diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
index 76e8f3bea..4fd42ee90 100644
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -16,17 +16,18 @@ env:
   # Define Open-IM-Server variables here
   OPEN_IM_SERVER_ORGANIZATION: openim-sigs
   OPEN_IM_SERVER_REPOSITORY: cla
+
   OPEN_IM_SERVER_CLA_DOCUMENT: https://github.com/openim-sigs/cla/blob/main/README.md
-  OPEN_IM_SERVER_SIGNATURES_PATH: signatures/cla/cla.json
+  OPEN_IM_SERVER_SIGNATURES_PATH: signatures/openkf/cla.json
   OPEN_IM_SERVER_ALLOWLIST: kubbot,bot*
-  OPEN_IM_SERVER_REMOTE_ORGANIZATION: openim-sigs
+  OPEN_IM_SERVER_REMOTE_ORGANIZATION: openkf
 
 jobs:
   CLAAssistant:
     runs-on: ubuntu-latest
     steps:
       - name: "CLA Assistant"
-        if: (github.event.comment.body == '/recheck' || github.event.comment.body == '/cla' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
         uses: contributor-assistant/github-action@v2.3.0
         env:
           GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
@@ -41,6 +42,6 @@ jobs:
           create-file-commit-message: 'Docs: Creating file for storing ${{ env.OPEN_IM_SERVER_ORGANIZATION }} CLA Signatures'
           custom-notsigned-prcomment: '💕 Thank you for your contribution and please kindly read and sign our ${{ env.OPEN_IM_SERVER_CLA_DOCUMENT }}'
           custom-pr-sign-comment: 'The signature to be committed in order to sign ${{ env.OPEN_IM_SERVER_ORGANIZATION }} the CLA'
-          custom-allsigned-prcomment: '**🤖 All Contributors have signed the ${{ env.OPEN_IM_SERVER_ORGANIZATION }} [CLA](https://github.com/openim-sigs/cla/blob/main/README.md).'
+          custom-allsigned-prcomment: '🤖 All Contributors have signed the ${{ env.OPEN_IM_SERVER_ORGANIZATION }} [CLA](https://github.com/openim-sigs/cla/blob/main/README.md).'
         #   lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
         #   use-dco-flag: true - If you are using DCO instead of CLA
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 000000000..3fbad1e5f
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,45 @@
+name: deploy for dev
+
+on:
+    push:
+        branches:
+            - 'devops' # Only for the dev branch
+        paths:
+            - '.github/workflows/*'
+            # - '__test__/**' # dev No immediate testing is required
+            - 'src/**'
+            - 'Dockerfile'
+            - 'docker-compose.yml'
+            - 'bin/*'
+
+jobs:
+    deploy-dev:
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@v2
+            - name: set ssh key # Temporarily set up ssh key
+              run: |
+                  mkdir -p ~/.ssh/
+                  # secrets.WFP_ID_RSA set in GitHub
+                  echo "${{secrets.WFP_ID_RSA}}" > ~/.ssh/id_rsa
+                  chmod 600 ~/.ssh/id_rsa
+                  ssh-keyscan "182.92.xxx.xxx" >> ~/.ssh/known_hosts
+            - name: deploy # Deployment
+              run: |
+                  ssh work@182.92.xxx.xxx "
+                    # 【Attention】Log in with the 'work' account, manually create /home/work/imooc-lego directory
+                    # Then git clone https://username:password@github.com/imooc-lego/biz-editor-server.git -b dev (private repository, use GitHub username and password)
+                    # Remember to delete origin to avoid exposing GitHub password
+
+                    cd /home/work/imooc-lego/biz-editor-server;
+                    git remote add origin https://openimbot:${{secrets.WFP_PASSWORD}}@github.com/OpenIMSDK/open-im-server.git;
+                    git checkout dev;
+                    git pull origin dev; # Download the latest code again
+                    git remote remove origin; # Remove origin to avoid exposing GitHub password
+                    # Start docker
+                    docker-compose build editor-server; # Same as the service name in docker-compose.yml
+                    docker-compose up -d;
+                  "
+            - name: delete ssh key # Delete ssh key
+              run: rm -rf ~/.ssh/id_rsa
diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index 70eef61e5..c95afb845 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -12,7 +12,7 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
-      - uses: actions/dependency-review-action@v3
-        with:
-          allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
\ No newline at end of file
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index f6ddcedab..65ef50065 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -5,7 +5,7 @@ name: OpenIM Run Gosec
 #     1. Find common security vulnerabilities, such as SQL injection, command injection, and cross-site scripting (XSS).
 #     2. Audit codes according to common security standards and find non-standard codes.
 #     3. Assist the Go language engineer to write safe and reliable code.
-
+# https://github.com/securego/gosec/
 on:
   push:
     branches: "*"
diff --git a/.github/workflows/grype.yml b/.github/workflows/grype.yml
deleted file mode 100644
index 5931ff324..000000000
--- a/.github/workflows/grype.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-name: OpenIM Grype
-
-on:
-  push:
-    branches: ['main']
-    tags: ['v*']
-  pull_request:
-
-jobs:
-  scan-source:
-    name: scan-source
-    runs-on: ubuntu-latest
-
-    permissions:
-      security-events: write
-      actions: read
-      contents: read
-
-    steps:
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
-    - uses: anchore/scan-action@v3
-      with:
-        path: "."
-        fail-build: true
\ No newline at end of file
diff --git a/.github/workflows/lock-issue.yml b/.github/workflows/lock-issue.yml
new file mode 100644
index 000000000..8cf0433d6
--- /dev/null
+++ b/.github/workflows/lock-issue.yml
@@ -0,0 +1,51 @@
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '0 * * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v4
+        with:
+          github-token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          issue-inactive-days: '365'
+          exclude-issue-created-before: ''
+          exclude-issue-created-after: ''
+          exclude-issue-created-between: ''
+          exclude-issue-closed-before: ''
+          exclude-issue-closed-after: ''
+          exclude-issue-closed-between: ''
+          include-any-issue-labels: ''
+          include-all-issue-labels: ''
+          exclude-any-issue-labels: ''
+          add-issue-labels: ''
+          remove-issue-labels: ''
+          issue-comment: ''
+          issue-lock-reason: 'resolved'
+          pr-inactive-days: '365'
+          exclude-pr-created-before: ''
+          exclude-pr-created-after: ''
+          exclude-pr-created-between: ''
+          exclude-pr-closed-before: ''
+          exclude-pr-closed-after: ''
+          exclude-pr-closed-between: ''
+          include-any-pr-labels: ''
+          include-all-pr-labels: ''
+          exclude-any-pr-labels: ''
+          add-pr-labels: ''
+          remove-pr-labels: ''
+          pr-comment: ''
+          pr-lock-reason: 'resolved'
+          process-only: ''
+          log-output: false
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 23565c23a..02c24cf79 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -11,7 +11,8 @@ services:
       - ${DATA_DIR}/components/mysql/data:/var/lib/mysql
       - /etc/localtime:/etc/localtime
     environment:
-      MYSQL_ROOT_PASSWORD: ${PASSWORD}
+      - MYSQL_ROOT_PASSWORD: ${PASSWORD}
+      - TZ=Asia/Shanghai
     restart: always
 
   mongodb:
@@ -34,6 +35,7 @@ services:
       - MONGO_INITDB_DATABASE=openIM
       - MONGO_USERNAME=${USER}
       - MONGO_PASSWORD=${PASSWORD}
+      - TZ=Asia/Shanghai
     restart: always
 
   redis:
@@ -72,14 +74,14 @@ services:
     ports:
       - 9092:9092
     environment:
-      TZ: Asia/Shanghai
-      KAFKA_BROKER_ID: 0
-      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
-      KAFKA_CREATE_TOPICS: "latestMsgToRedis:8:1,msgToPush:8:1,offlineMsgToMongoMysql:8:1"
-      KAFKA_ADVERTISED_LISTENERS: INSIDE://127.0.0.1:9092,OUTSIDE://103.116.45.174:9092
-      KAFKA_LISTENERS: INSIDE://:9092,OUTSIDE://:9093
-      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT"
-      KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
+      - TZ: Asia/Shanghai
+      - KAFKA_BROKER_ID: 0
+      - KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
+      - KAFKA_CREATE_TOPICS: "latestMsgToRedis:8:1,msgToPush:8:1,offlineMsgToMongoMysql:8:1"
+      - KAFKA_ADVERTISED_LISTENERS: INSIDE://127.0.0.1:9092,OUTSIDE://103.116.45.174:9092
+      - KAFKA_LISTENERS: INSIDE://:9092,OUTSIDE://:9093
+      - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT"
+      - KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
     depends_on:
       - zookeeper
 
@@ -93,8 +95,9 @@ services:
       - /mnt/data:/data
       - /mnt/config:/root/.minio
     environment:
-      MINIO_ROOT_USER: ${USER}
-      MINIO_ROOT_PASSWORD: ${PASSWORD}
+      - MINIO_ROOT_USER: ${USER}
+      - MINIO_ROOT_PASSWORD: ${PASSWORD}
+      - TZ: Asia/Shanghai
     restart: always
     command: minio server /data --console-address ':9090'