diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 849884b54..db659cc56 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,15 +1,13 @@
-## 概述 Descriptions
+## Checklist / 检查清单
 
-<!-- 如果有关联的 issue，请在下面记载 -->
-<!-- Describe related issue(s) if any. -->
-<!-- close #xxx -->
+- [ ] Fixes mentioned issues / 修复已提及的问题
+- [ ] Code reviewed by human / 代码通过人工检查
+- [ ] Changes tested / 已完成测试
 
-## 变更内容 Changes
+## Description / 描述
 
-<!-- - 这个 PR 做了什么？ -->
-<!-- - What does this PR do? -->
+<!-- Description / PR 描述 -->
 
-### 截图 Screenshots
+## Screenshots / 截图
 
-<!-- 如果可以展示页面，请务必附上截图 -->
-<!-- If it can be illustrated, please provide a screenshot. -->
+<!-- Screenshots / 截图-->
diff --git a/.gitignore b/.gitignore
index bfb41a63c..143763ebb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,3 +39,5 @@ CLAUDE.md
 
 test-results
 playwright-report
+
+superpowers
diff --git a/packages/filesystem/factory.ts b/packages/filesystem/factory.ts
index bdeb26e16..99dfa5d0e 100644
--- a/packages/filesystem/factory.ts
+++ b/packages/filesystem/factory.ts
@@ -8,6 +8,7 @@ import ZipFileSystem from "./zip/zip";
 import S3FileSystem from "./s3/s3";
 import { t } from "@App/locales/locales";
 import LimiterFileSystem from "./limiter";
+import type { WebDAVClientOptions, OAuthToken } from "webdav";
 
 export type FileSystemType = "zip" | "webdav" | "baidu-netdsik" | "onedrive" | "googledrive" | "dropbox" | "s3";
 
@@ -16,18 +17,47 @@ export type FileSystemParams = {
     title: string;
     type?: "select" | "authorize" | "password";
     options?: string[];
+    visibilityFor?: string[];
+    minWidth?: string;
   };
 };
 
 export default class FileSystemFactory {
   static create(type: FileSystemType, params: any): Promise<FileSystem> {
     let fs: FileSystem;
+    let options;
     switch (type) {
       case "zip":
         fs = new ZipFileSystem(params);
         break;
       case "webdav":
-        fs = new WebDAVFileSystem(params.authType, params.url, params.username, params.password);
+        /*
+          Auto = "auto",
+          Digest = "digest", // 需要避免密码直接传输
+          None = "none", // 公开资源 / 自定义认证
+          Password = "password", // 普通 WebDAV 服务，需要确保 HTTPS / Nextcloud 生产环境
+          Token = "token" // OAuth2 / 现代云服务 / Nextcloud 生产环境
+        */
+        if (params.authType === "none") {
+          options = {
+            authType: params.authType,
+          } satisfies WebDAVClientOptions;
+        } else if (params.authType === "token") {
+          options = {
+            authType: params.authType,
+            token: {
+              token_type: "Bearer",
+              access_token: params.accessToken,
+            } satisfies OAuthToken,
+          } satisfies WebDAVClientOptions;
+        } else {
+          options = {
+            authType: params.authType || "auto", // UI 问题，有undefined机会。undefined等价于 password, 但此处用 webdav 本身的 auto 侦测算了
+            username: params.username,
+            password: params.password,
+          } satisfies WebDAVClientOptions;
+        }
+        fs = WebDAVFileSystem.fromCredentials(params.url, options);
         break;
       case "baidu-netdsik":
         fs = new BaiduFileSystem();
@@ -64,10 +94,12 @@ export default class FileSystemFactory {
           title: t("auth_type"),
           type: "select",
           options: ["password", "digest", "none", "token"],
+          minWidth: "140px",
         },
         url: { title: t("url") },
-        username: { title: t("username") },
-        password: { title: t("password"), type: "password" },
+        username: { title: t("username"), visibilityFor: ["password", "digest"] },
+        password: { title: t("password"), type: "password", visibilityFor: ["password", "digest"] },
+        accessToken: { title: t("access_token_bearer"), visibilityFor: ["token"] },
       },
       "baidu-netdsik": {},
       onedrive: {},
diff --git a/packages/filesystem/webdav/webdav.test.ts b/packages/filesystem/webdav/webdav.test.ts
new file mode 100644
index 000000000..cf389c0d0
--- /dev/null
+++ b/packages/filesystem/webdav/webdav.test.ts
@@ -0,0 +1,231 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import type { WebDAVClient } from "webdav";
+import { getPatcher } from "webdav";
+import WebDAVFileSystem from "./webdav";
+import { WarpTokenError } from "../error";
+
+/** 创建 mock WebDAVClient */
+function createMockClient(overrides?: Partial<WebDAVClient>): WebDAVClient {
+  return {
+    getQuota: vi.fn().mockResolvedValue({}),
+    getDirectoryContents: vi.fn().mockResolvedValue([]),
+    getFileContents: vi.fn().mockResolvedValue("content"),
+    putFileContents: vi.fn().mockResolvedValue(true),
+    createDirectory: vi.fn().mockResolvedValue(undefined),
+    deleteFile: vi.fn().mockResolvedValue(undefined),
+    ...overrides,
+  } as unknown as WebDAVClient;
+}
+
+/** 创建可测试的 WebDAVFileSystem 实例（替换 client 为 mock） */
+function createTestFS(mockClient: WebDAVClient, url = "https://dav.example.com"): WebDAVFileSystem {
+  const fs = WebDAVFileSystem.fromCredentials(url, {});
+  fs.client = mockClient;
+  return fs;
+}
+
+describe("WebDAVFileSystem", () => {
+  let mockClient: WebDAVClient;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockClient = createMockClient();
+  });
+
+  describe("initWebDAVPatch", () => {
+    it("应当通过 getPatcher 注册 fetch patch，设置 credentials 为 omit", () => {
+      // fromCredentials 内部调用 initWebDAVPatch，验证 patcher 已注册 fetch
+      WebDAVFileSystem.fromCredentials("https://dav.example.com", {});
+
+      const patcher = getPatcher();
+      // 验证 fetch 已被 patch（patcher 内部有 fetch 注册）
+      expect(patcher.isPatched("fetch")).toBe(true);
+    });
+  });
+
+  describe("fromCredentials", () => {
+    it("应当创建 WebDAVFileSystem 实例并设置 url 和 basePath", () => {
+      const fs = WebDAVFileSystem.fromCredentials("https://dav.example.com", {
+        authType: "password" as any,
+        username: "user",
+        password: "pass",
+      });
+
+      expect(fs).toBeInstanceOf(WebDAVFileSystem);
+      expect(fs.url).toBe("https://dav.example.com");
+      expect(fs.basePath).toBe("/");
+    });
+  });
+
+  describe("fromSameClient", () => {
+    it("应当复用已有 client 并设置新 basePath", () => {
+      const fs = createTestFS(mockClient);
+      const subFs = WebDAVFileSystem.fromSameClient(fs, "/subdir");
+
+      expect(subFs).toBeInstanceOf(WebDAVFileSystem);
+      expect(subFs.url).toBe("https://dav.example.com");
+      expect(subFs.basePath).toBe("/subdir");
+      expect(subFs.client).toBe(mockClient);
+    });
+  });
+
+  describe("verify", () => {
+    it("应当成功验证", async () => {
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.verify()).resolves.toBeUndefined();
+      expect(mockClient.getQuota).toHaveBeenCalled();
+    });
+
+    it("应当在 401 时抛出 WarpTokenError", async () => {
+      (mockClient.getQuota as ReturnType<typeof vi.fn>).mockRejectedValue({
+        response: { status: 401 },
+        message: "Unauthorized",
+      });
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.verify()).rejects.toBeInstanceOf(WarpTokenError);
+    });
+
+    it("应当在其他错误时抛出包含原始信息的 Error", async () => {
+      (mockClient.getQuota as ReturnType<typeof vi.fn>).mockRejectedValue({
+        message: "Network error",
+      });
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.verify()).rejects.toThrow("WebDAV verify failed: Network error");
+    });
+  });
+
+  describe("openDir", () => {
+    it("应当返回新实例并拼接路径", async () => {
+      const fs = createTestFS(mockClient);
+      const subFs = (await fs.openDir("docs")) as WebDAVFileSystem;
+
+      expect(subFs).toBeInstanceOf(WebDAVFileSystem);
+      expect(subFs.basePath).toBe("/docs");
+      expect(subFs.client).toBe(mockClient);
+    });
+
+    it("应当支持嵌套 openDir", async () => {
+      const fs = createTestFS(mockClient);
+      const sub1 = (await fs.openDir("a")) as WebDAVFileSystem;
+      const sub2 = (await sub1.openDir("b")) as WebDAVFileSystem;
+
+      expect(sub2.basePath).toBe("/a/b");
+    });
+  });
+
+  describe("createDir", () => {
+    it("应当调用 createDirectory", async () => {
+      const fs = createTestFS(mockClient);
+
+      await fs.createDir("new-folder");
+
+      expect(mockClient.createDirectory).toHaveBeenCalledWith("/new-folder");
+    });
+
+    it("应当在 405 错误时静默成功（目录已存在）", async () => {
+      (mockClient.createDirectory as ReturnType<typeof vi.fn>).mockRejectedValue({
+        response: { status: 405 },
+        message: "405 Method Not Allowed",
+      });
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.createDir("existing")).resolves.toBeUndefined();
+    });
+
+    it("应当在 message 包含 405 时也静默成功", async () => {
+      (mockClient.createDirectory as ReturnType<typeof vi.fn>).mockRejectedValue({
+        message: "Request failed with status code 405",
+      });
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.createDir("existing")).resolves.toBeUndefined();
+    });
+
+    it("应当在其他错误时抛出异常", async () => {
+      const err = new Error("Forbidden");
+      (mockClient.createDirectory as ReturnType<typeof vi.fn>).mockRejectedValue(err);
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.createDir("denied")).rejects.toThrow("Forbidden");
+    });
+  });
+
+  describe("delete", () => {
+    it("应当调用 deleteFile", async () => {
+      const fs = createTestFS(mockClient);
+
+      await fs.delete("test.txt");
+
+      expect(mockClient.deleteFile).toHaveBeenCalledWith("/test.txt");
+    });
+  });
+
+  describe("list", () => {
+    it("应当列出文件并过滤目录", async () => {
+      (mockClient.getDirectoryContents as ReturnType<typeof vi.fn>).mockResolvedValue([
+        {
+          type: "file",
+          basename: "test.txt",
+          lastmod: "2024-01-01T00:00:00Z",
+          etag: '"abc"',
+          size: 1024,
+        },
+        {
+          type: "directory",
+          basename: "subdir",
+          lastmod: "2024-01-01T00:00:00Z",
+          etag: "",
+          size: 0,
+        },
+      ]);
+      const fs = createTestFS(mockClient);
+
+      const files = await fs.list();
+
+      expect(files).toHaveLength(1);
+      expect(files[0]).toMatchObject({
+        name: "test.txt",
+        path: "/",
+        digest: '"abc"',
+        size: 1024,
+      });
+    });
+
+    it("应当在 404 时返回空数组", async () => {
+      (mockClient.getDirectoryContents as ReturnType<typeof vi.fn>).mockRejectedValue({
+        response: { status: 404 },
+      });
+      const fs = createTestFS(mockClient);
+
+      const files = await fs.list();
+      expect(files).toHaveLength(0);
+    });
+
+    it("应当在其他错误时抛出异常", async () => {
+      const err = new Error("Server Error");
+      (err as any).response = { status: 500 };
+      (mockClient.getDirectoryContents as ReturnType<typeof vi.fn>).mockRejectedValue(err);
+      const fs = createTestFS(mockClient);
+
+      await expect(fs.list()).rejects.toThrow("Server Error");
+    });
+  });
+
+  describe("getDirUrl", () => {
+    it("应当返回 url + basePath", async () => {
+      const fs = createTestFS(mockClient);
+      const subFs = (await fs.openDir("docs")) as WebDAVFileSystem;
+
+      expect(await subFs.getDirUrl()).toBe("https://dav.example.com/docs");
+    });
+
+    it("根路径应返回 url + /", async () => {
+      const fs = createTestFS(mockClient);
+
+      expect(await fs.getDirUrl()).toBe("https://dav.example.com/");
+    });
+  });
+});
diff --git a/packages/filesystem/webdav/webdav.ts b/packages/filesystem/webdav/webdav.ts
index a3dde3e86..10ea10b21 100644
--- a/packages/filesystem/webdav/webdav.ts
+++ b/packages/filesystem/webdav/webdav.ts
@@ -1,11 +1,28 @@
-import type { AuthType, FileStat, WebDAVClient } from "webdav";
-import { createClient } from "webdav";
+import type { FileStat, WebDAVClient, WebDAVClientOptions } from "webdav";
+import { createClient, getPatcher } from "webdav";
 import type FileSystem from "../filesystem";
 import type { FileInfo, FileCreateOptions, FileReader, FileWriter } from "../filesystem";
 import { joinPath } from "../utils";
 import { WebDAVFileReader, WebDAVFileWriter } from "./rw";
 import { WarpTokenError } from "../error";
 
+// 禁止 WebDAV 请求携带浏览器 cookies，只通过账号密码认证 (#1297)
+// 全局单次注册
+let patchInited = false;
+const initWebDAVPatch = () => {
+  if (patchInited) return;
+  patchInited = true;
+  return getPatcher().patch("fetch", (...args: unknown[]) => {
+    const options = (args[1] as RequestInit) || {};
+    const headers = new Headers((options.headers as HeadersInit) || {});
+    return fetch(args[0] as RequestInfo | URL, {
+      ...options,
+      headers,
+      credentials: "omit",
+    });
+  });
+};
+
 export default class WebDAVFileSystem implements FileSystem {
   client: WebDAVClient;
 
@@ -13,29 +30,36 @@ export default class WebDAVFileSystem implements FileSystem {
 
   basePath: string = "/";
 
-  constructor(authType: AuthType | WebDAVClient, url?: string, username?: string, password?: string) {
-    if (typeof authType === "object") {
-      this.client = authType;
-      this.basePath = joinPath(url || "");
-      this.url = username!;
-    } else {
-      this.url = url!;
-      this.client = createClient(url!, {
-        authType,
-        username,
-        password,
-      });
-    }
+  static fromCredentials(url: string, options: WebDAVClientOptions) {
+    initWebDAVPatch();
+    options = {
+      ...options,
+      headers: {
+        "X-Requested-With": "XMLHttpRequest", // Nextcloud 等需要
+        // "requesttoken": csrfToken,          // 按账号各自传入
+      },
+    };
+    return new WebDAVFileSystem(createClient(url, options), url, "/");
+  }
+
+  static fromSameClient(fs: WebDAVFileSystem, basePath: string) {
+    return new WebDAVFileSystem(fs.client, fs.url, basePath);
+  }
+
+  private constructor(client: WebDAVClient, url: string, basePath: string) {
+    this.client = client;
+    this.url = url;
+    this.basePath = basePath;
   }
 
   async verify(): Promise<void> {
     try {
       await this.client.getQuota();
     } catch (e: any) {
-      if (e.response && e.response.status === 401) {
+      if (e.response?.status === 401) {
         throw new WarpTokenError(e);
       }
-      throw new Error("verify failed");
+      throw new Error(`WebDAV verify failed: ${e.message}`); // 保留原始信息
     }
   }
 
@@ -44,7 +68,7 @@ export default class WebDAVFileSystem implements FileSystem {
   }
 
   async openDir(path: string): Promise<FileSystem> {
-    return new WebDAVFileSystem(this.client, joinPath(this.basePath, path), this.url);
+    return WebDAVFileSystem.fromSameClient(this, joinPath(this.basePath, path));
   }
 
   async create(path: string, _opts?: FileCreateOptions): Promise<FileWriter> {
@@ -56,7 +80,7 @@ export default class WebDAVFileSystem implements FileSystem {
       await this.client.createDirectory(joinPath(this.basePath, path));
     } catch (e: any) {
       // 如果是405错误,则忽略
-      if (e.message.includes("405")) {
+      if (e.response?.status === 405 || e.message?.includes("405")) {
         return;
       }
       throw e;
@@ -68,7 +92,13 @@ export default class WebDAVFileSystem implements FileSystem {
   }
 
   async list(): Promise<FileInfo[]> {
-    const dir = (await this.client.getDirectoryContents(this.basePath)) as FileStat[];
+    let dir: FileStat[];
+    try {
+      dir = (await this.client.getDirectoryContents(this.basePath)) as FileStat[];
+    } catch (e: any) {
+      if (e.response?.status === 404) return [] as FileInfo[]; // 目录不存在视为空
+      throw e;
+    }
     const ret: FileInfo[] = [];
     for (const item of dir) {
       if (item.type !== "file") {
diff --git a/packages/message/server.ts b/packages/message/server.ts
index e69e7f0e7..f46347709 100644
--- a/packages/message/server.ts
+++ b/packages/message/server.ts
@@ -104,6 +104,19 @@ type ApiFunction = (params: any, con: IGetSender) => Promise<any> | any | void;
 type ApiFunctionSync = (params: any, con: IGetSender) => any;
 type MiddlewareFunction = (params: any, con: IGetSender, next: () => Promise<any> | any) => Promise<any> | any;
 
+const formatErrorToClient = (e: any) => {
+  if (!e) return `${e}`;
+  if (typeof e?.message === "string") return e.message;
+  if (typeof e === "object") {
+    try {
+      return JSON.stringify(e);
+    } catch {
+      // ignored
+    }
+  }
+  return e.toString();
+};
+
 export class Server {
   private apiFunctionMap: Map<string, ApiFunction> = new Map();
 
@@ -159,7 +172,7 @@ export class Server {
               data && con.sendMessage({ code: 0, data });
             })
             .catch((e: Error) => {
-              con.sendMessage({ code: -1, message: e.message || e.toString() });
+              con.sendMessage({ code: -1, message: formatErrorToClient(e) });
               this.logger.error("connectHandle error", Logger.E(e));
             });
           return true;
@@ -191,7 +204,7 @@ export class Server {
               }
             })
             .catch((e: Error) => {
-              sendResponse({ code: -1, message: e.message || e.toString() });
+              sendResponse({ code: -1, message: formatErrorToClient(e) });
               this.logger.error("messageHandle error", Logger.E(e));
             });
           return true;
@@ -199,7 +212,7 @@ export class Server {
           sendResponse({ code: 0, data: ret });
         }
       } catch (e: any) {
-        sendResponse({ code: -1, message: e.message || e.toString() });
+        sendResponse({ code: -1, message: formatErrorToClient(e) });
         this.logger.error("messageHandle error", Logger.E(e));
       }
     } else {
diff --git a/src/locales/ach-UG/translation.json b/src/locales/ach-UG/translation.json
index e6f3850b5..e72aa1844 100644
--- a/src/locales/ach-UG/translation.json
+++ b/src/locales/ach-UG/translation.json
@@ -73,7 +73,7 @@
   "deleting": "crwdns8020:0crwdne8020:0",
   "backup_strategy": "crwdns8022:0crwdne8022:0",
   "under_construction": "crwdns8024:0crwdne8024:0",
-  "development_debugging": "crwdns8026:0crwdne8026:0",
+  "development_tool": "crwdns8026:0crwdne8026:0",
   "vscode_url": "crwdns8028:0crwdne8028:0",
   "auto_connect_vscode_service": "crwdns8030:0crwdne8030:0",
   "connect": "crwdns8032:0crwdne8032:0",
@@ -378,6 +378,7 @@
   "url": "crwdns8544:0crwdne8544:0",
   "username": "crwdns8546:0crwdne8546:0",
   "password": "crwdns8548:0crwdne8548:0",
+  "access_token_bearer": "Access Token (Bearer)",
   "s3_bucket_name": "Bucket Name",
   "s3_region": "Region",
   "s3_access_key_id": "Access Key ID",
diff --git a/src/locales/de-DE/translation.json b/src/locales/de-DE/translation.json
index 9df67cfd8..396f65f73 100644
--- a/src/locales/de-DE/translation.json
+++ b/src/locales/de-DE/translation.json
@@ -74,7 +74,7 @@
   "deleting": "Wird gelöscht",
   "backup_strategy": "Sicherungsstrategie",
   "under_construction": "Im Aufbau",
-  "development_debugging": "Entwicklungsdebugging",
+  "development_tool": "Entwicklungstool",
   "vscode_url": "VSCode-Adresse",
   "auto_connect_vscode_service": "Automatisch mit VSCode-Service verbinden",
   "connect": "Verbinden",
@@ -387,6 +387,7 @@
   "url": "URL",
   "username": "Benutzername",
   "password": "Passwort",
+  "access_token_bearer": "Zugriffstoken (Bearer)",
   "s3_bucket_name": "Bucket-Name",
   "s3_region": "Region",
   "s3_access_key_id": "Zugriffs-Schlüssel-ID",
diff --git a/src/locales/en-US/translation.json b/src/locales/en-US/translation.json
index 9769ef7f7..4068a909e 100644
--- a/src/locales/en-US/translation.json
+++ b/src/locales/en-US/translation.json
@@ -74,7 +74,7 @@
   "deleting": "Deleting",
   "backup_strategy": "Backup Strategy",
   "under_construction": "Under Construction",
-  "development_debugging": "Development Debugging",
+  "development_tool": "Development Tool",
   "vscode_url": "VSCode URL",
   "auto_connect_vscode_service": "Auto Connect VSCode Service",
   "connect": "Connect",
@@ -387,6 +387,7 @@
   "url": "URL",
   "username": "Username",
   "password": "Password",
+  "access_token_bearer": "Access Token (Bearer)",
   "s3_bucket_name": "Bucket Name",
   "s3_region": "Region",
   "s3_access_key_id": "Access Key ID",
diff --git a/src/locales/ja-JP/translation.json b/src/locales/ja-JP/translation.json
index 823949c52..379ecf612 100644
--- a/src/locales/ja-JP/translation.json
+++ b/src/locales/ja-JP/translation.json
@@ -74,7 +74,7 @@
   "deleting": "削除中",
   "backup_strategy": "バックアップ戦略",
   "under_construction": "建設中",
-  "development_debugging": "開発デバッグ",
+  "development_tool": "開発ツール",
   "vscode_url": "VSCodeアドレス",
   "auto_connect_vscode_service": "VSCodeサービスに自動接続",
   "connect": "接続",
@@ -387,6 +387,7 @@
   "url": "URL",
   "username": "ユーザー名",
   "password": "パスワード",
+  "access_token_bearer": "アクセストークン（Bearer）",
   "s3_bucket_name": "バケット名",
   "s3_region": "リージョン",
   "s3_access_key_id": "アクセスキーID",
diff --git a/src/locales/ru-RU/translation.json b/src/locales/ru-RU/translation.json
index 1b6b72973..aaf8c51dc 100644
--- a/src/locales/ru-RU/translation.json
+++ b/src/locales/ru-RU/translation.json
@@ -74,7 +74,7 @@
   "deleting": "Удаление",
   "backup_strategy": "Стратегия резервного копирования",
   "under_construction": "В разработке",
-  "development_debugging": "Отладка разработки",
+  "development_tool": "Инструмент разработки",
   "vscode_url": "Адрес VSCode",
   "auto_connect_vscode_service": "Автоматически подключаться к службе VSCode",
   "connect": "Подключить",
@@ -387,6 +387,7 @@
   "url": "URL",
   "username": "Имя пользователя",
   "password": "Пароль",
+  "access_token_bearer": "Токен доступа (Bearer)",
   "s3_bucket_name": "Имя корзины",
   "s3_region": "Регион",
   "s3_access_key_id": "Идентификатор ключа доступа",
diff --git a/src/locales/vi-VN/translation.json b/src/locales/vi-VN/translation.json
index c69cb10be..ebbcd8626 100644
--- a/src/locales/vi-VN/translation.json
+++ b/src/locales/vi-VN/translation.json
@@ -74,7 +74,7 @@
   "deleting": "Đang xóa",
   "backup_strategy": "Chiến lược sao lưu",
   "under_construction": "Đang xây dựng",
-  "development_debugging": "Gỡ lỗi phát triển",
+  "development_tool": "Công cụ phát triển",
   "vscode_url": "Url vscode",
   "auto_connect_vscode_service": "Tự động kết nối dịch vụ vscode",
   "connect": "Kết nối",
@@ -387,6 +387,7 @@
   "url": "Url",
   "username": "Tên người dùng",
   "password": "Mật khẩu",
+  "access_token_bearer": "Mã truy cập (Bearer)",
   "s3_bucket_name": "Tên Bucket",
   "s3_region": "Vùng",
   "s3_access_key_id": "ID Khóa Truy Cập",
diff --git a/src/locales/zh-CN/translation.json b/src/locales/zh-CN/translation.json
index 1267d3472..99377ea67 100644
--- a/src/locales/zh-CN/translation.json
+++ b/src/locales/zh-CN/translation.json
@@ -74,7 +74,7 @@
   "deleting": "删除中",
   "backup_strategy": "备份策略",
   "under_construction": "建设中",
-  "development_debugging": "开发调试",
+  "development_tool": "开发工具",
   "vscode_url": "VSCode地址",
   "auto_connect_vscode_service": "自动连接vscode服务",
   "connect": "连接",
@@ -387,6 +387,7 @@
   "url": "URL",
   "username": "用户名",
   "password": "密码",
+  "access_token_bearer": "访问令牌（Bearer）",
   "s3_bucket_name": "存储桶名称",
   "s3_region": "区域",
   "s3_access_key_id": "访问密钥 ID",
diff --git a/src/locales/zh-TW/translation.json b/src/locales/zh-TW/translation.json
index a56ddd57e..65e6af433 100644
--- a/src/locales/zh-TW/translation.json
+++ b/src/locales/zh-TW/translation.json
@@ -74,7 +74,7 @@
   "deleting": "刪除中",
   "backup_strategy": "備份策略",
   "under_construction": "建設中",
-  "development_debugging": "開發除錯",
+  "development_tool": "開發工具",
   "vscode_url": "VSCode網址",
   "auto_connect_vscode_service": "自動連接VSCode服務",
   "connect": "連接",
@@ -387,6 +387,7 @@
   "url": "網址",
   "username": "使用者名稱",
   "password": "密碼",
+  "access_token_bearer": "存取權杖（Bearer）",
   "s3_bucket_name": "儲存貯體名稱",
   "s3_region": "區域",
   "s3_access_key_id": "存取金鑰 ID",
diff --git a/src/pages/components/FileSystemParams/index.tsx b/src/pages/components/FileSystemParams/index.tsx
index ebf74473a..2cec8cfb9 100644
--- a/src/pages/components/FileSystemParams/index.tsx
+++ b/src/pages/components/FileSystemParams/index.tsx
@@ -65,6 +65,7 @@ const FileSystemParams: React.FC<{
   ];
 
   const netDiskName = netDiskType ? fileSystemList.find((item) => item.key === fileSystemType)?.name : null;
+  const fsParam = fsParams[fileSystemType];
 
   return (
     <>
@@ -110,58 +111,66 @@ const FileSystemParams: React.FC<{
           marginTop: 4,
         }}
       >
-        {Object.keys(fsParams[fileSystemType]).map((key) => (
-          <div key={key}>
-            {fsParams[fileSystemType][key].type === "select" && (
-              <>
-                <span>{fsParams[fileSystemType][key].title}</span>
-                <Select
-                  value={fileSystemParams[key] || fsParams[fileSystemType][key].options![0]}
-                  onChange={(value) => {
-                    onChangeFileSystemParams({
-                      ...fileSystemParams,
-                      [key]: value,
-                    });
-                  }}
-                >
-                  {fsParams[fileSystemType][key].options!.map((option) => (
-                    <Select.Option value={option} key={option}>
-                      {option}
-                    </Select.Option>
-                  ))}
-                </Select>
-              </>
-            )}
-            {fsParams[fileSystemType][key].type === "password" && (
-              <>
-                <span>{fsParams[fileSystemType][key].title}</span>
-                <Input.Password
-                  value={fileSystemParams[key]}
-                  onChange={(value) => {
-                    onChangeFileSystemParams({
-                      ...fileSystemParams,
-                      [key]: value,
-                    });
-                  }}
-                />
-              </>
-            )}
-            {!fsParams[fileSystemType][key].type && (
-              <>
-                <span>{fsParams[fileSystemType][key].title}</span>
-                <Input
-                  value={fileSystemParams[key]}
-                  onChange={(value) => {
-                    onChangeFileSystemParams({
-                      ...fileSystemParams,
-                      [key]: value,
-                    });
-                  }}
-                />
-              </>
-            )}
-          </div>
-        ))}
+        {Object.keys(fsParam).map((key) => {
+          const props = fsParam[key];
+          const selectAuth = fsParam?.authType?.options?.[0]; // webDAV
+          if (selectAuth && props?.visibilityFor?.includes(fileSystemParams?.authType || selectAuth) === false) {
+            return null;
+          }
+          return (
+            <div key={key}>
+              {props.type === "select" && (
+                <>
+                  <span>{props.title}</span>
+                  <Select
+                    value={fileSystemParams[key] || props.options![0]}
+                    onChange={(value) => {
+                      onChangeFileSystemParams({
+                        ...fileSystemParams,
+                        [key]: value,
+                      });
+                    }}
+                    style={{ minWidth: props.minWidth }}
+                  >
+                    {props.options!.map((option) => (
+                      <Select.Option value={option} key={option}>
+                        {option}
+                      </Select.Option>
+                    ))}
+                  </Select>
+                </>
+              )}
+              {props.type === "password" && (
+                <>
+                  <span>{props.title}</span>
+                  <Input.Password
+                    value={fileSystemParams[key]}
+                    onChange={(value) => {
+                      onChangeFileSystemParams({
+                        ...fileSystemParams,
+                        [key]: value,
+                      });
+                    }}
+                  />
+                </>
+              )}
+              {!props.type && (
+                <>
+                  <span>{props.title}</span>
+                  <Input
+                    value={fileSystemParams[key]}
+                    onChange={(value) => {
+                      onChangeFileSystemParams({
+                        ...fileSystemParams,
+                        [key]: value,
+                      });
+                    }}
+                  />
+                </>
+              )}
+            </div>
+          );
+        })}
       </Space>
     </>
   );
diff --git a/src/pages/install/App.tsx b/src/pages/install/App.tsx
index 6bbb48d51..efea71d29 100644
--- a/src/pages/install/App.tsx
+++ b/src/pages/install/App.tsx
@@ -67,7 +67,6 @@ const fetchScriptBody = async (url: string, { onProgress }: { [key: string]: any
   const response = await fetch(url, {
     headers: {
       "Cache-Control": "no-cache",
-      Accept: "text/javascript,application/javascript,text/plain,application/octet-stream,application/force-download",
       // 参考：加权 Accept-Encoding 值说明
       // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Encoding#weighted_accept-encoding_values
       "Accept-Encoding": "br;q=1.0, gzip;q=0.8, *;q=0.1",
@@ -83,10 +82,6 @@ const fetchScriptBody = async (url: string, { onProgress }: { [key: string]: any
   if (!response.body || !response.headers) {
     throw new Error("No response body or headers");
   }
-  if (response.headers.get("content-type")?.includes("text/html")) {
-    throw new Error("Response is text/html, not a valid UserScript");
-  }
-
   const reader = response.body.getReader();
 
   // 读取数据
diff --git a/src/pages/options/routes/Tools.tsx b/src/pages/options/routes/Tools.tsx
index aa844e504..b55d0265a 100644
--- a/src/pages/options/routes/Tools.tsx
+++ b/src/pages/options/routes/Tools.tsx
@@ -286,7 +286,7 @@ function Tools() {
         <Card
           title={
             <>
-              <span>{t("development_debugging")}</span>
+              <span>{t("development_tool")}</span>
               <Button
                 type="text"
                 style={{
diff --git a/src/pkg/config/config.test.ts b/src/pkg/config/config.test.ts
new file mode 100644
index 000000000..b4e18c390
--- /dev/null
+++ b/src/pkg/config/config.test.ts
@@ -0,0 +1,159 @@
+import { describe, expect, it, beforeEach } from "vitest";
+import { SystemConfig } from "./config";
+import { MessageQueue } from "@Packages/message/message_queue";
+
+describe("SystemConfig 双 storage 与懒迁移", () => {
+  let mq: MessageQueue;
+  let config: SystemConfig;
+
+  beforeEach(() => {
+    // 清空 storage 数据
+    chrome.storage.sync.clear();
+    chrome.storage.local.clear();
+    mq = new MessageQueue();
+    config = new SystemConfig(mq);
+  });
+
+  describe("local key 读写", () => {
+    it("cloud_sync 应写入 local storage 而非 sync", async () => {
+      const cloudSync = {
+        enable: true,
+        syncDelete: false,
+        syncStatus: true,
+        filesystem: "onedrive" as const,
+        params: { token: "test" },
+      };
+      config.setCloudSync(cloudSync);
+
+      const result = await config.getCloudSync();
+      expect(result).toEqual(cloudSync);
+
+      // 验证值在 local 中
+      const localData = await chrome.storage.local.get("system_cloud_sync");
+      expect(localData["system_cloud_sync"]).toEqual(cloudSync);
+
+      // 验证值不在 sync 中
+      const syncData = await chrome.storage.sync.get("system_cloud_sync");
+      expect(syncData["system_cloud_sync"]).toBeUndefined();
+    });
+
+    it("language 应写入 local storage", async () => {
+      config.setLanguage("zh-CN");
+
+      // 通过 storage 验证写入位置
+      const localData = await chrome.storage.local.get("system_language");
+      expect(localData["system_language"]).toBe("zh-CN");
+
+      const syncData = await chrome.storage.sync.get("system_language");
+      expect(syncData["system_language"]).toBeUndefined();
+    });
+
+    it("vscode_url 应写入 local storage", async () => {
+      config.setVscodeUrl("ws://localhost:9999");
+
+      const localData = await chrome.storage.local.get("system_vscode_url");
+      expect(localData["system_vscode_url"]).toBe("ws://localhost:9999");
+
+      const syncData = await chrome.storage.sync.get("system_vscode_url");
+      expect(syncData["system_vscode_url"]).toBeUndefined();
+    });
+
+    it("enable_script 应写入 local storage", async () => {
+      config.setEnableScript(false);
+
+      const localData = await chrome.storage.local.get("system_enable_script");
+      expect(localData["system_enable_script"]).toBe(false);
+
+      const syncData = await chrome.storage.sync.get("system_enable_script");
+      expect(syncData["system_enable_script"]).toBeUndefined();
+    });
+  });
+
+  describe("sync key 读写", () => {
+    it("check_script_update_cycle 应写入 sync storage", async () => {
+      config.setCheckScriptUpdateCycle(3600);
+
+      const syncData = await chrome.storage.sync.get("system_check_script_update_cycle");
+      expect(syncData["system_check_script_update_cycle"]).toBe(3600);
+
+      const localData = await chrome.storage.local.get("system_check_script_update_cycle");
+      expect(localData["system_check_script_update_cycle"]).toBeUndefined();
+    });
+
+    it("enable_eslint 应写入 sync storage", async () => {
+      config.setEnableEslint(false);
+
+      const syncData = await chrome.storage.sync.get("system_enable_eslint");
+      expect(syncData["system_enable_eslint"]).toBe(false);
+
+      const localData = await chrome.storage.local.get("system_enable_eslint");
+      expect(localData["system_enable_eslint"]).toBeUndefined();
+    });
+  });
+
+  describe("懒迁移：sync → local", () => {
+    it("local key 的旧数据应从 sync 迁移到 local", async () => {
+      // 模拟旧版本数据在 sync 中
+      const oldCloudSync = {
+        enable: true,
+        syncDelete: false,
+        syncStatus: true,
+        filesystem: "webdav" as const,
+        params: { url: "https://example.com" },
+      };
+      await chrome.storage.sync.set({ system_cloud_sync: oldCloudSync });
+
+      // 读取时应自动迁移
+      const result = await config.getCloudSync();
+      expect(result).toEqual(oldCloudSync);
+
+      // 验证已迁移到 local
+      const localData = await chrome.storage.local.get("system_cloud_sync");
+      expect(localData["system_cloud_sync"]).toEqual(oldCloudSync);
+
+      // 验证已从 sync 中删除
+      const syncData = await chrome.storage.sync.get("system_cloud_sync");
+      expect(syncData["system_cloud_sync"]).toBeUndefined();
+    });
+
+    it("local 有值时不应回退到 sync", async () => {
+      const localValue = "zh-CN";
+      const syncValue = "en-US";
+      await chrome.storage.local.set({ system_language: localValue });
+      await chrome.storage.sync.set({ system_language: syncValue });
+
+      const result = await config.getLanguage();
+      expect(result).toBe(localValue);
+
+      // sync 中的值不应被删除（因为 local 有值，不触发迁移）
+      const syncData = await chrome.storage.sync.get("system_language");
+      expect(syncData["system_language"]).toBe(syncValue);
+    });
+
+    it("sync 和 local 都没有值时返回默认值", async () => {
+      const result = await config.getCloudSync();
+      expect(result).toEqual({
+        enable: false,
+        syncDelete: false,
+        syncStatus: true,
+        filesystem: "webdav",
+        params: {},
+      });
+    });
+
+    it("迁移后再次读取应走缓存", async () => {
+      await chrome.storage.sync.set({ system_vscode_url: "ws://old:8642" });
+
+      // 第一次读取触发迁移
+      const first = await config.getVscodeUrl();
+      expect(first).toBe("ws://old:8642");
+
+      // 修改 local storage（模拟外部写入），验证缓存生效
+      await chrome.storage.local.set({ system_vscode_url: "ws://new:9999" });
+
+      // 第二次读取应返回缓存值
+      const second = await config.getVscodeUrl();
+      expect(second).toBe("ws://old:8642");
+    });
+  });
+});
diff --git a/src/pkg/config/config.ts b/src/pkg/config/config.ts
index 4215fb516..73e075b94 100644
--- a/src/pkg/config/config.ts
+++ b/src/pkg/config/config.ts
@@ -8,6 +8,7 @@ import { ExtVersion } from "@App/app/const";
 import defaultTypeDefinition from "@App/template/scriptcat.d.tpl";
 import { toCamelCase } from "../utils/utils";
 import EventEmitter from "eventemitter3";
+import { STORAGE_LOCAL_KEYS } from "./consts";
 
 export const SystemConfigChange = "systemConfigChange";
 
@@ -73,7 +74,19 @@ export type SystemConfigValueType<K extends SystemConfigKey> =
 export class SystemConfig {
   private readonly cache = new Map<string, any>();
 
-  private readonly storage = new ChromeStorage("system", true);
+  // 跨设备同步的配置项，使用 chrome.storage.sync
+  private readonly syncStorage = new ChromeStorage("system", true);
+  // 设备相关的配置项，使用 chrome.storage.local（不跨设备同步）
+  private readonly localStorage = new ChromeStorage("system", false);
+
+  private isLocalKey(key: string): boolean {
+    return STORAGE_LOCAL_KEYS.has(key);
+  }
+
+  // 获取 key 对应的主 storage
+  private getStorage(key: string): ChromeStorage {
+    return this.isLocalKey(key) ? this.localStorage : this.syncStorage;
+  }
 
   private EE: EventEmitter<string> = new EventEmitter<string>();
 
@@ -108,21 +121,47 @@ export class SystemConfig {
     return this.addListener(key, callback);
   }
 
+  private resolveDefault<T>(defaultValue: WithAsyncValue<Exclude<T, undefined>>): T | Promise<T> {
+    //@ts-ignore
+    return (defaultValue?.asyncValue?.() || defaultValue) as T | Promise<T>;
+  }
+
+  private async transferSyncToLocal<T>(
+    key: SystemConfigKey,
+    defaultValue: WithAsyncValue<Exclude<T, undefined>>
+  ): Promise<T> {
+    const syncVal = await this.syncStorage.get(key);
+    if (syncVal === undefined) {
+      this.cache.set(key, undefined);
+      return this.resolveDefault<T>(defaultValue);
+    }
+    // 迁移到 local storage 并从 sync 中删除
+    await this.syncStorage.remove(key); // 先删除
+    await this.localStorage.set(key, syncVal); // 删除成功后储回本地
+    this.cache.set(key, syncVal);
+    return syncVal as T;
+  }
+
   private _get<T extends string | number | boolean | object>(
     key: SystemConfigKey,
     defaultValue: WithAsyncValue<Exclude<T, undefined>>
   ): Promise<T> {
     if (this.cache.has(key)) {
-      let val = this.cache.get(key);
-      //@ts-ignore
-      val = (val === undefined ? defaultValue?.asyncValue?.() || defaultValue : val) as T | Promise<T>;
-      return Promise.resolve(val);
+      const val = this.cache.get(key);
+      return Promise.resolve(val === undefined ? this.resolveDefault<T>(defaultValue) : (val as T));
     }
-    return this.storage.get(key).then((val) => {
+    const storage = this.getStorage(key);
+    return storage.get(key).then((val) => {
+      if (val !== undefined) {
+        this.cache.set(key, val);
+        return val as T;
+      }
+      // 对 local key，回退读取 sync storage（兼容旧版本数据迁移）
+      if (this.isLocalKey(key)) {
+        return this.transferSyncToLocal<T>(key, defaultValue);
+      }
       this.cache.set(key, val);
-      //@ts-ignore
-      val = (val === undefined ? defaultValue?.asyncValue?.() || defaultValue : val) as T | Promise<T>;
-      return val;
+      return this.resolveDefault<T>(defaultValue);
     });
   }
 
@@ -150,29 +189,25 @@ export class SystemConfig {
 
   private _set<T extends SystemConfigKey>(key: T, value: SystemConfigValueType<T> | undefined) {
     const prev = this.cache.get(key);
+    const storage = this.getStorage(key);
+    let asyncOp;
     if (value === undefined) {
       this.cache.delete(key);
-      this.storage.remove(key);
+      asyncOp = storage.remove(key);
     } else {
       this.cache.set(key, value);
-      this.storage.set(key, value);
+      asyncOp = storage.set(key, value);
     }
-    // 发送消息通知更新
-    this.mq.publish<TKeyValue<T>>(SystemConfigChange, {
-      key,
-      value,
-      prev,
+    asyncOp.then(() => {
+      // 发送消息通知更新
+      this.mq.publish<TKeyValue<T>>(SystemConfigChange, {
+        key,
+        value,
+        prev,
+      });
     });
   }
 
-  public getChangetime() {
-    return this._get<number>("changetime", 0);
-  }
-
-  public setChangetime(n: number) {
-    this._set("changetime", n);
-  }
-
   defaultCheckScriptUpdateCycle() {
     return 86400;
   }
diff --git a/src/pkg/config/consts.ts b/src/pkg/config/consts.ts
new file mode 100644
index 000000000..6fa6bf5db
--- /dev/null
+++ b/src/pkg/config/consts.ts
@@ -0,0 +1,14 @@
+// 设备相关的配置项，存储在 chrome.storage.local 而非 sync
+// 这些配置不应跨设备同步（如云同步认证、VSCode 连接、UI 布局等）
+export const STORAGE_LOCAL_KEYS: Set<string> = new Set([
+  "cloud_sync", // 云同步配置（token 存在本地，不应跨设备同步）
+  "backup", // 备份配置（含设备相关 filesystem params）
+  "cat_file_storage", // CAT 文件存储配置
+  "vscode_url", // VSCode 连接地址（设备相关）
+  "vscode_reconnect", // VSCode 自动重连
+  "language", // 语言偏好（可能因设备不同）
+  "script_list_column_width", // UI 列宽（取决于屏幕尺寸）
+  "check_update", // 扩展更新通知及已读状态（各设备已读状态独立）
+  "enable_script", // 全局脚本开关（设备独立）
+  "enable_script_incognito", // 隐身模式开关（浏览器级别）
+]);