diff --git a/astrbot/core/utils/http_ssl.py b/astrbot/core/utils/http_ssl.py
new file mode 100644
index 000000000..ee0bbc0d0
--- /dev/null
+++ b/astrbot/core/utils/http_ssl.py
@@ -0,0 +1,33 @@
+import logging
+import ssl
+import threading
+
+import aiohttp
+
+from astrbot.utils.http_ssl_common import (
+    build_ssl_context_with_certifi as _build_ssl_context,
+)
+
+logger = logging.getLogger("astrbot")
+
+_SHARED_TLS_CONTEXT: ssl.SSLContext | None = None
+_SHARED_TLS_CONTEXT_LOCK = threading.Lock()
+
+
+def build_ssl_context_with_certifi() -> ssl.SSLContext:
+    """Build an SSL context from system trust store and add certifi CAs."""
+    global _SHARED_TLS_CONTEXT
+
+    if _SHARED_TLS_CONTEXT is not None:
+        return _SHARED_TLS_CONTEXT
+
+    with _SHARED_TLS_CONTEXT_LOCK:
+        if _SHARED_TLS_CONTEXT is not None:
+            return _SHARED_TLS_CONTEXT
+
+        _SHARED_TLS_CONTEXT = _build_ssl_context(log_obj=logger)
+        return _SHARED_TLS_CONTEXT
+
+
+def build_tls_connector() -> aiohttp.TCPConnector:
+    return aiohttp.TCPConnector(ssl=build_ssl_context_with_certifi())
diff --git a/astrbot/core/utils/llm_metadata.py b/astrbot/core/utils/llm_metadata.py
index 915d8d8f9..ef88e9490 100644
--- a/astrbot/core/utils/llm_metadata.py
+++ b/astrbot/core/utils/llm_metadata.py
@@ -3,6 +3,7 @@
 import aiohttp
 
 from astrbot.core import logger
+from astrbot.core.utils.http_ssl import build_tls_connector
 
 
 class LLMModalities(TypedDict):
@@ -32,7 +33,9 @@ class LLMMetadata(TypedDict):
 async def update_llm_metadata() -> None:
     url = "https://models.dev/api.json"
     try:
-        async with aiohttp.ClientSession() as session:
+        async with aiohttp.ClientSession(
+            trust_env=True, connector=build_tls_connector()
+        ) as session:
             async with session.get(url) as response:
                 data = await response.json()
                 global LLM_METADATAS
diff --git a/astrbot/core/utils/pip_installer.py b/astrbot/core/utils/pip_installer.py
index d9a84f3ed..6be259a1d 100644
--- a/astrbot/core/utils/pip_installer.py
+++ b/astrbot/core/utils/pip_installer.py
@@ -11,6 +11,8 @@
 
 logger = logging.getLogger("astrbot")
 
+_DISTLIB_FINDER_PATCH_ATTEMPTED = False
+
 
 def _get_pip_main():
     try:
@@ -47,6 +49,110 @@ def _cleanup_added_root_handlers(original_handlers: list[logging.Handler]) -> No
                 handler.close()
 
 
+def _get_loader_for_package(package: object) -> object | None:
+    loader = getattr(package, "__loader__", None)
+    if loader is not None:
+        return loader
+
+    spec = getattr(package, "__spec__", None)
+    if spec is None:
+        return None
+    return getattr(spec, "loader", None)
+
+
+def _try_register_distlib_finder(
+    distlib_resources: object,
+    finder_registry: dict[type, object],
+    register_finder,
+    resource_finder: object,
+    loader: object,
+    package_name: str,
+) -> bool:
+    loader_type = type(loader)
+    if loader_type in finder_registry:
+        return False
+
+    try:
+        register_finder(loader_type, resource_finder)
+    except Exception as exc:
+        logger.warning(
+            "Failed to patch pip distlib finder for loader %s (%s): %s",
+            loader_type.__name__,
+            package_name,
+            exc,
+        )
+        return False
+
+    updated_registry = getattr(distlib_resources, "_finder_registry", finder_registry)
+    if isinstance(updated_registry, dict) and loader_type not in updated_registry:
+        logger.warning(
+            "Distlib finder patch did not take effect for loader %s (%s).",
+            loader_type.__name__,
+            package_name,
+        )
+        return False
+
+    logger.info(
+        "Patched pip distlib finder for frozen loader: %s (%s)",
+        loader_type.__name__,
+        package_name,
+    )
+    return True
+
+
+def _patch_distlib_finder_for_frozen_runtime() -> None:
+    global _DISTLIB_FINDER_PATCH_ATTEMPTED
+
+    if not getattr(sys, "frozen", False):
+        return
+    if _DISTLIB_FINDER_PATCH_ATTEMPTED:
+        return
+
+    _DISTLIB_FINDER_PATCH_ATTEMPTED = True
+
+    try:
+        from pip._vendor.distlib import resources as distlib_resources
+    except Exception:
+        return
+
+    finder_registry = getattr(distlib_resources, "_finder_registry", None)
+    register_finder = getattr(distlib_resources, "register_finder", None)
+    resource_finder = getattr(distlib_resources, "ResourceFinder", None)
+
+    if not isinstance(finder_registry, dict):
+        logger.warning(
+            "Skip patching distlib finder because _finder_registry is unavailable."
+        )
+        return
+    if not callable(register_finder) or resource_finder is None:
+        logger.warning(
+            "Skip patching distlib finder because register API is unavailable."
+        )
+        return
+
+    for package_name in ("pip._vendor.distlib", "pip._vendor"):
+        try:
+            package = importlib.import_module(package_name)
+        except Exception:
+            continue
+
+        loader = _get_loader_for_package(package)
+        if loader is None:
+            continue
+
+        if _try_register_distlib_finder(
+            distlib_resources,
+            finder_registry,
+            register_finder,
+            resource_finder,
+            loader,
+            package_name,
+        ):
+            finder_registry = getattr(
+                distlib_resources, "_finder_registry", finder_registry
+            )
+
+
 class PipInstaller:
     def __init__(self, pip_install_arg: str, pypi_index_url: str | None = None) -> None:
         self.pip_install_arg = pip_install_arg
@@ -88,6 +194,7 @@ async def install(
 
     async def _run_pip_in_process(self, args: list[str]) -> int:
         pip_main = _get_pip_main()
+        _patch_distlib_finder_for_frozen_runtime()
 
         original_handlers = list(logging.getLogger().handlers)
         result_code, output = await asyncio.to_thread(
diff --git a/astrbot/core/utils/t2i/network_strategy.py b/astrbot/core/utils/t2i/network_strategy.py
index 2abb22917..53d9441fa 100644
--- a/astrbot/core/utils/t2i/network_strategy.py
+++ b/astrbot/core/utils/t2i/network_strategy.py
@@ -1,12 +1,11 @@
 import asyncio
 import logging
 import random
-import ssl
 
 import aiohttp
-import certifi
 
 from astrbot.core.config import VERSION
+from astrbot.core.utils.http_ssl import build_tls_connector
 from astrbot.core.utils.io import download_image_by_url
 from astrbot.core.utils.t2i.template_manager import TemplateManager
 
@@ -39,7 +38,10 @@ async def get_template(self, name: str = "base") -> str:
     async def get_official_endpoints(self) -> None:
         """获取官方的 t2i 端点列表。"""
         try:
-            async with aiohttp.ClientSession() as session:
+            async with aiohttp.ClientSession(
+                trust_env=True,
+                connector=build_tls_connector(),
+            ) as session:
                 async with session.get(
                     "https://api.soulter.top/astrbot/t2i-endpoints",
                 ) as resp:
@@ -88,12 +90,10 @@ async def render_custom_template(
         for endpoint in endpoints:
             try:
                 if return_url:
-                    ssl_context = ssl.create_default_context(cafile=certifi.where())
-                    connector = aiohttp.TCPConnector(ssl=ssl_context)
                     async with (
                         aiohttp.ClientSession(
                             trust_env=True,
-                            connector=connector,
+                            connector=build_tls_connector(),
                         ) as session,
                         session.post(
                             f"{endpoint}/generate",
diff --git a/astrbot/utils/__init__.py b/astrbot/utils/__init__.py
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/astrbot/utils/__init__.py
@@ -0,0 +1 @@
+
diff --git a/astrbot/utils/http_ssl_common.py b/astrbot/utils/http_ssl_common.py
new file mode 100644
index 000000000..b379fd36e
--- /dev/null
+++ b/astrbot/utils/http_ssl_common.py
@@ -0,0 +1,24 @@
+import logging
+import ssl
+from typing import Any
+
+import certifi
+
+_LOGGER = logging.getLogger(__name__)
+
+
+def build_ssl_context_with_certifi(log_obj: Any | None = None) -> ssl.SSLContext:
+    logger = log_obj or _LOGGER
+
+    ssl_context = ssl.create_default_context()
+    try:
+        ssl_context.load_verify_locations(cafile=certifi.where())
+    except Exception as exc:
+        if logger and hasattr(logger, "warning"):
+            logger.warning(
+                "Failed to load certifi CA bundle into SSL context; "
+                "falling back to system trust store only: %s",
+                exc,
+            )
+
+    return ssl_context
diff --git a/dashboard/src/components/chat/ConversationSidebar.vue b/dashboard/src/components/chat/ConversationSidebar.vue
index fe25ef34c..a728930d9 100644
--- a/dashboard/src/components/chat/ConversationSidebar.vue
+++ b/dashboard/src/components/chat/ConversationSidebar.vue
@@ -144,6 +144,7 @@
 import { ref } from 'vue';
 import { useI18n, useModuleI18n } from '@/i18n/composables';
 import type { Session } from '@/composables/useSessions';
+import { askForConfirmation, useConfirmDialog } from '@/utils/confirmDialog';
 import LanguageSwitcher from '@/components/shared/LanguageSwitcher.vue';
 import StyledMenu from '@/components/shared/StyledMenu.vue';
 import ProviderConfigDialog from '@/components/chat/ProviderConfigDialog.vue';
@@ -183,6 +184,8 @@ const emit = defineEmits<{
 const { t } = useI18n();
 const { tm } = useModuleI18n('features/chat');
 
+const confirmDialog = useConfirmDialog();
+
 const sidebarCollapsed = ref(true);
 const showProviderConfigDialog = ref(false);
 
@@ -199,10 +202,10 @@ function toggleSidebar() {
     localStorage.setItem('sidebarCollapsed', JSON.stringify(sidebarCollapsed.value));
 }
 
-function handleDeleteConversation(session: Session) {
+async function handleDeleteConversation(session: Session) {
     const sessionTitle = session.display_name || tm('conversation.newConversation');
     const message = tm('conversation.confirmDelete', { name: sessionTitle });
-    if (window.confirm(message)) {
+    if (await askForConfirmation(message, confirmDialog)) {
         emit('deleteConversation', session.session_id);
     }
 }
@@ -359,4 +362,3 @@ function handleDeleteConversation(session: Session) {
     justify-content: center;
 }
 </style>
-
diff --git a/dashboard/src/components/chat/ProjectList.vue b/dashboard/src/components/chat/ProjectList.vue
index e9ac1f5de..34491c529 100644
--- a/dashboard/src/components/chat/ProjectList.vue
+++ b/dashboard/src/components/chat/ProjectList.vue
@@ -42,8 +42,9 @@
 </template>
 
 <script setup lang="ts">
-import { ref, watch } from 'vue';
+import { ref } from 'vue';
 import { useModuleI18n } from '@/i18n/composables';
+import { askForConfirmation, useConfirmDialog } from '@/utils/confirmDialog';
 
 export interface Project {
     project_id: string;
@@ -72,6 +73,8 @@ const emit = defineEmits<{
 
 const { tm } = useModuleI18n('features/chat');
 
+const confirmDialog = useConfirmDialog();
+
 const expanded = ref(props.initialExpanded);
 
 // 从 localStorage 读取项目展开状态
@@ -85,9 +88,9 @@ function toggleExpanded() {
     localStorage.setItem('projectsExpanded', JSON.stringify(expanded.value));
 }
 
-function handleDeleteProject(project: Project) {
+async function handleDeleteProject(project: Project) {
     const message = tm('project.confirmDelete', { title: project.title });
-    if (window.confirm(message)) {
+    if (await askForConfirmation(message, confirmDialog)) {
         emit('deleteProject', project.project_id);
     }
 }
diff --git a/dashboard/src/components/chat/ProjectView.vue b/dashboard/src/components/chat/ProjectView.vue
index 87a22ec9e..2358b34af 100644
--- a/dashboard/src/components/chat/ProjectView.vue
+++ b/dashboard/src/components/chat/ProjectView.vue
@@ -47,6 +47,7 @@
 <script setup lang="ts">
 import { useModuleI18n } from '@/i18n/composables';
 import type { Project } from '@/components/chat/ProjectList.vue';
+import { askForConfirmation, useConfirmDialog } from '@/utils/confirmDialog';
 
 interface Session {
     session_id: string;
@@ -69,14 +70,16 @@ const emit = defineEmits<{
 
 const { tm } = useModuleI18n('features/chat');
 
+const confirmDialog = useConfirmDialog();
+
 function formatDate(dateString: string): string {
     return new Date(dateString).toLocaleString();
 }
 
-function handleDeleteSession(session: Session) {
+async function handleDeleteSession(session: Session) {
     const sessionTitle = session.display_name || tm('conversation.newConversation');
     const message = tm('conversation.confirmDelete', { name: sessionTitle });
-    if (window.confirm(message)) {
+    if (await askForConfirmation(message, confirmDialog)) {
         emit('deleteSession', session.session_id);
     }
 }
diff --git a/dashboard/src/components/extension/McpServersSection.vue b/dashboard/src/components/extension/McpServersSection.vue
index 4330396bb..95b679580 100644
--- a/dashboard/src/components/extension/McpServersSection.vue
+++ b/dashboard/src/components/extension/McpServersSection.vue
@@ -218,6 +218,10 @@ import axios from 'axios';
 import { VueMonacoEditor } from '@guolao/vue-monaco-editor';
 import ItemCard from '@/components/shared/ItemCard.vue';
 import { useI18n, useModuleI18n } from '@/i18n/composables';
+import {
+  askForConfirmation as askForConfirmationDialog,
+  useConfirmDialog
+} from '@/utils/confirmDialog';
 
 export default {
   name: 'McpServersSection',
@@ -228,7 +232,8 @@ export default {
   setup() {
     const { t } = useI18n();
     const { tm } = useModuleI18n('features/tooluse');
-    return { t, tm };
+    const confirmDialog = useConfirmDialog();
+    return { t, tm, confirmDialog };
   },
   data() {
     return {
@@ -382,18 +387,21 @@ export default {
         this.showError(this.tm('dialogs.addServer.errors.jsonParse', { error: e.message }));
       }
     },
-    deleteServer(server) {
+    async deleteServer(server) {
       const serverName = server.name || server;
-      if (confirm(this.tm('dialogs.confirmDelete', { name: serverName }))) {
-        axios.post('/api/tools/mcp/delete', { name: serverName })
-          .then(response => {
-            this.getServers();
-            this.showSuccess(response.data.message || this.tm('messages.deleteSuccess'));
-          })
-          .catch(error => {
-            this.showError(this.tm('messages.deleteError', { error: error.response?.data?.message || error.message }));
-          });
+      const message = this.tm('dialogs.confirmDelete', { name: serverName });
+      if (!(await askForConfirmationDialog(message, this.confirmDialog))) {
+        return;
       }
+
+      axios.post('/api/tools/mcp/delete', { name: serverName })
+        .then(response => {
+          this.getServers();
+          this.showSuccess(response.data.message || this.tm('messages.deleteSuccess'));
+        })
+        .catch(error => {
+          this.showError(this.tm('messages.deleteError', { error: error.response?.data?.message || error.message }));
+        });
     },
     editServer(server) {
       const configCopy = { ...server };
diff --git a/dashboard/src/components/shared/BackupDialog.vue b/dashboard/src/components/shared/BackupDialog.vue
index eb0327e4e..cd23b691e 100644
--- a/dashboard/src/components/shared/BackupDialog.vue
+++ b/dashboard/src/components/shared/BackupDialog.vue
@@ -370,10 +370,13 @@
 import { ref, computed, watch } from 'vue'
 import axios from 'axios'
 import { useI18n } from '@/i18n/composables'
+import { askForConfirmation, useConfirmDialog } from '@/utils/confirmDialog'
 import WaitingForRestart from './WaitingForRestart.vue'
 
 const { t } = useI18n()
 
+const confirmDialog = useConfirmDialog()
+
 const isOpen = ref(false)
 const activeTab = ref('export')
 const wfr = ref(null)
@@ -844,7 +847,7 @@ const restoreFromList = async (filename) => {
 
 // 删除备份
 const deleteBackup = async (filename) => {
-    if (!confirm(t('features.settings.backup.list.confirmDelete'))) return
+    if (!(await askForConfirmation(t('features.settings.backup.list.confirmDelete'), confirmDialog))) return
 
     try {
         const response = await axios.post('/api/backup/delete', { filename })
@@ -992,4 +995,4 @@ defineExpose({ open })
 .non-interactive-chip:hover {
     box-shadow: none !important;
 }
-</style>
\ No newline at end of file
+</style>
diff --git a/dashboard/src/components/shared/ConsoleDisplayer.vue b/dashboard/src/components/shared/ConsoleDisplayer.vue
index 10ebd4d17..823bdc1cb 100644
--- a/dashboard/src/components/shared/ConsoleDisplayer.vue
+++ b/dashboard/src/components/shared/ConsoleDisplayer.vue
@@ -269,8 +269,8 @@ export default {
         }
       }
 
-      span.style = style + 'display: block; font-size: 12px; font-family: Consolas, monospace; white-space: pre-wrap; margin-bottom: 2px;'
-      span.classList.add('fade-in')
+      span.style = style
+      span.classList.add('console-log-line', 'fade-in')
       span.innerText = `${log}`;
       ele.appendChild(span)
       if (this.autoScroll) {
@@ -290,7 +290,15 @@ export default {
   margin-left: 20px;
 }
 
-.fade-in {
+:deep(.console-log-line) {
+  display: block;
+  margin-bottom: 2px;
+  font-family: SFMono-Regular, Menlo, Monaco, Consolas, var(--astrbot-font-cjk-mono), monospace;
+  font-size: 12px;
+  white-space: pre-wrap;
+}
+
+:deep(.fade-in) {
   animation: fadeIn 0.3s;
 }
 
diff --git a/dashboard/src/components/shared/PersonaForm.vue b/dashboard/src/components/shared/PersonaForm.vue
index 7df250db2..931083b30 100644
--- a/dashboard/src/components/shared/PersonaForm.vue
+++ b/dashboard/src/components/shared/PersonaForm.vue
@@ -307,6 +307,10 @@
 <script>
 import axios from 'axios';
 import { useModuleI18n } from '@/i18n/composables';
+import {
+    askForConfirmation as askForConfirmationDialog,
+    useConfirmDialog
+} from '@/utils/confirmDialog';
 
 export default {
     name: 'PersonaForm',
@@ -331,7 +335,8 @@ export default {
     emits: ['update:modelValue', 'saved', 'error', 'deleted'],
     setup() {
         const { tm } = useModuleI18n('features/persona');
-        return { tm };
+        const confirmDialog = useConfirmDialog();
+        return { tm, confirmDialog };
     },
     data() {
         return {
@@ -596,8 +601,13 @@ export default {
 
         async deletePersona() {
             if (!this.editingPersona) return;
-            
-            if (!confirm(this.tm('messages.deleteConfirm', { id: this.editingPersona.persona_id }))) {
+
+            if (
+                !(await askForConfirmationDialog(
+                    this.tm('messages.deleteConfirm', { id: this.editingPersona.persona_id }),
+                    this.confirmDialog,
+                ))
+            ) {
                 return;
             }
 
diff --git a/dashboard/src/composables/useProviderSources.ts b/dashboard/src/composables/useProviderSources.ts
index ac9894cdc..3997ae108 100644
--- a/dashboard/src/composables/useProviderSources.ts
+++ b/dashboard/src/composables/useProviderSources.ts
@@ -1,6 +1,7 @@
 import { ref, computed, onMounted, nextTick, watch } from 'vue'
 import axios from 'axios'
 import { getProviderIcon } from '@/utils/providerUtils'
+import { askForConfirmation as askForConfirmationDialog, useConfirmDialog } from '@/utils/confirmDialog'
 
 export interface UseProviderSourcesOptions {
   defaultTab?: string
@@ -37,6 +38,12 @@ export function resolveDefaultTab(value?: string) {
 export function useProviderSources(options: UseProviderSourcesOptions) {
   const { tm, showMessage } = options
 
+  const confirmDialog = useConfirmDialog()
+
+  async function askForConfirmation(message: string) {
+    return askForConfirmationDialog(message, confirmDialog)
+  }
+
   // ===== State =====
   const config = ref<Record<string, any>>({})
   const metadata = ref<Record<string, any>>({})
@@ -396,7 +403,10 @@ export function useProviderSources(options: UseProviderSourcesOptions) {
   }
 
   async function deleteProviderSource(source: any) {
-    if (!confirm(tm('providerSources.deleteConfirm', { id: source.id }))) return
+    const confirmed = await askForConfirmation(
+      tm('providerSources.deleteConfirm', { id: source.id })
+    )
+    if (!confirmed) return
 
     try {
       await axios.post('/api/config/provider_sources/delete', { id: source.id })
@@ -558,7 +568,8 @@ export function useProviderSources(options: UseProviderSourcesOptions) {
   }
 
   async function deleteProvider(provider: any) {
-    if (!confirm(tm('models.deleteConfirm', { id: provider.id }))) return
+    const confirmed = await askForConfirmation(tm('models.deleteConfirm', { id: provider.id }))
+    if (!confirmed) return
 
     try {
       await axios.post('/api/config/provider/delete', { id: provider.id })
diff --git a/dashboard/src/scss/_variables.scss b/dashboard/src/scss/_variables.scss
index 3584fff1e..7993bb860 100644
--- a/dashboard/src/scss/_variables.scss
+++ b/dashboard/src/scss/_variables.scss
@@ -9,7 +9,15 @@ $color-pack: false;
 // Global font size and border radius
 $font-size-root: 1rem;
 $border-radius-root: 8px;
-$body-font-family: 'Roboto', sans-serif !default;
+$cjk-sans-fallback: 'PingFang SC', 'Hiragino Sans GB', 'Noto Sans CJK SC', 'Microsoft YaHei' !default;
+$cjk-mono-fallback: 'PingFang SC', 'PingFang TC', 'Hiragino Sans GB', 'Noto Sans CJK SC', 'Microsoft YaHei' !default;
+
+:root {
+  --astrbot-font-cjk-sans: #{$cjk-sans-fallback};
+  --astrbot-font-cjk-mono: #{$cjk-mono-fallback};
+}
+
+$body-font-family: 'Roboto', $cjk-sans-fallback, sans-serif !default;
 $heading-font-family: $body-font-family !default;
 $btn-font-weight: 400 !default;
 $btn-letter-spacing: 0 !default;
diff --git a/dashboard/src/scss/layout/_container.scss b/dashboard/src/scss/layout/_container.scss
index cc4229274..bf9ef0d08 100644
--- a/dashboard/src/scss/layout/_container.scss
+++ b/dashboard/src/scss/layout/_container.scss
@@ -85,15 +85,15 @@ $sizes: (
 
 body {
   .Poppins {
-    font-family: 'Poppins', sans-serif !important;
+    font-family: 'Poppins', $cjk-sans-fallback, sans-serif !important;
   }
 
   .Inter {
-    font-family: 'Inter', sans-serif !important;
+    font-family: 'Inter', $cjk-sans-fallback, sans-serif !important;
   }
 
   .Outfit {
-    font-family: 'Outfit', sans-serif !important;
+    font-family: 'Outfit', $cjk-sans-fallback, sans-serif !important;
   }
 }
 
diff --git a/dashboard/src/types/confirm.d.ts b/dashboard/src/types/confirm.d.ts
new file mode 100644
index 000000000..e29f634df
--- /dev/null
+++ b/dashboard/src/types/confirm.d.ts
@@ -0,0 +1,11 @@
+import 'vue'
+
+import type { ConfirmDialogHandler } from '@/utils/confirmDialog'
+
+declare module 'vue' {
+  interface ComponentCustomProperties {
+    $confirm?: ConfirmDialogHandler
+  }
+}
+
+export {}
diff --git a/dashboard/src/utils/confirmDialog.ts b/dashboard/src/utils/confirmDialog.ts
new file mode 100644
index 000000000..494f81e0e
--- /dev/null
+++ b/dashboard/src/utils/confirmDialog.ts
@@ -0,0 +1,31 @@
+import { inject } from 'vue'
+
+export type ConfirmDialogOptions = {
+  title?: string
+  message?: string
+}
+
+export type ConfirmDialogHandler = (options: ConfirmDialogOptions) => Promise<boolean>
+
+export type ConfirmDialogCandidate = ConfirmDialogHandler | null | undefined
+
+export function useConfirmDialog(): ConfirmDialogHandler | undefined {
+  return inject<ConfirmDialogHandler | undefined>('$confirm', undefined)
+}
+
+export async function askForConfirmation(
+  message: string,
+  candidate?: ConfirmDialogCandidate
+): Promise<boolean> {
+  const confirmDialog = candidate ?? undefined
+
+  if (confirmDialog) {
+    try {
+      return await confirmDialog({ message })
+    } catch {
+      return false
+    }
+  }
+
+  return window.confirm(message)
+}
diff --git a/dashboard/src/views/ConfigPage.vue b/dashboard/src/views/ConfigPage.vue
index 8e929021c..4b129d67b 100644
--- a/dashboard/src/views/ConfigPage.vue
+++ b/dashboard/src/views/ConfigPage.vue
@@ -190,6 +190,10 @@ import WaitingForRestart from '@/components/shared/WaitingForRestart.vue';
 import StandaloneChat from '@/components/chat/StandaloneChat.vue';
 import { VueMonacoEditor } from '@guolao/vue-monaco-editor'
 import { useI18n, useModuleI18n } from '@/i18n/composables';
+import {
+  askForConfirmation as askForConfirmationDialog,
+  useConfirmDialog
+} from '@/utils/confirmDialog';
 
 export default {
   name: 'ConfigPage',
@@ -208,10 +212,12 @@ export default {
   setup() {
     const { t } = useI18n();
     const { tm } = useModuleI18n('features/config');
+    const confirmDialog = useConfirmDialog();
 
     return {
       t,
-      tm
+      tm,
+      confirmDialog
     };
   },
 
@@ -473,8 +479,9 @@ export default {
         this.createNewConfig();
       }
     },
-    confirmDeleteConfig(config) {
-      if (confirm(this.tm('configManagement.confirmDelete').replace('{name}', config.name))) {
+    async confirmDeleteConfig(config) {
+      const message = this.tm('configManagement.confirmDelete').replace('{name}', config.name);
+      if (await askForConfirmationDialog(message, this.confirmDialog)) {
         this.deleteConfig(config.id);
       }
     },
@@ -658,4 +665,4 @@ export default {
   padding: 0;
   border-radius: 0 0 16px 16px;
 }
-</style>
\ No newline at end of file
+</style>
diff --git a/dashboard/src/views/ConversationPage.vue b/dashboard/src/views/ConversationPage.vue
index 2a615b294..ff53301b1 100644
--- a/dashboard/src/views/ConversationPage.vue
+++ b/dashboard/src/views/ConversationPage.vue
@@ -333,6 +333,10 @@ import { useCommonStore } from '@/stores/common';
 import { useCustomizerStore } from '@/stores/customizer';
 import { useI18n, useModuleI18n } from '@/i18n/composables';
 import MessageList from '@/components/chat/MessageList.vue';
+import {
+    askForConfirmation as askForConfirmationDialog,
+    useConfirmDialog
+} from '@/utils/confirmDialog';
 
 export default {
     name: 'ConversationPage',
@@ -345,12 +349,14 @@ export default {
         const { t, locale } = useI18n();
         const { tm } = useModuleI18n('features/conversation');
         const customizerStore = useCustomizerStore();
+        const confirmDialog = useConfirmDialog();
 
         return {
             t,
             tm,
             locale,
-            customizerStore
+            customizerStore,
+            confirmDialog
         };
     },
 
@@ -744,9 +750,9 @@ export default {
         },
 
         // 关闭对话历史对话框
-        closeHistoryDialog() {
+        async closeHistoryDialog() {
             if (this.isEditingHistory) {
-                if (confirm(this.tm('dialogs.view.confirmClose'))) {
+                if (await askForConfirmationDialog(this.tm('dialogs.view.confirmClose'), this.confirmDialog)) {
                     this.dialogView = false;
                 }
             } else {
@@ -1133,4 +1139,4 @@ export default {
         transform: translateY(0);
     }
 }
-</style>
\ No newline at end of file
+</style>
diff --git a/dashboard/src/views/PlatformPage.vue b/dashboard/src/views/PlatformPage.vue
index c20535558..abf0c1d4d 100644
--- a/dashboard/src/views/PlatformPage.vue
+++ b/dashboard/src/views/PlatformPage.vue
@@ -197,6 +197,10 @@ import AddNewPlatform from '@/components/platform/AddNewPlatform.vue';
 import { useCommonStore } from '@/stores/common';
 import { useI18n, useModuleI18n } from '@/i18n/composables';
 import { getPlatformIcon, getTutorialLink } from '@/utils/platformUtils';
+import {
+  askForConfirmation as askForConfirmationDialog,
+  useConfirmDialog
+} from '@/utils/confirmDialog';
 
 export default {
   name: 'PlatformPage',
@@ -210,10 +214,12 @@ export default {
   setup() {
     const { t } = useI18n();
     const { tm } = useModuleI18n('features/platform');
+    const confirmDialog = useConfirmDialog();
 
     return {
       t,
-      tm
+      tm,
+      confirmDialog
     };
   },
   data() {
@@ -451,15 +457,18 @@ export default {
       });
     },
 
-    deletePlatform(platform) {
-      if (confirm(`${this.messages.deleteConfirm} ${platform.id}?`)) {
-        axios.post('/api/config/platform/delete', { id: platform.id }).then((res) => {
-          this.getConfig();
-          this.showSuccess(res.data.message || this.messages.deleteSuccess);
-        }).catch((err) => {
-          this.showError(err.response?.data?.message || err.message);
-        });
+    async deletePlatform(platform) {
+      const message = `${this.messages.deleteConfirm} ${platform.id}?`;
+      if (!(await askForConfirmationDialog(message, this.confirmDialog))) {
+        return;
       }
+
+      axios.post('/api/config/platform/delete', { id: platform.id }).then((res) => {
+        this.getConfig();
+        this.showSuccess(res.data.message || this.messages.deleteSuccess);
+      }).catch((err) => {
+        this.showError(err.response?.data?.message || err.message);
+      });
     },
 
     platformStatusChange(platform) {
diff --git a/dashboard/src/views/SessionManagementPage.vue b/dashboard/src/views/SessionManagementPage.vue
index b754f8c1c..5008e1dd3 100644
--- a/dashboard/src/views/SessionManagementPage.vue
+++ b/dashboard/src/views/SessionManagementPage.vue
@@ -522,16 +522,22 @@
 <script>
 import axios from 'axios'
 import { useI18n, useModuleI18n } from '@/i18n/composables'
+import {
+  askForConfirmation as askForConfirmationDialog,
+  useConfirmDialog
+} from '@/utils/confirmDialog'
 
 export default {
   name: 'SessionManagementPage',
   setup() {
     const { t } = useI18n()
     const { tm } = useModuleI18n('features/session-management')
+    const confirmDialog = useConfirmDialog()
 
     return {
       t,
-      tm
+      tm,
+      confirmDialog
     }
   },
   data() {
@@ -1503,7 +1509,8 @@ export default {
     },
 
     async deleteGroup(group) {
-      if (!confirm(`确定要删除分组 "${group.name}" 吗？`)) return
+      const message = `确定要删除分组 "${group.name}" 吗？`
+      if (!(await askForConfirmationDialog(message, this.confirmDialog))) return
 
       try {
         const response = await axios.post('/api/session/group/delete', { id: group.id })
diff --git a/dashboard/src/views/knowledge-base/DocumentDetail.vue b/dashboard/src/views/knowledge-base/DocumentDetail.vue
index fb64e628c..16d9ca67e 100644
--- a/dashboard/src/views/knowledge-base/DocumentDetail.vue
+++ b/dashboard/src/views/knowledge-base/DocumentDetail.vue
@@ -244,10 +244,13 @@ import { ref, computed, onMounted } from 'vue'
 import { useRoute } from 'vue-router'
 import axios from 'axios'
 import { useModuleI18n } from '@/i18n/composables'
+import { askForConfirmation, useConfirmDialog } from '@/utils/confirmDialog'
 
 const { tm: t } = useModuleI18n('features/knowledge-base/document')
 const route = useRoute()
 
+const confirmDialog = useConfirmDialog()
+
 const kbId = ref(route.params.kbId as string)
 const docId = ref(route.params.docId as string)
 
@@ -356,7 +359,7 @@ const viewChunk = (chunk: any) => {
 
 // 删除分块
 const deleteChunk = async (chunk: any) => {
-  if (!confirm(t('chunks.deleteConfirm'))) return
+  if (!(await askForConfirmation(t('chunks.deleteConfirm'), confirmDialog))) return
   try {
     const response = await axios.post('/api/kb/chunk/delete', {
       chunk_id: chunk.chunk_id,
diff --git a/dashboard/src/views/persona/PersonaManager.vue b/dashboard/src/views/persona/PersonaManager.vue
index f8b42407b..f9f3e5883 100644
--- a/dashboard/src/views/persona/PersonaManager.vue
+++ b/dashboard/src/views/persona/PersonaManager.vue
@@ -260,6 +260,10 @@ import PersonaCard from './PersonaCard.vue';
 import PersonaForm from '@/components/shared/PersonaForm.vue';
 import CreateFolderDialog from './CreateFolderDialog.vue';
 import MoveToFolderDialog from './MoveToFolderDialog.vue';
+import {
+    askForConfirmation as askForConfirmationDialog,
+    useConfirmDialog
+} from '@/utils/confirmDialog';
 
 import type { Folder, FolderTreeNode } from '@/components/folder/types';
 
@@ -294,7 +298,8 @@ export default defineComponent({
     setup() {
         const { t } = useI18n();
         const { tm } = useModuleI18n('features/persona');
-        return { t, tm };
+        const confirmDialog = useConfirmDialog();
+        return { t, tm, confirmDialog };
     },
     data() {
         return {
@@ -420,7 +425,12 @@ export default defineComponent({
         },
 
         async confirmDeletePersona(persona: Persona) {
-            if (!confirm(this.tm('messages.deleteConfirm', { id: persona.persona_id }))) {
+            if (
+                !(await askForConfirmationDialog(
+                    this.tm('messages.deleteConfirm', { id: persona.persona_id }),
+                    this.confirmDialog,
+                ))
+            ) {
                 return;
             }
 
diff --git a/desktop/main.js b/desktop/main.js
index a578fdc81..d681f2992 100644
--- a/desktop/main.js
+++ b/desktop/main.js
@@ -161,6 +161,16 @@ function createWindow() {
       nodeIntegration: false,
       sandbox: true,
       preload: path.join(__dirname, 'preload.js'),
+      ...(isMac
+        ? {
+            defaultFontFamily: {
+              standard: 'PingFang SC',
+              sansSerif: 'PingFang SC',
+              serif: 'Songti SC',
+              monospace: 'SF Mono',
+            },
+          }
+        : {}),
     },
   });
 
diff --git a/main.py b/main.py
index 68e03dc9a..be188140c 100644
--- a/main.py
+++ b/main.py
@@ -5,10 +5,14 @@
 import sys
 from pathlib import Path
 
-from astrbot.core import LogBroker, LogManager, db_helper, logger
-from astrbot.core.config.default import VERSION
-from astrbot.core.initial_loader import InitialLoader
-from astrbot.core.utils.astrbot_path import (
+import runtime_bootstrap
+
+runtime_bootstrap.initialize_runtime_bootstrap()
+
+from astrbot.core import LogBroker, LogManager, db_helper, logger  # noqa: E402
+from astrbot.core.config.default import VERSION  # noqa: E402
+from astrbot.core.initial_loader import InitialLoader  # noqa: E402
+from astrbot.core.utils.astrbot_path import (  # noqa: E402
     get_astrbot_config_path,
     get_astrbot_data_path,
     get_astrbot_plugin_path,
@@ -16,7 +20,10 @@
     get_astrbot_site_packages_path,
     get_astrbot_temp_path,
 )
-from astrbot.core.utils.io import download_dashboard, get_dashboard_version
+from astrbot.core.utils.io import (  # noqa: E402
+    download_dashboard,
+    get_dashboard_version,
+)
 
 # 将父目录添加到 sys.path
 sys.path.append(Path(__file__).parent.as_posix())
diff --git a/runtime_bootstrap.py b/runtime_bootstrap.py
new file mode 100644
index 000000000..1e9d109d6
--- /dev/null
+++ b/runtime_bootstrap.py
@@ -0,0 +1,50 @@
+import logging
+import ssl
+from typing import Any
+
+import aiohttp.connector as aiohttp_connector
+
+from astrbot.utils.http_ssl_common import build_ssl_context_with_certifi
+
+logger = logging.getLogger(__name__)
+
+
+def _try_patch_aiohttp_ssl_context(
+    ssl_context: ssl.SSLContext,
+    log_obj: Any | None = None,
+) -> bool:
+    log = log_obj or logger
+    attr_name = "_SSL_CONTEXT_VERIFIED"
+
+    if not hasattr(aiohttp_connector, attr_name):
+        log.warning(
+            "aiohttp connector does not expose _SSL_CONTEXT_VERIFIED; skipped patch.",
+        )
+        return False
+
+    current_value = getattr(aiohttp_connector, attr_name, None)
+    if current_value is not None and not isinstance(current_value, ssl.SSLContext):
+        log.warning(
+            "aiohttp connector exposes _SSL_CONTEXT_VERIFIED with unexpected type; skipped patch.",
+        )
+        return False
+
+    setattr(aiohttp_connector, attr_name, ssl_context)
+    log.info("Configured aiohttp verified SSL context with system+certifi trust chain.")
+    return True
+
+
+def configure_runtime_ca_bundle(log_obj: Any | None = None) -> bool:
+    log = log_obj or logger
+
+    try:
+        log.info("Bootstrapping runtime CA bundle.")
+        ssl_context = build_ssl_context_with_certifi(log_obj=log)
+        return _try_patch_aiohttp_ssl_context(ssl_context, log_obj=log)
+    except Exception as exc:
+        log.error("Failed to configure runtime CA bundle for aiohttp: %r", exc)
+        return False
+
+
+def initialize_runtime_bootstrap(log_obj: Any | None = None) -> bool:
+    return configure_runtime_ca_bundle(log_obj=log_obj)