refactor(https): 协议识别下沉到 nginx，TrustProxies 只信 X-Forwarded-Proto

- nginx 经 APP_SCHEME 环境变量(envsubst 模板)统一控制 X-Forwarded-Proto - TrustProxies 信任内网代理但仅采信 X-Forwarded-Proto，防 Host 注入 - 移除 WebApi 中间件的硬编码强制 https - getSchemeAndHost 优先用当前请求 scheme/host，保留非请求上下文兜底 - cmd https 切换后改用 compose up -d 重建 nginx 容器使 envsubst 生效 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
release: v1.7.90
2026-06-12 10:22:20 +00:00 · 2026-06-06 01:52:38 +00:00 · 2026-06-04 23:06:30 +00:00 · 2026-06-04 22:06:19 +00:00 · 2026-06-04 21:57:49 +00:00 · 2026-06-04 21:57:37 +00:00
236 changed files with 14541 additions and 2544 deletions
--- a/.agents
+++ b/.agents
@ -0,0 +1 @@
 .claude
--- a/.claude/skills/dootask-backup/SKILL.md
+++ b/.claude/skills/dootask-backup/SKILL.md
@ -0,0 +1,119 @@
 ---
 description: 备份 DooTask 数据：数据库（必须）+ public/uploads（排除 tmp，可选）+ docker/appstore/config（可选）。汇总到临时目录并附 README 说明，打包到 backup/ 按日期命名。只读取源数据、绝不删改，失败即停。
 ---
 # DooTask 数据备份
 **刚性技能**——前置检查 → 选可选项 → 确认 → 执行 → 报告。只读取源数据生成归档，**绝不删除或修改任何源数据/既有备份**。任何一步失败立即停止。
 ## 备份范围
 | 项 | 来源 | 是否必须 | 说明 |
 |----|------|---------|------|
 | 数据库 | `./cmd mysql backup` 产出的 `.sql.gz` | **必须** | 脚本内部用 mysqldump 导出当前库 |
 | 上传文件 | `public/uploads`（**排除 `public/uploads/tmp`**） | 可选 | 头像/聊天/任务/文件等真实上传数据；`tmp` 是临时目录，可重建，不备份 |
 | 应用配置 | `docker/appstore/config` | 可选 | 应用市场各应用的配置；含 **root 属主子目录**，收集时可能需 sudo |
 > `docker/appstore/apps` **不在备份范围**——可从应用市场重新安装，无需备份。
 ## 前置检查（全部通过才能继续）
 1. **工作目录**：在项目根（存在 `cmd`、`docker-compose.yml`）
 2. **数据库容器**：`mariadb` 容器在跑（DB 备份依赖它；不在则提示用户先 `./cmd up` 起服务）
 3. **磁盘空间**：确认 `backup/` 所在盘空间足够（数据库 dump 可能较大）
 4. **选可选项**：询问用户本次是否包含 `public/uploads` 和 `docker/appstore/config`（**默认两个都含**）
 检查通过、可选项确定后，汇报本次将备份哪些项，**向用户确认一次**再执行。
 ## 执行
 用一个统一时间戳贯穿全程：`TS=$(date +%Y%m%d_%H%M%S)`，临时目录 `WORK="tmp/dootask-backup-${TS}"`。
 ### 1) 建临时工作目录
 ```shell
 mkdir -p "$WORK"
 ```
 （`tmp/` 已被 gitignore，安全）
 ### 2) 数据库（必须）
 ```shell
 ./cmd mysql backup
 ```
 脚本会把 dump 写到 `docker/mysql/backup/<库名>_<时间戳>.sql.gz` 并打印「备份文件：...」。**取该次产出的最新 dump** 复制进工作目录（不用关心它原始落在哪）：
 ```shell
 DB_FILE=$(ls -t docker/mysql/backup/*.sql.gz | head -1)
 cp "$DB_FILE" "$WORK/"
 ```
 ### 3) public/uploads（可选，排除 tmp）
 ```shell
 rsync -a --exclude='tmp' public/uploads/ "$WORK/uploads/"
 ```
 > 无 rsync 时用 tar 管道：`mkdir -p "$WORK/uploads" && tar cf - --exclude='./tmp' -C public/uploads . | tar xf - -C "$WORK/uploads"`
 ### 4) docker/appstore/config（可选）
 ```shell
 cp -a docker/appstore/config "$WORK/appstore-config"
 ```
 > 含 root 属主子目录，若报 `permission denied`：改用 `sudo cp -a ...`，随后把整个工作目录属主归还当前用户，保证后续打包/清理不受阻：
 > ```shell
 > sudo chown -R "$(id -u):$(id -g)" "$WORK"
 > ```
 ### 5) 写 README.md（备份说明）
 在 `$WORK/README.md` 写明本次备份信息，便于日后识别与还原。模板：
 ```markdown
 # DooTask 备份 — <TS>
 - 备份时间：<人类可读时间>
 - DooTask 版本：<取自 package.json 的 version>
 - 包含内容：
  - 数据库：<DB dump 文件名>（来源 mysqldump 当前库）
  - 上传文件：uploads/（来源 public/uploads，已排除 tmp）  ← 未选则写「未包含」
  - 应用配置：appstore-config/（来源 docker/appstore/config）  ← 未选则写「未包含」
 - 各项大小：<du -sh 列出工作目录内各项>
 ## 还原提示
 - 数据库：`gunzip < <db>.sql.gz | mysql -u<user> -p<pass> <库名>`，或用 `./cmd mysql recovery` 选对应文件还原。
 - 上传文件：将 uploads/ 内容覆盖回项目 public/uploads/。
 - 应用配置：将 appstore-config/ 覆盖回 docker/appstore/config/。
 ```
 ### 6) 打包到 backup/，清理临时目录
 ```shell
 mkdir -p backup
 tar czf "backup/dootask_backup_${TS}.tar.gz" -C tmp "dootask-backup-${TS}"
 rm -rf "$WORK"
 ```
 ## 报告
 向用户报告：
 - 最终归档路径：`backup/dootask_backup_<TS>.tar.gz`
 - 归档大小（`ls -lh`）
 - 实际包含了哪些项（数据库 + 视选择含/不含 uploads、appstore-config）
 ## 失败处理
 - 任何步骤失败立即停止，原样报告错误
 - **不要**自动重试、不要静默跳过某一项（可选项是否包含由前置确认决定，不在执行中临时变更）
 - DB 备份失败（如 mariadb 未运行）→ 停止，提示用户起服务后重试
 - 打包前若工作目录有 root 属主残留导致 tar/rm 失败 → `sudo chown` 归还属主后继续，不要删源数据
 ## 禁止项
 | 错误做法 | 正确做法 |
 |---------|---------|
 | 为"省空间"删除源数据或既有备份 | 只读取源数据生成归档，源数据一律不动 |
 | 备份 `public/uploads/tmp` | 排除 tmp（临时、可重建） |
 | 把 `docker/appstore/apps` 也打进去 | 不在范围，可从应用市场重装 |
 | 遇 config 的 root 子目录就跳过该项 | `sudo` 收集后 chown 归还，完整备份 |
 | 不写 README 直接打包 | 每个归档自带 README，便于日后识别还原 |
 | 把归档写进 git | 归档放 `backup/`（已 gitignore），不提交 |
 ## Red Flags —— 出现这些念头立即停下
 - "源数据太大，删点旧的再备份" → 不，备份只读不删
 - "config 有 root 目录，跳过算了" → 不，sudo 收集后归还属主
 - "apps 也一起备了更全" → 不，apps 不在范围
 - "tmp 里临时文件顺手也备了" → 不，明确排除 `public/uploads/tmp`
--- a/.claude/skills/dootask-fix-permission/SKILL.md
+++ b/.claude/skills/dootask-fix-permission/SKILL.md
@ -0,0 +1,76 @@
 ---
 name: dootask-fix-permission
 description: 修复 DooTask 可写目录（bootstrap/cache、docker、public、storage）的属主/权限：chown 回当前用户 + 目录 chmod 775，对齐 install 的赋权逻辑，赋权不删数据。
 ---
 # DooTask 目录权限修复
 容器内进程常以 **root** 写入挂载目录（`storage`、`public/uploads`、`bootstrap/cache` 等），导致宿主机当前用户对这些文件**没有写权限**，进而触发：
 - `./cmd install` 报「目录【xxx】权限不足」/ 目录权限检测失败
 - `./cmd build`（vite）报 `EACCES: permission denied, copyfile`（复制 `public/uploads/...` 时）
 - Laravel 运行时写 `storage`/`bootstrap/cache` 失败
 本技能**对齐 `./cmd install` 的目录赋权逻辑**：对四个可写目录做 `chmod 775`（目录）+ `chown` 回当前用户。
 ## 适用目录
 与 install 一致的四个：
 ```
 bootstrap/cache
 docker
 public          # 含 public/uploads（真实上传数据）
 storage
 ```
 ## 核心原则：赋权，不删数据
 `public/uploads` 含真实上传文件（头像、附件等）。**永远优先 `chown` 改属主，不要删数据。** 即便用户说"清理一下"，也只允许清临时目录 `public/uploads/tmp`，**切勿**删 uploads 下其他内容。
 ## 前置检查
 1. **工作目录**：在项目根（存在 `cmd` 且这四个目录在）
 2. **sudo**：改属主需 root（当前文件多为 root 属主）。本机一般可免密 sudo；不行则经 docker 以 root 改权限
 3. 确认要修的范围：默认四个目录全修；若用户只想解 build 报错，也可只针对 `public`（含 `public/uploads`）
 检查通过后汇报将执行的命令，**向用户确认一次**再执行。
 ## 执行
 确认后执行（属主修回当前用户，目录权限 775）：
 ```shell
 # 1) 属主修回当前用户（递归）
 sudo chown -R "$(id -u):$(id -g)" bootstrap/cache docker public storage
 # 2) 目录权限 775（仅目录，对齐 install 的 `find -type d -exec chmod 775`）
 find bootstrap/cache docker public storage -type d -exec chmod 775 {} \;
 ```
 > 只想解 build 的 uploads 报错时，可只对 `public`：
 > ```shell
 > sudo chown -R "$(id -u):$(id -g)" public/uploads
 > ```
 执行后报告：改了哪些目录、属主/权限现状（可 `ls -ld` 抽查），并提示用户可重试之前失败的 install/build/update。
 ## 失败处理
 - `chown` 报权限不足 → 当前用户无 sudo 权限，提示用户用有 root 权限的账户，或经 docker 以 root 执行；不要静默跳过
 - 任何步骤失败立即停止报告，不自动重试
 ## 禁止项
 | 错误做法 | 正确做法 |
 |---------|---------|
 | build 报 uploads EACCES 就 `rm` 删文件 | `chown` 修属主，保留数据 |
 | 删整个 `public/uploads` 清场 | 最多清 `public/uploads/tmp`，别碰真实上传数据 |
 | 对文件无差别 `chmod 777` | 目录 `chmod 775` + `chown` 回当前用户即可 |
 | 不加 sudo 直接 chown root 文件 | 改属主需 root |
 ## Red Flags —— 出现这些念头立即停下
 - "uploads 复制失败，删掉再 build" → 不，`chown` 赋权，不丢数据
 - "777 一把梭最省事" → 不，按 install 的 775（目录）+ chown
 - "权限不够就跳过这个目录" → 不，报告交用户处理 sudo
--- a/.claude/skills/dootask-install/SKILL.md
+++ b/.claude/skills/dootask-install/SKILL.md
@ -0,0 +1,74 @@
 ---
 name: dootask-install
 description: 首次部署 DooTask：前置检查后执行 `sudo ./cmd install`（建库 + migrate --seed 的重操作），刚性流程、单次确认、失败即停。
 ---
 # DooTask 安装流程
 **刚性技能**——前置检查 → 向用户确认一次 → 执行 → 报告结果。任何一步失败立即停止。
 ## 核心原则
 **违反字面规则 = 违反流程精神。** 不要擅自增加、省略、合并步骤，不要为"省事"绕过 sudo 或确认。
 `./cmd install` 已把整套安装封装为单条命令（赋权→起容器→`composer install`→`key:generate`→`migrate --seed`→`up -d`）。本技能的职责是**安装前把关、选对参数、执行前确认、已知失败处理**，而不是把脚本逻辑拆开重做。
 ## 前置检查（全部通过才能继续）
 执行前依次确认：
 1. **工作目录**：必须在项目根（存在 `cmd`、`docker-compose.yml`、`.env.docker`）
 2. **Docker**：`docker` 与 `docker-compose`/`docker compose`(v2+) 可用且 daemon 在跑（脚本 `check_docker` 也会查，但提前确认能更早报错）
 3. **Node.js ≥ 20**（脚本 `check_node` 会查）
 4. **APP_ID 不冲突**：若 `.env` 已有 `APP_ID` 且被其他实例占用，脚本 `check_instance` 会报错——此时**停止**，提示用户先清空 `.env` 里的 `APP_ID` 和 `APP_IPPR` 再装
 5. **sudo**：`./cmd install` 需 root（`check_sudo`），用 `sudo ./cmd install` 执行
 ⚠️ **这是重操作**：会创建数据库并执行 `migrate --seed`（灌入种子数据）。在已有数据的环境上重装前务必和用户确认，避免覆盖。
 检查通过后汇报结果，**向用户确认一次**再执行。
 ## 参数选择
 | 参数 | 作用 | 何时用 |
 |------|------|--------|
 | `--port <端口>` | 指定 HTTP 端口（脚本会做端口占用检测） | 用户要自定义端口，或默认端口被占 |
 | `--relock` | 删除 `node_modules`/`package-lock.json`/`vendor`/`composer.lock` 后重装 | **谨慎**：仅在依赖锁损坏、用户明确要求重建锁时用，会拖慢安装 |
 不确定时不要自作主张加参数，按需询问用户。
 ## 执行
 确认后执行（按用户选择带上参数）：
 ```shell
 sudo ./cmd install
 # 或： sudo ./cmd install --port 8080
 ```
 成功后脚本会输出访问地址并调用 `repassword.sh`。执行完向用户报告：访问地址（`http://127.0.0.1:<APP_PORT>`）、以及数据库密码提示。
 ## 失败处理
 - 任何步骤失败立即停止，原样报告错误信息
 - **不要**自动重试，**不要**自动跳过
 - 常见失败与对应处理：
  - `APP_ID（xxx）已被其他实例使用` → 停止，让用户清空 `.env` 的 `APP_ID`/`APP_IPPR` 再装
  - `端口 xxx 已被占用` → 停止，让用户换 `--port`
  - `目录【xxx】权限不足` / 目录权限检测失败 → 这是目录属主/权限问题，引导用户用 **dootask-fix-permission** 技能修复后重装
  - `安装依赖失败`（composer）→ 报告，交用户决定（常因网络/镜像源）
 ## 禁止项
 | 错误做法 | 正确做法 |
 |---------|---------|
 | 不加 sudo 直接 `./cmd install` | 用 `sudo ./cmd install`（脚本强制 root） |
 | 失败后"我再试一次"或自动跳过 | 立即停止，交还用户 |
 | 在已有数据环境上不问就重装 | 先确认会 `migrate --seed`，可能影响现有数据 |
 | 遇权限报错自己乱 `chmod`/`chown` | 走 dootask-fix-permission 技能统一处理 |
 | 不问就加 `--relock` | 默认不加；仅用户明确要求或锁损坏时用 |
 ## Red Flags —— 出现这些念头立即停下
 - "端口/权限报错了我顺手帮 TA 改一下别的" → 停下，只处理本次报的问题，按指引走对应技能
 - "种子数据应该没事，直接重装" → 不，先确认是否会覆盖现有数据
 - "sudo 麻烦，先试试不加" → 不，install 必须 root
--- a/.claude/skills/dootask-release/SKILL.md
+++ b/.claude/skills/dootask-release/SKILL.md
@ -0,0 +1,204 @@
 ---
 name: dootask-release
 description: 从 `pro` 分支发布 DooTask 前端新版本：翻译 → 版本号/更新日志 → 构建 → 提交推送，刚性顺序、每步确认、失败即停。
 ---
 # DooTask 发布流程
 **刚性技能**——严格按顺序执行，每步向用户确认，任何一步失败立即停止。
 ## 核心原则
 按固定顺序执行，不增删、合并或重排步骤。翻译（Step 1）和更新日志（Step 2）由你直接产出；脚本只做确定性机械工作（算版本号、检测差异、字节级生成语言文件）。
 ## 前置检查（全部通过才能继续）
 执行任何发布步骤前，依次检查：
 1. **分支**：必须是 `pro`，否则停止，提示用户切换
 2. **工作区**：`git status` 必须干净（无未提交变更、无未跟踪文件），否则**停止**并交由用户处理
 3. **Node.js**：`node --version` 必须 ≥ 20
 4. **PHP**：`php --version` 必须可用（Step 1 的脚本依赖本地 php，无需容器）。若 host 无 php，停止并提示用户
 检查通过后汇报结果，用户确认后再开始执行。
 ## 发布步骤
 **每步执行前**向用户确认；**每步执行后**报告结果。
 开始前先把这份清单复制到你的回复里，逐项勾选、跟踪进度：
 ```
 发布进度：
 - [ ] 前置检查（分支 pro / 工作区干净 / node≥20 / php 可用）
 - [ ] Step 1 翻译（diff → 翻译 → apply → generate）
 - [ ] Step 2 版本号 + CHANGELOG
 - [ ] Step 3 构建（./cmd prod）
 - [ ] 汇总变更 → 用户确认 → commit + push
 - [ ] 确认 GitHub Actions Publish 工作流 success
 ```
 ---
 ### Step 1: 翻译
 多语言数据流：`language/original-{web,api}.txt`（原文/简体中文）→ 经翻译写入 `language/translate.json`（含 9 种语言）→ 生成 `public/language/{web,api}/*`。
 **1.1 检测差异**
 ```shell
 php .claude/skills/dootask-release/scripts/language.php diff
 ```
 输出 JSON：
 - `regexErrorCount > 0`：translate.json **已有条目**的占位符与某语言值不一致 → **停止**，报告 `regexErrors`，交用户修复（这是历史数据问题，不要自行猜测修改）
 - `redundantCount > 0`：translate.json 里有、但原文已删除的条目 → 仅作提示（apply 时会自动剔除，不致命）
 - `needsCount == 0`：无新文案 → **跳到 1.4 直接生成**
 - `needsCount > 0`：`needs` 数组即待翻译清单，每项 `key` 已转成占位符形式（如 `(%T1)`）→ 进入 1.2
 **1.2 翻译**
 对 `needs` 里的每个 `key`，翻成 8 种语言（`zh` 留空、`key` 原样保留）：`zh-CHT` `en` `ko` `ja` `de` `fr` `id` `ru`。
 要求：贴合「项目任务管理系统」语境；占位符 `(%T1)`/`(%M1)` 等原样保留、不可增删改，位置可随目标语言语序调整：
 | 原文 | 翻成英语 |
 |---|---|
 | (%T1)的周报[(%T2)][(%T3)月第(%T4)周] | Weekly report of (%T1) [(%T2)] [Week (%T4) of month (%T3)] |
 | (%T1)提交的「(%M2)」待你审批 | '(%M2)' submitted by (%T1) is waiting for your approval |
 把结果写成一个 JSON 数组文件（建议放 `/tmp/dootask-release-translated.json`，避免污染工作区），每个元素含全部 10 个字段，顺序为：
 `key, zh, zh-CHT, en, ko, ja, de, fr, id, ru`（`zh` 写 `""`）。
 ```json
 [
  {"key":"...(%T1)...","zh":"","zh-CHT":"...","en":"...","ko":"...","ja":"...","de":"...","fr":"...","id":"...","ru":"..."}
 ]
 ```
 **1.3 合并进 translate.json**
 ```shell
 php .claude/skills/dootask-release/scripts/language.php apply /tmp/dootask-release-translated.json
 ```
 脚本会校验字段完整性与占位符完整性、追加新条目、剔除冗余项，并按项目原生格式写回 `translate.json`。任一条不合格会报错停止，按提示修正翻译后重试。
 **1.4 生成前端/后端语言文件**
 ```shell
 php .claude/skills/dootask-release/scripts/language.php generate
 ```
 由 `translate.json` 字节级重新生成 `public/language/web/*.js` 与 `public/language/api/*.json`（排序/转义与项目原生工具完全一致，正常情况下 diff 只包含本次新增条目）。
 **1.5 报告**：用 `git status --short language public/language` 汇总本步改动，向用户报告新增了多少条翻译。
 ---
 ### Step 2: 版本号 + 更新日志
 **2.1 计算并写入版本号**
 ```shell
 node .claude/skills/dootask-release/scripts/version_bump.js
 ```
 脚本据 git 历史算出新 `version` 与 `codeVerson` 并写入 `package.json`，输出 JSON 含：`version`、`prevVersion`、`changelogRange`（如 `<上次release提交>..HEAD`，用于下一步圈定本次更新范围）。
 **2.2 撰写 CHANGELOG**
 读取本次区间的提交：
 ```shell
 git log <changelogRange> --stat
 ```
 `--stat` 会带上每个提交的完整描述正文 + 改动文件清单；光看标题不够时用 `git show <hash>` 看具体代码改动。
 按 `CHANGELOG.md` 现有格式，在文件顶部 `# Changelog` 说明段之后、紧挨上一个 `## [...]` 之前，插入新版本区段：
 ```markdown
 ## [<version>]
 ### Features
 - ...
 ### Bug Fixes
 - ...
 ### Performance
 - ...
 ```
 撰写要求（对齐项目历史风格）：
 - 小节标题用**英文 Title Case**：`Features` / `Bug Fixes` / `Performance` / `Documentation` / `Security` / `Miscellaneous`，**不要译成中文**；**没有内容的小节整段省略**。
 - 条目正文用**通俗友好的简体中文**，面向**普通用户**描述更新带来的直接好处，**避免技术术语**（如 refactor、merge branch、commit lint、bump deps 等）。
 - 过滤掉对用户无意义的提交（纯构建/依赖/CI/合并提交、本技能自身的脚手架改动等）。
 - 仅凭提交标题无法判断是否对用户有价值时，结合提交的完整描述正文和实际代码改动（`git show <hash>`）再决定，不要只看一行就下结论。
 - 合并相似项；每个小节内**按用户价值与影响范围排序，重要的在前**。
 **2.3 报告**：展示新版本号与你写的 changelog 区段，请用户过目。
 ---
 ### Step 3: 构建前端
 ```shell
 ./cmd prod
 ```
 构建前端生产版本。用 `./cmd prod`，不要换成裸跑 vite（它还负责 node 检查、清 `public/js/build`、debug 切换）。
 > **已知失败**：build 报 `public/uploads/...` 的 `EACCES: permission denied, copyfile`，是 vite 复制 `public/` 时撞到 root 属主的运行时上传文件（不限于 `tmp`，`avatar` 等都可能）。补救是赋权、不是删数据——把 uploads 属主改回当前用户后重试：
 > ```shell
 > sudo chown -R "$(id -u):$(id -g)" public/uploads
 > ```
 > `public/uploads` 是真实上传数据，**不要删**；即便要清也只清 `public/uploads/tmp`。
 ---
 ## 最终：提交并推送
 所有步骤完成后：
 1. 通过 `git diff` + `git status` 汇总所有变更，向用户报告摘要
 2. **询问用户是否提交并推送**
 3. 用户明确确认后才执行 `git add`、`git commit`、`git push`
 4. 未确认一律不执行
 提交规范：
 - 提交信息使用 `release: v<新版本号>`（与历史一致，参见 `git log --oneline | grep '^release:'`）
 - **只 add 本次发布相关改动**，按文件名/目录显式添加（例如 `git add package.json CHANGELOG.md language/translate.json public/language public/js`），不要用 `git add -A` / `git add .`，以免卷入未跟踪的本地实验文件
 - 不打 git tag（现行发布流程不使用 tag）
 - 确认前先核对：`/tmp/dootask-release-translated.json` 等临时文件不在仓库内，工作区不应残留发布无关的未跟踪文件
 ## push 之后：确认发布工作流（CI 才是真正出包）
 push 到 `pro` 只是触发器，真正的构建/出包由 GitHub Actions 完成——**push 成功 ≠ 发布完成**：
 - **Publish**（`.github/workflows/publish.yml`，push→pro 触发）跑完才算出包；成功后会自动触发 **Sync to Gitee**（镜像同步）。
 - push 完成后**主动确认** Publish 工作流 `conclusion=success`。优先用 `gh`（未装可临时装；公开仓库也可用 GitHub REST API 免鉴权读取 runs）：
  ```shell
  gh run list --workflow=publish.yml -R kuaifan/dootask -L 1
  gh run view <run-id> -R kuaifan/dootask --json status,conclusion,url
  ```
 - 工作流仍在跑时，挂后台轮询、结束即通知用户，**不要在前台死等**。
 ### iOS 发布（询问后决定）
 `ios-publish.yml` 是**独立的手动工作流**（`workflow_dispatch`），不随 push 触发。Publish 成功后，用 options 或 AskUserQuestion 形式提问是否同时发布 iOS（选项：发布 iOS / 不发布）：
 - 选「发布 iOS」才执行：
  ```shell
  gh workflow run ios-publish.yml --ref pro -R kuaifan/dootask
  ```
  需 `gh` 已登录且 token 含 `workflow` 权限；触发后可挂后台轮询结果。
 - 选「不发布」则结束。
 ## 失败处理
 任何步骤失败立即停止、报告错误信息，交用户决定；不要自动重试或跳过。
--- a/.claude/skills/dootask-release/scripts/language.php
+++ b/.claude/skills/dootask-release/scripts/language.php
@ -0,0 +1,239 @@
 <?php
 // DooTask 发布——翻译流水线（纯本地 php，host 直接跑，不进容器、不调 OpenAI、不需 autoload）。
 // 逐行对齐 language/translate.php 的检测/保存/生成逻辑，唯独把"调用外部模型翻译"那一段抽走，
 // 翻译改在技能流程内完成。用 php 而非 node 的唯一原因：array_multisort + json_encode
 // 的逐字节产物必须与项目原生工具一致，否则每次发版都会产生大面积排序/转义噪声 diff（已验证 host php 可字节级复现）。
 //
 // 子命令：
 //   language.php diff
 //       —— 输出 JSON：needs(待翻译，key 已转成 (%T1)/(%M1) 形式) / redundants(冗余,提示) / regexErrors(占位符错乱,致命)
 //   language.php apply <translated.json>
 //       —— 把新翻译合并进 translate.json（追加 + 剔除冗余），不生成 public 文件
 //   language.php generate
 //       —— 由 translate.json 重新生成 public/language/{web,api}/*
 //
 // 项目根相对脚本自身定位（脚本固定在 <root>/.claude/skills/dootask-release/scripts/），与调用时的 cwd 无关。
@error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
 $ROOT = dirname(__DIR__, 4);
 $LANG_DIR = $ROOT . '/language';
 $LANG_FIELDS = ['key', 'zh', 'zh-CHT', 'en', 'ko', 'ja', 'de', 'fr', 'id', 'ru'];
 if (!is_dir($LANG_DIR)) {
    fwrite(STDERR, "未找到 language 目录（$LANG_DIR）。\n");
    exit(1);
 }
 chdir($LANG_DIR);
 $cmd = $argv[1] ?? '';
 // ---- 公共：读取 original-*.txt ----
 function read_generateds(): array
 {
    $originals = [];
    $generateds = [];
    foreach (['web', 'api'] as $type) {
        $content = file_exists("original-{$type}.txt") ? file_get_contents("original-{$type}.txt") : "";
        $array = array_values(array_filter(array_unique(explode("\n", $content))));
        $generateds[$type] = $array;
        $originals = array_merge($originals, $array);
    }
    return [$originals, $generateds];
 }
 // ---- 公共：构建 translations 映射（normalizedKey -> obj），并收集冗余/占位符错乱 ----
 function build_translations(array $originals): array
 {
    $translations = [];
    $redundants = [];
    $regrror = [];
    if (!file_exists("translate.json")) {
        fwrite(STDERR, "translate.json not exists\n");
        exit(1);
    }
    $tmps = json_decode(file_get_contents("translate.json"), true);
    foreach ($tmps as $obj) {
        if (!isset($obj['key'])) {
            continue;
        }
        $currentKey = $obj['key'];
        $originalKey = preg_replace(["/\(%T\d+\)/", "/\(%M\d+\)/"], ["(*)", "(**)"], $currentKey);
        if (!in_array($originalKey, $originals)) {
            $redundants[$originalKey] = $obj;
            continue;
        }
        $translations[$originalKey] = $obj;
        if (preg_match_all('/\(%[TM]\d+\)/', $currentKey, $matches)) {
            foreach ($matches[0] as $match) {
                foreach ($obj as $k => $v) {
                    if (empty($v)) {
                        continue;
                    }
                    if (!str_contains($v, $match)) {
                        $regrror[$originalKey] = ['key' => $currentKey, 'field' => $k, 'value' => $v, 'match' => $match];
                        continue 2;
                    }
                }
            }
        }
    }
    return [$translations, $redundants, $regrror];
 }
 // ---- 公共：由 translate.json + originals 重新生成 public 文件 ----
 function generate(array $generateds, array $translations): void
 {
    foreach ($generateds as $type => $array) {
        $datas = [];
        foreach ($array as $text) {
            $text = trim($text);
            if (isset($translations[$text])) {
                $datas[] = $translations[$text];
            }
        }
        $inOrder = [];
        foreach ($datas as $index => $item) {
            if (preg_match('/\(%[TM]\d+\)/', $item['key'])) {
                $inOrder[$index] = strlen($item['key']);
            } else {
                $inOrder[$index] = strlen($item['key']) + 10000000000;
            }
        }
        array_multisort($inOrder, SORT_DESC, $datas);
        $results = [];
        foreach ($datas as $items) {
            foreach ($items as $kk => $item) {
                $results[$kk][] = $item;
            }
        }
        if ($type === 'api') {
            if (!is_dir("../public/language/api")) {
                mkdir("../public/language/api", 0777, true);
            }
            foreach ($results as $kk => $item) {
                file_put_contents("../public/language/api/$kk.json", json_encode($item, JSON_UNESCAPED_UNICODE));
            }
        } elseif ($type === 'web') {
            if (!is_dir("../public/language/web")) {
                mkdir("../public/language/web", 0777, true);
            }
            foreach ($results as $kk => $item) {
                file_put_contents("../public/language/web/$kk.js", "if(typeof window.LANGUAGE_DATA===\"undefined\")window.LANGUAGE_DATA={};window.LANGUAGE_DATA[\"{$kk}\"]=" . json_encode($item, JSON_UNESCAPED_UNICODE));
            }
        }
        echo "[$type] total: " . count($results['key']) . "\n";
    }
 }
 if ($cmd === 'diff') {
    [$originals, $generateds] = read_generateds();
    [$translations, $redundants, $regrror] = build_translations($originals);
    // 需要翻译的数据（对齐 translate.php 150-169：占位符按单一计数器编号）
    $needs = [];
    foreach ($originals as $text) {
        $key = trim($text);
        if ($key === '') {
            continue;
        }
        if (!isset($translations[$key])) {
            $needs[$key] = $key;
        }
    }
    $needsOut = [];
    foreach ($needs as $key) {
        $c = 1;
        $converted = preg_replace_callback('/\((\*+)\)/', function ($m) use (&$c) {
            $label = strlen($m[1]) > 1 ? "M" : "T";
            return "(%" . $label . $c++ . ")";
        }, $key);
        $needsOut[] = ['key' => $converted];
    }
    echo json_encode([
        'needsCount' => count($needsOut),
        'redundantCount' => count($redundants),
        'regexErrorCount' => count($regrror),
        'needs' => $needsOut,
        'redundants' => array_keys($redundants),
        'regexErrors' => array_values($regrror),
    ], JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT) . "\n";
    if (count($regrror) > 0) {
        exit(2); // 已有数据占位符错乱，需先修复
    }
    exit(0);
 }
 if ($cmd === 'apply') {
    $file = $argv[2] ?? '';
    if ($file === '' || !file_exists($file)) {
        fwrite(STDERR, "用法：apply <translated.json>（文件不存在）\n");
        exit(1);
    }
    [$originals, $generateds] = read_generateds();
    [$translations, $redundants, $regrror] = build_translations($originals);
    if (count($regrror) > 0) {
        fwrite(STDERR, "translate.json 已有条目占位符错乱，请先修复再发版。\n");
        exit(2);
    }
    $incoming = json_decode(file_get_contents($file), true);
    if (!is_array($incoming)) {
        fwrite(STDERR, "translated.json 必须是数组\n");
        exit(1);
    }
    $added = 0;
    foreach ($incoming as $raw) {
        foreach ($GLOBALS['LANG_FIELDS'] as $f) {
            if (!array_key_exists($f, $raw)) {
                fwrite(STDERR, "新翻译缺字段 \"$f\"：" . json_encode($raw, JSON_UNESCAPED_UNICODE) . "\n");
                exit(1);
            }
        }
        // 占位符完整性：key 里每个 (%T1)/(%M1) 必须出现在每个非空语言值里
        if (preg_match_all('/\(%[TM]\d+\)/', $raw['key'], $m)) {
            foreach ($m[0] as $match) {
                foreach ($GLOBALS['LANG_FIELDS'] as $f) {
                    if ($f === 'key' || $f === 'zh') {
                        continue;
                    }
                    if (empty($raw[$f])) {
                        continue;
                    }
                    if (!str_contains($raw[$f], $match)) {
                        fwrite(STDERR, "占位符 $match 在字段 \"$f\" 缺失：{$raw['key']}\n");
                        exit(1);
                    }
                }
            }
        }
        // 规范化：固定字段顺序 + zh 置空
        $item = [];
        foreach ($GLOBALS['LANG_FIELDS'] as $f) {
            $item[$f] = $f === 'zh' ? '' : $raw[$f];
        }
        $originalKey = preg_replace(["/\(%T\d+\)/", "/\(%M\d+\)/"], ["(*)", "(**)"], $item['key']);
        $translations[$originalKey] = $item;
        $added++;
    }
    // array_values：现有条目（去冗余）在前，新条目追加在后
    file_put_contents("translate.json", json_encode(array_values($translations), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT));
    echo json_encode([
        'added' => $added,
        'total' => count($translations),
        'droppedRedundant' => count($redundants),
    ], JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT) . "\n";
    exit(0);
 }
 if ($cmd === 'generate') {
    [$originals, $generateds] = read_generateds();
    [$translations] = build_translations($originals);
    generate($generateds, $translations);
    exit(0);
 }
 fwrite(STDERR, "未知子命令：'$cmd'。可用：diff | apply <file> | generate\n");
 exit(1);
--- a/.claude/skills/dootask-release/scripts/version_bump.js
+++ b/.claude/skills/dootask-release/scripts/version_bump.js
@ -0,0 +1,47 @@
 #!/usr/bin/env node
 // 计算并写入新版本号到 package.json（version + codeVerson），算法对齐 bin/version.js。
 // 不生成 CHANGELOG（在技能流程内撰写），只输出版本号与 changelog 的提交区间。
 //
 // 项目根相对脚本自身定位（脚本固定在 <root>/.claude/skills/dootask-release/scripts/），与调用时的 cwd 无关。
 const fs = require('fs');
 const path = require('path');
 const { execSync } = require('child_process');
 const ROOT = path.resolve(__dirname, '../../../..');
 const pkgFile = path.join(ROOT, 'package.json');
 const verOffset = 6394; // 版本号偏移量（与 bin/version.js 一致）
 const codeOffset = 35;  // 代码版本号偏移量
 function git(cmd) {
    return execSync(cmd, { cwd: ROOT, maxBuffer: 1024 * 1024 * 10 }).toString().trim();
 }
 const verCount = parseInt(git('git rev-list --count HEAD'), 10);
 const codeCount = parseInt(git("git tag --merged pro -l 'v*' | wc -l"), 10);
 const num = verOffset + verCount;
 if (Number.isNaN(num)) {
    console.error(`版本计算失败：rev-list count=${verCount}`);
    process.exit(1);
 }
 const version = `${Math.floor(num / 10000)}.${Math.floor((num % 10000) / 100)}.${Math.floor(num % 100)}`;
 const codeVersion = codeOffset + codeCount;
 let pkg = fs.readFileSync(pkgFile, 'utf8');
 const prevVersion = (pkg.match(/"version":\s*"(.*?)"/) || [])[1] || '';
 pkg = pkg.replace(/"version":\s*"(.*?)"/, `"version": "${version}"`);
 pkg = pkg.replace(/"codeVerson":(.*?)(,|$)/, `"codeVerson": ${codeVersion}$2`);
 fs.writeFileSync(pkgFile, pkg, 'utf8');
 // 上一个 release 提交作为 changelog 区间下界
 let prevReleaseCommit = '';
 try {
    prevReleaseCommit = git("git log --grep='^release: v' -n 1 --pretty=format:%H");
 } catch (e) { /* ignore */ }
 console.log(JSON.stringify({
    version,
    codeVersion,
    prevVersion,
    prevReleaseCommit,
    changelogRange: prevReleaseCommit ? `${prevReleaseCommit}..HEAD` : '(未找到上一个 release 提交，需人工确定区间)',
 }, null, 2));
--- a/.claude/skills/dootask-update/SKILL.md
+++ b/.claude/skills/dootask-update/SKILL.md
@ -0,0 +1,83 @@
 ---
 name: dootask-update
 description: 更新已部署的 DooTask：前置检查后执行 `sudo ./cmd update`（拉代码 + composer + 迁移 + 重启），本地有改动时停下交用户决定，不自动强制、失败即停。
 ---
 # DooTask 更新流程
 **刚性技能**——前置检查 → 向用户确认一次 → 执行 → 报告结果。任何一步失败立即停止。
 ## 核心原则
 **违反字面规则 = 违反流程精神。** 不要擅自加步骤、绕过 sudo/确认，**尤其不要替用户决定强制更新**（会丢本地改动）。
 `./cmd update` 已封装整套更新（检测本地改动→`git fetch`→必要时备份库→`git pull/reset`→`composer install`→`migrate`→重启 php+nginx→写 `UPDATE_TIME`）。本技能职责是**更新前把关、选对参数、处理本地改动这一关键岔路、执行前确认**。
 ## 前置检查（全部通过才能继续）
 1. **已安装**：必须存在 `vendor/autoload.php`（脚本会查，没装则报"请先执行安装命令"——此时引导用户走 dootask-install）
 2. **工作目录**：在项目根
 3. **当前分支 / 目标分支**：默认更新当前分支；用户要切分支用 `--branch <分支>`。若用户没说，确认是否就更新当前分支
 4. **本地改动**（关键）：`git status` 看是否有未提交改动
 5. **sudo**：`sudo ./cmd update` 需 root
 检查通过后汇报结果，**向用户确认一次**再执行。
 ## 关键岔路：本地有改动
 脚本检测到本地改动时会询问是否强制更新。**强制更新 = `git reset --hard origin/<分支>`，会丢弃所有本地改动。**
 - 发现本地有改动 → **停下**，把改动清单报告用户，让**用户决定**：先提交/暂存改动，还是确认强制更新
 - **不要**替用户选 `--force`
 - 只有用户明确说"丢掉改动强制更新"时，才带 `--force`
 ## 参数选择
 | 参数 | 作用 | 何时用 |
 |------|------|--------|
 | `--branch <分支>` | 切到指定分支再更新 | 用户要换分支（如切 `dev`/`pro`） |
 | `--force` | 强制更新：`git checkout -f` + `git reset --hard` | **危险**：仅用户明确接受"丢弃本地改动"后 |
 | `--local` | 本地更新模式：只备份库 + `migrate` + 重启，不拉远程代码 | 代码已就位（如手动改过/CI 拉过），只需迁移+重启 |
 ## 数据库
 - 远程模式下，脚本检测到 `database/` 目录有迁移变动会**自动备份数据库**再继续——这是脚本内置的，无需手动。
 - 但若是大版本升级或用户在意数据，执行前提醒用户：本次可能含库迁移，已有自动备份兜底；如需可先 `./cmd mysql backup` 额外备份。
 ## 执行
 确认（含本地改动决策）后执行：
 ```shell
 sudo ./cmd update
 # 切分支： sudo ./cmd update --branch pro
 # 强制（丢改动，用户确认后）： sudo ./cmd update --force
 # 本地模式： sudo ./cmd update --local
 ```
 成功后报告：更新到的分支、是否做了库备份/迁移、服务是否重启完成。
 ## 失败处理
 - 任何步骤失败立即停止，原样报告错误
 - **不要**自动重试、不要自动跳过、不要因为 `git pull` 失败就自己改成 `--force`
 - 常见失败：
  - `请先执行安装命令` → 走 dootask-install
  - `代码拉取失败，可能存在冲突` → 报告，让用户决定是否 `--force`（丢改动）或先处理冲突
  - 重启服务失败 → 脚本会尝试 `down` 后重起；若仍失败，报告交用户
 ## 禁止项
 | 错误做法 | 正确做法 |
 |---------|---------|
 | 检测到本地改动就自动 `--force` | 停下，报告改动，交用户决定 |
 | `git pull` 失败就自动改用 `--force` | 报告冲突，交用户 |
 | 不加 sudo | `sudo ./cmd update` |
 | 未装就更新 | 先走 dootask-install |
 | 失败后自动重试/跳过 | 立即停止 |
 ## Red Flags —— 出现这些念头立即停下
 - "有点本地改动，强制更新一下就好了" → 不，`--force` 会丢改动，必须用户拍板
 - "拉取冲突了，我 reset 一下" → 不，交用户决定
 - "已经装过了吧，直接更新" → 先确认 `vendor/autoload.php` 在
--- a/.claude/skills/release/SKILL.md
+++ b/.claude/skills/release/SKILL.md
@ -1,83 +0,0 @@
 ---
 name: release
 description: Use when releasing a new DooTask frontend version from the `pro` branch. Rigid sequential workflow (translate → version → build → commit → push) with strict pre-checks (branch, clean worktree, Node 20+) and per-step user confirmation. Use when user says "发布新版本", "release", "出新版本", "打版本". Stop on any failure; do NOT auto-fix dirty worktree, do NOT add tag step, do NOT use `git add -A`.
 ---
 # DooTask 发布流程
 **刚性技能**——严格按顺序执行，每步向用户确认，任何一步失败立即停止。
 ## 核心原则
 **违反字面规则 = 违反流程精神。** 不要擅自增加、省略、合并或重排步骤。
 ## 前置检查（全部通过才能继续）
 执行任何发布步骤前，依次检查：
 1. **分支**：必须是 `pro`，否则停止，提示用户切换
 2. **工作区**：`git status` 必须干净（无未提交变更、无未跟踪文件），否则**停止**并交由用户处理
 3. **Node.js**：必须 ≥ 20，否则停止
 检查通过后汇报结果，用户确认后再开始执行。
 ## 发布步骤
 **每步执行前**向用户确认；**每步执行后**报告结果。
 ### Step 1: 翻译
 ```shell
 npm run translate
 ```
 更新多语言翻译文件。
 ### Step 2: 版本号
 ```shell
 npm run version
 ```
 更新版本号。
 ### Step 3: 构建前端
 ```shell
 npm run build
 ```
 构建前端生产版本。
 ## 最终：提交并推送
 所有步骤完成后：
 1. 通过 `git diff` + `git status` 汇总所有变更，向用户报告摘要
 2. **询问用户是否提交并推送**
 3. 用户明确确认后才执行 `git add`、`git commit`、`git push`
 4. 未确认一律不执行
 提交规范：
 - 提交信息使用 `release: v<新版本号>`（与历史提交风格一致，参见 `git log --oneline | grep '^release:'`）
 - **只 add 本次发布相关改动**，按文件名显式添加（例如 `git add package.json public/js/...`），**不要用 `git add -A` 或 `git add .`**，以免卷入未跟踪的本地实验文件
 ## 失败处理
 - 任何步骤失败立即停止，报告错误信息
 - **不要**自动重试
 - **不要**自动跳过失败步骤
 - 由用户决定如何处理
 ## 禁止项（基线测试暴露的反模式）
 | 错误做法 | 正确做法 |
 |---------|---------|
 | 遇到脏工作区主动提出修复方案（加 `.gitignore`、先 push 等） | **停下**，报告脏工作区事实，交用户决定 |
 | 增加 `git tag v1.7.xx` 步骤 | DooTask 现行发布流程**不打 tag**，不要擅自添加 |
 | `git add -A` / `git add .` | 按文件名显式添加发布相关改动 |
 | 一次性 add + commit + push，不给确认机会 | 摘要 → 问确认 → 再 add/commit/push 三步分离 |
 | 把 translate/version/build 顺序自作主张调整 | 顺序固定为 translate → version → build |
 | 失败后"我再试一次"或"跳过这步" | 立即停止，交还给用户 |
 ## Red Flags —— 出现这些念头立即停下
 - "这个脏工作区我来帮 TA 搞定一下" → 停下，交用户
 - "顺便打个 tag 吧" → 不，没有这一步
 - "`git add -A` 省事" → 不，显式 add
 - "翻译这步没改动可以跳" → 不，按顺序执行、执行后报告结果即可
 - "一起 commit + push 一气呵成" → 必须先让用户确认
--- a/.github/workflows/ios-publish.yml
+++ b/.github/workflows/ios-publish.yml
@ -5,6 +5,7 @@ name: "iOS Publish"
 #   IOS_CERTIFICATE_BASE64         - Apple distribution certificate (.p12) encoded in base64
 #   IOS_CERTIFICATE_PASSWORD       - Password for the .p12 certificate
 #   IOS_PROVISION_PROFILE_BASE64   - App Store provisioning profile (.mobileprovision) encoded in base64
 #   IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64 - Share extension App Store provisioning profile (.mobileprovision) encoded in base64
 #   ASC_API_KEY_P8_BASE64          - App Store Connect API key (.p8) encoded in base64
 #   ASC_API_KEY_ID                 - App Store Connect API Key ID
 #   ASC_ISSUER_ID                  - App Store Connect Issuer ID
@ -12,10 +13,18 @@ name: "iOS Publish"
 on:
  workflow_dispatch:
 permissions:
  contents: read
 concurrency:
  group: ios-publish-${{ github.ref }}
  cancel-in-progress: false
 jobs:
  prepare-assets:
    name: Prepare iOS Assets
    runs-on: ubuntu-latest
    timeout-minutes: 30
    outputs:
      version: ${{ steps.get-version.outputs.version }}
@ -60,7 +69,8 @@ jobs:
  build-ios:
    name: Build & Submit iOS
    needs: prepare-assets
-    runs-on: macos-15
+    runs-on: macos-26
    timeout-minutes: 60
    environment: build
    steps:
@ -118,37 +128,257 @@ jobs:
      - name: Import provisioning profile
        env:
          IOS_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }}
          IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64 }}
        run: |
-          PROFILE_PATH=$RUNNER_TEMP/profile.mobileprovision
+          set -euo pipefail
-          echo "$IOS_PROVISION_PROFILE_BASE64" | base64 --decode > "$PROFILE_PATH"
+
          APP_PROFILE_PATH=$RUNNER_TEMP/app.mobileprovision
          SHARE_PROFILE_PATH=$RUNNER_TEMP/share-extension.mobileprovision
          APP_PROFILE_PLIST=$RUNNER_TEMP/app-profile.plist
          SHARE_PROFILE_PLIST=$RUNNER_TEMP/share-extension-profile.plist
          echo "$IOS_PROVISION_PROFILE_BASE64" | base64 --decode > "$APP_PROFILE_PATH"
          echo "$IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64" | base64 --decode > "$SHARE_PROFILE_PATH"
          security cms -D -i "$APP_PROFILE_PATH" > "$APP_PROFILE_PLIST"
          security cms -D -i "$SHARE_PROFILE_PATH" > "$SHARE_PROFILE_PLIST"
          APP_PROFILE_NAME=$(/usr/libexec/PlistBuddy -c "Print :Name" "$APP_PROFILE_PLIST")
          SHARE_PROFILE_NAME=$(/usr/libexec/PlistBuddy -c "Print :Name" "$SHARE_PROFILE_PLIST")
          IOS_TEAM_ID=$(/usr/libexec/PlistBuddy -c "Print :TeamIdentifier:0" "$APP_PROFILE_PLIST")
          APP_PROFILE_APP_ID=$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" "$APP_PROFILE_PLIST")
          SHARE_PROFILE_APP_ID=$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" "$SHARE_PROFILE_PLIST")
          if [ "$APP_PROFILE_APP_ID" != "$IOS_TEAM_ID.com.dootask.task" ]; then
            echo "Expected app profile for $IOS_TEAM_ID.com.dootask.task, got $APP_PROFILE_APP_ID"
            exit 1
          fi
          if [ "$SHARE_PROFILE_APP_ID" != "$IOS_TEAM_ID.com.dootask.task.shareExtension" ]; then
            echo "Expected share extension profile for $IOS_TEAM_ID.com.dootask.task.shareExtension, got $SHARE_PROFILE_APP_ID"
            exit 1
          fi
          if ! /usr/libexec/PlistBuddy -c "Print :Entitlements:aps-environment" "$APP_PROFILE_PLIST" >/dev/null; then
            echo "The DooTask app profile must include Push Notifications."
            exit 1
          fi
          if ! /usr/libexec/PlistBuddy -c "Print :Entitlements:com.apple.security.application-groups" "$APP_PROFILE_PLIST" | grep -q "group.im.dootask"; then
            echo "The DooTask app profile must include App Group group.im.dootask."
            exit 1
          fi
          if ! /usr/libexec/PlistBuddy -c "Print :Entitlements:com.apple.security.application-groups" "$SHARE_PROFILE_PLIST" | grep -q "group.im.dootask"; then
            echo "The share extension profile must include App Group group.im.dootask."
            exit 1
          fi
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
-          cp "$PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
+          cp "$APP_PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
          cp "$SHARE_PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
          echo "APP_PROFILE_NAME=$APP_PROFILE_NAME" >> $GITHUB_ENV
          echo "SHARE_PROFILE_NAME=$SHARE_PROFILE_NAME" >> $GITHUB_ENV
          echo "IOS_TEAM_ID=$IOS_TEAM_ID" >> $GITHUB_ENV
      - name: Configure manual signing
        run: |
          set -euo pipefail
          ruby <<'RUBY'
          require 'xcodeproj'
          project_path = 'resources/mobile/platforms/ios/eeuiApp/eeuiApp.xcodeproj'
          project = Xcodeproj::Project.open(project_path)
          {
            'DooTask' => ENV.fetch('APP_PROFILE_NAME'),
            'ShareExtension' => ENV.fetch('SHARE_PROFILE_NAME')
          }.each do |target_name, profile_name|
            target = project.targets.find { |item| item.name == target_name }
            abort "Target #{target_name} not found in #{project_path}" unless target
            target.build_configurations.each do |config|
              next unless config.name == 'Release'
              config.build_settings['CODE_SIGN_STYLE'] = 'Manual'
              config.build_settings['DEVELOPMENT_TEAM'] = ENV.fetch('IOS_TEAM_ID')
              config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Distribution'
              config.build_settings['PROVISIONING_PROFILE_SPECIFIER'] = profile_name
            end
          end
          project.save
          RUBY
      - name: Resolve iOS build number
        env:
          ASC_API_KEY_ID: ${{ secrets.ASC_API_KEY_ID }}
          ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
          ASC_API_KEY_P8_BASE64: ${{ secrets.ASC_API_KEY_P8_BASE64 }}
        run: |
          set -euo pipefail
          ruby <<'RUBY'
          require 'base64'
          require 'json'
          require 'net/http'
          require 'openssl'
          require 'uri'
          BUNDLE_ID = 'com.dootask.task'
          VERSION_CONFIG_PATH = 'resources/mobile/platforms/ios/eeuiApp/Config/Version.xcconfig'
          def base64url(value)
            Base64.urlsafe_encode64(value).delete('=')
          end
          def jwt_es256_signature(private_key, unsigned)
            der_signature = private_key.sign('SHA256', unsigned)
            sequence = OpenSSL::ASN1.decode(der_signature)
            sequence.value.map { |integer|
              integer.value.to_s(2).rjust(32, "\0")[-32, 32]
            }.join
          end
          def asc_token
            key_id = ENV.fetch('ASC_API_KEY_ID')
            issuer_id = ENV.fetch('ASC_ISSUER_ID')
            private_key = OpenSSL::PKey.read(Base64.decode64(ENV.fetch('ASC_API_KEY_P8_BASE64')))
            now = Time.now.to_i
            header = { alg: 'ES256', kid: key_id, typ: 'JWT' }
            payload = {
              iss: issuer_id,
              iat: now,
              exp: now + 20 * 60,
              aud: 'appstoreconnect-v1'
            }
            unsigned = "#{base64url(header.to_json)}.#{base64url(payload.to_json)}"
            signature = jwt_es256_signature(private_key, unsigned)
            "#{unsigned}.#{base64url(signature)}"
          end
          def asc_get(path, params, token)
            uri = URI::HTTPS.build(
              host: 'api.appstoreconnect.apple.com',
              path: path,
              query: URI.encode_www_form(params)
            )
            request_uri = uri
            loop do
              response = Net::HTTP.start(request_uri.host, request_uri.port, use_ssl: true) do |http|
                request = Net::HTTP::Get.new(request_uri)
                request['Authorization'] = "Bearer #{token}"
                http.request(request)
              end
              unless response.is_a?(Net::HTTPSuccess)
                abort "App Store Connect API request failed: #{response.code} #{response.body}"
              end
              parsed = JSON.parse(response.body)
              yield parsed
              next_link = parsed.dig('links', 'next')
              break unless next_link
              request_uri = URI(next_link)
            end
          end
          token = asc_token
          app_id = nil
          asc_get('/v1/apps', { 'filter[bundleId]' => BUNDLE_ID, 'limit' => 1 }, token) do |page|
            app_id = page.fetch('data').first&.fetch('id')
          end
          abort "App Store Connect app not found for bundle id #{BUNDLE_ID}" unless app_id
          existing_versions = []
          asc_get('/v1/builds', {
            'filter[app]' => app_id,
            'fields[builds]' => 'version',
            'limit' => 200
          }, token) do |page|
            existing_versions.concat(
              page.fetch('data').map { |build| build.dig('attributes', 'version').to_s }
            )
          end
          max_build_number = existing_versions
            .select { |version| version.match?(/\A\d+\z/) }
            .map(&:to_i)
            .max || 0
          next_build_number = max_build_number + 1
          config_content = File.exist?(VERSION_CONFIG_PATH) ? File.read(VERSION_CONFIG_PATH) : ''
          if config_content.match?(/^VERSION_CODE\s*=/)
            config_content = config_content.gsub(/^VERSION_CODE\s*=.*$/, "VERSION_CODE = #{next_build_number}")
          else
            config_content = "#{config_content.rstrip}\nVERSION_CODE = #{next_build_number}\n"
          end
          File.write(VERSION_CONFIG_PATH, config_content)
          File.open(ENV.fetch('GITHUB_ENV'), 'a') { |file| file.puts "IOS_BUILD_NUMBER=#{next_build_number}" }
          puts "Latest App Store Connect build number: #{max_build_number}"
          puts "Resolved iOS build number: #{next_build_number}"
          RUBY
      - name: Build archive
        run: |
          set -euo pipefail
          cd resources/mobile/platforms/ios/eeuiApp
          xcodebuild archive \
            -workspace eeuiApp.xcworkspace \
            -scheme eeuiApp \
            -configuration Release \
            -destination "generic/platform=iOS" \
            -archivePath $RUNNER_TEMP/eeuiApp.xcarchive \
            -allowProvisioningUpdates \
            DEVELOPMENT_TEAM=$IOS_TEAM_ID \
            CODE_SIGN_IDENTITY="Apple Distribution" \
            CODE_SIGN_STYLE=Manual \
            | xcpretty
          if [ ! -d "$RUNNER_TEMP/eeuiApp.xcarchive" ]; then
            echo "Archive was not created at $RUNNER_TEMP/eeuiApp.xcarchive"
            exit 1
          fi
      - name: Export IPA
        run: |
          set -euo pipefail
          cd resources/mobile/platforms/ios/eeuiApp
          # Generate ExportOptions.plist
-          cat > $RUNNER_TEMP/ExportOptions.plist << 'PLIST'
+          cat > $RUNNER_TEMP/ExportOptions.plist << PLIST
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0">
          <dict>
              <key>method</key>
              <string>app-store</string>
              <key>signingStyle</key>
              <string>manual</string>
              <key>teamID</key>
              <string>${IOS_TEAM_ID}</string>
              <key>provisioningProfiles</key>
              <dict>
                  <key>com.dootask.task</key>
                  <string>${APP_PROFILE_NAME}</string>
                  <key>com.dootask.task.shareExtension</key>
                  <string>${SHARE_PROFILE_NAME}</string>
              </dict>
              <key>uploadBitcode</key>
              <false/>
              <key>uploadSymbols</key>
@ -170,12 +400,18 @@ jobs:
          ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
          ASC_API_KEY_P8_BASE64: ${{ secrets.ASC_API_KEY_P8_BASE64 }}
        run: |
          set -euo pipefail
          # Prepare API key
          mkdir -p ~/private_keys
          echo "$ASC_API_KEY_P8_BASE64" | base64 --decode > ~/private_keys/AuthKey_${ASC_API_KEY_ID}.p8
          # Find and upload IPA
          IPA_PATH=$(find $RUNNER_TEMP/ipa-output -name "*.ipa" | head -1)
          if [ -z "$IPA_PATH" ]; then
            echo "No IPA file found in $RUNNER_TEMP/ipa-output"
            exit 1
          fi
          echo "Uploading: $IPA_PATH"
          xcrun altool --upload-app \
@ -189,5 +425,8 @@ jobs:
        run: |
          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db 2>/dev/null || true
          rm -f $RUNNER_TEMP/certificate.p12
-          rm -f $RUNNER_TEMP/profile.mobileprovision
+          rm -f $RUNNER_TEMP/app.mobileprovision
          rm -f $RUNNER_TEMP/share-extension.mobileprovision
          rm -f $RUNNER_TEMP/app-profile.plist
          rm -f $RUNNER_TEMP/share-extension-profile.plist
          rm -rf ~/private_keys
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -180,8 +180,11 @@ jobs:
      - name: (Android) Upload File
        if: matrix.build_type == 'android'
        env:
-          UPLOAD_TOKEN: ${{ secrets.UPLOAD_TOKEN }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          UPLOAD_URL: ${{ secrets.UPLOAD_URL }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
          R2_BUCKET: ${{ secrets.R2_BUCKET }}
          R2_PUBLIC_URL: ${{ secrets.R2_PUBLIC_URL }}
        run: |
          node ./electron/build.js android-upload
@ -219,8 +222,11 @@ jobs:
          APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
          CSC_LINK: ${{ secrets.CSC_LINK }}
          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
-          UPLOAD_TOKEN: ${{ secrets.UPLOAD_TOKEN }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          UPLOAD_URL: ${{ secrets.UPLOAD_URL }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
          R2_BUCKET: ${{ secrets.R2_BUCKET }}
          R2_PUBLIC_URL: ${{ secrets.R2_PUBLIC_URL }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_REPOSITORY: ${{ github.repository }}
        run: |
@ -230,8 +236,11 @@ jobs:
      - name: (Windows) Build Client
        if: matrix.build_type == 'windows'
        env:
-          UPLOAD_TOKEN: ${{ secrets.UPLOAD_TOKEN }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          UPLOAD_URL: ${{ secrets.UPLOAD_URL }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
          R2_BUCKET: ${{ secrets.R2_BUCKET }}
          R2_PUBLIC_URL: ${{ secrets.R2_PUBLIC_URL }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_REPOSITORY: ${{ github.repository }}
        shell: bash
@ -264,8 +273,11 @@ jobs:
      - name: Upload Changelog & Publish to Website
        env:
-          UPLOAD_TOKEN: ${{ secrets.UPLOAD_TOKEN }}
+          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
-          UPLOAD_URL: ${{ secrets.UPLOAD_URL }}
+          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
          R2_BUCKET: ${{ secrets.R2_BUCKET }}
          R2_PUBLIC_URL: ${{ secrets.R2_PUBLIC_URL }}
        run: |
          pushd electron || exit
          npm install
--- a/.gitignore
+++ b/.gitignore
@ -7,6 +7,7 @@
 /public/hot
 /public/tmp
 /tmp
 /backup
 # Uploads and user-generated content
 /public/summary
@ -61,3 +62,6 @@ laravels.pid
 # Documentation
 README_LOCAL.md
 # playwright
 .playwright-mcp/
--- a/AGENTS.md
+++ b/AGENTS.md
@ -0,0 +1 @@
 CLAUDE.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,67 @@
 All notable changes to this project will be documented in this file.
 ## [1.7.90]
 ### Features
 - 系统设置新增「创建项目」权限开关，可指定由所有人、部门负责人或特定人员创建项目，未授权时自动隐藏新建入口，管理更清晰。
 - 会员卡片新增「项目与任务」入口，可直接查看该成员参与的项目、待办与已完成任务，团队协作一目了然。
 - 审批详情支持删除已结束的审批，由发起人或管理员清理无用记录更方便。
 - 管理员现在可以设置全员群的群名称，便于统一团队群组的展示。
 ## [1.7.81]
 ### Features
 - 团队管理中可标记成员邮箱认证状态，成员信息更易管理。
 - 系统管理员可在任意群组中设置或取消他人的待办，协作管理更灵活。
 ### Bug Fixes
 - 修复 AI 助手消息推送中发送者身份不完整的问题。
 ### Performance
 - 优化大文件下载方式，下载更稳定、更高效。
 ## [1.7.67]
 ### Features
 - 聊天待办现在可以设置提醒时间，到点会引用原消息并提醒相关人员，避免遗漏重要事项。
 - 团队管理支持管理员创建或批量导入员工账号，并可填写部门、职位等信息，添加成员更方便。
 - 系统设置新增聊天待办权限控制，可限制其他人员设置或取消聊天待办。
 ### Bug Fixes
 - 设置内容没有变化时不再重复保存，减少无效操作，让使用更稳定。
 ### Documentation
 - 补充路由使用限制说明，帮助使用者更清楚地了解规则。
 - 统一回复语言偏好说明，确保整段回复使用简体中文。
 ## [1.7.55]
 ### Features
 - 新增部门负责人只读视角，可查看部门成员的项目和任务，并按可见性设置控制展示范围。
 - 群组、项目和部门支持主负责人 + 副负责人，协作管理更灵活。
 - 新增共享任务模板，支持跨项目使用、搜索和使用统计，复用常用任务更方便。
 - 管理页侧边栏支持拖拽调整宽度，使用不同屏幕时更顺手。
 - 优化任务添加界面，模板浏览和加载提示更清晰。
 - 项目归档设置选择系统默认规则时，会显示对应提示，减少误操作。
 - 聊天消息中的表格显示更稳定，单元格内容不再随意换行。
 - 支持按需调整翻译使用的模型，便于适配不同使用场景。
 ### Bug Fixes
 - 修复权限变更过程中可能出现的可见性或访问异常。
 - 修复 AI 自动分析开关状态判断不准确的问题。
 - 修复用户详情页在部分情况下出现横向滚动的问题。
 - 优化应用发布流程，提升发布稳定性。
 ## [1.7.29]
 ### Features
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -6,10 +6,17 @@ Laravel 8 (LaravelS/Swoole) + Vue 2 (Vite) + Electron。开源任务/项目管
 所有命令通过 `./cmd` 脚本执行（不要直接运行 `php artisan` 等）：
 - `./cmd dev` — 前端开发服务器（Node.js 20+）
 - `./cmd prod` — 构建前端生产版本
 - `./cmd artisan ...` / `./cmd composer ...` / `./cmd php ...` — PHP 相关命令
 ### AI 不要主动执行的命令
 以下命令仅由用户人工触发，AI 不要主动跑——包括"任务完成后 sanity check"、"看下能不能编译"等场景：
 - `./cmd dev` — 用户已自行运行 dev server，改完会自己 reload；AI 再跑会争抢进程
 - `./cmd prod` / `./cmd build` — 发版才用，走 `/release` 流程
 前端代码改动只做 Edit/Write，不要为了"验证"启动 dev server。用户明确说"跑一下 / 出包"时除外。
 ## Gotchas
 ### LaravelS/Swoole
@ -21,7 +28,8 @@ Laravel 8 (LaravelS/Swoole) + Vue 2 (Vite) + Electron。开源任务/项目管
 ### 后端
- **非 REST 路由**：所有 API 通过 `Route::any('api/{resource}/{method}')` 路由到 `InvokeController`，URL 段映射为控制器方法（如 `api/project/lists` → `lists()`，带 action 则用双下划线：`api/project/invite/join` → `invite__join()`）
+- **非 REST 路由**：API 控制器（继承 `InvokeController`）在 `routes/web.php` 按资源注册路由，URL 段映射为控制器方法（如 `api/project/lists` → `lists()`，带 action 则用双下划线：`api/project/invite/join` → `invite__join()`）
  - 路由最多两段：方法名最多一个双下划线（`method__action`），不支持 `method__action__xxx`（无对应路由，访问 404）
 - **响应格式**：统一使用 `Base::retSuccess($msg, $data)` / `Base::retError($msg)`，返回 `{"ret": 1, "msg": "...", "data": {...}}`——不要用 `response()->json()`
 - 业务异常通过 `App\Exceptions\ApiException` 抛出，不要用通用 Exception
 - 模型继承 `AbstractModel`，使用 `Model::createInstance($params)` 创建——不要用 `new Model()` 或 `Model::create()`
@ -41,10 +49,14 @@ Laravel 8 (LaravelS/Swoole) + Vue 2 (Vite) + Electron。开源任务/项目管
 - 新增用户可见文本须追加原文（简体中文）到：前端 `language/original-web.txt`，后端 `language/original-api.txt`（去重）
 - 前端翻译用 `$L("文本")`，动态值用 `(*)` 占位：`$L('共(*)条', n)`——禁止拼接翻译
 ## Playwright 测试
 - Playwright 测试结果放在 `tests/playwright-results/`，包含测试环境、测试用例、结果截图等信息
 ## 交互规范
 - **提问时附带建议**：当需要向用户提问或请求澄清时，应同时提供具体的建议选项或推荐方案，帮助用户快速决策，而非仅抛出开放式问题
 ## 语言偏好
- 技术总结和关键结论优先使用简体中文，除非用户明确要求其他语言
+- 回复一律使用简体中文，除非用户明确要求其他语言
--- a/README.md
+++ b/README.md
@ -22,6 +22,7 @@ English | **[中文文档](./README_CN.md)**
 - Required: `Docker v20.10+` and `Docker Compose v2.0+`
 - Supported Systems: `CentOS/Debian/Ubuntu/macOS` and other Linux/Unix systems
 - Hardware Recommendation: 2+ cores, 4GB+ memory
 - Database: MariaDB (provided by the default Docker Compose `mariadb` service)
 - Special Note: Windows users can install Linux environment using WSL2 before installing DooTask.
 ### Deploy Project
@ -115,13 +116,15 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 After installing the new project, follow these steps to complete migration:
-1、Backup original database
+1、Backup the MariaDB database
 ```bash
 # Run command in the old project
 ./cmd mysql backup
 ```
 > `./cmd mysql` is the CLI subcommand name; backups run against the MariaDB container.
 2、Copy the following files and directories from old project to the same paths in new project
 - `Database backup file`
--- a/README_CN.md
+++ b/README_CN.md
@ -22,6 +22,7 @@
 - 必须安装：`Docker v20.10+` 和 `Docker Compose v2.0+`
 - 支持环境：`Centos/Debian/Ubuntu/macOS` 等 linux/unix 系统
 - 硬件建议：2核4G以上
 - 数据库：MariaDB（默认 Docker Compose 中的 `mariadb` 服务）
 - 特别说明：Windows 可以使用 WSL2 安装 Linux 环境后再安装 DooTask。
 ### 部署项目
@ -115,13 +116,15 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 在新项目安装好之后按照以下步骤完成项目迁移：
-1、备份原数据库
+1、备份 MariaDB 数据库
 ```bash
 # 在旧的项目下执行指令
 ./cmd mysql backup
 ```
 > `./cmd mysql` 为 CLI 子命令名称，实际操作的是 MariaDB 容器。
 2、将旧项目以下文件和目录拷贝至新项目同路径位置
 - `数据库备份文件`
--- a/README_PUBLISH.md
+++ b/README_PUBLISH.md
@ -9,9 +9,9 @@
 ## 发布版本
 > 翻译、版本号、更新日志改由 `dootask-release` 技能完成（见 `.claude/skills/dootask-release/`）。
 ```shell
 npm run translate   # 翻译（可选）
 npm run version     # 生成版本
 npm run build       # 编译前端
 ```
--- a/app/Http/Controllers/Api/ApproveController.php
+++ b/app/Http/Controllers/Api/ApproveController.php
@ -348,6 +348,37 @@ class ApproveController extends AbstractController
        return Base::retSuccess('已撤回', Base::arrayKeyToUnderline($task['data']));
    }
    /**
     * @api {post} api/approve/process/delById 删除审批（流程实例）
     *
     * @apiDescription 需要token身份；仅可删除已结束的审批，且仅发起人或管理员可删
     * @apiVersion 1.0.0
     * @apiGroup approve
     * @apiName process__delById
     *
     * @apiQuery {Number} proc_inst_id          流程实例ID
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
     * @apiSuccess {Object} data    返回数据
     */
    public function process__delById()
    {
        $user = User::auth();
        $data['userid'] = (string)$user->userid;
        $data['proc_inst_id'] = intval(Request::input('proc_inst_id'));
        $data['is_admin'] = $user->isAdmin();
        if ($data['proc_inst_id'] <= 0) {
            return Base::retError('参数错误');
        }
        $ret = Ihttp::ihttp_post($this->flow_url . '/api/v1/workflow/process/delById', json_encode(Base::arrayKeyToCamel($data)));
        $task = json_decode($ret['ret'] == 1 ? $ret['data'] : '{}', true);
        if (!$task || $task['status'] != 200) {
            return Base::retError($task['message'] ?? '删除失败');
        }
        return Base::retSuccess('已删除');
    }
    /**
     * @api {post} api/approve/process/findTask 查询需要我审批的流程（审批中）
     *
--- a/app/Http/Controllers/Api/DialogController.php
+++ b/app/Http/Controllers/Api/DialogController.php
@ -1670,6 +1670,7 @@ class DialogController extends AbstractController
        if (!in_array($botType, [
            'system-msg',
            'task-alert',
            'todo-alert',
            'check-in',
            'approval-alert',
            'meeting-alert',
@ -1715,6 +1716,7 @@ class DialogController extends AbstractController
     * @apiParam {String} text                 消息内容
     * @apiParam {String} [text_type=md]       消息格式：md 或 html
     * @apiParam {String} [silence=no]         是否静默发送：yes/no
     * @apiParam {String} [nickname]           自定义发送者昵称（最多20字，留空则显示"AI 助手"）
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
@ -1729,6 +1731,7 @@ class DialogController extends AbstractController
        $text = trim(Request::input('text'));
        $text_type = strtolower(trim(Request::input('text_type'))) ?: 'md';
        $silence = in_array(strtolower(trim(Request::input('silence'))), ['yes', 'true', '1']);
        $nickname = trim(Request::input('nickname'));
        $markdown = in_array($text_type, ['md', 'markdown']);
        //
        if (empty($dialog_id) && empty($task_id)) {
@ -1740,6 +1743,9 @@ class DialogController extends AbstractController
        if (mb_strlen($text) > 200000) {
            return Base::retError('消息内容最大不能超过200000字');
        }
        if (mb_strlen($nickname) > 20) {
            return Base::retError('发送者昵称最多不能超过20字');
        }
        //
        if ($dialog_id) {
            // Direct dialog mode: verify user is a member
@ -1755,8 +1761,10 @@ class DialogController extends AbstractController
            }
            // 任务可见性校验（与 task__one 一致）
            if ($task->visibility != 1) {
-                $project_userid = ProjectUser::whereProjectId($task->project_id)->whereOwner(1)->value('userid');
+                $projectOwnerids = ProjectUser::whereProjectId($task->project_id)
-                if ($user->userid != $project_userid) {
+                    ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
                    ->pluck('userid')->map(fn($v) => (int)$v)->toArray();
                if (!in_array($user->userid, $projectOwnerids)) {
                    $visibleUserids = array_merge(
                        ProjectTaskUser::whereTaskId($task_id)->pluck('userid')->toArray(),
                        ProjectTaskUser::whereTaskPid($task_id)->pluck('userid')->toArray(),
@ -1784,6 +1792,9 @@ class DialogController extends AbstractController
        if ($markdown) {
            $msgData['type'] = 'md';
        }
        if ($nickname !== '') {
            $msgData['nickname'] = $nickname;
        }
        //
        $result = WebSocketDialogMsg::sendMsg(
            null,
@ -2569,7 +2580,8 @@ class DialogController extends AbstractController
        } else {
            $userids = is_array($userids) ? $userids : [];
        }
-        return $msg->toggleTodoMsg($user->userid, $userids);
+        $remindAt = Request::exists('remind_at') ? (trim(Request::input('remind_at', '')) ?: null) : false;
        return $msg->toggleTodoMsg($user->userid, $userids, $remindAt);
    }
    /**
@ -2602,6 +2614,64 @@ class DialogController extends AbstractController
        return Base::retSuccess('success', $todo ?: []);
    }
    /**
     * @api {post} api/dialog/msg/todoremind 设置/修改/取消待办提醒时间
     *
     * @apiDescription 需要token身份
     * @apiVersion 1.0.0
     * @apiGroup dialog
     * @apiName msg__todoremind
     *
     * @apiParam {Number} msg_id        消息ID
     * @apiParam {Array}  userids       目标成员ID组
     * @apiParam {String} remind_at     提醒时间（空表示取消提醒）
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
     * @apiSuccess {Object} data    返回数据
     */
    public function msg__todoremind()
    {
        $user = User::auth();
        //
        $msg_id = intval(Request::input("msg_id"));
        $userids = Request::input('userids');
        $userids = is_array($userids) ? array_values(array_filter(array_map('intval', $userids))) : [];
        $remindAt = trim(Request::input('remind_at', '')) ?: null;
        //
        $msg = WebSocketDialogMsg::whereId($msg_id)->first();
        if (empty($msg)) {
            return Base::retError("消息不存在或已被删除");
        }
        if (in_array($msg->type, ['tag', 'todo', 'notice'])) {
            return Base::retError('此消息不支持设待办');
        }
        $dialog = WebSocketDialog::checkDialog($msg->dialog_id);
        //
        if (empty($userids)) {
            return Base::retError("请选择成员");
        }
        // 权限管控（与设/取消待办同一开关与放行规则）
        if (Base::settingFind('system', 'todo_set_permission') === 'close') {
            $others = array_diff($userids, [$user->userid]);
            if ($others && !$dialog->checkTodoOwnerPermission($user->userid)) {
                return Base::retError('仅群主、项目/任务负责人或系统管理员可设置或取消他人待办');
            }
        }
        //
        $msg->setTodoRemind($userids, $remindAt);
        //
        $upData = [
            'id' => $msg->id,
            'todo' => $msg->todo,
            'todo_done' => $msg->isTodoDone(true),
            'dialog_id' => $msg->dialog_id,
        ];
        $dialog->pushMsg('update', $upData);
        //
        return Base::retSuccess($remindAt ? '设置成功' : '取消成功', $upData);
    }
    /**
     * @api {get} api/dialog/msg/done 完成待办
     *
@ -2832,7 +2902,10 @@ class DialogController extends AbstractController
                return Base::retError('对话不存在或已被删除', ['dialog_id' => $dialog_id], -4003);
            }
        } else {
-            $dialog = WebSocketDialog::checkDialog($dialog_id, true);
+            $dialog = WebSocketDialog::checkDialog($dialog_id);
            if (!$dialog->isOwner(User::userid())) {
                throw new \App\Exceptions\ApiException('仅群主或群管理员可操作');
            }
        }
        //
        $data = ['id' => $dialog->id];
@ -2843,7 +2916,9 @@ class DialogController extends AbstractController
            $data['avatar'] = Base::fillUrl($array['avatar'] = $avatar);
        }
        $existName = Request::exists('chat_name') || Request::exists('name');
-        if ($existName && $dialog->group_type === 'user') {
+        // 个人群组群主可改名；全员群仅系统管理员可改名
        $canEditName = $dialog->group_type === 'user' || ($dialog->group_type === 'all' && $admin === 1);
        if ($existName && $canEditName) {
            $chatName = trim(Request::input('chat_name') ?: Request::input('name'));
            if (mb_strlen($chatName) < 2) {
                return Base::retError('群名称至少2个字');
@ -2891,7 +2966,11 @@ class DialogController extends AbstractController
            return Base::retError('请选择群成员');
        }
        //
-        $dialog = WebSocketDialog::checkDialog($dialog_id, "auto");
+        $dialog = WebSocketDialog::checkDialog($dialog_id);
        // 有群主时，仅群主/群管理员可邀请；无群主时，任意成员可邀请
        if ($dialog->owner_id > 0 && !$dialog->isOwner($user->userid)) {
            throw new \App\Exceptions\ApiException('仅限群主或群管理员操作');
        }
        //
        $dialog->checkGroup();
        $dialog->joinGroup($userids, $user->userid);
@ -2981,17 +3060,107 @@ class DialogController extends AbstractController
        $dialog = WebSocketDialog::checkDialog($dialog_id, $check_owner);
        //
        $dialog->checkGroup($check_owner ? 'user' : null);
        $oldOwnerId = (int)$dialog->owner_id;
        $dialog->owner_id = $userid;
        if ($dialog->save()) {
            $dialog->joinGroup($userid, 0);
            // 同步 role：原主 role=0、新主 role=1（覆盖即可）
            if ($oldOwnerId > 0 && $oldOwnerId !== (int)$userid) {
                WebSocketDialogUser::where('dialog_id', $dialog->id)
                    ->where('userid', $oldOwnerId)
                    ->update(['role' => 0]);
            }
            WebSocketDialogUser::where('dialog_id', $dialog->id)
                ->where('userid', $userid)
                ->update(['role' => 1]);
            $dialog->pushMsg("groupUpdate", [
                'id' => $dialog->id,
                'owner_id' => $dialog->owner_id,
                'deputy_ids' => $dialog->deputy_ids,
            ]);
        }
        return Base::retSuccess('转让成功');
    }
    /**
     * 任命群管理员（仅群主可操作）
     *
     * @apiParam {Number} dialog_id 群对话ID
     * @apiParam {Number} userid 要任命的群成员 userid
     */
    public function group__adddeputy()
    {
        $user = User::auth();
        $dialog_id = intval(Request::input('dialog_id'));
        $userid = intval(Request::input('userid'));
        if ($userid <= 0) {
            return Base::retError('请选择有效的成员');
        }
        $dialog = WebSocketDialog::checkDialog($dialog_id, true); // checkOwner=true：仅群主
        $dialog->checkGroup('user'); // 仅普通群
        $member = WebSocketDialogUser::where('dialog_id', $dialog->id)
            ->where('userid', $userid)
            ->first();
        if (empty($member)) {
            return Base::retError('该用户不是群成员');
        }
        if ((int)$member->role === 1) {
            return Base::retError('不能将群主任命为群管理员');
        }
        if ((int)$member->role !== 2) {
            $member->role = 2;
            $member->save();
            $dialog->pushMsg('groupUpdate', [
                'id' => $dialog->id,
                'deputy_ids' => $dialog->fresh()->deputy_ids,
            ]);
        }
        return Base::retSuccess('任命成功');
    }
    /**
     * 罢免群管理员（仅群主可操作）
     *
     * @apiParam {Number} dialog_id 群对话ID
     * @apiParam {Number} userid 要罢免的群管理员 userid
     */
    public function group__deldeputy()
    {
        $user = User::auth();
        $dialog_id = intval(Request::input('dialog_id'));
        $userid = intval(Request::input('userid'));
        if ($userid <= 0) {
            return Base::retError('请选择有效的成员');
        }
        $dialog = WebSocketDialog::checkDialog($dialog_id, true);
        $dialog->checkGroup('user');
        $member = WebSocketDialogUser::where('dialog_id', $dialog->id)
            ->where('userid', $userid)
            ->first();
        if (empty($member)) {
            return Base::retSuccess('罢免成功'); // 幂等：本来就不是成员
        }
        if ((int)$member->role === 2) {
            $member->role = 0;
            $member->save();
            $dialog->pushMsg('groupUpdate', [
                'id' => $dialog->id,
                'deputy_ids' => $dialog->fresh()->deputy_ids,
            ]);
        }
        return Base::retSuccess('罢免成功');
    }
    /**
     * @api {get} api/dialog/group/disband 解散群组
     *
--- a/app/Http/Controllers/Api/ProjectController.php
+++ b/app/Http/Controllers/Api/ProjectController.php
@ -46,6 +46,7 @@ use App\Models\ProjectTaskTemplate;
 use App\Models\ProjectTag;
 use App\Models\ProjectTaskRelation;
 use App\Models\ProjectTaskAiEvent;
 use App\Models\UserDepartment;
 use App\Module\AiTaskSuggestion;
 use App\Observers\ProjectTaskObserver;
@ -128,6 +129,7 @@ class ProjectController extends AbstractController
    public function lists()
    {
        $user = User::auth();
        $departmentView = UserDepartment::ownerViewContext($user);
        //
        $all = Request::input('all');
        $type = Request::input('type', 'all');
@ -141,6 +143,9 @@ class ProjectController extends AbstractController
        if ($all) {
            $user->identity('admin');
            $builder = Project::allData();
        } elseif ($departmentView['enabled']) {
            $projectIds = array_values(array_unique(array_merge($departmentView['own_project_ids'], $departmentView['project_ids'])));
            $builder = Project::allData()->whereIn('projects.id', $projectIds);
        } else {
            $builder = Project::authData();
        }
@ -180,8 +185,9 @@ class ProjectController extends AbstractController
            ->orderBy('project_users.sort')
            ->orderByDesc('projects.id')
            ->paginate(Base::getPaginate(100, 50));
-        $list->transform(function (Project $project) use ($getstatistics, $getuserid, $user) {
+        $list->transform(function (Project $project) use ($getstatistics, $getuserid, $user, $departmentView) {
            $array = $project->toArray();
            $array = UserDepartment::appendDepartmentReadonlyProject($array, $departmentView);
            if ($getuserid == 'yes') {
                $array['userid_list'] = ProjectUser::whereProjectId($project->id)->pluck('userid')->toArray();
            }
@ -250,13 +256,15 @@ class ProjectController extends AbstractController
    public function one()
    {
        $user = User::auth();
        $departmentView = UserDepartment::ownerViewContext($user, true);
        //
        $project_id = intval(Request::input('project_id'));
        //
-        $project = Project::userProject($project_id);
+        $project = Project::findForDepartmentView($project_id);
        $data = array_merge($project->toArray(), $project->getTaskStatistics($user->userid), [
            'project_user' => $project->projectUser,
        ]);
        $data = UserDepartment::appendDepartmentReadonlyProject($data, $departmentView);
        //
        return Base::retSuccess('success', $data);
    }
@ -302,6 +310,8 @@ class ProjectController extends AbstractController
     * @apiParam {String} [archive_method]  归档方式
     * @apiParam {Number} [archive_days]    自动归档天数
     * @apiParam {String} [ai_auto_analyze] AI自动分析（open|close）
     * @apiParam {String} [task_template_share] 共享模板（open|close）
     * @apiParam {String} [department_owner_view] 部门负责人视角可见（open|close）
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
@ -317,6 +327,8 @@ class ProjectController extends AbstractController
        $archive_method = Request::input('archive_method');
        $archive_days = intval(Request::input('archive_days'));
        $ai_auto_analyze = Request::input('ai_auto_analyze');
        $task_template_share = Request::input('task_template_share');
        $department_owner_view = Request::input('department_owner_view');
        if (mb_strlen($name) < 2) {
            return Base::retError('项目名称不可以少于2个字');
        } elseif (mb_strlen($name) > 32) {
@ -332,7 +344,7 @@ class ProjectController extends AbstractController
        }
        //
        $project = Project::userProject($project_id, true, true);
-        AbstractModel::transaction(function () use ($archive_days, $archive_method, $ai_auto_analyze, $desc, $name, $project) {
+        AbstractModel::transaction(function () use ($archive_days, $archive_method, $ai_auto_analyze, $task_template_share, $department_owner_view, $desc, $name, $project) {
            if ($project->name != $name) {
                $project->addLog("修改项目名称", [
                    'change' => [$project->name, $name]
@ -364,6 +376,18 @@ class ProjectController extends AbstractController
                ]);
                $project->ai_auto_analyze = $ai_auto_analyze;
            }
            if (in_array($task_template_share, ['open', 'close']) && $project->task_template_share != $task_template_share) {
                $project->addLog("修改共享模板", [
                    'change' => [$project->task_template_share, $task_template_share]
                ]);
                $project->task_template_share = $task_template_share;
            }
            if (in_array($department_owner_view, ['open', 'close']) && $project->department_owner_view != $department_owner_view) {
                $project->addLog("修改负责人视角可见", [
                    'change' => [$project->department_owner_view, $department_owner_view]
                ]);
                $project->department_owner_view = $department_owner_view;
            }
            $project->save();
        });
        $project->pushMsg('update');
@ -372,15 +396,16 @@ class ProjectController extends AbstractController
    }
    /**
-     * @api {get} api/project/user 修改项目成员
+     * @api {post} api/project/user 修改项目成员
     *
     * @apiDescription 需要token身份（限：项目负责人）
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName user
     *
-     * @apiParam {Number} project_id        项目ID
+     * @apiParam {Number}   project_id    项目ID
-     * @apiParam {Number} userid            成员ID 或 成员ID组
+     * @apiParam {Number[]} userid        成员userid数组（最终完整列表）
     * @apiParam {Number[]} [deputy_userid] 项目管理员userid数组（可选，仅负责人有效；必须是 userid 子集）
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
@ -393,6 +418,13 @@ class ProjectController extends AbstractController
        $project_id = intval(Request::input('project_id'));
        $userid = Request::input('userid');
        $userid = is_array($userid) ? $userid : [$userid];
        $userid = array_values(array_unique(array_map('intval', $userid)));
        //
        $deputy_userid = Request::input('deputy_userid');
        if ($deputy_userid !== null) {
            $deputy_userid = is_array($deputy_userid) ? $deputy_userid : [$deputy_userid];
            $deputy_userid = array_values(array_unique(array_map('intval', $deputy_userid)));
        }
        //
        if (count($userid) > 100) {
            return Base::retError('项目人数最多100个');
@ -400,7 +432,45 @@ class ProjectController extends AbstractController
        //
        $project = Project::userProject($project_id, true, true);
        //
-        $deleteUser = AbstractModel::transaction(function() use ($project, $userid) {
+        // 仅负责人可设置项目管理员；项目管理员/其他角色提交 deputy_userid 一律忽略
        $isPrimary = (int)$project->owner === ProjectUser::OWNER_PRIMARY;
        $applyDeputy = $isPrimary && $deputy_userid !== null;
        //
        // 业务闭环：项目必须且只能有一个主负责人，最终成员列表必须包含该负责人
        $primaryOwnerIds = ProjectUser::whereProjectId($project->id)
            ->whereOwner(ProjectUser::OWNER_PRIMARY)
            ->pluck('userid')
            ->map(fn($v) => (int)$v)
            ->toArray();
        if (count($primaryOwnerIds) !== 1) {
            return Base::retError('项目负责人数据异常，请先修复项目负责人');
        }
        $primaryOwnerId = $primaryOwnerIds[0];
        if (!in_array($primaryOwnerId, $userid, true)) {
            return Base::retError('项目成员列表必须包含项目负责人');
        }
        // 项目管理员可以管理普通成员，但不能借成员列表移除其他项目管理员
        if (!$isPrimary) {
            $currentDeputyIds = ProjectUser::whereProjectId($project->id)
                ->whereOwner(ProjectUser::OWNER_DEPUTY)
                ->pluck('userid')
                ->map(fn($v) => (int)$v)
                ->toArray();
            if (!empty(array_diff($currentDeputyIds, $userid))) {
                return Base::retError('项目管理员不能移除项目负责人或项目管理员');
            }
        }
        //
        if ($applyDeputy) {
            if (!empty(array_diff($deputy_userid, $userid))) {
                return Base::retError('项目管理员必须是项目成员');
            }
            if (in_array((int)$project->owner_userid, $deputy_userid, true)) {
                return Base::retError('负责人不能任命为项目管理员');
            }
        }
        //
        $deleteUser = AbstractModel::transaction(function() use ($project, $userid, $applyDeputy, $deputy_userid) {
            $array = [];
            foreach ($userid as $uid) {
                if ($project->joinProject($uid)) {
@ -408,15 +478,37 @@ class ProjectController extends AbstractController
                }
            }
            $deleteRows = ProjectUser::whereProjectId($project->id)->whereNotIn('userid', $array)->get();
-            $deleteUser = $deleteRows->pluck('userid');
+            $deleteUserids = $deleteRows->pluck('userid');
            foreach ($deleteRows as $row) {
                $row->exitProject();
            }
            //
            // 项目管理员 diff（仅负责人有效）
            if ($applyDeputy) {
                $currentDeputies = ProjectUser::whereProjectId($project->id)
                    ->where('owner', ProjectUser::OWNER_DEPUTY)
                    ->pluck('userid')->toArray();
                $toPromote = array_values(array_diff($deputy_userid, $currentDeputies));
                $toDemote = array_values(array_diff($currentDeputies, $deputy_userid));
                if (!empty($toPromote)) {
                    ProjectUser::whereProjectId($project->id)
                        ->whereIn('userid', $toPromote)
                        ->where('owner', ProjectUser::OWNER_MEMBER)
                        ->change(['owner' => ProjectUser::OWNER_DEPUTY]);
                }
                if (!empty($toDemote)) {
                    ProjectUser::whereProjectId($project->id)
                        ->whereIn('userid', $toDemote)
                        ->where('owner', ProjectUser::OWNER_DEPUTY)
                        ->change(['owner' => ProjectUser::OWNER_MEMBER]);
                }
            }
            //
            $project->syncDialogUser();
            $project->addLog("修改项目成员");
            $project->user_simple = count($array) . "|" . implode(",", array_slice($array, 0, 3));
            $project->save();
-            return $deleteUser->toArray();
+            return $deleteUserids->toArray();
        });
        //
        $project->pushMsg('delete', null, $deleteUser);
@ -574,28 +666,138 @@ class ProjectController extends AbstractController
        $project_id = intval(Request::input('project_id'));
        $owner_userid = intval(Request::input('owner_userid'));
        //
-        $project = Project::userProject($project_id, true, true);
+        $project = Project::userProject($project_id, true, 'primary');
        //
        if (!User::whereUserid($owner_userid)->exists()) {
            return Base::retError('成员不存在');
        }
        //
        AbstractModel::transaction(function() use ($owner_userid, $project) {
-            ProjectUser::whereProjectId($project->id)->change(['owner' => 0]);
+            // 仅清除原负责人 owner=1（项目管理员 owner=2 保留）
            ProjectUser::whereProjectId($project->id)
                ->whereOwner(ProjectUser::OWNER_PRIMARY)
                ->change(['owner' => 0]);
            // 设新负责人 owner=1（如新负责人原本是项目管理员，从 2 升为 1）
            ProjectUser::updateInsert([
                'project_id' => $project->id,
                'userid' => $owner_userid,
            ], [
-                'owner' => 1,
+                'owner' => ProjectUser::OWNER_PRIMARY,
            ]);
            // 同步项目群 owner_id
            if ($project->dialog_id > 0) {
                $dialog = WebSocketDialog::find($project->dialog_id);
                if ($dialog) {
                    $dialog->owner_id = $owner_userid;
                    $dialog->save();
                }
            }
            // 同步成员 + role（syncDialogUser 已根据 owner 设置 role）
            $project->syncDialogUser();
            $project->addLog("移交项目给", ['userid' => $owner_userid]);
        });
        //
-        $project->pushMsg('detail');
+        // pushMsg 带 deputy_userids，前端可直接更新项目管理员列表无需重拉
        $project->pushMsg('detail', [
            'owner_userid' => $project->fresh()->owner_userid,
            'deputy_userids' => $project->fresh()->deputy_userids,
        ]);
        return Base::retSuccess('移交成功', ['id' => $project->id]);
    }
    /**
     * @api {post} api/project/adddeputy 任命项目管理员（仅负责人可操作）
     *
     * @apiDescription 需要token身份
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName adddeputy
     *
     * @apiParam {Number} project_id    项目ID
     * @apiParam {Number} userid        要任命的项目成员 userid
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息
     * @apiSuccess {Object} data    返回数据
     */
    public function adddeputy()
    {
        User::auth();
        $project_id = intval(Request::input('project_id'));
        $userid = intval(Request::input('userid'));
        if ($userid <= 0) {
            return Base::retError('请选择有效的成员');
        }
        $project = Project::userProject($project_id, true, 'primary');
        $member = ProjectUser::where('project_id', $project->id)
            ->where('userid', $userid)->first();
        if (!$member) {
            return Base::retError('该用户不是项目成员');
        }
        if ((int)$member->owner === ProjectUser::OWNER_PRIMARY) {
            return Base::retError('不能将负责人任命为项目管理员');
        }
        if ((int)$member->owner !== ProjectUser::OWNER_DEPUTY) {
            AbstractModel::transaction(function() use ($project, $member) {
                $member->owner = ProjectUser::OWNER_DEPUTY;
                $member->save();
                $project->syncDialogUser(); // 同步群 role
                $project->addLog('任命项目管理员', ['userid' => $member->userid]);
            });
            $project->pushMsg('detail', [
                'deputy_userids' => $project->fresh()->deputy_userids,
            ]);
        }
        return Base::retSuccess('任命成功');
    }
    /**
     * @api {post} api/project/deldeputy 罢免项目管理员（仅负责人可操作）
     *
     * @apiDescription 需要token身份
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName deldeputy
     *
     * @apiParam {Number} project_id    项目ID
     * @apiParam {Number} userid        要罢免的项目管理员 userid
     */
    public function deldeputy()
    {
        User::auth();
        $project_id = intval(Request::input('project_id'));
        $userid = intval(Request::input('userid'));
        if ($userid <= 0) {
            return Base::retError('请选择有效的成员');
        }
        $project = Project::userProject($project_id, true, 'primary');
        $member = ProjectUser::where('project_id', $project->id)
            ->where('userid', $userid)->first();
        if (!$member) {
            return Base::retSuccess('罢免成功'); // 幂等：本来就不是成员
        }
        if ((int)$member->owner === ProjectUser::OWNER_DEPUTY) {
            AbstractModel::transaction(function() use ($project, $member) {
                $member->owner = ProjectUser::OWNER_MEMBER;
                $member->save();
                $project->syncDialogUser();
                $project->addLog('罢免项目管理员', ['userid' => $member->userid]);
            });
            $project->pushMsg('detail', [
                'deputy_userids' => $project->fresh()->deputy_userids,
            ]);
        }
        return Base::retSuccess('罢免成功');
    }
    /**
     * @api {post} api/project/sort 排序任务
     *
@ -784,7 +986,7 @@ class ProjectController extends AbstractController
        //
        $project_id = intval(Request::input('project_id'));
        //
-        $project = Project::userProject($project_id, null, true);
+        $project = Project::userProject($project_id, null, 'primary');
        //
        $project->deleteProject();
        return Base::retSuccess('删除成功', ['id' => $project->id]);
@ -813,7 +1015,7 @@ class ProjectController extends AbstractController
        //
        $project_id = intval(Request::input('project_id'));
        // 项目
-        $project = Project::userProject($project_id);
+        $project = Project::findForDepartmentView($project_id);
        //
        $list = ProjectColumn::whereProjectId($project->id)
            ->orderBy('sort')
@ -1044,6 +1246,7 @@ class ProjectController extends AbstractController
    {
        $user = User::auth();
        $userid = $user->userid;
        $departmentView = UserDepartment::ownerViewContext($user, true);
        //
        $parent_id = intval(Request::input('parent_id'));
        $project_id = intval(Request::input('project_id'));
@ -1108,7 +1311,7 @@ class ProjectController extends AbstractController
        if ($parent_id > 0) {
            $isArchived = str_replace(['all', 'yes', 'no'], [null, false, true], $archived);
            $isDeleted = str_replace(['all', 'yes', 'no'], [null, false, true], $deleted);
-            ProjectTask::userTask($parent_id, $isArchived, $isDeleted);
+            ProjectTask::findForDepartmentView($parent_id, $isArchived, $isDeleted);
            $scopeAll = true;
            $archived = 'all';
            $builder->where('project_tasks.parent_id', $parent_id);
@ -1116,17 +1319,23 @@ class ProjectController extends AbstractController
            $builder->where('project_tasks.parent_id', 0);
        }
        if ($project_id > 0) {
-            Project::userProject($project_id);
+            if (!UserDepartment::isDepartmentReadonlyProject($departmentView, $project_id)) {
                Project::userProject($project_id);
            }
            $scopeAll = true;
            $builder->where('project_tasks.project_id', $project_id);
        }
        if (!$scopeAll && $scope === 'all_project') {
            $scopeAll = true;
-            $builder->whereIn('project_tasks.project_id', function ($query) use ($userid) {
+            if ($departmentView['enabled']) {
-                $query->select('project_id')
+                $builder->whereIn('project_tasks.project_id', array_values(array_unique(array_merge($departmentView['own_project_ids'], $departmentView['project_ids']))));
-                    ->from('project_users')
+            } else {
-                    ->where('userid', $userid);
+                $builder->whereIn('project_tasks.project_id', function ($query) use ($userid) {
-            });
+                    $query->select('project_id')
                        ->from('project_users')
                        ->where('userid', $userid);
                });
            }
        }
        if ($scopeAll) {
            $builder->allData();
@ -1194,7 +1403,7 @@ class ProjectController extends AbstractController
        // 任务可见性条件
        $builder->leftJoin('project_users', function ($query) use($userid) {
            $query->on('project_tasks.project_id', '=', 'project_users.project_id');
-            $query->where('project_users.owner', 1);
+            $query->whereIn('project_users.owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY]);
            $query->where('project_users.userid', $userid);
        });
        $builder->leftJoin('project_task_visibility_users', function ($query) use($userid) {
@ -1253,6 +1462,7 @@ class ProjectController extends AbstractController
        $data = $list->toArray();
        // 还原字段
        foreach($data['data'] as &$item){
            $item['department_readonly'] = UserDepartment::isDepartmentReadonlyProject($departmentView, intval($item['project_id']));
            $item['file_num'] = $item['_file_num'] ?: 0;
            $item['msg_num'] = $item['_msg_num'] ?: 0;
            $item['sub_num'] = $item['_sub_num'] ?: 0;
@ -1280,6 +1490,214 @@ class ProjectController extends AbstractController
        return Base::retSuccess('success', $data);
    }
    /**
     * @api {get} api/project/user/projects 会员参与的项目列表
     *
     * @apiDescription 需要token身份。用于会员卡片查看「该会员参与的项目」。
     * 权限：本人 / 系统管理员 / 对该会员具有部门负责人只读视角。
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName user__projects
     *
     * @apiParam {Number} userid            目标会员ID
     * @apiParam {String} [archived]        是否归档（all/yes/no），默认no
     * @apiParam {Object} [keys]            搜索条件（keys.name 项目名称）
     * @apiParam {Number} [page]            当前页，默认1
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
     * @apiSuccess {Object} data    返回数据
     */
    public function user__projects()
    {
        $viewer = User::auth();
        $targetId = intval(Request::input('userid'));
        $context = UserDepartment::userWorksContext($viewer, $targetId);
        if (!$context['allowed']) {
            return Base::retError('没有查看权限');
        }
        $readonly = !$context['is_self'] && !$context['is_admin'];
        //
        $archived = Request::input('archived', 'no');
        $keys = Request::input('keys');
        //
        $builder = Project::select(['projects.*', 'project_users.owner', 'project_users.top_at', 'project_users.sort'])
            ->join('project_users', function ($join) use ($targetId) {
                $join->on('projects.id', '=', 'project_users.project_id')
                    ->where('project_users.userid', '=', $targetId);
            });
        // 部门负责人视角：限定在允许可见的项目集合内
        if ($readonly) {
            $builder->whereIn('projects.id', $context['project_ids'] ?: [0]);
        }
        //
        if ($archived == 'yes') {
            $builder->whereNotNull('projects.archived_at');
        } elseif ($archived == 'no') {
            $builder->whereNull('projects.archived_at');
        }
        if (is_array($keys) && !empty($keys['name'])) {
            $builder->where('projects.name', 'like', "%{$keys['name']}%");
        }
        //
        $list = $builder
            ->orderByDesc('project_users.top_at')
            ->orderBy('project_users.sort')
            ->orderByDesc('projects.id')
            ->paginate(Base::getPaginate(100, 50));
        $list->transform(function (Project $project) use ($targetId, $readonly) {
            $array = $project->toArray();
            $array['department_readonly'] = $readonly;
            $array = array_merge($array, $project->getTaskStatistics($targetId));
            return $array;
        });
        //
        return Base::retSuccess('success', $list);
    }
    /**
     * @api {get} api/project/user/tasks 会员参与的任务列表
     *
     * @apiDescription 需要token身份。用于会员卡片查看「该会员参与的任务」（负责的 / 协作的）。
     * 权限：本人 / 系统管理员 / 对该会员具有部门负责人只读视角。
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName user__tasks
     *
     * @apiParam {Number} userid            目标会员ID
     * @apiParam {Number} [owner]           任务身份筛选：1=负责的，0=协作的，不传=全部
     * @apiParam {Number} [project_id]      仅查询指定项目
     * @apiParam {Object} [keys]            搜索条件（keys.name 任务名称，keys.status completed/uncompleted）
     * @apiParam {Number} [page]            当前页，默认1
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
     * @apiSuccess {Object} data    返回数据
     */
    public function user__tasks()
    {
        $viewer = User::auth();
        $targetId = intval(Request::input('userid'));
        $context = UserDepartment::userWorksContext($viewer, $targetId);
        if (!$context['allowed']) {
            return Base::retError('没有查看权限');
        }
        $readonly = !$context['is_self'] && !$context['is_admin'];
        //
        $owner = Request::input('owner');
        $owner = is_numeric($owner) ? intval($owner) : null;
        $project_id = intval(Request::input('project_id'));
        $keys = Request::input('keys');
        $keys = is_array($keys) ? $keys : [];
        //
        $builder = ProjectTask::with(['taskUser', 'taskTag', 'project:id,name'])
            ->select(['project_tasks.*', 'project_task_users.owner'])
            ->join('project_task_users', function ($join) use ($targetId) {
                $join->on('project_tasks.id', '=', 'project_task_users.task_id')
                    ->where('project_task_users.userid', '=', $targetId);
            });
        if ($owner !== null) {
            $builder->where('project_task_users.owner', $owner);
        }
        // 部门负责人视角：限定可见项目集合，且仅"全员可见"(visibility=1)的任务（与 findForDepartmentView 一致，避免列出打不开的任务）
        if ($readonly) {
            $builder->whereIn('project_tasks.project_id', $context['project_ids'] ?: [0]);
            $builder->where('project_tasks.visibility', 1);
        }
        if ($project_id > 0) {
            $builder->where('project_tasks.project_id', $project_id);
        }
        if (!empty($keys['name'])) {
            $builder->where(function ($query) use ($keys) {
                $query->where('project_tasks.name', 'like', "%{$keys['name']}%")
                    ->orWhere('project_tasks.desc', 'like', "%{$keys['name']}%");
            });
        }
        if (!empty($keys['status'])) {
            if ($keys['status'] == 'completed') {
                $builder->whereNotNull('project_tasks.complete_at');
            } elseif ($keys['status'] == 'uncompleted') {
                $builder->whereNull('project_tasks.complete_at');
            }
        }
        $builder->whereNull('project_tasks.archived_at');
        //
        $list = $builder->orderByDesc('project_tasks.id')->paginate(Base::getPaginate(100, 50));
        $list->transform(function (ProjectTask $task) use ($readonly) {
            $task->setAppends(['today', 'overdue']);
            $array = $task->toArray();
            $array['project_name'] = $array['project']['name'] ?? '';
            $array['department_readonly'] = $readonly;
            unset($array['project']);
            return $array;
        });
        //
        return Base::retSuccess('success', $list);
    }
    /**
     * @api {get} api/project/user/counts 会员参与的项目/任务数量
     *
     * @apiDescription 需要token身份。用于会员卡片「项目与任务」弹窗的 Tab 角标，仅返回数量（轻量）。
     * 权限：本人 / 系统管理员 / 对该会员具有部门负责人只读视角。
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName user__counts
     *
     * @apiParam {Number} userid            目标会员ID
     * @apiParam {Number} [owner]           任务身份筛选：1=负责的，0=协作的，不传=全部（仅影响任务数量）
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
     * @apiSuccess {Object} data    {project, todo, done}
     */
    public function user__counts()
    {
        $viewer = User::auth();
        $targetId = intval(Request::input('userid'));
        $context = UserDepartment::userWorksContext($viewer, $targetId);
        if (!$context['allowed']) {
            return Base::retError('没有查看权限');
        }
        $readonly = !$context['is_self'] && !$context['is_admin'];
        $owner = Request::input('owner');
        $owner = is_numeric($owner) ? intval($owner) : null;
        //
        $projectBuilder = Project::join('project_users', function ($join) use ($targetId) {
                $join->on('projects.id', '=', 'project_users.project_id')
                    ->where('project_users.userid', '=', $targetId);
            })
            ->whereNull('projects.archived_at');
        if ($readonly) {
            $projectBuilder->whereIn('projects.id', $context['project_ids'] ?: [0]);
        }
        $projectCount = $projectBuilder->distinct()->count('projects.id');
        //
        $taskBuilder = function () use ($targetId, $owner, $readonly, $context) {
            $builder = ProjectTask::join('project_task_users', function ($join) use ($targetId) {
                    $join->on('project_tasks.id', '=', 'project_task_users.task_id')
                        ->where('project_task_users.userid', '=', $targetId);
                })
                ->whereNull('project_tasks.archived_at');
            if ($owner !== null) {
                $builder->where('project_task_users.owner', $owner);
            }
            if ($readonly) {
                $builder->whereIn('project_tasks.project_id', $context['project_ids'] ?: [0]);
                $builder->where('project_tasks.visibility', 1);
            }
            return $builder;
        };
        $todoCount = $taskBuilder()->whereNull('project_tasks.complete_at')->count();
        $doneCount = $taskBuilder()->whereNotNull('project_tasks.complete_at')->count();
        //
        return Base::retSuccess('success', [
            'project' => $projectCount,
            'todo' => $todoCount,
            'done' => $doneCount,
        ]);
    }
    /**
     * @api {get} api/project/task/easylists 任务列表-简单的
     *
@ -1832,15 +2250,18 @@ class ProjectController extends AbstractController
    public function task__one()
    {
        $user = User::auth();
        $departmentView = UserDepartment::ownerViewContext($user, true);
        //
        $task_id = intval(Request::input('task_id'));
        $archived = Request::input('archived', 'no');
        //
        $isArchived = str_replace(['all', 'yes', 'no'], [null, false, true], $archived);
-        $task = ProjectTask::userTask($task_id, $isArchived, true, ['taskUser', 'taskTag']);
+        $task = ProjectTask::findForDepartmentView($task_id, $isArchived, true, ['taskUser', 'taskTag']);
        // 项目可见性
-        $project_userid = ProjectUser::whereProjectId($task->project_id)->whereOwner(1)->value('userid');     // 项目负责人
+        $projectOwnerids = ProjectUser::whereProjectId($task->project_id)
-        if ($task->visibility != 1 && $user->userid != $project_userid) {
+            ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
            ->pluck('userid')->map(fn($v) => (int)$v)->toArray();     // 项目负责人（含项目管理员）
        if ($task->visibility != 1 && !in_array($user->userid, $projectOwnerids)) {
            $taskUserids = ProjectTaskUser::whereTaskId($task_id)->pluck('userid')->toArray();                      //任务负责人、协助人
            $subTaskUserids = ProjectTaskUser::whereTaskPid($task_id)->pluck('userid')->toArray();                  //子任务负责人、协助人
            $visibleUserids = ProjectTaskVisibilityUser::whereTaskId($task_id)->pluck('userid')->toArray();         //可见人
@ -1851,6 +2272,7 @@ class ProjectController extends AbstractController
        }
        //
        $data = $task->toArray();
        $data['department_readonly'] = UserDepartment::isDepartmentReadonlyProject($departmentView, intval($task->project_id));
        $data['project_name'] = $task->project?->name;
        $data['column_name'] = $task->projectColumn?->name;
        $data['visibility_appointor'] = $task->visibility == 1 ? [0] : ProjectTaskVisibilityUser::whereTaskId($task_id)->pluck('userid');
@ -1879,7 +2301,7 @@ class ProjectController extends AbstractController
            return Base::retError('参数错误', ['task_id' => $task_id]);
        }
        //
-        $task = ProjectTask::userTask($task_id);
+        $task = ProjectTask::findForDepartmentView($task_id);
        //
        return Base::retSuccess('success', [
            'id' => $task->id,
@ -1911,7 +2333,7 @@ class ProjectController extends AbstractController
            return Base::retError('参数错误', ['task_id' => $task_id]);
        }
-        $task = ProjectTask::userTask($task_id, null);
+        $task = ProjectTask::findForDepartmentView($task_id, null);
        $relations = ProjectTaskRelation::whereTaskId($task->id)
            ->orderByDesc('updated_at')
@ -1929,7 +2351,7 @@ class ProjectController extends AbstractController
        $relatedTasks = [];
        foreach ($relatedTaskIds as $relatedId) {
            try {
-                $relatedTask = ProjectTask::userTask($relatedId, null, true, ['project', 'projectColumn']);
+                $relatedTask = ProjectTask::findForDepartmentView($relatedId, null, true, ['project', 'projectColumn']);
                $flowItemParts = explode('|', $relatedTask->flow_item_name ?: '');
                $flowItemStatus = $flowItemParts[0] ?? '';
@ -2055,7 +2477,7 @@ class ProjectController extends AbstractController
        $task_id = intval(Request::input('task_id'));
        $history_id = intval(Request::input('history_id'));
        //
-        $task = ProjectTask::userTask($task_id, null);
+        $task = ProjectTask::findForDepartmentView($task_id, null);
        //
        if ($history_id > 0) {
            $taskContent = ProjectTaskContent::whereTaskId($task->id)->whereId($history_id)->first();
@ -2095,7 +2517,7 @@ class ProjectController extends AbstractController
        //
        $task_id = intval(Request::input('task_id'));
        //
-        $task = ProjectTask::userTask($task_id, null);
+        $task = ProjectTask::findForDepartmentView($task_id, null);
        //
        $data = ProjectTaskContent::select(['id', 'task_id', 'desc', 'userid', 'created_at'])
            ->whereTaskId($task->id)
@ -2124,7 +2546,7 @@ class ProjectController extends AbstractController
        //
        $task_id = intval(Request::input('task_id'));
        //
-        $task = ProjectTask::userTask($task_id, null);
+        $task = ProjectTask::findForDepartmentView($task_id, null);
        //
        return Base::retSuccess('success', $task->taskFile);
    }
@ -2213,7 +2635,7 @@ class ProjectController extends AbstractController
        $data = $file->toArray();
        $data['path'] = $file->getRawOriginal('path');
        //
-        ProjectTask::userTask($file->task_id, null);
+        ProjectTask::findForDepartmentView($file->task_id, null);
        //
        UserRecentItem::record(
            $user->userid,
@ -2254,7 +2676,7 @@ class ProjectController extends AbstractController
        abort_if(empty($file), 403, "This file not exist.");
        //
        try {
-            ProjectTask::userTask($file->task_id, null);
+            ProjectTask::findForDepartmentView($file->task_id, null);
        } catch (\Throwable $e) {
            abort(403, $e->getMessage() ?: "This file not support download.");
        }
@ -2347,7 +2769,9 @@ class ProjectController extends AbstractController
        if ($data['visibility'] == 1) {
            $data['is_visible'] = 1;
        } else {
-            $projectOwner = ProjectUser::whereProjectId($task->project_id)->whereOwner(1)->pluck('userid')->toArray();  // 项目负责人
+            $projectOwner = ProjectUser::whereProjectId($task->project_id)
                ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
                ->pluck('userid')->toArray();  // 项目负责人（含项目管理员）
            $taskOwnerAndAssists = ProjectTaskUser::select(['userid', 'owner'])->whereTaskId($data['id'])->pluck('userid')->toArray();
            $visibleIds = array_merge($projectOwner, $taskOwnerAndAssists);
            $data['is_visible'] = in_array($user->userid, $visibleIds) ? 1 : 0;
@ -2355,6 +2779,21 @@ class ProjectController extends AbstractController
        $task->pushMsg('add', $data);
        $task->taskPush(null, 0);
        // 应用任务模板使用统计（不影响主流程；非成员、模板已删除或共享模板已关闭时静默忽略）
        $templateId = intval(Request::input('template_id', 0));
        if ($templateId > 0) {
            $tpl = ProjectTaskTemplate::find($templateId);
            if ($tpl) {
                $isMember = ProjectUser::where('project_id', $tpl->project_id)
                    ->where('userid', $user->userid)->exists();
                $shareEnabled = ($project->task_template_share ?: 'open') === 'open';
                if ($isMember && ($tpl->project_id == $project->id || $shareEnabled)) {
                    $tpl->incrementUsage();
                }
            }
        }
        return Base::retSuccess('添加成功', $data);
    }
@ -2398,7 +2837,10 @@ class ProjectController extends AbstractController
        ]);
        $data = ProjectTask::oneTask($task->id);
        $pushUserIds = ProjectTaskUser::whereTaskId($task->id)->pluck('userid')->toArray();
-        $pushUserIds[] = ProjectUser::whereProjectId($task->project_id)->whereOwner(1)->value('userid');
+        $ownerids = ProjectUser::whereProjectId($task->project_id)
            ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
            ->pluck('userid')->toArray();
        $pushUserIds = array_merge($pushUserIds, $ownerids);
        foreach ($pushUserIds as $userId) {
            $task->pushMsg('add', $data, $userId);
        }
@ -3181,7 +3623,7 @@ class ProjectController extends AbstractController
        //
        $project_id = intval(Request::input('project_id'));
        //
-        $project = Project::userProject($project_id, true);
+        $project = Project::findForDepartmentView($project_id, true);
        //
        $list = ProjectFlow::with(['ProjectFlowItem'])->whereProjectId($project->id)->get();
        return Base::retSuccess('success', $list);
@ -3280,10 +3722,10 @@ class ProjectController extends AbstractController
        //
        $builder = ProjectLog::select(["*"]);
        if ($task_id > 0) {
-            $task = ProjectTask::userTask($task_id, null);
+            $task = ProjectTask::findForDepartmentView($task_id, null);
            $builder->whereTaskId($task->id);
        } else {
-            $project = Project::userProject($project_id);
+            $project = Project::findForDepartmentView($project_id);
            $builder->with(['projectTask:id,parent_id,name'])->whereProjectId($project->id)->whereTaskOnly(0);
        }
        //
@ -3455,6 +3897,127 @@ class ProjectController extends AbstractController
        return Base::retSuccess('success', $templates);
    }
    /**
     * @api {get} api/project/task/template_visible 当前用户跨项目可见的全部任务模板
     *
     * @apiDescription 返回当前用户加入的所有项目下的任务模板。当前项目的模板优先排序。
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName task__template_visible
     *
     * @apiParam {Number} [current_project_id]  当前项目 ID（用于排序优先；可空）
     *
     * @apiSuccess {Number} ret  返回状态码（1 正确、0 错误）
     * @apiSuccess {String} msg  返回信息
     * @apiSuccess {Object[]} data 模板列表，每条包含 project_id, project_name, name, title, content, sort, is_default, userid, use_count, last_used_at
     */
    public function task__template_visible()
    {
        $user = User::auth();
        $currentProjectId = intval(Request::input('current_project_id', 0));
        $projectIds = ProjectUser::where('userid', $user->userid)->pluck('project_id');
        $currentProject = $currentProjectId > 0 ? Project::find($currentProjectId) : null;
        if ($currentProject && ($currentProject->task_template_share ?: 'open') === 'close') {
            $projectIds = collect($projectIds)->filter(fn($id) => intval($id) === $currentProjectId)->values();
        }
        $rows = ProjectTaskTemplate::with(['project:id,name'])
            ->whereIn('project_id', $projectIds)
            ->orderByRaw('project_id = ? DESC', [$currentProjectId])
            ->orderBy('sort')
            ->orderBy('id')
            ->get()
            ->map(function ($tpl) {
                return [
                    'id' => $tpl->id,
                    'project_id' => $tpl->project_id,
                    'project_name' => $tpl->project->name ?? '',
                    'name' => $tpl->name,
                    'title' => $tpl->title,
                    'content' => $tpl->content,
                    'sort' => $tpl->sort,
                    'is_default' => $tpl->is_default,
                    'userid' => $tpl->userid,
                    'use_count' => $tpl->use_count,
                    'last_used_at' => $tpl->last_used_at,
                ];
            });
        return Base::retSuccess('success', $rows);
    }
    /**
     * @api {get} api/project/task/template_search  跨项目模板搜索分页
     *
     * @apiDescription "更多"弹层用。返回当前用户跨项目可见模板，支持关键字 + 分页。
     * @apiVersion 1.0.0
     * @apiGroup project
     * @apiName task__template_search
     *
     * @apiParam {String} [keyword]    关键字（在 name/title/content 上模糊匹配）
     * @apiParam {Number} [current_project_id] 当前项目 ID（共享模板关闭时仅返回本项目模板）
     * @apiParam {Number} [page=1]     页码
     * @apiParam {Number} [page_size=20] 每页条数（最大 50）
     *
     * @apiSuccess {Number} ret       返回状态码
     * @apiSuccess {Object} data      含 total / page / page_size / items
     */
    public function task__template_search()
    {
        $user = User::auth();
        $keyword = trim((string) Request::input('keyword', ''));
        $currentProjectId = intval(Request::input('current_project_id', 0));
        $page = max(1, intval(Request::input('page', 1)));
        $pageSize = min(50, max(1, intval(Request::input('page_size', 20))));
        $projectIds = ProjectUser::where('userid', $user->userid)->pluck('project_id');
        $currentProject = $currentProjectId > 0 ? Project::find($currentProjectId) : null;
        if ($currentProject && ($currentProject->task_template_share ?: 'open') === 'close') {
            $projectIds = collect($projectIds)->filter(fn($id) => intval($id) === $currentProjectId)->values();
        }
        $q = ProjectTaskTemplate::with(['project:id,name', 'user:userid,nickname'])
            ->whereIn('project_id', $projectIds);
        if ($keyword !== '') {
            $like = '%' . $keyword . '%';
            $q->where(function ($qq) use ($like) {
                $qq->where('name', 'like', $like)
                    ->orWhere('title', 'like', $like)
                    ->orWhere('content', 'like', $like);
            });
        }
        $total = (clone $q)->count();
        $items = $q->orderByDesc('use_count')
            ->orderByDesc('last_used_at')
            ->orderByDesc('created_at')
            ->forPage($page, $pageSize)
            ->get()
            ->map(function ($tpl) {
                return [
                    'id' => $tpl->id,
                    'project_id' => $tpl->project_id,
                    'project_name' => $tpl->project->name ?? '',
                    'name' => $tpl->name,
                    'title' => $tpl->title,
                    'content' => $tpl->content,
                    'use_count' => $tpl->use_count,
                    'userid' => $tpl->userid,
                    'user_name' => $tpl->user->nickname ?? '',
                    'last_used_at' => $tpl->last_used_at,
                ];
            });
        return Base::retSuccess('success', [
            'total' => $total,
            'page' => $page,
            'page_size' => $pageSize,
            'items' => $items,
        ]);
    }
    /**
     * @api {post} api/project/task/template_save 保存任务模板
     *
--- a/app/Http/Controllers/Api/SystemController.php
+++ b/app/Http/Controllers/Api/SystemController.php
@ -69,6 +69,8 @@ class SystemController extends AbstractController
                    'login_code',
                    'password_policy',
                    'project_invite',
                    'project_add_permission',
                    'project_add_userids',
                    'chat_information',
                    'anon_message',
                    'convert_video',
@ -94,6 +96,8 @@ class SystemController extends AbstractController
                    'unclaimed_task_reminder',
                    'unclaimed_task_reminder_time',
                    'task_ai_auto_analyze',
                    'department_owner_project_view',
                    'todo_set_permission',
                ])) {
                    unset($all[$key]);
                }
@ -141,6 +145,7 @@ class SystemController extends AbstractController
        $setting['archived_day'] = floatval($setting['archived_day']) ?: 7;
        $setting['task_visible'] = $setting['task_visible'] ?: 'close';
        $setting['all_group_mute'] = $setting['all_group_mute'] ?: 'open';
        $setting['todo_set_permission'] = $setting['todo_set_permission'] ?: 'open';
        $setting['all_group_autoin'] = $setting['all_group_autoin'] ?: 'yes';
        $setting['user_private_chat_mute'] = $setting['user_private_chat_mute'] ?: 'open';
        $setting['user_group_chat_mute'] = $setting['user_group_chat_mute'] ?: 'open';
@ -148,8 +153,13 @@ class SystemController extends AbstractController
        $setting['unclaimed_task_reminder'] = $setting['unclaimed_task_reminder'] ?: 'close';
        $setting['unclaimed_task_reminder_time'] = $setting['unclaimed_task_reminder_time'] ?: '';
        $setting['task_ai_auto_analyze'] = $setting['task_ai_auto_analyze'] ?: 'open';
        $setting['department_owner_project_view'] = $setting['department_owner_project_view'] ?: 'close';
        $setting['server_timezone'] = config('app.timezone');
        $setting['server_version'] = Base::getVersion();
        // 指定人员名单仅管理员可见
        if ($type != 'all' && $type != 'save') {
            unset($setting['project_add_userids']);
        }
        //
        return Base::retSuccess($type == 'save' ? '保存成功' : 'success', $setting ?: json_decode('{}'));
    }
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@ -41,6 +41,9 @@ use Illuminate\Support\Facades\DB;
 use App\Models\UserEmailVerification;
 use App\Module\AgoraIO\AgoraTokenGenerator;
 use Swoole\Coroutine;
 use App\Module\UserImport;
 use App\Module\UserImportTemplate;
 use Maatwebsite\Excel\Facades\Excel;
 /**
 * @apiDefine users
@ -404,9 +407,22 @@ class UsersController extends AbstractController
        $data['nickname_original'] = $user->getRawOriginal('nickname');
        $data['department_name'] = $user->getDepartmentName();
        $data['department_owner'] = UserDepartment::where('parent_id',0)->where('owner_userid', $user->userid)->exists(); // 适用默认部门下第1级负责人才能添加部门OKR
        $data['managed_departments'] = UserDepartment::getManagedDepartments($user->userid)->toArray();
        return Base::retSuccess('success', $data);
    }
    /**
     * @api {get} api/users/info/managed_departments 获取我可切换负责人视角的部门列表
     */
    public function info__managed_departments()
    {
        $user = User::auth();
        if (Base::settingFind('system', 'department_owner_project_view', 'close') !== 'open') {
            return Base::retSuccess('success', []);
        }
        return Base::retSuccess('success', UserDepartment::getManagedDepartments($user->userid));
    }
    /**
     * @api {get} api/users/info/departments 获取我的部门列表
     *
@ -868,7 +884,8 @@ class UsersController extends AbstractController
     */
    public function extra()
    {
-        $user = User::auth();
+        $viewer = User::auth();
        $user = $viewer;
        //
        $userid = intval(Request::input('userid'));
        if ($userid <= 0) {
@ -903,6 +920,8 @@ class UsersController extends AbstractController
        $tagMeta = UserTag::listWithMeta($userid, $user);
        $worksContext = UserDepartment::userWorksContext($viewer, $userid);
        $data = [
            'userid' => $userid,
            'birthday' => $birthday,
@ -910,6 +929,7 @@ class UsersController extends AbstractController
            'introduction' => $introduction,
            'personal_tags' => $tagMeta['top'],
            'personal_tags_total' => $tagMeta['total'],
            'works_visible' => $worksContext['allowed'],
        ];
        return Base::retSuccess('success', $data);
@ -1078,6 +1098,8 @@ class UsersController extends AbstractController
     * - clearadmin           取消管理员
     * - settemp              设为临时帐号
     * - cleartemp            取消临时身份（取消临时帐号）
     * - setverity            标记邮箱为已认证
     * - clearverity          标记邮箱为未认证
     * - checkin_macs         修改自动签到mac地址（需要参数 checkin_macs）
     * - checkin_face         修改签到人脸图片（需要参数 checkin_face）
     * - department           修改部门（需要参数 department）
@ -1141,6 +1163,16 @@ class UsersController extends AbstractController
                $upArray['identity'] = array_diff($userInfo->identity, ['temp']);
                break;
            case 'setverity':
                $msg = '设置成功';
                $upArray['email_verity'] = 1;
                break;
            case 'clearverity':
                $msg = '取消成功';
                $upArray['email_verity'] = 0;
                break;
            case 'checkin_macs':
                $list = is_array($data['checkin_macs']) ? $data['checkin_macs'] : [];
                $array = [];
@ -1250,7 +1282,7 @@ class UsersController extends AbstractController
            User::passwordPolicy($password);
            $upArray['encrypt'] = Base::generatePassword(6);
            $upArray['password'] = Doo::md5s($password, $upArray['encrypt']);
-            $upArray['changepass'] = 1;
+            $upArray['changepass'] = intval($data['changepass'] ?? 1) === 1 ? 1 : 0;
            $upLdap['userPassword'] = $password;
        }
        // 昵称
@ -1327,6 +1359,101 @@ class UsersController extends AbstractController
        return Base::retSuccess($msg, $userInfo);
    }
    /**
     * @api {post} api/users/createuser 创建用户（管理员）
     *
     * @apiDescription 需要token身份（管理员）
     * @apiVersion 1.0.0
     * @apiGroup users
     * @apiName createuser
     *
     * @apiParam {String} email     邮箱
     * @apiParam {String} password  初始密码
     * @apiParam {String} nickname  昵称
     * @apiParam {Number} [email_verity] 是否标记邮箱为已认证（1是、0否，默认1）
     * @apiParam {String} [profession]  职位/职称（可选，2-20字）
     * @apiParam {Array}  [department]   部门ID列表（可选，最多10个）
     */
    public function createuser()
    {
        User::auth('admin');
        $email = trim(Request::input('email'));
        $password = trim(Request::input('password'));
        $nickname = trim(Request::input('nickname'));
        $changePass = intval(Request::input('changepass', 1)) === 1;
        $emailVerity = intval(Request::input('email_verity', 1)) === 1;
        $profession = trim((string)Request::input('profession', ''));
        $department = Request::input('department', []);
        $user = User::createByAdmin($email, $password, $nickname, [
            'changePass' => $changePass,
            'emailVerity' => $emailVerity,
            'profession' => $profession,
            'department' => is_array($department) ? $department : [],
        ]);
        return Base::retSuccess('创建成功', $user);
    }
    /**
     * @api {post} api/users/import/preview 批量导入预览（管理员）
     *
     * @apiDescription 需要token身份（管理员）。上传 Excel/CSV（列顺序：邮箱、昵称、初始密码、职位(选填)），仅解析+校验、不创建账号
     * @apiVersion 1.0.0
     * @apiGroup users
     * @apiName import__preview
     */
    public function import__preview()
    {
        User::auth('admin');
        $file = Request::file('file');
        if (empty($file)) {
            return Base::retError('请选择文件');
        }
        $ext = strtolower($file->getClientOriginalExtension());
        if (!in_array($ext, ['xls', 'xlsx', 'csv'])) {
            return Base::retError('仅支持 xls/xlsx/csv 文件');
        }
        $sheets = Excel::toArray(new UserImport, $file);
        $sheet = $sheets[0] ?? [];
        $rows = User::parseImportRows($sheet);
        if (empty($rows)) {
            return Base::retError('文件中没有可导入的数据');
        }
        return Base::retSuccess('解析完成', User::importPreview($rows));
    }
    /**
     * @api {post} api/users/import 批量导入用户（管理员）
     *
     * @apiDescription 需要token身份（管理员）。提交预览确认后的行数据 rows（每行 {email,nickname,password,profession}，可选 department[]、email_verity(1已认证/0未认证，默认0)）进行创建
     * @apiVersion 1.0.0
     * @apiGroup users
     * @apiName import
     */
    public function import()
    {
        User::auth('admin');
        $rows = Request::input('rows');
        if (!is_array($rows) || empty($rows)) {
            return Base::retError('没有可导入的数据');
        }
        $changePass = intval(Request::input('changepass', 1)) === 1;
        $result = User::importUsers($rows, $changePass);
        return Base::retSuccess('导入完成', $result);
    }
    /**
     * @api {get} api/users/import/template 下载批量导入模板（管理员）
     *
     * @apiVersion 1.0.0
     * @apiGroup users
     * @apiName import__template
     */
    public function import__template()
    {
        User::auth('admin');
        return Excel::download(new UserImportTemplate, 'user_import_template.xlsx');
    }
    /**
     * @api {get} api/users/email/verification 邮箱验证
     *
@ -2145,6 +2272,65 @@ class UsersController extends AbstractController
        return Base::retSuccess($id > 0 ? '保存成功' : '新建成功');
    }
    /**
     * @api {post} api/users/department/adddeputy 任命部门管理员（限管理员）
     *
     * @apiDescription 需要token身份
     * @apiVersion 1.0.0
     * @apiGroup users
     * @apiName department__adddeputy
     *
     * @apiParam {Number} id          部门 id
     * @apiParam {Number} userid      部门管理员 userid
     *
     * @apiSuccess {Number} ret     返回状态码（1正确、0错误）
     * @apiSuccess {String} msg     返回信息（错误描述）
     */
    public function department__adddeputy()
    {
        User::auth('admin');
        $id = intval(Request::input('id'));
        $userid = intval(Request::input('userid'));
        $dept = UserDepartment::find($id);
        if (empty($dept)) {
            return Base::retError('部门不存在或已被删除');
        }
        // ApiException 由框架统一捕获并 retError 转换
        $dept->addDeputy($userid);
        Cache::forever("UserDepartment::rand", Base::generatePassword());
        return Base::retSuccess('任命成功');
    }
    /**
     * @api {post} api/users/department/deldeputy 罢免部门管理员（限管理员）
     *
     * @apiDescription 需要token身份
     * @apiVersion 1.0.0
     * @apiGroup users
     * @apiName department__deldeputy
     *
     * @apiParam {Number} id          部门 id
     * @apiParam {Number} userid      要罢免的部门管理员 userid
     */
    public function department__deldeputy()
    {
        User::auth('admin');
        $id = intval(Request::input('id'));
        $userid = intval(Request::input('userid'));
        $dept = UserDepartment::find($id);
        if (empty($dept)) {
            return Base::retError('部门不存在或已被删除');
        }
        $dept->delDeputy($userid);
        Cache::forever("UserDepartment::rand", Base::generatePassword());
        return Base::retSuccess('罢免成功');
    }
    /**
     * @api {get} api/users/department/del 删除部门（限管理员）
     *
@ -3213,7 +3399,7 @@ class UsersController extends AbstractController
            return Base::retError('参数错误');
        }
        //
-        ProjectTask::userTask($task_id, null, null);
+        ProjectTask::findForDepartmentView($task_id, null, null);
        //
        UserTaskBrowse::recordBrowse($user->userid, $task_id);
        //
--- a/app/Http/Controllers/IndexController.php
+++ b/app/Http/Controllers/IndexController.php
@ -23,6 +23,7 @@ use App\Tasks\CheckinRemindTask;
 use App\Tasks\CloseMeetingRoomTask;
 use App\Tasks\ManticoreSyncTask;
 use App\Tasks\UnclaimedTaskRemindTask;
 use App\Tasks\TodoRemindTask;
 use App\Tasks\AiTaskLoopTask;
 use Hhxsv5\LaravelS\Swoole\Task\Task;
 use Laravolt\Avatar\Avatar;
@ -270,6 +271,8 @@ class IndexController extends InvokeController
        Task::deliver(new JokeSoupTask());
        // 未领取任务通知
        Task::deliver(new UnclaimedTaskRemindTask());
        // 待办提醒
        Task::deliver(new TodoRemindTask());
        // 关闭会议室
        Task::deliver(new CloseMeetingRoomTask());
        // Manticore Search 同步
--- a/app/Http/Middleware/TrustProxies.php
+++ b/app/Http/Middleware/TrustProxies.php
@ -10,14 +10,19 @@ class TrustProxies extends Middleware
    /**
     * The trusted proxies for this application.
     *
     * PHP（Swoole）只在内网被 nginx 访问，外部无法直连，故信任内网代理。
     *
     * @var array|string|null
     */
-    protected $proxies;
+    protected $proxies = '*';
    /**
     * The headers that should be used to detect proxies.
     *
     * 只采信 X-Forwarded-Proto：nginx 已用 $the_scheme 覆盖该头（值由 nginx 控制），
     * 据此让 url() 实时跟随 https；host/for 一律不信，避免 Host 注入与 IP 伪造。
     *
     * @var int
     */
-    protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;
+    protected $headers = Request::HEADER_X_FORWARDED_PROTO;
 }
--- a/app/Http/Middleware/WebApi.php
+++ b/app/Http/Middleware/WebApi.php
@ -25,14 +25,6 @@ class WebApi
        RequestContext::set('start_time', microtime(true));
        RequestContext::set('header_language', $request->header('language'));
        // 强制 https
        $APP_SCHEME = env('APP_SCHEME', 'auto');
        if (in_array(strtolower($APP_SCHEME), ['https', 'on', 'ssl', '1', 'true', 'yes'], true)) {
            $request->server->set('HTTPS', 'on');
            $request->headers->set('X-Forwarded-Proto', 'https');
            $request->setTrustedProxies([$request->getClientIp()], $request::HEADER_X_FORWARDED_PROTO);
        }
        // 更新请求的基本URL
        RequestContext::updateBaseUrl($request);
--- a/app/Models/AbstractModel.php
+++ b/app/Models/AbstractModel.php
@ -20,9 +20,7 @@ use Illuminate\Support\Facades\DB;
 * @method static \Illuminate\Database\Eloquent\Model|object|static|null cancelAppend()
 * @method static \Illuminate\Database\Eloquent\Model|object|static|null cancelHidden()
 * @method static \Illuminate\Database\Eloquent\Builder|static with($relations)
- * @method static \Illuminate\Database\Query\Builder|static select($columns = [])
+ * @method static \Illuminate\Pagination\LengthAwarePaginator paginate(callable $callback)
 * @method static \Illuminate\Database\Query\Builder|static whereIn($column, $values, $boolean = 'and', $not = false)
 * @method static \Illuminate\Database\Query\Builder|static whereNotIn($column, $values, $boolean = 'and')
 * @method int change(array $array)
 * @method int remove()
 * @mixin \Eloquent
@ -53,6 +51,8 @@ class AbstractModel extends Model
        'read_at',
        'done_at',
        'remind_at',
        'reminded_at',
        'created_at',
        'updated_at',
--- a/app/Models/Project.php
+++ b/app/Models/Project.php
@ -22,6 +22,9 @@ use Request;
 * @property int|null $personal 是否个人项目
 * @property string|null $archive_method 自动归档方式
 * @property int|null $archive_days 自动归档天数
 * @property string|null $ai_auto_analyze AI自动分析
 * @property string|null $task_template_share 共享模板开关
 * @property string|null $department_owner_view 部门负责人视角可见开关
 * @property string|null $user_simple 成员总数|1,2,3
 * @property int|null $dialog_id 聊天会话ID
 * @property \Illuminate\Support\Carbon|null $archived_at 归档时间
@ -77,6 +80,7 @@ class Project extends AbstractModel
    protected $appends = [
        'owner_userid',
        'deputy_userids',
    ];
    /**
@ -92,6 +96,58 @@ class Project extends AbstractModel
        return $this->appendattrs['owner_userid'];
    }
    /**
     * 项目管理员 userid 列表
     * @return array
     */
    public function getDeputyUseridsAttribute(): array
    {
        if (empty($this->id)) {
            return [];
        }
        return ProjectUser::whereProjectId($this->id)
            ->whereOwner(ProjectUser::OWNER_DEPUTY)
            ->pluck('userid')
            ->map(fn($v) => (int)$v)
            ->toArray();
    }
    /**
     * 是否项目负责人（与 project_users.owner=1 一致）
     */
    public function isPrimaryOwner($userid): bool
    {
        if (empty($this->id) || $userid <= 0) {
            return false;
        }
        return ProjectUser::whereProjectId($this->id)
            ->whereUserid($userid)
            ->whereOwner(ProjectUser::OWNER_PRIMARY)
            ->exists();
    }
    /**
     * 是否项目管理员（与 project_users.owner=2 一致）
     */
    public function isDeputyOwner($userid): bool
    {
        if (empty($this->id) || $userid <= 0) {
            return false;
        }
        return ProjectUser::whereProjectId($this->id)
            ->whereUserid($userid)
            ->whereOwner(ProjectUser::OWNER_DEPUTY)
            ->exists();
    }
    /**
     * 是否负责人（含项目管理员）
     */
    public function isOwner($userid): bool
    {
        return $this->isPrimaryOwner($userid) || $this->isDeputyOwner($userid);
    }
    /**
     * @return \Illuminate\Database\Eloquent\Relations\HasMany
     */
@ -227,21 +283,40 @@ class Project extends AbstractModel
            return;
        }
        AbstractModel::transaction(function() {
-            $userids = $this->relationUserids();
+            // 拉所有项目成员 + 各自 owner 值
            $userOwnerMap = ProjectUser::whereProjectId($this->id)
                ->pluck('owner', 'userid');
            $userids = $userOwnerMap->keys()->map(fn($v) => (int)$v)->toArray();
            foreach ($userids as $userid) {
                $owner = (int)$userOwnerMap[$userid];
                // 巧合：编码完全一致 owner 0/1/2 → role 0/1/2
                $role = $owner;
                WebSocketDialogUser::updateInsert([
                    'dialog_id' => $this->dialog_id,
                    'userid' => $userid,
                ], [
-                    'important' => 1
+                    'important' => 1,
-                ], function () use ($userid) {
+                    'role' => $role,
                ], function () use ($userid, $role) {
                    return [
                        'important' => 1,
                        'role' => $role,
                        'bot' => User::isBot($userid) ? 1 : 0,
                    ];
                });
            }
-            WebSocketDialogUser::whereDialogId($this->dialog_id)->whereNotIn('userid', $userids)->whereImportant(1)->remove();
+            WebSocketDialogUser::whereDialogId($this->dialog_id)
                ->whereNotIn('userid', $userids)
                ->whereImportant(1)
                ->remove();
            // 同步 dialog.owner_id 到主负责人（owner=1）：前端「群主」标签依赖此字段，
            // 必须随项目主负责人变更（含用户离职转移）一起刷新，否则会显示已离职用户
            $primaryUserid = $userOwnerMap->search(ProjectUser::OWNER_PRIMARY);
            if ($primaryUserid !== false && (int)$primaryUserid > 0) {
                WebSocketDialog::whereId($this->dialog_id)
                    ->where('owner_id', '!=', (int)$primaryUserid)
                    ->update(['owner_id' => (int)$primaryUserid]);
            }
        });
    }
@ -378,7 +453,7 @@ class Project extends AbstractModel
        // 处理所有者权限
        if (isset($data['owner'])) {
            $owners = ProjectUser::whereProjectId($data['id'])
-                ->whereOwner(1)
+                ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
                ->pluck('userid')
                ->toArray();
            $recipients = [
@ -530,6 +605,38 @@ class Project extends AbstractModel
        });
    }
    /**
     * 判断用户是否有权限创建项目（依据系统设置「项目创建权限」）
     * @param int $userid
     * @return bool
     */
    public static function userCanCreate($userid)
    {
        // 范围已在 Setting::getSettingAttribute() 归一化（默认 ['all']）
        $modes = Base::settingFind('system', 'project_add_permission', ['all']);
        // 「所有人」：放行（与具体用户无关，避免未携带身份时被误判为无权）
        if (in_array('all', $modes)) {
            return true;
        }
        $user = User::find(intval($userid));
        if (empty($user)) {
            return false;
        }
        // 系统管理员始终可创建项目（不受开关限制）
        if ($user->isAdmin()) {
            return true;
        }
        // 部门负责人/部门管理员
        if (in_array('departmentOwner', $modes) && UserDepartment::getManagedDepartments($user->userid)->isNotEmpty()) {
            return true;
        }
        // 指定人员
        if (in_array('appoint', $modes)) {
            return in_array($user->userid, Base::settingFind('system', 'project_add_userids', []));
        }
        return false;
    }
    /**
     * 创建项目
     * @param $params
@ -546,6 +653,10 @@ class Project extends AbstractModel
        $desc = trim(Arr::get($params, 'desc', ''));
        $flow = trim(Arr::get($params, 'flow', 'close'));
        $isPersonal = intval(Arr::get($params, 'personal'));
        // 个人项目为系统自动创建，不受创建权限限制
        if (!$isPersonal && !self::userCanCreate($userid)) {
            return Base::retError('当前仅指定人员可以创建项目');
        }
        if (mb_strlen($name) < 2) {
            return Base::retError('项目名称不可以少于2个字');
        } elseif (mb_strlen($name) > 32) {
@ -599,7 +710,7 @@ class Project extends AbstractModel
                $column['project_id'] = $project->id;
                ProjectColumn::createInstance($column)->save();
            }
-            $dialog = WebSocketDialog::createGroup($project->name, $project->userid, 'project');
+            $dialog = WebSocketDialog::createGroup($project->name, $project->userid, 'project', $project->userid);
            if (empty($dialog)) {
                throw new ApiException('创建项目聊天室失败');
            }
@ -621,7 +732,9 @@ class Project extends AbstractModel
     * 获取项目信息（用于判断会员是否存在项目内）
     * @param int $project_id
     * @param null|bool $archived true:仅限未归档, false:仅限已归档, null:不限制
-     * @param null|bool $mustOwner true:仅限项目负责人, false:仅限非项目负责人, null:不限制
+     * @param null|bool|string $mustOwner true:负责人或项目管理员都可（共享操作）；
     *                                    'primary':仅负责人（转让/删除/任命项目管理员等独占操作）；
     *                                    false:仅限非负责人；null:不限制
     * @return self
     */
    public static function userProject($project_id, $archived = true, $mustOwner = null)
@ -639,9 +752,39 @@ class Project extends AbstractModel
        if ($mustOwner === true && !$project->owner) {
            throw new ApiException('仅限项目负责人操作', [ 'project_id' => $project_id ]);
        }
        if ($mustOwner === 'primary' && (int)$project->owner !== 1) {
            throw new ApiException('仅限项目负责人操作', [ 'project_id' => $project_id ]);
        }
        if ($mustOwner === false && $project->owner) {
            throw new ApiException('禁止项目负责人操作', [ 'project_id' => $project_id ]);
        }
        return $project;
    }
    /**
     * 获取项目（含部门负责人只读视角兜底）
     * @param int $project_id
     * @param null|bool $archived true:仅限未归档, false:仅限已归档, null:不限制
     * @param null|bool|string $mustOwner 仅限 null 时尝试部门只读视角
     * @return self
     */
    public static function findForDepartmentView($project_id, $archived = true, $mustOwner = null)
    {
        $user = User::auth();
        $departmentView = UserDepartment::ownerViewContext($user, true);
        if (UserDepartment::isDepartmentReadonlyProject($departmentView, intval($project_id)) && $mustOwner === null) {
            $project = self::allData()->where('projects.id', intval($project_id))->first();
            if (empty($project)) {
                throw new ApiException('项目不存在或已被删除', [ 'project_id' => $project_id ], -4001);
            }
            if ($archived === true && $project->archived_at != null) {
                throw new ApiException('项目已归档', [ 'project_id' => $project_id ], -4001);
            }
            if ($archived === false && $project->archived_at == null) {
                throw new ApiException('项目未归档', [ 'project_id' => $project_id ]);
            }
            return $project;
        }
        return self::userProject($project_id, $archived, $mustOwner);
    }
 }
--- a/app/Models/ProjectTask.php
+++ b/app/Models/ProjectTask.php
@ -1991,7 +1991,9 @@ class ProjectTask extends AbstractModel
            'dialog_id' => $this->dialog_id,
        ];
        //
-        $projectOwnerids = ProjectUser::whereProjectId($this->project_id)->whereOwner(1)->pluck('userid')->toArray();  // 项目负责人
+        $projectOwnerids = ProjectUser::whereProjectId($this->project_id)
            ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
            ->pluck('userid')->toArray();  // 项目负责人（含项目管理员）
        //
        $array = [];
        if (empty($userids)) {
@ -2256,6 +2258,40 @@ class ProjectTask extends AbstractModel
        return $task;
    }
    /**
     * 获取任务（含部门负责人只读视角兜底）
     * @param int $task_id
     * @param null|bool $archived true:仅限未归档, false:仅限已归档, null:不限制
     * @param null|bool $trashed true:仅限未删除, false:仅限已删除, null:不限制
     * @param array $with
     * @return self
     */
    public static function findForDepartmentView($task_id, $archived = true, $trashed = true, $with = [])
    {
        $user = User::auth();
        $departmentView = UserDepartment::ownerViewContext($user, true);
        if ($departmentView['enabled']) {
            $builder = self::with($with)->allData()->where('project_tasks.id', intval($task_id));
            if ($trashed === false) {
                $builder->onlyTrashed();
            } elseif ($trashed === null) {
                $builder->withTrashed();
            }
            $task = $builder->first();
            // 仅"全员可见"(visibility=1)的任务走负责人只读视角；指定成员可见的任务交由 userTask 按可见性校验
            if (!empty($task) && intval($task->visibility) === 1 && UserDepartment::isDepartmentReadonlyProject($departmentView, intval($task->project_id))) {
                if ($archived === true && $task->archived_at != null) {
                    throw new ApiException('任务已归档', ['task_id' => $task_id]);
                }
                if ($archived === false && $task->archived_at == null) {
                    throw new ApiException('任务未归档', ['task_id' => $task_id]);
                }
                return $task;
            }
        }
        return self::userTask($task_id, $archived, $trashed, $with);
    }
    /**
     * 构建指定周期内的未完成任务查询（用于周报/日报等）
     * @param int $userid
--- a/app/Models/ProjectTaskTemplate.php
+++ b/app/Models/ProjectTaskTemplate.php
@ -13,6 +13,8 @@ namespace App\Models;
 * @property int $sort 排序
 * @property int $is_default 是否默认模板
 * @property int $userid 创建人
 * @property int $use_count 累计使用次数
 * @property \Illuminate\Support\Carbon|null $last_used_at 最近一次使用时间
 * @property \Illuminate\Support\Carbon|null $created_at
 * @property \Illuminate\Support\Carbon|null $updated_at
 * @property-read \App\Models\Project $project
@ -52,7 +54,18 @@ class ProjectTaskTemplate extends AbstractModel
        'content',
        'sort',
        'is_default',
-        'userid'
+        'userid',
        'use_count',
        'last_used_at'
    ];
    /**
     * The attributes that should be cast.
     *
     * @var array
     */
    protected $casts = [
        'last_used_at' => 'datetime',
    ];
    /**
@ -74,4 +87,17 @@ class ProjectTaskTemplate extends AbstractModel
    {
        return $this->belongsTo(User::class, 'userid');
    }
    /**
     * 原子递增使用次数并刷新最近使用时间。
     */
    public function incrementUsage(): void
    {
        $this->newQuery()
            ->where('id', $this->id)
            ->update([
                'use_count' => \DB::raw('use_count + 1'),
                'last_used_at' => now(),
            ]);
    }
 }
--- a/app/Models/ProjectUser.php
+++ b/app/Models/ProjectUser.php
@ -37,6 +37,36 @@ use App\Module\Base;
 */
 class ProjectUser extends AbstractModel
 {
    /** @var int 普通成员编码 */
    const OWNER_MEMBER = 0;
    /** @var int 项目负责人编码 */
    const OWNER_PRIMARY = 1;
    /** @var int 项目管理员编码 */
    const OWNER_DEPUTY = 2;
    /**
     * 是否项目负责人（owner=1）
     */
    public function isPrimaryOwner(): bool
    {
        return (int)$this->owner === self::OWNER_PRIMARY;
    }
    /**
     * 是否项目管理员（owner=2）
     */
    public function isDeputyOwner(): bool
    {
        return (int)$this->owner === self::OWNER_DEPUTY;
    }
    /**
     * 是否负责人（含项目管理员）
     */
    public function isOwner(): bool
    {
        return $this->isPrimaryOwner() || $this->isDeputyOwner();
    }
    /**
     * @return \Illuminate\Database\Eloquent\Relations\HasOne
@ -61,12 +91,19 @@ class ProjectUser extends AbstractModel
            foreach ($list as $item) {
                $row = self::whereProjectId($item->project_id)->whereUserid($newUserid)->first();
                if ($row) {
-                    // 已存在则删除原数据，判断改变已存在的数据
+                    // 已存在：仅当离职用户是项目负责人（owner=1）时把接收人升为项目负责人；
-                    $row->owner = max($row->owner, $item->owner);
+                    // 离职用户是项目管理员（owner=2）时不传项目管理员身份给接收人（spec：项目管理员不替补）
                    if ((int)$item->owner === self::OWNER_PRIMARY) {
                        $row->owner = self::OWNER_PRIMARY;
                    }
                    // owner=2/0：保留接收人原有 owner 值不变
                    $row->save();
                    $item->delete();
                } else {
-                    // 不存在则改变原数据
+                    // 不存在：转移时如果离职用户是项目管理员，降级为普通成员（不带项目管理员身份过户给接收人）
                    if ((int)$item->owner === self::OWNER_DEPUTY) {
                        $item->owner = self::OWNER_MEMBER;
                    }
                    $item->userid = $newUserid;
                    $item->save();
                }
--- a/app/Models/Setting.php
+++ b/app/Models/Setting.php
@ -59,6 +59,14 @@ class Setting extends AbstractModel
                if (!is_array($value['task_default_time']) || count($value['task_default_time']) != 2 || !Timer::isTime($value['task_default_time'][0]) || !Timer::isTime($value['task_default_time'][1])) {
                    $value['task_default_time'] = ['09:00', '18:00'];
                }
                // 项目创建权限：范围（all/departmentOwner/appoint，默认 all）+ 指定人员
                $value['project_add_permission'] = array_values(array_intersect(
                    is_array($value['project_add_permission'] ?? null) ? $value['project_add_permission'] : [],
                    ['all', 'departmentOwner', 'appoint']
                )) ?: ['all'];
                $value['project_add_userids'] = is_array($value['project_add_userids'] ?? null)
                    ? array_values(array_unique(array_filter(array_map('intval', $value['project_add_userids']))))
                    : [];
                break;
            // 文件设置
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -89,6 +89,8 @@ use Carbon\Carbon;
 */
 class User extends AbstractModel
 {
    const IMPORT_MAX = 500;
    protected $primaryKey = 'userid';
    protected $hidden = [
@ -425,6 +427,287 @@ class User extends AbstractModel
        return $createdUser;
    }
    /**
     * 管理员创建员工账号（复用注册逻辑，强制正式身份，可选首登改密 / 部门 / 职位）
     * @param string $email
     * @param string $password
     * @param string $nickname
     * @param array  $options  changePass(bool,默认true) / emailVerity(bool,默认false,标记邮箱已认证) / department(int[]) / profession(string)
     * @return self
     * @throws ApiException
     */
    public static function createByAdmin(string $email, $password, string $nickname, array $options = []): self
    {
        $nickname = trim($nickname);
        if (mb_strlen($nickname) < 2 || mb_strlen($nickname) > 20) {
            throw new ApiException('昵称需为2-20个字');
        }
        $changePass = ($options['changePass'] ?? true) ? 1 : 0;
        $emailVerity = ($options['emailVerity'] ?? false) ? 1 : 0;
        $profession = trim((string)($options['profession'] ?? ''));
        // 校验前置（reg 之前快速失败，且可在无 Swoole 环境单测）
        self::assertValidProfession($profession);
        $departmentIds = self::assertValidDepartments($options['department'] ?? []);
        // 复用 reg：邮箱校验/查重、passwordPolicy、Doo::userCreate、az/pinyin、全员群、索引同步、user_onboard hook
        $user = self::reg($email, $password, ['nickname' => $nickname]);
        // 管理员显式创建的账号视为正式员工，去除系统 reg_identity 可能带上的 temp
        if (in_array('temp', $user->identity)) {
            $user->identity = Base::arrayImplode(array_diff($user->identity, ['temp']));
        }
        $user->changepass = $changePass; // 复用现有首登强制改密机制
        $user->email_verity = $emailVerity; // 管理员可在创建时直接标记邮箱认证状态
        if ($profession !== '') {
            $user->profession = $profession;
        }
        if ($departmentIds) {
            $user->department = Base::arrayImplode($departmentIds);
        }
        $user->save();
        // 设置了部门 → 加入对应部门群（复刻 operation 的 type=department 入群逻辑）
        if ($departmentIds) {
            $departments = UserDepartment::whereIn('id', $departmentIds)->get();
            foreach ($departments as $department) {
                try {
                    if ($department->dialog_id > 0 && $dialog = WebSocketDialog::find($department->dialog_id)) {
                        $dialog->joinGroup([$user->userid], 0, true);
                        $dialog->pushMsg("groupJoin", null, [$user->userid]);
                    }
                } catch (\Throwable $e) {
                    // 部门入群为尽力投递：单个部门失败不影响账号创建与其他部门
                    \Log::warning('createByAdmin: 部门入群失败', [
                        'userid'        => $user->userid,
                        'department_id' => $department->id,
                        'error'         => $e->getMessage(),
                    ]);
                }
            }
        }
        return $user;
    }
    /**
     * 将上传表格（Excel::toArray 的二维数组）归一化为导入行
     * @param array $sheet
     * @return array  [{line, email, nickname, password}]
     */
    public static function parseImportRows(array $sheet): array
    {
        $rows = [];
        foreach ($sheet as $index => $cells) {
            if ($index === 0) {
                continue; // 表头
            }
            $email = trim((string)($cells[0] ?? ''));
            $nickname = trim((string)($cells[1] ?? ''));
            $password = trim((string)($cells[2] ?? ''));
            $profession = trim((string)($cells[3] ?? ''));
            if ($email === '' && $nickname === '' && $password === '') {
                continue; // 空行（仅职位有值也视为空行跳过）
            }
            $rows[] = [
                'line' => $index + 1, // 电子表格行号（从 1 开始）
                'email' => $email,
                'nickname' => $nickname,
                'password' => $password,
                'profession' => $profession,
            ];
        }
        return $rows;
    }
    /**
     * 校验单条导入行
     * @param array $row  ['email'=>,'nickname'=>,'password'=>,'profession'=>(选填)]
     * @return string|null  错误文案；null 表示通过
     */
    public static function validateImportRow(array $row): ?string
    {
        $email = trim((string)($row['email'] ?? ''));
        $nickname = trim((string)($row['nickname'] ?? ''));
        $password = trim((string)($row['password'] ?? ''));
        if ($email === '' || $nickname === '' || $password === '') {
            return '邮箱、昵称、初始密码均为必填';
        }
        if (!Base::isEmail($email)) {
            return '邮箱格式不正确';
        }
        if (mb_strlen($nickname) < 2 || mb_strlen($nickname) > 20) {
            return '昵称需为2-20个字';
        }
        try {
            self::passwordPolicy($password);
        } catch (ApiException $e) {
            return $e->getMessage();
        }
        // 职位/职称选填，填写则校验 2-20 字
        try {
            self::assertValidProfession((string)($row['profession'] ?? ''));
        } catch (ApiException $e) {
            return $e->getMessage();
        }
        return null;
    }
    /**
     * 校验职位/职称：非空时必须 2-20 字（复用 operation 的现有文案）
     * @param string $profession
     * @return void
     * @throws ApiException
     */
    public static function assertValidProfession(string $profession): void
    {
        $profession = trim($profession);
        if ($profession === '') {
            return;
        }
        if (mb_strlen($profession) < 2) {
            throw new ApiException('职位/职称不可以少于2个字');
        }
        if (mb_strlen($profession) > 20) {
            throw new ApiException('职位/职称最多只能设置20个字');
        }
    }
    /**
     * 规整并校验部门 ID 列表：转正整数去重、最多 10 个、且每个必须存在
     * @param mixed $ids
     * @return int[]
     * @throws ApiException
     */
    public static function assertValidDepartments($ids): array
    {
        if (!is_array($ids)) {
            $ids = [];
        }
        $ids = array_values(array_unique(array_filter(array_map('intval', $ids), fn($v) => $v > 0)));
        if (count($ids) > 10) {
            throw new ApiException('最多只可加入10个部门');
        }
        if ($ids) {
            $existing = UserDepartment::whereIn('id', $ids)->pluck('id')->map(fn($v) => (int)$v)->all();
            if (count($existing) < count($ids)) {
                throw new ApiException('修改部门不存在');
            }
        }
        return $ids;
    }
    /**
     * 批量导入用户（部门/职位逐行：department 来自前端逐行设置，profession 来自 Excel 行）
     * @param array $rows  每行含 email/nickname/password/profession，可选 department(int[])
     * @param bool  $changePass  是否要求首登改密（对本批所有账号生效）
     * @return array  ['total'=>int, 'success'=>int, 'failed'=>[['line','email','reason']]]
     * @throws ApiException 行数超限
     */
    public static function importUsers(array $rows, bool $changePass = true): array
    {
        if (count($rows) > self::IMPORT_MAX) {
            throw new ApiException('单次最多导入' . self::IMPORT_MAX . '条');
        }
        $success = 0;
        $failed = [];
        $seen = [];
        foreach ($rows as $row) {
            $error = self::validateImportRow($row);
            if ($error === null) {
                $emailLower = strtolower(trim((string)$row['email']));
                if (isset($seen[$emailLower])) {
                    $error = '文件内邮箱重复';
                } else {
                    $seen[$emailLower] = true;
                }
            }
            if ($error === null) {
                try {
                    self::createByAdmin($row['email'], $row['password'], $row['nickname'], [
                        'changePass' => $changePass,
                        'emailVerity' => !empty($row['email_verity']),
                        'department' => $row['department'] ?? [],
                        'profession' => $row['profession'] ?? '',
                    ]);
                    $success++;
                    continue;
                } catch (ApiException $e) {
                    $error = $e->getMessage();
                }
            }
            $failed[] = [
                'line' => $row['line'] ?? 0,
                'email' => $row['email'] ?? '',
                'reason' => $error,
            ];
        }
        return [
            'total' => count($rows),
            'success' => $success,
            'failed' => $failed,
        ];
    }
    /**
     * 批量导入预览（只解析+校验，不创建任何账号）
     * 逐行判定 ok/error：必填/邮箱格式/昵称长度/密码策略、文件内邮箱重复、系统中邮箱已存在
     * @param array $rows  parseImportRows 的输出
     * @return array  ['total'=>int,'valid'=>int,'invalid'=>int,'rows'=>[['line','email','nickname','password','status','reason']]]
     */
    public static function importPreview(array $rows): array
    {
        if (count($rows) > self::IMPORT_MAX) {
            throw new ApiException('单次最多导入' . self::IMPORT_MAX . '条');
        }
        // 预查系统中已存在的邮箱（小写比较）
        $emails = [];
        foreach ($rows as $row) {
            $e = strtolower(trim((string)($row['email'] ?? '')));
            if ($e !== '') {
                $emails[$e] = true;
            }
        }
        $existing = [];
        if ($emails) {
            foreach (self::whereIn('email', array_keys($emails))->pluck('email') as $em) {
                $existing[strtolower($em)] = true;
            }
        }
        $seen = [];
        $valid = 0;
        $list = [];
        foreach ($rows as $row) {
            $reason = self::validateImportRow($row);
            $emailLower = strtolower(trim((string)($row['email'] ?? '')));
            if ($reason === null) {
                if (isset($seen[$emailLower])) {
                    $reason = '文件内邮箱重复';
                } else {
                    $seen[$emailLower] = true;
                    if (isset($existing[$emailLower])) {
                        $reason = '邮箱地址已存在';
                    }
                }
            }
            $ok = $reason === null;
            if ($ok) {
                $valid++;
            }
            $list[] = [
                'line' => $row['line'] ?? 0,
                'email' => $row['email'] ?? '',
                'nickname' => $row['nickname'] ?? '',
                'password' => $row['password'] ?? '',
                'profession' => $row['profession'] ?? '',
                'email_verity' => 1, // 默认标记为已认证，前端可在预览中按行调整
                'status' => $ok ? 'ok' : 'error',
                'reason' => $reason ?? '',
            ];
        }
        return [
            'total' => count($rows),
            'valid' => $valid,
            'invalid' => count($rows) - $valid,
            'rows' => $list,
        ];
    }
    /**
     * 获取我的ID
     * @return int
--- a/app/Models/UserBot.php
+++ b/app/Models/UserBot.php
@ -151,6 +151,7 @@ class UserBot extends AbstractModel
        $name = match ($name) {
            'system-msg' => '系统消息',
            'task-alert' => '任务提醒',
            'todo-alert' => '待办提醒',
            'check-in' => '签到打卡',
            'anon-msg' => '匿名消息',
            'approval-alert' => '审批',
--- a/app/Models/UserDepartment.php
+++ b/app/Models/UserDepartment.php
@ -3,7 +3,9 @@
 namespace App\Models;
 use App\Exceptions\ApiException;
 use App\Module\Base;
 use Cache;
 use Request;
 /**
 * App\Models\UserDepartment
@ -35,6 +37,10 @@ use Cache;
 */
 class UserDepartment extends AbstractModel
 {
    protected $appends = [
        'deputy_userids',
    ];
    /**
     * 获取所有父级部门
     * @return array
@ -50,6 +56,55 @@ class UserDepartment extends AbstractModel
        return $parents;
    }
    /**
     * 部门管理员 userid 列表
     * @return array
     */
    public function getDeputyUseridsAttribute(): array
    {
        if (empty($this->id)) {
            return [];
        }
        return \DB::table('user_department_owners')
            ->where('department_id', $this->id)
            ->pluck('userid')
            ->map(fn($v) => (int)$v)
            ->toArray();
    }
    /**
     * 是否部门负责人（与 owner_userid 一致）
     */
    public function isPrimaryOwner($userid): bool
    {
        if (empty($this->id) || $userid <= 0) {
            return false;
        }
        return (int)$this->owner_userid === (int)$userid;
    }
    /**
     * 是否部门管理员（在 user_department_owners 表里）
     */
    public function isDeputyOwner($userid): bool
    {
        if (empty($this->id) || $userid <= 0) {
            return false;
        }
        return \DB::table('user_department_owners')
            ->where('department_id', $this->id)
            ->where('userid', $userid)
            ->exists();
    }
    /**
     * 是否负责人（含部门管理员）
     */
    public function isOwner($userid): bool
    {
        return $this->isPrimaryOwner($userid) || $this->isDeputyOwner($userid);
    }
    /**
     * 保存部门
     * @param $data
@ -65,18 +120,38 @@ class UserDepartment extends AbstractModel
            }
            $this->updateInstance($data);
            //
            // 防御：新负责人若残留在 user_department_owners 中（如曾是该部门管理员），清理掉
            // 否则后续 delDeputy / 罢免接口会把当前部门负责人误移出部门
            if ($this->id && (int)$this->owner_userid > 0) {
                \DB::table('user_department_owners')
                    ->where('department_id', $this->id)
                    ->where('userid', (int)$this->owner_userid)
                    ->delete();
            }
            //
            if ($this->dialog_id > 0) {
                // 已有群
                $dialog = WebSocketDialog::find($this->dialog_id);
                if ($dialog) {
                    $oldOwnerId = (int)$dialog->owner_id;
                    $dialog->name = $this->name;
                    $dialog->owner_id = $this->owner_userid;
                    if ($dialog->save()) {
                        $dialog->joinGroup($this->owner_userid, 0, true);
                        // 同步 role：原负责人 role=0、新负责人 role=1（部门管理员 role=2 保留不动）
                        if ($oldOwnerId > 0 && $oldOwnerId !== (int)$this->owner_userid) {
                            WebSocketDialogUser::where('dialog_id', $dialog->id)
                                ->where('userid', $oldOwnerId)
                                ->update(['role' => 0]);
                        }
                        WebSocketDialogUser::where('dialog_id', $dialog->id)
                            ->where('userid', $this->owner_userid)
                            ->update(['role' => 1]);
                        $dialog->pushMsg("groupUpdate", [
                            'id' => $dialog->id,
                            'name' => $dialog->name,
                            'owner_id' => $dialog->owner_id,
                            'deputy_ids' => $dialog->fresh()->deputy_ids,
                        ]);
                    }
                }
@ -86,16 +161,33 @@ class UserDepartment extends AbstractModel
                if (empty($dialog)) {
                    throw new ApiException("选择现有聊天群不存在");
                }
                $oldOwnerId = (int)$dialog->owner_id;
                $dialog->name = $this->name;
                $dialog->owner_id = $this->owner_userid;
                $dialog->group_type = 'department';
                if ($dialog->save()) {
                    $dialog->joinGroup($this->owner_userid, 0, true);
                    // 同步 role：原负责人 role=0、新负责人 role=1、原部门管理员 role=0
                    // 原部门管理员清零：避免 dialog_users.role=2 与 user_department_owners 不一致
                    // （部门管理员关系不带过来，须通过 addDeputy 显式重新任命）
                    if ($oldOwnerId > 0 && $oldOwnerId !== (int)$this->owner_userid) {
                        WebSocketDialogUser::where('dialog_id', $dialog->id)
                            ->where('userid', $oldOwnerId)
                            ->update(['role' => 0]);
                    }
                    WebSocketDialogUser::where('dialog_id', $dialog->id)
                        ->where('userid', '!=', $this->owner_userid)
                        ->where('role', 2)
                        ->update(['role' => 0]);
                    WebSocketDialogUser::where('dialog_id', $dialog->id)
                        ->where('userid', $this->owner_userid)
                        ->update(['role' => 1]);
                    $dialog->pushMsg("groupUpdate", [
                        'id' => $dialog->id,
                        'name' => $dialog->name,
                        'owner_id' => $dialog->owner_id,
                        'group_type' => $dialog->group_type,
                        'deputy_ids' => $dialog->fresh()->deputy_ids,
                    ]);
                    WebSocketDialogMsg::sendMsg(null, $dialog->id, 'notice', [
                        'notice' => User::nickname() . " 将此群改为部门群"
@ -116,6 +208,12 @@ class UserDepartment extends AbstractModel
                $oldUser->department = array_diff($oldUser->department, [$this->id]);
                $oldUser->department = "," . implode(",", $oldUser->department) . ",";
                $oldUser->save();
                // 原主从 users.department 移除后也要退出部门群（保持成员关系=群关系一致）
                // checkDelete=false：业务流程跳过 owner_id/important 校验
                if ($this->dialog_id > 0) {
                    $dialog = WebSocketDialog::find($this->dialog_id);
                    $dialog?->exitGroup($oldUser->userid, 'remove', false, true);
                }
            }
            if ($newUser) {
                $newUser->department = array_diff($newUser->department, [$this->id]);
@ -126,6 +224,123 @@ class UserDepartment extends AbstractModel
        });
    }
    /**
     * 任命部门管理员
     * - 部门管理员自动加入 users.department（成为部门成员，与负责人对齐）
     * - 部门管理员自动加入部门群 + 设 role=2
     * - 幂等（已是部门管理员不报错）
     *
     * @param int $userid
     * @return void
     * @throws ApiException
     */
    public function addDeputy($userid)
    {
        if ($userid <= 0) {
            throw new ApiException('请选择有效的成员');
        }
        $user = User::whereUserid($userid)->first();
        if (!$user) {
            throw new ApiException('该用户不存在');
        }
        if ((int)$this->owner_userid === (int)$userid) {
            throw new ApiException('不能将部门负责人任命为部门管理员');
        }
        AbstractModel::transaction(function () use ($userid, $user) {
            // 写部门管理员表（unique key 自动幂等）
            \DB::table('user_department_owners')->insertOrIgnore([
                'department_id' => $this->id,
                'userid' => $userid,
            ]);
            // 加入 users.department（成为部门成员，与负责人对齐）
            $userDeptIds = $user->department; // accessor 返回数组
            if (!in_array($this->id, $userDeptIds)) {
                $userDeptIds = array_merge($userDeptIds, [$this->id]);
                $user->department = "," . implode(",", $userDeptIds) . ",";
                $user->save();
            }
            // 加部门管理员入部门群 + 设 role=2 + important=true
            if ($this->dialog_id > 0) {
                $dialog = WebSocketDialog::find($this->dialog_id);
                if ($dialog) {
                    // joinGroup($userid, $inviter, $important=null, $pushMsg=true)
                    // important=true：部门管理员成员关系不可被普通群操作打散
                    $dialog->joinGroup($userid, 0, true, true);
                    WebSocketDialogUser::where('dialog_id', $dialog->id)
                        ->where('userid', $userid)
                        ->update(['role' => 2]);
                    $dialog->pushMsg('groupUpdate', [
                        'id' => $dialog->id,
                        'deputy_ids' => $dialog->fresh()->deputy_ids,
                    ]);
                }
            }
        });
    }
    /**
     * 罢免部门管理员
     * - 删部门管理员表记录
     * - 从 users.department 移除该部门 ID（与负责人"离开部门"对齐）
     * - 退出部门群（成员关系=群关系一致）
     * - 幂等
     *
     * @param int $userid
     * @return void
     */
    public function delDeputy($userid)
    {
        if ($userid <= 0) {
            return;
        }
        // 防御：当前部门负责人不能被罢免（saveDepartment 应已清理残留，此处兜底）
        // 仅清理 user_department_owners 中的悬挂记录，绝不联动移除其部门成员关系/部门群成员
        if ((int)$this->owner_userid === (int)$userid) {
            \DB::table('user_department_owners')
                ->where('department_id', $this->id)
                ->where('userid', $userid)
                ->delete();
            return;
        }
        AbstractModel::transaction(function () use ($userid) {
            $deleted = \DB::table('user_department_owners')
                ->where('department_id', $this->id)
                ->where('userid', $userid)
                ->delete();
            if ($deleted > 0) {
                // 从 users.department 移除该部门 ID
                $user = User::whereUserid($userid)->first();
                if ($user) {
                    $userDeptIds = $user->department;
                    if (in_array($this->id, $userDeptIds)) {
                        $userDeptIds = array_diff($userDeptIds, [$this->id]);
                        $user->department = "," . implode(",", $userDeptIds) . ",";
                        $user->save();
                    }
                }
                // 退出部门群（exitGroup 会清除 dialog_users 记录，role 随之消失）
                if ($this->dialog_id > 0) {
                    $dialog = WebSocketDialog::find($this->dialog_id);
                    if ($dialog) {
                        // checkDelete=false：业务流程跳过 owner_id/important 校验
                        $dialog->exitGroup($userid, 'remove', false, true);
                        $dialog->pushMsg('groupUpdate', [
                            'id' => $dialog->id,
                            'deputy_ids' => $dialog->fresh()->deputy_ids,
                        ]);
                    }
                }
            }
        });
    }
    /**
     * 删除部门
     * @return void
@ -148,6 +363,8 @@ class UserDepartment extends AbstractModel
        // 解散群组
        $dialog = WebSocketDialog::find($this->dialog_id);
        $dialog?->deleteDialog();
        // 清理部门管理员记录（防悬挂）
        \DB::table('user_department_owners')->where('department_id', $this->id)->delete();
        //
        $this->delete();
    }
@ -160,6 +377,7 @@ class UserDepartment extends AbstractModel
     */
    public static function transfer($originalUserid, $newUserid)
    {
        // 部门负责人转让（保持现有逻辑）
        self::whereOwnerUserid($originalUserid)->chunkById(100, function ($list) use ($originalUserid, $newUserid) {
            /** @var self $item */
            foreach ($list as $item) {
@ -168,6 +386,11 @@ class UserDepartment extends AbstractModel
                ]);
            }
        });
        // 部门管理员离职清理（新增）：直接删除离职用户的所有部门管理员记录
        // 不需要清群 role —— UserTransfer::exitDialog 会把人踢出所有群，role 随成员关系一起消失
        \DB::table('user_department_owners')
            ->where('userid', $originalUserid)
            ->delete();
    }
    /**
@ -190,6 +413,93 @@ class UserDepartment extends AbstractModel
        return array_unique($subIds);
    }
    /**
     * 获取用户可切换负责人视角的部门（正负责人 + 部门管理员）
     * @param int $userid
     * @return \Illuminate\Support\Collection
     */
    public static function getManagedDepartments($userid)
    {
        $userid = intval($userid);
        if ($userid <= 0) {
            return collect();
        }
        $deputyDepartmentIds = \DB::table('user_department_owners')
            ->where('userid', $userid)
            ->pluck('department_id')
            ->map(fn($v) => intval($v))
            ->toArray();
        return self::select(['id', 'name', 'parent_id', 'owner_userid'])
            ->where(function ($query) use ($userid, $deputyDepartmentIds) {
                $query->where('owner_userid', $userid);
                if ($deputyDepartmentIds) {
                    $query->orWhereIn('id', $deputyDepartmentIds);
                }
            })
            ->orderBy('id')
            ->get();
    }
    /**
     * 获取用户选择的负责人视角部门范围（含所有下级部门）
     * @param int $userid
     * @param array|string|null $selectedIds all/空表示全部可管理部门
     * @return array
     */
    public static function getManagedDepartmentScopeIds($userid, $selectedIds = null): array
    {
        $managedIds = self::getManagedDepartments($userid)->pluck('id')->map(fn($v) => intval($v))->toArray();
        if (empty($managedIds)) {
            return [];
        }
        if ($selectedIds === 'all' || $selectedIds === null || $selectedIds === '' || $selectedIds === []) {
            $selected = $managedIds;
        } else {
            if (!is_array($selectedIds)) {
                $selectedIds = explode(',', (string)$selectedIds);
            }
            $selected = array_values(array_intersect(
                array_map('intval', $selectedIds),
                $managedIds
            ));
        }
        if (empty($selected)) {
            return [];
        }
        $scopeIds = [];
        foreach ($selected as $departmentId) {
            $scopeIds[] = $departmentId;
            $scopeIds = array_merge($scopeIds, self::getAllSubDepartmentIds($departmentId));
        }
        return array_values(array_unique(array_map('intval', $scopeIds)));
    }
    /**
     * 获取负责人视角可管理的成员 userid
     * @param int $userid
     * @param array|string|null $selectedIds
     * @return array
     */
    public static function getManagedMemberUserids($userid, $selectedIds = null): array
    {
        $departmentIds = self::getManagedDepartmentScopeIds($userid, $selectedIds);
        if (empty($departmentIds)) {
            return [];
        }
        return User::select(['userid'])
            ->where(function ($query) use ($departmentIds) {
                foreach ($departmentIds as $departmentId) {
                    $query->orWhere('department', 'like', "%,{$departmentId},%");
                }
            })
            ->pluck('userid')
            ->map(fn($v) => intval($v))
            ->unique()
            ->values()
            ->toArray();
    }
    /**
     * 获取部门基本信息（缓存时间1小时）
     * @param int|array $ids
@ -232,4 +542,142 @@ class UserDepartment extends AbstractModel
        return is_array($ids) ? $result : $result->first();
    }
    /**
     * 部门负责人视角上下文（只读）。
     * $defaultAll=true 用于项目内只读辅助接口兜底：前端漏传部门选择时按全部可管理部门判断。
     */
    public static function ownerViewContext(User $user, bool $defaultAll = false): array
    {
        $ids = Request::input('department_owner_ids', Request::input('department_ids'));
        if (($ids === null || $ids === '') && $defaultAll) {
            $ids = 'all';
        }
        $empty = [
            'enabled' => false,
            'member_userids' => [],
            'project_ids' => [],
            'project_id_map' => [],
            'own_project_ids' => [],
            'own_project_id_map' => [],
        ];
        if ($ids === null || $ids === '' || Base::settingFind('system', 'department_owner_project_view', 'close') !== 'open') {
            return $empty;
        }
        $memberUserids = self::getManagedMemberUserids($user->userid, $ids);
        if (empty($memberUserids)) {
            return $empty;
        }
        // 项目可单独关闭"部门负责人视角可见"，关闭后对负责人隐藏（含项目和任务群聊）
        $projectIds = ProjectUser::whereIn('project_users.userid', $memberUserids)
            ->join('projects', 'projects.id', '=', 'project_users.project_id')
            ->whereNull('projects.deleted_at')
            ->where(function ($query) {
                $query->where('projects.department_owner_view', '<>', 'close')
                    ->orWhereNull('projects.department_owner_view');
            })
            ->distinct()
            ->pluck('projects.id')
            ->map(fn($v) => intval($v))
            ->values()
            ->toArray();
        $ownProjectIds = ProjectUser::whereUserid($user->userid)
            ->pluck('project_id')
            ->map(fn($v) => intval($v))
            ->unique()
            ->values()
            ->toArray();
        return [
            'enabled' => !empty($projectIds),
            'member_userids' => $memberUserids,
            'project_ids' => $projectIds,
            'project_id_map' => array_fill_keys($projectIds, true),
            'own_project_ids' => $ownProjectIds,
            'own_project_id_map' => array_fill_keys($ownProjectIds, true),
        ];
    }
    /**
     * 判断项目是否属于部门只读范围（非本人项目）
     */
    public static function isDepartmentReadonlyProject(array $context, int $projectId): bool
    {
        return !empty($context['enabled'])
            && isset($context['project_id_map'][$projectId])
            && !isset($context['own_project_id_map'][$projectId]);
    }
    /**
     * 为项目数据附加部门只读标记
     */
    public static function appendDepartmentReadonlyProject(array $project, array $context): array
    {
        $project['department_readonly'] = self::isDepartmentReadonlyProject($context, intval($project['id']));
        return $project;
    }
    /**
     * 会员卡片「查看该会员项目/任务」的权限上下文。
     * 允许条件：本人 / 系统管理员 / 对该会员具有部门负责人只读视角。
     * @param User $viewer        当前登录用户
     * @param int  $targetUserid  目标会员
     * @return array ['allowed'=>bool, 'is_self'=>bool, 'is_admin'=>bool, 'project_ids'=>int[]]
     *               project_ids 仅在部门负责人视角下有意义（限定可见项目集合）；本人/管理员为空数组表示不限制
     */
    public static function userWorksContext(User $viewer, int $targetUserid): array
    {
        $result = [
            'allowed' => false,
            'is_self' => false,
            'is_admin' => false,
            'project_ids' => [],
        ];
        if ($targetUserid <= 0) {
            return $result;
        }
        // 机器人/系统账号（或不存在）不展示项目与任务
        $target = User::select(['userid', 'bot'])->whereUserid($targetUserid)->first();
        if (empty($target) || $target->bot) {
            return $result;
        }
        // 本人
        if ($viewer->userid === $targetUserid) {
            $result['allowed'] = true;
            $result['is_self'] = true;
            return $result;
        }
        // 系统管理员
        if ($viewer->isAdmin()) {
            $result['allowed'] = true;
            $result['is_admin'] = true;
            return $result;
        }
        // 部门负责人只读视角
        if (Base::settingFind('system', 'department_owner_project_view', 'close') !== 'open') {
            return $result;
        }
        $memberUserids = self::getManagedMemberUserids($viewer->userid, 'all');
        if (!in_array($targetUserid, $memberUserids, true)) {
            return $result;
        }
        // 目标会员参与、且未关闭「部门负责人视角可见」的项目
        $projectIds = ProjectUser::where('project_users.userid', $targetUserid)
            ->join('projects', 'projects.id', '=', 'project_users.project_id')
            ->whereNull('projects.deleted_at')
            ->where(function ($query) {
                $query->where('projects.department_owner_view', '<>', 'close')
                    ->orWhereNull('projects.department_owner_view');
            })
            ->distinct()
            ->pluck('projects.id')
            ->map(fn($v) => intval($v))
            ->values()
            ->toArray();
        if (empty($projectIds)) {
            return $result;
        }
        $result['allowed'] = true;
        $result['project_ids'] = $projectIds;
        return $result;
    }
 }
--- a/app/Models/UserTransfer.php
+++ b/app/Models/UserTransfer.php
@ -90,9 +90,15 @@ class UserTransfer extends AbstractModel
                    $dialog->owner_id = $this->new_userid;
                    if ($dialog->save()) {
                        $dialog->joinGroup($this->new_userid, 0);
                        // 同步 role=1：保证 deputy_ids 与 owner_id 一致
                        // 若 new_userid 之前是群管理员（role=2），升为群主后必须从 deputy 列表移出
                        WebSocketDialogUser::where('dialog_id', $dialog->id)
                            ->where('userid', $this->new_userid)
                            ->update(['role' => 1]);
                        $dialog->pushMsg("groupUpdate", [
                            'id' => $dialog->id,
                            'owner_id' => $dialog->owner_id,
                            'deputy_ids' => $dialog->fresh()->deputy_ids,
                        ]);
                    }
                }
--- a/app/Models/WebSocketDialog.php
+++ b/app/Models/WebSocketDialog.php
@ -62,6 +62,11 @@ class WebSocketDialog extends AbstractModel
 {
    use SoftDeletes;
    // 全员群初始化默认名称（双语字面量），用于识别"管理员尚未自定义"的状态
    const ALL_GROUP_DEFAULT_NAME = '全体成员 All members';
    protected $appends = ['deputy_ids'];
    /**
     * 头像地址
     * @param $value
@ -260,6 +265,15 @@ class WebSocketDialog extends AbstractModel
                $data[$field] = $data[$field] ?? null;
            }
        }
        // DB::table 列表/search/beyond 渠道进入的是 stdClass，不会触发 Eloquent $appends。
        // 这里统一补齐 deputy_ids，保证群管理员入口和标识在所有会话来源中一致。
        if (($data['type'] ?? null) === 'group' && !array_key_exists('deputy_ids', $data)) {
            $data['deputy_ids'] = WebSocketDialogUser::whereDialogId($data['id'])
                ->where('role', 2)
                ->pluck('userid')
                ->map(fn($v) => (int)$v)
                ->toArray();
        }
        $data['avatar'] = Base::fillUrl($data['avatar']);
        // 会员必要字段
@ -355,7 +369,9 @@ class WebSocketDialog extends AbstractModel
                        }
                        break;
                    case 'all':
-                        $data['name'] = Doo::translate('全体成员');
+                        $data['name'] = ($data['name'] && $data['name'] !== self::ALL_GROUP_DEFAULT_NAME)
                            ? $data['name']
                            : Doo::translate('全体成员');
                        $data['dialog_mute'] = Base::settingFind('system', 'all_group_mute');
                        break;
                }
@ -457,11 +473,12 @@ class WebSocketDialog extends AbstractModel
     * @param int|array $userid         加入的会员ID或会员ID组
     * @param int $inviter              邀请人
     * @param bool|null $important      重要人员(null不修改、bool修改)
     * @param bool $pushMsg             是否推送消息
     * @return bool
     */
-    public function joinGroup($userid, $inviter, $important = null)
+    public function joinGroup($userid, $inviter, $important = null, $pushMsg = true)
    {
-        AbstractModel::transaction(function () use ($important, $inviter, $userid) {
+        AbstractModel::transaction(function () use ($important, $inviter, $userid, $pushMsg) {
            foreach (is_array($userid) ? $userid : [$userid] as $value) {
                if ($value > 0) {
                    $updateData = [
@ -479,7 +496,7 @@ class WebSocketDialog extends AbstractModel
                            'bot' => User::isBot($value) ? 1 : 0
                        ]);
                    }, $isInsert);
-                    if ($isInsert) {
+                    if ($isInsert && $pushMsg) {
                        WebSocketDialogMsg::sendMsg(null, $this->id, 'notice', [
                            'notice' => User::userid2nickname($value) . " 已加入群组"
                        ], $inviter, true, true);
@ -487,9 +504,11 @@ class WebSocketDialog extends AbstractModel
                }
            }
        });
-        $data = WebSocketDialog::generatePeople($this->id);
+        if ($pushMsg) {
-        $data['id'] = $this->id;
+            $data = WebSocketDialog::generatePeople($this->id);
-        $this->pushMsg("groupUpdate", $data);
+            $data['id'] = $this->id;
            $this->pushMsg("groupUpdate", $data);
        }
        return true;
    }
@ -515,11 +534,40 @@ class WebSocketDialog extends AbstractModel
                foreach ($list as $item) {
                    if ($checkDelete) {
                        if ($type === 'remove') {
-                            // 移出时：如果是全员群仅允许管理员操作，其他群仅群主或邀请人可以操作
+                            // 移出时：如果是全员群仅允许管理员操作，其他群主/群管理员/邀请人可以操作
                            if ($this->group_type === 'all') {
                                User::auth("admin");
-                            } elseif (!in_array(User::userid(), [$this->owner_id, $item->inviter])) {
+                            } else {
-                                throw new ApiException('只有群主或邀请人可以移出成员');
+                                $actor = User::userid();
                                // 未认证时拒绝
                                if ($actor <= 0) {
                                    throw new ApiException('只有群主或邀请人可以移出成员');
                                }
                                // 目标是群主或群管理员时的保护
                                $targetIsPrimaryOwner = $this->isPrimaryOwner($item->userid);
                                $targetIsDeputyOwner = $this->isDeputyOwner($item->userid);
                                if ($targetIsPrimaryOwner || $targetIsDeputyOwner) {
                                    // 普通邀请人不能移出群主或群管理员
                                    $actorIsPrimaryOwner = $this->isPrimaryOwner($actor);
                                    $actorIsDeputyOwner = $this->isDeputyOwner($actor);
                                    if (!$actorIsPrimaryOwner && !$actorIsDeputyOwner) {
                                        throw new ApiException('普通成员不能移出群主或群管理员');
                                    }
                                    // 群管理员不能移出群主或其他群管理员
                                    if ($actorIsDeputyOwner && !$actorIsPrimaryOwner) {
                                        throw new ApiException('群管理员不能移出群主或其他群管理员');
                                    }
                                }
                                // 普通成员：群主、群管理员、邀请人可移出
                                $allowedActor = $this->isOwner($actor) || $actor === (int)$item->inviter;
                                if (!$allowedActor) {
                                    throw new ApiException('只有群主、群管理员或邀请人可以移出成员');
                                }
                            }
                        }
                        if ($item->userid == $this->owner_id) {
@ -547,9 +595,11 @@ class WebSocketDialog extends AbstractModel
            });
        });
        //
-        $data = WebSocketDialog::generatePeople($this->id);
+        if ($pushMsg) {
-        $data['id'] = $this->id;
+            $data = WebSocketDialog::generatePeople($this->id);
-        $this->pushMsg("groupUpdate", $data);
+            $data['id'] = $this->id;
            $this->pushMsg("groupUpdate", $data);
        }
    }
    /**
@ -635,6 +685,93 @@ class WebSocketDialog extends AbstractModel
        }
    }
    /**
     * 是否群主（与 owner_id 一致）
     */
    public function isPrimaryOwner($userid): bool
    {
        return $userid > 0 && (int)$this->owner_id === (int)$userid;
    }
    /**
     * 是否群管理员（仅 web_socket_dialog_users.role=2）
     */
    public function isDeputyOwner($userid): bool
    {
        if ($userid <= 0) {
            return false;
        }
        return WebSocketDialogUser::where('dialog_id', $this->id)
            ->where('userid', $userid)
            ->where('role', 2)
            ->exists();
    }
    /**
     * 是否群主（含群管理员）
     */
    public function isOwner($userid): bool
    {
        return $this->isPrimaryOwner($userid) || $this->isDeputyOwner($userid);
    }
    /**
     * 是否有权限设置/取消本会话内「他人」的待办
     * 放行：群主/群管理员、关联项目负责人/项目管理员、关联任务负责人(及任务所属项目负责人/管理员)
     *
     * @param int $userid
     * @return bool
     */
    public function checkTodoOwnerPermission($userid): bool
    {
        $userid = intval($userid);
        if ($userid <= 0) {
            return false;
        }
        // 系统管理员：可管理任意会话的他人待办（与管理员全局管理能力一致，覆盖无群主的全员群等）
        if (User::find($userid)?->isAdmin()) {
            return true;
        }
        // 群主 / 群管理员
        if ($this->isOwner($userid)) {
            return true;
        }
        // 关联项目（项目群）负责人 / 项目管理员
        $project = Project::whereDialogId($this->id)->first();
        if ($project && $project->isOwner($userid)) {
            return true;
        }
        // 关联任务（任务群）负责人，及任务所属项目负责人 / 管理员
        $task = ProjectTask::whereDialogId($this->id)->first();
        if ($task) {
            if (ProjectTaskUser::whereTaskId($task->id)->whereUserid($userid)->whereOwner(1)->exists()) {
                return true;
            }
            $taskProject = Project::find($task->project_id);
            if ($taskProject && $taskProject->isOwner($userid)) {
                return true;
            }
        }
        return false;
    }
    /**
     * 群管理员 userid 列表
     *
     * @return array
     */
    public function getDeputyIdsAttribute(): array
    {
        if (!$this->id) {
            return [];
        }
        return WebSocketDialogUser::where('dialog_id', $this->id)
            ->where('role', 2)
            ->pluck('userid')
            ->map(fn($v) => (int)$v)
            ->toArray();
    }
    /**
     * 检查禁言
     * @param $userid
@ -692,7 +829,9 @@ class WebSocketDialog extends AbstractModel
                        $name = \DB::table('project_tasks')->where('dialog_id', $this->id)->value('name');
                        break;
                    case 'all':
-                        $name = Doo::translate('全体成员');
+                        $name = ($name && $name !== self::ALL_GROUP_DEFAULT_NAME)
                            ? $name
                            : Doo::translate('全体成员');
                        break;
                }
            }
@ -820,6 +959,13 @@ class WebSocketDialog extends AbstractModel
                if ($projectId > 0 && ProjectUser::whereProjectId($projectId)->whereUserid($userid)->exists()) {
                    return $dialog;
                }
                // 部门负责人只读视角：项目/任务群按项目级共享放行（任务数据另按可见性校验，与普通成员一致）
                if ($projectId > 0 && $checkOwner === false) {
                    $departmentView = UserDepartment::ownerViewContext(User::auth(), true);
                    if (UserDepartment::isDepartmentReadonlyProject($departmentView, $projectId)) {
                        return $dialog;
                    }
                }
                break;
            case 'okr':
@ -857,6 +1003,7 @@ class WebSocketDialog extends AbstractModel
                    WebSocketDialogUser::createInstance([
                        'dialog_id' => $dialog->id,
                        'userid' => $value,
                        'role' => ($owner_id > 0 && (int)$value === (int)$owner_id) ? 1 : 0,
                        'bot' => User::isBot($value) ? 1 : 0,
                        'important' => !in_array($group_type, ['user', 'all']),
                        'last_at' => in_array($group_type, ['user', 'department', 'all']) ? Carbon::now() : null,
--- a/app/Models/WebSocketDialogMsg.php
+++ b/app/Models/WebSocketDialogMsg.php
@ -414,7 +414,7 @@ class WebSocketDialogMsg extends AbstractModel
     * @param array $userids    设置给指定会员
     * @return mixed
     */
-    public function toggleTodoMsg($sender, $userids = [])
+    public function toggleTodoMsg($sender, $userids = [], $remindAt = false)
    {
        if (in_array($this->type, ['tag', 'todo', 'notice'])) {
            return Base::retError('此消息不支持设待办');
@ -423,6 +423,14 @@ class WebSocketDialogMsg extends AbstractModel
        $current = WebSocketDialogMsgTodo::whereMsgId($this->id)->pluck('userid')->toArray();
        $cancel = array_diff($current, $userids);
        $setup = array_diff($userids, $current);
        // 待办操作权限管控（系统开关：禁止其他人员设置/取消待办）
        if (Base::settingFind('system', 'todo_set_permission') === 'close') {
            $affected = array_unique(array_merge($cancel, $setup)); // 本次真正影响到的用户
            $others = array_diff($affected, [$sender]);             // 排除"自己"
            if ($others && !$dialog->checkTodoOwnerPermission($sender)) {
                return Base::retError('仅群主、项目/任务负责人或系统管理员可设置或取消他人待办');
            }
        }
        //
        $this->todo = $setup || count($current) > count($cancel) ? $sender : 0;
        $this->save();
@ -477,12 +485,39 @@ class WebSocketDialogMsg extends AbstractModel
        ];
        $dialog->pushMsg('update', $upData);
        //
        // 提醒时间：仅当调用方显式传入时处理（false=不传则不动既有提醒）
        if ($remindAt !== false) {
            $this->setTodoRemind($userids, $remindAt ?: null);
        }
        //
        return Base::retSuccess($this->todo ? '设置成功' : '取消成功', [
            'add' => $addData,
            'update' => $upData,
        ]);
    }
    /**
     * 设置/取消本消息指定成员待办的提醒时间（纯数据，无推送）。
     * 改动会把 reminded_at 重置为 null，使其可再次到点提醒。
     *
     * @param array       $userids  目标成员
     * @param string|null $remindAt 提醒时间字符串；null/空 表示取消提醒
     * @return int 受影响行数
     */
    public function setTodoRemind(array $userids, $remindAt = null)
    {
        $userids = array_values(array_filter(array_map('intval', $userids)));
        if (empty($userids)) {
            return 0;
        }
        return WebSocketDialogMsgTodo::whereMsgId($this->id)
            ->whereIn('userid', $userids)
            ->update([
                'remind_at' => $remindAt ?: null,
                'reminded_at' => null,
            ]);
    }
    /**
     * 转发消息
     * @param array|int $dialogids
--- a/app/Models/WebSocketDialogMsgTodo.php
+++ b/app/Models/WebSocketDialogMsgTodo.php
@ -2,6 +2,8 @@
 namespace App\Models;
 use Carbon\Carbon;
 /**
 * App\Models\WebSocketDialogMsgTodo
 *
@ -50,4 +52,21 @@ class WebSocketDialogMsgTodo extends AbstractModel
        }
        return $this->appendattrs['msgData'];
    }
    /**
     * 取到点待提醒的待办行：有提醒时间、未提醒、未完成、提醒时间已到。
     * 纯查询，无副作用，供 TodoRemindTask 使用。
     * @return \Illuminate\Database\Eloquent\Collection
     */
    public static function dueReminders()
    {
        return self::whereNotNull('remind_at')
            ->whereNull('reminded_at')
            ->whereNull('done_at')
            ->where('remind_at', '<=', Carbon::now())
            ->orderBy('msg_id')
            ->orderBy('id')
            ->limit(500)
            ->get();
    }
 }
--- a/app/Module/AI.php
+++ b/app/Module/AI.php
@ -233,6 +233,10 @@ class AI
            $authParams['agency'] = $agency;
        }
        // 从模型名末尾剥离思考标记，支持以下写法：
        //   模型名 think / 模型名-thinking / 模型名_reasoning  (空格、- 、_ 作分隔)
        //   模型名(think) / 模型名 ( reasoning )              (括号包裹)
        // 关键词三选一：think | thinking | reasoning
        $thinkPatterns = [
            "/^(.+?)(\s+|\s*[_-]\s*)(think|thinking|reasoning)\s*$/",
            "/^(.+?)\s*\(\s*(think|thinking|reasoning)\s*\)\s*$/"
@ -243,6 +247,7 @@ class AI
                break;
            }
        }
        // 命中后把关键词剥掉，只保留前面的真实模型名
        if ($thinkMatch && !empty($thinkMatch[1])) {
            $authParams['model_name'] = $thinkMatch[1];
        }
--- a/app/Module/Base.php
+++ b/app/Module/Base.php
@ -14,7 +14,7 @@ use Overtrue\Pinyin\Pinyin;
 use Redirect;
 use Request;
 use Storage;
-use Symfony\Component\HttpFoundation\StreamedResponse;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
 use Symfony\Component\HttpFoundation\File\Exception\FileException;
 use Symfony\Component\HttpFoundation\File\File;
 use Validator;
@ -848,6 +848,13 @@ class Base
     */
    public static function getSchemeAndHost()
    {
        // 优先用当前请求的协议+主机：getScheme() 会经 TrustProxies 采信 X-Forwarded-Proto，
        // 从而正确识别 https；host 取自 Host 头（不信 X-Forwarded-Host，避免 Host 注入）
        $request = request();
        if ($request && $request->getHttpHost()) {
            return $request->getSchemeAndHttpHost();
        }
        // 非请求上下文（Task/命令行等）的兜底
        $scheme = isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://';
        return $scheme.($_SERVER['HTTP_HOST'] ?? '');
    }
@ -2818,14 +2825,17 @@ class Base
    /**
     * 字节转格式
-     * @param $bytes
+     * @param int|float $bytes
     * @return string
     */
-    public static function readableBytes($bytes)
+    public static function readableBytes(int|float $bytes): string
    {
-        $i = floor(log($bytes) / log(1024));
+        if ($bytes <= 0) {
            return '0 B';
        }
        $i = (int) floor(log($bytes) / log(1024));
        $sizes = ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
-        return sprintf('%.02F', $bytes / pow(1024, $i)) * 1 . ' ' . $sizes[$i];
+        return (string) ((float) sprintf('%.02F', $bytes / pow(1024, $i))) . ' ' . $sizes[$i];
    }
    /**
@ -2868,9 +2878,15 @@ class Base
    /**
     * DownloadFileResponse 下载文件
     *
     * 返回 Symfony BinaryFileResponse，在 LaravelS/Swoole 环境下由 StaticResponse 走原生
     * sendfile() 发送——OS 级零拷贝、不占用 PHP 内存，可支持任意大小文件（如几百 MB 的大文件）。
     * 切勿改回 StreamedResponse：它会被 LaravelS 用 ob_start()/ob_get_clean() 把整个响应体
     * 缓冲进 PHP 内存，大文件会撞 memory_limit 导致下载失败。
     *
     * @param File|\SplFileInfo|string $file 文件对象或路径
     * @param string|null $name 下载文件名
-     * @return StreamedResponse
+     * @return BinaryFileResponse
     */
    public static function DownloadFileResponse($file, $name = null)
    {
@ -2889,12 +2905,6 @@ class Base
                throw new FileException('File must be readable and exist.');
            }
            // 获取文件信息
            $size = $file->getSize();
            if ($size === false || $size < 0) {
                throw new FileException('Unable to determine file size.');
            }
            // 处理文件名
            if (empty($name)) {
                $name = basename($file->getPathname());
@ -2912,83 +2922,27 @@ class Base
                $mimeType = 'application/octet-stream';
            }
-            // 处理 Range 请求
+            // BinaryFileResponse：autoEtag=false 避免对大文件做 md5/sha1 全文件哈希，autoLastModified=true 取 mtime（开销极小）
-            $start = 0;
+            $response = new BinaryFileResponse($file, 200, [], true, null, false, true);
-            $end = $size - 1;
+            $response->headers->set('Content-Type', $mimeType);
-            $length = $size;
+            $response->headers->set('Cache-Control', 'private, no-transform, no-store, must-revalidate, max-age=0');
-            $isRangeRequest = false;
+            // filename 兜底为纯 ASCII，filename* 用 UTF-8 编码，兼容含中文/特殊字符的文件名
            $asciiName = preg_replace('/[^\x20-\x7e]/', '_', $name);
            $response->headers->set('Content-Disposition', sprintf(
                'attachment; filename="%s"; filename*=UTF-8\'\'%s',
                $asciiName,
                rawurlencode($name)
            ));
-            if (isset($_SERVER['HTTP_RANGE'])) {
+            // LaravelS/Swoole 下 StaticResponse 用 sendfile() 整文件发送，不支持分段；
-                $range = str_replace('bytes=', '', $_SERVER['HTTP_RANGE']);
+            // 若放任 Symfony 处理 Range 会返回 206 头却仍发送完整文件，导致内容错位/损坏。
-                if (preg_match('/^(\d+)-(\d*)$/', $range, $matches)) {
+            // 故在 Swoole 环境下移除 Range 请求头，始终以 200 返回完整文件。
-                    $start = intval($matches[1]);
+            if (app()->bound('swoole')) {
-                    $end = !empty($matches[2]) ? intval($matches[2]) : $size - 1;
+                Request::instance()->headers->remove('Range');
-
+                $response->headers->set('Accept-Ranges', 'none');
                    // 验证范围的有效性
                    if ($start >= 0 && $end < $size && $start <= $end) {
                        $length = $end - $start + 1;
                        $isRangeRequest = true;
                    } else {
                        $start = 0;
                        $end = $size - 1;
                    }
                }
            }
-            // 设置基本响应头
+            return $response;
            $headers = [
                'Content-Type' => $mimeType,
                'Content-Disposition' => sprintf(
                    'attachment; filename="%s"; filename*=UTF-8\'\'%s',
                    $name,
                    rawurlencode($name)
                ),
                'Accept-Ranges' => 'bytes',
                'Cache-Control' => 'private, no-transform, no-store, must-revalidate, max-age=0',
                'Content-Length' => $length,
                'Last-Modified' => gmdate('D, d M Y H:i:s', $file->getMTime()) . ' GMT',
                'ETag' => sprintf('"%s"', md5_file($file->getPathname()))
            ];
            if ($isRangeRequest) {
                $headers['Content-Range'] = "bytes {$start}-{$end}/{$size}";
                $statusCode = 206;
            } else {
                $statusCode = 200;
            }
            // 创建流式响应
            return new StreamedResponse(
                function () use ($file, $start, $length) {
                    $handle = fopen($file->getPathname(), 'rb');
                    if ($handle === false) {
                        throw new FileException('Cannot open file for reading');
                    }
                    if (fseek($handle, $start) === -1) {
                        fclose($handle);
                        throw new FileException('Cannot seek to position ' . $start);
                    }
                    $remaining = $length;
                    $bufferSize = 8192; // 8KB chunks
                    while ($remaining > 0 && !feof($handle)) {
                        $readSize = min($bufferSize, $remaining);
                        $buffer = fread($handle, $readSize);
                        if ($buffer === false) {
                            break;
                        }
                        echo $buffer;
                        flush();
                        $remaining -= strlen($buffer);
                    }
                    fclose($handle);
                },
                $statusCode,
                $headers
            );
        } catch (\Exception $e) {
            \Log::error('File download failed', [
                'error' => $e->getMessage(),
--- a/app/Module/UserImport.php
+++ b/app/Module/UserImport.php
@ -0,0 +1,13 @@
 <?php
 namespace App\Module;
 use Maatwebsite\Excel\Concerns\ToArray;
 class UserImport implements ToArray
 {
    public function array(array $array)
    {
        return $array;
    }
 }
--- a/app/Module/UserImportTemplate.php
+++ b/app/Module/UserImportTemplate.php
@ -0,0 +1,21 @@
 <?php
 namespace App\Module;
 use Maatwebsite\Excel\Concerns\FromArray;
 use Maatwebsite\Excel\Concerns\WithHeadings;
 class UserImportTemplate implements FromArray, WithHeadings
 {
    public function array(): array
    {
        return [
            ['employee@example.com', '张三', 'Abc123456', '工程师'],
        ];
    }
    public function headings(): array
    {
        return ['邮箱(必填)', '昵称(必填,2-20字)', '初始密码(必填,6-32位)', '职位(选填,2-20字)'];
    }
 }
--- a/app/Observers/ProjectTaskObserver.php
+++ b/app/Observers/ProjectTaskObserver.php
@ -113,7 +113,9 @@ class ProjectTaskObserver extends AbstractObserver
            return ProjectUser::whereProjectId($projectTask->project_id)->pluck('userid')->toArray();
        }
        if (in_array('projectOwnerUser', $dataType)) {
-            return ProjectUser::whereProjectId($projectTask->project_id)->where('owner', 1)->pluck('userid')->toArray();
+            return ProjectUser::whereProjectId($projectTask->project_id)
                ->whereIn('owner', [ProjectUser::OWNER_PRIMARY, ProjectUser::OWNER_DEPUTY])
                ->pluck('userid')->toArray();
        }
        $array = [];
        if (in_array('task', $dataType)) {
--- a/app/Tasks/TodoRemindTask.php
+++ b/app/Tasks/TodoRemindTask.php
@ -0,0 +1,86 @@
 <?php
 namespace App\Tasks;
 use App\Models\User;
 use App\Models\WebSocketDialog;
 use App\Models\WebSocketDialogMsg;
 use App\Models\WebSocketDialogMsgTodo;
 use App\Module\Doo;
 use Carbon\Carbon;
 /**
 * 待办提醒：到点由 todo-alert 机器人在原会话发一条「引用原消息 + @被指派成员」的普通文本
 * （同一消息同批到点的成员合并一条）。
 */
 class TodoRemindTask extends AbstractTask
 {
    public function __construct()
    {
        parent::__construct();
    }
    /**
     * 构造提醒文本：每个被提醒成员一个 @ span + 提示语。
     * 直接拼 <span class="mention user" data-id> 是因为 sendMsg 不会调用 formatMsg，
     * 文本会原样入库，msgJoinGroup 据此 span 正则提取 @。
     */
    public static function buildRemindText(array $mentionUserids): string
    {
        $nicknames = User::whereIn('userid', $mentionUserids)->pluck('nickname', 'userid');
        $mentionText = '';
        foreach ($mentionUserids as $uid) {
            $name = $nicknames[$uid] ?? $uid;
            $mentionText .= "<span class=\"mention user\" data-id=\"{$uid}\">@{$name}</span> ";
        }
        return $mentionText . Doo::translate('你有一条待办到提醒时间啦');
    }
    public function start()
    {
        $rows = WebSocketDialogMsgTodo::dueReminders();
        if ($rows->isEmpty()) {
            return;
        }
        $botUser = User::botGetOrCreate('todo-alert');
        if (empty($botUser)) {
            return;
        }
        foreach ($rows->groupBy('msg_id') as $msgId => $group) {
            $rowIds = $group->pluck('id')->toArray();
            $userids = $group->pluck('userid')->map('intval')->values()->toArray();
            //
            $msg = WebSocketDialogMsg::find($msgId);
            $dialog = $msg ? WebSocketDialog::find($msg->dialog_id) : null;
            if (empty($msg) || empty($dialog)) {
                // 原消息/会话已不存在：标记已提醒，避免空转重复扫描
                WebSocketDialogMsgTodo::whereIn('id', $rowIds)->update(['reminded_at' => Carbon::now()]);
                continue;
            }
            //
            $memberIds = $dialog->dialogUser->pluck('userid')->map('intval')->values()->toArray();
            $mentionUserids = array_values(array_intersect($userids, $memberIds));
            if (empty($mentionUserids)) {
                // 被指派人都已退群：没人可 @，标记已提醒避免空转重复扫描
                WebSocketDialogMsgTodo::whereIn('id', $rowIds)->update(['reminded_at' => Carbon::now()]);
                continue;
            }
            $res = WebSocketDialogMsg::sendMsg(
                "reply-{$msg->id}",                          // 引用原消息 → reply_data 自动填充
                $dialog->id,
                'text',                                      // 普通文本
                ['text' => self::buildRemindText($mentionUserids)],
                $botUser->userid,
                false, false, false                          // push_self / push_retry / push_silence
            );
            //
            if (\App\Module\Base::isSuccess($res)) {
                WebSocketDialogMsgTodo::whereIn('id', $rowIds)->update(['reminded_at' => Carbon::now()]);
            }
        }
    }
    public function end()
    {
    }
 }
--- a/app/Tasks/WebSocketDialogMsgTask.php
+++ b/app/Tasks/WebSocketDialogMsgTask.php
@ -189,7 +189,12 @@ class WebSocketDialogMsgTask extends AbstractTask
        if ($umengUserid) {
            $setting = Base::setting('appPushSetting');
            if ($setting['push'] === 'open') {
-                $umengTitle = User::userid2nickname($msg->userid);
+                if ($msg->userid == -1) {
                    // AI 助手虚拟用户没有会员记录，取自定义昵称或默认名称
                    $umengTitle = ($msg->msg['nickname'] ?? '') ?: Doo::translate('AI 助手');
                } else {
                    $umengTitle = User::userid2nickname($msg->userid);
                }
                $umengBody = WebSocketDialogMsg::previewMsg($msg);
                if ($dialog->type == 'group') {
                    $umengBody = $umengTitle . ': ' . $umengBody;
--- a/bin/version.js
+++ b/bin/version.js
@ -1,347 +0,0 @@
 const fs = require('fs');
 const path = require("path");
 const exec = require('child_process').exec;
 let ProxyAgent = null;
 try {
    ProxyAgent = require("undici").ProxyAgent;
 } catch (error) {
    ProxyAgent = null;
 }
 const packageFile = path.resolve(process.cwd(), "package.json");
 const changeFile = path.resolve(process.cwd(), "CHANGELOG.md");
 const verOffset = 6394; // 版本号偏移量
 const codeOffset = 34;  // 代码版本号偏移量
 const envFilePath = path.resolve(process.cwd(), ".env");
 const defaultAiSystemPrompt = "你是一位软件发布日志编辑专家。请产出 Markdown 更新日志，面向普通用户，以通俗友好的简体中文描述更新带来的直接好处，避免技术术语。所有章节标题必须以 `### ` 开头并保持英文 Title Case（例如 `### Features`、`### Bug Fixes`、`### Performance`、`### Documentation` 等）。每个章节内的条目按用户价值和影响范围排序，将更重要、影响更广的更新放在前面。";
 const defaultOpenAiEndpoint = "https://api.openai.com/v1/chat/completions";
 function loadEnvFile(filePath) {
    if (!fs.existsSync(filePath)) {
        return;
    }
    const content = fs.readFileSync(filePath, "utf8");
    content.split(/\r?\n/).forEach(rawLine => {
        const line = rawLine.trim();
        if (!line || line.startsWith("#")) {
            return;
        }
        const equalsIndex = line.indexOf("=");
        if (equalsIndex === -1) {
            return;
        }
        let key = line.slice(0, equalsIndex).trim();
        if (key.startsWith("export ")) {
            key = key.slice(7).trim();
        }
        let value = line.slice(equalsIndex + 1).trim();
        if (!value) {
            value = "";
        }
        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
            value = value.slice(1, -1);
        } else {
            const commentIndex = value.indexOf(" #");
            if (commentIndex !== -1) {
                value = value.slice(0, commentIndex).trim();
            }
        }
        if (process.env[key] === undefined) {
            process.env[key] = value;
        }
    });
 }
 loadEnvFile(envFilePath);
 function resolveApiEndpoint(candidate) {
    const source = (candidate || "").trim();
    if (!source) {
        return defaultOpenAiEndpoint;
    }
    if (/\/chat\/completions(\?|$)/.test(source)) {
        return source;
    }
    const normalized = source.replace(/\/+$/, "");
    if (/\/v\d+$/i.test(normalized)) {
        return `${normalized}/chat/completions`;
    }
    return `${normalized}/v1/chat/completions`;
 }
 function loadSocksProxyAgent(proxyUrl) {
    try {
        const { SocksProxyAgent } = require('socks-proxy-agent');
        return new SocksProxyAgent(proxyUrl);
    } catch (error) {
        if (error && error.code === 'MODULE_NOT_FOUND') {
            console.warn("检测到 SOCKS 代理，但未安装 socks-proxy-agent，请运行 `npm install --save-dev socks-proxy-agent` 后重试。");
        } else {
            console.warn(`无法初始化 SOCKS 代理: ${error?.message || error}`);
        }
        return null;
    }
 }
 function createProxyDispatcher(proxyUrl) {
    if (!proxyUrl) {
        return null;
    }
    let parsedProtocol = '';
    try {
        parsedProtocol = new URL(proxyUrl).protocol.replace(':', '').toLowerCase();
    } catch (error) {
        console.warn(`代理地址无效 (${proxyUrl}): ${error.message}`);
        return null;
    }
    if (parsedProtocol.startsWith('socks')) {
        return loadSocksProxyAgent(proxyUrl);
    }
    if (!ProxyAgent) {
        console.warn('未找到 undici.ProxyAgent，无法启用 HTTP 代理。');
        return null;
    }
    try {
        return new ProxyAgent(proxyUrl);
    } catch (error) {
        console.warn(`无法初始化代理 (${proxyUrl}): ${error.message}`);
        return null;
    }
 }
 function buildDefaultUserPrompt(version, changelogSection) {
    return [
        "你是一位软件发布日志编辑专家。",
        "下面是一段通过 git 提交记录自动生成的更新日志文本。",
        "",
        "请将其整理为一份「面向普通用户、简洁概览风格」的 changelog，保持 Markdown 格式，包含以下结构：",
        "",
        `## [${version}]`,
        "",
        "### Features",
        "",
        "- ...",
        "",
        "### Bug Fixes",
        "",
        "- ...",
        "",
        "### Performance",
        "",
        "- ...",
        "",
        "**要求：**",
        "1. 删除技术性或重复的细节，合并相似项。",
        "2. 语句自然简洁，用简体中文描述。",
        "3. 使用贴近日常的词汇，突出更新对普通用户的直接价值，避免开发或管理术语（如\"refactor\"、\"merge branch\"、\"commit lint\"）。",
        "4. 小节标题必须以 `### ` 开头并保持英文 Title Case（例如 `### Features`、`### Bug Fixes`、`### Performance`、`### Documentation`、`### Security`、`### Miscellaneous` 等），不得翻译成中文。",
        "5. 每个小节内的条目按用户价值和影响范围排序，将更重要、影响更广的更新放在前面。",
        "6. 若某个小节没有内容，请省略整段小节（包括标题）。",
        "7. 输出仅为 Markdown changelog 内容，不加其他解释。",
        "",
        "以下是原始日志：",
        "```markdown",
        changelogSection,
        "```"
    ].join("\n");
 }
 function runExec(command) {
    return new Promise((resolve, reject) => {
        exec(command, { maxBuffer: 1024 * 1024 * 10 }, (err, stdout, stderr) => {
            if (err) {
                reject(err);
                return;
            }
            resolve(stdout.toString());
        });
    });
 }
 function removeDuplicateLines(log) {
    const logs = log.split(/(\n## \[.*?\])/);
    return logs.map(str => {
        const array = [];
        const items = str.split("\n");
        items.forEach(item => {
            if (/^-/.test(item)) {
                if (array.indexOf(item) === -1) {
                    array.push(item);
                }
            } else {
                array.push(item);
            }
        });
        return array.join("\n");
    }).join('');
 }
 function findSectionBounds(content, version) {
    const heading = `## [${version}]`;
    const start = content.indexOf(heading);
    if (start === -1) {
        return null;
    }
    const nextHeadingIndex = content.indexOf("\n## [", start + heading.length);
    const end = nextHeadingIndex === -1 ? content.length : nextHeadingIndex;
    return { start, end };
 }
 function trimCliffOutput(rawOutput, version) {
    const markerIndex = rawOutput.indexOf("## [");
    if (markerIndex === -1) {
        return "";
    }
    return rawOutput
        .slice(markerIndex)
        .replace("## [Unreleased]", `## [${version}]`)
        .trim();
 }
 function buildAiHeaders(apiUrl, apiKey) {
    const headers = { "Content-Type": "application/json" };
    const customHeader = process.env.CHANGELOG_AI_AUTH_HEADER;
    if (customHeader) {
        const separatorIndex = customHeader.indexOf(":");
        if (separatorIndex !== -1) {
            const headerName = customHeader.slice(0, separatorIndex).trim();
            const headerValue = customHeader.slice(separatorIndex + 1).trim();
            if (headerName && headerValue) {
                headers[headerName] = headerValue;
            }
        }
        return headers;
    }
    if (apiUrl.includes("openai.azure.com")) {
        headers["api-key"] = apiKey;
    } else {
        headers.Authorization = `Bearer ${apiKey}`;
    }
    return headers;
 }
 async function enhanceWithAI(version, changelogSection) {
    const apiKey = (process.env.OPENAI_API_KEY || "").trim();
    if (!apiKey) {
        console.warn("未设置 OPENAI_API_KEY，跳过 AI 发布日志整理。");
        return changelogSection;
    }
    const proxyUrl = (process.env.OPENAI_PROXY_URL || "").trim();
    const explicitApiUrl = process.env.CHANGELOG_AI_URL || process.env.OPENAI_API_URL || process.env.OPENAI_BASE_URL;
    const apiUrl = resolveApiEndpoint(explicitApiUrl);
    const dispatcher = createProxyDispatcher(proxyUrl);
    const model = process.env.CHANGELOG_AI_MODEL || process.env.OPENAI_API_MODEL || "gpt-4o-mini";
    const systemPrompt = process.env.CHANGELOG_AI_SYSTEM_PROMPT || defaultAiSystemPrompt;
    const userPrompt = process.env.CHANGELOG_AI_PROMPT || buildDefaultUserPrompt(version, changelogSection);
    try {
        const requestInit = {
            method: "POST",
            headers: buildAiHeaders(apiUrl, apiKey),
            body: JSON.stringify({
                model,
                messages: [
                    { role: "system", content: systemPrompt },
                    { role: "user", content: userPrompt }
                ],
            })
        };
        if (dispatcher) {
            requestInit.dispatcher = dispatcher;
        }
        const response = await fetch(apiUrl, requestInit);
        if (!response.ok) {
            const errorText = await response.text();
            throw new Error(`AI request failed: ${errorText}`);
        }
        const data = await response.json();
        const aiText = data?.choices?.[0]?.message?.content?.trim();
        if (!aiText) {
            throw new Error("AI response did not contain content.");
        }
        return aiText
            .replace(/^\s*```markdown\s*/i, "")
            .replace(/\s*```\s*$/i, "")
            .trim();
    } catch (error) {
        console.warn("AI summarization failed, falling back to original section:", error.message);
        return changelogSection;
    }
 }
 async function generateLatestSection(version) {
    const rawOutput = await runExec('docker run -t --rm -v "$(pwd)":/app/ orhunp/git-cliff:1.3.0 --unreleased');
    const section = trimCliffOutput(rawOutput, version);
    if (!section.trim() || section.trim() === `## [${version}]`) {
        return "";
    }
    return section;
 }
 function insertChangelogSection(existing, section, version) {
    const trimmedSection = section.trim();
    if (!trimmedSection) {
        return existing;
    }
    const bounds = findSectionBounds(existing, version);
    if (bounds) {
        return `${existing.slice(0, bounds.start)}${trimmedSection}\n\n${existing.slice(bounds.end).replace(/^(\n)+/, "")}`;
    }
    const insertIndex = existing.indexOf("\n## [");
    if (insertIndex === -1) {
        return `${existing.trimEnd()}\n\n${trimmedSection}\n`;
    }
    const head = existing.slice(0, insertIndex).trimEnd();
    const tail = existing.slice(insertIndex).replace(/^(\n)+/, "");
    return `${head}\n\n${trimmedSection}\n\n${tail}`;
 }
 async function main() {
    try {
        const verCountRaw = await runExec("git rev-list --count HEAD");
        const codeCountRaw = await runExec("git tag --merged pro -l 'v*' | wc -l");
        const verCount = verCountRaw.trim();
        const codeCount = codeCountRaw.trim();
        const num = verOffset + parseInt(verCount, 10);
        if (Number.isNaN(num) || Math.floor(num % 100) < 0) {
            throw new Error(`get version error ${verCount}`);
        }
        const version = `${Math.floor(num / 10000)}.${Math.floor((num % 10000) / 100)}.${Math.floor(num % 100)}`;
        const codeVersion = codeOffset + parseInt(codeCount, 10);
        let packageContent = fs.readFileSync(packageFile, "utf8");
        packageContent = packageContent.replace(/"version":\s*"(.*?)"/, `"version": "${version}"`);
        packageContent = packageContent.replace(/"codeVerson":(.*?)(,|$)/, `"codeVerson": ${codeVersion}$2`);
        fs.writeFileSync(packageFile, packageContent, "utf8");
        console.log("New version: " + version);
        console.log("New code verson: " + codeVersion);
        if (!fs.existsSync(changeFile)) {
            throw new Error("Change file does not exist");
        }
        const latestSection = await generateLatestSection(version);
        if (!latestSection) {
            console.log("No new changelog entries detected.");
            return;
        }
        const aiSection = await enhanceWithAI(version, latestSection);
        const changelogContent = fs.readFileSync(changeFile, "utf8");
        const mergedContent = insertChangelogSection(changelogContent, aiSection, version);
        const dedupedContent = removeDuplicateLines(mergedContent);
        fs.writeFileSync(changeFile, dedupedContent.trimEnd() + "\n", "utf8");
        console.log("Log file updated: CHANGELOG.md");
    } catch (error) {
        console.error(error);
        process.exitCode = 1;
    }
 }
 main();
--- a/cliff.toml
+++ b/cliff.toml
@ -1,60 +0,0 @@
 # configuration file for git-cliff (0.1.0)
 [changelog]
 # changelog header
 header = """
 # Changelog\n
 All notable changes to this project will be documented in this file.\n
 """
 # template for the changelog body
 # https://tera.netlify.app/docs/#introduction
 body = """
 {% if version %}\
    ## [{{ version | trim_start_matches(pat="v") }}]
 {% else %}\
    ## [Unreleased]
 {% endif %}\
 {% for group, commits in commits | group_by(attribute="group") %}
    ### {{ group | upper_first }}
    {% for commit in commits %}
        - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }}\
    {% endfor %}
 {% endfor %}\n
 """
 # remove the leading and trailing whitespace from the template
 trim = true
 # changelog footer
 footer = """
 """
 [git]
 # parse the commits based on https://www.conventionalcommits.org
 conventional_commits = true
 # filter out the commits that are not conventional
 filter_unconventional = true
 # regex for parsing and grouping commits
 commit_parsers = [
    { message = "^feat", group = "Features"},
    { message = "^fix", group = "Bug Fixes"},
    { message = "^doc", group = "Documentation"},
    { message = "^perf", group = "Performance"},
    { message = "^pref", group = "Performance"},
    { message = "^refactor", group = "Refactor"},
    { message = "^style", group = "Styling"},
    { message = "^test", group = "Testing"},
    { message = "^chore\\(release\\): prepare for", skip = true},
    { message = "^chore", group = "Miscellaneous Tasks"},
    { body = ".*security", group = "Security"},
 ]
 # filter out the commits that are not matched by commit parsers
 filter_commits = true
 # glob pattern for matching git tags
 tag_pattern = "v[0-9]*"
 # regex for skipping tags
 skip_tags = "v0.1.0-beta.1"
 # regex for ignoring tags
 ignore_tags = ""
 # sort the tags chronologically
 date_order = false
 # sort the commits inside sections by oldest/newest order
 sort_commits = "newest"
--- a/10
+++ b/10
@ -394,6 +394,10 @@ env_set() {
        echo "" >> $WORK_DIR/.env
        echo "$key=$val" >> $WORK_DIR/.env
    else
        # 值未变化则直接返回，避免无谓重写 .env（重写会改 mtime，触发 vite 全量重启/前端刷新）
        if [[ "$(env_get "$key")" == "$val" ]]; then
            return 0
        fi
        if [[ `uname` == 'Linux' ]]; then
            sed -i "/^${key}=/c\\${key}=${val}" ${WORK_DIR}/.env
        else
@ -878,7 +882,7 @@ case "$1" in
        else
            https_auto
        fi
-        restart_php
+        $COMPOSE up -d
        ;;
    "artisan")
        shift 1
@ -927,10 +931,6 @@ case "$1" in
        container_exec php "php app/Models/clearHelper.php"
        container_exec php "php artisan ide-helper:models -W"
        ;;
    "translate")
        shift 1
        container_exec php "cd /var/www/language && php translate.php"
        ;;
    "restart")
        shift 1
        $COMPOSE stop "$@"
--- a/database/migrations/2026_04_30_000001_add_role_to_web_socket_dialog_users.php
+++ b/database/migrations/2026_04_30_000001_add_role_to_web_socket_dialog_users.php
@ -0,0 +1,39 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 class AddRoleToWebSocketDialogUsers extends Migration
 {
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::table('web_socket_dialog_users', function (Blueprint $table) {
            if (!Schema::hasColumn('web_socket_dialog_users', 'role')) {
                $table->tinyInteger('role')->default(0)->after('userid')
                    ->comment('0=普通成员 1=群主 2=群管理员');
                $table->index(['dialog_id', 'role'], 'idx_dialog_role');
            }
        });
    }
    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::table('web_socket_dialog_users', function (Blueprint $table) {
            if (Schema::hasColumn('web_socket_dialog_users', 'role')) {
                $table->dropIndex('idx_dialog_role');
                $table->dropColumn('role');
            }
        });
    }
 }
--- a/database/migrations/2026_04_30_000002_backfill_dialog_owner_role.php
+++ b/database/migrations/2026_04_30_000002_backfill_dialog_owner_role.php
@ -0,0 +1,39 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Support\Facades\DB;
 class BackfillDialogOwnerRole extends Migration
 {
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        $prefix = DB::getTablePrefix();
        // 把每个群里 userid = web_socket_dialogs.owner_id 的成员记录设为 role=1（主群主）
        // 幂等：仅当 role=0 时才更新
        DB::statement("
            UPDATE {$prefix}web_socket_dialog_users du
            INNER JOIN {$prefix}web_socket_dialogs d ON d.id = du.dialog_id
            SET du.role = 1
            WHERE d.owner_id > 0
              AND du.userid = d.owner_id
              AND du.role = 0
        ");
    }
    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        $prefix = DB::getTablePrefix();
        // 回滚：把 role=1 的记录全部回到 role=0
        DB::statement("UPDATE {$prefix}web_socket_dialog_users SET role = 0 WHERE role = 1");
    }
 }
--- a/database/migrations/2026_05_01_000001_create_user_department_owners_table.php
+++ b/database/migrations/2026_05_01_000001_create_user_department_owners_table.php
@ -0,0 +1,39 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 class CreateUserDepartmentOwnersTable extends Migration
 {
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        if (!Schema::hasTable('user_department_owners')) {
            Schema::create('user_department_owners', function (Blueprint $table) {
                $table->bigIncrements('id');
                $table->unsignedBigInteger('department_id')->comment('部门ID');
                $table->unsignedBigInteger('userid')->comment('部门管理员 userid');
                $table->timestamp('created_at')->useCurrent();
                $table->unique(['department_id', 'userid'], 'uniq_dept_user');
                $table->index('userid', 'idx_userid');
            });
        }
    }
    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        if (Schema::hasTable('user_department_owners')) {
            Schema::dropIfExists('user_department_owners');
        }
    }
 }
--- a/database/migrations/2026_05_02_000001_backfill_project_dialog_primary_owner.php
+++ b/database/migrations/2026_05_02_000001_backfill_project_dialog_primary_owner.php
@ -0,0 +1,67 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Support\Facades\DB;
 class BackfillProjectDialogPrimaryOwner extends Migration
 {
    /**
     * Run the migrations.
     *
     * 修复历史项目群聊未登记群主的问题：
     * - 早期 Project::addProject 调 createGroup 时未传 owner_id 第 4 参
     *   （在 commit 3a9001e09 才补上），导致老项目群 dialogs.owner_id = 0
     * - 这些群也因此被 2026_04_30_000002_backfill_dialog_owner_role 跳过
     *   （那条迁移要求 owner_id > 0），主负责人那条 dialog_users.role 仍为 0
     *
     * 本迁移仅处理 group_type = 'project' 且未软删的项目：
     *   (a) dialogs.owner_id = 0 → 按 project_users.owner=1 回填
     *   (b) 同一批群里主负责人那条 dialog_users.role = 0 → 设为 1
     *
     * 全部带幂等条件，可重跑。
     *
     * @return void
     */
    public function up()
    {
        $prefix = DB::getTablePrefix();
        // (a) 回填 dialogs.owner_id
        DB::statement("
            UPDATE {$prefix}web_socket_dialogs d
            INNER JOIN {$prefix}projects p ON p.dialog_id = d.id
            INNER JOIN {$prefix}project_users pu ON pu.project_id = p.id AND pu.owner = 1
            SET d.owner_id = pu.userid
            WHERE d.owner_id = 0
              AND d.group_type = 'project'
              AND p.deleted_at IS NULL
        ");
        // (b) 把这些项目群里主负责人那条 dialog_users.role 设为 1
        //     不依赖 (a) 的结果，直接按 project_users.owner=1 反查，幂等条件 du.role=0
        DB::statement("
            UPDATE {$prefix}web_socket_dialog_users du
            INNER JOIN {$prefix}projects p ON p.dialog_id = du.dialog_id
            INNER JOIN {$prefix}project_users pu
                ON pu.project_id = p.id
               AND pu.userid = du.userid
               AND pu.owner = 1
            SET du.role = 1
            WHERE du.role = 0
              AND p.deleted_at IS NULL
        ");
    }
    /**
     * Reverse the migrations.
     *
     * 数据回填类迁移不提供精确回滚——回滚会丢失原本就正确的数据。
     * 如需重置，请手动操作。
     *
     * @return void
     */
    public function down()
    {
        // no-op
    }
 }
--- a/database/migrations/2026_05_03_000001_backfill_dialog_role_consistency.php
+++ b/database/migrations/2026_05_03_000001_backfill_dialog_role_consistency.php
@ -0,0 +1,56 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Support\Facades\DB;
 class BackfillDialogRoleConsistency extends Migration
 {
    /**
     * Run the migrations.
     *
     * 兜底修复 role/owner_id 一致性：
     * - 部门群 owner_id 与 user_departments.owner_userid 对齐
     * - owner_id > 0 的群确保 owner 成员存在且 role=1
     * - 同一群中非 owner 的 role=1 降为普通成员（不影响 role=2 管理员）
     * - 历史 owner_id=0 的普通用户群按最早的非机器人成员回填群主
     * - 清理部门负责人残留的 user_department_owners 记录
     *
     * 全部语句带幂等条件，可重复运行。
     *
     * @return void
     */
    public function up()
    {
        $prefix = DB::getTablePrefix();
        // 1) 部门群 owner_id 以 user_departments.owner_userid 为准
        DB::statement("\n            UPDATE {$prefix}web_socket_dialogs d\n            INNER JOIN {$prefix}user_departments ud ON ud.dialog_id = d.id\n            SET d.owner_id = ud.owner_userid\n            WHERE d.type = 'group'\n              AND d.group_type = 'department'\n              AND d.deleted_at IS NULL\n              AND ud.owner_userid > 0\n              AND d.owner_id != ud.owner_userid\n        ");
        // 2) 历史普通用户群 owner_id=0：按最早加入的非机器人成员回填群主
        DB::statement("\n            UPDATE {$prefix}web_socket_dialogs d\n            INNER JOIN (\n                SELECT du.dialog_id, MIN(du.id) AS min_id\n                FROM {$prefix}web_socket_dialog_users du\n                WHERE du.userid > 0 AND du.bot = 0\n                GROUP BY du.dialog_id\n            ) first_du ON first_du.dialog_id = d.id\n            INNER JOIN {$prefix}web_socket_dialog_users owner_du ON owner_du.id = first_du.min_id\n            SET d.owner_id = owner_du.userid\n            WHERE d.type = 'group'\n              AND d.group_type = 'user'\n              AND d.deleted_at IS NULL\n              AND d.owner_id = 0\n        ");
        // 3) owner_id > 0 但 owner 不在群成员表时，补一条成员记录（仅补真实存在的用户）
        DB::statement("\n            INSERT INTO {$prefix}web_socket_dialog_users\n                (dialog_id, userid, role, bot, important, last_at, created_at, updated_at)\n            SELECT\n                d.id,\n                d.owner_id,\n                1,\n                COALESCE(u.bot, 0),\n                CASE WHEN d.group_type IN ('user', 'all') THEN 0 ELSE 1 END,\n                CASE WHEN d.group_type IN ('user', 'department', 'all') THEN NOW(3) ELSE NULL END,\n                NOW(3),\n                NOW(3)\n            FROM {$prefix}web_socket_dialogs d\n            INNER JOIN {$prefix}users u ON u.userid = d.owner_id\n            LEFT JOIN {$prefix}web_socket_dialog_users du\n                ON du.dialog_id = d.id AND du.userid = d.owner_id\n            WHERE d.type = 'group'\n              AND d.deleted_at IS NULL\n              AND d.owner_id > 0\n              AND du.id IS NULL\n        ");
        // 4) owner 成员设为 role=1；业务群 owner 同时保持 important=1
        DB::statement("\n            UPDATE {$prefix}web_socket_dialog_users du\n            INNER JOIN {$prefix}web_socket_dialogs d ON d.id = du.dialog_id\n            SET du.role = 1,\n                du.important = CASE WHEN d.group_type IN ('user', 'all') THEN du.important ELSE 1 END\n            WHERE d.type = 'group'\n              AND d.deleted_at IS NULL\n              AND d.owner_id > 0\n              AND du.userid = d.owner_id\n              AND (du.role != 1 OR (d.group_type NOT IN ('user', 'all') AND du.important != 1))\n        ");
        // 5) 同一群里非 owner 的 role=1 降为普通成员，避免多个主群主
        DB::statement("\n            UPDATE {$prefix}web_socket_dialog_users du\n            INNER JOIN {$prefix}web_socket_dialogs d ON d.id = du.dialog_id\n            SET du.role = 0\n            WHERE d.type = 'group'\n              AND d.deleted_at IS NULL\n              AND d.owner_id > 0\n              AND du.role = 1\n              AND du.userid != d.owner_id\n        ");
        // 6) 部门负责人不能同时残留在部门管理员表
        DB::statement("\n            DELETE udo FROM {$prefix}user_department_owners udo\n            INNER JOIN {$prefix}user_departments ud ON ud.id = udo.department_id\n            WHERE ud.owner_userid = udo.userid\n        ");
    }
    /**
     * Reverse the migrations.
     *
     * 数据修复类迁移不提供精确回滚，避免破坏已校准的数据。
     *
     * @return void
     */
    public function down()
    {
        // no-op
    }
 }
--- a/database/migrations/2026_05_10_100000_add_use_count_to_project_task_templates.php
+++ b/database/migrations/2026_05_10_100000_add_use_count_to_project_task_templates.php
@ -0,0 +1,25 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 class AddUseCountToProjectTaskTemplates extends Migration
 {
    public function up()
    {
        Schema::table('project_task_templates', function (Blueprint $table) {
            $table->unsignedInteger('use_count')->default(0)->after('is_default')->comment('累计使用次数');
            $table->timestamp('last_used_at')->nullable()->after('use_count')->comment('最近一次使用时间');
            $table->index(['use_count', 'last_used_at'], 'idx_template_usage');
        });
    }
    public function down()
    {
        Schema::table('project_task_templates', function (Blueprint $table) {
            $table->dropIndex('idx_template_usage');
            $table->dropColumn(['use_count', 'last_used_at']);
        });
    }
 }
--- a/database/migrations/2026_05_11_000001_add_task_template_share_to_projects_table.php
+++ b/database/migrations/2026_05_11_000001_add_task_template_share_to_projects_table.php
@ -0,0 +1,26 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 class AddTaskTemplateShareToProjectsTable extends Migration
 {
    public function up()
    {
        Schema::table('projects', function (Blueprint $table) {
            if (!Schema::hasColumn('projects', 'task_template_share')) {
                $table->string('task_template_share', 20)->default('open')->after('ai_auto_analyze')->comment('共享模板开关');
            }
        });
    }
    public function down()
    {
        Schema::table('projects', function (Blueprint $table) {
            if (Schema::hasColumn('projects', 'task_template_share')) {
                $table->dropColumn('task_template_share');
            }
        });
    }
 }
--- a/database/migrations/2026_05_21_000001_add_department_owner_view_to_projects_table.php
+++ b/database/migrations/2026_05_21_000001_add_department_owner_view_to_projects_table.php
@ -0,0 +1,26 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 class AddDepartmentOwnerViewToProjectsTable extends Migration
 {
    public function up()
    {
        Schema::table('projects', function (Blueprint $table) {
            if (!Schema::hasColumn('projects', 'department_owner_view')) {
                $table->string('department_owner_view', 20)->default('open')->after('task_template_share')->comment('部门负责人视角可见开关');
            }
        });
    }
    public function down()
    {
        Schema::table('projects', function (Blueprint $table) {
            if (Schema::hasColumn('projects', 'department_owner_view')) {
                $table->dropColumn('department_owner_view');
            }
        });
    }
 }
--- a/database/migrations/2026_06_01_131916_add_remind_to_web_socket_dialog_msg_todos.php
+++ b/database/migrations/2026_06_01_131916_add_remind_to_web_socket_dialog_msg_todos.php
@ -0,0 +1,25 @@
 <?php
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 class AddRemindToWebSocketDialogMsgTodos extends Migration
 {
    public function up()
    {
        Schema::table('web_socket_dialog_msg_todos', function (Blueprint $table) {
            $table->timestamp('remind_at')->nullable()->comment('提醒时间')->after('done_at');
            $table->timestamp('reminded_at')->nullable()->comment('已提醒时间')->after('remind_at');
            $table->index(['remind_at', 'reminded_at', 'done_at'], 'idx_todo_remind');
        });
    }
    public function down()
    {
        Schema::table('web_socket_dialog_msg_todos', function (Blueprint $table) {
            $table->dropIndex('idx_todo_remind');
            $table->dropColumn(['remind_at', 'reminded_at']);
        });
    }
 }
--- a/database/seeders/WebSocketDialogsTableSeeder.php
+++ b/database/seeders/WebSocketDialogsTableSeeder.php
@ -218,6 +218,6 @@ class WebSocketDialogsTableSeeder extends Seeder
        User::botGetOrCreate('ai-claude');
        $userids = User::whereBot(0)->whereNull('disable_at')->pluck('userid')->toArray();
-        WebSocketDialog::createGroup("全体成员 All members", $userids, 'all');
+        WebSocketDialog::createGroup(WebSocketDialog::ALL_GROUP_DEFAULT_NAME, $userids, 'all');
    }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -42,8 +42,10 @@ services:
    ports:
      - "${APP_PORT}:80"
      - "${APP_SSL_PORT:-0}:443"
    environment:
      APP_SCHEME: "${APP_SCHEME:-auto}"
    volumes:
-      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
+      - ./docker/nginx/default.conf:/etc/nginx/templates/default.conf.template
      - ./:/var/www
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/health"]
@ -96,7 +98,7 @@ services:
  appstore:
    container_name: "dootask-appstore-${APP_ID}"
    privileged: true
-    image: "dootask/appstore:0.4.0"
+    image: "dootask/appstore:0.4.3"
    volumes:
      - shared_data:/usr/share/dootask
      - ${HOST_DOCKER_SOCK:-/var/run/docker.sock}:/var/run/docker.sock
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@ -1,23 +1,47 @@
 map $host $app_scheme_raw {
    default "${APP_SCHEME}";
 }
 map $app_scheme_raw $force_https {
    "https" 1; 
    "on"    1; 
    "ssl"   1; 
    "1"     1; 
    "true"  1; 
    "yes"   1;
    default 0;
 }
 map $http_upgrade $connection_upgrade {
    default upgrade;
-    ''      close;
+    ""      close;
 }
 map $http_host $this_host {
-    "" $host;
+    ""      $host;
    default $http_host;
 }
-map $http_x_forwarded_proto $the_scheme {
+
     default $http_x_forwarded_proto;
     "" $scheme;
 }
 map $http_x_forwarded_host $the_host {
    ""      $this_host;
    default $http_x_forwarded_host;
    "" $this_host;
 }
 map $http_x_forwarded_proto $auto_scheme {
    ""      $scheme;
    default $http_x_forwarded_proto;
 }
 map $force_https $the_scheme {
    1       https;
    default $auto_scheme;
 }
 upstream service {
    server php:20000 weight=5 max_fails=3 fail_timeout=30s;
    keepalive 16;
 }
 server {
    listen 80;
--- a/electron/build.js
+++ b/electron/build.js
@ -6,13 +6,14 @@ const child_process = require('child_process');
 const ora = require('ora');
 const yauzl = require('yauzl');
 const axios = require('axios');
 const FormData =require('form-data');
 const tar = require('tar');
 const utils = require('./lib/utils');
 const r2 = require('./lib/r2');
 const { buildReleaseIndex } = require('./lib/release-index');
 const config = require('../package.json')
 const env = require('dotenv').config({ path: './.env' })
 const argv = process.argv;
-const {BUILD_FRONTEND, APPLEID, APPLEIDPASS, GITHUB_TOKEN, GITHUB_REPOSITORY, UPLOAD_TOKEN, UPLOAD_URL} = process.env;
+const {BUILD_FRONTEND, APPLEID, APPLEIDPASS, GITHUB_TOKEN, GITHUB_REPOSITORY} = process.env;
 const electronDir = path.resolve(__dirname, "public");
 const nativeCachePath = path.resolve(__dirname, ".native");
@ -25,6 +26,9 @@ const architectures = ["arm64", "x64"];
 let buildChecked = false,
    updaterChecked = false;
 const shellQuote = (value) => `'${String(value).replace(/'/g, `'\\''`)}'`;
 const elapsedSeconds = (startTime) => `${((Date.now() - startTime) / 1000).toFixed(1)}s`;
 /**
 * 检测并下载更新器
 */
@ -308,193 +312,23 @@ function changeLog() {
 }
 /**
- * 封装 axios 自动重试
+ * 上传单个文件到 R2 的 draft/<version>/ 目录（带进度/spinner）
 * @param data // {axios: object{}, onRetry: function, retryNumber: number}
 * @returns {Promise<unknown>}
 */
-function axiosAutoTry(data) {
+async function uploadDraftFile(client, localFile, version) {
-    return new Promise((resolve, reject) => {
+    const filename = path.basename(localFile);
-        axios(data.axios).then(result => {
+    const key = `draft/${version}/${filename}`;
-            resolve(result)
+    const startTime = Date.now();
-        }).catch(error => {
+    const spinner = ora(`Upload [0%] ${filename}`).start();
-            if (typeof data.retryNumber == 'number' && data.retryNumber > 0) {
+    try {
-                data.retryNumber--;
+        await r2.uploadFile(client, localFile, key, (loaded, total) => {
-                if (typeof data.onRetry === "function") {
+            const pct = Math.min(99, Math.round((loaded / total) * 100)) + '%';
-                    data.onRetry(error)
+            spinner.text = `Upload [${pct}] ${filename}`;
-                }
+        });
-                if (error.code == 'ECONNABORTED' || error.code == 'ECONNRESET') {
+    } catch (error) {
-                    // 中止，超时
+        spinner.fail(`Upload [fail] ${filename} (${elapsedSeconds(startTime)}): ${error.message || error}`);
-                    return resolve(axiosAutoTry(data))
+        throw error;
                } else {
                    if (error.response && error.response.status == 407) {
                        // 代理407
                        return setTimeout(v => {
                            resolve(axiosAutoTry(data))
                        }, 500 + Math.random() * 500)
                    } else if (error.response && error.response.status == 503) {
                        // 服务器异常
                        return setTimeout(v => {
                            resolve(axiosAutoTry(data))
                        }, 1000 + Math.random() * 500)
                    } else if (error.response && error.response.status == 429) {
                        // 并发超过限制
                        return setTimeout(v => {
                            resolve(axiosAutoTry(data))
                        }, 1000 + Math.random() * 1000)
                    }
                }
            }
            reject(error)
        })
    })
 }
 /**
 * 官网发布器
 */
 class WebsitePublisher {
    constructor({baseUrl, token, version}) {
        this.baseUrl = baseUrl
        this.token = token
        this.version = version
    }
-
+    spinner.succeed(`Upload [100%] ${filename} (${elapsedSeconds(startTime)})`);
    /**
     * 上传单个文件
     * @param localFile 本地文件路径
     * @param options { platform, arch } 可选，有则为安装包
     */
    async uploadPackage(localFile, options = {}) {
        const filename = path.basename(localFile)
        let spinner = ora(`Upload [0%] ${filename}`).start()
        const formData = new FormData()
        formData.append("version", this.version)
        if (options.platform) {
            formData.append("platform", options.platform)
            if (options.arch) {
                formData.append("arch", options.arch)
            }
        }
        formData.append("file", fs.createReadStream(localFile))
        const {status, data} = await axiosAutoTry({
            axios: {
                method: 'post',
                url: `${this.baseUrl}/api/upload/package`,
                data: formData,
                headers: {
                    'Authorization': `Bearer ${this.token}`,
                    'Content-Type': 'multipart/form-data;boundary=' + formData.getBoundary(),
                },
                onUploadProgress: progress => {
                    const complete = Math.min(99, Math.round(progress.loaded / progress.total * 100 | 0)) + '%'
                    spinner.text = `Upload [${complete}] ${filename}`
                },
            },
            onRetry: (err) => {
                const reason = err?.response?.status || err?.code || err?.message || ''
                spinner.warn(`Upload [retry] ${filename}${reason ? ': ' + reason : ''}`)
                spinner = ora(`Upload [0%] ${filename}`).start()
            },
            retryNumber: 3
        })
        if (status !== 200 || !utils.isJson(data) || !data.success) {
            const reason = data?.message || `status ${status}`
            spinner.fail(`Upload [fail] ${filename}: ${reason}`)
            throw new Error(`Upload failed: ${filename}: ${reason}`)
        }
        spinner.succeed(`Upload [100%] ${filename}`)
    }
    /**
     * 上传 changelog
     */
    async uploadChangelog(content) {
        const spinner = ora('Uploading changelog...').start()
        const {status, data} = await axiosAutoTry({
            axios: {
                method: 'post',
                url: `${this.baseUrl}/api/upload/changelog`,
                data: { content },
                headers: {
                    'Authorization': `Bearer ${this.token}`,
                    'Content-Type': 'application/json',
                },
            },
            retryNumber: 3
        })
        if (status !== 200 || !data.success) {
            spinner.fail('Changelog upload failed')
            throw new Error('Changelog upload failed')
        }
        spinner.succeed('Changelog uploaded')
    }
    /**
     * 通知发布完成
     */
    async release() {
        const spinner = ora('Publishing release...').start()
        const {status, data} = await axiosAutoTry({
            axios: {
                method: 'post',
                url: `${this.baseUrl}/api/upload/release`,
                data: { version: this.version },
                headers: {
                    'Authorization': `Bearer ${this.token}`,
                    'Content-Type': 'application/json',
                },
            },
            retryNumber: 3
        })
        if (status !== 200 || !data.success) {
            spinner.fail(`Release failed: ${data?.message || status}`)
            throw new Error(`Release failed: ${data?.message || status}`)
        }
        spinner.succeed('Release published')
    }
 }
 // 安装包扩展名
 const INSTALLER_EXTS = ['.dmg', '.exe', '.msi', '.appimage', '.deb', '.rpm', '.apk']
 /**
 * 创建 WebsitePublisher 实例（如果环境变量齐全）
 */
 function createPublisher() {
    if (!UPLOAD_TOKEN || !UPLOAD_URL) {
        return null
    }
    return new WebsitePublisher({
        baseUrl: UPLOAD_URL.replace(/\/+$/, ''),
        token: UPLOAD_TOKEN,
        version: config.version
    })
 }
 /**
 * 从文件名判断是否为安装包
 */
 function isInstaller(filename) {
    return INSTALLER_EXTS.some(ext => filename.toLowerCase().endsWith(ext))
 }
 /**
 * 从文件名提取 arch
 */
 function parseArchFromFilename(filename) {
    if (/-arm64[.-]/i.test(filename)) return 'arm64'
    if (/-x64[.-]/i.test(filename)) return 'x64'
    return null
 }
 /**
 * 将构建平台名映射为 API platform
 */
 function mapPlatform(buildPlatform) {
    if (buildPlatform.includes('mac')) return 'mac'
    if (buildPlatform.includes('win')) return 'win'
    if (buildPlatform.includes('linux')) return 'linux'
    return null
 }
 /**
@ -568,8 +402,8 @@ async function startBuild(data) {
    //
    if (data.id === 'app') {
        const eeuiDir = path.resolve(__dirname, "../resources/mobile");
        const eeuiRun = `docker run --rm -v ${eeuiDir}:/work -w /work kuaifan/eeui-cli:0.0.1`
        const publicDir = path.resolve(__dirname, "../resources/mobile/src/public");
        const containerName = `dootask-eeui-${Date.now()}-${process.pid}`;
        fse.removeSync(publicDir)
        fse.copySync(electronDir, publicDir)
        if (argv[3] === "publish") {
@ -587,10 +421,19 @@ async function startBuild(data) {
            fs.writeFileSync(xcconfigFile, xcconfigResult, 'utf8')
        }
        if (['build', 'publish'].includes(argv[3])) {
-            if (!fs.existsSync(path.resolve(eeuiDir, "node_modules"))) {
+            child_process.execSync(
-                child_process.execSync(`${eeuiRun} npm install`, {stdio: "inherit", cwd: "resources/mobile"});
+                `docker run -d --name ${containerName} -v ${shellQuote(eeuiDir)}:/work -w /work kuaifan/eeui-cli:0.0.1 sleep infinity`,
                {stdio: "ignore", cwd: "resources/mobile"}
            );
            try {
                if (!fs.existsSync(path.resolve(eeuiDir, "node_modules"))) {
                    child_process.execSync(`docker exec ${containerName} npm install`, {stdio: "inherit", cwd: "resources/mobile"});
                }
                child_process.execSync(`docker exec ${containerName} node /work/scripts/patch-eeui-build.js`, {stdio: "inherit", cwd: "resources/mobile"});
                child_process.execSync(`docker exec ${containerName} eeui build --simple`, {stdio: "inherit", cwd: "resources/mobile"});
            } finally {
                child_process.execSync(`docker rm -f ${containerName}`, {stdio: "ignore", cwd: "resources/mobile"});
            }
            child_process.execSync(`${eeuiRun} eeui build --simple`, {stdio: "inherit", cwd: "resources/mobile"});
        } else {
            [
                path.resolve(publicDir, "../../platforms/ios/eeuiApp/bundlejs/eeui/public"),
@ -657,30 +500,22 @@ async function startBuild(data) {
        fs.writeFileSync(packageFile, JSON.stringify(appConfig, null, 4), 'utf8');
        child_process.execSync(`npm run ${platform}-publish`, {stdio: "inherit", cwd: "electron"});
    }
-    // generic (build or publish)
+    // generic (build or publish) —— 有 R2_PUBLIC_URL 时自动更新源指向 R2 release/
-    appConfig.build.publish = data.publish
+    appConfig.build.publish = r2.R2_PUBLIC_URL
        ? { provider: 'generic', url: `${r2.R2_PUBLIC_URL.replace(/\/+$/, '')}/release` }
        : data.publish
    appConfig.build.directories.output = `${output}-generic`;
    fs.writeFileSync(packageFile, JSON.stringify(appConfig, null, 4), 'utf8');
    child_process.execSync(`npm run ${platform}`, {stdio: "inherit", cwd: "electron"});
-    if (publish === true) {
+    if (publish === true && r2.r2Configured()) {
-        const publisher = createPublisher()
+        const client = r2.createR2Client()
-        if (publisher) {
+        const outputDir = path.resolve(__dirname, appConfig.build.directories.output)
-            const outputDir = path.resolve(__dirname, appConfig.build.directories.output)
+        if (fs.existsSync(outputDir)) {
-            if (fs.existsSync(outputDir)) {
+            const files = fs.readdirSync(outputDir)
-                const apiPlatform = mapPlatform(platform)
+            for (const filename of files) {
-                const files = fs.readdirSync(outputDir)
+                const localFile = path.join(outputDir, filename)
-                for (const filename of files) {
+                if (!fs.statSync(localFile).isFile()) continue
-                    const localFile = path.join(outputDir, filename)
+                await uploadDraftFile(client, localFile, config.version)
                    const fileStat = fs.statSync(localFile)
                    if (!fileStat.isFile()) continue
                    if (isInstaller(filename) && apiPlatform) {
                        const arch = parseArchFromFilename(filename)
                        await publisher.uploadPackage(localFile, { platform: apiPlatform, arch })
                    } else {
                        await publisher.uploadPackage(localFile)
                    }
                }
            }
        }
    }
@ -718,13 +553,13 @@ if (["dev"].includes(argv[2])) {
        }
    })
 } else if (["android-upload"].includes(argv[2])) {
-    // 上传安卓文件（GitHub Actions）
+    // 上传安卓文件到 R2 draft（GitHub Actions）
    (async () => {
-        const publisher = createPublisher()
+        if (!r2.r2Configured()) {
-        if (!publisher) {
+            console.error("缺少 R2_* 环境变量（R2_ACCESS_KEY_ID/R2_SECRET_ACCESS_KEY/R2_ENDPOINT/R2_BUCKET）")
            console.error("缺少 UPLOAD_TOKEN 或 UPLOAD_URL 环境变量")
            process.exit(1)
        }
        const client = r2.createR2Client()
        const releaseDir = path.resolve(__dirname, "../resources/mobile/platforms/android/eeuiApp/app/build/outputs/apk/release");
        if (!fs.existsSync(releaseDir)) {
            console.error("发布文件未找到")
@ -734,7 +569,7 @@ if (["dev"].includes(argv[2])) {
        for (const filename of files) {
            const localFile = path.join(releaseDir, filename)
            if (/\.apk$/.test(filename) && fs.existsSync(localFile) && fs.statSync(localFile).isFile()) {
-                await publisher.uploadPackage(localFile, { platform: 'android' })
+                await uploadDraftFile(client, localFile, config.version)
            }
        }
    })().catch(err => {
@ -742,24 +577,63 @@ if (["dev"].includes(argv[2])) {
        process.exit(1)
    })
 } else if (["release"].includes(argv[2])) {
-    // 通知官网发布完成（GitHub Actions）
+    // R2 内提升：draft/<version> → release/（当前版扁平，旧版归档 release/<prev>/）
    (async () => {
-        const publisher = createPublisher()
+        if (!r2.r2Configured()) {
-        if (!publisher) {
+            console.error("缺少 R2_* 环境变量")
            console.error("缺少 UPLOAD_TOKEN 或 UPLOAD_URL 环境变量")
            process.exit(1)
        }
-        await publisher.release()
+        const client = r2.createR2Client()
        const version = config.version
        const draftPrefix = `draft/${version}/`
        const draftKeys = await r2.listKeys(client, draftPrefix)
        if (!draftKeys.length) {
            console.error(`draft/${version}/ 为空，无法发布`)
            process.exit(1)
        }
        const names = draftKeys.map(k => k.slice(draftPrefix.length))
        // 读 manifest 取上一发布版
        const manifest = JSON.parse(await r2.getText(client, 'manifest.json') || '{"draft":null,"release":null}')
        const prev = manifest.release
        // 1. 归档上一版扁平文件 → release/<prev>/
        if (prev && prev !== version) {
            const prevRootKeys = await r2.listKeys(client, 'release/', '/')
            for (const key of prevRootKeys) {
                const name = key.slice('release/'.length)
                await r2.copyObject(client, key, `release/${prev}/${name}`)
            }
        }
        // 2. 清空扁平根层（仅根层对象，版本归档子目录不动）
        const rootKeys = await r2.listKeys(client, 'release/', '/')
        await r2.deleteKeys(client, rootKeys)
        // 3. 铺新扁平：安装包/blockmap/zip 先，latest*.yml 最后
        const ymls = names.filter(n => /\.ya?ml$/i.test(n))
        const others = names.filter(n => !/\.ya?ml$/i.test(n))
        for (const name of others) await r2.copyObject(client, `${draftPrefix}${name}`, `release/${name}`)
        for (const name of ymls) await r2.copyObject(client, `${draftPrefix}${name}`, `release/${name}`)
        // 4. 下载索引
        const index = buildReleaseIndex(names)
        await r2.putText(client, 'release/index.json', JSON.stringify({ version, files: index }, null, 2))
        // 5. 更新 manifest，清理 draft
        await r2.putText(client, 'manifest.json', JSON.stringify({ draft: null, release: version }, null, 2))
        await r2.deleteKeys(client, draftKeys)
        console.log(`Release published: v${version}`)
    })().catch(err => {
        console.error(err.message || err)
        process.exit(1)
    })
 } else if (["upload-changelog"].includes(argv[2])) {
-    // 上传 changelog（GitHub Actions）
+    // 上传 changelog 到 R2（GitHub Actions）
    (async () => {
-        const publisher = createPublisher()
+        if (!r2.r2Configured()) {
-        if (!publisher) {
+            console.error("缺少 R2_* 环境变量")
            console.error("缺少 UPLOAD_TOKEN 或 UPLOAD_URL 环境变量")
            process.exit(1)
        }
        const changelogPath = path.resolve(__dirname, "../CHANGELOG.md")
@ -767,8 +641,10 @@ if (["dev"].includes(argv[2])) {
            console.error("CHANGELOG.md 未找到")
            process.exit(1)
        }
        const client = r2.createR2Client()
        const content = fs.readFileSync(changelogPath, 'utf8')
-        await publisher.uploadChangelog(content)
+        await r2.putText(client, 'changelog.md', content)
        console.log('Changelog uploaded')
    })().catch(err => {
        console.error(err.message || err)
        process.exit(1)
@ -922,8 +798,8 @@ if (["dev"].includes(argv[2])) {
            // 发布判断环境变量
            if (answers.publish) {
-                if (!(UPLOAD_TOKEN && UPLOAD_URL) && !(GITHUB_TOKEN && utils.strExists(GITHUB_REPOSITORY, "/"))) {
+                if (!r2.r2Configured() && !(GITHUB_TOKEN && utils.strExists(GITHUB_REPOSITORY, "/"))) {
-                    console.error("发布需要 UPLOAD_TOKEN + UPLOAD_URL 或 GITHUB_TOKEN + GITHUB_REPOSITORY, 请检查环境变量!");
+                    console.error("发布需要 R2_* 或 GITHUB_TOKEN + GITHUB_REPOSITORY, 请检查环境变量!");
                    process.exit()
                }
            }
--- a/electron/lib/mcp.js
+++ b/electron/lib/mcp.js
@ -4,7 +4,7 @@
 * DooTask 的 Electron 客户端集成了 Model Context Protocol (MCP) 服务，
 * 允许 AI 助手(如 Claude)直接与 DooTask 任务进行交互。
 *
- * 提供的工具（共 27 个）:
+ * 提供的工具（共 29 个）:
 *
 * === 用户管理 ===
 * - get_users_basic   - 批量获取用户基础信息（1-50个），便于匹配负责人/协助人
@ -43,6 +43,7 @@
 * === 消息通知 ===
 * - search_dialogs       - 按名称搜索群聊或联系人，返回 dialog_id/userid
 * - send_message         - 发送消息到对话（支持 dialog_id 或 userid）
 * - send_task_ai_message - 以AI助手身份发送消息到任务对话，支持自定义发送者昵称
 * - get_message_list     - 获取对话消息记录（支持 dialog_id 或 userid）
 *
 * === 智能搜索 ===
@ -228,7 +229,7 @@ class DooTaskMCP {
                            return { error: 'Result contains non-serializable data' };
                        }
                    } catch (error) {
-                        return { error: error.msg || error.message || String(error) || 'API request failed' };
+                        return { error: error.msg || error.message || String(error) || 'API request failed', ret: error.ret, data: error.data };
                    }
                })()
            `);
@ -242,6 +243,10 @@ class DooTaskMCP {
            const result = await Promise.race([executePromise, timeoutPromise]);
            if (result && result.error) {
                // 多结束/开始状态(-4005/-4006)：保留 ret 与 flow_items 交给工具处理，不直接抛错
                if (result.ret === -4005 || result.ret === -4006) {
                    return result;
                }
                throw new Error(result.error);
            }
@ -591,14 +596,38 @@ class DooTaskMCP {
                task_id: z.number()
                    .min(1)
                    .describe('要标记完成的任务ID'),
                flow_item_id: z.number()
                    .optional()
                    .describe('工作流状态ID'),
            }),
            execute: async (params) => {
                const now = new Date().toISOString().slice(0, 19).replace('T', ' ');
-                const result = await this.request('POST', 'project/task/update', {
+                const requestData = {
                    task_id: params.task_id,
                    complete_at: now,
-                });
+                };
                if (params.flow_item_id) {
                    requestData.flow_item_id = params.flow_item_id;
                }
                const result = await this.request('POST', 'project/task/update', requestData);
                // 处理多结束状态的情况
                if (result.ret === -4005) {
                    const flowItems = result.data?.flow_items || [];
                    return {
                        content: [{
                            type: 'text',
                            text: JSON.stringify({
                                success: false,
                                message: '存在多个结束状态，请选择要使用的状态后重新调用此工具，并指定flow_item_id参数',
                                task_id: params.task_id,
                                flow_items: flowItems,
                            }, null, 2)
                        }]
                    };
                }
                if (result.error) {
                    throw new Error(result.error);
@ -720,6 +749,9 @@ class DooTaskMCP {
                complete_at: z.union([z.string(), z.boolean()])
                    .optional()
                    .describe('完成时间。传时间字符串标记完成，传false标记未完成'),
                flow_item_id: z.number()
                    .optional()
                    .describe('工作流状态ID'),
            }),
            execute: async (params) => {
                const requestData = {
@ -734,9 +766,42 @@ class DooTaskMCP {
                if (params.start_at !== undefined) requestData.start_at = params.start_at;
                if (params.end_at !== undefined) requestData.end_at = params.end_at;
                if (params.complete_at !== undefined) requestData.complete_at = params.complete_at;
                if (params.flow_item_id !== undefined) requestData.flow_item_id = params.flow_item_id;
                const result = await this.request('POST', 'project/task/update', requestData);
                // 处理多结束状态的情况（标记完成时）
                if (result.ret === -4005) {
                    const flowItems = result.data?.flow_items || [];
                    return {
                        content: [{
                            type: 'text',
                            text: JSON.stringify({
                                success: false,
                                message: '存在多个结束状态，请选择要使用的状态后重新调用此工具，并指定flow_item_id参数',
                                task_id: params.task_id,
                                flow_items: flowItems,
                            }, null, 2)
                        }]
                    };
                }
                // 处理多开始状态的情况（取消完成时）
                if (result.ret === -4006) {
                    const flowItems = result.data?.flow_items || [];
                    return {
                        content: [{
                            type: 'text',
                            text: JSON.stringify({
                                success: false,
                                message: '存在多个开始状态，请选择要使用的状态后重新调用此工具，并指定flow_item_id参数',
                                task_id: params.task_id,
                                flow_items: flowItems,
                            }, null, 2)
                        }]
                    };
                }
                if (result.error) {
                    throw new Error(result.error);
                }
@ -1291,6 +1356,58 @@ class DooTaskMCP {
            }
        });
        // 以AI助手身份发送消息到任务对话
        this.mcp.addTool({
            name: 'send_task_ai_message',
            description: '以AI助手身份发送消息到任务对话。应在每个重要里程碑、遇到阻塞、以及全部完成时主动调用。',
            parameters: z.object({
                task_id: z.number()
                    .describe('目标任务ID'),
                text: z.string()
                    .min(1)
                    .describe('消息内容，支持 Markdown'),
                nickname: z.string()
                    .max(20)
                    .optional()
                    .describe('自定义发送者昵称（最多20字），不传或留空时默认显示“AI 助手”'),
                silence: z.boolean()
                    .optional()
                    .describe('静默发送，不触发推送提醒'),
            }),
            execute: async (params) => {
                const payload = {
                    task_id: params.task_id,
                    text: params.text,
                    text_type: 'md',
                };
                if (params.nickname !== undefined) {
                    payload.nickname = params.nickname;
                }
                if (params.silence !== undefined) {
                    payload.silence = params.silence ? 'yes' : 'no';
                }
                const result = await this.request('POST', 'dialog/msg/send_ai_assistant', payload);
                if (result.error) {
                    throw new Error(result.error);
                }
                return {
                    content: [{
                        type: 'text',
                        text: JSON.stringify({
                            success: true,
                            task_id: params.task_id,
                            message: result.data,
                        }, null, 2)
                    }]
                };
            }
        });
        // 获取对话消息列表
        this.mcp.addTool({
            name: 'get_message_list',
--- a/electron/lib/r2.js
+++ b/electron/lib/r2.js
@ -0,0 +1,133 @@
 const fs = require('fs');
 const {
    S3Client,
    PutObjectCommand,
    GetObjectCommand,
    CopyObjectCommand,
    DeleteObjectsCommand,
    ListObjectsV2Command,
 } = require('@aws-sdk/client-s3');
 const { Upload } = require('@aws-sdk/lib-storage');
 const {
    R2_ACCESS_KEY_ID,
    R2_SECRET_ACCESS_KEY,
    R2_ENDPOINT,
    R2_BUCKET,
    R2_PUBLIC_URL,
 } = process.env;
 function r2Configured() {
    return !!(R2_ACCESS_KEY_ID && R2_SECRET_ACCESS_KEY && R2_ENDPOINT && R2_BUCKET);
 }
 function createR2Client() {
    return new S3Client({
        region: 'auto',
        endpoint: R2_ENDPOINT,
        credentials: {
            accessKeyId: R2_ACCESS_KEY_ID,
            secretAccessKey: R2_SECRET_ACCESS_KEY,
        },
    });
 }
 function contentTypeFor(name) {
    if (/\.ya?ml$/i.test(name)) return 'text/yaml';
    if (/\.json$/i.test(name)) return 'application/json';
    if (/\.md$/i.test(name)) return 'text/markdown; charset=utf-8';
    return 'application/octet-stream';
 }
 /** 流式上传本地文件，onProgress(loaded, total) */
 async function uploadFile(client, localFile, key, onProgress) {
    const total = fs.statSync(localFile).size;
    const upload = new Upload({
        client,
        params: {
            Bucket: R2_BUCKET,
            Key: key,
            Body: fs.createReadStream(localFile),
            ContentType: contentTypeFor(key),
        },
    });
    if (onProgress) {
        upload.on('httpUploadProgress', (p) => onProgress(p.loaded || 0, total));
    }
    await upload.done();
 }
 /** 写入文本对象 */
 async function putText(client, key, text) {
    await client.send(new PutObjectCommand({
        Bucket: R2_BUCKET,
        Key: key,
        Body: text,
        ContentType: contentTypeFor(key),
    }));
 }
 /** 读取文本对象，不存在返回 null */
 async function getText(client, key) {
    try {
        const res = await client.send(new GetObjectCommand({ Bucket: R2_BUCKET, Key: key }));
        return await res.Body.transformToString();
    } catch (err) {
        if (err.name === 'NoSuchKey' || err.$metadata?.httpStatusCode === 404) return null;
        throw err;
    }
 }
 /** 桶内服务端复制（文件名为安全 ASCII，无需额外编码） */
 async function copyObject(client, srcKey, destKey) {
    await client.send(new CopyObjectCommand({
        Bucket: R2_BUCKET,
        CopySource: `${R2_BUCKET}/${srcKey}`,
        Key: destKey,
        ContentType: contentTypeFor(destKey),
        MetadataDirective: 'REPLACE',
    }));
 }
 /** 列举 key；delimiter='/' 时仅返回该前缀下的根层对象（子目录归 CommonPrefixes，不返回） */
 async function listKeys(client, prefix, delimiter) {
    const keys = [];
    let token;
    do {
        const res = await client.send(new ListObjectsV2Command({
            Bucket: R2_BUCKET,
            Prefix: prefix,
            Delimiter: delimiter,
            ContinuationToken: token,
        }));
        for (const o of res.Contents || []) keys.push(o.Key);
        token = res.IsTruncated ? res.NextContinuationToken : undefined;
    } while (token);
    return keys;
 }
 /** 批量删除（每批 1000） */
 async function deleteKeys(client, keys) {
    for (let i = 0; i < keys.length; i += 1000) {
        const batch = keys.slice(i, i + 1000);
        if (!batch.length) continue;
        await client.send(new DeleteObjectsCommand({
            Bucket: R2_BUCKET,
            Delete: { Objects: batch.map((Key) => ({ Key })) },
        }));
    }
 }
 module.exports = {
    r2Configured,
    createR2Client,
    contentTypeFor,
    uploadFile,
    putText,
    getText,
    copyObject,
    listKeys,
    deleteKeys,
    R2_BUCKET,
    R2_PUBLIC_URL,
 };
--- a/electron/lib/release-index.js
+++ b/electron/lib/release-index.js
@ -0,0 +1,46 @@
 // 仅这些扩展名进入下载索引（排除 .zip：mac 自动更新增量包，非下载按钮目标）
 const DOWNLOAD_EXTS = ['.dmg', '.exe', '.msi', '.appimage', '.deb', '.rpm', '.apk', '.pkg'];
 /**
 * 从文件名解析 platform/arch（与官网 storage.ts 规则保持一致）
 * @returns {{platform: string, arch: string|null}|null}
 */
 function parseFilename(filename) {
    const lower = filename.toLowerCase();
    if (lower.endsWith('.apk')) {
        return { platform: 'android', arch: null };
    }
    if (!DOWNLOAD_EXTS.some((ext) => lower.endsWith(ext))) {
        return null;
    }
    let platform = null;
    if (/-mac-/i.test(filename) || lower.endsWith('.dmg') || lower.endsWith('.pkg')) {
        platform = 'mac';
    } else if (/-win-/i.test(filename) || /-win\./i.test(filename) || lower.endsWith('.msi')) {
        platform = 'win';
    } else if (/-linux-/i.test(filename) || lower.endsWith('.appimage') || lower.endsWith('.deb') || lower.endsWith('.rpm')) {
        platform = 'linux';
    }
    if (!platform) return null;
    let arch = null;
    if (/-arm64[.-]/i.test(filename)) arch = 'arm64';
    else if (/-x64[.-]/i.test(filename)) arch = 'x64';
    return { platform, arch };
 }
 /**
 * 生成下载索引：{ "<platform>": { "<arch|default>": filename } }
 */
 function buildReleaseIndex(filenames) {
    const index = {};
    for (const filename of filenames) {
        const parsed = parseFilename(filename);
        if (!parsed) continue;
        const archKey = parsed.arch || 'default';
        index[parsed.platform] = index[parsed.platform] || {};
        index[parsed.platform][archKey] = filename;
    }
    return index;
 }
 module.exports = { parseFilename, buildReleaseIndex, DOWNLOAD_EXTS };
--- a/electron/lib/release-index.test.js
+++ b/electron/lib/release-index.test.js
@ -0,0 +1,36 @@
 const test = require('node:test');
 const assert = require('node:assert');
 const { parseFilename, buildReleaseIndex } = require('./release-index');
 test('parseFilename: win exe x64', () => {
    assert.deepStrictEqual(parseFilename('DooTask-v1.7.56-win-x64.exe'), { platform: 'win', arch: 'x64' });
 });
 test('parseFilename: mac dmg arm64', () => {
    assert.deepStrictEqual(parseFilename('DooTask-v1.7.56-mac-arm64.dmg'), { platform: 'mac', arch: 'arm64' });
 });
 test('parseFilename: android apk has null arch', () => {
    assert.deepStrictEqual(parseFilename('app-release.apk'), { platform: 'android', arch: null });
 });
 test('parseFilename: ignores yml/blockmap/zip', () => {
    assert.strictEqual(parseFilename('latest.yml'), null);
    assert.strictEqual(parseFilename('DooTask-v1.7.56-win-x64.exe.blockmap'), null);
    assert.strictEqual(parseFilename('DooTask-v1.7.56-mac-arm64.zip'), null);
 });
 test('buildReleaseIndex: groups by platform/arch, .zip never overwrites .dmg', () => {
    const index = buildReleaseIndex([
        'DooTask-v1.7.56-mac-arm64.dmg',
        'DooTask-v1.7.56-mac-arm64.zip',
        'DooTask-v1.7.56-win-x64.exe',
        'latest.yml',
        'app-release.apk',
    ]);
    assert.deepStrictEqual(index, {
        mac: { arm64: 'DooTask-v1.7.56-mac-arm64.dmg' },
        win: { x64: 'DooTask-v1.7.56-win-x64.exe' },
        android: { default: 'app-release.apk' },
    });
 });
--- a/electron/package.json
+++ b/electron/package.json
@ -42,6 +42,8 @@
        "ora": "^4.1.1"
    },
    "dependencies": {
        "@aws-sdk/client-s3": "^3.1052.0",
        "@aws-sdk/lib-storage": "^3.1052.0",
        "@dootask/electron-dl": "^4.0.0-rc.2",
        "axios": "^1.11.0",
        "crc": "^3.8.0",
@ -60,8 +62,8 @@
        "request": "^2.88.2",
        "tar": "^7.4.3",
        "turndown": "^7.2.2",
-        "zod": "^3.23.8",
+        "yauzl": "^3.2.0",
-        "yauzl": "^3.2.0"
+        "zod": "^3.23.8"
    },
    "trayIcon": {
        "dev": {
--- a/language/README.md
+++ b/language/README.md
@ -1,30 +0,0 @@
 # 语言翻译工具说明
 `language/translate.php` 脚本用于根据 `original-web.txt` 和 `original-api.txt` 中的内容，自动生成/更新 `translate.json` 以及前端使用的多语言文件。
 ## 使用步骤
 1. 在项目根目录 `.env` 文件中配置：
   ```dotenv
   OPENAI_API_KEY=你的OpenAI密钥
   OPENAI_BASE_URL=可选的自定义API地址
   OPENAI_PROXY_URL=可选的代理地址
   ```
 2. 在 `language` 目录下执行：
   ```bash
   php translate.php
   ```
 3. 查看生成的翻译结果：
   - 翻译详情：`language/translate.json`
   - API 文件：`public/language/api/*.json`
   - Web 文件：`public/language/web/*.js`
 ## 注意事项
 - 若 `.env` 未设置 `OPENAI_API_KEY`，脚本会直接退出。
 - `OPENAI_PROXY_URL` 可选，留空时不会设置代理。
--- a/language/composer.json
+++ b/language/composer.json
@ -1,9 +0,0 @@
 {
    "name": "dootask/language",
    "require": {
        "php": ">=7.4",
        "ext-curl": "*",
        "ext-json": "*",
        "orhanerday/open-ai": "^5.2"
    }
 }
--- a/language/composer.lock
+++ b/language/composer.lock
@ -1,82 +0,0 @@
 {
    "_readme": [
        "This file locks the dependencies of your project to a known state",
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
    "content-hash": "ec9d23d3c9171a27ef10589ff18aaf1d",
    "packages": [
        {
            "name": "orhanerday/open-ai",
            "version": "5.2",
            "source": {
                "type": "git",
                "url": "https://github.com/orhanerday/open-ai.git",
                "reference": "d8c78fe2f5fed59e0ba458f90b5589ed9f13a367"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/orhanerday/open-ai/zipball/d8c78fe2f5fed59e0ba458f90b5589ed9f13a367",
                "reference": "d8c78fe2f5fed59e0ba458f90b5589ed9f13a367",
                "shasum": ""
            },
            "require": {
                "ext-curl": "*",
                "ext-json": "*",
                "php": ">=7.4"
            },
            "require-dev": {
                "friendsofphp/php-cs-fixer": "^3.0",
                "pestphp/pest": "^1.20",
                "spatie/ray": "^1.28"
            },
            "type": "library",
            "autoload": {
                "psr-4": {
                    "Orhanerday\\OpenAi\\": "src"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Orhan Erday",
                    "email": "orhanerday@gmail.com",
                    "role": "Developer"
                }
            ],
            "description": "OpenAI GPT-3 Api Client in PHP",
            "homepage": "https://github.com/orhanerday/open-ai",
            "keywords": [
                "open-ai",
                "orhanerday"
            ],
            "support": {
                "issues": "https://github.com/orhanerday/open-ai/issues",
                "source": "https://github.com/orhanerday/open-ai/tree/5.2"
            },
            "funding": [
                {
                    "url": "https://github.com/orhanerday",
                    "type": "github"
                }
            ],
            "time": "2024-05-29T12:31:54+00:00"
        }
    ],
    "packages-dev": [],
    "aliases": [],
    "minimum-stability": "stable",
    "stability-flags": [],
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
        "php": ">=7.4",
        "ext-curl": "*",
        "ext-json": "*"
    },
    "platform-dev": [],
    "plugin-api-version": "2.6.0"
 }
--- a/language/original-api.txt
+++ b/language/original-api.txt
@ -560,8 +560,6 @@ webhook地址最长仅支持255个字符。
 (*)将(*)移出群组
 (*)退出群组
 (*)已加入群组
 (*)当前正在共享，无法移动到另一个共享文件夹内
 (*)内含有共享文件，无法移动到另一个共享文件夹内
 处理错误
 仅限所有者或创建者操作
 没有修改写入权限
@ -575,13 +573,11 @@ webhook地址最长仅支持255个字符。
 子任务负责人填写错误
 任务负责人填写错误
 (*)负责或参与的未完成任务最多不能超过(*)个
 (*)已被其他成员设置
 邮件发送超时，请检查邮箱配置是否正确
 群主不可移出
 部门成员、项目人员或任务人员不可移出
 群主不可退出
 部门成员、项目人员或任务人员不可退出
 当前客户端版本(*)过低，最低版本要求(*)。
 验证码不能为空
 别名不能为空
 别名的长度在(*)个字符
@ -607,7 +603,6 @@ webhook地址最长仅支持255个字符。
 (*)的周报[(*)][(*)月第(*)周]
 (*)的日报[(*)]
 考勤机
 手动签到
 (*)评论了(*)的「(**)」审批
 抄送(*)提交的「(**)」记录
@ -615,7 +610,6 @@ webhook地址最长仅支持255个字符。
 您发起的「(**)」已通过
 您发起的「(**)」被(*)拒绝
 消息不存在或已被删除
 此消息不支持翻译
 消息内容为空
 翻译失败
@ -629,26 +623,15 @@ webhook地址最长仅支持255个字符。
 任务结束时间
 任务计划用时
 超时时间
 负责人
 创建人
 (*)等(*)位成员的任务统计
 (*)的任务统计
 任务ID
 父级任务ID
 所属项目
 任务标题
 任务开始时间
 任务结束时间
 完成时间
 归档时间
 任务计划用时
 实际完成用时
 超时时间
 开发用时
 验收/测试用时
 负责人
 创建人
 状态
 审批记录
@ -656,7 +639,6 @@ webhook地址最长仅支持255个字符。
 标题
 申请状态
 发起时间
 完成时间
 发起人工号
 发起人User ID
 发起人姓名
@ -665,7 +647,6 @@ webhook地址最长仅支持255个字符。
 部门负责人
 历史审批人
 历史办理人
 审批记录
 当前处理人
 审批节点
 审批人数
@ -819,7 +800,6 @@ AI机器人不存在
 选择模型
 当前对话不支持
 会话不存在或已被删除
 开启新会话
 历史会话
@ -839,13 +819,11 @@ AI机器人不存在
 (*)天(*)小时(*)分钟
 (*)天(*)小时
 (*)天(*)分钟
 (*)天
 (*)小时(*)分钟
 (*)小时
 (*)分钟
 任务不存在或已被删除
 文件不存在或已被删除
 报告不存在或已被删除
 文件读取失败：(*)
@ -919,7 +897,6 @@ URL格式不正确
 报告内容为空，无法进行分析
 工作汇报分析失败
 工作汇报分析结果为空
 缺少ID参数
 无权访问该工作汇报
 生成AI分析失败
 工作汇报内容不能为空
@ -937,14 +914,11 @@ URL格式不正确
 会员不存在
 请输入个性标签
 标签名称最多只能设置(*)个字
 标签已存在
 每位会员最多添加(*)个标签
 参数错误
 标签不存在
 无权操作该标签
 已取消认可
 认可成功
 选择模型
 请先配置 AI 助手
 请先在「AI 助手」设置中配置 (*)
 今日未完成的工作
@ -974,3 +948,51 @@ AI 返回内容为空
 没有权限操作此任务
 请选择要转发的消息
 LDAP 用户缺少邮箱属性，请联系管理员配置
 群管理员
 任命群管理员
 罢免群管理员
 该用户不是群成员
 不能将群主任命为群管理员
 仅群主或群管理员可操作
 仅限群主或群管理员操作
 群管理员不能移出群主或其他群管理员
 请选择有效的成员
 任命成功
 罢免成功
 项目管理员
 任命项目管理员
 罢免项目管理员
 该用户不是项目成员
 不能将负责人任命为项目管理员
 不能将部门负责人任命为部门管理员
 该用户不存在
 无权操作此模板
 修改共享模板
 修改负责人视角可见
 项目负责人数据异常，请先修复项目负责人
 项目成员列表必须包含项目负责人
 项目管理员不能移除项目负责人或项目管理员
 项目管理员必须是项目成员
 负责人不能任命为项目管理员
 普通成员不能移出群主或群管理员
 只有群主、群管理员或邀请人可以移出成员
 仅群主、项目/任务负责人或系统管理员可设置或取消他人待办
 请选择文件
 仅支持 xls/xlsx/csv 文件
 文件中没有可导入的数据
 导入完成
 昵称需为2-20个字
 邮箱、昵称、初始密码均为必填
 邮箱格式不正确
 文件内邮箱重复
 单次最多导入500条
 没有可导入的数据
 解析完成
 请选择成员
 待办提醒
 你有一条待办到提醒时间啦
 发送者昵称最多不能超过20字
 AI 助手
 没有查看权限
 当前仅指定人员可以创建项目
--- a/language/original-web.txt
+++ b/language/original-web.txt
@ -1668,6 +1668,12 @@ WiFi签到延迟时长为±1分钟。
 你确定将【(*)】设为管理员吗？
 你确定取消【(*)】管理员身份吗？
 你确定将【(*)】的邮箱标记为已认证吗？
 你确定将【(*)】的邮箱标记为未认证吗？
 标记邮箱为已认证
 标记邮箱为未认证
 标记选中(*)项为已认证
 标记选中(*)项为未认证
 你确定要取消任务时间吗？
 更新子任务
@ -1689,7 +1695,6 @@ WiFi签到延迟时长为±1分钟。
 该任务尚未被领取，点击这里
 考勤机
 手动签到
 签到备注
 重复打卡提醒
@ -1728,7 +1733,6 @@ WiFi签到延迟时长为±1分钟。
 插入链接
 请输入完整的链接地址
 自动通过,审批人与发起人为同一人
 自动通过,审批人已审核
 你确定要删除项目吗？
@ -1757,9 +1761,6 @@ WiFi签到延迟时长为±1分钟。
 定位失败
 位置
 你选择的位置「(*)」不在签到范围内
 定位签到
 通过在签到打卡机器人发送位置签到
 签到备注
 百度地图AK
 腾讯地图Key
 高德地图Key
@ -1813,7 +1814,6 @@ WiFi签到延迟时长为±1分钟。
 系统别名
 用于网页默认标题、邮件发送等
 权限设置
 打包权限
 允许所有人
 仅限管理员
@ -1882,7 +1882,6 @@ WiFi签到延迟时长为±1分钟。
 只有在项目中才能创建任务
 项目不存在
 只有在任务中才能创建子任务
 任务不存在
 未知类型
 未找到内容
 再见
@ -1901,7 +1900,6 @@ WiFi签到延迟时长为±1分钟。
 请输入标签描述
 标签颜色
 使用示例标签
 取消默认
 编辑标签
 确定要删除该标签吗？
 标签
@ -1909,7 +1907,6 @@ WiFi签到延迟时长为±1分钟。
 暂无标签
 添加标签
 请选择示例标签
 全部保存成功
 消息详情
 长文本
@ -2022,7 +2019,6 @@ API请求的URL路径
 附言
 任务不存在或已被删除
 文件不存在或已被删除
 报告不存在或已被删除
 文件读取失败：(*)
 独立窗口显示
@ -2037,7 +2033,6 @@ API请求的URL路径
 删除机器人：(*)
 默认：90天
 机器人名称
 后退
 前进
@ -2089,12 +2084,8 @@ OKR群组
 会话名称
 值
 结果
 名称
 命令
 必填
 接口地址
 清理时间
 类型
 该机器人不支持
 说明
 属性
@ -2214,7 +2205,6 @@ Webhook事件
 打开会话
 成员加入
 成员退出
 是否拨打电话给(*)？
 是否发送邮件给(*)？
 个人信息
@ -2283,7 +2273,6 @@ URL不能为空
 AI 搜索
 AI 项目助手
 AI 汇报分析
 AI 整理汇报
 AI 任务助手
 AI 消息助手
 欢迎使用 AI 助手
@ -2344,7 +2333,6 @@ AI任务分析
 关闭后所有项目将不再自动分析任务。
 关闭后本项目将不再自动分析任务。
 新建任务后AI自动分析并给出建议。
 关闭后本项目将不再自动分析任务。
 (最多(*)条)
 最多选择(*)条消息
 系统已关闭AI任务分析功能。
@ -2361,3 +2349,108 @@ AI任务分析
 登录属性
 用于匹配登录用户名的 LDAP 属性，Active Directory 请选择 sAMAccountName
 请输入帐号
 群管理员
 任命群管理员
 罢免群管理员
 确定要罢免该群管理员吗？
 还没有群管理员
 添加群管理员
 确定将 (*) 任命为群管理员吗？
 项目管理员
 任命项目管理员
 罢免项目管理员
 确定要罢免该项目管理员吗？
 还没有项目管理员
 添加项目管理员
 确定将 (*) 任命为项目管理员吗？
 部门管理员
 任命部门管理员
 罢免部门管理员
 请选择部门管理员
 确定将 (*) 任命为部门管理员吗？
 部门管理员享有部门群的群管理员权限
 即将罢免项目管理员
 请确认以下操作，注意此操作不可逆！
 移除成员负责的任务将变成无负责人。
 搜索模板
 来自(*)
 暂无可用模板
 加载中
 共享模板
 开启后，添加任务时可使用其他项目共享的任务模板。
 关闭后，添加任务时仅加载本项目模板，不显示其他项目共享模板。
 根据系统设置的自动归档规则执行
 负责人视角
 开启后，部门负责人可只读查看本项目及其全员可见任务。
 关闭后，本项目及其群聊对部门负责人视角隐藏。
 个人项目，只读查看
 负责人视角，只读查看
 我的项目
 没有任何与"(*)"相关的结果
 标记未选
 标记已选
 可查看所选部门及所有下级部门成员参与的项目和任务，仅支持只读查看。
 反选
 切换失败
 当前为负责人视角：你可查看项目和任务，并参与讨论，但不能编辑项目或任务。
 选择项目管理员
 即将移除
 当前为负责人视角，并参与讨论，但不能编辑任务。
 部门负责人视角
 开启后，部门负责人/部门管理员可只读查看本部门及下级部门成员参与的项目和项目内全部任务。
 部门管理员同步失败
 待办设置权限
 允许：所有成员可设置/取消他人待办。
 禁止：仅本人、系统管理员、群主（含群管理员）、项目负责人（含项目管理员）、任务负责人可设置/取消待办。
 批量导入用户
 请按模板填写后上传，列顺序：邮箱、昵称、初始密码、职位(选填)；单次最多导入500条。
 下载模板
 导入结果：共(*)条，成功(*)条，失败(*)条
 行号
 失败原因
 导入失败
 仅支持 xls/xlsx/csv 文件
 创建用户
 批量导入
 初始密码
 请输入邮箱
 请输入初始密码
 员工首次登录需修改密码
 邮箱、昵称、初始密码均为必填
 员工下次登录需修改密码
 重新选择文件
 共(*)条 · 可导入(*)条 · 错误(*)条
 点击查看明文
 原因
 可导入
 错误
 确定导入(*)条
 解析失败
 设置部门到选中(*)项
 提醒时间
 不提醒
 1 小时后
 今晚 20:00
 明早 9:00
 成功导入(*)条
 标记完成
 暂无待办
 暂无完成
 取消提醒
 确定取消该成员的提醒时间吗？
 项目与任务
 暂无项目
 暂无任务
 负责
 协作
 成员
 (*)分钟前
 (*)小时前
 (*)天前
 所有人：所有成员均可创建项目。
 可创建项目的人员
 系统管理员（始终可创建，不受开关限制）。
 部门负责人与部门管理员。
 下方指定的人员。
--- a/language/translate.json
+++ b/language/translate.json
--- a/language/translate.php
+++ b/language/translate.php
@ -1,351 +0,0 @@
 <?php
@error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
 require __DIR__ . '/vendor/autoload.php';
 use Orhanerday\OpenAi\OpenAi;
 // 读取 .env 文件的简单工具函数
 function language_parse_env_file(string $path): array
 {
    $env = [];
    $lines = @file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    if ($lines === false) {
        return $env;
    }
    foreach ($lines as $line) {
        $line = trim($line);
        if ($line === '' || $line[0] === '#') {
            continue;
        }
        $delimiterPosition = strpos($line, '=');
        if ($delimiterPosition === false) {
            continue;
        }
        $name = trim(substr($line, 0, $delimiterPosition));
        if (strpos($name, 'export ') === 0) {
            $name = trim(substr($name, 7));
        }
        if ($name === '') {
            continue;
        }
        $value = trim(substr($line, $delimiterPosition + 1));
        $length = strlen($value);
        if ($length >= 2) {
            $first = $value[0];
            $last = $value[$length - 1];
            if (($first === '"' && $last === '"') || ($first === "'" && $last === "'")) {
                $value = substr($value, 1, $length - 2);
            }
        }
        $env[$name] = $value;
    }
    return $env;
 }
 // 获取环境变量值的简单工具函数
 function language_env_value(string $key, array $env): ?string
 {
    if (array_key_exists($key, $env)) {
        return $env[$key];
    }
    $value = getenv($key);
    if ($value !== false) {
        return $value;
    }
    return null;
 }
 // 读取语言环境配置
 $languageEnvFile = dirname(__DIR__) . '/.env';
 $languageEnv = is_readable($languageEnvFile) ? language_parse_env_file($languageEnvFile) : [];
 // 优先从 .env 读取 OPENAI 配置，未找到时再次尝试 getenv 覆盖
 $openAiKey = trim(language_env_value('OPENAI_API_KEY', $languageEnv) ?? '');
 if ($openAiKey === '') {
    fwrite(STDERR, "OPENAI_API_KEY 未设置，请在项目根目录的 .env 中配置。\n");
    exit(1);
 }
 $openAiProxy = trim(language_env_value('OPENAI_PROXY_URL', $languageEnv) ?? '');
 $openAiBaseUrl = trim(language_env_value('OPENAI_BASE_URL', $languageEnv) ?? '');
 // 读取所有要翻译的内容
 $originals = [];
 $generateds = [];
 foreach (['web', 'api'] as $type) {
    $content = file_exists("original-{$type}.txt") ? file_get_contents("original-{$type}.txt") : "";
    $array = array_values(array_filter(array_unique(explode("\n", $content))));
    $generateds[$type] = $array;
    $originals = array_merge($originals, $array);
 }
 // 判定是否存在translate.json文件
 if (!file_exists("translate.json")) {
    print_r("translate.json not exists");
    exit;
 }
 $translations = []; // 翻译数据
 $regrror = [];      // 正则匹配错误的数据
 $redundants = [];   // 多余的数据
 $needs = [];        // 需要翻译的数据
 // 读取翻译数据
 $tmps = json_decode(file_get_contents("translate.json"), true);
 foreach ($tmps as $obj) {
    if (!isset($obj['key'])) {
        continue;
    }
    $currentKey = $obj['key'];
    $originalKey = preg_replace(["/\(%T\d+\)/", "/\(%M\d+\)/"], ["(*)", "(**)"], $currentKey);
    $translations[$originalKey] = $obj;
    if (!in_array($originalKey, $originals)) {
        unset($translations[$originalKey]);
        $redundants[$originalKey] = $obj;
        continue;
    }
    if (preg_match_all('/\(%[TM]\d+\)/', $currentKey, $matches)) {
        foreach ($matches[0] as $match) {
            foreach ($obj as $k => $v) {
                if (empty($v)) {
                    continue;
                }
                if (!str_contains($v, $match)) {
                    // 正则匹配错误
                    $regrror[$originalKey] = [
                        $k => $v,
                        'match' => $match,
                        'key' => $currentKey,
                    ];
                    continue 2;
                }
            }
        }
    }
 }
 if (count($regrror) > 0) {
    print_r("正则匹配错误的数据:\n");
    print_r($regrror);
    exit();
 }
 if (count($redundants) > 0) {
    print_r("多余的数据:\n");
    print_r(implode(", ", array_keys($redundants)) . "\n\n");
 }
 // 需要翻译的数据
 foreach ($originals as $text) {
    $key = trim($text);
    if (!isset($translations[$key])) {
        $needs[$key] = $key;
    }
 }
 if (count($needs) > 0) {
    $array = array_chunk($needs, 10, true);
    $success = [];
    $error = [];
    $done = 0;
    foreach ($array as $index => $keys) {
        // 生成翻译内容
        foreach ($keys as &$key) {
            $c = 1;
            $key = preg_replace_callback('/\((\*+)\)/', function ($m) use (&$c) {
                $label = strlen($m[1]) > 1 ? "M" : "T";
                return "(%" . $label . $c++ . ")";
            }, $key);
        }
        $content = implode("\n", $keys);
        // 开始翻译
        print_r("正在翻译：" . (count($keys) + $done) . "/" . count($needs) . "...\n");
        $openAi = new OpenAi($openAiKey);
        if ($openAiBaseUrl !== '') {
            $openAi->setBaseURL(rtrim(preg_replace('#/v\d+/?$#', '', $openAiBaseUrl), '/'));
        }
        if ($openAiProxy !== '') {
            $openAi->setProxy($openAiProxy);
        }
        $result = $openAi->chat([
            "model" => "gpt-5.2",
            "reasoning_effort" => "low",
            'messages' => [
                [
                    "role" => "system",
                    "content" => <<<EOF
                        你是一个专业的翻译器，翻译的结果尽量符合 “项目任务管理系统” 的使用，请将提供的内容按每行一个翻译成：
                        ```json
                        [
                            {
                                "key": "",      // 原文本
                                "zh": "",       // 留空(不用翻译)
                                "zh-CHT": "",   // 繁体中文
                                "en": "",       // 英语
                                "ko": "",       // 韩语
                                "ja": "",       // 日语
                                "de": "",       // 德语
                                "fr": "",       // 法语
                                "id": "",       // 印度尼西亚语
                                "ru": ""        // 俄语
                            }
                        ]
                        ```
                        请注意：(%T1)、(%T2)、(%T3)、(%M1)、(%M2) ...... 这类以 `小括号(%+内容)` 的字符组合是一个变量，翻译时请保留。
                        例子1：
                        原文：此(%T1)已经处于【(%T2)】共享文件夹中，无法重复共享。
                        翻译成英语：This (%T1) is already in the 【(%T2)】 shared folder and cannot be shared again。
                        例子2：
                        原文：(%T1)的周报[(%T2)][(%T3)月第(%T4)周]
                        翻译成英语：Weekly report of (%T1) [(%T2)] [(Week (%T4) of (%T3) month)]
                        例子3：
                        原文：(%T1)提交的「(%M2)」待你审批
                        翻译成英语：'(%M2)' submitted by (%T1) is waiting for your approval
                        例子4：
                        原文：您发起的「(%M1)」已通过
                        翻译成英语：The '(%M1)' you initiated has been approved
                        EOF,
                ],
                [
                    "role" => "user",
                    "content" => $content,
                ],
            ]
        ]);
        // 处理结果
        $obj = json_decode($result);
        $txt = preg_replace('/(^\s*```json\s*|\s*```\s*$)/', "", $obj->choices[0]->message->content);
        $txt = preg_replace('/\(％([TM]\d+)\)/', '(%$1)', $txt);
        $arr = json_decode($txt, true);
        if (!$arr || !is_array($arr)) {
            $error = array_merge($error, array_flip($keys));
            print_r("翻译失败：\n" . $content . "\n\n");
            file_put_contents("translate-gpt.log", json_encode($obj, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT) . "\n\n", FILE_APPEND);
            continue;
        }
        // 验证结果
        foreach ($arr as $item) {
            if (empty($item['key'])) {
                print_r("翻译结果不符合规范：key为空。\n");
                print_r($item);
                continue;
            }
            foreach (['key', 'zh', 'zh-CHT', 'en', 'ko', 'ja', 'de', 'fr', 'id', 'ru'] as $lang) {
                if (!isset($item[$lang])) {
                    print_r("翻译结果不符合规范：{$item['key']}，缺少：{$lang} 的值。\n");
                    continue 2;
                }
            }
            $currentKey = $item['key'];
            $originalKey = preg_replace(["/\(%T\d+\)/", "/\(%M\d+\)/"], ["(*)", "(**)"], $currentKey);
            if (preg_match_all('/\(%[TM]\d+\)/', $currentKey, $matches)) {
                foreach ($matches[0] as $match) {
                    foreach ($item as $k => $v) {
                        if (empty($v)) {
                            continue;
                        }
                        if (!str_contains($v, $match)) {
                            // 正则匹配错误
                            $error[$originalKey] = [
                                'key' => $currentKey,
                                $k => $v,
                                'match' => $match,
                            ];
                            continue 3;
                        }
                    }
                }
            }
            $item['zh'] = "";
            $translations[$originalKey] = $item;
            $success[$originalKey] = $item;
        }
        print_r("翻译完成：" . (count($keys) + $done) . "/" . count($needs) . "\n\n");
        $done += count($keys);
    }
    if (count($error) > 0) {
        print_r("正则匹配错误的数据:\n");
        print_r(json_encode(array_values($error), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT) . "\n\n");
    }
    // 保存翻译结果
    file_put_contents("translate.json", json_encode(array_values($translations), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT));
    print_r("----------------\n\n");
    print_r("总翻译：" . count($needs) . " 条\n");
    print_r("成功：" . count($success) . " 条\n");
    print_r("错误：" . count($error) . " 条\n\n");
    print_r("----------------\n\n");
 }
 // 生成前端使用的文件
 foreach ($generateds as $type => $array) {
    $datas = [];
    foreach ($array as $text) {
        $text = trim($text);
        if (isset($translations[$text])) {
            $datas[] = $translations[$text];
        }
    }
    // 按长度排序
    $inOrder = [];
    foreach ($datas as $index => $item) {
        if (preg_match('/\(%[TM]\d+\)/', $item['key'])) {
            $inOrder[$index] = strlen($item['key']);
        } else {
            $inOrder[$index] = strlen($item['key']) + 10000000000;
        }
    }
    array_multisort($inOrder, SORT_DESC, $datas);
    // 合成数组
    $results = [];
    $index = 0;
    foreach ($datas as $items) {
        foreach ($items as $kk => $item) {
            if (!isset($results)) {
                $results[$kk] = [];
            }
            $results[$kk][] = $item;
        }
    }
    // 生成文件
    if ($type === 'api') {
        if (!is_dir("../public/language/api")) {
            mkdir("../public/language/api", 0777, true);
        }
        foreach ($results as $kk => $item) {
            $file = "../public/language/api/$kk.json";
            file_put_contents($file, json_encode($item, JSON_UNESCAPED_UNICODE));
        }
    } elseif ($type === 'web') {
        if (!is_dir("../public/language/web")) {
            mkdir("../public/language/web", 0777, true);
        }
        foreach ($results as $kk => $item) {
            $file = "../public/language/web/$kk.js";
            file_put_contents($file, "if(typeof window.LANGUAGE_DATA===\"undefined\")window.LANGUAGE_DATA={};window.LANGUAGE_DATA[\"{$kk}\"]=" . json_encode($item, JSON_UNESCAPED_UNICODE));
        }
    }
    print_r("[$type] total: " . count($results['key']) . "\n");
 }
 print_r("\n任务结束\n");
--- a/package.json
+++ b/package.json
@ -1,13 +1,11 @@
 {
    "name": "DooTask",
-    "version": "1.7.29",
+    "version": "1.7.90",
-    "codeVerson": 232,
+    "codeVerson": 237,
    "description": "DooTask is task management system.",
    "scripts": {
        "start": "./cmd dev",
-        "build": "./cmd prod",
+        "build": "./cmd prod"
        "version": "node ./bin/version.js",
        "translate": "./cmd translate"
    },
    "author": {
        "name": "KuaiFan",
--- a/public/js/build/404.68f31c46.js
+++ b/public/js/build/404.68f31c46.js
@ -1 +1 @@
-import{n as m}from"./app.20ce4f8e.js";import"./jquery.26755d2b.js";import"./@babel.9410f858.js";import"./dayjs.29a2c04b.js";import"./localforage.a7f8d307.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./vuex.cc7cb26e.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var p=function(){var t=this,r=t.$createElement;return t._self._c,t._m(0)},e=[function(){var t=this,r=t.$createElement,i=t._self._c||r;return i("div",{staticClass:"page-404"},[i("div",{staticClass:"flex-center position-ref full-height"},[i("div",{staticClass:"code"},[t._v("404")]),i("div",{staticClass:"message"},[t._v("Not Found")])])])}];const s={},o={};var _=m(s,p,e,!1,n,"7d7154a8",null,null);function n(t){for(let r in o)this[r]=o[r]}var it=function(){return _.exports}();export{it as default};
+import{n as m}from"./app.27305e7a.js";import"./jquery.9a8e34a6.js";import"./@babel.9410f858.js";import"./dayjs.22b500b5.js";import"./localforage.ff736638.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./vuex.cc7cb26e.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var p=function(){var t=this,r=t.$createElement;return t._self._c,t._m(0)},e=[function(){var t=this,r=t.$createElement,i=t._self._c||r;return i("div",{staticClass:"page-404"},[i("div",{staticClass:"flex-center position-ref full-height"},[i("div",{staticClass:"code"},[t._v("404")]),i("div",{staticClass:"message"},[t._v("Not Found")])])])}];const s={},o={};var _=m(s,p,e,!1,n,"7d7154a8",null,null);function n(t){for(let r in o)this[r]=o[r]}var it=function(){return _.exports}();export{it as default};
--- a/public/js/build/AceEditor.a8dd9f8a.js
+++ b/public/js/build/AceEditor.a8dd9f8a.js
--- a/public/js/build/CheckinExport.6b9a9b8f.js
+++ b/public/js/build/CheckinExport.6b9a9b8f.js
--- a/public/js/build/CheckinExport.88eee51f.css
+++ b/public/js/build/CheckinExport.88eee51f.css
@ -0,0 +1 @@
 .checkin-field .ivu-form-item-label{color:#f90;font-weight:500}.checkin-mac-header[data-v-eb58f07c]{margin-bottom:8px;font-weight:500;color:#606266}.checkin-mac-item[data-v-eb58f07c]{margin-bottom:8px}.checkin-mac-item .ivu-col[data-v-eb58f07c]{padding-right:8px}.checkin-mac-item .ivu-col[data-v-eb58f07c]:last-child{padding-right:0}.checkin-mac-del[data-v-eb58f07c]{display:flex;align-items:center;justify-content:center;cursor:pointer;color:red}.checkin-mac-del[data-v-eb58f07c]:hover{opacity:.8}.form-tip[data-v-eb58f07c]{font-size:12px;color:#999;margin-top:4px}.user-tags-preview[data-v-eb58f07c]{display:flex;align-items:center;flex-wrap:wrap;gap:8px;min-height:32px}.user-tags-preview .tag-pill[data-v-eb58f07c]{cursor:pointer;padding:6px 12px;border-radius:12px;font-size:13px;-webkit-user-select:none;-moz-user-select:none;user-select:none;background-color:#f5f5f5;color:#606266;line-height:14px;height:26px;max-width:160px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.user-tags-preview .tag-pill.is-recognized[data-v-eb58f07c]{color:#67c23a}.user-tags-preview .tag-pill span[data-v-eb58f07c]{padding-left:8px;position:relative}.user-tags-preview .tag-pill span[data-v-eb58f07c]:before{content:"";position:absolute;left:2px;top:50%;transform:translateY(-50%);width:2px;height:2px;border-radius:50%;background-color:currentColor}.user-tags-preview .tags-empty[data-v-eb58f07c]{color:#909399}.user-tags-preview .tags-total[data-v-eb58f07c]{color:#909399;font-size:12px}.user-tags-preview .manage-button[data-v-eb58f07c]{margin-left:auto;display:inline-flex;align-items:center;gap:4px}.import-user-modal .import-tip[data-v-9d8f7ae8]{color:#808695;margin-bottom:12px}.import-user-modal .import-actions[data-v-9d8f7ae8]{display:flex;gap:12px;align-items:center}.import-user-modal .import-option[data-v-9d8f7ae8]{margin-top:12px}.import-user-modal .import-batch-label[data-v-9d8f7ae8]{flex-shrink:0;min-width:64px;color:#515a6e}.import-user-modal .import-setdept[data-v-9d8f7ae8]{display:flex;align-items:center;gap:8px;margin-top:12px}.import-user-modal .import-setdept .import-setdept-select[data-v-9d8f7ae8]{width:auto}.import-user-modal .import-setverity[data-v-9d8f7ae8]{display:flex;align-items:center;gap:8px;margin-top:12px}.import-user-modal .import-preview[data-v-9d8f7ae8],.import-user-modal .import-result[data-v-9d8f7ae8]{margin-top:16px}.import-user-modal[data-v-9d8f7ae8] .ivu-table-cell{white-space:nowrap}.import-user-modal[data-v-9d8f7ae8] .pwd-cell{cursor:pointer;letter-spacing:1px;-webkit-user-select:none;-moz-user-select:none;user-select:none}.import-user-modal[data-v-9d8f7ae8] .pwd-cell:hover{color:#2d8cf0}.import-user-modal[data-v-9d8f7ae8] .import-row-error td{background-color:#fff2f0}
--- a/public/js/build/CheckinExport.d9659445.css
+++ b/public/js/build/CheckinExport.d9659445.css
@ -1 +0,0 @@
 .checkin-field .ivu-form-item-label{color:#f90;font-weight:500}.checkin-mac-header[data-v-39d6b3fb]{margin-bottom:8px;font-weight:500;color:#606266}.checkin-mac-item[data-v-39d6b3fb]{margin-bottom:8px}.checkin-mac-item .ivu-col[data-v-39d6b3fb]{padding-right:8px}.checkin-mac-item .ivu-col[data-v-39d6b3fb]:last-child{padding-right:0}.checkin-mac-del[data-v-39d6b3fb]{display:flex;align-items:center;justify-content:center;cursor:pointer;color:red}.checkin-mac-del[data-v-39d6b3fb]:hover{opacity:.8}.form-tip[data-v-39d6b3fb]{font-size:12px;color:#999;margin-top:4px}.user-tags-preview[data-v-39d6b3fb]{display:flex;align-items:center;flex-wrap:wrap;gap:8px;min-height:32px}.user-tags-preview .tag-pill[data-v-39d6b3fb]{cursor:pointer;padding:6px 12px;border-radius:12px;font-size:13px;-webkit-user-select:none;-moz-user-select:none;user-select:none;background-color:#f5f5f5;color:#606266;line-height:14px;height:26px;max-width:160px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.user-tags-preview .tag-pill.is-recognized[data-v-39d6b3fb]{color:#67c23a}.user-tags-preview .tag-pill span[data-v-39d6b3fb]{padding-left:8px;position:relative}.user-tags-preview .tag-pill span[data-v-39d6b3fb]:before{content:"";position:absolute;left:2px;top:50%;transform:translateY(-50%);width:2px;height:2px;border-radius:50%;background-color:currentColor}.user-tags-preview .tags-empty[data-v-39d6b3fb]{color:#909399}.user-tags-preview .tags-total[data-v-39d6b3fb]{color:#909399;font-size:12px}.user-tags-preview .manage-button[data-v-39d6b3fb]{margin-left:auto;display:inline-flex;align-items:center;gap:4px}
--- a/public/js/build/CheckinExport.fde214f8.js
+++ b/public/js/build/CheckinExport.fde214f8.js
--- a/public/js/build/DepartmentOwnerView.12553d3a.js
+++ b/public/js/build/DepartmentOwnerView.12553d3a.js
@ -0,0 +1 @@
 import{m as i}from"./vuex.cc7cb26e.js";import{n as o}from"./app.27305e7a.js";var d=function(){var t=this,a=t.$createElement,e=t._self._c||a;return e("Modal",{attrs:{value:t.value,title:t.$L("\u8D1F\u8D23\u4EBA\u89C6\u89D2"),"mask-closable":!1,width:"520"},on:{input:function(s){return t.$emit("input",s)}}},[e("div",{staticClass:"department-owner-view-modal"},[e("Alert",{attrs:{type:"info","show-icon":""}},[t._v(" "+t._s(t.$L("\u53EF\u67E5\u770B\u6240\u9009\u90E8\u95E8\u53CA\u6240\u6709\u4E0B\u7EA7\u90E8\u95E8\u6210\u5458\u53C2\u4E0E\u7684\u9879\u76EE\u548C\u4EFB\u52A1\uFF0C\u4EC5\u652F\u6301\u53EA\u8BFB\u67E5\u770B\u3002"))+" ")]),t.managedDepartments.length>1?e("div",{staticClass:"department-owner-view-actions"},[e("a",{attrs:{href:"javascript:void(0)"},on:{click:function(s){t.draftIds=[]}}},[t._v(t._s(t.$L("\u6E05\u7A7A")))]),e("a",{attrs:{href:"javascript:void(0)"},on:{click:function(s){t.draftIds=t.managedDepartments.map(function(n){return n.id})}}},[t._v(t._s(t.$L("\u5168\u9009")))]),e("a",{attrs:{href:"javascript:void(0)"},on:{click:t.reverseDraft}},[t._v(t._s(t.$L("\u53CD\u9009")))])]):t._e(),e("CheckboxGroup",{staticClass:"department-owner-view-list",model:{value:t.draftIds,callback:function(s){t.draftIds=s},expression:"draftIds"}},t._l(t.managedDepartments,function(s){return e("div",{key:s.id,class:["department-owner-view-item",t.draftIds.includes(s.id)?"active":""],on:{click:function(n){return t.toggleDraft(s.id)}}},[e("div",{staticClass:"department-owner-view-icon"},[e("i",{staticClass:"taskfont"},[t._v("\uE75C")])]),e("div",{staticClass:"department-owner-view-name"},[t._v(t._s(s.name))]),e("Checkbox",{staticClass:"department-owner-view-checkbox",attrs:{label:s.id},nativeOn:{click:function(n){n.stopPropagation()}}},[e("span")])],1)}),0)],1),e("div",{staticClass:"adaption",attrs:{slot:"footer"},slot:"footer"},[e("Button",{attrs:{type:"default",disabled:t.applyLoading},on:{click:function(s){return t.$emit("input",!1)}}},[t._v(t._s(t.$L("\u53D6\u6D88")))]),e("Button",{attrs:{type:"primary",loading:t.applyLoading},on:{click:t.apply}},[t._v(t._s(t.$L("\u786E\u5B9A")))])],1)])},l=[];const c={name:"DepartmentOwnerView",props:{value:Boolean},data(){return{draftIds:[],applyLoading:!1}},computed:{...i(["userInfo","cacheDepartmentOwnerIds"]),managedDepartments(){return(this.userInfo.managed_departments||[]).map(t=>({...t,id:parseInt(t.id)}))}},watch:{value:{immediate:!0,handler(t){t?this.draftIds=(this.cacheDepartmentOwnerIds||[]).slice():this.applyLoading=!1}}},methods:{toggleDraft(t){t=parseInt(t);const a=this.draftIds.indexOf(t);a>-1?this.draftIds.splice(a,1):this.draftIds.push(t)},reverseDraft(){const t=this.draftIds.map(a=>parseInt(a));this.draftIds=this.managedDepartments.map(a=>a.id).filter(a=>!t.includes(a))},async apply(){if(!this.applyLoading){this.applyLoading=!0;try{await this.$store.dispatch("setDepartmentOwnerIds",this.draftIds),this.$emit("input",!1)}catch(t){$A.modalError((t==null?void 0:t.msg)||this.$L("\u5207\u6362\u5931\u8D25"))}finally{this.applyLoading=!1}}}}},r={};var p=o(c,d,l,!1,f,"624ab3e4",null,null);function f(t){for(let a in r)this[a]=r[a]}var u=function(){return p.exports}();export{u as D};
--- a/public/js/build/DepartmentOwnerView.ecabb08d.css
+++ b/public/js/build/DepartmentOwnerView.ecabb08d.css
@ -0,0 +1 @@
 .department-owner-view-modal .department-owner-view-actions[data-v-624ab3e4]{display:flex;justify-content:flex-end;gap:14px;margin:12px 8px 0}.department-owner-view-modal .department-owner-view-list[data-v-624ab3e4]{display:flex;flex-direction:column;margin-top:10px}.department-owner-view-modal .department-owner-view-item[data-v-624ab3e4]{display:flex;align-items:center;padding:10px 12px;cursor:pointer}.department-owner-view-modal .department-owner-view-icon[data-v-624ab3e4]{width:28px;height:28px;border-radius:50%;background-color:#5bc7b0;color:#fff;display:flex;align-items:center;justify-content:center;margin-right:10px}.department-owner-view-modal .department-owner-view-name[data-v-624ab3e4]{flex:1}.department-owner-view-modal .department-owner-view-checkbox[data-v-624ab3e4]{margin-right:0}
--- a/public/js/build/DialogWrapper.1f50fe2a.js
+++ b/public/js/build/DialogWrapper.1f50fe2a.js
--- a/public/js/build/DialogWrapper.f9684b46.js
+++ b/public/js/build/DialogWrapper.f9684b46.js
--- a/public/js/build/Drawio.f7869e1f.js
+++ b/public/js/build/Drawio.f7869e1f.js
@ -1 +1 @@
-import{m as s}from"./vuex.cc7cb26e.js";import{I as m}from"./IFrame.b849e339.js";import{n as p,l as o}from"./app.20ce4f8e.js";import"./jquery.26755d2b.js";import"./@babel.9410f858.js";import"./dayjs.29a2c04b.js";import"./localforage.a7f8d307.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var l=function(){var t=this,e=t.$createElement,i=t._self._c||e;return i("div",{staticClass:"drawio-content"},[i("IFrame",{ref:"frame",staticClass:"drawio-iframe",attrs:{src:t.url},on:{"on-message":t.onMessage}}),t.loadIng?i("div",{staticClass:"drawio-loading"},[i("Loading")],1):t._e()],1)},d=[];const u={name:"Drawio",components:{IFrame:m},props:{value:{type:Object,default:function(){return{}}},title:{type:String,default:""},readOnly:{type:Boolean,default:!1}},data(){return{loadIng:!0,url:null,bakData:""}},created(){let t=o;switch(o){case"zh-CHT":t="zh-tw";break}let e=this.readOnly?1:0,i=this.readOnly?0:1,n=this.themeName==="dark"?"dark":"kennedy",r=`?title=${this.title?encodeURIComponent(this.title):""}&chrome=${i}&lightbox=${e}&ui=${n}&lang=${t}&offline=1&pwa=0&embed=1&noLangIcon=1&noExitBtn=1&noSaveBtn=1&saveAndExit=0&spin=1&proto=json`;this.$Electron?this.url=$A.originUrl(`drawio/webapp/index.html${r}`):this.url=$A.mainUrl(`drawio/webapp/${r}`)},mounted(){window.addEventListener("message",this.handleMessage)},beforeDestroy(){window.removeEventListener("message",this.handleMessage)},watch:{value:{handler(t){this.bakData!=$A.jsonStringify(t)&&(this.bakData=$A.jsonStringify(t),this.updateContent())},deep:!0}},computed:{...s(["themeName"])},methods:{formatZoom(t){return t+"%"},updateContent(){this.$refs.frame.postMessage(JSON.stringify({action:"load",autosave:1,xml:this.value.xml}))},onMessage(t){switch(t.event){case"init":this.loadIng=!1,this.updateContent();break;case"load":typeof this.value.xml=="undefined"&&this.$refs.frame.postMessage(JSON.stringify({action:"template"}));break;case"autosave":const e={xml:t.xml};this.bakData=$A.jsonStringify(e),this.$emit("input",e);break;case"save":this.$emit("saveData");break}}}},a={};var c=p(u,l,d,!1,h,"39021859",null,null);function h(t){for(let e in a)this[e]=a[e]}var pt=function(){return c.exports}();export{pt as default};
+import{m as s}from"./vuex.cc7cb26e.js";import{I as m}from"./IFrame.587d7378.js";import{n as p,l as o}from"./app.27305e7a.js";import"./jquery.9a8e34a6.js";import"./@babel.9410f858.js";import"./dayjs.22b500b5.js";import"./localforage.ff736638.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var l=function(){var t=this,e=t.$createElement,i=t._self._c||e;return i("div",{staticClass:"drawio-content"},[i("IFrame",{ref:"frame",staticClass:"drawio-iframe",attrs:{src:t.url},on:{"on-message":t.onMessage}}),t.loadIng?i("div",{staticClass:"drawio-loading"},[i("Loading")],1):t._e()],1)},d=[];const u={name:"Drawio",components:{IFrame:m},props:{value:{type:Object,default:function(){return{}}},title:{type:String,default:""},readOnly:{type:Boolean,default:!1}},data(){return{loadIng:!0,url:null,bakData:""}},created(){let t=o;switch(o){case"zh-CHT":t="zh-tw";break}let e=this.readOnly?1:0,i=this.readOnly?0:1,n=this.themeName==="dark"?"dark":"kennedy",r=`?title=${this.title?encodeURIComponent(this.title):""}&chrome=${i}&lightbox=${e}&ui=${n}&lang=${t}&offline=1&pwa=0&embed=1&noLangIcon=1&noExitBtn=1&noSaveBtn=1&saveAndExit=0&spin=1&proto=json`;this.$Electron?this.url=$A.originUrl(`drawio/webapp/index.html${r}`):this.url=$A.mainUrl(`drawio/webapp/${r}`)},mounted(){window.addEventListener("message",this.handleMessage)},beforeDestroy(){window.removeEventListener("message",this.handleMessage)},watch:{value:{handler(t){this.bakData!=$A.jsonStringify(t)&&(this.bakData=$A.jsonStringify(t),this.updateContent())},deep:!0}},computed:{...s(["themeName"])},methods:{formatZoom(t){return t+"%"},updateContent(){this.$refs.frame.postMessage(JSON.stringify({action:"load",autosave:1,xml:this.value.xml}))},onMessage(t){switch(t.event){case"init":this.loadIng=!1,this.updateContent();break;case"load":typeof this.value.xml=="undefined"&&this.$refs.frame.postMessage(JSON.stringify({action:"template"}));break;case"autosave":const e={xml:t.xml};this.bakData=$A.jsonStringify(e),this.$emit("input",e);break;case"save":this.$emit("saveData");break}}}},a={};var c=p(u,l,d,!1,h,"39021859",null,null);function h(t){for(let e in a)this[e]=a[e]}var pt=function(){return c.exports}();export{pt as default};
--- a/public/js/build/FileContent.e616cb2a.js
+++ b/public/js/build/FileContent.e616cb2a.js
--- a/public/js/build/FilePreview.5e951915.js
+++ b/public/js/build/FilePreview.5e951915.js
--- a/public/js/build/IFrame.587d7378.js
+++ b/public/js/build/IFrame.587d7378.js
@ -1 +1 @@
-import{n}from"./app.20ce4f8e.js";var i=function(){var e=this,s=e.$createElement,r=e._self._c||s;return r("iframe",{directives:[{name:"show",rawName:"v-show",value:e.src,expression:"src"}],ref:"iframe",attrs:{src:e.src}})},a=[];const o={name:"IFrame",props:{src:{type:String,default:""}},mounted(){this.$refs.iframe.addEventListener("load",this.handleLoad),window.addEventListener("message",this.handleMessage)},beforeDestroy(){this.$refs.iframe.removeEventListener("load",this.handleLoad),window.removeEventListener("message",this.handleMessage)},methods:{handleLoad(){this.$emit("on-load")},handleMessage({data:e,source:s}){var r;s===((r=this.$refs.iframe)==null?void 0:r.contentWindow)&&(e=$A.jsonParse(e),e.source==="fileView"&&e.action==="picture"&&this.$store.dispatch("previewImage",{index:e.params.index,list:e.params.array}),this.$emit("on-message",e))},postMessage(e,s="*"){this.$refs.iframe&&this.$refs.iframe.contentWindow.postMessage(e,s)}}},t={};var m=n(o,i,a,!1,c,null,null,null);function c(e){for(let s in t)this[s]=t[s]}var l=function(){return m.exports}();export{l as I};
+import{n}from"./app.27305e7a.js";var i=function(){var e=this,s=e.$createElement,r=e._self._c||s;return r("iframe",{directives:[{name:"show",rawName:"v-show",value:e.src,expression:"src"}],ref:"iframe",attrs:{src:e.src}})},a=[];const o={name:"IFrame",props:{src:{type:String,default:""}},mounted(){this.$refs.iframe.addEventListener("load",this.handleLoad),window.addEventListener("message",this.handleMessage)},beforeDestroy(){this.$refs.iframe.removeEventListener("load",this.handleLoad),window.removeEventListener("message",this.handleMessage)},methods:{handleLoad(){this.$emit("on-load")},handleMessage({data:e,source:s}){var r;s===((r=this.$refs.iframe)==null?void 0:r.contentWindow)&&(e=$A.jsonParse(e),e.source==="fileView"&&e.action==="picture"&&this.$store.dispatch("previewImage",{index:e.params.index,list:e.params.array}),this.$emit("on-message",e))},postMessage(e,s="*"){this.$refs.iframe&&this.$refs.iframe.contentWindow.postMessage(e,s)}}},t={};var m=n(o,i,a,!1,c,null,null,null);function c(e){for(let s in t)this[s]=t[s]}var l=function(){return m.exports}();export{l as I};
--- a/public/js/build/ImgUpload.2b547ee9.js
+++ b/public/js/build/ImgUpload.2b547ee9.js
--- a/public/js/build/Minder.8b560491.js
+++ b/public/js/build/Minder.8b560491.js
--- a/public/js/build/OnlyOffice.fa6fbffb.js
+++ b/public/js/build/OnlyOffice.fa6fbffb.js
--- a/public/js/build/ReportDetail.565d414d.js
+++ b/public/js/build/ReportDetail.565d414d.js
--- a/public/js/build/ReportEdit.47c6a759.js
+++ b/public/js/build/ReportEdit.47c6a759.js
--- a/public/js/build/SearchButton.0947f685.js
+++ b/public/js/build/SearchButton.0947f685.js
@ -1 +1 @@
-import{n as r}from"./app.20ce4f8e.js";var a=function(){var t=this,n=t.$createElement,e=t._self._c||n;return t.windowTouch?e("div",[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text",icon:"md-refresh"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1):e("Tooltip",{attrs:{theme:"light",placement:t.placement,"transfer-class-name":"search-button-clear",transfer:""}},[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),e("div",{attrs:{slot:"content"},slot:"content"},[t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1)],1)},i=[];const l={name:"SearchButton",props:{loading:{type:Boolean,default:!1},filtering:{type:Boolean,default:!1},placement:{type:String,default:"bottom"}},methods:{onSearch(){this.$emit("search")},onRefresh(){this.$emit("refresh")},onCancelFilter(){this.$emit("cancelFilter")}}},o={};var s=r(l,a,i,!1,c,null,null,null);function c(t){for(let n in o)this[n]=o[n]}var h=function(){return s.exports}();export{h as S};
+import{n as r}from"./app.27305e7a.js";var a=function(){var t=this,n=t.$createElement,e=t._self._c||n;return t.windowTouch?e("div",[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text",icon:"md-refresh"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1):e("Tooltip",{attrs:{theme:"light",placement:t.placement,"transfer-class-name":"search-button-clear",transfer:""}},[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),e("div",{attrs:{slot:"content"},slot:"content"},[t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1)],1)},i=[];const l={name:"SearchButton",props:{loading:{type:Boolean,default:!1},filtering:{type:Boolean,default:!1},placement:{type:String,default:"bottom"}},methods:{onSearch(){this.$emit("search")},onRefresh(){this.$emit("refresh")},onCancelFilter(){this.$emit("cancelFilter")}}},o={};var s=r(l,a,i,!1,c,null,null,null);function c(t){for(let n in o)this[n]=o[n]}var h=function(){return s.exports}();export{h as S};
--- a/public/js/build/TEditor.64cacbb0.js
+++ b/public/js/build/TEditor.64cacbb0.js
--- a/public/js/build/TaskDetail.60331a91.js
+++ b/public/js/build/TaskDetail.60331a91.js
--- a/public/js/build/TaskDetail.631df84d.js
+++ b/public/js/build/TaskDetail.631df84d.js
--- a/public/js/build/TaskDetail.969f53fd.css
+++ b/public/js/build/TaskDetail.969f53fd.css
@ -1 +1 @@
-.task-editor[data-v-5adf557a]{position:relative;word-break:break-all}.task-editor[data-v-5adf557a] .mce-content-body,.task-editor[data-v-5adf557a] .task-editor-content{line-height:1.6}.task-editor[data-v-5adf557a] p{margin:.3em 0}.task-editor[data-v-5adf557a] blockquote,.task-editor[data-v-5adf557a] pre,.task-editor[data-v-5adf557a] ul,.task-editor[data-v-5adf557a] ol{margin:1em 0}.task-editor[data-v-5adf557a] ul,.task-editor[data-v-5adf557a] ol{margin-left:1.5em;padding-left:1.5em}.task-editor[data-v-5adf557a] li{margin:.25em 0}.task-editor[data-v-5adf557a] h1{margin:.67em 0}.task-editor[data-v-5adf557a] h2{margin:.83em 0}.task-editor[data-v-5adf557a] h3{margin:1em 0}.task-editor[data-v-5adf557a] h4{margin:1.33em 0}.task-editor[data-v-5adf557a] h5{margin:1.67em 0}.task-editor[data-v-5adf557a] h6{margin:2.33em 0}.task-editor .task-editor-operate[data-v-5adf557a]{position:absolute;top:0;left:0;width:1px;opacity:0;visibility:hidden;pointer-events:none}.task-tag-select[data-v-e09d999e]{width:100%;display:flex;flex-direction:column}.task-tag-select.no-search .search-box[data-v-e09d999e]{display:none}.task-tag-select.no-search .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:0}.task-tag-select .search-box[data-v-e09d999e]{padding-bottom:8px;border-bottom:1px solid #eee}.task-tag-select .search-box .search-input[data-v-e09d999e]{width:100%;height:34px;padding:0 12px;border:1px solid #dcdfe6;border-radius:4px;outline:none}.task-tag-select .search-box .search-input[data-v-e09d999e]:focus{border-color:#84c56a}.task-tag-select .tag-list[data-v-e09d999e]{flex:1;overflow-y:auto;max-height:300px;margin:0 -12px;padding:0 12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]{display:flex;align-items:flex-start;padding:8px 12px;cursor:pointer;border-radius:6px;margin-bottom:6px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:last-child{margin-bottom:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:hover{background-color:#f5f7fa}.task-tag-select .tag-list .tag-item.is-selected[data-v-e09d999e]{background-color:#ecf5ff}.task-tag-select .tag-list .tag-item .tag-color[data-v-e09d999e]{width:16px;height:16px;border-radius:4px;margin-right:8px;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-info[data-v-e09d999e]{flex:1}.task-tag-select .tag-list .tag-item .tag-info .tag-name[data-v-e09d999e]{line-height:20px;font-size:14px;color:#303133}.task-tag-select .tag-list .tag-item .tag-info .tag-desc[data-v-e09d999e]{font-size:12px;color:#909399;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-check[data-v-e09d999e]{color:#84c56a;margin-left:12px;height:20px;display:flex;align-items:center}.task-tag-select .tag-list .no-data[data-v-e09d999e]{text-align:center;color:#909399;padding:24px 0;margin-bottom:12px}.task-tag-select .footer-box[data-v-e09d999e]{border-top:1px solid #eee;padding-top:8px}.task-tag-select .footer-box .add-button[data-v-e09d999e]{display:flex;align-items:center;justify-content:center;padding:4px 0 2px;cursor:pointer;color:#84c56a;border-radius:6px;transition:color .2s}.task-tag-select .footer-box .add-button[data-v-e09d999e]:hover{color:#a2d98d}.task-tag-select .footer-box .add-button i[data-v-e09d999e]{margin-right:4px}.task-content-history .ivu-page[data-v-204b70c0]{margin-top:12px;display:flex;align-items:center;justify-content:center}
+.task-editor[data-v-4e70a0a5]{position:relative;word-break:break-all}.task-editor[data-v-4e70a0a5] .mce-content-body,.task-editor[data-v-4e70a0a5] .task-editor-content{line-height:1.6}.task-editor[data-v-4e70a0a5] p{margin:.3em 0}.task-editor[data-v-4e70a0a5] blockquote,.task-editor[data-v-4e70a0a5] pre,.task-editor[data-v-4e70a0a5] ul,.task-editor[data-v-4e70a0a5] ol{margin:1em 0}.task-editor[data-v-4e70a0a5] ul,.task-editor[data-v-4e70a0a5] ol{margin-left:1.5em;padding-left:1.5em}.task-editor[data-v-4e70a0a5] li{margin:.25em 0}.task-editor[data-v-4e70a0a5] h1{margin:.67em 0}.task-editor[data-v-4e70a0a5] h2{margin:.83em 0}.task-editor[data-v-4e70a0a5] h3{margin:1em 0}.task-editor[data-v-4e70a0a5] h4{margin:1.33em 0}.task-editor[data-v-4e70a0a5] h5{margin:1.67em 0}.task-editor[data-v-4e70a0a5] h6{margin:2.33em 0}.task-editor .task-editor-operate[data-v-4e70a0a5]{position:absolute;top:0;left:0;width:1px;opacity:0;visibility:hidden;pointer-events:none}.task-tag-select[data-v-e09d999e]{width:100%;display:flex;flex-direction:column}.task-tag-select.no-search .search-box[data-v-e09d999e]{display:none}.task-tag-select.no-search .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:0}.task-tag-select .search-box[data-v-e09d999e]{padding-bottom:8px;border-bottom:1px solid #eee}.task-tag-select .search-box .search-input[data-v-e09d999e]{width:100%;height:34px;padding:0 12px;border:1px solid #dcdfe6;border-radius:4px;outline:none}.task-tag-select .search-box .search-input[data-v-e09d999e]:focus{border-color:#84c56a}.task-tag-select .tag-list[data-v-e09d999e]{flex:1;overflow-y:auto;max-height:300px;margin:0 -12px;padding:0 12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]{display:flex;align-items:flex-start;padding:8px 12px;cursor:pointer;border-radius:6px;margin-bottom:6px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:last-child{margin-bottom:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:hover{background-color:#f5f7fa}.task-tag-select .tag-list .tag-item.is-selected[data-v-e09d999e]{background-color:#ecf5ff}.task-tag-select .tag-list .tag-item .tag-color[data-v-e09d999e]{width:16px;height:16px;border-radius:4px;margin-right:8px;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-info[data-v-e09d999e]{flex:1}.task-tag-select .tag-list .tag-item .tag-info .tag-name[data-v-e09d999e]{line-height:20px;font-size:14px;color:#303133}.task-tag-select .tag-list .tag-item .tag-info .tag-desc[data-v-e09d999e]{font-size:12px;color:#909399;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-check[data-v-e09d999e]{color:#84c56a;margin-left:12px;height:20px;display:flex;align-items:center}.task-tag-select .tag-list .no-data[data-v-e09d999e]{text-align:center;color:#909399;padding:24px 0;margin-bottom:12px}.task-tag-select .footer-box[data-v-e09d999e]{border-top:1px solid #eee;padding-top:8px}.task-tag-select .footer-box .add-button[data-v-e09d999e]{display:flex;align-items:center;justify-content:center;padding:4px 0 2px;cursor:pointer;color:#84c56a;border-radius:6px;transition:color .2s}.task-tag-select .footer-box .add-button[data-v-e09d999e]:hover{color:#a2d98d}.task-tag-select .footer-box .add-button i[data-v-e09d999e]{margin-right:4px}.task-content-history .ivu-page[data-v-a0030d34]{margin-top:12px;display:flex;align-items:center;justify-content:center}
--- a/public/js/build/add.577ae6f1.js
+++ b/public/js/build/add.577ae6f1.js
--- a/Show More
+++ b/Show More
		`@ -1 +1 @@`
			import{n as m}from"./app.20ce4f8e.js";import"./jquery.26755d2b.js";import"./@babel.9410f858.js";import"./dayjs.29a2c04b.js";import"./localforage.a7f8d307.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./vuex.cc7cb26e.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var p=function(){var t=this,r=t.$createElement;return t._self._c,t._m(0)},e=[function(){var t=this,r=t.$createElement,i=t._self._c\|\|r;return i("div",{staticClass:"page-404"},[i("div",{staticClass:"flex-center position-ref full-height"},[i("div",{staticClass:"code"},[t._v("404")]),i("div",{staticClass:"message"},[t._v("Not Found")])])])}];const s={},o={};var _=m(s,p,e,!1,n,"7d7154a8",null,null);function n(t){for(let r in o)this[r]=o[r]}var it=function(){return _.exports}();export{it as default};				import{n as m}from"./app.27305e7a.js";import"./jquery.9a8e34a6.js";import"./@babel.9410f858.js";import"./dayjs.22b500b5.js";import"./localforage.ff736638.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./vuex.cc7cb26e.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var p=function(){var t=this,r=t.$createElement;return t._self._c,t._m(0)},e=[function(){var t=this,r=t.$createElement,i=t._self._c\|\|r;return i("div",{staticClass:"page-404"},[i("div",{staticClass:"flex-center position-ref full-height"},[i("div",{staticClass:"code"},[t._v("404")]),i("div",{staticClass:"message"},[t._v("Not Found")])])])}];const s={},o={};var _=m(s,p,e,!1,n,"7d7154a8",null,null);function n(t){for(let r in o)this[r]=o[r]}var it=function(){return _.exports}();export{it as default};
		`@ -0,0 +1 @@`
							.checkin-field .ivu-form-item-label{color:#f90;font-weight:500}.checkin-mac-header[data-v-eb58f07c]{margin-bottom:8px;font-weight:500;color:#606266}.checkin-mac-item[data-v-eb58f07c]{margin-bottom:8px}.checkin-mac-item .ivu-col[data-v-eb58f07c]{padding-right:8px}.checkin-mac-item .ivu-col[data-v-eb58f07c]:last-child{padding-right:0}.checkin-mac-del[data-v-eb58f07c]{display:flex;align-items:center;justify-content:center;cursor:pointer;color:red}.checkin-mac-del[data-v-eb58f07c]:hover{opacity:.8}.form-tip[data-v-eb58f07c]{font-size:12px;color:#999;margin-top:4px}.user-tags-preview[data-v-eb58f07c]{display:flex;align-items:center;flex-wrap:wrap;gap:8px;min-height:32px}.user-tags-preview .tag-pill[data-v-eb58f07c]{cursor:pointer;padding:6px 12px;border-radius:12px;font-size:13px;-webkit-user-select:none;-moz-user-select:none;user-select:none;background-color:#f5f5f5;color:#606266;line-height:14px;height:26px;max-width:160px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.user-tags-preview .tag-pill.is-recognized[data-v-eb58f07c]{color:#67c23a}.user-tags-preview .tag-pill span[data-v-eb58f07c]{padding-left:8px;position:relative}.user-tags-preview .tag-pill span[data-v-eb58f07c]:before{content:"";position:absolute;left:2px;top:50%;transform:translateY(-50%);width:2px;height:2px;border-radius:50%;background-color:currentColor}.user-tags-preview .tags-empty[data-v-eb58f07c]{color:#909399}.user-tags-preview .tags-total[data-v-eb58f07c]{color:#909399;font-size:12px}.user-tags-preview .manage-button[data-v-eb58f07c]{margin-left:auto;display:inline-flex;align-items:center;gap:4px}.import-user-modal .import-tip[data-v-9d8f7ae8]{color:#808695;margin-bottom:12px}.import-user-modal .import-actions[data-v-9d8f7ae8]{display:flex;gap:12px;align-items:center}.import-user-modal .import-option[data-v-9d8f7ae8]{margin-top:12px}.import-user-modal .import-batch-label[data-v-9d8f7ae8]{flex-shrink:0;min-width:64px;color:#515a6e}.import-user-modal .import-setdept[data-v-9d8f7ae8]{display:flex;align-items:center;gap:8px;margin-top:12px}.import-user-modal .import-setdept .import-setdept-select[data-v-9d8f7ae8]{width:auto}.import-user-modal .import-setverity[data-v-9d8f7ae8]{display:flex;align-items:center;gap:8px;margin-top:12px}.import-user-modal .import-preview[data-v-9d8f7ae8],.import-user-modal .import-result[data-v-9d8f7ae8]{margin-top:16px}.import-user-modal[data-v-9d8f7ae8] .ivu-table-cell{white-space:nowrap}.import-user-modal[data-v-9d8f7ae8] .pwd-cell{cursor:pointer;letter-spacing:1px;-webkit-user-select:none;-moz-user-select:none;user-select:none}.import-user-modal[data-v-9d8f7ae8] .pwd-cell:hover{color:#2d8cf0}.import-user-modal[data-v-9d8f7ae8] .import-row-error td{background-color:#fff2f0}
		`@ -1 +0,0 @@`
			.checkin-field .ivu-form-item-label{color:#f90;font-weight:500}.checkin-mac-header[data-v-39d6b3fb]{margin-bottom:8px;font-weight:500;color:#606266}.checkin-mac-item[data-v-39d6b3fb]{margin-bottom:8px}.checkin-mac-item .ivu-col[data-v-39d6b3fb]{padding-right:8px}.checkin-mac-item .ivu-col[data-v-39d6b3fb]:last-child{padding-right:0}.checkin-mac-del[data-v-39d6b3fb]{display:flex;align-items:center;justify-content:center;cursor:pointer;color:red}.checkin-mac-del[data-v-39d6b3fb]:hover{opacity:.8}.form-tip[data-v-39d6b3fb]{font-size:12px;color:#999;margin-top:4px}.user-tags-preview[data-v-39d6b3fb]{display:flex;align-items:center;flex-wrap:wrap;gap:8px;min-height:32px}.user-tags-preview .tag-pill[data-v-39d6b3fb]{cursor:pointer;padding:6px 12px;border-radius:12px;font-size:13px;-webkit-user-select:none;-moz-user-select:none;user-select:none;background-color:#f5f5f5;color:#606266;line-height:14px;height:26px;max-width:160px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.user-tags-preview .tag-pill.is-recognized[data-v-39d6b3fb]{color:#67c23a}.user-tags-preview .tag-pill span[data-v-39d6b3fb]{padding-left:8px;position:relative}.user-tags-preview .tag-pill span[data-v-39d6b3fb]:before{content:"";position:absolute;left:2px;top:50%;transform:translateY(-50%);width:2px;height:2px;border-radius:50%;background-color:currentColor}.user-tags-preview .tags-empty[data-v-39d6b3fb]{color:#909399}.user-tags-preview .tags-total[data-v-39d6b3fb]{color:#909399;font-size:12px}.user-tags-preview .manage-button[data-v-39d6b3fb]{margin-left:auto;display:inline-flex;align-items:center;gap:4px}
		`@ -0,0 +1 @@`
							import{m as i}from"./vuex.cc7cb26e.js";import{n as o}from"./app.27305e7a.js";var d=function(){var t=this,a=t.$createElement,e=t._self._c\|\|a;return e("Modal",{attrs:{value:t.value,title:t.$L("\u8D1F\u8D23\u4EBA\u89C6\u89D2"),"mask-closable":!1,width:"520"},on:{input:function(s){return t.$emit("input",s)}}},[e("div",{staticClass:"department-owner-view-modal"},[e("Alert",{attrs:{type:"info","show-icon":""}},[t._v(" "+t._s(t.$L("\u53EF\u67E5\u770B\u6240\u9009\u90E8\u95E8\u53CA\u6240\u6709\u4E0B\u7EA7\u90E8\u95E8\u6210\u5458\u53C2\u4E0E\u7684\u9879\u76EE\u548C\u4EFB\u52A1\uFF0C\u4EC5\u652F\u6301\u53EA\u8BFB\u67E5\u770B\u3002"))+" ")]),t.managedDepartments.length>1?e("div",{staticClass:"department-owner-view-actions"},[e("a",{attrs:{href:"javascript:void(0)"},on:{click:function(s){t.draftIds=[]}}},[t._v(t._s(t.$L("\u6E05\u7A7A")))]),e("a",{attrs:{href:"javascript:void(0)"},on:{click:function(s){t.draftIds=t.managedDepartments.map(function(n){return n.id})}}},[t._v(t._s(t.$L("\u5168\u9009")))]),e("a",{attrs:{href:"javascript:void(0)"},on:{click:t.reverseDraft}},[t._v(t._s(t.$L("\u53CD\u9009")))])]):t._e(),e("CheckboxGroup",{staticClass:"department-owner-view-list",model:{value:t.draftIds,callback:function(s){t.draftIds=s},expression:"draftIds"}},t._l(t.managedDepartments,function(s){return e("div",{key:s.id,class:["department-owner-view-item",t.draftIds.includes(s.id)?"active":""],on:{click:function(n){return t.toggleDraft(s.id)}}},[e("div",{staticClass:"department-owner-view-icon"},[e("i",{staticClass:"taskfont"},[t._v("\uE75C")])]),e("div",{staticClass:"department-owner-view-name"},[t._v(t._s(s.name))]),e("Checkbox",{staticClass:"department-owner-view-checkbox",attrs:{label:s.id},nativeOn:{click:function(n){n.stopPropagation()}}},[e("span")])],1)}),0)],1),e("div",{staticClass:"adaption",attrs:{slot:"footer"},slot:"footer"},[e("Button",{attrs:{type:"default",disabled:t.applyLoading},on:{click:function(s){return t.$emit("input",!1)}}},[t._v(t._s(t.$L("\u53D6\u6D88")))]),e("Button",{attrs:{type:"primary",loading:t.applyLoading},on:{click:t.apply}},[t._v(t._s(t.$L("\u786E\u5B9A")))])],1)])},l=[];const c={name:"DepartmentOwnerView",props:{value:Boolean},data(){return{draftIds:[],applyLoading:!1}},computed:{...i(["userInfo","cacheDepartmentOwnerIds"]),managedDepartments(){return(this.userInfo.managed_departments\|\|[]).map(t=>({...t,id:parseInt(t.id)}))}},watch:{value:{immediate:!0,handler(t){t?this.draftIds=(this.cacheDepartmentOwnerIds\|\|[]).slice():this.applyLoading=!1}}},methods:{toggleDraft(t){t=parseInt(t);const a=this.draftIds.indexOf(t);a>-1?this.draftIds.splice(a,1):this.draftIds.push(t)},reverseDraft(){const t=this.draftIds.map(a=>parseInt(a));this.draftIds=this.managedDepartments.map(a=>a.id).filter(a=>!t.includes(a))},async apply(){if(!this.applyLoading){this.applyLoading=!0;try{await this.$store.dispatch("setDepartmentOwnerIds",this.draftIds),this.$emit("input",!1)}catch(t){$A.modalError((t==null?void 0:t.msg)\|\|this.$L("\u5207\u6362\u5931\u8D25"))}finally{this.applyLoading=!1}}}}},r={};var p=o(c,d,l,!1,f,"624ab3e4",null,null);function f(t){for(let a in r)this[a]=r[a]}var u=function(){return p.exports}();export{u as D};
		`@ -0,0 +1 @@`
							.department-owner-view-modal .department-owner-view-actions[data-v-624ab3e4]{display:flex;justify-content:flex-end;gap:14px;margin:12px 8px 0}.department-owner-view-modal .department-owner-view-list[data-v-624ab3e4]{display:flex;flex-direction:column;margin-top:10px}.department-owner-view-modal .department-owner-view-item[data-v-624ab3e4]{display:flex;align-items:center;padding:10px 12px;cursor:pointer}.department-owner-view-modal .department-owner-view-icon[data-v-624ab3e4]{width:28px;height:28px;border-radius:50%;background-color:#5bc7b0;color:#fff;display:flex;align-items:center;justify-content:center;margin-right:10px}.department-owner-view-modal .department-owner-view-name[data-v-624ab3e4]{flex:1}.department-owner-view-modal .department-owner-view-checkbox[data-v-624ab3e4]{margin-right:0}
		`@ -1 +1 @@`
			import{m as s}from"./vuex.cc7cb26e.js";import{I as m}from"./IFrame.b849e339.js";import{n as p,l as o}from"./app.20ce4f8e.js";import"./jquery.26755d2b.js";import"./@babel.9410f858.js";import"./dayjs.29a2c04b.js";import"./localforage.a7f8d307.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var l=function(){var t=this,e=t.$createElement,i=t._self._c\|\|e;return i("div",{staticClass:"drawio-content"},[i("IFrame",{ref:"frame",staticClass:"drawio-iframe",attrs:{src:t.url},on:{"on-message":t.onMessage}}),t.loadIng?i("div",{staticClass:"drawio-loading"},[i("Loading")],1):t._e()],1)},d=[];const u={name:"Drawio",components:{IFrame:m},props:{value:{type:Object,default:function(){return{}}},title:{type:String,default:""},readOnly:{type:Boolean,default:!1}},data(){return{loadIng:!0,url:null,bakData:""}},created(){let t=o;switch(o){case"zh-CHT":t="zh-tw";break}let e=this.readOnly?1:0,i=this.readOnly?0:1,n=this.themeName==="dark"?"dark":"kennedy",r=`?title=${this.title?encodeURIComponent(this.title):""}&chrome=${i}&lightbox=${e}&ui=${n}&lang=${t}&offline=1&pwa=0&embed=1&noLangIcon=1&noExitBtn=1&noSaveBtn=1&saveAndExit=0&spin=1&proto=json`;this.$Electron?this.url=$A.originUrl(`drawio/webapp/index.html${r}`):this.url=$A.mainUrl(`drawio/webapp/${r}`)},mounted(){window.addEventListener("message",this.handleMessage)},beforeDestroy(){window.removeEventListener("message",this.handleMessage)},watch:{value:{handler(t){this.bakData!=$A.jsonStringify(t)&&(this.bakData=$A.jsonStringify(t),this.updateContent())},deep:!0}},computed:{...s(["themeName"])},methods:{formatZoom(t){return t+"%"},updateContent(){this.$refs.frame.postMessage(JSON.stringify({action:"load",autosave:1,xml:this.value.xml}))},onMessage(t){switch(t.event){case"init":this.loadIng=!1,this.updateContent();break;case"load":typeof this.value.xml=="undefined"&&this.$refs.frame.postMessage(JSON.stringify({action:"template"}));break;case"autosave":const e={xml:t.xml};this.bakData=$A.jsonStringify(e),this.$emit("input",e);break;case"save":this.$emit("saveData");break}}}},a={};var c=p(u,l,d,!1,h,"39021859",null,null);function h(t){for(let e in a)this[e]=a[e]}var pt=function(){return c.exports}();export{pt as default};				import{m as s}from"./vuex.cc7cb26e.js";import{I as m}from"./IFrame.587d7378.js";import{n as p,l as o}from"./app.27305e7a.js";import"./jquery.9a8e34a6.js";import"./@babel.9410f858.js";import"./dayjs.22b500b5.js";import"./localforage.ff736638.js";import"./markdown-it.0450edb4.js";import"./mdurl.ce6c1dd8.js";import"./uc.micro.8d343c98.js";import"./entities.48a44fec.js";import"./linkify-it.c5e8196e.js";import"./punycode.js.4b3f125a.js";import"./highlight.js.cbbfb885.js";import"./markdown-it-link-attributes.e1d5d151.js";import"./@traptitech.acea8861.js";import"./vue.adba9046.js";import"./openpgp_hi.15f91b1d.js";import"./axios.37c7f908.js";import"./mitt.1ea0a2a3.js";import"./quill-hi.ca2ea0cc.js";import"./parchment.d5c5924e.js";import"./quill-delta.385a10bf.js";import"./fast-diff.f17881f3.js";import"./lodash.clonedeep.3cc09a31.js";import"./lodash.isequal.dbdc2157.js";import"./eventemitter3.78b735ad.js";import"./lodash-es.76e3a28b.js";import"./quill-mention-hi.4eeb5a2d.js";import"./view-design-hi.f1128b4d.js";import"./html-to-md.f297036e.js";import"./lodash.8fcd6fd4.js";import"./vue-router.2d566cd7.js";import"./vue-clipboard2.fd43a5bc.js";import"./clipboard.37b37361.js";import"./vuedraggable.f464b992.js";import"./sortablejs.3488b922.js";import"./vue-resize-observer.5af23a43.js";import"./element-sea.f8a64907.js";import"./deepmerge.cecf392e.js";import"./resize-observer-polyfill.5d591c5f.js";import"./throttle-debounce.7c3948b2.js";import"./babel-helper-vue-jsx-merge-props.5ed215c3.js";import"./normalize-wheel.2a034b9f.js";import"./async-validator.dca2b951.js";import"./babel-runtime.4773988a.js";import"./core-js.314b4a1d.js";var l=function(){var t=this,e=t.$createElement,i=t._self._c\|\|e;return i("div",{staticClass:"drawio-content"},[i("IFrame",{ref:"frame",staticClass:"drawio-iframe",attrs:{src:t.url},on:{"on-message":t.onMessage}}),t.loadIng?i("div",{staticClass:"drawio-loading"},[i("Loading")],1):t._e()],1)},d=[];const u={name:"Drawio",components:{IFrame:m},props:{value:{type:Object,default:function(){return{}}},title:{type:String,default:""},readOnly:{type:Boolean,default:!1}},data(){return{loadIng:!0,url:null,bakData:""}},created(){let t=o;switch(o){case"zh-CHT":t="zh-tw";break}let e=this.readOnly?1:0,i=this.readOnly?0:1,n=this.themeName==="dark"?"dark":"kennedy",r=`?title=${this.title?encodeURIComponent(this.title):""}&chrome=${i}&lightbox=${e}&ui=${n}&lang=${t}&offline=1&pwa=0&embed=1&noLangIcon=1&noExitBtn=1&noSaveBtn=1&saveAndExit=0&spin=1&proto=json`;this.$Electron?this.url=$A.originUrl(`drawio/webapp/index.html${r}`):this.url=$A.mainUrl(`drawio/webapp/${r}`)},mounted(){window.addEventListener("message",this.handleMessage)},beforeDestroy(){window.removeEventListener("message",this.handleMessage)},watch:{value:{handler(t){this.bakData!=$A.jsonStringify(t)&&(this.bakData=$A.jsonStringify(t),this.updateContent())},deep:!0}},computed:{...s(["themeName"])},methods:{formatZoom(t){return t+"%"},updateContent(){this.$refs.frame.postMessage(JSON.stringify({action:"load",autosave:1,xml:this.value.xml}))},onMessage(t){switch(t.event){case"init":this.loadIng=!1,this.updateContent();break;case"load":typeof this.value.xml=="undefined"&&this.$refs.frame.postMessage(JSON.stringify({action:"template"}));break;case"autosave":const e={xml:t.xml};this.bakData=$A.jsonStringify(e),this.$emit("input",e);break;case"save":this.$emit("saveData");break}}}},a={};var c=p(u,l,d,!1,h,"39021859",null,null);function h(t){for(let e in a)this[e]=a[e]}var pt=function(){return c.exports}();export{pt as default};
		`@ -1 +1 @@`
			import{n}from"./app.20ce4f8e.js";var i=function(){var e=this,s=e.$createElement,r=e._self._c\|\|s;return r("iframe",{directives:[{name:"show",rawName:"v-show",value:e.src,expression:"src"}],ref:"iframe",attrs:{src:e.src}})},a=[];const o={name:"IFrame",props:{src:{type:String,default:""}},mounted(){this.$refs.iframe.addEventListener("load",this.handleLoad),window.addEventListener("message",this.handleMessage)},beforeDestroy(){this.$refs.iframe.removeEventListener("load",this.handleLoad),window.removeEventListener("message",this.handleMessage)},methods:{handleLoad(){this.$emit("on-load")},handleMessage({data:e,source:s}){var r;s===((r=this.$refs.iframe)==null?void 0:r.contentWindow)&&(e=$A.jsonParse(e),e.source==="fileView"&&e.action==="picture"&&this.$store.dispatch("previewImage",{index:e.params.index,list:e.params.array}),this.$emit("on-message",e))},postMessage(e,s="*"){this.$refs.iframe&&this.$refs.iframe.contentWindow.postMessage(e,s)}}},t={};var m=n(o,i,a,!1,c,null,null,null);function c(e){for(let s in t)this[s]=t[s]}var l=function(){return m.exports}();export{l as I};				import{n}from"./app.27305e7a.js";var i=function(){var e=this,s=e.$createElement,r=e._self._c\|\|s;return r("iframe",{directives:[{name:"show",rawName:"v-show",value:e.src,expression:"src"}],ref:"iframe",attrs:{src:e.src}})},a=[];const o={name:"IFrame",props:{src:{type:String,default:""}},mounted(){this.$refs.iframe.addEventListener("load",this.handleLoad),window.addEventListener("message",this.handleMessage)},beforeDestroy(){this.$refs.iframe.removeEventListener("load",this.handleLoad),window.removeEventListener("message",this.handleMessage)},methods:{handleLoad(){this.$emit("on-load")},handleMessage({data:e,source:s}){var r;s===((r=this.$refs.iframe)==null?void 0:r.contentWindow)&&(e=$A.jsonParse(e),e.source==="fileView"&&e.action==="picture"&&this.$store.dispatch("previewImage",{index:e.params.index,list:e.params.array}),this.$emit("on-message",e))},postMessage(e,s="*"){this.$refs.iframe&&this.$refs.iframe.contentWindow.postMessage(e,s)}}},t={};var m=n(o,i,a,!1,c,null,null,null);function c(e){for(let s in t)this[s]=t[s]}var l=function(){return m.exports}();export{l as I};
		`@ -1 +1 @@`
			import{n as r}from"./app.20ce4f8e.js";var a=function(){var t=this,n=t.$createElement,e=t._self._c\|\|n;return t.windowTouch?e("div",[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text",icon:"md-refresh"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1):e("Tooltip",{attrs:{theme:"light",placement:t.placement,"transfer-class-name":"search-button-clear",transfer:""}},[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),e("div",{attrs:{slot:"content"},slot:"content"},[t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1)],1)},i=[];const l={name:"SearchButton",props:{loading:{type:Boolean,default:!1},filtering:{type:Boolean,default:!1},placement:{type:String,default:"bottom"}},methods:{onSearch(){this.$emit("search")},onRefresh(){this.$emit("refresh")},onCancelFilter(){this.$emit("cancelFilter")}}},o={};var s=r(l,a,i,!1,c,null,null,null);function c(t){for(let n in o)this[n]=o[n]}var h=function(){return s.exports}();export{h as S};				import{n as r}from"./app.27305e7a.js";var a=function(){var t=this,n=t.$createElement,e=t._self._c\|\|n;return t.windowTouch?e("div",[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text",icon:"md-refresh"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1):e("Tooltip",{attrs:{theme:"light",placement:t.placement,"transfer-class-name":"search-button-clear",transfer:""}},[e("Button",{attrs:{loading:t.loading,type:"primary",icon:"ios-search"},on:{click:t.onSearch}},[t._v(t._s(t.$L("\u641C\u7D22")))]),e("div",{attrs:{slot:"content"},slot:"content"},[t.filtering?e("Button",{attrs:{type:"text"},on:{click:t.onCancelFilter}},[t._v(t._s(t.$L("\u53D6\u6D88\u7B5B\u9009")))]):e("Button",{attrs:{loading:t.loading,type:"text"},on:{click:t.onRefresh}},[t._v(t._s(t.$L("\u5237\u65B0")))])],1)],1)},i=[];const l={name:"SearchButton",props:{loading:{type:Boolean,default:!1},filtering:{type:Boolean,default:!1},placement:{type:String,default:"bottom"}},methods:{onSearch(){this.$emit("search")},onRefresh(){this.$emit("refresh")},onCancelFilter(){this.$emit("cancelFilter")}}},o={};var s=r(l,a,i,!1,c,null,null,null);function c(t){for(let n in o)this[n]=o[n]}var h=function(){return s.exports}();export{h as S};
		`@ -1 +1 @@`
			.task-editor[data-v-5adf557a]{position:relative;word-break:break-all}.task-editor[data-v-5adf557a] .mce-content-body,.task-editor[data-v-5adf557a] .task-editor-content{line-height:1.6}.task-editor[data-v-5adf557a] p{margin:.3em 0}.task-editor[data-v-5adf557a] blockquote,.task-editor[data-v-5adf557a] pre,.task-editor[data-v-5adf557a] ul,.task-editor[data-v-5adf557a] ol{margin:1em 0}.task-editor[data-v-5adf557a] ul,.task-editor[data-v-5adf557a] ol{margin-left:1.5em;padding-left:1.5em}.task-editor[data-v-5adf557a] li{margin:.25em 0}.task-editor[data-v-5adf557a] h1{margin:.67em 0}.task-editor[data-v-5adf557a] h2{margin:.83em 0}.task-editor[data-v-5adf557a] h3{margin:1em 0}.task-editor[data-v-5adf557a] h4{margin:1.33em 0}.task-editor[data-v-5adf557a] h5{margin:1.67em 0}.task-editor[data-v-5adf557a] h6{margin:2.33em 0}.task-editor .task-editor-operate[data-v-5adf557a]{position:absolute;top:0;left:0;width:1px;opacity:0;visibility:hidden;pointer-events:none}.task-tag-select[data-v-e09d999e]{width:100%;display:flex;flex-direction:column}.task-tag-select.no-search .search-box[data-v-e09d999e]{display:none}.task-tag-select.no-search .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:0}.task-tag-select .search-box[data-v-e09d999e]{padding-bottom:8px;border-bottom:1px solid #eee}.task-tag-select .search-box .search-input[data-v-e09d999e]{width:100%;height:34px;padding:0 12px;border:1px solid #dcdfe6;border-radius:4px;outline:none}.task-tag-select .search-box .search-input[data-v-e09d999e]:focus{border-color:#84c56a}.task-tag-select .tag-list[data-v-e09d999e]{flex:1;overflow-y:auto;max-height:300px;margin:0 -12px;padding:0 12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]{display:flex;align-items:flex-start;padding:8px 12px;cursor:pointer;border-radius:6px;margin-bottom:6px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:last-child{margin-bottom:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:hover{background-color:#f5f7fa}.task-tag-select .tag-list .tag-item.is-selected[data-v-e09d999e]{background-color:#ecf5ff}.task-tag-select .tag-list .tag-item .tag-color[data-v-e09d999e]{width:16px;height:16px;border-radius:4px;margin-right:8px;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-info[data-v-e09d999e]{flex:1}.task-tag-select .tag-list .tag-item .tag-info .tag-name[data-v-e09d999e]{line-height:20px;font-size:14px;color:#303133}.task-tag-select .tag-list .tag-item .tag-info .tag-desc[data-v-e09d999e]{font-size:12px;color:#909399;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-check[data-v-e09d999e]{color:#84c56a;margin-left:12px;height:20px;display:flex;align-items:center}.task-tag-select .tag-list .no-data[data-v-e09d999e]{text-align:center;color:#909399;padding:24px 0;margin-bottom:12px}.task-tag-select .footer-box[data-v-e09d999e]{border-top:1px solid #eee;padding-top:8px}.task-tag-select .footer-box .add-button[data-v-e09d999e]{display:flex;align-items:center;justify-content:center;padding:4px 0 2px;cursor:pointer;color:#84c56a;border-radius:6px;transition:color .2s}.task-tag-select .footer-box .add-button[data-v-e09d999e]:hover{color:#a2d98d}.task-tag-select .footer-box .add-button i[data-v-e09d999e]{margin-right:4px}.task-content-history .ivu-page[data-v-204b70c0]{margin-top:12px;display:flex;align-items:center;justify-content:center}				.task-editor[data-v-4e70a0a5]{position:relative;word-break:break-all}.task-editor[data-v-4e70a0a5] .mce-content-body,.task-editor[data-v-4e70a0a5] .task-editor-content{line-height:1.6}.task-editor[data-v-4e70a0a5] p{margin:.3em 0}.task-editor[data-v-4e70a0a5] blockquote,.task-editor[data-v-4e70a0a5] pre,.task-editor[data-v-4e70a0a5] ul,.task-editor[data-v-4e70a0a5] ol{margin:1em 0}.task-editor[data-v-4e70a0a5] ul,.task-editor[data-v-4e70a0a5] ol{margin-left:1.5em;padding-left:1.5em}.task-editor[data-v-4e70a0a5] li{margin:.25em 0}.task-editor[data-v-4e70a0a5] h1{margin:.67em 0}.task-editor[data-v-4e70a0a5] h2{margin:.83em 0}.task-editor[data-v-4e70a0a5] h3{margin:1em 0}.task-editor[data-v-4e70a0a5] h4{margin:1.33em 0}.task-editor[data-v-4e70a0a5] h5{margin:1.67em 0}.task-editor[data-v-4e70a0a5] h6{margin:2.33em 0}.task-editor .task-editor-operate[data-v-4e70a0a5]{position:absolute;top:0;left:0;width:1px;opacity:0;visibility:hidden;pointer-events:none}.task-tag-select[data-v-e09d999e]{width:100%;display:flex;flex-direction:column}.task-tag-select.no-search .search-box[data-v-e09d999e]{display:none}.task-tag-select.no-search .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:0}.task-tag-select .search-box[data-v-e09d999e]{padding-bottom:8px;border-bottom:1px solid #eee}.task-tag-select .search-box .search-input[data-v-e09d999e]{width:100%;height:34px;padding:0 12px;border:1px solid #dcdfe6;border-radius:4px;outline:none}.task-tag-select .search-box .search-input[data-v-e09d999e]:focus{border-color:#84c56a}.task-tag-select .tag-list[data-v-e09d999e]{flex:1;overflow-y:auto;max-height:300px;margin:0 -12px;padding:0 12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]{display:flex;align-items:flex-start;padding:8px 12px;cursor:pointer;border-radius:6px;margin-bottom:6px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:first-child{margin-top:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:last-child{margin-bottom:12px}.task-tag-select .tag-list .tag-item[data-v-e09d999e]:hover{background-color:#f5f7fa}.task-tag-select .tag-list .tag-item.is-selected[data-v-e09d999e]{background-color:#ecf5ff}.task-tag-select .tag-list .tag-item .tag-color[data-v-e09d999e]{width:16px;height:16px;border-radius:4px;margin-right:8px;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-info[data-v-e09d999e]{flex:1}.task-tag-select .tag-list .tag-item .tag-info .tag-name[data-v-e09d999e]{line-height:20px;font-size:14px;color:#303133}.task-tag-select .tag-list .tag-item .tag-info .tag-desc[data-v-e09d999e]{font-size:12px;color:#909399;margin-top:2px}.task-tag-select .tag-list .tag-item .tag-check[data-v-e09d999e]{color:#84c56a;margin-left:12px;height:20px;display:flex;align-items:center}.task-tag-select .tag-list .no-data[data-v-e09d999e]{text-align:center;color:#909399;padding:24px 0;margin-bottom:12px}.task-tag-select .footer-box[data-v-e09d999e]{border-top:1px solid #eee;padding-top:8px}.task-tag-select .footer-box .add-button[data-v-e09d999e]{display:flex;align-items:center;justify-content:center;padding:4px 0 2px;cursor:pointer;color:#84c56a;border-radius:6px;transition:color .2s}.task-tag-select .footer-box .add-button[data-v-e09d999e]:hover{color:#a2d98d}.task-tag-select .footer-box .add-button i[data-v-e09d999e]{margin-right:4px}.task-content-history .ivu-page[data-v-a0030d34]{margin-top:12px;display:flex;align-items:center;justify-content:center}