diff --git a/.github/workflows/test-fastgpt.yaml b/.github/workflows/test-fastgpt.yaml
index 3586f5b276..3c7f560d72 100644
--- a/.github/workflows/test-fastgpt.yaml
+++ b/.github/workflows/test-fastgpt.yaml
@@ -3,16 +3,20 @@ on:
   pull_request:
   workflow_dispatch:
 
+# Only one build per PR branch at a time
+concurrency:
+  group: 'test-fastgpt-${{ github.head_ref }}'
+  cancel-in-progress: true
+
+permissions:
+  # Required to checkout the code
+  contents: read
+  # Required to put a comment into the pull-request
+  pull-requests: write
+
 jobs:
   test:
     runs-on: ubuntu-latest
-
-    permissions:
-      # Required to checkout the code
-      contents: read
-      # Required to put a comment into the pull-request
-      pull-requests: write
-
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/deploy/docker/cn/docker-compose.milvus.yml b/deploy/docker/cn/docker-compose.milvus.yml
index 9ad432f9ba..4912178421 100644
--- a/deploy/docker/cn/docker-compose.milvus.yml
+++ b/deploy/docker/cn/docker-compose.milvus.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -192,51 +198,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -244,6 +273,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/cn/docker-compose.oceanbase.yml b/deploy/docker/cn/docker-compose.oceanbase.yml
index e39c274878..9c1f60c610 100644
--- a/deploy/docker/cn/docker-compose.oceanbase.yml
+++ b/deploy/docker/cn/docker-compose.oceanbase.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -169,51 +175,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -221,6 +250,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/cn/docker-compose.pg.yml b/deploy/docker/cn/docker-compose.pg.yml
index 77aad45194..1a1432e400 100644
--- a/deploy/docker/cn/docker-compose.pg.yml
+++ b/deploy/docker/cn/docker-compose.pg.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -150,51 +156,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -202,6 +231,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/cn/docker-compose.seekdb.yml b/deploy/docker/cn/docker-compose.seekdb.yml
index fdc65c8580..a2de974c15 100644
--- a/deploy/docker/cn/docker-compose.seekdb.yml
+++ b/deploy/docker/cn/docker-compose.seekdb.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -156,51 +162,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -208,6 +237,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/cn/docker-compose.zilliz.yml b/deploy/docker/cn/docker-compose.zilliz.yml
index d7334f73ed..6928a15c7f 100644
--- a/deploy/docker/cn/docker-compose.zilliz.yml
+++ b/deploy/docker/cn/docker-compose.zilliz.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -134,51 +140,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -186,6 +215,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/global/docker-compose.milvus.yml b/deploy/docker/global/docker-compose.milvus.yml
index 3b9ba6f5ea..876620e014 100644
--- a/deploy/docker/global/docker-compose.milvus.yml
+++ b/deploy/docker/global/docker-compose.milvus.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -192,51 +198,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -244,6 +273,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/global/docker-compose.oceanbase.yml b/deploy/docker/global/docker-compose.oceanbase.yml
index 26cc22ea62..b5b6042bed 100644
--- a/deploy/docker/global/docker-compose.oceanbase.yml
+++ b/deploy/docker/global/docker-compose.oceanbase.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -169,51 +175,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -221,6 +250,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/global/docker-compose.pg.yml b/deploy/docker/global/docker-compose.pg.yml
index 88d194aafc..9bcdf4a2d2 100644
--- a/deploy/docker/global/docker-compose.pg.yml
+++ b/deploy/docker/global/docker-compose.pg.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -150,51 +156,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -202,6 +231,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/global/docker-compose.seekdb.yml b/deploy/docker/global/docker-compose.seekdb.yml
index eca3330c15..4c75064566 100644
--- a/deploy/docker/global/docker-compose.seekdb.yml
+++ b/deploy/docker/global/docker-compose.seekdb.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -156,51 +162,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -208,6 +237,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/docker/global/docker-compose.ziliiz.yml b/deploy/docker/global/docker-compose.ziliiz.yml
index f86081f85c..680d9547f2 100644
--- a/deploy/docker/global/docker-compose.ziliiz.yml
+++ b/deploy/docker/global/docker-compose.ziliiz.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -134,51 +140,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -186,6 +215,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/deploy/templates/docker-compose.prod.yml b/deploy/templates/docker-compose.prod.yml
index 31bd39c008..a50a808d28 100644
--- a/deploy/templates/docker-compose.prod.yml
+++ b/deploy/templates/docker-compose.prod.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -133,51 +139,74 @@ ${{vec.db}}
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ${{fastgpt-sandbox.image}}:${{fastgpt-sandbox.tag}}
     networks:
       - fastgpt
@@ -185,6 +214,37 @@ ${{vec.db}}
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/content/docs/self-host/upgrading/4-14/4148.mdx b/document/content/docs/self-host/upgrading/4-14/4148.mdx
index a9dc56a532..0c2b32d1c6 100644
--- a/document/content/docs/self-host/upgrading/4-14/4148.mdx
+++ b/document/content/docs/self-host/upgrading/4-14/4148.mdx
@@ -13,7 +13,6 @@ description: 'FastGPT V4.14.8 更新说明'
 - mcp_server 无需更新
 - 更新 sandbox 镜像 tag: v4.14.8
 - AIProxy 无需更新
-- mongo 无需更新
 
 ## 🚀 新增内容
 
diff --git a/document/content/docs/self-host/upgrading/4-14/4149.mdx b/document/content/docs/self-host/upgrading/4-14/4149.mdx
index abca4bc11e..c442032e9b 100644
--- a/document/content/docs/self-host/upgrading/4-14/4149.mdx
+++ b/document/content/docs/self-host/upgrading/4-14/4149.mdx
@@ -3,29 +3,39 @@ title: 'V4.14.9(进行中)'
 description: 'FastGPT V4.14.9 更新说明'
 ---
 
-### 环境变量更新
+## 升级指南
 
-1. 修改 FastGPT 环境变量：CODE_SANDBOX_URL 和 SANDBOX_TOKEN，改名成 CODE_SANDBOX_URL 和 CODE_SANDBOX_TOKEN：
+###  1. 环境变量更新
+
+1. 修改 FastGPT 环境变量：SANDBOX_URL 和 SANDBOX_TOKEN，改名成 CODE_SANDBOX_URL 和 CODE_SANDBOX_TOKEN：
 
 ```bash
+# 旧的
 SANDBOX_URL=代码运行沙盒的地址
 SANDBOX_TOKEN=代码运行沙盒的凭证（可以为空，4.14.8 新增加了鉴权）
-# 新增 Agent sandbox 沙盒环境变量
-AGENT_SANDBOX_PROVIDER=
-AGENT_SANDBOX_SEALOS_BASEURL=
-AGENT_SANDBOX_SEALOS_TOKEN=
+# 新的
+CODE_SANDBOX_URL=代码运行沙盒的地址
+CODE_SANDBOX_TOKEN=代码运行沙盒的凭证（可以为空，4.14.8 新增加了鉴权）
 ```
 
-2. 默认开启了内网安全检查，如需关闭，需设置环境变量`CHECK_INTERNAL_IP=false`
+2. 默认关闭内网安全检查，如需开启，需设置环境变量`CHECK_INTERNAL_IP=true`（fastgpt,fastgpt-pro,fastgpt-sandbox 通用变量）
+
+### 2. 更新镜像
+
+- 更新 FastGPT 镜像 tag: v4.14.9
+- 更新 FastGPT 商业版镜像 tag: v4.14.9
+- 更新 fastgpt-plugin 镜像 tag: v0.5.5
+- mcp_server 无需更新
+- 更新 sandbox 镜像 tag: v4.14.9
+- AIProxy 无需更新
 
 ## 接口变更
 
 `/api/core/chat/getPaginationRecords` 接口，增加返回`useAgentSandbox:boolean`字段，代表本轮对话，是否使用了虚拟机工具。即将移除`llmModuleAccount`和`historyPreviewLength`字段，如使用该字段，请尽快适配。
 
-
 ## 🚀 新增内容
 
-1. 新增 AI 虚拟机功能，可以给 AI 挂载一个虚拟机工具进行更丰富的操作。
+1. 新增 AI 虚拟机功能，可以给 AI 挂载一个虚拟机工具进行更丰富的操作。（目前仅云服务开放使用,下个版本会推出轻量部署方案）
 2. AgentV2 上下文适配暂停态。
 3. 封装 logger sdk。增加 Metrics 追踪。
 4. 更新知识库单个数据时，同步更新 collection 更新时间。
@@ -35,14 +45,15 @@ AGENT_SANDBOX_SEALOS_TOKEN=
 
 1. api 知识库同步时，增加更多 fallback 获取文件名方式。
 2. HTTP 工具，增加 SSRF 防御。
-3. 兼容更多 MCP JsonSchema 字段。
+3. 兼容更多 MCP JsonSchema 字段，旧版无法适配混合类型字段。
 4. 优化部分工作流运行池逻辑，减少计算复杂度
 5. 调整工作流 runtime，用 Tarjan SCC 算法替代 DSC 进行 edges 分组，解决工作流复杂循环无法运行问题。
+6. 系统工具集不显示版本（因为其无版本可选）。
 
 ## 🐛 修复
 
 1. 工作流嵌套插件时，未成功保留插件运行详情。同时整理所有 tool 类型前缀。
-2. 更新 MCP toolset 后可能无法正常调用。
+2. 更新并保存 MCP toolset 后可能无法正常调用（由于 toolId 获取错误）。
 3. API 知识库，文件列表搜索框丢失。
 4. 工作流变量值，包含特殊值($.)的时候，导致值替换异常。
 5. 工作流引用 agent 工具时，获取版本异常。
@@ -52,7 +63,10 @@ AGENT_SANDBOX_SEALOS_TOKEN=
 9. 修复订阅套餐自定义字段未生效
 10. login接口，存在异步 session 问题，会出现报错日志。
 12. 修复判断器 arrayAny 类型无判断条件可选
-13. 系统工具集不显示版本
-14. 修复视频音频自定义文件类型流程开始无文件链接变量
-15. 用户输入框消息不转义成 markdown 格式
-16. 修复 AgentV2 部分上下文错误。
+13. 修复视频音频自定义文件类型流程开始无文件链接变量
+14. 用户输入框消息不转义成 markdown 格式
+15. 修复 AgentV2 部分上下文拼接错误。
+
+## 代码优化
+
+1. 商业版开发时，monorepo 指向不同 react 导致需重装包。
\ No newline at end of file
diff --git a/document/data/doc-last-modified.json b/document/data/doc-last-modified.json
index de514dd7b6..6e320b1af4 100644
--- a/document/data/doc-last-modified.json
+++ b/document/data/doc-last-modified.json
@@ -238,7 +238,7 @@
   "document/content/docs/self-host/upgrading/4-14/4148.mdx": "2026-03-09T17:39:53+08:00",
   "document/content/docs/self-host/upgrading/4-14/41481.en.mdx": "2026-03-09T12:02:02+08:00",
   "document/content/docs/self-host/upgrading/4-14/41481.mdx": "2026-03-09T17:39:53+08:00",
-  "document/content/docs/self-host/upgrading/4-14/4149.mdx": "2026-03-20T22:01:38+08:00",
+  "document/content/docs/self-host/upgrading/4-14/4149.mdx": "2026-03-22T17:40:08+08:00",
   "document/content/docs/self-host/upgrading/outdated/40.en.mdx": "2026-03-03T17:39:47+08:00",
   "document/content/docs/self-host/upgrading/outdated/40.mdx": "2026-03-03T17:39:47+08:00",
   "document/content/docs/self-host/upgrading/outdated/41.en.mdx": "2026-03-03T17:39:47+08:00",
@@ -379,8 +379,8 @@
   "document/content/docs/self-host/upgrading/outdated/499.mdx": "2026-03-03T17:39:47+08:00",
   "document/content/docs/self-host/upgrading/upgrade-intruction.en.mdx": "2026-03-03T17:39:47+08:00",
   "document/content/docs/self-host/upgrading/upgrade-intruction.mdx": "2026-03-03T17:39:47+08:00",
-  "document/content/docs/toc.en.mdx": "2026-03-20T21:57:22+08:00",
-  "document/content/docs/toc.mdx": "2026-03-20T21:57:22+08:00",
+  "document/content/docs/toc.en.mdx": "2026-03-21T12:19:44+08:00",
+  "document/content/docs/toc.mdx": "2026-03-21T12:19:44+08:00",
   "document/content/docs/use-cases/app-cases/dalle3.en.mdx": "2026-02-26T22:14:30+08:00",
   "document/content/docs/use-cases/app-cases/dalle3.mdx": "2025-07-23T21:35:03+08:00",
   "document/content/docs/use-cases/app-cases/english_essay_correction_bot.en.mdx": "2026-02-26T22:14:30+08:00",
diff --git a/document/public/deploy/docker/cn/docker-compose.milvus.yml b/document/public/deploy/docker/cn/docker-compose.milvus.yml
index 9ad432f9ba..4912178421 100644
--- a/document/public/deploy/docker/cn/docker-compose.milvus.yml
+++ b/document/public/deploy/docker/cn/docker-compose.milvus.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -192,51 +198,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -244,6 +273,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml
index e39c274878..9c1f60c610 100644
--- a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml
+++ b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -169,51 +175,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -221,6 +250,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/cn/docker-compose.pg.yml b/document/public/deploy/docker/cn/docker-compose.pg.yml
index 77aad45194..1a1432e400 100644
--- a/document/public/deploy/docker/cn/docker-compose.pg.yml
+++ b/document/public/deploy/docker/cn/docker-compose.pg.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -150,51 +156,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -202,6 +231,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/cn/docker-compose.seekdb.yml
index fdc65c8580..a2de974c15 100644
--- a/document/public/deploy/docker/cn/docker-compose.seekdb.yml
+++ b/document/public/deploy/docker/cn/docker-compose.seekdb.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -156,51 +162,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -208,6 +237,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/cn/docker-compose.zilliz.yml
index d7334f73ed..6928a15c7f 100644
--- a/document/public/deploy/docker/cn/docker-compose.zilliz.yml
+++ b/document/public/deploy/docker/cn/docker-compose.zilliz.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -134,51 +140,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -186,6 +215,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/global/docker-compose.milvus.yml b/document/public/deploy/docker/global/docker-compose.milvus.yml
index 3b9ba6f5ea..876620e014 100644
--- a/document/public/deploy/docker/global/docker-compose.milvus.yml
+++ b/document/public/deploy/docker/global/docker-compose.milvus.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -192,51 +198,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -244,6 +273,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/global/docker-compose.oceanbase.yml
index 26cc22ea62..b5b6042bed 100644
--- a/document/public/deploy/docker/global/docker-compose.oceanbase.yml
+++ b/document/public/deploy/docker/global/docker-compose.oceanbase.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -169,51 +175,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -221,6 +250,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/global/docker-compose.pg.yml b/document/public/deploy/docker/global/docker-compose.pg.yml
index 88d194aafc..9bcdf4a2d2 100644
--- a/document/public/deploy/docker/global/docker-compose.pg.yml
+++ b/document/public/deploy/docker/global/docker-compose.pg.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -150,51 +156,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -202,6 +231,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/global/docker-compose.seekdb.yml b/document/public/deploy/docker/global/docker-compose.seekdb.yml
index eca3330c15..4c75064566 100644
--- a/document/public/deploy/docker/global/docker-compose.seekdb.yml
+++ b/document/public/deploy/docker/global/docker-compose.seekdb.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -156,51 +162,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -208,6 +237,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/document/public/deploy/docker/global/docker-compose.ziliiz.yml b/document/public/deploy/docker/global/docker-compose.ziliiz.yml
index f86081f85c..680d9547f2 100644
--- a/document/public/deploy/docker/global/docker-compose.ziliiz.yml
+++ b/document/public/deploy/docker/global/docker-compose.ziliiz.yml
@@ -3,8 +3,14 @@
 # - FastGPT-mcp-server 端口映射 3005:3000
 # - 建议修改账密后再运行
 
+# root 默认密码（重启后会强制重置该密码成环境变量值）
+x-default-root-psw: &x-default-root-psw '1234'
+# 系统最高密钥凭证
+x-system-key: &x-system-key 'fastgpt-xxx'
 # plugin auth token
 x-plugin-auth-token: &x-plugin-auth-token 'token'
+# code sandbox token
+x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
 # aiproxy token
 x-aiproxy-token: &x-aiproxy-token 'token'
 # 数据库连接相关配置
@@ -134,51 +140,74 @@ services:
       - fastgpt
     depends_on:
       - mongo
-      - sandbox
+      - codeSandbox
       - vectorDB
     restart: always
     environment:
-      <<: [*x-share-db-config, *x-vec-config, *x-log-config]
+      <<: [*x-share-db-config, *x-vec-config]
+      # ==================== 基础配置 ====================
       # 前端外部可访问的地址，用于自动补全文件资源路径。例如 https:fastgpt.cn，不能填 localhost。这个值可以不填，不填则发给模型的图片会是一个相对路径，而不是全路径，模型可能伪造Host。
-      FE_DOMAIN:
+      FE_DOMAIN: http://localhost:3000
+      # root key（最高权限）
+      ROOT_KEY: *x-system-key
       # root 密码，用户名为: root。如果需要修改 root 密码，直接修改这个环境变量，并重启即可。
-      DEFAULT_ROOT_PSW: 1234
-      # 登录凭证密钥
-      TOKEN_KEY: any
-      # root的密钥，常用于升级时候的初始化请求
-      ROOT_KEY: root_key
-      # 文件阅读加密
-      FILE_TOKEN_KEY: filetoken
-      # 密钥加密key
-      AES256_SECRET_KEY: fastgptkey
+      DEFAULT_ROOT_PSW: *x-default-root-psw
+      # 数据库最大连接数
+      DB_MAX_LINK: 5
+      # 自动同步索引（0 表示不同步）
+      SYNC_INDEX: 1
+      TOKEN_KEY: fastgpt
+      # 文件阅读时的密钥
+      FILE_TOKEN_KEY: filetokenkey
+      # 密钥加密 key
+      AES256_SECRET_KEY: fastgptsecret
+      # 强制将图片转成 base64 传递给模型
+      MULTIPLE_DATA_TO_BASE64: true
 
+      # ==================== 服务地址与集成 ====================
       # plugin 地址
       PLUGIN_BASE_URL: http://fastgpt-plugin:3000
       PLUGIN_TOKEN: *x-plugin-auth-token
-      # sandbox 地址
-      CODE_SANDBOX_URL: http://sandbox:3000
+      # code-sandbox 地址
+      SANDBOX_URL: http://sandbox:3000
+      SANDBOX_TOKEN: *x-code-sandbox-token
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
       AIPROXY_API_TOKEN: *x-aiproxy-token
 
+      # ==================== 日志与监控 ====================
+      <<: [*x-log-config]
       # 传递给 OTLP 收集器的服务名称
       LOG_OTEL_SERVICE_NAME: fastgpt-client
 
-      # 工作流最大运行次数
+      # ==================== 安全与运行限制 ====================
+      # 启动 IP 限流（true）；部分接口启用 IP 限流策略以防止异常请求
+      USE_IP_LIMIT: false
+      # 工作流最大运行次数，避免极端死循环
       WORKFLOW_MAX_RUN_TIMES: 1000
-      # 批量执行节点，最大输入长度
+      # 循环最大运行次数，避免极端死循环
       WORKFLOW_MAX_LOOP_TIMES: 100
-      # 对话文件过期天数
-      CHAT_FILE_EXPIRE_TIME: 7
-      # 服务器接收请求，最大大小，单位 MB
+      # 服务器接收请求的最大大小（MB）
       SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
-      # HTML 转换最大字符数
+      # 启用内网 IP 检查
+      CHECK_INTERNAL_IP: false
+      # ==================== 上传与账号策略 ====================
+      # 最大上传文件大小（MB）
+      UPLOAD_FILE_MAX_SIZE: 1000
+      # 最大上传文件数量
+      UPLOAD_FILE_MAX_AMOUNT: 1000
+      # LLM 请求追踪保留时长（小时）
+      LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
+      # ==================== 功能开关与特殊配置 ====================
+      # 自定义跨域；不配置时默认允许所有跨域（逗号分割）
+      ALLOWED_ORIGINS: 
+      # HTML 转 Markdown 最大字符数（超过后不执行转换）
       MAX_HTML_TRANSFORM_CHARS: 1000000
     volumes:
       - ./config.json:/app/data/config.json
-  sandbox:
-    container_name: sandbox
+  codeSandbox:
+    container_name: codeSandbox
     image: ghcr.io/labring/fastgpt-sandbox:v4.14.8
     networks:
       - fastgpt
@@ -186,6 +215,37 @@ services:
     environment:
       <<: [*x-log-config]
       LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
+      SANDBOX_TOKEN: *x-code-sandbox-token
+      # ===== Resource Limits =====
+      # Execution timeout per request (ms)
+      SANDBOX_MAX_TIMEOUT: 60000
+      # Maximum allowed memory per user code execution (MB)
+      # Note: System automatically adds 50MB for runtime overhead
+      # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
+      SANDBOX_MAX_MEMORY_MB: 256
+
+      # ===== Process Pool =====
+      # Number of pre-warmed worker processes (JS + Python)
+      SANDBOX_POOL_SIZE: 20
+
+      # ===== Network Request Limits =====
+      # Whether to check if the request is to a private network
+      CHECK_INTERNAL_IP: false
+      # Maximum number of HTTP requests per execution
+      SANDBOX_REQUEST_MAX_COUNT: 30
+      # Timeout for each outbound HTTP request (ms)
+      SANDBOX_REQUEST_TIMEOUT: 60000
+      # Maximum response body size for outbound requests
+      SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
+      # Maximum request body size for outbound requests (MB)
+      SANDBOX_REQUEST_MAX_BODY_MB: 5
+
+      # ===== Module Control =====
+      # JS allowed modules whitelist (comma-separated)
+      SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
+      # Python allowed modules whitelist (comma-separated)
+      SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
+
     healthcheck:
       test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
       interval: 30s
diff --git a/packages/global/core/ai/sandbox/constants.ts b/packages/global/core/ai/sandbox/constants.ts
index 96635b6878..30163c002c 100644
--- a/packages/global/core/ai/sandbox/constants.ts
+++ b/packages/global/core/ai/sandbox/constants.ts
@@ -32,7 +32,8 @@ export const SANDBOX_TOOL_DESCRIPTION =
 // ---- 系统提示词（useAgentSandbox=true 时追加） ----
 export const SANDBOX_SYSTEM_PROMPT = `你拥有一个独立的 Linux 沙盒环境（Ubuntu 22.04），可通过 ${SANDBOX_TOOL_NAME} 工具执行命令：
 - 预装：bash / python3 / node / bun / git / curl
-- 可自行安装软件包（apt / pip / npm）`;
+- 可自行安装软件包（apt / pip / npm）
+- 生成的文件内容都保存在当前目录下即可`;
 
 export const SANDBOX_SHELL_TOOL: ChatCompletionTool = {
   type: 'function',
diff --git a/packages/service/core/ai/llm/agentCall/index.ts b/packages/service/core/ai/llm/agentCall/index.ts
index feb244d198..39dc90c795 100644
--- a/packages/service/core/ai/llm/agentCall/index.ts
+++ b/packages/service/core/ai/llm/agentCall/index.ts
@@ -336,73 +336,75 @@ export const runAgentCall = async ({
 
     // 4. Call tools
     let toolCallStep = false;
-    for await (const tool of toolCalls) {
-      const {
-        response,
-        assistantMessages: toolAssistantMessages,
-        usages: toolUsages,
-        interactive,
-        stop
-      } = await handleToolResponse({
-        call: tool,
-        messages: cloneRequestMessages
-      });
-      childrenUsages.push(...toolUsages);
-      usagePush?.(toolUsages);
-
-      // 5. Add tool response to messages
-      // 获取当前 messages 的 token 数，用于动态调整 tool response 的压缩阈值（防止下一个工具直接打爆上下文）
-      const currentMessagesTokens = await countGptMessagesTokens(requestMessages);
-
-      const { compressed: compressed_context, usage: compressionUsage } =
-        await compressToolResponse({
+    await Promise.all(
+      toolCalls.map(async (tool) => {
+        const {
           response,
-          model: modelData,
-          currentMessagesTokens,
-          toolLength: toolCalls.length,
-          reservedTokens: 8000 // 预留 8k tokens 给输出
-        });
-      if (compressionUsage) {
-        childrenUsages.push(compressionUsage);
-        usagePush?.([compressionUsage]);
-        onToolCompress?.({
+          assistantMessages: toolAssistantMessages,
+          usages: toolUsages,
+          interactive,
+          stop
+        } = await handleToolResponse({
           call: tool,
-          response: compressed_context,
-          usage: {
-            inputTokens: compressionUsage.inputTokens || 0,
-            outputTokens: compressionUsage.outputTokens || 0,
-            totalPoints: compressionUsage.totalPoints || 0
-          }
+          messages: cloneRequestMessages
         });
-      }
+        childrenUsages.push(...toolUsages);
+        usagePush?.(toolUsages);
 
-      const toolMessage: ChatCompletionMessageParam = {
-        tool_call_id: tool.id,
-        role: ChatCompletionRequestMessageRoleEnum.Tool,
-        content: compressed_context
-      };
-      assistantMessages.push(toolMessage);
-      requestMessages.push(toolMessage);
-      assistantMessages.push(...filterEmptyAssistantMessages(toolAssistantMessages)); // 因为 toolAssistantMessages 也需要记录成 AI 响应，所以这里需要推送。
+        // 5. Add tool response to messages
+        // 获取当前 messages 的 token 数，用于动态调整 tool response 的压缩阈值（防止下一个工具直接打爆上下文）
+        const currentMessagesTokens = await countGptMessagesTokens(requestMessages);
 
-      if (interactive) {
-        interactiveResponse = {
-          type: 'toolChildrenInteractive',
-          params: {
-            childrenResponse: interactive,
-            toolParams: {
-              memoryRequestMessages: [],
-              toolCallId: tool.id
+        const { compressed: compressed_context, usage: compressionUsage } =
+          await compressToolResponse({
+            response,
+            model: modelData,
+            currentMessagesTokens,
+            toolLength: toolCalls.length,
+            reservedTokens: 8000 // 预留 8k tokens 给输出
+          });
+        if (compressionUsage) {
+          childrenUsages.push(compressionUsage);
+          usagePush?.([compressionUsage]);
+          onToolCompress?.({
+            call: tool,
+            response: compressed_context,
+            usage: {
+              inputTokens: compressionUsage.inputTokens || 0,
+              outputTokens: compressionUsage.outputTokens || 0,
+              totalPoints: compressionUsage.totalPoints || 0
             }
-          }
-        };
-      }
-      if (stop) {
-        toolCallStep = true;
-      }
-    }
+          });
+        }
 
-    if (toolCalls.length === 0 || !!interactiveResponse || toolCallStep) {
+        const toolMessage: ChatCompletionMessageParam = {
+          tool_call_id: tool.id,
+          role: ChatCompletionRequestMessageRoleEnum.Tool,
+          content: compressed_context
+        };
+        assistantMessages.push(toolMessage);
+        requestMessages.push(toolMessage);
+        assistantMessages.push(...filterEmptyAssistantMessages(toolAssistantMessages)); // 因为 toolAssistantMessages 也需要记录成 AI 响应，所以这里需要推送。
+
+        if (interactive) {
+          interactiveResponse = {
+            type: 'toolChildrenInteractive',
+            params: {
+              childrenResponse: interactive,
+              toolParams: {
+                memoryRequestMessages: [],
+                toolCallId: tool.id
+              }
+            }
+          };
+        }
+        if (stop) {
+          toolCallStep = true;
+        }
+      })
+    );
+
+    if (toolCalls.length === 0 || !!interactiveResponse || toolCallStep || isAborted?.()) {
       break;
     }
   }
diff --git a/packages/service/core/chat/chatSchema.ts b/packages/service/core/chat/chatSchema.ts
index 75ab26ace9..95cf071c2d 100644
--- a/packages/service/core/chat/chatSchema.ts
+++ b/packages/service/core/chat/chatSchema.ts
@@ -113,7 +113,7 @@ const ChatSchema = new Schema({
 try {
   ChatSchema.index({ chatId: 1 });
   // Delete by appid; init chat; update chat; auth chat;
-  ChatSchema.index({ appId: 1, chatId: 1 });
+  ChatSchema.index({ appId: 1, chatId: 1 }, { unique: true });
 
   // Clear history(share),Init 4121
   ChatSchema.index(
diff --git a/packages/service/core/workflow/dispatch/ai/agent/index.ts b/packages/service/core/workflow/dispatch/ai/agent/index.ts
index c510f3105e..a0acdc775a 100644
--- a/packages/service/core/workflow/dispatch/ai/agent/index.ts
+++ b/packages/service/core/workflow/dispatch/ai/agent/index.ts
@@ -89,7 +89,6 @@ export const dispatchRunAgent = async (props: DispatchAgentModuleProps): Promise
       userChatInput, // 本次任务的输入
       history = 6,
       fileUrlList: fileLinks,
-      aiChatVision = true,
       agent_selectedTools: selectedTools = [],
       // Dataset search configuration
       agent_datasetParams: datasetParams,
@@ -196,7 +195,7 @@ export const dispatchRunAgent = async (props: DispatchAgentModuleProps): Promise
         getPlanTool: true,
         hasDataset: datasetParams && datasetParams.datasets.length > 0,
         hasFiles: !!chatConfig?.fileSelectConfig?.canSelectFile,
-        useAgentSandbox
+        useAgentSandbox: useAgentSandbox && !!global.feConfigs?.show_agent_sandbox
       }
     );
 
diff --git a/packages/service/core/workflow/dispatch/ai/agent/master/call.ts b/packages/service/core/workflow/dispatch/ai/agent/master/call.ts
index c5fbcb7f81..da7b24efc6 100644
--- a/packages/service/core/workflow/dispatch/ai/agent/master/call.ts
+++ b/packages/service/core/workflow/dispatch/ai/agent/master/call.ts
@@ -188,7 +188,7 @@ export const masterCall = async ({
         content: getMasterSystemPrompt({
           systemPrompt,
           hasUserTools,
-          useAgentSandbox
+          useAgentSandbox: useAgentSandbox && !!global.feConfigs?.show_agent_sandbox
         })
       },
       ...masterMessages
@@ -606,7 +606,7 @@ export const masterCall = async ({
         response,
         assistantMessages: [], // TODO
         usages,
-        stop: stop || checkIsStopping()
+        stop
       };
     },
     onToolCompress: ({ call, response, usage }) => {
diff --git a/packages/service/core/workflow/dispatch/ai/agent/utils.ts b/packages/service/core/workflow/dispatch/ai/agent/utils.ts
index 6f9db866f1..1d0b18695b 100644
--- a/packages/service/core/workflow/dispatch/ai/agent/utils.ts
+++ b/packages/service/core/workflow/dispatch/ai/agent/utils.ts
@@ -46,7 +46,7 @@ export const getSubapps = async ({
   }
 
   /* Sandbox Shell */
-  if (useAgentSandbox) {
+  if (useAgentSandbox && global.feConfigs?.show_agent_sandbox) {
     completionTools.push(...SANDBOX_TOOLS);
   }
 
diff --git a/packages/service/core/workflow/dispatch/ai/tool/index.ts b/packages/service/core/workflow/dispatch/ai/tool/index.ts
index 8dc6bccd1c..7a08815d9d 100644
--- a/packages/service/core/workflow/dispatch/ai/tool/index.ts
+++ b/packages/service/core/workflow/dispatch/ai/tool/index.ts
@@ -62,8 +62,7 @@ export const dispatchRunTools = async (props: DispatchToolModuleProps): Promise<
       fileUrlList: fileLinks,
       aiChatVision,
       aiChatReasoning,
-      isResponseAnswerText = true,
-      useAgentSandbox = false
+      isResponseAnswerText = true
     }
   } = props;
 
@@ -221,8 +220,7 @@ export const dispatchRunTools = async (props: DispatchToolModuleProps): Promise<
         toolModel,
         messages: adaptMessages,
         childrenInteractiveParams:
-          lastInteractive?.type === 'toolChildrenInteractive' ? lastInteractive.params : undefined,
-        useAgentSandbox
+          lastInteractive?.type === 'toolChildrenInteractive' ? lastInteractive.params : undefined
       });
     })();
 
diff --git a/packages/service/core/workflow/dispatch/ai/tool/toolCall.ts b/packages/service/core/workflow/dispatch/ai/tool/toolCall.ts
index 9be40c9d9f..9bf0ec1d57 100644
--- a/packages/service/core/workflow/dispatch/ai/tool/toolCall.ts
+++ b/packages/service/core/workflow/dispatch/ai/tool/toolCall.ts
@@ -41,15 +41,13 @@ type ResponseType = {
   toolWorkflowInteractiveResponse?: ToolCallChildrenInteractive;
 };
 
-export const runToolCall = async (
-  props: DispatchToolModuleProps & { useAgentSandbox?: boolean }
-): Promise<ResponseType> => {
+export const runToolCall = async (props: DispatchToolModuleProps): Promise<ResponseType> => {
   const {
     messages,
     toolNodes,
     toolModel,
     childrenInteractiveParams,
-    useAgentSandbox,
+
     ...workflowProps
   } = props;
   const {
@@ -71,7 +69,8 @@ export const runToolCall = async (
       aiChatResponseFormat,
       aiChatJsonSchema,
       aiChatReasoning,
-      isResponseAnswerText = true
+      isResponseAnswerText = true,
+      useAgentSandbox
     }
   } = workflowProps;
 
@@ -119,9 +118,11 @@ export const runToolCall = async (
 
   // 注入 sandbox_shell 工具和提示词
   let finalMessages = messages;
-  if (useAgentSandbox) {
+  if (useAgentSandbox && global.feConfigs?.show_agent_sandbox) {
+    // 注入 sandbox_shell 工具
     tools.push(SANDBOX_SHELL_TOOL);
 
+    // 追加提示词
     const systemMessage = messages.find((m) => m.role === 'system');
     if (systemMessage) {
       finalMessages = messages.map((m) =>
diff --git a/packages/service/package.json b/packages/service/package.json
index a891d84059..62047b7798 100644
--- a/packages/service/package.json
+++ b/packages/service/package.json
@@ -8,7 +8,7 @@
   },
   "dependencies": {
     "@apidevtools/json-schema-ref-parser": "^11.7.2",
-    "@fastgpt-sdk/sandbox-adapter": "^0.0.27",
+    "@fastgpt-sdk/sandbox-adapter": "^0.0.28",
     "@fastgpt-sdk/otel": "catalog:",
     "@fastgpt-sdk/storage": "catalog:",
     "@fastgpt/global": "workspace:*",
diff --git a/packages/service/support/wallet/sub/utils.ts b/packages/service/support/wallet/sub/utils.ts
index 360fd8f6b6..dd5b373a7e 100644
--- a/packages/service/support/wallet/sub/utils.ts
+++ b/packages/service/support/wallet/sub/utils.ts
@@ -65,7 +65,8 @@ export const buildStandardPlan = (
   ticketResponseTime: standard?.ticketResponseTime ?? standardConstants.ticketResponseTime,
   customDomain: standard?.customDomain ?? standardConstants.customDomain,
   maxUploadFileSize: standard?.maxUploadFileSize ?? standardConstants.maxUploadFileSize,
-  maxUploadFileCount: standard?.maxUploadFileCount ?? standardConstants.maxUploadFileCount
+  maxUploadFileCount: standard?.maxUploadFileCount ?? standardConstants.maxUploadFileCount,
+  enableSandbox: standard?.enableSandbox ?? standardConstants.enableSandbox
 });
 
 export const initTeamFreePlan = async ({
diff --git a/packages/web/components/common/Textarea/PromptEditor/plugins/ListExitPlugin/index.tsx b/packages/web/components/common/Textarea/PromptEditor/plugins/ListExitPlugin/index.tsx
index 032ca9d2bf..583c9720a6 100644
--- a/packages/web/components/common/Textarea/PromptEditor/plugins/ListExitPlugin/index.tsx
+++ b/packages/web/components/common/Textarea/PromptEditor/plugins/ListExitPlugin/index.tsx
@@ -64,52 +64,60 @@ export default function ListExitPlugin(): JSX.Element | null {
     };
 
     const handleBackspaceKey = (event: KeyboardEvent) => {
-      const selection = $getSelection();
-      if (!$isRangeSelection(selection)) {
+      let shouldHandle = false;
+
+      editor.getEditorState().read(() => {
+        const selection = $getSelection();
+        if (!$isRangeSelection(selection)) {
+          return;
+        }
+
+        const anchorNode = selection.anchor.getNode();
+        const listItemNode = $isListItemNode(anchorNode) ? anchorNode : anchorNode.getParent();
+
+        if ($isListItemNode(listItemNode)) {
+          const textContent = listItemNode.getTextContent().trim();
+          const cursorOffset = selection.anchor.offset;
+
+          if (textContent === '' && cursorOffset === 0) {
+            shouldHandle = true;
+          }
+        }
+      });
+
+      if (!shouldHandle) {
         return false;
       }
 
-      const anchorNode = selection.anchor.getNode();
-      const listItemNode = $isListItemNode(anchorNode) ? anchorNode : anchorNode.getParent();
+      event.preventDefault();
+      event.stopPropagation();
 
-      if ($isListItemNode(listItemNode)) {
-        // Check if cursor is at the beginning of an empty list item
-        const textContent = listItemNode.getTextContent().trim();
-        const cursorOffset = selection.anchor.offset;
+      editor.update(() => {
+        const selection = $getSelection();
+        if (!$isRangeSelection(selection)) return;
 
-        // Only handle empty list items with cursor at the beginning
-        if (textContent === '' && cursorOffset === 0) {
-          // Prevent default backspace behavior
-          event.preventDefault();
-          event.stopPropagation();
+        const anchorNode = selection.anchor.getNode();
+        const listItemNode = $isListItemNode(anchorNode) ? anchorNode : anchorNode.getParent();
 
-          editor.update(() => {
-            const listNode = listItemNode.getParent();
+        if (!$isListItemNode(listItemNode)) return;
 
-            if ($isListNode(listNode)) {
-              // Create a new paragraph
-              const paragraph = $createParagraphNode();
+        const listNode = listItemNode.getParent();
 
-              // Always insert after the current list item and remove it
-              // This ensures the paragraph appears at the current position
-              listItemNode.insertAfter(paragraph);
-              listItemNode.remove();
+        if ($isListNode(listNode)) {
+          const paragraph = $createParagraphNode();
 
-              // If the list is now empty, remove it
-              if (listNode.getChildrenSize() === 0) {
-                listNode.remove();
-              }
+          listItemNode.insertAfter(paragraph);
+          listItemNode.remove();
 
-              // Focus the new paragraph
-              paragraph.select();
-            }
-          });
+          if (listNode.getChildrenSize() === 0) {
+            listNode.remove();
+          }
 
-          return true;
+          paragraph.select();
         }
-      }
+      });
 
-      return false;
+      return true;
     };
 
     // Register the keyboard event handlers
diff --git a/packages/web/i18n/en/app.json b/packages/web/i18n/en/app.json
index d7dfc10213..be35d345d6 100644
--- a/packages/web/i18n/en/app.json
+++ b/packages/web/i18n/en/app.json
@@ -342,11 +342,10 @@
   "remaining_points": "Reaming points: ",
   "request_headers": "Request header",
   "response_format": "Response format",
-  "sandbox.no_file": "Sandbox is empty",
   "sandbox_free_not_support": "The plan does not support this function",
   "sandbox_free_not_support_tip": "Click to upgrade package",
   "sandbox_free_tip": "Free for a limited time",
-  "sandbox_not_support_tip": "The sandbox function is not enabled in the system",
+  "sandbox_not_support_tip": "The system does not support this function",
   "save_team_app_log_keys": "Save as team configuration",
   "saved_success": "Saved successfully! \nTo use this version externally, click Save and Publish",
   "search_agent": "Search Agent",
diff --git a/packages/web/i18n/en/chat.json b/packages/web/i18n/en/chat.json
index bf7526e88a..e6f7a7b9a2 100644
--- a/packages/web/i18n/en/chat.json
+++ b/packages/web/i18n/en/chat.json
@@ -118,8 +118,11 @@
   "response_rerank_tokens": "Rearrange Model Tokens",
   "response_search_results": "Search results({{len}})",
   "sandbox_entry_tooltip": "View Sandbox files",
-  "sandbox_files": "Virtual machine files",
+  "sandbox_files": "Sandbox files",
+  "sandbox_no_file": "There are no files in the sandbox yet",
   "sandbox_not_utf_file_tip": "The file cannot be previewed, please download and view it directly.",
+  "sandbox_search_files": "Search files",
+  "sandbox_select_file_edit": "Select a file to edit",
   "sandox.files": "Sandbox files",
   "search_results": "Search results",
   "select": "Select",
diff --git a/packages/web/i18n/zh-CN/app.json b/packages/web/i18n/zh-CN/app.json
index 9c3dc273f4..80fd2b6eaa 100644
--- a/packages/web/i18n/zh-CN/app.json
+++ b/packages/web/i18n/zh-CN/app.json
@@ -342,14 +342,10 @@
   "remaining_points": "剩余积分：",
   "request_headers": "请求头",
   "response_format": "回复格式",
-  "sandbox.no_file": "虚拟机里还没有文件",
-  "sandbox.search_files": "搜索文件",
-  "sandbox.select_file": "选择一个文件进行编辑",
-  "sandbox.unsaved": "未保存",
   "sandbox_free_not_support": "套餐不支持该功能",
   "sandbox_free_not_support_tip": "点击升级套餐",
   "sandbox_free_tip": "限时免费",
-  "sandbox_not_support_tip": "系统未开启虚拟机功能",
+  "sandbox_not_support_tip": "系统未支持虚拟机功能",
   "save_team_app_log_keys": "保存为团队配置",
   "saved_success": "保存成功！如需在外部使用该版本，请点击“保存并发布”",
   "search_agent": "搜索 Agent",
diff --git a/packages/web/i18n/zh-CN/chat.json b/packages/web/i18n/zh-CN/chat.json
index 53e554b714..3eccb9b70b 100644
--- a/packages/web/i18n/zh-CN/chat.json
+++ b/packages/web/i18n/zh-CN/chat.json
@@ -119,7 +119,10 @@
   "response_search_results": "搜索结果({{len}})",
   "sandbox_entry_tooltip": "查看虚拟机文件",
   "sandbox_files": "虚拟机文件",
+  "sandbox_no_file": "虚拟机里还没有文件",
   "sandbox_not_utf_file_tip": "无法预览该文件，请直接下载查看",
+  "sandbox_search_files": "搜索文件",
+  "sandbox_select_file_edit": "选择一个文件进行编辑",
   "sandox.files": "虚拟机文件",
   "search_results": "搜索结果",
   "select": "选择",
diff --git a/packages/web/i18n/zh-Hant/app.json b/packages/web/i18n/zh-Hant/app.json
index be8ae5df6c..1c2752f0bc 100644
--- a/packages/web/i18n/zh-Hant/app.json
+++ b/packages/web/i18n/zh-Hant/app.json
@@ -327,11 +327,10 @@
   "remaining_points": "剩餘積分：",
   "request_headers": "請求頭",
   "response_format": "回覆格式",
-  "sandbox.no_file": "虛擬機器裡還沒有文件",
   "sandbox_free_not_support": "套餐不支援該功能",
   "sandbox_free_not_support_tip": "點擊升級套餐",
   "sandbox_free_tip": "限時免費",
-  "sandbox_not_support_tip": "系統未開啟虛擬機器功能",
+  "sandbox_not_support_tip": "系統未支援虛擬機器功能",
   "save_team_app_log_keys": "保存為團隊配置",
   "saved_success": "儲存成功！\n如需在外部使用該版本，請點選“儲存並發布”",
   "search_agent": "搜索 Agent",
diff --git a/packages/web/i18n/zh-Hant/chat.json b/packages/web/i18n/zh-Hant/chat.json
index 99d44d3802..ce71676c48 100644
--- a/packages/web/i18n/zh-Hant/chat.json
+++ b/packages/web/i18n/zh-Hant/chat.json
@@ -115,7 +115,10 @@
   "response_search_results": "搜索結果({{len}})",
   "sandbox_entry_tooltip": "查看虛擬機器文件",
   "sandbox_files": "虛擬機器文件",
+  "sandbox_no_file": "虛擬機器裡還沒有文件",
   "sandbox_not_utf_file_tip": "無法預覽該文件，請直接下載查看",
+  "sandbox_search_files": "搜尋文件",
+  "sandbox_select_file_edit": "選擇一個文件進行編輯",
   "sandox.files": "虛擬機器文件",
   "search_results": "搜索結果",
   "select": "選取",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 20972ce69e..248e6695d2 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -58,8 +58,8 @@ catalogs:
       specifier: 1.13.6
       version: 1.13.6
     date-fns:
-      specifier: ^3
-      version: 3.6.0
+      specifier: ^4
+      version: 4.1.0
     dayjs:
       specifier: 1.11.19
       version: 1.11.19
@@ -157,7 +157,7 @@ importers:
         version: 10.1.4(socks@2.8.4)
       next-i18next:
         specifier: 'catalog:'
-        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
+        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
       prettier:
         specifier: 3.2.4
         version: 3.2.4
@@ -250,8 +250,8 @@ importers:
         specifier: 'catalog:'
         version: 0.1.0
       '@fastgpt-sdk/sandbox-adapter':
-        specifier: ^0.0.27
-        version: 0.0.27
+        specifier: ^0.0.28
+        version: 0.0.28
       '@fastgpt-sdk/storage':
         specifier: 'catalog:'
         version: 0.6.15(@opentelemetry/api@1.9.0)(@types/node@24.0.13)(jiti@2.6.0)(lightningcss@1.30.1)(proxy-agent@6.5.0)(sass@1.85.1)(terser@5.39.0)(tsx@4.20.6)(yaml@2.8.1)
@@ -296,7 +296,7 @@ importers:
         version: 0.7.2
       date-fns:
         specifier: 'catalog:'
-        version: 3.6.0
+        version: 4.1.0
       dayjs:
         specifier: 'catalog:'
         version: 1.11.19
@@ -471,7 +471,7 @@ importers:
         version: 2.1.1(@chakra-ui/system@2.6.1(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(react@18.3.1))(react@18.3.1)
       '@chakra-ui/next-js':
         specifier: 'catalog:'
-        version: 2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)
+        version: 2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)
       '@chakra-ui/react':
         specifier: 'catalog:'
         version: 2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -531,7 +531,7 @@ importers:
         version: 1.13.6
       date-fns:
         specifier: 'catalog:'
-        version: 3.6.0
+        version: 4.1.0
       dayjs:
         specifier: 'catalog:'
         version: 1.11.19
@@ -552,7 +552,7 @@ importers:
         version: 16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1)
       next-i18next:
         specifier: 'catalog:'
-        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
+        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
       papaparse:
         specifier: ^5.4.1
         version: 5.4.1
@@ -564,7 +564,7 @@ importers:
         version: 13.1.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       react-day-picker:
         specifier: ^8.7.1
-        version: 8.10.1(date-fns@3.6.0)(react@18.3.1)
+        version: 8.10.1(date-fns@4.1.0)(react@18.3.1)
       react-dom:
         specifier: 'catalog:'
         version: 18.3.1(react@18.3.1)
@@ -625,7 +625,7 @@ importers:
         version: 2.1.1(@chakra-ui/system@2.6.1(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(react@18.3.1))(react@18.3.1)
       '@chakra-ui/next-js':
         specifier: 'catalog:'
-        version: 2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)
+        version: 2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)
       '@chakra-ui/react':
         specifier: 'catalog:'
         version: 2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -685,7 +685,7 @@ importers:
         version: 1.13.6
       date-fns:
         specifier: 'catalog:'
-        version: 3.6.0
+        version: 4.1.0
       dayjs:
         specifier: 'catalog:'
         version: 1.11.19
@@ -742,7 +742,7 @@ importers:
         version: 16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1)
       next-i18next:
         specifier: 'catalog:'
-        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
+        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
       nprogress:
         specifier: ^0.2.0
         version: 0.2.0
@@ -757,7 +757,7 @@ importers:
         version: 18.3.1
       react-day-picker:
         specifier: ^8.7.1
-        version: 8.10.1(date-fns@3.6.0)(react@18.3.1)
+        version: 8.10.1(date-fns@4.1.0)(react@18.3.1)
       react-dom:
         specifier: 'catalog:'
         version: 18.3.1(react@18.3.1)
@@ -887,7 +887,7 @@ importers:
         version: 2.1.1(@chakra-ui/system@2.6.1(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(react@18.3.1))(react@18.3.1)
       '@chakra-ui/next-js':
         specifier: 'catalog:'
-        version: 2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)
+        version: 2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)
       '@chakra-ui/react':
         specifier: 'catalog:'
         version: 2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -923,7 +923,7 @@ importers:
         version: 16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1)
       next-i18next:
         specifier: 'catalog:'
-        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
+        version: 15.4.2(i18next@23.16.8)(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
       react:
         specifier: 'catalog:'
         version: 18.3.1
@@ -2723,8 +2723,8 @@ packages:
   '@fastgpt-sdk/plugin@0.3.8':
     resolution: {integrity: sha512-GjKrXMHxeF5UMkYGXawrUpzZjVRw3DICNYODeYwsUVOy+/ltu5zuwsqLkuuGQ7Arp/SBCmYRjG/MHmeNp4xxfw==}
 
-  '@fastgpt-sdk/sandbox-adapter@0.0.27':
-    resolution: {integrity: sha512-DWUic1HoF9pyAAMpbwTN7Iturim+9M9mBjP0MRoi8n/Ynyh47z+ZivMEcHdZSBo9moRMIeE+UuZOjfjw27+4/w==}
+  '@fastgpt-sdk/sandbox-adapter@0.0.28':
+    resolution: {integrity: sha512-sqOnv/4hnxbjE8HGNqauHnhuzHxsXTHvkNDIFz+XV/we/Jj7h25nt+hnEtO1zOYmXKcuhbGC0zmrYwBPoIE3tQ==}
     engines: {node: '>=18'}
 
   '@fastgpt-sdk/storage@0.6.15':
@@ -6321,8 +6321,8 @@ packages:
     resolution: {integrity: sha512-BS8PfmtDGnrgYdOonGZQdLZslWIeCGFP9tpan0hi1Co2Zr2NKADsvGYA8XxuG/4UWgJ6Cjtv+YJnB6MM69QGlQ==}
     engines: {node: '>= 0.4'}
 
-  date-fns@3.6.0:
-    resolution: {integrity: sha512-fRHTG8g/Gif+kSh50gaGEdToemgfj74aRX3swtiouboip5JDLAyDE9F11nHMIcvOaXeOC6D7SpNhi7uFyB7Uww==}
+  date-fns@4.1.0:
+    resolution: {integrity: sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg==}
 
   dateformat@2.2.0:
     resolution: {integrity: sha512-GODcnWq3YGoTnygPfi02ygEiRxqUxpJwuRHjdhJYuxpcZmDq4rjBiXYmbCCzStxo176ixfLT6i4NPwQooRySnw==}
@@ -13011,7 +13011,7 @@ snapshots:
       '@chakra-ui/system': 2.6.1(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(react@18.3.1)
       react: 18.3.1
 
-  '@chakra-ui/next-js@2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)':
+  '@chakra-ui/next-js@2.4.2(@chakra-ui/react@2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react@18.3.1)':
     dependencies:
       '@chakra-ui/react': 2.10.7(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@emotion/styled@11.11.0(@emotion/react@11.11.1(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(react@18.3.1))(@types/react@18.3.1)(framer-motion@9.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       '@emotion/cache': 11.14.0
@@ -13663,7 +13663,7 @@ snapshots:
       '@fortaine/fetch-event-source': 3.0.6
       zod: 4.1.12
 
-  '@fastgpt-sdk/sandbox-adapter@0.0.27':
+  '@fastgpt-sdk/sandbox-adapter@0.0.28':
     dependencies:
       '@alibaba-group/opensandbox': 0.1.4
       '@e2b/code-interpreter': 2.3.3
@@ -17949,7 +17949,7 @@ snapshots:
       es-errors: 1.3.0
       is-data-view: 1.0.2
 
-  date-fns@3.6.0: {}
+  date-fns@4.1.0: {}
 
   dateformat@2.2.0: {}
 
@@ -21212,7 +21212,7 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  next-i18next@15.4.2(i18next@23.16.8)(next@16.1.6(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1):
+  next-i18next@15.4.2(i18next@23.16.8)(next@16.1.6(@babel/core@7.26.10)(@opentelemetry/api@1.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(sass@1.85.1))(react-i18next@14.1.2(i18next@23.16.8)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1):
     dependencies:
       '@babel/runtime': 7.26.10
       '@types/hoist-non-react-statics': 3.3.6
@@ -22068,9 +22068,9 @@ snapshots:
       '@babel/runtime': 7.26.10
       react: 18.3.1
 
-  react-day-picker@8.10.1(date-fns@3.6.0)(react@18.3.1):
+  react-day-picker@8.10.1(date-fns@4.1.0)(react@18.3.1):
     dependencies:
-      date-fns: 3.6.0
+      date-fns: 4.1.0
       react: 18.3.1
 
   react-dom@18.3.1(react@18.3.1):
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index edd70f7cf8..b7ef57232d 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -28,7 +28,7 @@ catalog:
   '@types/react-dom': ^18
   '@types/node': ^20
   axios: 1.13.6
-  date-fns: ^3
+  date-fns: ^4
   dayjs: 1.11.19
   eslint: ^8
   eslint-config-next: 15.5.12
diff --git a/projects/app/next.config.ts b/projects/app/next.config.ts
index 6ab90976c3..d3f95683d2 100644
--- a/projects/app/next.config.ts
+++ b/projects/app/next.config.ts
@@ -79,7 +79,41 @@ const nextConfig: NextConfig = {
       kerberos: false,
       'supports-color': false,
       'bson-ext': false,
-      'pg-native': false
+      'pg-native': false,
+      ...(isDev &&
+        (() => {
+          // In dev, fastgpt-pro + FastGPT nested pnpm workspaces create two separate .pnpm stores,
+          // causing duplicate module instances (React, Lexical, etc.) and runtime errors like
+          // "Cannot read properties of null (reading 'useContext')" or
+          // "Unable to find an active editor state".
+          // Force all shared packages to resolve from this project's node_modules.
+          const resolve = (pkg: string) => {
+            try {
+              return path.dirname(require.resolve(`${pkg}/package.json`, { paths: [__dirname] }));
+            } catch {
+              return undefined;
+            }
+          };
+          const dups = [
+            'react',
+            'react-dom',
+            'lexical',
+            '@lexical/react',
+            '@lexical/code',
+            '@lexical/list',
+            '@lexical/markdown',
+            '@lexical/rich-text',
+            '@lexical/selection',
+            '@lexical/text',
+            '@lexical/utils',
+            '@chakra-ui/react',
+            '@chakra-ui/system',
+            '@emotion/react',
+            '@emotion/styled',
+            'use-context-selector'
+          ];
+          return Object.fromEntries(dups.map((pkg) => [pkg, resolve(pkg)]).filter(([, v]) => v));
+        })())
     });
 
     config.module = {
@@ -148,7 +182,6 @@ const nextConfig: NextConfig = {
       '@chakra-ui/react',
       '@chakra-ui/icons',
       'lodash',
-      'date-fns',
       'ahooks',
       'framer-motion',
       '@emotion/react',
diff --git a/projects/app/src/components/core/chat/components/Interactive/InteractiveComponents.tsx b/projects/app/src/components/core/chat/components/Interactive/InteractiveComponents.tsx
index 22358a2f64..759d44aa31 100644
--- a/projects/app/src/components/core/chat/components/Interactive/InteractiveComponents.tsx
+++ b/projects/app/src/components/core/chat/components/Interactive/InteractiveComponents.tsx
@@ -4,7 +4,6 @@ import { Controller, useForm, type UseFormHandleSubmit } from 'react-hook-form';
 import Markdown from '@/components/Markdown';
 import QuestionTip from '@fastgpt/web/components/common/MyTooltip/QuestionTip';
 import type {
-  AgentPlanCheckInteractive,
   UserInputInteractive,
   UserSelectInteractive,
   UserSelectOptionItemType
diff --git a/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/NodePluginIO/InputTypeConfig.tsx b/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/NodePluginIO/InputTypeConfig.tsx
index ae5b7b4771..e1e4a919dd 100644
--- a/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/NodePluginIO/InputTypeConfig.tsx
+++ b/projects/app/src/pageComponents/app/detail/WorkflowComponents/Flow/nodes/NodePluginIO/InputTypeConfig.tsx
@@ -526,8 +526,8 @@ const InputTypeConfig = ({
                   valueType === WorkflowIOValueTypeEnum.number)) && (
                 <MyNumberInput
                   value={defaultValue}
-                  min={min}
-                  max={max}
+                  min={min ? min : undefined}
+                  max={max ? max : undefined}
                   onChange={(e) => {
                     // @ts-ignore
                     setValue('defaultValue', e ?? '');
diff --git a/projects/app/src/pageComponents/chat/SandboxEditor/Editor.tsx b/projects/app/src/pageComponents/chat/SandboxEditor/Editor.tsx
index e54fc3942c..0a0977f4f7 100644
--- a/projects/app/src/pageComponents/chat/SandboxEditor/Editor.tsx
+++ b/projects/app/src/pageComponents/chat/SandboxEditor/Editor.tsx
@@ -147,16 +147,8 @@ const SandboxEditor = ({ appId, chatId, outLinkAuthData }: Props) => {
     async () => {
       if (!activeFile) return;
 
-      // 直接下载文件内容,不压缩
-      const blob = new Blob([activeFile.content], { type: 'text/plain;charset=utf-8' });
-      const url = window.URL.createObjectURL(blob);
-      const a = document.createElement('a');
-      a.href = url;
-      a.download = activeFile.name;
-      document.body.appendChild(a);
-      a.click();
-      document.body.removeChild(a);
-      window.URL.revokeObjectURL(url);
+      // 通过服务端下载接口获取原始文件,支持二进制文件(图片等)
+      await downloadSandbox({ appId, chatId, outLinkAuthData, path: activeFile.path });
     },
     { manual: true }
   );
@@ -470,7 +462,7 @@ const SandboxEditor = ({ appId, chatId, outLinkAuthData }: Props) => {
                   <MyIcon name="common/searchLight" w="16px" color="myGray.500" />
                 </InputLeftElement>
                 <Input
-                  placeholder={t('app:sandbox.search_files')}
+                  placeholder={t('chat:sandbox_search_files')}
                   value={searchQuery}
                   onChange={(e) => setSearchQuery(e.target.value)}
                   bg="white"
@@ -725,7 +717,7 @@ const SandboxEditor = ({ appId, chatId, outLinkAuthData }: Props) => {
             ) : filteredTree.length > 0 ? (
               <Center h="full">
                 <VStack spacing={3}>
-                  <EmptyTip text={t('app:sandbox.select_file')} mt={0} />
+                  <EmptyTip text={t('chat:sandbox_select_file_edit')} mt={0} />
                 </VStack>
               </Center>
             ) : null}
@@ -734,7 +726,7 @@ const SandboxEditor = ({ appId, chatId, outLinkAuthData }: Props) => {
       ) : !loadingRoot ? (
         <Center h="full" w={'full'}>
           <VStack spacing={3}>
-            <EmptyTip text={t('app:sandbox.no_file')} mt={0} />
+            <EmptyTip text={t('chat:sandbox_no_file')} mt={0} />
           </VStack>
         </Center>
       ) : null}
diff --git a/projects/app/src/pages/api/core/ai/sandbox/checkExist.ts b/projects/app/src/pages/api/core/ai/sandbox/checkExist.ts
index f3d28a2418..e980f03240 100644
--- a/projects/app/src/pages/api/core/ai/sandbox/checkExist.ts
+++ b/projects/app/src/pages/api/core/ai/sandbox/checkExist.ts
@@ -23,7 +23,7 @@ async function handler(
   const { appId, chatId, outLinkAuthData } = body;
 
   // 统一鉴权
-  await authChatCrud({
+  const { uid } = await authChatCrud({
     req,
     authToken: true,
     authApiKey: true,
@@ -33,10 +33,14 @@ async function handler(
   });
 
   // 检查沙盒是否存在
-  const sandboxInstance = await MongoSandboxInstance.findOne({
-    appId,
-    chatId
-  }).lean();
+  const sandboxInstance = await MongoSandboxInstance.findOne(
+    {
+      appId,
+      userId: uid,
+      chatId
+    },
+    '_id'
+  ).lean();
 
   return {
     exists: !!sandboxInstance
diff --git a/projects/app/src/pages/api/core/ai/sandbox/download.ts b/projects/app/src/pages/api/core/ai/sandbox/download.ts
index c5338a77a0..834e8310da 100644
--- a/projects/app/src/pages/api/core/ai/sandbox/download.ts
+++ b/projects/app/src/pages/api/core/ai/sandbox/download.ts
@@ -37,9 +37,10 @@ async function handler(req: ApiRequestProps, res: NextApiResponse): Promise<void
 
   await sandbox.ensureAvailable();
 
-  // 检查路径类型
-  const entries = await sandbox.provider.listDirectory(path);
-  const isDirectory = entries.length > 0 || path.endsWith('/');
+  // 通过 getFileInfo 准确判断路径是文件还是目录
+  const fileInfoMap = await sandbox.provider.getFileInfo([path]);
+  const fileInfo = fileInfoMap.get(path);
+  const isDirectory = fileInfo?.isDirectory ?? path.endsWith('/');
 
   if (isDirectory) {
     // 下载目录为 ZIP
diff --git a/projects/app/src/service/support/permission/auth/chat.ts b/projects/app/src/service/support/permission/auth/chat.ts
index e5e91e459b..59896719f8 100644
--- a/projects/app/src/service/support/permission/auth/chat.ts
+++ b/projects/app/src/service/support/permission/auth/chat.ts
@@ -55,8 +55,8 @@ export async function authChatCrud({
     chatId?: string;
   }): Promise<{
   teamId: string;
-  tmbId: string;
-  uid: string;
+  tmbId: string; // 本轮鉴权的 uid
+  uid: string; // chat 里的实际的 uid（outlinkUid??tmbId)
   chat?: ChatSchemaType;
   showCite: boolean;
   showRunningStatus: boolean;
@@ -68,7 +68,7 @@ export async function authChatCrud({
 
   if (spaceTeamId && teamToken) {
     const { uid, tmbId } = await authTeamSpaceToken({ teamId: spaceTeamId, teamToken });
-    if (!chatId)
+    if (!chatId) {
       return {
         teamId: spaceTeamId,
         tmbId,
@@ -76,6 +76,7 @@ export async function authChatCrud({
         ...defaultResponseShow,
         authType: AuthUserTypeEnum.teamDomain
       };
+    }
 
     const chat = await MongoChat.findOne({ appId, chatId }).lean();
     if (!chat) {
@@ -188,7 +189,7 @@ export async function authChatCrud({
       teamId,
       tmbId,
       chat,
-      uid: tmbId,
+      uid: chat.outLinkUid ?? chat.tmbId,
       ...defaultResponseShow,
       authType
     };
@@ -199,7 +200,7 @@ export async function authChatCrud({
       teamId,
       tmbId,
       chat,
-      uid: tmbId,
+      uid: chat.outLinkUid ?? chat.tmbId,
       ...defaultResponseShow,
       authType
     };
diff --git a/projects/app/test/service/support/permission/auth/chat.test.ts b/projects/app/test/service/support/permission/auth/chat.test.ts
index d991469754..6a00a4b7c6 100644
--- a/projects/app/test/service/support/permission/auth/chat.test.ts
+++ b/projects/app/test/service/support/permission/auth/chat.test.ts
@@ -549,7 +549,7 @@ describe('authChatCrud', () => {
       expect(result).toEqual({
         teamId: 'team1',
         tmbId: 'tmb1',
-        uid: 'tmb1',
+        uid: 'different-tmb',
         chat: mockChat,
         showCite: true,
         showRunningStatus: true,