Router) recordingRulePutFields(c *gin.Context) {
 		f.Fields["datasource_queries"] = string(bytes)
 	}

+	if datasourceIds, ok := f.Fields["datasource_ids"]; ok {
+		bytes, err := json.Marshal(datasourceIds)
+		ginx.Dangerous(err)
+		f.Fields["datasource_ids"] = string(bytes)
+	}
+
 	for i := 0; i < len(f.Ids); i++ {
 		ar, err := models.RecordingRuleGetById(rt.Ctx, f.Ids[i])
 		ginx.Dangerous(err)
--- a/center/router/router_role.go
+++ b/center/router/router_role.go
@@ -6,9 +6,9 @@ import (

 	"github.com/ccfos/nightingale/v6/center/cconf"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func (rt *Router) rolesGets(c *gin.Context) {
--- a/center/router/router_role_operation.go
+++ b/center/router/router_role_operation.go
@@ -5,8 +5,8 @@ import (

 	"github.com/ccfos/nightingale/v6/center/cconf"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
 )

--- a/center/router/router_saved_view.go
+++ b/center/router/router_saved_view.go
@@ -0,0 +1,145 @@
+package router
+
+import (
+	"net/http"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/slice"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+
+	"github.com/gin-gonic/gin"
+)
+
+func (rt *Router) savedViewGets(c *gin.Context) {
+	page := ginx.QueryStr(c, "page", "")
+
+	me := c.MustGet("user").(*models.User)
+
+	lst, err := models.SavedViewGets(rt.Ctx, page)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+	models.FillUpdateByNicknames(rt.Ctx, lst)
+
+	userGids, err := models.MyGroupIds(rt.Ctx, me.Id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+
+	favoriteMap, err := models.SavedViewFavoriteGetByUserId(rt.Ctx, me.Id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+
+	favoriteViews := make([]models.SavedView, 0)
+	normalViews := make([]models.SavedView, 0)
+
+	for _, view := range lst {
+		visible := view.CreateBy == me.Username ||
+			view.PublicCate == 2 ||
+			(view.PublicCate == 1 && slice.HaveIntersection[int64](userGids, view.Gids))
+
+		if !visible {
+			continue
+		}
+
+		view.IsFavorite = favoriteMap[view.Id]
+
+		// 收藏的排前面
+		if view.IsFavorite {
+			favoriteViews = append(favoriteViews, view)
+		} else {
+			normalViews = append(normalViews, view)
+		}
+	}
+
+	ginx.NewRender(c).Data(append(favoriteViews, normalViews...), nil)
+}
+
+func (rt *Router) savedViewAdd(c *gin.Context) {
+	var f models.SavedView
+	ginx.BindJSON(c, &f)
+
+	me := c.MustGet("user").(*models.User)
+	f.Id = 0
+	f.CreateBy = me.Username
+	f.UpdateBy = me.Username
+
+	err := models.SavedViewAdd(rt.Ctx, &f)
+	ginx.NewRender(c).Data(f.Id, err)
+}
+
+func (rt *Router) savedViewPut(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+
+	view, err := models.SavedViewGetById(rt.Ctx, id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+	if view == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("saved view not found")
+		return
+	}
+
+	me := c.MustGet("user").(*models.User)
+	// 只有创建者可以更新
+	if view.CreateBy != me.Username && !me.IsAdmin() {
+		ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
+		return
+	}
+
+	var f models.SavedView
+	ginx.BindJSON(c, &f)
+
+	view.Name = f.Name
+	view.Filter = f.Filter
+	view.PublicCate = f.PublicCate
+	view.Gids = f.Gids
+
+	err = models.SavedViewUpdate(rt.Ctx, view, me.Username)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) savedViewDel(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+
+	view, err := models.SavedViewGetById(rt.Ctx, id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+	if view == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("saved view not found")
+		return
+	}
+
+	me := c.MustGet("user").(*models.User)
+	// 只有创建者或管理员可以删除
+	if view.CreateBy != me.Username && !me.IsAdmin() {
+		ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
+		return
+	}
+
+	err = models.SavedViewDel(rt.Ctx, id)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) savedViewFavoriteAdd(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+	me := c.MustGet("user").(*models.User)
+
+	err := models.UserViewFavoriteAdd(rt.Ctx, id, me.Id)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) savedViewFavoriteDel(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+	me := c.MustGet("user").(*models.User)
+
+	err := models.UserViewFavoriteDel(rt.Ctx, id, me.Id)
+	ginx.NewRender(c).Message(err)
+}
--- a/center/router/router_self.go
+++ b/center/router/router_self.go
@@ -5,10 +5,10 @@ import (
 	"github.com/ccfos/nightingale/v6/pkg/flashduty"
 	"github.com/ccfos/nightingale/v6/pkg/ormx"
 	"github.com/ccfos/nightingale/v6/pkg/secu"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/google/uuid"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )

--- a/center/router/router_server.go
+++ b/center/router/router_server.go
@@ -4,9 +4,9 @@ import (
 	"time"

 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
-	"github.com/toolkits/pkg/ginx"
 )

 func (rt *Router) serversGet(c *gin.Context) {
--- a/center/router/router_source_token.go
+++ b/center/router/router_source_token.go
@@ -0,0 +1,36 @@
+package router
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
+	"github.com/google/uuid"
+
+	"github.com/gin-gonic/gin"
+)
+
+// sourceTokenAdd 生成新的源令牌
+func (rt *Router) sourceTokenAdd(c *gin.Context) {
+	var f models.SourceToken
+	ginx.BindJSON(c, &f)
+
+	if f.ExpireAt > 0 && f.ExpireAt <= time.Now().Unix() {
+		ginx.Bomb(http.StatusBadRequest, "expire time must be in the future")
+	}
+
+	token := uuid.New().String()
+
+	username := c.MustGet("username").(string)
+
+	f.Token = token
+	f.CreateBy = username
+	f.CreateAt = time.Now().Unix()
+
+	err := f.Add(rt.Ctx)
+	ginx.Dangerous(err)
+
+	go models.CleanupExpiredTokens(rt.Ctx)
+	ginx.NewRender(c).Data(token, nil)
+}
--- a/center/router/router_target.go
+++ b/center/router/router_target.go
@@ -10,13 +10,14 @@ import (

 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pushgw/idents"
 	"github.com/ccfos/nightingale/v6/storage"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"

 	"github.com/gin-gonic/gin"
 	"github.com/prometheus/common/model"
-	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
-	"github.com/toolkits/pkg/str"
 )

 type TargetQuery struct {
@@ -37,6 +38,16 @@ func (rt *Router) targetGetsByHostFilter(c *gin.Context) {
 	total, err := models.TargetCountByFilter(rt.Ctx, query)
 	ginx.Dangerous(err)

+	models.FillTargetsBeatTime(rt.Redis, hosts)
+	now := time.Now().Unix()
+	for i := 0; i < len(hosts); i++ {
+		if now-hosts[i].BeatTime < 60 {
+			hosts[i].TargetUp = 2
+		} else if now-hosts[i].BeatTime < 180 {
+			hosts[i].TargetUp = 1
+		}
+	}
+
 	ginx.NewRender(c).Data(gin.H{
 		"list":  hosts,
 		"total": total,
@@ -44,7 +55,7 @@ func (rt *Router) targetGetsByHostFilter(c *gin.Context) {
 }

 func (rt *Router) targetGets(c *gin.Context) {
-	bgids := str.IdsInt64(ginx.QueryStr(c, "gids", ""), ",")
+	bgids := strx.IdsInt64ForAPI(ginx.QueryStr(c, "gids", ""), ",")
 	query := ginx.QueryStr(c, "query", "")
 	limit := ginx.QueryInt(c, "limit", 30)
 	downtime := ginx.QueryInt64(c, "downtime", 0)
@@ -56,7 +67,14 @@ func (rt *Router) targetGets(c *gin.Context) {
 	hosts := queryStrListField(c, "hosts", ",", " ", "\n")

 	var err error
-	if len(bgids) == 0 {
+	if len(bgids) > 0 {
+		// 如果用户当前查看的是未归组机器，会传入 bgids = [0]，此时是不需要校验的，故而排除这种情况
+		if !(len(bgids) == 1 && bgids[0] == 0) {
+			for _, gid := range bgids {
+				rt.bgroCheck(c, gid)
+			}
+		}
+	} else {
 		user := c.MustGet("user").(*models.User)
 		if !user.IsAdmin() {
 			// 如果是非 admin 用户，全部对象的情况，找到用户有权限的业务组
@@ -73,9 +91,24 @@ func (rt *Router) targetGets(c *gin.Context) {
 		models.BuildTargetWhereWithBgids(bgids),
 		models.BuildTargetWhereWithDsIds(dsIds),
 		models.BuildTargetWhereWithQuery(query),
-		models.BuildTargetWhereWithDowntime(downtime),
 		models.BuildTargetWhereWithHosts(hosts),
 	}
+
+	// downtime 筛选：从缓存获取心跳时间，选择较小的集合用 IN 或 NOT IN 过滤
+	if downtime != 0 {
+		downtimeOpt, hasMatch := rt.downtimeFilter(downtime)
+		if !hasMatch {
+			ginx.NewRender(c).Data(gin.H{
+				"list":  []*models.Target{},
+				"total": 0,
+			}, nil)
+			return
+		}
+		if downtimeOpt != nil {
+			options = append(options, downtimeOpt)
+		}
+	}
+
 	total, err := models.TargetTotal(rt.Ctx, options...)
 	ginx.Dangerous(err)

@@ -94,14 +127,17 @@ func (rt *Router) targetGets(c *gin.Context) {
 		now := time.Now()
 		cache := make(map[int64]*models.BusiGroup)

+		// 从 Redis 补全 BeatTime
+		models.FillTargetsBeatTime(rt.Redis, list)
+
 		var keys []string
 		for i := 0; i < len(list); i++ {
 			ginx.Dangerous(list[i].FillGroup(rt.Ctx, cache))
 			keys = append(keys, models.WrapIdent(list[i].Ident))

-			if now.Unix()-list[i].UpdateAt < 60 {
+			if now.Unix()-list[i].BeatTime < 60 {
 				list[i].TargetUp = 2
-			} else if now.Unix()-list[i].UpdateAt < 180 {
+			} else if now.Unix()-list[i].BeatTime < 180 {
 				list[i].TargetUp = 1
 			}
 		}
@@ -140,6 +176,43 @@ func (rt *Router) targetGets(c *gin.Context) {
 	}, nil)
 }

+// downtimeFilter 从缓存获取心跳时间，生成 downtime 筛选条件
+// 选择匹配集和非匹配集中较小的一方，用 IN 或 NOT IN 来减少 SQL 参数量
+// 返回值：
+//   - option: 筛选条件，nil 表示所有 target 都符合条件（无需过滤）
+//   - hasMatch: 是否有符合条件的 target，false 表示无匹配应返回空结果
+func (rt *Router) downtimeFilter(downtime int64) (option models.BuildTargetWhereOption, hasMatch bool) {
+	now := time.Now().Unix()
+	targets := rt.TargetCache.GetAll()
+	var matchIdents, nonMatchIdents []string
+	for _, target := range targets {
+		matched := false
+		if downtime > 0 {
+			matched = target.BeatTime < now-downtime
+		} else if downtime < 0 {
+			matched = target.BeatTime > now+downtime
+		}
+		if matched {
+			matchIdents = append(matchIdents, target.Ident)
+		} else {
+			nonMatchIdents = append(nonMatchIdents, target.Ident)
+		}
+	}
+
+	if len(matchIdents) == 0 {
+		return nil, false
+	}
+
+	if len(nonMatchIdents) == 0 {
+		return nil, true
+	}
+
+	if len(matchIdents) <= len(nonMatchIdents) {
+		return models.BuildTargetWhereWithIdents(matchIdents), true
+	}
+	return models.BuildTargetWhereExcludeIdents(nonMatchIdents), true
+}
+
 func (rt *Router) targetExtendInfoByIdent(c *gin.Context) {
 	ident := ginx.QueryStr(c, "ident", "")
 	key := models.WrapExtendIdent(ident)
@@ -454,7 +527,7 @@ func (rt *Router) targetBindBgids(c *gin.Context) {
 			ginx.Dangerous(err)

 			if !can {
-				ginx.Bomb(http.StatusForbidden, "No permission. You are not admin of BG(%s)", bg.Name)
+				ginx.Bomb(http.StatusForbidden, "forbidden")
 			}
 		}
 		isNeverGrouped, checkErr := haveNeverGroupedIdent(rt.Ctx, f.Idents)
@@ -464,7 +537,7 @@ func (rt *Router) targetBindBgids(c *gin.Context) {
 			can, err := user.CheckPerm(rt.Ctx, "/targets/bind")
 			ginx.Dangerous(err)
 			if !can {
-				ginx.Bomb(http.StatusForbidden, "No permission. Only admin can assign BG")
+				ginx.Bomb(http.StatusForbidden, "forbidden")
 			}
 		}
 	}
@@ -549,7 +622,7 @@ func (rt *Router) checkTargetPerm(c *gin.Context, idents []string) {
 	ginx.Dangerous(err)

 	if len(nopri) > 0 {
-		ginx.Bomb(http.StatusForbidden, "No permission to operate the targets: %s", strings.Join(nopri, ", "))
+		ginx.Bomb(http.StatusForbidden, "forbidden")
 	}
 }

@@ -570,3 +643,34 @@ func (rt *Router) targetsOfAlertRule(c *gin.Context) {

 	ginx.NewRender(c).Data(ret, err)
 }
+
+func (rt *Router) checkTargetsExistByIndent(idents []string) {
+	notExists, err := models.TargetNoExistIdents(rt.Ctx, idents)
+	ginx.Dangerous(err)
+
+	if len(notExists) > 0 {
+		ginx.Bomb(http.StatusBadRequest, "targets not exist: %s", strings.Join(notExists, ", "))
+	}
+}
+
+func (rt *Router) targetsOfHostQuery(c *gin.Context) {
+	var queries []models.HostQuery
+	ginx.BindJSON(c, &queries)
+
+	hostsQuery := models.GetHostsQuery(queries)
+	session := models.TargetFilterQueryBuild(rt.Ctx, hostsQuery, 0, 0)
+	var lst []*models.Target
+	err := session.Find(&lst).Error
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, err.Error())
+	}
+
+	ginx.NewRender(c).Data(lst, nil)
+}
+
+func (rt *Router) targetUpdate(c *gin.Context) {
+	var f idents.TargetUpdate
+	ginx.BindJSON(c, &f)
+
+	ginx.NewRender(c).Message(rt.IdentSet.UpdateTargets(f.Lst, f.Now))
+}
--- a/Show More
+++ b/Show More