Release/0.5.7 (#226)

* 🎨 style(DataGrid): 清理冗余代码与静态分析告警 - 类型重构：通过修正 React Context 的函数签名解决了 void 类型的链式调用错误 - 代码精简：利用 Nullish Coalescing (??) 优化组件配置项降级逻辑，剥离无意义的隐式 undefined 赋值 - 工具链适配：适配 IDE 拼写检查与 Promise strict rules，确保全文件零警 * 🔧 fix(db/kingbase_impl): 修复标识符无条件加双引号导致SQL语法报错 - quoteKingbaseIdent 改为条件引用，仅对大写字母、保留字、特殊字符的标识符添加双引号 - 新增 kingbaseIdentNeedsQuote 判断标识符是否需要引用 - 新增 isKingbaseReservedWord 检测常见SQL保留字 - 补充 TestQuoteKingbaseIdent、TestKingbaseIdentNeedsQuote 单测覆盖各场景 - refs #176 * 🔧 fix(release,db/kingbase_impl): 修复金仓默认 schema 并静默生成 DMG - Kingbase：在 current_schema() 为 public 时探测候选 schema，并通过 DSN search_path 重连，兼容未限定 schema 的查询 - 候选优先级：数据库名/用户名同名 schema（存在性校验），否则仅在“唯一用户 schema 有表”场景兜底 - 避免连接污染：每次 Connect 重置探测结果，重连成功后替换连接并关闭旧连接 - 打包脚本：create-dmg 增加 --sandbox-safe，避免构建时自动弹出/打开挂载窗口 - 产物格式：强制 --format UDZO，并将 rw.*.dmg/UDRW 中间产物转换为可分发 DMG - 校验门禁：增加 hdiutil verify，失败时保留 .app 便于排查，同时修正卷图标探测并补 ad-hoc 签名 * 🐛 fix(connection/redis): 修复 Redis URI 用户名处理导致认证失败 - Redis URI 解析回填 user 字段，兼容 redis://user:pass@... 与 redis://:pass@... - 生成 URI 时按需输出 user/password，避免丢失用户名信息 - Redis 类型默认用户名置空，并在构建配置时清理历史默认 root - 避免 go-redis 触发 ACL AUTH(user, pass) 导致 WRONGPASS - refs #212 * 🔧 fix(release,ssh): 修复 SSH 误判连接成功并纠正 DMG 打包结构 - SSH 缓存 key 纳入认证指纹（password/keyPath），避免改错凭证仍复用旧连接/端口转发 - MySQL/MariaDB/Doris：SSH 隧道建立失败直接返回错误，不再回退直连导致测试误判成功 - 新增最小单测覆盖 SSH cache key 与 UseSSH 异常路径 - build-release.sh：create-dmg 使用 staging 目录作为 source，避免 DMG 根目录变成 Contents - refs #213 * fix: KingBase 连接后自动设置 search_path，修复自定义 schema 下表查询报 relation does not exist 的问题 (#215) * 🔧 fix(driver/kingbase,mongodb): 修复外置驱动事务引用与连接测试链路问题 - 金仓外置驱动链路增加表名与变更字段归一化，修复 ApplyChanges 场景下双引号转义异常导致的 SQL 语法错误 - 新增金仓公共标识符工具并复用到 kingbase_impl 与 optional_driver_agent_impl，统一处理多重转义、schema.table 拆分与引用规范 - 金仓代理连接后自动探测并设置 search_path，降低查询时必须手写 schema 前缀的概率 - MongoDB 连接参数改为显式 host/hosts 优先，避免被 URI 中 localhost 覆盖；代理链路保留目标地址不再改写为本地地址 - 连接测试增加前后端超时收敛与日志增强，避免长时间转圈；连接错误文案在未启用 TLS 时移除误导性的“SSL”前缀 - 统一日志级别为 INFO/WARN/ERROR，默认日志目录收敛到 ~/.GoNavi/Logs，并补充驱动构建脚本 build-driver-agents.sh * 🔧 fix(release/sidebar): 统一跨平台UPX压缩并修复PG函数列表查询兼容性 - 构建脚本新增通用 UPX 压缩函数，覆盖 macOS、Linux、Windows 产物 - 本地打包改为强制压缩策略：未安装 upx、压缩失败或校验失败直接终止 - macOS 打包在签名前压缩 .app 主程序并执行 upx -t 校验 - Linux 打包在生成 tar.gz 前压缩可执行文件并执行 upx -t 校验 - GitHub Release 与测试构建流程补齐 macOS/Linux/Windows 的 upx 安装与压缩步骤 - PostgreSQL/PG-like 函数元数据查询增加多路兼容 SQL，修复函数列表不显示问题 - refs #221 - refs #222 --------- Co-authored-by: Syngnat <yangguofeng919@gmail.com> Co-authored-by: 凌封 <49424247+fengin@users.noreply.github.com>
2026-05-12 01:29:42 +08:00 · 2026-03-12 17:40:35 +08:00
parent 6ad690cffc
commit eaa45f17fd
38 changed files with 2997 additions and 489 deletions
--- a/internal/app/app.go
+++ b/internal/app/app.go
@@ -8,6 +8,8 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"net/url"
+	"os"
 	"strings"
 	"sync"
 	"time"
@@ -218,6 +220,7 @@ func wrapConnectError(config connection.ConnectionConfig, err error) error {
 	if err == nil {
 		return nil
 	}
+	err = sanitizeMongoConnectErrorLabel(config, err)

 	var netErr net.Error
 	if errors.Is(err, context.DeadlineExceeded) || (errors.As(err, &netErr) && netErr.Timeout()) {
@@ -231,6 +234,73 @@ func wrapConnectError(config connection.ConnectionConfig, err error) error {
 	return withLogHint{err: err, logPath: logger.Path()}
 }

+type errorMessageOverride struct {
+	message string
+	cause   error
+}
+
+func (e errorMessageOverride) Error() string {
+	return e.message
+}
+
+func (e errorMessageOverride) Unwrap() error {
+	return e.cause
+}
+
+func sanitizeMongoConnectErrorLabel(config connection.ConnectionConfig, err error) error {
+	if err == nil {
+		return nil
+	}
+	if strings.ToLower(strings.TrimSpace(config.Type)) != "mongodb" {
+		return err
+	}
+	if mongoConnectUsesTLS(config) {
+		return err
+	}
+	original := err.Error()
+	rewritten := strings.ReplaceAll(original, "SSL 主库凭据", "主库凭据")
+	rewritten = strings.ReplaceAll(rewritten, "SSL 从库凭据", "从库凭据")
+	if rewritten == original {
+		return err
+	}
+	return errorMessageOverride{
+		message: rewritten,
+		cause:   err,
+	}
+}
+
+func mongoConnectUsesTLS(config connection.ConnectionConfig) bool {
+	if config.UseSSL {
+		return true
+	}
+	uriText := strings.TrimSpace(config.URI)
+	if uriText == "" {
+		return false
+	}
+	parsed, err := url.Parse(uriText)
+	if err != nil {
+		return false
+	}
+	for _, key := range []string{"tls", "ssl"} {
+		if enabled, known := parseMongoBool(parsed.Query().Get(key)); known {
+			return enabled
+		}
+	}
+	return strings.EqualFold(strings.TrimSpace(parsed.Scheme), "mongodb+srv")
+}
+
+func parseMongoBool(raw string) (enabled bool, known bool) {
+	value := strings.ToLower(strings.TrimSpace(raw))
+	switch value {
+	case "1", "true", "t", "yes", "y", "on", "required":
+		return true, true
+	case "0", "false", "f", "no", "n", "off", "disable", "disabled":
+		return false, true
+	default:
+		return false, false
+	}
+}
+
 type withLogHint struct {
 	err     error
 	logPath string
@@ -238,10 +308,15 @@ type withLogHint struct {

 func (e withLogHint) Error() string {
 	message := normalizeErrorMessage(e.err)
-	if strings.TrimSpace(e.logPath) == "" {
+	path := strings.TrimSpace(e.logPath)
+	if path == "" {
 		return message
 	}
-	return fmt.Sprintf("%s（详细日志：%s）", message, e.logPath)
+	info, statErr := os.Stat(path)
+	if statErr != nil || info.IsDir() || info.Size() <= 0 {
+		return message
+	}
+	return fmt.Sprintf("%s（详细日志：%s）", message, path)
 }

 func (e withLogHint) Unwrap() error {
--- a/internal/app/app_connect_error_test.go
+++ b/internal/app/app_connect_error_test.go
@@ -0,0 +1,84 @@
+package app
+
+import (
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestWrapConnectError_MongoNoSSL_RemovesMisleadingSSLLabel(t *testing.T) {
+	config := connection.ConnectionConfig{
+		Type:   "mongodb",
+		UseSSL: false,
+	}
+	sourceErr := errors.New("MongoDB 连接失败：SSL 主库凭据验证失败: mock error")
+
+	wrapped := wrapConnectError(config, sourceErr)
+	text := wrapped.Error()
+	if strings.Contains(text, "SSL 主库凭据") {
+		t.Fatalf("expected ssl label to be removed when TLS disabled, got: %s", text)
+	}
+	if !strings.Contains(text, "主库凭据验证失败") {
+		t.Fatalf("expected auth label to remain, got: %s", text)
+	}
+}
+
+func TestWrapConnectError_MongoURIForcesTLS_KeepsSSLLabel(t *testing.T) {
+	config := connection.ConnectionConfig{
+		Type:   "mongodb",
+		UseSSL: false,
+		URI:    "mongodb://user:pass@127.0.0.1:27017/admin?tls=true",
+	}
+	sourceErr := errors.New("MongoDB 连接失败：SSL 主库凭据验证失败: mock error")
+
+	wrapped := wrapConnectError(config, sourceErr)
+	text := wrapped.Error()
+	if !strings.Contains(text, "SSL 主库凭据") {
+		t.Fatalf("expected ssl label to remain when URI enables TLS, got: %s", text)
+	}
+}
+
+func TestWrapConnectError_MongoSRVDefaultTLS_KeepsSSLLabel(t *testing.T) {
+	config := connection.ConnectionConfig{
+		Type:   "mongodb",
+		UseSSL: false,
+		URI:    "mongodb+srv://user:pass@cluster0.example.com/admin",
+	}
+	sourceErr := errors.New("MongoDB 连接失败：SSL 主库凭据验证失败: mock error")
+
+	wrapped := wrapConnectError(config, sourceErr)
+	text := wrapped.Error()
+	if !strings.Contains(text, "SSL 主库凭据") {
+		t.Fatalf("expected ssl label to remain for mongodb+srv default TLS, got: %s", text)
+	}
+}
+
+func TestWithLogHintError_OmitEmptyLogPath(t *testing.T) {
+	dir := t.TempDir()
+	logPath := filepath.Join(dir, "gonavi.log")
+	if err := os.WriteFile(logPath, nil, 0o644); err != nil {
+		t.Fatalf("write empty log failed: %v", err)
+	}
+	err := withLogHint{err: errors.New("连接失败"), logPath: logPath}
+	text := err.Error()
+	if strings.Contains(text, "详细日志：") {
+		t.Fatalf("expected no log hint for empty file, got: %s", text)
+	}
+}
+
+func TestWithLogHintError_IncludeNonEmptyLogPath(t *testing.T) {
+	dir := t.TempDir()
+	logPath := filepath.Join(dir, "gonavi.log")
+	if err := os.WriteFile(logPath, []byte("log entry\n"), 0o644); err != nil {
+		t.Fatalf("write log failed: %v", err)
+	}
+	err := withLogHint{err: errors.New("连接失败"), logPath: logPath}
+	text := err.Error()
+	if !strings.Contains(text, "详细日志："+logPath) {
+		t.Fatalf("expected log hint with path, got: %s", text)
+	}
+}
--- a/internal/app/db_proxy.go
+++ b/internal/app/db_proxy.go
@@ -73,8 +73,8 @@ func resolveDialConfigWithProxy(raw connection.ConnectionConfig) (connection.Con
 		// 文件型/自定义 DSN 类型不走标准 host:port，不在此层改写。
 		return config, nil
 	}
-	if normalizedType == "mongodb" && config.MongoSRV {
-		// Mongo SRV 由驱动侧 Dialer 处理代理，避免破坏 DNS SRV 拓扑发现。
+	if normalizedType == "mongodb" {
+		// MongoDB 统一由驱动侧 Dialer 处理代理，保留原始目标地址，避免将连接目标改写为本地转发地址。
 		return config, nil
 	}

--- a/internal/app/db_proxy_test.go
+++ b/internal/app/db_proxy_test.go
@@ -0,0 +1,64 @@
+package app
+
+import (
+	"reflect"
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestResolveDialConfigWithProxy_MongoKeepsTargetAddress(t *testing.T) {
+	hosts := []string{"10.20.30.40:27017", "10.20.30.41:27017"}
+	raw := connection.ConnectionConfig{
+		Type:     "mongodb",
+		Host:     "10.20.30.40",
+		Port:     27017,
+		UseProxy: true,
+		Proxy: connection.ProxyConfig{
+			Type: "socks5",
+			Host: "127.0.0.1",
+			Port: 1080,
+		},
+		Hosts: hosts,
+	}
+
+	got, err := resolveDialConfigWithProxy(raw)
+	if err != nil {
+		t.Fatalf("resolveDialConfigWithProxy returned error: %v", err)
+	}
+	if got.Host != raw.Host || got.Port != raw.Port {
+		t.Fatalf("mongo target address should be kept, got=%s:%d want=%s:%d", got.Host, got.Port, raw.Host, raw.Port)
+	}
+	if !got.UseProxy {
+		t.Fatalf("mongo should keep UseProxy=true for driver-level dialer")
+	}
+	if !reflect.DeepEqual(got.Hosts, hosts) {
+		t.Fatalf("mongo hosts should be kept, got=%v want=%v", got.Hosts, hosts)
+	}
+}
+
+func TestResolveDialConfigWithProxy_MongoSRVKeepsTargetAddress(t *testing.T) {
+	raw := connection.ConnectionConfig{
+		Type:     "mongodb",
+		Host:     "cluster0.example.com",
+		Port:     27017,
+		MongoSRV: true,
+		UseProxy: true,
+		Proxy: connection.ProxyConfig{
+			Type: "http",
+			Host: "127.0.0.1",
+			Port: 7890,
+		},
+	}
+
+	got, err := resolveDialConfigWithProxy(raw)
+	if err != nil {
+		t.Fatalf("resolveDialConfigWithProxy returned error: %v", err)
+	}
+	if got.Host != raw.Host || got.Port != raw.Port {
+		t.Fatalf("mongo SRV target address should be kept, got=%s:%d want=%s:%d", got.Host, got.Port, raw.Host, raw.Port)
+	}
+	if !got.UseProxy {
+		t.Fatalf("mongo SRV should keep UseProxy=true for driver-level dialer")
+	}
+}
--- a/internal/app/global_proxy.go
+++ b/internal/app/global_proxy.go
@@ -72,25 +72,30 @@ func setGlobalProxyConfig(enabled bool, proxyConfig connection.ProxyConfig) (glo
 }

 func (a *App) ConfigureGlobalProxy(enabled bool, proxyConfig connection.ProxyConfig) connection.QueryResult {
+	before := currentGlobalProxyConfig()
 	snapshot, err := setGlobalProxyConfig(enabled, proxyConfig)
 	if err != nil {
 		return connection.QueryResult{Success: false, Message: err.Error()}
 	}

-	if snapshot.Enabled {
-		authState := ""
-		if strings.TrimSpace(snapshot.Proxy.User) != "" {
-			authState = "（认证：已配置）"
+	// 前端可能在同一配置下重复触发同步（例如严格模式或状态回放），
+	// 这里做幂等日志，避免重复刷屏。
+	if !globalProxySnapshotEqual(before, snapshot) {
+		if snapshot.Enabled {
+			authState := ""
+			if strings.TrimSpace(snapshot.Proxy.User) != "" {
+				authState = "（认证：已配置）"
+			}
+			logger.Infof(
+				"全局代理已启用：%s://%s:%d%s",
+				strings.ToLower(strings.TrimSpace(snapshot.Proxy.Type)),
+				strings.TrimSpace(snapshot.Proxy.Host),
+				snapshot.Proxy.Port,
+				authState,
+			)
+		} else {
+			logger.Infof("全局代理已关闭")
 		}
-		logger.Infof(
-			"全局代理已启用：%s://%s:%d%s",
-			strings.ToLower(strings.TrimSpace(snapshot.Proxy.Type)),
-			strings.TrimSpace(snapshot.Proxy.Host),
-			snapshot.Proxy.Port,
-			authState,
-		)
-	} else {
-		logger.Infof("全局代理已关闭")
 	}

 	return connection.QueryResult{
@@ -100,6 +105,24 @@ func (a *App) ConfigureGlobalProxy(enabled bool, proxyConfig connection.ProxyCon
 	}
 }

+func globalProxySnapshotEqual(a, b globalProxySnapshot) bool {
+	if a.Enabled != b.Enabled {
+		return false
+	}
+	if !a.Enabled {
+		return true
+	}
+	return proxyConfigEqual(a.Proxy, b.Proxy)
+}
+
+func proxyConfigEqual(a, b connection.ProxyConfig) bool {
+	return strings.EqualFold(strings.TrimSpace(a.Type), strings.TrimSpace(b.Type)) &&
+		strings.TrimSpace(a.Host) == strings.TrimSpace(b.Host) &&
+		a.Port == b.Port &&
+		strings.TrimSpace(a.User) == strings.TrimSpace(b.User) &&
+		a.Password == b.Password
+}
+
 func (a *App) GetGlobalProxyConfig() connection.QueryResult {
 	return connection.QueryResult{
 		Success: true,
--- a/internal/app/methods_db.go
+++ b/internal/app/methods_db.go
@@ -13,6 +13,16 @@ import (
 	"GoNavi-Wails/internal/utils"
 )

+const testConnectionTimeoutUpperBoundSeconds = 12
+
+func normalizeTestConnectionConfig(config connection.ConnectionConfig) connection.ConnectionConfig {
+	normalized := config
+	if normalized.Timeout <= 0 || normalized.Timeout > testConnectionTimeoutUpperBoundSeconds {
+		normalized.Timeout = testConnectionTimeoutUpperBoundSeconds
+	}
+	return normalized
+}
+
 // Generic DB Methods

 func (a *App) DBConnect(config connection.ConnectionConfig) connection.QueryResult {
@@ -28,13 +38,16 @@ func (a *App) DBConnect(config connection.ConnectionConfig) connection.QueryResu
 }

 func (a *App) TestConnection(config connection.ConnectionConfig) connection.QueryResult {
-	_, err := a.getDatabaseForcePing(config)
+	testConfig := normalizeTestConnectionConfig(config)
+	started := time.Now()
+	logger.Infof("TestConnection 开始：%s", formatConnSummary(testConfig))
+	_, err := a.getDatabaseForcePing(testConfig)
 	if err != nil {
-		logger.Error(err, "TestConnection 连接测试失败：%s", formatConnSummary(config))
+		logger.Error(err, "TestConnection 连接测试失败：耗时=%s %s", time.Since(started).Round(time.Millisecond), formatConnSummary(testConfig))
 		return connection.QueryResult{Success: false, Message: err.Error()}
 	}

-	logger.Infof("TestConnection 连接测试成功：%s", formatConnSummary(config))
+	logger.Infof("TestConnection 连接测试成功：耗时=%s %s", time.Since(started).Round(time.Millisecond), formatConnSummary(testConfig))
 	return connection.QueryResult{Success: true, Message: "连接成功"}
 }

--- a/internal/app/methods_db_timeout_test.go
+++ b/internal/app/methods_db_timeout_test.go
@@ -0,0 +1,31 @@
+package app
+
+import (
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestNormalizeTestConnectionConfig_DefaultToUpperBound(t *testing.T) {
+	config := connection.ConnectionConfig{Type: "mongodb", Timeout: 0}
+	got := normalizeTestConnectionConfig(config)
+	if got.Timeout != testConnectionTimeoutUpperBoundSeconds {
+		t.Fatalf("expected timeout=%d, got=%d", testConnectionTimeoutUpperBoundSeconds, got.Timeout)
+	}
+}
+
+func TestNormalizeTestConnectionConfig_KeepSmallerTimeout(t *testing.T) {
+	config := connection.ConnectionConfig{Type: "mongodb", Timeout: 6}
+	got := normalizeTestConnectionConfig(config)
+	if got.Timeout != 6 {
+		t.Fatalf("expected timeout=6, got=%d", got.Timeout)
+	}
+}
+
+func TestNormalizeTestConnectionConfig_ClampLargeTimeout(t *testing.T) {
+	config := connection.ConnectionConfig{Type: "mongodb", Timeout: 60}
+	got := normalizeTestConnectionConfig(config)
+	if got.Timeout != testConnectionTimeoutUpperBoundSeconds {
+		t.Fatalf("expected timeout=%d, got=%d", testConnectionTimeoutUpperBoundSeconds, got.Timeout)
+	}
+}
--- a/internal/app/methods_driver.go
+++ b/internal/app/methods_driver.go
@@ -2792,6 +2792,7 @@ func ensureOptionalDriverAgentBinary(a *App, definition driverDefinition, execut
 	driverType := normalizeDriverType(definition.Type)
 	displayName := resolveDriverDisplayName(definition)
 	forceSourceBuild := shouldForceSourceBuildForVersion(driverType, selectedVersion)
+	preferSourceBuildBeforeDownload := shouldPreferSourceBuildBeforeDownload(driverType, selectedVersion)
 	skipReuseCandidate := shouldSkipReusableAgentCandidate(driverType, selectedVersion)

 	info, err := os.Stat(executablePath)
@@ -2799,11 +2800,10 @@ func ensureOptionalDriverAgentBinary(a *App, definition driverDefinition, execut
 		if validateErr := db.ValidateOptionalDriverAgentExecutable(driverType, executablePath); validateErr != nil {
 			_ = os.Remove(executablePath)
 		} else {
-			hash, hashErr := hashFileSHA256(executablePath)
-			if hashErr != nil {
-				return "", "", fmt.Errorf("读取已安装 %s 驱动代理摘要失败：%w", displayName, hashErr)
+			// 用户点击“安装/重装”时应强制刷新驱动代理，避免沿用旧二进制导致修复不生效。
+			if removeErr := os.Remove(executablePath); removeErr != nil {
+				return "", "", fmt.Errorf("清理已安装 %s 驱动代理失败：%w", displayName, removeErr)
 			}
-			return fmt.Sprintf("local://existing/%s-driver-agent", driverType), hash, nil
 		}
 	}
 	if err == nil && info.IsDir() {
@@ -2834,6 +2834,22 @@ func ensureOptionalDriverAgentBinary(a *App, definition driverDefinition, execut
 	}

 	var downloadErrs []string
+	var sourceBuildAttempted bool
+	var sourceBuildErr error
+
+	if !forceSourceBuild && preferSourceBuildBeforeDownload {
+		sourceBuildAttempted = true
+		if a != nil {
+			a.emitDriverDownloadProgress(driverType, "downloading", 16, 100, fmt.Sprintf("优先使用本地源码构建 %s 驱动代理", displayName))
+		}
+		hash, buildErr := buildOptionalDriverAgentFromSource(definition, executablePath, selectedVersion)
+		if buildErr == nil {
+			return fmt.Sprintf("local://go-build/%s-driver-agent", driverType), hash, nil
+		}
+		sourceBuildErr = buildErr
+		logger.Warnf("预先本地构建 %s 驱动代理失败，将继续尝试下载预编译包：%v", displayName, buildErr)
+	}
+
 	if !forceSourceBuild {
 		downloadURLs := resolveOptionalDriverAgentDownloadURLs(definition, downloadURL)
 		if len(downloadURLs) > 0 {
@@ -2866,9 +2882,15 @@ func ensureOptionalDriverAgentBinary(a *App, definition driverDefinition, execut
 		a.emitDriverDownloadProgress(driverType, "downloading", 92, 100, "未命中预编译包，尝试开发态本地构建")
 	}

-	hash, buildErr := buildOptionalDriverAgentFromSource(definition, executablePath, selectedVersion)
-	if buildErr == nil {
-		return fmt.Sprintf("local://go-build/%s-driver-agent", driverType), hash, nil
+	var buildErr error
+	if sourceBuildAttempted {
+		buildErr = sourceBuildErr
+	} else {
+		hash, runErr := buildOptionalDriverAgentFromSource(definition, executablePath, selectedVersion)
+		buildErr = runErr
+		if buildErr == nil {
+			return fmt.Sprintf("local://go-build/%s-driver-agent", driverType), hash, nil
+		}
 	}

 	var parts []string
@@ -3086,12 +3108,25 @@ func shouldForceSourceBuildForVersion(driverType string, selectedVersion string)
 	return resolveMongoDriverMajorFromVersion(selectedVersion) == 1
 }

-func shouldSkipReusableAgentCandidate(driverType string, selectedVersion string) bool {
-	if normalizeDriverType(driverType) != "mongodb" {
+func shouldPreferSourceBuildBeforeDownload(driverType string, selectedVersion string) bool {
+	_ = selectedVersion
+	switch normalizeDriverType(driverType) {
+	case "kingbase":
+		// 金仓迭代期优先本地源码构建，避免下载到旧版本预编译代理导致修复不生效。
+		return true
+	default:
 		return false
 	}
+}
+
+func shouldSkipReusableAgentCandidate(driverType string, selectedVersion string) bool {
 	_ = selectedVersion
-	return true
+	switch normalizeDriverType(driverType) {
+	case "mongodb", "kingbase":
+		return true
+	default:
+		return false
+	}
 }

 func optionalDriverBuildTag(driverType string, selectedVersion string) (string, error) {
--- a/internal/db/diros_impl.go
+++ b/internal/db/diros_impl.go
@@ -9,7 +9,6 @@ import (
 	"strings"

 	"GoNavi-Wails/internal/connection"
-	"GoNavi-Wails/internal/logger"
 	"GoNavi-Wails/internal/ssh"
 	"GoNavi-Wails/internal/utils"

@@ -135,26 +134,26 @@ func collectDirosAddresses(config connection.ConnectionConfig) []string {
 	return result
 }

-func (d *DirosDB) getDSN(config connection.ConnectionConfig) string {
+func (d *DirosDB) getDSN(config connection.ConnectionConfig) (string, error) {
 	database := config.Database
 	protocol := "tcp"
 	address := normalizeMySQLAddress(config.Host, config.Port)

 	if config.UseSSH {
 		netName, err := ssh.RegisterSSHNetwork(config.SSH)
-		if err == nil {
-			protocol = netName
-			address = normalizeMySQLAddress(config.Host, config.Port)
-		} else {
-			logger.Warnf("注册 Doris SSH 网络失败，将尝试直连：地址=%s:%d 用户=%s，原因：%v", config.Host, config.Port, config.User, err)
+		if err != nil {
+			return "", fmt.Errorf("创建 SSH 隧道失败：%w", err)
 		}
+		protocol = netName
 	}

 	timeout := getConnectTimeoutSeconds(config)
 	tlsMode := resolveMySQLTLSMode(config)

-	return fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=%ds&tls=%s",
-		config.User, config.Password, protocol, address, database, timeout, url.QueryEscape(tlsMode))
+	return fmt.Sprintf(
+		"%s:%s@%s(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=%ds&tls=%s",
+		config.User, config.Password, protocol, address, database, timeout, url.QueryEscape(tlsMode),
+	), nil
 }

 func resolveDirosCredential(config connection.ConnectionConfig, addressIndex int) (string, string) {
@@ -192,7 +191,11 @@ func (d *DirosDB) Connect(config connection.ConnectionConfig) error {
 		candidateConfig.Port = port
 		candidateConfig.User, candidateConfig.Password = resolveDirosCredential(runConfig, index)

-		dsn := d.getDSN(candidateConfig)
+		dsn, err := d.getDSN(candidateConfig)
+		if err != nil {
+			errorDetails = append(errorDetails, fmt.Sprintf("%s 生成连接串失败: %v", address, err))
+			continue
+		}
 		db, err := sql.Open(dirosDriverName, dsn)
 		if err != nil {
 			errorDetails = append(errorDetails, fmt.Sprintf("%s 打开失败: %v", address, err))
--- a/internal/db/kingbase_identifier_utils.go
+++ b/internal/db/kingbase_identifier_utils.go
@@ -0,0 +1,164 @@
+package db
+
+import "strings"
+
+func normalizeKingbaseIdentCommon(raw string) string {
+	value := strings.TrimSpace(raw)
+	if value == "" {
+		return ""
+	}
+
+	// 兼容被多次 JSON 序列化后的转义引号：
+	// \\\"schema\\\" -> \"schema\" -> "schema"
+	for i := 0; i < 8; i++ {
+		next := strings.TrimSpace(value)
+		next = strings.ReplaceAll(next, `\\\"`, `\"`)
+		next = strings.ReplaceAll(next, `\"`, `"`)
+		if next == value {
+			break
+		}
+		value = next
+	}
+	value = strings.TrimSpace(value)
+
+	stripWrapperOnce := func(text string) string {
+		t := strings.TrimSpace(text)
+		if strings.HasPrefix(t, `\`) && len(t) > 1 {
+			t = strings.TrimSpace(strings.TrimPrefix(t, `\`))
+		}
+		if strings.HasSuffix(t, `\`) && len(t) > 1 {
+			t = strings.TrimSpace(strings.TrimSuffix(t, `\`))
+		}
+		if len(t) >= 4 && strings.HasPrefix(t, `\"`) && strings.HasSuffix(t, `\"`) {
+			return strings.TrimSpace(t[2 : len(t)-2])
+		}
+		if len(t) >= 2 && strings.HasPrefix(t, `"`) && strings.HasSuffix(t, `"`) {
+			return strings.TrimSpace(t[1 : len(t)-1])
+		}
+		if len(t) >= 2 && strings.HasPrefix(t, "`") && strings.HasSuffix(t, "`") {
+			return strings.TrimSpace(t[1 : len(t)-1])
+		}
+		if len(t) >= 2 && strings.HasPrefix(t, "[") && strings.HasSuffix(t, "]") {
+			return strings.TrimSpace(t[1 : len(t)-1])
+		}
+		return t
+	}
+
+	for i := 0; i < 8; i++ {
+		next := stripWrapperOnce(value)
+		if next == value {
+			break
+		}
+		value = next
+	}
+	value = strings.TrimSpace(value)
+
+	// 兼容错误的二次引用与残留反斜杠。
+	value = strings.ReplaceAll(value, `\"`, `"`)
+	value = strings.ReplaceAll(value, `""`, "")
+	value = strings.TrimSpace(value)
+
+	for i := 0; i < 8; i++ {
+		next := strings.TrimSpace(value)
+		changed := false
+		if strings.HasPrefix(next, `\`) && len(next) > 1 {
+			next = strings.TrimSpace(strings.TrimPrefix(next, `\`))
+			changed = true
+		}
+		if strings.HasSuffix(next, `\`) && len(next) > 1 {
+			next = strings.TrimSpace(strings.TrimSuffix(next, `\`))
+			changed = true
+		}
+		if !changed || next == value {
+			break
+		}
+		value = next
+	}
+
+	return strings.TrimSpace(value)
+}
+
+func splitKingbaseQualifiedNameCommon(raw string) (schema string, table string) {
+	text := strings.TrimSpace(raw)
+	if text == "" {
+		return "", ""
+	}
+
+	sep := findKingbaseQualifiedSeparator(text)
+	if sep < 0 {
+		return "", normalizeKingbaseIdentCommon(text)
+	}
+
+	schemaPart := normalizeKingbaseIdentCommon(text[:sep])
+	tablePart := normalizeKingbaseIdentCommon(text[sep+1:])
+
+	if tablePart == "" {
+		if schemaPart == "" {
+			return "", normalizeKingbaseIdentCommon(text)
+		}
+		return "", schemaPart
+	}
+	if schemaPart == "" {
+		return "", tablePart
+	}
+	return schemaPart, tablePart
+}
+
+func findKingbaseQualifiedSeparator(raw string) int {
+	inDouble := false
+	inBacktick := false
+	inBracket := false
+	escaped := false
+
+	for i := 0; i < len(raw); i++ {
+		ch := raw[i]
+		if escaped {
+			escaped = false
+			continue
+		}
+
+		if ch == '\\' {
+			escaped = true
+			continue
+		}
+
+		if inDouble {
+			if ch == '"' {
+				// SQL 双引号转义："" 代表字面量 "
+				if i+1 < len(raw) && raw[i+1] == '"' {
+					i++
+					continue
+				}
+				inDouble = false
+			}
+			continue
+		}
+
+		if inBacktick {
+			if ch == '`' {
+				inBacktick = false
+			}
+			continue
+		}
+
+		if inBracket {
+			if ch == ']' {
+				inBracket = false
+			}
+			continue
+		}
+
+		switch ch {
+		case '"':
+			inDouble = true
+		case '`':
+			inBacktick = true
+		case '[':
+			inBracket = true
+		case '.':
+			return i
+		}
+	}
+
+	return -1
+}
--- a/internal/db/kingbase_identifier_utils_test.go
+++ b/internal/db/kingbase_identifier_utils_test.go
@@ -0,0 +1,52 @@
+package db
+
+import "testing"
+
+func TestNormalizeKingbaseIdentCommon(t *testing.T) {
+	tests := []struct {
+		name string
+		in   string
+		want string
+	}{
+		{name: "plain", in: "ldf_server", want: "ldf_server"},
+		{name: "quoted", in: `"ldf_server"`, want: "ldf_server"},
+		{name: "escaped quoted", in: `\"ldf_server\"`, want: "ldf_server"},
+		{name: "double escaped quoted", in: `\\\"ldf_server\\\"`, want: "ldf_server"},
+		{name: "double quoted", in: `""ldf_server""`, want: "ldf_server"},
+		{name: "backtick quoted", in: "`ldf_server`", want: "ldf_server"},
+		{name: "bracket quoted", in: "[ldf_server]", want: "ldf_server"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := normalizeKingbaseIdentCommon(tt.in); got != tt.want {
+				t.Fatalf("normalizeKingbaseIdentCommon(%q)=%q,want=%q", tt.in, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestSplitKingbaseQualifiedNameCommon(t *testing.T) {
+	tests := []struct {
+		name       string
+		in         string
+		wantSchema string
+		wantTable  string
+	}{
+		{name: "plain", in: "ldf_server.andon_events", wantSchema: "ldf_server", wantTable: "andon_events"},
+		{name: "quoted", in: `"ldf_server"."andon_events"`, wantSchema: "ldf_server", wantTable: "andon_events"},
+		{name: "escaped quoted", in: `\"ldf_server\".\"andon_events\"`, wantSchema: "ldf_server", wantTable: "andon_events"},
+		{name: "double escaped quoted", in: `\\\"ldf_server\\\".\\\"andon_events\\\"`, wantSchema: "ldf_server", wantTable: "andon_events"},
+		{name: "space around dot", in: ` "ldf_server" . "andon_events" `, wantSchema: "ldf_server", wantTable: "andon_events"},
+		{name: "table only", in: "andon_events", wantSchema: "", wantTable: "andon_events"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotSchema, gotTable := splitKingbaseQualifiedNameCommon(tt.in)
+			if gotSchema != tt.wantSchema || gotTable != tt.wantTable {
+				t.Fatalf("splitKingbaseQualifiedNameCommon(%q)=(%q,%q),want=(%q,%q)", tt.in, gotSchema, gotTable, tt.wantSchema, tt.wantTable)
+			}
+		})
+	}
+}
--- a/internal/db/kingbase_impl.go
+++ b/internal/db/kingbase_impl.go
@@ -7,6 +7,7 @@ import (
 	"database/sql"
 	"fmt"
 	"net"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -136,11 +137,88 @@ func (k *KingbaseDB) Connect(config connection.ConnectionConfig) error {
 		if idx > 0 {
 			logger.Warnf("人大金仓 SSL 优先连接失败，已回退至明文连接")
 		}
+
+		// 获取 schema 列表以重构带有 search_path 的连接池
+		searchPathStr := k.getSearchPathStr()
+		if searchPathStr != "" {
+			// 将 search_path 参数拼入 DSN
+			finalDSN := dsn + " search_path=" + quoteConnValue(searchPathStr)
+			if finalDB, err := sql.Open("kingbase", finalDSN); err == nil {
+				k.pingTimeout = getConnectTimeout(attempt)
+				finalDB.SetConnMaxLifetime(5 * time.Minute)
+
+				// 临时将 k.conn 指向 finalDB 来做 ping 测试
+				oldConn := k.conn
+				k.conn = finalDB
+				if err := k.Ping(); err == nil {
+					// 成功使用带 search_path 的连接池
+					_ = oldConn.Close()
+					logger.Infof("人大金仓已配置连接级 search_path：%s", searchPathStr)
+				} else {
+					_ = finalDB.Close()
+					k.conn = oldConn
+				}
+			}
+		}
+		if searchPathStr != "" {
+			timeout := k.pingTimeout
+			if timeout <= 0 {
+				timeout = 5 * time.Second
+			}
+			ctx, cancel := utils.ContextWithTimeout(timeout)
+			defer cancel()
+			if _, err := k.conn.ExecContext(ctx, fmt.Sprintf("SET search_path TO %s", searchPathStr)); err != nil {
+				logger.Warnf("人大金仓显式设置 search_path 失败：%v", err)
+			} else {
+				logger.Infof("人大金仓已设置默认 search_path：%s", searchPathStr)
+			}
+		}
+
 		return nil
 	}
 	return fmt.Errorf("连接建立后验证失败：%s", strings.Join(failures, "；"))
 }

+// getSearchPathStr 查询当前数据库中所有用户 schema，配置 DSN 的 search_path。
+// KingBase 默认 search_path 为 "$user", public，对于自定义 schema 下的表不可见。
+func (k *KingbaseDB) getSearchPathStr() string {
+	if k.conn == nil {
+		return ""
+	}
+
+	query := `SELECT nspname FROM pg_namespace
+		WHERE nspname NOT IN ('pg_catalog', 'information_schema')
+		  AND nspname NOT LIKE 'pg_%'
+		ORDER BY nspname`
+
+	rows, err := k.conn.Query(query)
+	if err != nil {
+		logger.Warnf("人大金仓查询用户 schema 失败，跳过 search_path 设置：%v", err)
+		return ""
+	}
+	defer rows.Close()
+
+	var schemas []string
+	for rows.Next() {
+		var name string
+		if err := rows.Scan(&name); err != nil {
+			continue
+		}
+		name = strings.TrimSpace(name)
+		if name != "" {
+			// 使用 SQL 标准的双引号包裹标识符
+			escaped := strings.ReplaceAll(name, `"`, `""`)
+			schemas = append(schemas, `"`+escaped+`"`)
+		}
+	}
+
+	if len(schemas) == 0 {
+		return ""
+	}
+
+	return strings.Join(schemas, ", ")
+}
+
 func (k *KingbaseDB) Close() error {
 	// Close SSH forwarder first if exists
 	if k.forwarder != nil {
@@ -775,64 +853,63 @@ func (k *KingbaseDB) ApplyChanges(tableName string, changes connection.ChangeSet
 }

 func normalizeKingbaseIdentifier(raw string) string {
-	value := strings.TrimSpace(raw)
-	if value == "" {
-		return ""
+	return normalizeKingbaseIdentCommon(raw)
+}
+
+// kingbaseIdentNeedsQuote 判断标识符是否需要双引号包裹。
+// 与前端 sql.ts 中 needsQuote 逻辑保持一致。
+func kingbaseIdentNeedsQuote(ident string) bool {
+	if ident == "" {
+		return false
 	}
-
-	// 兼容 JSON/字符串转义后传入的标识符：\"schema\" -> "schema"
-	value = strings.ReplaceAll(value, `\"`, `"`)
-	value = strings.TrimSpace(value)
-
-	// 兼容异常多重包裹引号（例如 ""schema""、""""schema""""）。
-	// strings.Trim 会移除两端连续引号，迭代后可收敛到纯标识符。
-	for i := 0; i < 4; i++ {
-		next := strings.TrimSpace(strings.Trim(value, `"`))
-		if next == value {
-			break
+	// 不是合法裸标识符格式（必须以字母或下划线开头，仅含字母、数字、下划线）
+	if matched, _ := regexp.MatchString(`^[a-zA-Z_][a-zA-Z0-9_]*$`, ident); !matched {
+		return true
+	}
+	// 包含大写字母时需要引号保护（KingbaseES/PostgreSQL 默认将未加引号的标识符折叠为小写）
+	for _, r := range ident {
+		if r >= 'A' && r <= 'Z' {
+			return true
 		}
-		value = next
 	}
+	// 是 SQL 保留字
+	return isKingbaseReservedWord(ident)
+}

-	// 兼容其他方言可能残留的引用形式
-	if len(value) >= 2 && strings.HasPrefix(value, "`") && strings.HasSuffix(value, "`") {
-		value = strings.TrimSpace(strings.Trim(value, "`"))
+// isKingbaseReservedWord 检查是否为常见 SQL 保留字（简化版，与前端保持一致）。
+func isKingbaseReservedWord(ident string) bool {
+	switch strings.ToLower(ident) {
+	case "select", "from", "where", "table", "index", "user", "order", "group", "by",
+		"limit", "offset", "and", "or", "not", "null", "true", "false", "key",
+		"primary", "foreign", "references", "default", "constraint",
+		"create", "drop", "alter", "insert", "update", "delete", "set", "values", "into",
+		"join", "left", "right", "inner", "outer", "on", "as", "is", "in", "like",
+		"between", "case", "when", "then", "else", "end", "having", "distinct",
+		"all", "any", "exists", "union", "except", "intersect",
+		"column", "check", "unique", "with", "grant", "revoke", "trigger",
+		"begin", "commit", "rollback", "schema", "database", "view", "function",
+		"procedure", "sequence", "type", "domain", "role", "session", "current",
+		"authorization", "cross", "full", "natural", "some", "cast", "fetch",
+		"for", "to", "do", "if", "return", "returns", "declare", "cursor", "server", "owner":
+		return true
 	}
-	if len(value) >= 2 && strings.HasPrefix(value, "[") && strings.HasSuffix(value, "]") {
-		value = strings.TrimSpace(value[1 : len(value)-1])
-	}
-
-	return value
+	return false
 }

 func quoteKingbaseIdent(name string) string {
 	n := normalizeKingbaseIdentifier(name)
-	n = strings.ReplaceAll(n, `"`, `""`)
 	if n == "" {
 		return "\"\""
 	}
+	if !kingbaseIdentNeedsQuote(n) {
+		return n
+	}
+	n = strings.ReplaceAll(n, `"`, `""`)
 	return `"` + n + `"`
 }

 func splitKingbaseQualifiedTable(tableName string) (schema string, table string) {
-	raw := strings.TrimSpace(tableName)
-	if raw == "" {
-		return "", ""
-	}
-
-	if parts := strings.SplitN(raw, ".", 2); len(parts) == 2 {
-		schema = normalizeKingbaseIdentifier(parts[0])
-		table = normalizeKingbaseIdentifier(parts[1])
-		if table == "" {
-			return "", normalizeKingbaseIdentifier(raw)
-		}
-		if schema == "" {
-			return "", table
-		}
-		return schema, table
-	}
-
-	return "", normalizeKingbaseIdentifier(raw)
+	return splitKingbaseQualifiedNameCommon(tableName)
 }

 func (k *KingbaseDB) GetAllColumns(dbName string) ([]connection.ColumnDefinitionWithTable, error) {
--- a/internal/db/kingbase_impl_test.go
+++ b/internal/db/kingbase_impl_test.go
@@ -15,8 +15,10 @@ func TestNormalizeKingbaseIdentifier(t *testing.T) {
 		{name: "double quoted", in: `""ldf_server""`, want: "ldf_server"},
 		{name: "quad quoted", in: `""""ldf_server""""`, want: "ldf_server"},
 		{name: "escaped quoted", in: `\"ldf_server\"`, want: "ldf_server"},
+		{name: "double escaped quoted", in: `\\\"ldf_server\\\"`, want: "ldf_server"},
 		{name: "backtick quoted", in: "`ldf_server`", want: "ldf_server"},
 		{name: "bracket quoted", in: "[ldf_server]", want: "ldf_server"},
+		{name: "embedded double quotes", in: `ldf""server`, want: "ldfserver"},
 	}

 	for _, tt := range tests {
@@ -34,10 +36,25 @@ func TestQuoteKingbaseIdent(t *testing.T) {
 		in   string
 		want string
 	}{
-		{name: "plain", in: "ldf_server", want: `"ldf_server"`},
-		{name: "double quoted", in: `""ldf_server""`, want: `"ldf_server"`},
-		{name: "escaped quoted", in: `\"ldf_server\"`, want: `"ldf_server"`},
+		// 纯小写+下划线：不加引号
+		{name: "plain lowercase", in: "ldf_server", want: "ldf_server"},
+		{name: "plain lowercase 2", in: "bcs_barcode", want: "bcs_barcode"},
+		{name: "double quoted input", in: `""ldf_server""`, want: "ldf_server"},
+		{name: "escaped quoted input", in: `\"ldf_server\"`, want: "ldf_server"},
+		// 含大写字母：加引号
+		{name: "uppercase", in: "LDF_Server", want: `"LDF_Server"`},
+		{name: "mixed case", in: "myTable", want: `"myTable"`},
+		// SQL 保留字：加引号
+		{name: "reserved word order", in: "order", want: `"order"`},
+		{name: "reserved word user", in: "user", want: `"user"`},
+		{name: "reserved word table", in: "table", want: `"table"`},
+		{name: "reserved word select", in: "select", want: `"select"`},
+		// 含特殊字符：加引号
+		{name: "with hyphen", in: "my-table", want: `"my-table"`},
+		{name: "with space", in: "my table", want: `"my table"`},
 		{name: "with embedded quote", in: `ab"cd`, want: `"ab""cd"`},
+		// 空值
+		{name: "empty", in: "", want: `""`},
 	}

 	for _, tt := range tests {
@@ -49,6 +66,31 @@ func TestQuoteKingbaseIdent(t *testing.T) {
 	}
 }

+func TestKingbaseIdentNeedsQuote(t *testing.T) {
+	tests := []struct {
+		name string
+		in   string
+		want bool
+	}{
+		{name: "plain lowercase", in: "ldf_server", want: false},
+		{name: "starts with underscore", in: "_col", want: false},
+		{name: "with digits", in: "col123", want: false},
+		{name: "uppercase", in: "MyTable", want: true},
+		{name: "reserved word", in: "order", want: true},
+		{name: "with hyphen", in: "my-col", want: true},
+		{name: "starts with digit", in: "123col", want: true},
+		{name: "empty", in: "", want: false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := kingbaseIdentNeedsQuote(tt.in); got != tt.want {
+				t.Fatalf("kingbaseIdentNeedsQuote(%q) = %v, want %v", tt.in, got, tt.want)
+			}
+		})
+	}
+}
+
 func TestSplitKingbaseQualifiedTable(t *testing.T) {
 	tests := []struct {
 		name       string
@@ -59,6 +101,7 @@ func TestSplitKingbaseQualifiedTable(t *testing.T) {
 		{name: "plain qualified", in: "ldf_server.t_user", wantSchema: "ldf_server", wantTable: "t_user"},
 		{name: "double quoted qualified", in: `""ldf_server"".""t_user""`, wantSchema: "ldf_server", wantTable: "t_user"},
 		{name: "escaped qualified", in: `\"ldf_server\".\"t_user\"`, wantSchema: "ldf_server", wantTable: "t_user"},
+		{name: "double escaped qualified", in: `\\\"ldf_server\\\".\\\"t_user\\\"`, wantSchema: "ldf_server", wantTable: "t_user"},
 		{name: "bracket qualified", in: "[ldf_server].[t_user]", wantSchema: "ldf_server", wantTable: "t_user"},
 		{name: "table only", in: `""t_user""`, wantSchema: "", wantTable: "t_user"},
 	}
--- a/internal/db/mariadb_impl.go
+++ b/internal/db/mariadb_impl.go
@@ -11,7 +11,6 @@ import (
 	"time"

 	"GoNavi-Wails/internal/connection"
-	"GoNavi-Wails/internal/logger"
 	"GoNavi-Wails/internal/ssh"
 	"GoNavi-Wails/internal/utils"

@@ -25,30 +24,33 @@ type MariaDB struct {
 	pingTimeout time.Duration
 }

-func (m *MariaDB) getDSN(config connection.ConnectionConfig) string {
+func (m *MariaDB) getDSN(config connection.ConnectionConfig) (string, error) {
 	database := config.Database
 	protocol := "tcp"
 	address := fmt.Sprintf("%s:%d", config.Host, config.Port)

 	if config.UseSSH {
 		netName, err := ssh.RegisterSSHNetwork(config.SSH)
-		if err == nil {
-			protocol = netName
-			address = fmt.Sprintf("%s:%d", config.Host, config.Port)
-		} else {
-			logger.Warnf("注册 SSH 网络失败，将尝试直连：地址=%s:%d 用户=%s，原因：%v", config.Host, config.Port, config.User, err)
+		if err != nil {
+			return "", fmt.Errorf("创建 SSH 隧道失败：%w", err)
 		}
+		protocol = netName
 	}

 	timeout := getConnectTimeoutSeconds(config)
 	tlsMode := resolveMySQLTLSMode(config)

-	return fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=%ds&tls=%s",
-		config.User, config.Password, protocol, address, database, timeout, url.QueryEscape(tlsMode))
+	return fmt.Sprintf(
+		"%s:%s@%s(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=%ds&tls=%s",
+		config.User, config.Password, protocol, address, database, timeout, url.QueryEscape(tlsMode),
+	), nil
 }

 func (m *MariaDB) Connect(config connection.ConnectionConfig) error {
-	dsn := m.getDSN(config)
+	dsn, err := m.getDSN(config)
+	if err != nil {
+		return err
+	}
 	db, err := sql.Open("mysql", dsn)
 	if err != nil {
 		return fmt.Errorf("打开数据库连接失败：%w", err)
--- a/internal/db/mongodb_impl.go
+++ b/internal/db/mongodb_impl.go
@@ -151,10 +151,14 @@ func applyMongoURI(config connection.ConnectionConfig) connection.ConnectionConf
 		}
 	}

-	if len(config.Hosts) == 0 && len(hostsFromURI) > 0 {
+	explicitHost := strings.TrimSpace(config.Host) != ""
+	explicitHosts := len(config.Hosts) > 0
+
+	// 显式填写的 host/hosts 优先级高于 URI，避免表单 host 被 URI 中的 localhost 覆盖。
+	if !explicitHost && !explicitHosts && len(hostsFromURI) > 0 {
 		config.Hosts = hostsFromURI
 	}
-	if strings.TrimSpace(config.Host) == "" && len(hostsFromURI) > 0 {
+	if !explicitHost && !explicitHosts && len(hostsFromURI) > 0 {
 		host, port, ok := parseHostPortWithDefault(hostsFromURI[0], defaultPort)
 		if ok {
 			config.Host = host
@@ -281,9 +285,44 @@ func buildMongoAuthAttempts(config connection.ConnectionConfig) []connection.Con
 	return attempts
 }

+func mongoURIForcesTLS(uriText string) bool {
+	trimmed := strings.TrimSpace(uriText)
+	if trimmed == "" {
+		return false
+	}
+	parsed, err := url.Parse(trimmed)
+	if err != nil {
+		return false
+	}
+	query := parsed.Query()
+	for _, key := range []string{"tls", "ssl"} {
+		value := strings.ToLower(strings.TrimSpace(query.Get(key)))
+		switch value {
+		case "1", "true", "t", "yes", "y", "required":
+			return true
+		}
+	}
+	return false
+}
+
+func mongoAttemptSSLLabel(config connection.ConnectionConfig, fallbackToPlain bool) string {
+	if fallbackToPlain {
+		return "明文回退"
+	}
+	if mongoURIForcesTLS(config.URI) {
+		return "SSL"
+	}
+	enabled, _ := resolveMongoTLSSettings(config)
+	if enabled {
+		return "SSL"
+	}
+	return "明文"
+}
+
 func (m *MongoDB) Connect(config connection.ConnectionConfig) error {
 	runConfig := applyMongoURI(config)
 	connectConfig := runConfig
+	sshRouteHint := ""

 	if runConfig.UseSSH && runConfig.MongoSRV {
 		return fmt.Errorf("MongoDB SRV 记录模式暂不支持 SSH 隧道")
@@ -324,6 +363,7 @@ func (m *MongoDB) Connect(config connection.ConnectionConfig) error {
 		localConfig.URI = ""
 		localConfig.Hosts = []string{normalizeMongoAddress(host, port)}
 		connectConfig = localConfig
+		sshRouteHint = fmt.Sprintf("SSH隧道 %s -> %s:%d", forwarder.LocalAddr, targetHost, targetPort)
 		logger.Infof("MongoDB 通过本地端口转发连接：%s -> %s:%d", forwarder.LocalAddr, targetHost, targetPort)
 	}

@@ -337,20 +377,32 @@ func (m *MongoDB) Connect(config connection.ConnectionConfig) error {
 	if shouldTrySSLPreferredFallback(connectConfig) {
 		sslAttempts = append(sslAttempts, withSSLDisabled(connectConfig))
 	}
+	totalAttempts := 0
+	for _, attemptConfig := range sslAttempts {
+		totalAttempts += len(buildMongoAuthAttempts(attemptConfig))
+	}
+	attemptNo := 0

 	var errorDetails []string
 	for sslIndex, sslConfig := range sslAttempts {
-		sslLabel := "SSL"
-		if sslIndex > 0 {
-			sslLabel = "明文回退"
-		}
+		sslLabel := mongoAttemptSSLLabel(sslConfig, sslIndex > 0)

 		attemptConfigs := buildMongoAuthAttempts(sslConfig)
 		for index, attemptConfig := range attemptConfigs {
+			attemptNo++
 			authLabel := "主库凭据"
 			if index > 0 {
 				authLabel = "从库凭据"
 			}
+			targets := collectMongoSeeds(attemptConfig)
+			if len(targets) == 0 {
+				targets = append(targets, normalizeMongoAddress(attemptConfig.Host, attemptConfig.Port))
+			}
+			attemptStarted := time.Now()
+			logger.Infof(
+				"MongoDB 连接尝试：%d/%d 模式=%s 凭据=%s 目标=%s 代理=%t",
+				attemptNo, totalAttempts, sslLabel, authLabel, strings.Join(targets, ","), attemptConfig.UseProxy,
+			)

 			if sslIndex > 0 {
 				attemptConfig.URI = ""
@@ -369,7 +421,13 @@ func (m *MongoDB) Connect(config connection.ConnectionConfig) error {
 			}
 			client, err := mongo.Connect(clientOpts)
 			if err != nil {
-				errorDetails = append(errorDetails, fmt.Sprintf("%s %s连接失败: %v", sslLabel, authLabel, err))
+				logger.Warnf("MongoDB 连接尝试失败：%d/%d 模式=%s 凭据=%s 耗时=%s 错误=%v",
+					attemptNo, totalAttempts, sslLabel, authLabel, time.Since(attemptStarted).Round(time.Millisecond), err)
+				detail := fmt.Sprintf("%s %s连接失败: %v", sslLabel, authLabel, err)
+				if sshRouteHint != "" {
+					detail = fmt.Sprintf("%s（%s）", detail, sshRouteHint)
+				}
+				errorDetails = append(errorDetails, detail)
 				continue
 			}

@@ -379,9 +437,17 @@ func (m *MongoDB) Connect(config connection.ConnectionConfig) error {
 				_ = client.Disconnect(ctx)
 				cancel()
 				m.client = nil
-				errorDetails = append(errorDetails, fmt.Sprintf("%s %s验证失败: %v", sslLabel, authLabel, err))
+				logger.Warnf("MongoDB 连接尝试验证失败：%d/%d 模式=%s 凭据=%s 耗时=%s 错误=%v",
+					attemptNo, totalAttempts, sslLabel, authLabel, time.Since(attemptStarted).Round(time.Millisecond), err)
+				detail := fmt.Sprintf("%s %s验证失败: %v", sslLabel, authLabel, err)
+				if sshRouteHint != "" {
+					detail = fmt.Sprintf("%s（%s）", detail, sshRouteHint)
+				}
+				errorDetails = append(errorDetails, detail)
 				continue
 			}
+			logger.Infof("MongoDB 连接尝试成功：%d/%d 模式=%s 凭据=%s 耗时=%s",
+				attemptNo, totalAttempts, sslLabel, authLabel, time.Since(attemptStarted).Round(time.Millisecond))
 			if sslIndex > 0 {
 				logger.Warnf("MongoDB SSL 优先连接失败，已回退至明文连接")
 			}
--- a/internal/db/mongodb_impl_uri_test.go
+++ b/internal/db/mongodb_impl_uri_test.go
@@ -0,0 +1,39 @@
+//go:build gonavi_full_drivers || gonavi_mongodb_driver
+
+package db
+
+import (
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestApplyMongoURI_ExplicitHostDoesNotAdoptURIHosts(t *testing.T) {
+	config := connection.ConnectionConfig{
+		Host: "10.10.10.10",
+		Port: 27017,
+		URI:  "mongodb://localhost:27017/admin",
+	}
+
+	got := applyMongoURI(config)
+	if got.Host != "10.10.10.10" {
+		t.Fatalf("expected host to remain explicit, got %q", got.Host)
+	}
+	if len(got.Hosts) != 0 {
+		t.Fatalf("expected hosts to remain empty when explicit host exists, got %v", got.Hosts)
+	}
+}
+
+func TestApplyMongoURI_ExplicitHostsDoesNotAdoptURIHosts(t *testing.T) {
+	config := connection.ConnectionConfig{
+		Host:  "10.10.10.10",
+		Port:  27017,
+		Hosts: []string{"10.10.10.10:27017", "10.10.10.11:27017"},
+		URI:   "mongodb://localhost:27017,localhost:27018/admin?replicaSet=rs0",
+	}
+
+	got := applyMongoURI(config)
+	if len(got.Hosts) != 2 || got.Hosts[0] != "10.10.10.10:27017" {
+		t.Fatalf("expected explicit hosts to stay untouched, got %v", got.Hosts)
+	}
+}
--- a/internal/db/mongodb_impl_v1.go
+++ b/internal/db/mongodb_impl_v1.go
@@ -152,10 +152,14 @@ func applyMongoURI(config connection.ConnectionConfig) connection.ConnectionConf
 		}
 	}

-	if len(config.Hosts) == 0 && len(hostsFromURI) > 0 {
+	explicitHost := strings.TrimSpace(config.Host) != ""
+	explicitHosts := len(config.Hosts) > 0
+
+	// 显式填写的 host/hosts 优先级高于 URI，避免表单 host 被 URI 中的 localhost 覆盖。
+	if !explicitHost && !explicitHosts && len(hostsFromURI) > 0 {
 		config.Hosts = hostsFromURI
 	}
-	if strings.TrimSpace(config.Host) == "" && len(hostsFromURI) > 0 {
+	if !explicitHost && !explicitHosts && len(hostsFromURI) > 0 {
 		host, port, ok := parseHostPortWithDefault(hostsFromURI[0], defaultPort)
 		if ok {
 			config.Host = host
@@ -282,9 +286,44 @@ func buildMongoAuthAttempts(config connection.ConnectionConfig) []connection.Con
 	return attempts
 }

+func mongoURIForcesTLS(uriText string) bool {
+	trimmed := strings.TrimSpace(uriText)
+	if trimmed == "" {
+		return false
+	}
+	parsed, err := url.Parse(trimmed)
+	if err != nil {
+		return false
+	}
+	query := parsed.Query()
+	for _, key := range []string{"tls", "ssl"} {
+		value := strings.ToLower(strings.TrimSpace(query.Get(key)))
+		switch value {
+		case "1", "true", "t", "yes", "y", "required":
+			return true
+		}
+	}
+	return false
+}
+
+func mongoAttemptSSLLabel(config connection.ConnectionConfig, fallbackToPlain bool) string {
+	if fallbackToPlain {
+		return "明文回退"
+	}
+	if mongoURIForcesTLS(config.URI) {
+		return "SSL"
+	}
+	enabled, _ := resolveMongoTLSSettings(config)
+	if enabled {
+		return "SSL"
+	}
+	return "明文"
+}
+
 func (m *MongoDBV1) Connect(config connection.ConnectionConfig) error {
 	runConfig := applyMongoURI(config)
 	connectConfig := runConfig
+	sshRouteHint := ""

 	if runConfig.UseSSH && runConfig.MongoSRV {
 		return fmt.Errorf("MongoDB SRV 记录模式暂不支持 SSH 隧道")
@@ -325,6 +364,7 @@ func (m *MongoDBV1) Connect(config connection.ConnectionConfig) error {
 		localConfig.URI = ""
 		localConfig.Hosts = []string{normalizeMongoAddress(host, port)}
 		connectConfig = localConfig
+		sshRouteHint = fmt.Sprintf("SSH隧道 %s -> %s:%d", forwarder.LocalAddr, targetHost, targetPort)
 		logger.Infof("MongoDB 通过本地端口转发连接：%s -> %s:%d", forwarder.LocalAddr, targetHost, targetPort)
 	}

@@ -338,20 +378,32 @@ func (m *MongoDBV1) Connect(config connection.ConnectionConfig) error {
 	if shouldTrySSLPreferredFallback(connectConfig) {
 		sslAttempts = append(sslAttempts, withSSLDisabled(connectConfig))
 	}
+	totalAttempts := 0
+	for _, attemptConfig := range sslAttempts {
+		totalAttempts += len(buildMongoAuthAttempts(attemptConfig))
+	}
+	attemptNo := 0

 	var errorDetails []string
 	for sslIndex, sslConfig := range sslAttempts {
-		sslLabel := "SSL"
-		if sslIndex > 0 {
-			sslLabel = "明文回退"
-		}
+		sslLabel := mongoAttemptSSLLabel(sslConfig, sslIndex > 0)

 		attemptConfigs := buildMongoAuthAttempts(sslConfig)
 		for index, attemptConfig := range attemptConfigs {
+			attemptNo++
 			authLabel := "主库凭据"
 			if index > 0 {
 				authLabel = "从库凭据"
 			}
+			targets := collectMongoSeeds(attemptConfig)
+			if len(targets) == 0 {
+				targets = append(targets, normalizeMongoAddress(attemptConfig.Host, attemptConfig.Port))
+			}
+			attemptStarted := time.Now()
+			logger.Infof(
+				"MongoDB(v1) 连接尝试：%d/%d 模式=%s 凭据=%s 目标=%s 代理=%t",
+				attemptNo, totalAttempts, sslLabel, authLabel, strings.Join(targets, ","), attemptConfig.UseProxy,
+			)

 			if sslIndex > 0 {
 				attemptConfig.URI = ""
@@ -372,7 +424,13 @@ func (m *MongoDBV1) Connect(config connection.ConnectionConfig) error {
 			client, err := mongo.Connect(connectCtx, clientOpts)
 			connectCancel()
 			if err != nil {
-				errorDetails = append(errorDetails, fmt.Sprintf("%s %s连接失败: %v", sslLabel, authLabel, err))
+				logger.Warnf("MongoDB(v1) 连接尝试失败：%d/%d 模式=%s 凭据=%s 耗时=%s 错误=%v",
+					attemptNo, totalAttempts, sslLabel, authLabel, time.Since(attemptStarted).Round(time.Millisecond), err)
+				detail := fmt.Sprintf("%s %s连接失败: %v", sslLabel, authLabel, err)
+				if sshRouteHint != "" {
+					detail = fmt.Sprintf("%s（%s）", detail, sshRouteHint)
+				}
+				errorDetails = append(errorDetails, detail)
 				continue
 			}

@@ -382,9 +440,17 @@ func (m *MongoDBV1) Connect(config connection.ConnectionConfig) error {
 				_ = client.Disconnect(ctx)
 				cancel()
 				m.client = nil
-				errorDetails = append(errorDetails, fmt.Sprintf("%s %s验证失败: %v", sslLabel, authLabel, err))
+				logger.Warnf("MongoDB(v1) 连接尝试验证失败：%d/%d 模式=%s 凭据=%s 耗时=%s 错误=%v",
+					attemptNo, totalAttempts, sslLabel, authLabel, time.Since(attemptStarted).Round(time.Millisecond), err)
+				detail := fmt.Sprintf("%s %s验证失败: %v", sslLabel, authLabel, err)
+				if sshRouteHint != "" {
+					detail = fmt.Sprintf("%s（%s）", detail, sshRouteHint)
+				}
+				errorDetails = append(errorDetails, detail)
 				continue
 			}
+			logger.Infof("MongoDB(v1) 连接尝试成功：%d/%d 模式=%s 凭据=%s 耗时=%s",
+				attemptNo, totalAttempts, sslLabel, authLabel, time.Since(attemptStarted).Round(time.Millisecond))
 			if sslIndex > 0 {
 				logger.Warnf("MongoDB(v1) SSL 优先连接失败，已回退至明文连接")
 			}
--- a/internal/db/mongodb_impl_v1_uri_test.go
+++ b/internal/db/mongodb_impl_v1_uri_test.go
@@ -0,0 +1,25 @@
+//go:build gonavi_mongodb_driver_v1
+
+package db
+
+import (
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestApplyMongoURIV1_ExplicitHostDoesNotAdoptURIHosts(t *testing.T) {
+	config := connection.ConnectionConfig{
+		Host: "10.10.10.10",
+		Port: 27017,
+		URI:  "mongodb://localhost:27017/admin",
+	}
+
+	got := applyMongoURI(config)
+	if got.Host != "10.10.10.10" {
+		t.Fatalf("expected host to remain explicit, got %q", got.Host)
+	}
+	if len(got.Hosts) != 0 {
+		t.Fatalf("expected hosts to remain empty when explicit host exists, got %v", got.Hosts)
+	}
+}
--- a/internal/db/mysql_impl.go
+++ b/internal/db/mysql_impl.go
@@ -169,26 +169,26 @@ func collectMySQLAddresses(config connection.ConnectionConfig) []string {
 	return result
 }

-func (m *MySQLDB) getDSN(config connection.ConnectionConfig) string {
+func (m *MySQLDB) getDSN(config connection.ConnectionConfig) (string, error) {
 	database := config.Database
 	protocol := "tcp"
 	address := normalizeMySQLAddress(config.Host, config.Port)

 	if config.UseSSH {
 		netName, err := ssh.RegisterSSHNetwork(config.SSH)
-		if err == nil {
-			protocol = netName
-			address = normalizeMySQLAddress(config.Host, config.Port)
-		} else {
-			logger.Warnf("注册 SSH 网络失败，将尝试直连：地址=%s:%d 用户=%s，原因：%v", config.Host, config.Port, config.User, err)
+		if err != nil {
+			return "", fmt.Errorf("创建 SSH 隧道失败：%w", err)
 		}
+		protocol = netName
 	}

 	timeout := getConnectTimeoutSeconds(config)
 	tlsMode := resolveMySQLTLSMode(config)

-	return fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=%ds&tls=%s",
-		config.User, config.Password, protocol, address, database, timeout, url.QueryEscape(tlsMode))
+	return fmt.Sprintf(
+		"%s:%s@%s(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=%ds&tls=%s",
+		config.User, config.Password, protocol, address, database, timeout, url.QueryEscape(tlsMode),
+	), nil
 }

 func resolveMySQLCredential(config connection.ConnectionConfig, addressIndex int) (string, string) {
@@ -226,7 +226,11 @@ func (m *MySQLDB) Connect(config connection.ConnectionConfig) error {
 		candidateConfig.Port = port
 		candidateConfig.User, candidateConfig.Password = resolveMySQLCredential(runConfig, index)

-		dsn := m.getDSN(candidateConfig)
+		dsn, err := m.getDSN(candidateConfig)
+		if err != nil {
+			errorDetails = append(errorDetails, fmt.Sprintf("%s 生成连接串失败: %v", address, err))
+			continue
+		}
 		db, err := sql.Open("mysql", dsn)
 		if err != nil {
 			errorDetails = append(errorDetails, fmt.Sprintf("%s 打开失败: %v", address, err))
--- a/internal/db/mysql_ssh_test.go
+++ b/internal/db/mysql_ssh_test.go
@@ -0,0 +1,26 @@
+package db
+
+import (
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestMySQLDSN_UseSSH_ShouldFailWhenSSHInvalid(t *testing.T) {
+	m := &MySQLDB{}
+	_, err := m.getDSN(connection.ConnectionConfig{
+		Host:   "127.0.0.1",
+		Port:   3306,
+		User:   "root",
+		UseSSH: true,
+		SSH: connection.SSHConfig{
+			Host:     "127.0.0.1",
+			Port:     0, // invalid port, should fail immediately
+			User:     "bad",
+			Password: "bad",
+		},
+	})
+	if err == nil {
+		t.Fatalf("expected error when UseSSH=true and SSH config invalid")
+	}
+}
--- a/internal/db/optional_driver_agent_impl.go
+++ b/internal/db/optional_driver_agent_impl.go
@@ -9,6 +9,7 @@ import (
 	"io"
 	"os"
 	"os/exec"
+	"reflect"
 	"runtime"
 	"strings"
 	"sync"
@@ -145,6 +146,7 @@ func (c *optionalDriverAgentClient) captureStderr(stderr io.Reader) {
 		if line == "" {
 			continue
 		}
+		logger.Warnf("%s 驱动代理 stderr: %s", driverDisplayName(c.driver), line)
 		c.stderrMu.Lock()
 		if c.stderr.Len() > 0 {
 			c.stderr.WriteString(" | ")
@@ -268,6 +270,7 @@ func (d *OptionalDriverAgentDB) Connect(config connection.ConnectionConfig) erro
 		return err
 	}
 	d.client = client
+	d.ensureKingbaseSearchPath(config)
 	return nil
 }

@@ -488,6 +491,16 @@ func (d *OptionalDriverAgentDB) ApplyChanges(tableName string, changes connectio
 	if err != nil {
 		return err
 	}
+	if strings.EqualFold(d.driverType, "kingbase") {
+		if normalized := normalizeKingbaseAgentTableName(tableName); normalized != "" {
+			tableName = normalized
+		}
+		if normalized, normErr := d.normalizeKingbaseAgentChangeSet(tableName, changes); normErr == nil {
+			changes = normalized
+		} else {
+			logger.Warnf("Kingbase ApplyChanges 字段名规范化失败：%v", normErr)
+		}
+	}
 	return client.call(optionalAgentRequest{
 		Method:    optionalAgentMethodApplyChanges,
 		TableName: tableName,
@@ -502,6 +515,269 @@ func (d *OptionalDriverAgentDB) requireClient() (*optionalDriverAgentClient, err
 	return d.client, nil
 }

+func (d *OptionalDriverAgentDB) ensureKingbaseSearchPath(config connection.ConnectionConfig) {
+	if !strings.EqualFold(d.driverType, "kingbase") {
+		return
+	}
+	client, err := d.requireClient()
+	if err != nil || client == nil {
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	schemas, err := d.listKingbaseSchemas(ctx)
+	if err != nil || len(schemas) == 0 {
+		if err != nil {
+			logger.Warnf("人大金仓驱动代理探测 schema 失败：%v", err)
+		}
+		return
+	}
+
+	searchPath := buildKingbaseSearchPathFromSchemas(schemas)
+	if strings.TrimSpace(searchPath) == "" {
+		return
+	}
+
+	if _, err := d.ExecContext(ctx, fmt.Sprintf("SET search_path TO %s", searchPath)); err != nil {
+		logger.Warnf("人大金仓驱动代理设置 search_path 失败：%v", err)
+		return
+	}
+	logger.Infof("人大金仓驱动代理已设置默认 search_path：%s", searchPath)
+}
+
+func (d *OptionalDriverAgentDB) listKingbaseSchemas(ctx context.Context) ([]string, error) {
+	query := `SELECT nspname FROM pg_namespace
+		WHERE nspname NOT IN ('pg_catalog', 'information_schema')
+		  AND nspname NOT LIKE 'pg_%'
+		ORDER BY nspname`
+	rows, _, err := d.QueryContext(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+
+	schemas := make([]string, 0, len(rows))
+	for _, row := range rows {
+		for key, val := range row {
+			if strings.EqualFold(key, "nspname") || strings.EqualFold(key, "schema") {
+				name := strings.TrimSpace(fmt.Sprintf("%v", val))
+				if name != "" {
+					schemas = append(schemas, name)
+				}
+				break
+			}
+		}
+		if len(row) == 1 {
+			for _, val := range row {
+				name := strings.TrimSpace(fmt.Sprintf("%v", val))
+				if name != "" {
+					schemas = append(schemas, name)
+				}
+				break
+			}
+		}
+	}
+	return schemas, nil
+}
+
+func buildKingbaseSearchPathFromSchemas(schemas []string) string {
+	if len(schemas) == 0 {
+		return ""
+	}
+	seen := make(map[string]struct{}, len(schemas)+1)
+	parts := make([]string, 0, len(schemas)+1)
+	for _, name := range schemas {
+		trimmed := normalizeKingbaseAgentIdent(name)
+		if trimmed == "" {
+			continue
+		}
+		key := strings.ToLower(trimmed)
+		if _, ok := seen[key]; ok {
+			continue
+		}
+		seen[key] = struct{}{}
+		parts = append(parts, quoteKingbaseAgentIdent(trimmed))
+	}
+	if _, ok := seen["public"]; !ok {
+		parts = append(parts, "public")
+	}
+	return strings.Join(parts, ", ")
+}
+
+func quoteKingbaseAgentIdent(name string) string {
+	n := normalizeKingbaseAgentIdent(name)
+	if n == "" {
+		return "\"\""
+	}
+	n = strings.ReplaceAll(n, `"`, `""`)
+	return `"` + n + `"`
+}
+
+func normalizeKingbaseAgentTableName(raw string) string {
+	schema, table := splitKingbaseQualifiedNameCommon(raw)
+	if table == "" {
+		return ""
+	}
+	if schema == "" {
+		return table
+	}
+	return schema + "." + table
+}
+
+func normalizeKingbaseAgentIdent(raw string) string {
+	return normalizeKingbaseIdentCommon(raw)
+}
+
+type kingbaseAgentColumnIndex struct {
+	exact   map[string]string
+	compact map[string]string
+}
+
+func buildKingbaseAgentColumnIndex(columns []string) kingbaseAgentColumnIndex {
+	exact := make(map[string]string, len(columns))
+	compact := make(map[string]string, len(columns))
+	compactSeen := make(map[string]string, len(columns))
+	compactDup := make(map[string]struct{}, len(columns))
+
+	for _, col := range columns {
+		name := normalizeKingbaseAgentIdent(col)
+		if name == "" {
+			continue
+		}
+		lower := strings.ToLower(name)
+		if _, ok := exact[lower]; !ok {
+			exact[lower] = name
+		}
+		key := normalizeKingbaseAgentCompactKey(name)
+		if key == "" {
+			continue
+		}
+		if prev, ok := compactSeen[key]; ok && !strings.EqualFold(prev, name) {
+			compactDup[key] = struct{}{}
+			continue
+		}
+		compactSeen[key] = name
+	}
+
+	if len(compactDup) > 0 {
+		for key := range compactDup {
+			delete(compactSeen, key)
+		}
+	}
+	for key, value := range compactSeen {
+		compact[key] = value
+	}
+	return kingbaseAgentColumnIndex{exact: exact, compact: compact}
+}
+
+func normalizeKingbaseAgentCompactKey(raw string) string {
+	name := normalizeKingbaseAgentIdent(raw)
+	if name == "" {
+		return ""
+	}
+	name = strings.ToLower(strings.TrimSpace(name))
+	name = strings.Join(strings.Fields(name), "")
+	name = strings.ReplaceAll(name, "_", "")
+	return name
+}
+
+func resolveKingbaseAgentColumnName(name string, index kingbaseAgentColumnIndex) string {
+	cleaned := normalizeKingbaseAgentIdent(name)
+	if cleaned == "" {
+		return name
+	}
+	lower := strings.ToLower(cleaned)
+	if actual, ok := index.exact[lower]; ok {
+		return actual
+	}
+	compact := normalizeKingbaseAgentCompactKey(cleaned)
+	if actual, ok := index.compact[compact]; ok {
+		return actual
+	}
+	return cleaned
+}
+
+func normalizeKingbaseAgentChangeSetByColumns(changes connection.ChangeSet, columns []string) (connection.ChangeSet, error) {
+	index := buildKingbaseAgentColumnIndex(columns)
+	if len(index.exact) == 0 && len(index.compact) == 0 {
+		return changes, nil
+	}
+
+	mapRow := func(row map[string]interface{}) (map[string]interface{}, error) {
+		if row == nil {
+			return row, nil
+		}
+		out := make(map[string]interface{}, len(row))
+		for key, value := range row {
+			nextKey := resolveKingbaseAgentColumnName(key, index)
+			if existing, ok := out[nextKey]; ok && !reflect.DeepEqual(existing, value) {
+				return nil, fmt.Errorf("duplicate mapped column %q", nextKey)
+			}
+			out[nextKey] = value
+		}
+		return out, nil
+	}
+
+	next := connection.ChangeSet{
+		Inserts: make([]map[string]interface{}, 0, len(changes.Inserts)),
+		Updates: make([]connection.UpdateRow, 0, len(changes.Updates)),
+		Deletes: make([]map[string]interface{}, 0, len(changes.Deletes)),
+	}
+
+	for _, row := range changes.Inserts {
+		mapped, err := mapRow(row)
+		if err != nil {
+			return changes, err
+		}
+		next.Inserts = append(next.Inserts, mapped)
+	}
+
+	for _, upd := range changes.Updates {
+		keys, err := mapRow(upd.Keys)
+		if err != nil {
+			return changes, err
+		}
+		values, err := mapRow(upd.Values)
+		if err != nil {
+			return changes, err
+		}
+		next.Updates = append(next.Updates, connection.UpdateRow{
+			Keys:   keys,
+			Values: values,
+		})
+	}
+
+	for _, row := range changes.Deletes {
+		mapped, err := mapRow(row)
+		if err != nil {
+			return changes, err
+		}
+		next.Deletes = append(next.Deletes, mapped)
+	}
+
+	return next, nil
+}
+
+func (d *OptionalDriverAgentDB) normalizeKingbaseAgentChangeSet(tableName string, changes connection.ChangeSet) (connection.ChangeSet, error) {
+	columns, err := d.GetColumns("", tableName)
+	if err != nil {
+		return changes, err
+	}
+	if len(columns) == 0 {
+		return changes, nil
+	}
+	names := make([]string, 0, len(columns))
+	for _, col := range columns {
+		name := strings.TrimSpace(col.Name)
+		if name == "" {
+			continue
+		}
+		names = append(names, name)
+	}
+	return normalizeKingbaseAgentChangeSetByColumns(changes, names)
+}
+
 func timeoutMsFromContext(ctx context.Context) int64 {
 	deadline, ok := ctx.Deadline()
 	if !ok {
--- a/internal/db/optional_driver_agent_impl_test.go
+++ b/internal/db/optional_driver_agent_impl_test.go
@@ -1,32 +1,67 @@
 package db

 import (
-	"context"
 	"testing"
-	"time"
+
+	"GoNavi-Wails/internal/connection"
 )

-func TestTimeoutMsFromContext_NoDeadline(t *testing.T) {
-	if got := timeoutMsFromContext(context.Background()); got != 0 {
-		t.Fatalf("无 deadline 时应返回 0，got=%d", got)
+func TestNormalizeKingbaseAgentTableName(t *testing.T) {
+	tests := []struct {
+		name string
+		in   string
+		want string
+	}{
+		{name: "plain", in: "ldf_server.andon_events", want: "ldf_server.andon_events"},
+		{name: "quoted", in: `"ldf_server"."andon_events"`, want: "ldf_server.andon_events"},
+		{name: "double quoted", in: `""ldf_server"".""andon_events""`, want: "ldf_server.andon_events"},
+		{name: "escaped", in: `\"ldf_server\".\"andon_events\"`, want: "ldf_server.andon_events"},
+		{name: "double escaped", in: `\\\"ldf_server\\\".\\\"andon_events\\\"`, want: "ldf_server.andon_events"},
+		{name: "space around dot", in: ` "ldf_server" . "andon_events" `, want: "ldf_server.andon_events"},
+		{name: "table only", in: `bcs_barcode`, want: "bcs_barcode"},
+		{name: "table only quoted", in: `"bcs_barcode"`, want: "bcs_barcode"},
+		{name: "table only double quoted", in: `""bcs_barcode""`, want: "bcs_barcode"},
+		{name: "table only double escaped", in: `\\\"bcs_barcode\\\"`, want: "bcs_barcode"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := normalizeKingbaseAgentTableName(tt.in); got != tt.want {
+				t.Fatalf("normalizeKingbaseAgentTableName(%q) = %q, want %q", tt.in, got, tt.want)
+			}
+		})
 	}
 }

-func TestTimeoutMsFromContext_WithDeadline(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
-	defer cancel()
+func TestNormalizeKingbaseAgentChangeSetByColumns(t *testing.T) {
+	columns := []string{"andon_events_id", "event_name", "event_code"}
+	input := connection.ChangeSet{
+		Inserts: []map[string]interface{}{
+			{"event name": "物料1", "event_code": "EV-0001", "andon_events_id": 1},
+		},
+		Updates: []connection.UpdateRow{
+			{Keys: map[string]interface{}{"andon_events_id": 1}, Values: map[string]interface{}{"event name": "物料2"}},
+		},
+		Deletes: []map[string]interface{}{
+			{"andon_events_id": 1},
+		},
+	}

-	got := timeoutMsFromContext(ctx)
-	if got <= 0 {
-		t.Fatalf("有 deadline 时应返回正值，got=%d", got)
-	}
-}
-
-func TestTimeoutMsFromContext_ExpiredDeadline(t *testing.T) {
-	ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(-time.Second))
-	defer cancel()
-
-	if got := timeoutMsFromContext(ctx); got != 1 {
-		t.Fatalf("过期 deadline 应返回 1，got=%d", got)
+	out, err := normalizeKingbaseAgentChangeSetByColumns(input, columns)
+	if err != nil {
+		t.Fatalf("normalizeKingbaseAgentChangeSetByColumns error: %v", err)
+	}
+
+	if _, ok := out.Inserts[0]["event_name"]; !ok {
+		t.Fatalf("expected insert to map \"event name\" -> \"event_name\"")
+	}
+	if _, ok := out.Inserts[0]["event name"]; ok {
+		t.Fatalf("unexpected insert key \"event name\" after normalization")
+	}
+	if _, ok := out.Updates[0].Values["event_name"]; !ok {
+		t.Fatalf("expected update values to map \"event name\" -> \"event_name\"")
+	}
+	if _, ok := out.Updates[0].Values["event name"]; ok {
+		t.Fatalf("unexpected update value key \"event name\" after normalization")
 	}
 }
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
@@ -14,8 +14,9 @@ import (
 )

 const (
-	envLogDir  = "GONAVI_LOG_DIR"
-	appDirName = "GoNavi"
+	envLogDir     = "GONAVI_LOG_DIR"
+	appHiddenDir  = ".GoNavi"
+	appLogDirName = "Logs"

 	logFileName         = "gonavi.log"
 	logRotateMaxBytes   = 10 * 1024 * 1024 // 10MB
@@ -37,7 +38,7 @@ func Init() {
 		defer logMu.Unlock()
 		logPath = path
 		logInst = log.New(out, "", log.Ldate|log.Ltime|log.Lmicroseconds)
-		logInst.Printf("[信息] 日志初始化完成，日志文件：%s", logPath)
+		logInst.Printf("[INFO] 日志初始化完成，日志文件：%s", logPath)
 	})
 }

@@ -62,15 +63,15 @@ func Close() {
 }

 func Infof(format string, args ...any) {
-	printf("信息", format, args...)
+	printf("INFO", format, args...)
 }

 func Warnf(format string, args ...any) {
-	printf("警告", format, args...)
+	printf("WARN", format, args...)
 }

 func Errorf(format string, args ...any) {
-	printf("错误", format, args...)
+	printf("ERROR", format, args...)
 }

 func Error(err error, format string, args ...any) {
@@ -115,37 +116,58 @@ func ErrorChain(err error) string {
 func printf(level string, format string, args ...any) {
 	Init()
 	logMu.Lock()
+	defer logMu.Unlock()
 	inst := logInst
-	logMu.Unlock()
 	if inst == nil {
 		return
 	}
 	inst.Printf("[%s] %s", level, fmt.Sprintf(format, args...))
+	if logFile != nil {
+		_ = logFile.Sync()
+	}
 }

 func initOutput() (string, io.Writer) {
 	dir := strings.TrimSpace(os.Getenv(envLogDir))
 	if dir == "" {
-		base, err := os.UserConfigDir()
-		if err != nil || strings.TrimSpace(base) == "" {
-			base = os.TempDir()
-		}
-		dir = filepath.Join(base, appDirName, "logs")
+		dir = defaultLogDir()
 	}

+	if path, writer, ok := openLogFile(dir); ok {
+		return path, writer
+	}
+
+	fallbackDir := filepath.Join(os.TempDir(), appHiddenDir, appLogDirName)
+	if path, writer, ok := openLogFile(fallbackDir); ok {
+		return path, writer
+	}
+
+	return "", os.Stderr
+}
+
+func defaultLogDir() string {
+	home, err := os.UserHomeDir()
+	if err != nil || strings.TrimSpace(home) == "" {
+		return filepath.Join(os.TempDir(), appHiddenDir, appLogDirName)
+	}
+	return filepath.Join(home, appHiddenDir, appLogDirName)
+}
+
+func openLogFile(dir string) (string, io.Writer, bool) {
+	if strings.TrimSpace(dir) == "" {
+		return "", nil, false
+	}
 	if err := os.MkdirAll(dir, 0o755); err != nil {
-		return filepath.Join(dir, logFileName), os.Stderr
+		return "", nil, false
 	}
-
 	path := filepath.Join(dir, logFileName)
 	rotateIfNeeded(path, dir)
-
 	f, err := os.OpenFile(path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0o644)
 	if err != nil {
-		return path, os.Stderr
+		return "", nil, false
 	}
 	logFile = f
-	return path, f
+	return path, f, true
 }

 func rotateIfNeeded(path, dir string) {
--- a/internal/redis/redis_impl.go
+++ b/internal/redis/redis_impl.go
@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net"
+	"net/url"
 	"strconv"
 	"strings"
 	"sync"
@@ -174,8 +175,31 @@ func (r *RedisClientImpl) toDisplayKey(key string) string {
 	return strings.TrimPrefix(key, prefix)
 }

+// sanitizeRedisPassword 对 Redis 密码进行防御性 URL 解码。
+// 当密码中包含 URL 编码序列（如 %40）时，尝试解码还原原始字符。
+// 这可以防止前端 URI 构建中 encodeURIComponent 编码后的密码被误传入。
+func sanitizeRedisPassword(password string) string {
+	if password == "" {
+		return password
+	}
+	// 仅当密码中包含 '%' 且后跟两位十六进制数字时，才尝试 URL 解码
+	if !strings.Contains(password, "%") {
+		return password
+	}
+	decoded, err := url.QueryUnescape(password)
+	if err != nil {
+		// 解码失败，使用原始密码
+		return password
+	}
+	if decoded != password {
+		logger.Warnf("Redis 密码检测到 URL 编码，已自动解码（原长度=%d 解码后长度=%d）", len(password), len(decoded))
+	}
+	return decoded
+}
+
 // Connect establishes a connection to Redis
 func (r *RedisClientImpl) Connect(config connection.ConnectionConfig) error {
+	config.Password = sanitizeRedisPassword(config.Password)
 	r.config = config
 	if r.config.RedisDB < 0 || r.config.RedisDB > 15 {
 		r.config.RedisDB = 0
--- a/internal/redis/redis_impl_test.go
+++ b/internal/redis/redis_impl_test.go
@@ -0,0 +1,81 @@
+package redis
+
+import "testing"
+
+func TestSanitizeRedisPassword(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "empty password",
+			input:    "",
+			expected: "",
+		},
+		{
+			name:     "plain password without special chars",
+			input:    "mypassword123",
+			expected: "mypassword123",
+		},
+		{
+			name:     "password with @ not encoded",
+			input:    "p@ssword",
+			expected: "p@ssword",
+		},
+		{
+			name:     "password with @ URL-encoded as %40",
+			input:    "p%40ssword",
+			expected: "p@ssword",
+		},
+		{
+			name:     "password with multiple encoded chars",
+			input:    "p%40ss%23word",
+			expected: "p@ss#word",
+		},
+		{
+			name:     "password with + encoded as %2B",
+			input:    "p%2Bss",
+			expected: "p+ss",
+		},
+		{
+			name:     "password that is purely encoded",
+			input:    "%40%23%24",
+			expected: "@#$",
+		},
+		{
+			name:     "password with invalid percent encoding",
+			input:    "p%ZZssword",
+			expected: "p%ZZssword",
+		},
+		{
+			name:     "password with trailing percent",
+			input:    "password%",
+			expected: "password%",
+		},
+		{
+			name:     "password with literal percent not encoding anything",
+			input:    "100%safe",
+			expected: "100%safe",
+		},
+		{
+			name:     "password with space encoded as %20",
+			input:    "my%20pass",
+			expected: "my pass",
+		},
+		{
+			name:     "complex password with mixed content",
+			input:    "P%40ss%23w0rd!",
+			expected: "P@ss#w0rd!",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := sanitizeRedisPassword(tt.input)
+			if result != tt.expected {
+				t.Errorf("sanitizeRedisPassword(%q) = %q, want %q", tt.input, result, tt.expected)
+			}
+		})
+	}
+}
--- a/internal/ssh/ssh.go
+++ b/internal/ssh/ssh.go
@@ -2,10 +2,13 @@ package ssh

 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"net"
 	"os"
+	"strconv"
 	"sync"
 	"time"

@@ -69,7 +72,7 @@ func connectSSH(config connection.SSHConfig) (*ssh.Client, error) {
 			}
 		}
 	}
-	
+
 	if config.Password != "" {
 		authMethods = append(authMethods, ssh.Password(config.Password))
 	}
@@ -105,7 +108,7 @@ func RegisterSSHNetwork(sshConfig connection.SSHConfig) (string, error) {
 	// Generate unique network name
 	netName := fmt.Sprintf("ssh_%s_%d", sshConfig.Host, time.Now().UnixNano())
 	logger.Infof("注册 SSH 网络：%s（地址=%s:%d 用户=%s）", netName, sshConfig.Host, sshConfig.Port, sshConfig.User)
-	
+
 	mysql.RegisterDialContext(netName, func(ctx context.Context, addr string) (net.Conn, error) {
 		return dialContext(ctx, client, "tcp", addr)
 	})
@@ -115,12 +118,58 @@ func RegisterSSHNetwork(sshConfig connection.SSHConfig) (string, error) {

 // sshClientCache stores SSH clients to avoid creating multiple connections
 var (
-	sshClientCache   = make(map[string]*ssh.Client)
+	sshClientCache   = make(map[sshClientCacheKey]*ssh.Client)
 	sshClientCacheMu sync.RWMutex
-	localForwarders  = make(map[string]*LocalForwarder)
+	localForwarders  = make(map[forwarderCacheKey]*LocalForwarder)
 	forwarderMu      sync.RWMutex
 )

+type sshClientCacheKey struct {
+	host string
+	port int
+	user string
+	auth string
+}
+
+type forwarderCacheKey struct {
+	ssh        sshClientCacheKey
+	remoteHost string
+	remotePort int
+}
+
+func sshAuthFingerprint(config connection.SSHConfig) string {
+	hasher := sha256.New()
+	_, _ = hasher.Write([]byte(config.Password))
+	_, _ = hasher.Write([]byte{0})
+	_, _ = hasher.Write([]byte(config.KeyPath))
+	if config.KeyPath != "" {
+		if st, err := os.Stat(config.KeyPath); err == nil {
+			_, _ = hasher.Write([]byte{0})
+			_, _ = hasher.Write([]byte(st.ModTime().UTC().Format(time.RFC3339Nano)))
+			_, _ = hasher.Write([]byte{0})
+			_, _ = hasher.Write([]byte(strconv.FormatInt(st.Size(), 10)))
+		} else {
+			_, _ = hasher.Write([]byte{0})
+			_, _ = hasher.Write([]byte("stat_err"))
+		}
+	}
+	sum := hasher.Sum(nil)
+	return hex.EncodeToString(sum[:8])
+}
+
+func newSSHClientCacheKey(config connection.SSHConfig) sshClientCacheKey {
+	return sshClientCacheKey{
+		host: config.Host,
+		port: config.Port,
+		user: config.User,
+		auth: sshAuthFingerprint(config),
+	}
+}
+
+func formatSSHClientKeyForLog(key sshClientCacheKey) string {
+	return fmt.Sprintf("%s:%d 用户=%s", key.host, key.port, key.user)
+}
+
 // LocalForwarder represents a local port forwarder through SSH
 type LocalForwarder struct {
 	LocalAddr  string
@@ -249,9 +298,13 @@ func (f *LocalForwarder) IsClosed() bool {

 // GetOrCreateLocalForwarder returns a cached forwarder or creates a new one
 func GetOrCreateLocalForwarder(sshConfig connection.SSHConfig, remoteHost string, remotePort int) (*LocalForwarder, error) {
-	key := fmt.Sprintf("%s:%d:%s->%s:%d",
-		sshConfig.Host, sshConfig.Port, sshConfig.User,
-		remoteHost, remotePort)
+	key := forwarderCacheKey{
+		ssh:        newSSHClientCacheKey(sshConfig),
+		remoteHost: remoteHost,
+		remotePort: remotePort,
+	}
+	logKey := fmt.Sprintf("%s:%d:%s->%s:%d",
+		sshConfig.Host, sshConfig.Port, sshConfig.User, remoteHost, remotePort)

 	forwarderMu.RLock()
 	forwarder, exists := localForwarders[key]
@@ -259,7 +312,7 @@ func GetOrCreateLocalForwarder(sshConfig connection.SSHConfig, remoteHost string

 	// Check if exists and is still valid
 	if exists && forwarder != nil && !forwarder.IsClosed() {
-		logger.Infof("复用已有端口转发：%s", key)
+		logger.Infof("复用已有端口转发：%s", logKey)
 		return forwarder, nil
 	}

@@ -287,24 +340,18 @@ func CloseAllForwarders() {
 	forwarderMu.Lock()
 	defer forwarderMu.Unlock()

-	for key, forwarder := range localForwarders {
+	for _, forwarder := range localForwarders {
 		if forwarder != nil {
 			_ = forwarder.Close()
-			logger.Infof("已关闭端口转发：%s", key)
+			logger.Infof("已关闭端口转发：本地 %s -> 远程 %s", forwarder.LocalAddr, forwarder.RemoteAddr)
 		}
 	}
-	localForwarders = make(map[string]*LocalForwarder)
-}
-
-
-// getSSHClientCacheKey generates a unique cache key for SSH config
-func getSSHClientCacheKey(config connection.SSHConfig) string {
-	return fmt.Sprintf("%s:%d:%s", config.Host, config.Port, config.User)
+	localForwarders = make(map[forwarderCacheKey]*LocalForwarder)
 }

 // GetOrCreateSSHClient returns a cached SSH client or creates a new one
 func GetOrCreateSSHClient(config connection.SSHConfig) (*ssh.Client, error) {
-	key := getSSHClientCacheKey(config)
+	key := newSSHClientCacheKey(config)

 	sshClientCacheMu.RLock()
 	client, exists := sshClientCache[key]
@@ -315,11 +362,11 @@ func GetOrCreateSSHClient(config connection.SSHConfig) (*ssh.Client, error) {
 		session, err := client.NewSession()
 		if err == nil {
 			session.Close()
-			logger.Infof("复用已有 SSH 连接：%s", key)
+			logger.Infof("复用已有 SSH 连接：%s", formatSSHClientKeyForLog(key))
 			return client, nil
 		}
 		// Connection is dead, remove from cache
-		logger.Warnf("SSH 连接已断开，重新建立：%s (错误: %v)", key, err)
+		logger.Warnf("SSH 连接已断开，重新建立：%s (错误: %v)", formatSSHClientKeyForLog(key), err)
 		sshClientCacheMu.Lock()
 		delete(sshClientCache, key)
 		sshClientCacheMu.Unlock()
@@ -338,7 +385,7 @@ func GetOrCreateSSHClient(config connection.SSHConfig) (*ssh.Client, error) {
 	sshClientCache[key] = client
 	sshClientCacheMu.Unlock()

-	logger.Infof("已缓存 SSH 连接：%s", key)
+	logger.Infof("已缓存 SSH 连接：%s", formatSSHClientKeyForLog(key))
 	return client, nil
 }

@@ -367,9 +414,8 @@ func CloseAllSSHClients() {
 	for key, client := range sshClientCache {
 		if client != nil {
 			_ = client.Close()
-			logger.Infof("已关闭 SSH 连接：%s", key)
+			logger.Infof("已关闭 SSH 连接：%s", formatSSHClientKeyForLog(key))
 		}
 	}
-	sshClientCache = make(map[string]*ssh.Client)
+	sshClientCache = make(map[sshClientCacheKey]*ssh.Client)
 }
-
--- a/internal/ssh/ssh_cache_key_test.go
+++ b/internal/ssh/ssh_cache_key_test.go
@@ -0,0 +1,46 @@
+package ssh
+
+import (
+	"testing"
+
+	"GoNavi-Wails/internal/connection"
+)
+
+func TestNewSSHClientCacheKey_DiffPassword(t *testing.T) {
+	a := newSSHClientCacheKey(connection.SSHConfig{
+		Host:     "127.0.0.1",
+		Port:     22,
+		User:     "root",
+		Password: "a",
+	})
+	b := newSSHClientCacheKey(connection.SSHConfig{
+		Host:     "127.0.0.1",
+		Port:     22,
+		User:     "root",
+		Password: "b",
+	})
+	if a == b {
+		t.Fatalf("expected different cache key when password differs")
+	}
+	if a.host != b.host || a.port != b.port || a.user != b.user {
+		t.Fatalf("expected host/port/user to stay identical")
+	}
+}
+
+func TestNewSSHClientCacheKey_DiffKeyPath(t *testing.T) {
+	a := newSSHClientCacheKey(connection.SSHConfig{
+		Host:    "127.0.0.1",
+		Port:    22,
+		User:    "root",
+		KeyPath: "/tmp/a.key",
+	})
+	b := newSSHClientCacheKey(connection.SSHConfig{
+		Host:    "127.0.0.1",
+		Port:    22,
+		User:    "root",
+		KeyPath: "/tmp/b.key",
+	})
+	if a == b {
+		t.Fatalf("expected different cache key when keyPath differs")
+	}
+}